/** * Register core and plugin notification events. */ public function registerEvents() { $active = e107::getConfig()->get('notify'); if (empty($active) && e_PAGE == 'notify.php') { e107::getMessage()->addDebug('Notify is disabled!'); return false; } $e_event = e107::getEvent(); if (varset($this->notify_prefs['event'])) { foreach ($this->notify_prefs['event'] as $id => $status) { $include = null; if ($status['class'] != e_UC_NOBODY) { if (varset($status['include'])) { $include = e_PLUGIN . $status['include'] . "/e_notify.php"; if (varset($status['legacy']) != 1) { $class = $status['include'] . "_notify"; $method = $id; $e_event->register($id, array($class, $method), $include); } else { $e_event->register($id, 'notify_' . $id, $include); } } else { if (method_exists($this, 'notify_' . $id)) { $e_event->register($id, array('notify', 'notify_' . $id)); } else { $e_event->register($id, array('notify', 'generic')); // use generic notification. } } } } } // e107::getEvent()->debug(); }
function process($source = '') { global $_E107, $pref; e107::getCache()->CachePageMD5 = '_'; e107::getCache()->set('emailLastBounce', time(), TRUE, FALSE, TRUE); $strEmail = !$source ? $this->mailRead(-1) : file_get_contents(e_HANDLER . "eml/" . $source); if (!$strEmail) { return; } $multiArray = Bouncehandler::get_the_facts($strEmail); $head = BounceHandler::parse_head($strEmail); $e107_userid = isset($head['X-e107-id']) ? intval($head['X-e107-id']) : $this->getHeader($strEmail, 'X-e107-id'); if ($_E107['debug']) { require_once e_HANDLER . "mail.php"; $message = "Your Bounce Handler is working. The data of the email you sent is displayed below.<br />"; if ($e107_userid) { $message .= "A user-id was detected in the email you sent: <b>" . $e107_userid . "</b><br />"; } $message .= "<br />"; $message .= "<pre>" . print_r($multiArray, TRUE) . "</pre>"; $message .= "<pre>" . $strEmail . "</pre>"; sendemail($pref['siteadminemail'], SITENAME . " :: Bounce-Handler.", $message, $pref['siteadmin'], $pref['siteadminemail'], $pref['siteadmin']); } if ($e107_userid && $this->setUser_Bounced($e107_userid) == TRUE) { return; } /* echo "<pre>"; print_r($multiArray); echo "</pre>"; */ foreach ($multiArray as $the) { $the['user_id'] = $head['X-e107-id']; $the['user_email'] = $the['recipient']; unset($the['recipient']); switch ($the['action']) { case 'failed': e107::getEvent()->trigger('email-bounce-failed', $the); $this->setUser_Bounced($the['user_email']); break; case 'transient': // $num_attempts = delivery_attempts($the['user_email']); e107::getEvent()->trigger('email-bounce-transient', $the); if ($num_attempts > 10) { $this->setUser_Bounced($the['user_email'], $the['user_id']); } else { // insert_into_queue($the['user_email'], ($num_attempts+1)); } break; case 'autoreply': e107::getEvent()->trigger('email-bounce-autoreply', $the); // postpone($the['user_email'], '7 days'); break; default: //don't do anything break; } } }
function install_plugin_php($id) { $function = 'install'; $sql = e107::getDb(); $mes = e107::getMessage(); $mySQLprefix = MPREFIX; // Fix for some plugin.php files. if (is_array($id)) { $plug = $id; $id = $plug['plugin_id']; } else { $plug = $this->getinfo($id); } $_path = e_PLUGIN . $plug['plugin_path'] . '/'; $plug['plug_action'] = 'install'; $this->parse_plugin_php($plug['plugin_path']); $plug_vars = $this->plug_vars; include $_path . 'plugin.php'; $func = $eplug_folder . '_install'; if (function_exists($func)) { $text .= call_user_func($func); } if (is_array($eplug_tables)) { $result = $this->manage_tables('add', $eplug_tables); if ($result === TRUE) { $text .= EPL_ADLAN_19 . '<br />'; $mes->addSuccess(EPL_ADLAN_19); } else { $mes->addError(EPL_ADLAN_18); } } /* if (is_array($eplug_prefs)) { $this->manage_prefs('add', $eplug_prefs); $text .= EPL_ADLAN_8.'<br />'; }*/ if (varset($plug_vars['mainPrefs'])) { $this->XmlPrefs('core', $function, $plug_vars['mainPrefs']); $text .= EPL_ADLAN_8 . '<br />'; } if (is_array($eplug_array_pref)) { foreach ($eplug_array_pref as $key => $val) { $this->manage_plugin_prefs('add', $key, $eplug_folder, $val); } } if (varset($plug_vars['siteLinks'])) { $this->XmlSiteLinks($function, $plug_vars); } if (varset($plug_vars['userClasses'])) { $this->XmlUserClasses($function, $plug_vars['userClasses']); } $this->manage_search('add', $eplug_folder); $this->manage_notify('add', $eplug_folder); $eplug_addons = $this->getAddons($eplug_folder); $sql->update('plugin', "plugin_installflag = 1, plugin_addons = '{$eplug_addons}' WHERE plugin_id = " . (int) $id); $p_installed = e107::getPref('plug_installed', array()); // load preference; $p_installed[$plug['plugin_path']] = $plug['plugin_version']; e107::getConfig('core')->setPref('plug_installed', $p_installed); $this->rebuildUrlConfig(); e107::getConfig('core')->save(); $text .= isset($eplug_done) ? "<br />{$eplug_done}" : "<br />" . LAN_INSTALL_SUCCESSFUL; if ($eplug_conffile) { $text .= "<br /><a class='btn btn-primary' href='" . e_PLUGIN . $eplug_folder . "/" . $eplug_conffile . "'>" . LAN_CONFIGURE . "</a>"; } // Event triggering after plugin installation. $event = e107::getEvent(); $event->trigger('admin_plugin_install', $plug); return $text; }
function submit_item($news, $smessages = false) { $tp = e107::getParser(); $sql = e107::getDb(); $admin_log = e107::getAdminLog(); $pref = e107::getPref(); $e_event = e107::getEvent(); $e107cache = e107::getCache(); $emessage = e107::getMessage(); $error = false; if (empty($news['news_title'])) { $error = true; $emessage->add('Validation error: News title can\'t be empty!', E_MESSAGE_ERROR, $smessages); if (!empty($news['news_sef'])) { $news['news_sef'] = eHelper::secureSef($news['news_sef']); } } else { // first format sef... if (empty($news['news_sef'])) { $news['news_sef'] = eHelper::title2sef($news['news_title']); } else { $news['news_sef'] = eHelper::secureSef($news['news_sef']); } } // ...then check it if (empty($news['news_sef'])) { $error = true; $emessage->add('Validation error: News SEF URL value is required field and can\'t be empty!', E_MESSAGE_ERROR, $smessages); } elseif ($sql->db_Count('news', '(news_id)', ($news['news_sef'] ? 'news_id<>' . intval($news['news_id']) . ' AND ' : '') . "news_sef='" . $tp->toDB($news['news_sef']) . "'")) { $error = true; $emessage->add('Validation error: News SEF URL is unique field - current value already in use! Please choose another SEF URL value.', E_MESSAGE_ERROR, $smessages); } if (empty($news['news_category'])) { $error = true; $emessage->add('Validation error: News category can\'t be empty!', E_MESSAGE_ERROR, $smessages); } $data = array(); //DB Array $data['data']['news_title'] = $news['news_title']; $data['_FIELD_TYPES']['news_title'] = 'todb'; $data['data']['news_sef'] = $news['news_sef']; $data['_FIELD_TYPES']['news_sef'] = 'todb'; $data['data']['news_body'] = $news['news_body']; $data['_FIELD_TYPES']['news_body'] = 'todb'; $data['data']['news_extended'] = $news['news_extended']; $data['_FIELD_TYPES']['news_extended'] = 'todb'; $data['data']['news_datestamp'] = $news['news_datestamp']; $data['_FIELD_TYPES']['news_datestamp'] = 'int'; $data['data']['news_author'] = $news['news_author'] ? $news['news_author'] : USERID; $data['_FIELD_TYPES']['news_author'] = 'int'; $data['data']['news_category'] = $news['news_category']; $data['_FIELD_TYPES']['news_category'] = 'int'; $data['data']['news_allow_comments'] = $news['news_allow_comments']; $data['_FIELD_TYPES']['news_allow_comments'] = 'int'; $data['data']['news_start'] = $news['news_start']; $data['_FIELD_TYPES']['news_start'] = 'int'; $data['data']['news_end'] = $news['news_end']; $data['_FIELD_TYPES']['news_end'] = 'int'; $data['data']['news_class'] = $news['news_class']; $data['_FIELD_TYPES']['news_class'] = 'todb'; $data['data']['news_render_type'] = $news['news_render_type']; $data['_FIELD_TYPES']['news_render_type'] = 'todb'; //news_comment_total $data['data']['news_summary'] = $news['news_summary']; $data['_FIELD_TYPES']['news_summary'] = 'todb'; $data['data']['news_thumbnail'] = $news['news_thumbnail']; $data['_FIELD_TYPES']['news_thumbnail'] = 'todb'; $data['data']['news_sticky'] = $news['news_sticky']; $data['_FIELD_TYPES']['news_sticky'] = 'int'; $data['data']['news_meta_keywords'] = eHelper::formatMetaKeys($news['news_meta_keywords']); $data['_FIELD_TYPES']['news_meta_keywords'] = 'todb'; $data['data']['news_meta_description'] = eHelper::formatMetaDescription($news['news_meta_description']); //handle bbcodes $data['_FIELD_TYPES']['news_meta_description'] = 'todb'; if ($error) { $data['error'] = true; return $data; } // Calculate short strings for admin logging - no need to clog up the log with potentially long items $logData = $data['data']; if (isset($logData['news_body'])) { $logData['news_body'] = $tp->text_truncate($tp->toDB($logData['news_body']), 300, '...'); } if (isset($logData['news_extended'])) { $logData['news_extended'] = $tp->text_truncate($tp->toDB($logData['news_extended']), 300, '...'); } //XXX - Now hooks are executed only if no mysql error is found. Should it stay so? Seems sensible to me! if ($news['news_id']) { // Updating existing item $data['WHERE'] = 'news_id=' . intval($news['news_id']); //$vals = "news_datestamp = '".intval($news['news_datestamp'])."', ".$author_insert." news_title='".$news['news_title']."', news_body='".$news['news_body']."', news_extended='".$news['news_extended']."', news_category='".intval($news['cat_id'])."', news_allow_comments='".intval($news['news_allow_comments'])."', news_start='".intval($news['news_start'])."', news_end='".intval($news['news_end'])."', news_class='".$tp->toDB($news['news_class'])."', news_render_type='".intval($news['news_rendertype'])."' , news_summary='".$news['news_summary']."', news_thumbnail='".$tp->toDB($news['news_thumbnail'])."', news_sticky='".intval($news['news_sticky'])."' WHERE news_id='".intval($news['news_id'])."' "; if ($sql->db_Update('news', $data)) { e107::getAdminLog()->logArrayAll('NEWS_09', $logData); $data['data']['news_id'] = $news['news_id']; e107::getEvent()->trigger('newsupd', $data['data']); e107::getEvent()->trigger('admin_news_updated', $data['data']); $message = LAN_UPDATED; $emessage->add(LAN_UPDATED, E_MESSAGE_SUCCESS, $smessages); e107::getCache()->clear('news.php'); //FIXME - triggerHook should return array(message, message_type) $evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } else { if ($sql->getLastErrorNumber()) { $error = true; $emessage->add(LAN_NEWS_5, E_MESSAGE_ERROR, $smessages); $message = "<strong>" . LAN_NEWS_5 . "</strong>"; } else { $data['data']['news_id'] = $news['news_id']; $emessage->add(LAN_NO_CHANGE, E_MESSAGE_INFO, $smessages); $message = "<strong>" . LAN_NO_CHANGE . "</strong>"; //FIXME - triggerHook should return array(message, message_type) $evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } } } else { // Adding item $data['data']['news_id'] = $sql->db_Insert('news', $data); $news['news_id'] = $data['data']['news_id']; //$news['news_id'] = $sql ->db_Insert('news', "0, '".$news['news_title']."', '".$news['news_body']."', '".$news['news_extended']."', ".intval($news['news_datestamp']).", ".intval($news['news_author']).", '".intval($news['cat_id'])."', '".intval($news['news_allow_comments'])."', '".intval($news['news_start'])."', '".intval($news['news_end'])."', '".$tp->toDB($news['news_class'])."', '".intval($news['news_rendertype'])."', '0' , '".$news['news_summary']."', '".$tp->toDB($news['news_thumbnail'])."', '".intval($news['news_sticky'])."' ") if ($data['data']['news_id']) { $data['news_id'] = $news['news_id']; $message = LAN_NEWS_6; $emessage->add(LAN_CREATED, E_MESSAGE_SUCCESS, $smessages); e107::getCache()->clear('news.php'); //moved down - prevent wrong mysql_insert_id e107::getAdminLog()->logArrayAll('NEWS_08', $logData); e107::getEvent()->trigger('newspost', $data['data']); e107::getEvent()->trigger('admin_news_created', $data['data']); //XXX - triggerHook after trigger? $evdata = array('method' => 'create', 'table' => 'news', 'id' => $data['data']['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add($e_event->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } else { $error = true; $message = "<strong>" . LAN_NEWS_7 . "</strong>"; $emessage->add(LAN_UPDATED, E_MESSAGE_ERROR, $smessages); } } //return $message; $data['message'] = $message; $data['error'] = $error; return $data; }
/** * XUP Signup Method (falls-back to XUP login when existing user is detected). * May be used as a simple XUP login link for existing and non-existing users. */ public function signup($redirectUrl = true, $loginAfterSuccess = true, $emailAfterSuccess = true) { if (!e107::getPref('social_login_active', false)) { throw new Exception("Signup failed! This feature is disabled.", 100); // TODO lan } if (!$this->getProvider()) { throw new Exception("Signup failed! Wrong provider.", 2); // TODO lan } if ($redirectUrl) { if (true === $redirectUrl) { $redirectUrl = SITEURL; } elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) { $redirectUrl = e107::getUrl()->create($redirectUrl); } } if (e107::getUser()->isUser()) { if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return false; // throw new Exception( "Signup failed! User already signed in. ", 1); // TODO lan } $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $profile = $this->adapter->getUserProfile(); // returned back, if success... if ($profile->identifier) { $sql = e107::getDb(); $userMethods = e107::getUserSession(); $plainPwd = $userMethods->generateRandomString('************'); // auto plain passwords // TODO - auto login name, shouldn't be used if system set to user_email login... $userdata['user_loginname'] = $this->getProvider() . $userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#')); $userdata['user_email'] = $sql->escape($profile->emailVerified ? $profile->emailVerified : $profile->email); $userdata['user_name'] = $sql->escape($profile->displayName); $userdata['user_login'] = $userdata['user_name']; $userdata['user_customtitle'] = ''; // not used $userdata['user_password'] = $userMethods->HashPassword($plainPwd, $userdata['user_loginname']); // pwd $userdata['user_sess'] = ''; // $userdata['user_image'] = $profile->photoURL; // avatar $userdata['user_signature'] = ''; // not used $userdata['user_hideemail'] = 1; // hide it by default $userdata['user_xup'] = $sql->escape($this->userId()); $pref = e107::pref('core'); if (!empty($pref['initial_user_classes'])) { $userdata['user_class'] = $pref['initial_user_classes']; } elseif (!empty($pref['user_new_period'])) { $userdata['user_class'] = e_UC_NEWUSER; } else { $userdata['user_class'] = ''; } // print_a($userdata); // user_name, user_xup, user_email and user_loginname shouldn't match $insert = !empty($userdata['user_email']) ? "OR user_email='" . $userdata['user_email'] . "' " : ""; if ($sql->count("user", "(*)", "user_xup='" . $sql->escape($this->userId()) . "' " . $insert . " OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) { // $this->login($redirectUrl); // auto-login e107::getUser()->loginProvider($this->userId()); if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return false; // throw new Exception( "Signup failed! User already exists. Please use 'login' instead.", 3); } if (empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0) == 0) { throw new Exception("Signup failed! Can't access user email - registration without an email is impossible." . print_a($userdata, true), 4); // TODO lan } // other fields $now = time(); $userdata['user_id'] = null; $userdata['user_join'] = $now; $userdata['user_lastvisit'] = 0; $userdata['user_currentvisit'] = 0; $userdata['user_comments'] = 0; $userdata['user_ip'] = e107::getIPHandler()->getIP(FALSE); $userdata['user_ban'] = USER_VALIDATED; $userdata['user_prefs'] = ''; $userdata['user_visits'] = 0; $userdata['user_admin'] = 0; $userdata['user_perms'] = ''; $userdata['user_realm'] = ''; $userdata['user_pwchange'] = $now; $user = e107::getSystemUser(0, false); $user->setData($userdata); $user->getExtendedModel(); // init //$user->setEditor(e107::getSystemUser(1, false)); $user->save(true); // user model error if ($user->hasError()) { throw new Exception($user->renderMessages(), 5); } ### Successful signup! //$user->set('provider', $this->getProvider()); $userdata = $user->getData(); $userdata['provider'] = $this->getProvider(); // e107::getEvent()->trigger('userveri', $userdata); // Trigger New verified user. e107::getEvent()->trigger('user_xup_signup', $userdata); $ret = e107::getEvent()->trigger('usersupprov', $userdata); // XXX - it's time to pass objects instead of array? if (true === $ret) { return $this; } // send email if ($emailAfterSuccess) { $user->set('user_password', $plainPwd)->email('signup'); } e107::getUser()->setProvider($this); // auto login if ($loginAfterSuccess) { e107::getUser()->loginProvider($this->userId()); // if not proper after-login, return true so user can see login screen } if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return true; } return false; }
/** * Catch delete submit * @param string $batch_trigger * @return none */ public function ListDeleteTrigger($posted) { if ($this->getPosted('etrigger_cancel')) { $this->setPosted(array()); return; // always break on cancel! } $id = intval(key($posted)); if ($this->deleteConfirmScreen && !$this->getPosted('etrigger_delete_confirm')) { // forward data to delete confirm screen $this->setPosted('delete_confirm_value', $id); return; // User confirmation expected } $this->setTriggersEnabled(false); $data = array(); $model = $this->getTreeModel()->getNode($id); //FIXME - this has issues with being on a page other than the 1st. if ($model) { $data = $model->getData(); if ($this->beforeDelete($data, $id)) { $eventData = array('oldData' => $data, 'id' => $id); if ($triggerName = $this->getEventTriggerName('delete')) { if (E107_DBG_ALLERRORS > 0) { $this->getTreeModel()->addMessageDebug('Admin-ui Trigger fired: <b>' . $triggerName . '</b> with data ' . print_a($eventData, true)); } if ($halt = e107::getEvent()->trigger($triggerName, $eventData)) { $this->getTreeModel()->setMessages(); return; } } $check = $this->getTreeModel()->delete($id); if ($this->afterDelete($data, $id, $check)) { if ($triggerName = $this->getEventTriggerName('deleted')) { if (E107_DBG_ALLERRORS > 0) { $this->getTreeModel()->addMessageDebug('Admin-ui Trigger fired: <b>' . $triggerName . '</b>'); //FIXME - Why doesn't this display? } e107::getEvent()->trigger($triggerName, $eventData); } $this->getTreeModel()->setMessages(); } } else { $this->getTreeModel()->setMessages(); // errors } } else { //echo "Couldn't get Node for ID: ".$id; // exit; e107::getMessage()->addDebug('Model Failure Fallback in use!! ID: ' . $id . ' file: ' . __FILE__ . " line: " . __LINE__, 'default', true); $check = $this->getTreeModel()->delete($id); return; } }
/** * Render Table cells from hooks. * @param array $data * @return string */ function renderHooks($data) { $hooks = e107::getEvent()->triggerHook($data); $text = ""; if (!empty($hooks)) { foreach ($hooks as $plugin => $hk) { $text .= "\n\n<!-- Hook : {$plugin} -->\n"; if (!empty($hk)) { foreach ($hk as $hook) { $text .= "\t\t\t<tr>\n"; $text .= "\t\t\t<td>" . $hook['caption'] . "</td>\n"; $text .= "\t\t\t<td>" . $hook['html'] . ""; $text .= varset($hook['help']) ? "\n<span class='field-help'>" . $hook['help'] . "</span>" : ""; $text .= "</td>\n\t\t\t</tr>\n"; } } } } return $text; }
/** * Deletes cache files. If $query is set, deletes files named {$CacheTag}*.cache.php, if not it deletes all cache files - (*.cache.php) * * @param string $CacheTag * @param boolean $syscache * @param boolean $related clear also 'nq_' and 'nomd5_' entries * @return bool * */ public function clear($CacheTag = '', $syscache = false, $related = false) { $file = $CacheTag ? preg_replace("#\\W#", "_", $CacheTag) . "*.cache.php" : "*.cache.php"; e107::getEvent()->triggerAdminEvent('cache_clear', "cachetag={$CacheTag}&file={$file}&syscache={$syscache}"); $ret = self::delete(e_CACHE_CONTENT, $file, $syscache); if ($CacheTag && $related) { self::delete(e_CACHE_CONTENT, 'nq_' . $file, $syscache); self::delete(e_CACHE_CONTENT, 'nomd5_' . $file, $syscache); //ecache::delete(e_CACHE_CONTENT, 'nq_'.$file, $syscache); //ecache::delete(e_CACHE_CONTENT, 'nomd5_'.$file, $syscache); } return $ret; }
function submit_download() { global $e107, $tp, $sql, $DOWNLOADS_DIRECTORY, $e_event; $action = $this->action; $subAction = $this->subAction; $id = $this->id; $sql = e107::getDb(); $tp = e107::getParser(); $fl = e107::getFile(); $mes = e107::getMessage(); $dlInfo = array(); $dlMirrors = array(); if ($subAction == 'edit') { if ($_POST['download_url_external'] == '') { $_POST['download_filesize_external'] = FALSE; } } if (!empty($_POST['download_url_external']) && empty($_POST['download_url']) && !empty($_POST['download_filesize_unit'])) { $dlInfo['download_url'] = $tp->toDB($_POST['download_url_external']); // $filesize = intval($_POST['download_filesize_external']); $filesize = $this->calc_filesize($_POST['download_filesize_external'], $_POST['download_filesize_unit']); } else { $dlInfo['download_url'] = $tp->toDB($_POST['download_url']); if ($_POST['download_filesize_external']) { $filesize = intval($_POST['download_filesize_external']); } else { if (strpos($DOWNLOADS_DIRECTORY, "/") === 0 || strpos($DOWNLOADS_DIRECTORY, ":") >= 1) { $filesize = filesize($DOWNLOADS_DIRECTORY . $dlInfo['download_url']); } elseif ($dlInfo['download_url'][0] == '{') { $filesize = filesize($tp->replaceConstants($dlInfo['download_url'])); } else { $filesize = filesize(e_BASE . $DOWNLOADS_DIRECTORY . $dlInfo['download_url']); } } } if (!$filesize) { if ($sql->select("upload", "upload_filesize", "upload_file='{$dlInfo['download_url']}'")) { $row = $sql->fetch(); $filesize = $row['upload_filesize']; } } $dlInfo['download_filesize'] = $filesize; // ---- Move Images and Files ------------ if ($_POST['move_image']) { if ($_POST['download_thumb']) { $oldname = e_UPLOAD . $_POST['download_thumb']; $newname = e_FILE . "downloadthumbs/" . $_POST['download_thumb']; if (!$this->move_file($oldname, $newname)) { return; } } if ($_POST['download_image']) { $oldname = e_UPLOAD . $_POST['download_image']; $newname = e_FILE . "downloadimages/" . $_POST['download_image']; if (!$this->move_file($oldname, $newname)) { return; } } } if ($_POST['move_file'] && $_POST['download_url']) { $oldname = e_UPLOAD . $_POST['download_url']; $newname = $_POST['move_file'] . $_POST['download_url']; if (!$this->move_file($oldname, $newname)) { return; } $dlInfo['download_url'] = str_replace(e_DOWNLOAD, "", $newname); } // ------------------------------------------ $dlInfo['download_description'] = $tp->toDB($_POST['download_description']); $dlInfo['download_name'] = $tp->toDB($_POST['download_name']); $dlInfo['download_sef'] = vartrue($_POST['download_sef']) ? eHelper::secureSef($_POST['download_sef']) : eHelper::title2sef($_POST['download_name']); $dlInfo['download_keywords'] = $tp->toDB($_POST['download_keywords']); $dlInfo['download_author'] = $tp->toDB($_POST['download_author']); $dlInfo['download_author_email'] = $tp->toDB($_POST['download_author_email']); $dlInfo['download_author_website'] = $tp->toDB($_POST['download_author_website']); $dlInfo['download_category'] = intval($_POST['download_category']); $dlInfo['download_active'] = intval($_POST['download_active']); $dlInfo['download_thumb'] = $tp->toDB($_POST['download_thumb']); $dlInfo['download_image'] = $tp->toDB($_POST['download_image']); $dlInfo['download_comment'] = $tp->toDB($_POST['download_comment']); $dlInfo['download_class'] = $tp->toDB($_POST['download_class']); $dlInfo['download_visible'] = $tp->toDB($_POST['download_visible']); $dlInfo['download_datestamp'] = e107::getDate()->convert($_POST['download_datestamp'], 'inputdate'); if ($_POST['update_datestamp']) { $dlInfo['download_datestamp'] = time(); } $mirrorStr = ""; $mirrorFlag = FALSE; // See if any mirrors defined // Need to check all the possible mirror names - might have deleted the first one if we're in edit mode if (count($_POST['download_mirror_name'])) { foreach ($_POST['download_mirror_name'] as $mn) { if ($mn) { $mirrorFlag = TRUE; break; } } } if ($mirrorFlag) { $mirrors = count($_POST['download_mirror_name']); $mirrorArray = array(); $newMirrorArray = array(); if ($id && $sql->select('download', 'download_mirror', 'download_id = ' . $id)) { if ($row = $sql->fetch()) { $mirrorArray = $this->makeMirrorArray($row['download_mirror'], TRUE); } } for ($a = 0; $a < $mirrors; $a++) { $mid = trim($_POST['download_mirror_name'][$a]); $murl = trim($_POST['download_mirror'][$a]); $msize = trim($_POST['download_mirror_size'][$a]); if ($mid && $murl) { $newMirrorArray[$mid] = array('id' => $mid, 'url' => $murl, 'requests' => 0, 'filesize' => $msize); if (DOWNLOAD_DEBUG && !$id) { $newMirrorArray[$mid]['requests'] = intval($_POST['download_mirror_requests'][$a]); } } } // Now copy across any existing usage figures foreach ($newMirrorArray as $k => $m) { if (isset($mirrorArray[$k])) { $newMirrorArray[$k]['requests'] = $mirrorArray[$k]['requests']; } } $mirrorStr = $this->compressMirrorArray($newMirrorArray); } $dlMirrors['download_mirror'] = $mirrorStr; $dlMirrors['download_mirror_type'] = intval($_POST['download_mirror_type']); if ($id) { // Process triggers before calling admin_update so trigger messages can be shown $data = array('method' => 'update', 'table' => 'download', 'id' => $id, 'plugin' => 'download', 'function' => 'update_download'); $hooks = $e107->e_event->triggerHook($data); $mes->add($hooks, E_MESSAGE_SUCCESS); $updateArray = array_merge($dlInfo, $dlMirrors); $updateArray['WHERE'] = 'download_id=' . intval($id); $mes->addAuto($sql->db_Update('download', $updateArray), 'update', DOWLAN_2 . " (<a href='" . e_PLUGIN . "download/download.php?view." . $id . "'>" . $_POST['download_name'] . "</a>)"); $dlInfo['download_id'] = $id; $this->downloadLog('DOWNL_06', $dlInfo, $dlMirrors); $dlInfo['download_datestamp'] = $time; // This is what 0.7 did, regardless of settings unset($dlInfo['download_class']); // Also replicating 0.7 $e_event->trigger('dlupdate', $dlInfo); // @deprecated e107::getEvent()->trigger('admin_download_update', $dlInfo); } else { if ($download_id = $sql->insert('download', array_merge($dlInfo, $dlMirrors))) { // Process triggers before calling admin_update so trigger messages can be shown $data = array('method' => 'create', 'table' => 'download', 'id' => $download_id, 'plugin' => 'download', 'function' => 'create_download'); $hooks = $e107->e_event->triggerHook($data); $mes->add($hooks, E_MESSAGE_SUCCESS); $mes->addAuto($download_id, 'insert', DOWLAN_1 . " (<a href='" . e_PLUGIN . "download/download.php?view." . $download_id . "'>" . $_POST['download_name'] . "</a>)"); $dlInfo['download_id'] = $download_id; $this->downloadLog('DOWNL_05', $dlInfo, $dlMirrors); $dlInfo['download_datestamp'] = $time; // This is what 0.7 did, regardless of settings unset($dlInfo['download_class']); // Also replicating 0.7 $e_event->trigger("dlpost", $dlInfo); // @deprecated e107::getEvent()->trigger('admin_download_create', $dlInfo); if ($_POST['remove_upload']) { $sql->db_Update("upload", "upload_active='1' WHERE upload_id='" . $_POST['remove_id'] . "'"); $mess = "<br/>" . $_POST['download_name'] . " " . DOWLAN_104; $mess .= "<br/><br/><a href='" . e_ADMIN . "upload.php'>" . DOWLAN_105 . "</a>"; $this->show_message($mess); } } } }
/** * Add a comment to an item * e-token POST value should be always valid when using this method. * * @param string|array $data - $author_name or array of all values. * @param unknown_type $comment * @param unknown_type $table * @param integer $id - reference of item in source table to which comment is linked * @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t * @param unknown_type $subject * @param unknown_type $rateindex */ function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE) { //rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect()) if ($this->engine != 'e107') { return; } if (is_array($data)) { $table = $data['comment_type']; $id = intval($data['comment_item_id']); $pid = intval($data['comment_pid']); $subject = $data['comment_subject']; $comment = $data['comment_comment']; $author_name = $data['comment_author_name']; $comment_share = intval($data['comment_share']); $comment_datestamp = $data['comment_datestamp']; } else { $author_name = $data; //BC Fix. } global $e107, $rater; $sql = e107::getDb(); $sql2 = e107::getDb('sql2'); $tp = e107::getParser(); $pref = e107::getPref(); if ($this->getCommentPermissions() != 'rw') { return; } if ($user_func = e107::getOverride()->check($this, 'enter_comment')) { return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex)); } if (!isset($_POST['e-token'])) { $_POST['e-token'] = ''; } // check posted token if (!e107::getSession()->check(false)) { return false; } // This will return false on error if (isset($_GET['comment']) && $_GET['comment'] == 'edit') { $eaction = 'edit'; $editpid = $_GET['comment_id']; } elseif (strstr(e_QUERY, "edit")) { $eaction = "edit"; $tmp = explode(".", e_QUERY); $count = 0; foreach ($tmp as $t) { if ($t == "edit") { $editpid = $tmp[$count + 1]; break; } $count++; } } $type = $this->getCommentType($table); $comment = $tp->toDB($comment); $subject = $tp->toDB($subject); $cuser_id = 0; $cuser_name = 'Anonymous'; // Preset as an anonymous comment if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) { if ($_POST['comment']) { if (USER == TRUE) { $cuser_id = USERID; $cuser_name = USERNAME; $cuser_mail = USEREMAIL; } elseif ($_POST['author_name'] != '') { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) { //list($cuser_id, $cuser_name) = $sql2->db_Fetch(); $tmp = $sql2->fetch(); $cuser_id = $tmp['user_id']; $cuser_name = $tmp['user_name']; $cuser_mail = $tmp['user_email']; } else { define("emessage", COMLAN_310); } } else { $cuser_name = $tp->toDB($author_name); } } if (!defined("emessage")) { $ip = $e107->getip(); // Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form $_t = time(); if ($editpid) { $comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]"; $sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' "); e107::getCache()->clear("comment"); return; } //FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize) $edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share); //SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check $edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t)); if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) { return false; //3rd party code interception } //allow 3rd party code to modify insert data if (is_array($edata_li_hook)) { foreach (array_keys($edata_li) as $k) { if (isset($edata_li_hook[$k])) { $edata_li[$k] = $edata_li_hook[$k]; //sanitize? continue; } if ($k === 'break') { $break = $edata_li_hook[$k]; } } } unset($edata_li_hook); if (!($inserted_id = $sql->insert("comments", $edata_li))) { //echo "<b>".COMLAN_323."</b> ".COMLAN_11; if (e_AJAX_REQUEST) { return "Error"; } e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR); } else { if (USER == true) { $sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' "); } // Next item for backward compatibility $edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name; $edata_li["comment_time"] = $_t; $edata_li["comment_id"] = $inserted_id; //Why? /*unset($edata_li['comment_pid']); unset($edata_li['comment_author_email']); unset($edata_li['comment_ip']);*/ e107::getEvent()->trigger("postcomment", $edata_li); e107::getCache()->clear("comment"); if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) { $sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id)); } //if rateindex is posted, enter the rating from this user // if ($rateindex) // { // $rater->enterrating($rateindex); // } return $inserted_id; // return the ID number so it can be used. true; } } } } else { define("emessage", COMLAN_312); } if (defined("emessage")) { if (e_AJAX_REQUEST) { return emessage; } message_handler("ALERT", emessage); } return false; }
/** * called to log the reason for a failed login. * @param string $plugname * @return boolean Currently always returns false - could return some other value */ protected function invalidLogin($username, $reason, $extra_text = '') { global $pref, $sql; $doCheck = FALSE; // Flag set if need to ban check switch ($reason) { case LOGIN_ABORT: // alt_auth reject $message = LAN_LOGIN_21; $this->genNote($this->userIP, $username, 'Alt_auth: ' . LAN_LOGIN_14); $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: ' . $username); $doCheck = true; break; case LOGIN_DB_ERROR: // alt_auth couldn't add valid user $message = LAN_LOGIN_31; $this->genNote($username, 'Alt_auth: ' . LAN_LOGIN_30); // $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: '.$username); // Added in alt_auth login $doCheck = true; break; case LOGIN_BAD_PW: $message = LAN_LOGIN_21; $this->logNote('LAN_ROLL_LOG_03', $username); break; case LOGIN_CHAP_FAIL: $message = LAN_LOGIN_21; $this->logNote('LAN_ROLL_LOG_03', 'CHAP: ' . $username); break; case LOGIN_BAD_USER: $message = LAN_LOGIN_21; $this->genNote($username, LAN_LOGIN_14); $this->logNote('LAN_ROLL_LOG_04', $username); $doCheck = true; break; case LOGIN_BAD_USERNAME: $message = LAN_LOGIN_21; $this->logNote('LAN_ROLL_LOG_08', $username); break; case LOGIN_MULTIPLE: $message = LAN_LOGIN_24; $this->logNote('LAN_ROLL_LOG_07', "U: {$username} IP: {$this->userIP}"); $this->genNote($username, LAN_LOGIN_16); $doCheck = true; break; case LOGIN_BAD_CODE: $message = LAN_LOGIN_23; $this->logNote('LAN_ROLL_LOG_02', $username); break; case LOGIN_NOT_ACTIVATED: $srch = array("[", "]"); $repl = array("<a href='" . e_HTTP . "signup.php?resend'>", "</a>"); $message = str_replace($srch, $repl, LAN_LOGIN_22); $this->logNote('LAN_ROLL_LOG_05', $username); $this->genNote($username, LAN_LOGIN_27); $doCheck = true; break; case LOGIN_BLANK_FIELD: $message = LAN_LOGIN_20; $this->logNote('LAN_ROLL_LOG_01', $username); break; case LOGIN_BAD_TRIGGER: $message = $extra_text; $this->logNote('LAN_ROLL_LOG_06', $username); break; case LOGIN_BANNED: $message = LAN_LOGIN_21; // Just give 'incorrect login' message $this->genNote($username, LAN_LOGIN_25); $this->logNote('LAN_ROLL_LOG_09', $username); break; default: // Something's gone wrong! $message = LAN_LOGIN_21; // Just give 'incorrect login' message $this->genNote($username, LAN_LOGIN_26); $this->logNote('LAN_ROLL_LOG_10', $username); } e107::getMessage()->addError($message); if ($this->testMode === true) { return $message; } define('LOGINMESSAGE', $message); if ($doCheck) { if ($pref['autoban'] == 1 || $pref['autoban'] == 3) { $fails = $sql->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' "); $failLimit = vartrue($pref['failed_login_limit'], 10); if ($fails >= $failLimit) { $time = time(); $description = e107::getParser()->lanVars(LAN_LOGIN_18, $failLimit); e107::getIPHandler()->add_ban(4, $description, $this->userIP, 1); e107::getDb()->insert("generic", "0, 'auto_banned', '" . $time . "', 0, '{$this->userIP}', '{$extra_text}', '" . LAN_LOGIN_20 . ": " . e107::getParser()->toDB($username) . ", " . LAN_LOGIN_17 . ": " . md5($ouserpass) . "' "); e107::getEvent()->trigger('user_ban_failed_login', array('time' => $time, 'ip' => $this->userIP, 'other' => $extra_text)); } } } return false; // Passed back to signal failed login }
/** * Quick Add user submit trigger */ public function AddSubmitTrigger() { $e107cache = e107::getCache(); $userMethods = e107::getUserSession(); $mes = e107::getMessage(); $sql = e107::getDb(); $e_event = e107::getEvent(); $admin_log = e107::getAdminLog(); if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } $_POST['password2'] = $_POST['password1'] = $_POST['password']; // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true); // Fix Display and user name if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['data']['user_name'] = $allData['data']['user_loginname']; $mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237)); //$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } // Do basic validation validatorClass::checkMandatory('user_name, user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; // Delete the password value in the output array unset($allData['data']['user_password']); } // Restrict the scope of this unset($_POST['password2'], $_POST['password1']); if (count($allData['errors'])) { $temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); $mes->addError($temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data =& $allData['data']; if ($error) { $this->setParam('user_data', $user_data); return; } if (varset($_POST['perms'])) { $allData['data']['user_admin'] = 1; $allData['data']['user_perms'] = implode('.', $_POST['perms']); } $user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']); $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']); $user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); unset($user_prefs); } $userMethods->userClassUpdate($allData['data'], 'userall'); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); $userid = $sql->insert('user', $allData); if ($userid) { $sysuser = e107::getSystemUser(false, false); $sysuser->setData($allData['data']); $sysuser->setId($userid); $user_data['user_id'] = $userid; // Add to admin log e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE); // Add to user audit trail e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']); e107::getEvent()->trigger('userfull', $user_data); e107::getEvent()->trigger('admin_user_created', $user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset($_POST['sendconfemail'])) { $check = false; // Send confirmation email to user switch ((int) $_POST['sendconfemail']) { case 0: // activate, don't notify $check = -1; break; case 1: // activate and send password $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238)); break; case 2: // require activation and send password and activation link $sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save(); $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess'))); break; } if ($check && $check !== -1) { $mes->addSuccess(USRLAN_188); } elseif (!$check) { $mes->addError(USRLAN_189); } } // $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174); $message = USRLAN_172; $mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>'); $mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>'); return; } else { $mes->addError(LAN_CREATED_FAILED); $mes->addError($sql->getLastErrorText()); } }
function config() { //global $ns, $rs, $frm, $emessage; $ns = e107::getRender(); $frm = e107::getForm(); $mes = e107::getMessage(); $events = e107::getEvent()->coreList(); $tab = array(); foreach ($events as $k => $cat) { $text = " <table class='table adminform'>\n \t<colgroup>\n \t\t<col class='col-label' />\n \t\t<col class='col-control' />\n \t</colgroup>"; foreach ($cat as $c => $ev) { $text .= $this->render_event($c, $ev); } $text .= "</table>"; $caption = str_replace("_menu", "", ucfirst($k)) . " " . LAN_NOTIFY_01; $tab[] = array('caption' => $caption, 'text' => $text); } if (!empty($this->notify_prefs['plugins'])) { foreach ($this->notify_prefs['plugins'] as $plugin_id => $plugin_settings) { if (is_readable(e_PLUGIN . $plugin_id . '/e_notify.php')) { $config_category = $this->pluginConfig[$plugin_id]['category']; $legacy = $this->pluginConfig[$plugin_id]['legacy']; $text = "<table class='table adminform'>\n\t\t\t \t<colgroup>\n\t\t\t \t\t<col class='col-label' />\n\t\t\t \t\t<col class='col-control' />\n\t\t\t \t</colgroup>"; foreach ($this->pluginConfig[$plugin_id]['events'] as $event_id => $event_text) { $text .= $this->render_event($event_id, $event_text, $plugin_id, $legacy); } $text .= "</table>\n"; $tab[] = array('caption' => $config_category, 'text' => $text); } } } $text2 = $frm->open('scanform', 'post', e_REQUEST_URL); // <form action='".e_SELF."?results' method='post' id='scanform'> $text2 .= $frm->tabs($tab); $text2 .= "<div class='buttons-bar center'>" . $frm->admin_button('update', LAN_UPDATE, 'update') . "</div>"; $text2 .= $frm->close(); $ns->tablerender(NT_LAN_1, $mes->render() . $text2); return; // <div>".NT_LAN_2.":</div> /* $text = " <form action='".e_SELF."?results' method='post' id='scanform'> <ul class='nav nav-tabs'> <li class='active'><a href='#core' data-toggle='tab'>Users</a></li> <li><a href='#news' data-toggle='tab'>News</a></li> <li><a href='#mail' data-toggle='tab'>Mail</a></li> <li><a href='#files' data-toggle='tab'>Files</a></li>"; if(!empty($this->notify_prefs['plugins'])) { foreach ($this -> notify_prefs['plugins'] as $id => $var) { $text .= "<li><a href='#notify-".$id."' data-toggle='tab'>".ucfirst($id)."</a></li>"; } } $text .= " </ul> <div class='tab-content'> <div class='tab-pane active' id='core'> <fieldset id='core-notify-config'> <legend>".NU_LAN_1."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup> "; $text .= $this -> render_event('usersup', NU_LAN_2); $text .= $this -> render_event('userveri', NU_LAN_3); $text .= $this -> render_event('login', NU_LAN_4); $text .= $this -> render_event('logout', NU_LAN_5); $text .= $this -> render_event('user_xup_', NU_LAN_5); $text .= "</table></fieldset> <fieldset id='core-notify-2'> <legend>".NS_LAN_1."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup>"; $text .= $this -> render_event('flood', NS_LAN_2); $text .= "</table></fieldset> </div> <div class='tab-pane' id='news'> <fieldset id='core-notify-3'> <legend>".NN_LAN_1."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup>"; $text .= $this -> render_event('subnews', NN_LAN_2); $text .= $this -> render_event('newspost', NN_LAN_3); $text .= $this -> render_event('newsupd', NN_LAN_4); $text .= $this -> render_event('newsdel', NN_LAN_5); $text .= "</table></fieldset> </div> <div class='tab-pane' id='mail'> <fieldset id='core-notify-4'> <legend>".NM_LAN_1."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup>"; $text .= $this -> render_event('maildone', NM_LAN_2); $text .= "</table></fieldset> </div> <div class='tab-pane' id='files'> <fieldset id='core-notify-5'> <legend>".NF_LAN_1."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup>"; $text .= $this -> render_event('fileupload', NF_LAN_2); $text .= "</table> </fieldset> </div>"; if(!empty($this->notify_prefs['plugins'])) { foreach ($this->notify_prefs['plugins'] as $plugin_id => $plugin_settings) { if(is_readable(e_PLUGIN.$plugin_id.'/e_notify.php')) { $config_category = $this->pluginConfig[$plugin_id]['category']; $legacy = $this->pluginConfig[$plugin_id]['legacy']; // require(e_PLUGIN.$plugin_id.'/e_notify.php'); $text .= "<div class='tab-pane' id='notify-".$plugin_id."'> <fieldset id='core-notify-".str_replace(" ","_",$config_category)."'> <legend>".$config_category."</legend> <table class='table adminform'> <colgroup> <col class='col-label' /> <col class='col-control' /> </colgroup>"; ; foreach ($this->pluginConfig[$plugin_id]['events'] as $event_id => $event_text) { $text .= $this->render_event($event_id, $event_text, $plugin_id, $legacy); } $text .= "</table> </div>"; } } } $text .= " <div class='buttons-bar center'>"; $text .= $frm->admin_button('update', LAN_UPDATE,'update'); $text .= " </div> </fieldset> </form> "; $ns -> tablerender(NT_LAN_1, $mes->render() . $text); */ }
public function __get($name) { switch ($name) { case 'tp': $ret = e107::getParser(); break; case 'sql': $ret = e107::getDb(); break; case 'ecache': $ret = e107::getCache(); break; case 'arrayStorage': $ret = e107::getArrayStorage(); break; case 'e_event': $ret = e107::getEvent(); break; case 'ns': $ret = e107::getRender(); break; case 'url': $ret = e107::getUrl(); break; case 'admin_log': $ret = e107::getAdminLog(); break; case 'override': $ret = e107::getSingleton('override', e_HANDLER . 'override_class.php'); break; case 'notify': $ret = e107::getNotify(); break; case 'e_online': $ret = e107::getOnline(); break; case 'eIPHandler': $ret = e107::getIPHandler(); break; case 'user_class': $ret = e107::getUserClass(); break; default: trigger_error('$e107->$' . $name . ' not defined', E_USER_WARNING); return null; break; } $this->{$name} = $ret; return $ret; }
function submit_item($news, $smessages = false) { $tp = e107::getParser(); $sql = e107::getDb(); $admin_log = e107::getAdminLog(); $pref = e107::getPref(); $e_event = e107::getEvent(); $e107cache = e107::getCache(); $emessage = e107::getMessage(); $error = false; if (empty($news['news_title'])) { $error = true; $emessage->add('Validation error: News title can\'t be empty!', E_MESSAGE_ERROR, $smessages); if (!empty($news['news_sef'])) { $news['news_sef'] = eHelper::secureSef($news['news_sef']); } } else { // first format sef... if (empty($news['news_sef'])) { $news['news_sef'] = eHelper::title2sef($news['news_title']); } else { $news['news_sef'] = eHelper::secureSef($news['news_sef']); } } // ...then check it if (empty($news['news_sef'])) { $error = true; $emessage->add('Validation error: News SEF URL value is required field and can\'t be empty!', E_MESSAGE_ERROR, $smessages); } elseif ($sql->db_Count('news', '(news_id)', ($news['news_sef'] ? 'news_id<>' . intval($news['news_id']) . ' AND ' : '') . "news_sef='" . $tp->toDB($news['news_sef']) . "'")) { $error = true; $emessage->add('Validation error: News SEF URL is unique field - current value already in use! Please choose another SEF URL value.', E_MESSAGE_ERROR, $smessages); } if (empty($news['news_category'])) { $error = true; $emessage->add('Validation error: News category can\'t be empty!', E_MESSAGE_ERROR, $smessages); } $data = array(); //DB Array $data['data']['news_title'] = $news['news_title']; $data['_FIELD_TYPES']['news_title'] = 'todb'; $data['data']['news_sef'] = $news['news_sef']; $data['_FIELD_TYPES']['news_sef'] = 'todb'; $data['data']['news_body'] = $news['news_body']; $data['_FIELD_TYPES']['news_body'] = 'todb'; $data['data']['news_extended'] = $news['news_extended']; $data['_FIELD_TYPES']['news_extended'] = 'todb'; $data['data']['news_datestamp'] = $news['news_datestamp']; $data['_FIELD_TYPES']['news_datestamp'] = 'int'; $data['data']['news_author'] = $news['news_author'] ? $news['news_author'] : USERID; $data['_FIELD_TYPES']['news_author'] = 'int'; $data['data']['news_category'] = $news['news_category']; $data['_FIELD_TYPES']['news_category'] = 'int'; $data['data']['news_allow_comments'] = $news['news_allow_comments']; $data['_FIELD_TYPES']['news_allow_comments'] = 'int'; $data['data']['news_start'] = $news['news_start']; $data['_FIELD_TYPES']['news_start'] = 'int'; $data['data']['news_end'] = $news['news_end']; $data['_FIELD_TYPES']['news_end'] = 'int'; $data['data']['news_class'] = $news['news_class']; $data['_FIELD_TYPES']['news_class'] = 'todb'; $data['data']['news_render_type'] = $news['news_render_type']; $data['_FIELD_TYPES']['news_render_type'] = 'todb'; //news_comment_total $data['data']['news_summary'] = $news['news_summary']; $data['_FIELD_TYPES']['news_summary'] = 'todb'; $data['data']['news_thumbnail'] = $news['news_thumbnail']; $data['_FIELD_TYPES']['news_thumbnail'] = 'todb'; $data['data']['news_sticky'] = $news['news_sticky']; $data['_FIELD_TYPES']['news_sticky'] = 'int'; $data['data']['news_meta_keywords'] = eHelper::formatMetaKeys($news['news_meta_keywords']); $data['_FIELD_TYPES']['news_meta_keywords'] = 'todb'; $data['data']['news_meta_description'] = eHelper::formatMetaDescription($news['news_meta_description']); //handle bbcodes $data['_FIELD_TYPES']['news_meta_description'] = 'todb'; if ($error) { $data['error'] = true; return $data; } // Calculate short strings for admin logging - no need to clog up the log with potentially long items $logData = $data['data']; if (isset($logData['news_body'])) { $logData['news_body'] = $tp->text_truncate($tp->toDB($logData['news_body']), 300, '...'); } if (isset($logData['news_extended'])) { $logData['news_extended'] = $tp->text_truncate($tp->toDB($logData['news_extended']), 300, '...'); } //XXX - Now hooks are executed only if no mysql error is found. Should it stay so? Seems sensible to me! if ($news['news_id']) { // Updating existing item $data['WHERE'] = 'news_id=' . intval($news['news_id']); //$vals = "news_datestamp = '".intval($news['news_datestamp'])."', ".$author_insert." news_title='".$news['news_title']."', news_body='".$news['news_body']."', news_extended='".$news['news_extended']."', news_category='".intval($news['cat_id'])."', news_allow_comments='".intval($news['news_allow_comments'])."', news_start='".intval($news['news_start'])."', news_end='".intval($news['news_end'])."', news_class='".$tp->toDB($news['news_class'])."', news_render_type='".intval($news['news_rendertype'])."' , news_summary='".$news['news_summary']."', news_thumbnail='".$tp->toDB($news['news_thumbnail'])."', news_sticky='".intval($news['news_sticky'])."' WHERE news_id='".intval($news['news_id'])."' "; if ($sql->db_Update('news', $data)) { e107::getAdminLog()->logArrayAll('NEWS_09', $logData); $data['data']['news_id'] = $news['news_id']; e107::getEvent()->trigger('newsupd', $data['data']); $message = LAN_NEWS_21; $emessage->add(LAN_NEWS_21, E_MESSAGE_SUCCESS, $smessages); e107::getCache()->clear('news.php'); //FIXME - triggerHook should return array(message, message_type) $evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } else { if ($sql->getLastErrorNumber()) { $error = true; $emessage->add(LAN_NEWS_5, E_MESSAGE_ERROR, $smessages); $message = "<strong>" . LAN_NEWS_5 . "</strong>"; } else { $data['data']['news_id'] = $news['news_id']; $emessage->add(LAN_NEWS_46, E_MESSAGE_INFO, $smessages); $message = "<strong>" . LAN_NEWS_46 . "</strong>"; //FIXME - triggerHook should return array(message, message_type) $evdata = array('method' => 'update', 'table' => 'news', 'id' => $news['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add(e107::getEvent()->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } } } else { // Adding item $data['data']['news_id'] = $sql->db_Insert('news', $data); $news['news_id'] = $data['data']['news_id']; //$news['news_id'] = $sql ->db_Insert('news', "0, '".$news['news_title']."', '".$news['news_body']."', '".$news['news_extended']."', ".intval($news['news_datestamp']).", ".intval($news['news_author']).", '".intval($news['cat_id'])."', '".intval($news['news_allow_comments'])."', '".intval($news['news_start'])."', '".intval($news['news_end'])."', '".$tp->toDB($news['news_class'])."', '".intval($news['news_rendertype'])."', '0' , '".$news['news_summary']."', '".$tp->toDB($news['news_thumbnail'])."', '".intval($news['news_sticky'])."' ") if ($data['data']['news_id']) { $data['news_id'] = $news['news_id']; $message = LAN_NEWS_6; $emessage->add(LAN_NEWS_6, E_MESSAGE_SUCCESS, $smessages); e107::getCache()->clear('news.php'); //moved down - prevent wrong mysql_insert_id e107::getAdminLog()->logArrayAll('NEWS_08', $logData); e107::getEvent()->trigger('newspost', $data['data']); //XXX - triggerHook after trigger? $evdata = array('method' => 'create', 'table' => 'news', 'id' => $data['data']['news_id'], 'plugin' => 'news', 'function' => 'submit_item'); $emessage->add($e_event->triggerHook($evdata), E_MESSAGE_INFO, $smessages); } else { $error = true; $message = "<strong>" . LAN_NEWS_7 . "</strong>"; $emessage->add(LAN_NEWS_7, E_MESSAGE_ERROR, $smessages); } } /* FIXME - trackback should be hooked! */ if ($news['news_id'] && $pref['trackbackEnabled']) { $excerpt = e107::getParser()->text_truncate(strip_tags(e107::getParser()->post_toHTML($news['news_body'])), 100, '...'); // $id=mysql_insert_id(); $permLink = $e107->base_path . "comment.php?comment.news." . intval($news['news_id']); require_once e_PLUGIN . "trackback/trackbackClass.php"; $trackback = new trackbackClass(); if ($_POST['trackback_urls']) { $urlArray = explode("\n", $_POST['trackback_urls']); foreach ($urlArray as $pingurl) { if (!($terror = $trackback->sendTrackback($permLink, $pingurl, $news['news_title'], $excerpt))) { $message .= "<br />successfully pinged {$pingurl}."; $emessage->add("Successfully pinged {$pingurl}.", E_MESSAGE_SUCCESS, $smessages); } else { $message .= "<br />was unable to ping {$pingurl}<br />[ Error message returned was : '{$terror}'. ]"; $emessage->add("was unable to ping {$pingurl}<br />[ Error message returned was : '{$terror}'. ]", E_MESSAGE_ERROR, $smessages); } } } if (isset($_POST['pingback_urls'])) { if ($urlArray = $trackback->getPingUrls($news['news_body'])) { foreach ($urlArray as $pingurl) { if ($trackback->sendTrackback($permLink, $pingurl, $news['news_title'], $excerpt)) { $message .= "<br />successfully pinged {$pingurl}."; $emessage->add("Successfully pinged {$pingurl}.", E_MESSAGE_SUCCESS, $smessages); } else { $message .= "Pingback to {$pingurl} failed ..."; $emessage->add("Pingback to {$pingurl} failed ...", E_MESSAGE_ERROR, $smessages); } } } else { $message .= "<br />No pingback addresses were discovered"; $emessage->add("No pingback addresses were discovered", E_MESSAGE_INFO, $smessages); } } } /* end trackback */ //return $message; $data['message'] = $message; $data['error'] = $error; return $data; }
function processUpload() { $ns = e107::getRender(); $sql = e107::getDb(); $mes = e107::getMessage(); $tp = e107::getParser(); $error = false; $postemail = ''; if (($_POST['file_email'] || USER == TRUE) && $_POST['file_name'] && $_POST['file_description'] && $_POST['download_category']) { // $uploaded = file_upload(e_FILE."public/", "unique"); $fl = e107::getFile(); $uploaded = $fl->getUploaded(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE)); // $uploaded = process_uploaded_files(e_UPLOAD, "unique", array('max_file_count' => 2, 'extra_file_types' => TRUE)); // First, see what errors the upload handler picked up if ($uploaded === FALSE) { $error = true; $mes->addError(LAN_UL_021); } // Now see if we have a code file if (count($uploaded) > 0) { if ($uploaded[0]['error'] == 0) { $file = $uploaded[0]['name']; $filesize = $uploaded[0]['size']; } else { $error = true; $mes->addError($uploaded[0]['message']); } } // Now see if we have an image file if (count($uploaded) > 1) { if ($uploaded[1]['error'] == 0) { $image = $uploaded[1]['name']; } else { $error = true; $mes->addError($uploaded[1]['message']); } } // The upload handler checks max file size $downloadCategory = intval($_POST['download_category']); if (!$downloadCategory) { $error = true; $mes->addError(LAN_UL_037); } // an error - delete the files to keep things tidy if ($error) { @unlink($file); @unlink($image); } else { if (USER) { $poster = USERID; $row = e107::getUser()->toArray(); if ($row['user_hideemail']) { $postemail = '-witheld-'; } else { $postemail = USEREMAIL; } } else { $poster = "0"; //.$tp -> toDB($_POST['file_poster']); $postemail = $tp->toDB($_POST['file_email']); } if ($postemail != '-witheld-' && !check_email($postemail)) { $error = true; $mes->addError(LAN_UL_001); } else { if ($postemail == '-witheld-') { $postemail = ''; } $_POST['file_description'] = $tp->toDB($_POST['file_description']); $file_time = time(); $sql->insert("upload", "0, '" . $poster . "', '" . $postemail . "', '" . $tp->toDB($_POST['file_website']) . "', '" . $file_time . "', '" . $tp->toDB($_POST['file_name']) . "', '" . $tp->toDB($_POST['file_version']) . "', '" . $file . "', '" . $image . "', '" . $tp->toDB($_POST['file_description']) . "', '" . $tp->toDB($_POST['file_demo']) . "', '" . $filesize . "', 0, '" . $downloadCategory . "'"); $edata_fu = array("upload_user" => $poster, "upload_email" => $postemail, "upload_name" => $tp->toDB($_POST['file_name']), "upload_file" => $file, "upload_version" => $_POST['file_version'], "upload_description" => $tp->toDB($_POST['file_description']), "upload_size" => $filesize, "upload_category" => $downloadCategory, "upload_website" => $tp->toDB($_POST['file_website']), "upload_image" => $image, "upload_demo" => $tp->toDB($_POST['file_demo']), "upload_time" => $file_time); e107::getEvent()->trigger("fileupload", $edata_fu); // BC e107::getEvent()->trigger("user_file_upload", $edata_fu); $mes->addSuccess(LAN_404); } } } else { // Error - missing data $mes->addError(LAN_ERROR_29); } echo e107::getMessage()->render(); }
function dbContent($mode, $type) { //$mode : create or update //$type : none(=admin), submit, contentmanager global $pref, $qs, $sql, $ns, $rs, $aa, $tp, $plugintable, $e107cache, $e_event; $_POST['content_heading'] = $tp->toDB(trim($_POST['content_heading'])); $_POST['content_subheading'] = $tp->toDB($_POST['content_subheading']); $_POST['content_summary'] = $tp->toDB($_POST['content_summary']); if (e_WYSIWYG) { $_POST['content_text'] = $tp->createConstants($_POST['content_text']); // convert e107_images/ to {e_IMAGE} etc. } //the problem with tiny_mce is it's storing e_HTTP with an image path, while it should only use the {e_xxx} variables //this small check resolves this, and stores the paths correctly if (strstr($_POST['content_text'], e_HTTP . "{e_")) { $_POST['content_text'] = str_replace(e_HTTP . "{e_", "{e_", $_POST['content_text']); } $_POST['content_text'] = $tp->toDB($_POST['content_text']); $_POST['content_class'] = $_POST['content_class'] ? intval($_POST['content_class']) : "0"; $_POST['content_meta'] = $tp->toDB($_POST['content_meta']); //content create if (isset($qs[0]) && $qs[0] == 'content' && isset($qs[1]) && ($qs[1] == 'create' || $qs[1] == 'submit') && isset($qs[2]) && is_numeric($qs[2])) { $parent = intval($_POST['parent1']); //content edit } elseif (isset($qs[0]) && $qs[0] == 'content' && isset($qs[1]) && ($qs[1] == 'edit' || $qs[1] == 'sa') && isset($qs[2]) && is_numeric($qs[2])) { if (isset($_POST['parent1']) && strpos($_POST['parent1'], ".")) { $tmp = explode(".", $_POST['parent1']); $parent = $tmp[1]; } elseif (isset($_POST['preview_parent1']) && $_POST['preview_parent1']) { $parent = $_POST['preview_parent1']; } else { $parent = $_POST['parent1']; } } $_POST['parent'] = $parent; if (USER) { if ($_POST['content_author_id']) { if (!($_POST['content_author_id'] == USERID && $_POST['content_author_name'] == USERNAME && $_POST['content_author_email'] == USEREMAIL)) { $author = $_POST['content_author_id']; if ($_POST['content_author_name'] != CONTENT_ADMIN_ITEM_LAN_14) { $author .= "^" . $_POST['content_author_name']; } if ($_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) { $author .= "^" . $_POST['content_author_email']; } } else { $author = $_POST['content_author_id']; } } else { $author = $_POST['content_author_name']; if ($_POST['content_author_email'] != "" && $_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) { $author .= "^" . $_POST['content_author_email']; } } } else { // Non-user posting content if ($type != 'submit') { // Naughty! header("location:" . $plugindir . "content.php"); // but be kind exit; } $author = $_POST['content_author_name']; if ($_POST['content_author_email'] != "" && $_POST['content_author_email'] != CONTENT_ADMIN_ITEM_LAN_15) { $author .= "^" . $_POST['content_author_email']; } } $mainparent = $aa->getMainParent(intval($_POST['parent'])); $content_pref = $aa->getContentPref($mainparent); $content_pref["content_icon_path_tmp"] = $content_pref["content_icon_path_tmp"] ? $content_pref["content_icon_path_tmp"] : $content_pref["content_icon_path"] . "tmp/"; $content_pref["content_file_path_tmp"] = $content_pref["content_file_path_tmp"] ? $content_pref["content_file_path_tmp"] : $content_pref["content_file_path"] . "tmp/"; $content_pref["content_image_path_tmp"] = $content_pref["content_image_path_tmp"] ? $content_pref["content_image_path_tmp"] : $content_pref["content_image_path"] . "tmp/"; $content_cat_icon_path_large = $tp->replaceConstants($content_pref["content_cat_icon_path_large"]); $content_cat_icon_path_small = $tp->replaceConstants($content_pref["content_cat_icon_path_small"]); $content_icon_path = $tp->replaceConstants($content_pref["content_icon_path"]); $content_image_path = $tp->replaceConstants($content_pref["content_image_path"]); $content_file_path = $tp->replaceConstants($content_pref["content_file_path"]); $content_tmppath_icon = $tp->replaceConstants($content_pref["content_icon_path_tmp"]); $content_tmppath_file = $tp->replaceConstants($content_pref["content_file_path_tmp"]); $content_tmppath_image = $tp->replaceConstants($content_pref["content_image_path_tmp"]); //move icon to correct folder if ($_POST['content_icon']) { $icon = $tp->toDB($_POST['content_icon']); if ($icon && file_exists($content_tmppath_icon . $icon)) { rename($content_tmppath_icon . $icon, $content_icon_path . $icon); } } $sumf = 0; $sumi = 0; foreach ($_POST as $k => $v) { if (strpos($k, "content_files") === 0) { $sumf = $sumf + 1; } if (strpos($k, "content_images") === 0) { $sumi = $sumi + 1; } } //move attachments to correct folder $totalattach = ""; for ($i = 0; $i < $sumf; $i++) { $attach[$i] = $tp->toDB($_POST["content_files{$i}"]); if ($attach[$i] && file_exists($content_tmppath_file . $attach[$i])) { rename($content_tmppath_file . $attach[$i], $content_file_path . $attach[$i]); } if ($attach[$i] && file_exists($content_file_path . $attach[$i])) { $totalattach .= "[file]" . $attach[$i]; } } //move images to correct folder $totalimages = ""; for ($i = 0; $i < $sumi; $i++) { $image[$i] = $tp->toDB($_POST["content_images{$i}"]); /*if($image{$i} && file_exists($content_tmppath_image.$image{$i})){ rename($content_tmppath_image.$image{$i}, $content_image_path.$image{$i}); } if($image{$i} && file_exists($content_tmppath_image."thumb_".$image{$i})){ rename($content_tmppath_image."thumb_".$image{$i}, $content_image_path."thumb_".$image{$i}); } if($image{$i} && file_exists($content_image_path.$image{$i})){ //$totalimages .= "[img]".$image{$i}; } */ $totalimages .= "," . $image[$i]; } $zam = array("-", ":", " "); if ($_POST['update_datestamp']) { $starttime = time(); } else { if (isset($_POST['startdate']) && $_POST['startdate'] != "0" && $_POST['startdate'] != "") { $newstarttime = e107::getDate()->toTime($_POST['startdate'], 'inputdatetime'); } else { $newstarttime = time(); } if (isset($_POST['content_datestamp']) && $_POST['content_datestamp'] != "" && $_POST['content_datestamp'] != "0") { if ($newstarttime != $starttime) { $starttime = $newstarttime; } else { $starttime = intval($_POST['content_datestamp']); } } else { $starttime = time(); } } if (isset($_POST['enddate']) && $_POST['enddate'] != "0" && $_POST['enddate'] != "") { $endtime = e107::getDate()->toTime($_POST['enddate'], 'inputdatetime'); } else { $endtime = "0"; } //custom additional data tags for ($i = 0; $i < $content_pref["content_admin_custom_number"]; $i++) { if (isset($_POST["content_custom_key_{$i}"]) && isset($_POST["content_custom_value_{$i}"]) && $_POST["content_custom_value_{$i}"] != "") { $keystring = $tp->toDB($_POST["content_custom_key_{$i}"]); $custom["content_custom_{$keystring}"] = $tp->toDB($_POST["content_custom_value_{$i}"]); } } //preset additional data tags if (isset($_POST['content_custom_preset_key']) && $_POST['content_custom_preset_key']) { $custom['content_custom_presettags'] = $tp->toDB($_POST['content_custom_preset_key']); } if ($custom) { $contentprefvalue = e107::serialize($custom); //$contentprefvalue = $eArrayStorage->WritexxxArray($custom); } else { $contentprefvalue = ""; } $_POST['content_layout'] = !$_POST['content_layout'] || $_POST['content_layout'] == "content_content_template.php" ? "" : $tp->toDB($_POST['content_layout']); //content_order : not added in the sql //content_refer : only added in sql if posting submitted item //$refer = (isset($_POST['content_refer']) && $_POST['content_refer']=='sa' ? ", content_refer='' " : ""); if ($mode == "create") { if ($type == "submit") { $refer = $content_pref["content_submit_directpost"] ? "" : "sa"; } else { $refer = ""; } $sql->db_Insert($plugintable, "'0', '" . $_POST['content_heading'] . "', '" . $_POST['content_subheading'] . "', '" . $_POST['content_summary'] . "', '" . $_POST['content_text'] . "', '" . $tp->toDB($author) . "', '" . $icon . "', '" . $totalattach . "', '" . $totalimages . "', '" . $_POST['parent'] . "', '" . intval($_POST['content_comment']) . "', '" . intval($_POST['content_rate']) . "', '" . intval($_POST['content_pe']) . "', '" . $refer . "', '" . $starttime . "', '" . $endtime . "', '" . $_POST['content_class'] . "', '" . $contentprefvalue . "', '0', '" . intval($_POST['content_score']) . "', '" . $_POST['content_meta'] . "', '" . $_POST['content_layout'] . "' "); $e107cache->clear("{$plugintable}"); //trigger event for notify $edata_cs = array("content_heading" => $_POST['content_heading'], "content_subheading" => $_POST['content_subheading'], "content_author" => $_POST['content_author_name']); // $e_event->trigger("content", $edata_cs); NOT WORKING FOR ADMIN e107::getEvent()->trigger('content', $edata_cs); if (!$type || $type == "admin") { //jsx_location(e_SELF."?".e_QUERY.".cc"); $url = e_SELF . "?" . e_QUERY . ".cc"; e107::getRedirect()->go($url); } elseif ($type == "contentmanager") { //jsx_location(e_SELF."?c"); $url = e_SELF . "?c"; e107::getRedirect()->go($url); } elseif ($type == "submit") { if ($content_pref["content_submit_directpost"]) { // jsx_location(e_SELF."?s"); $url = e_SELF . "?s"; e107::getRedirect()->go($url); } else { // jsx_location(e_SELF."?d"); $url = e_SELF . "?d"; e107::getRedirect()->go($url); } } } if ($mode == "update") { if ($type == "submit") { if (isset($_POST['content_refer']) && $_POST['content_refer'] == 'sa') { $refer = ", content_refer='' "; } else { $refer = ""; } } else { if (isset($_POST['content_refer']) && $_POST['content_refer'] == 'sa') { $refer = ", content_refer='' "; } else { $refer = ""; } } $sql->db_Update($plugintable, "content_heading = '" . $_POST['content_heading'] . "', content_subheading = '" . $_POST['content_subheading'] . "', content_summary = '" . $_POST['content_summary'] . "', content_text = '" . $_POST['content_text'] . "', content_author = '" . $tp->toDB($author) . "', content_icon = '" . $icon . "', content_file = '" . $totalattach . "', content_image = '" . $totalimages . "', content_parent = '" . $_POST['parent'] . "', content_comment = '" . intval($_POST['content_comment']) . "', content_rate = '" . intval($_POST['content_rate']) . "', content_pe = '" . intval($_POST['content_pe']) . "' " . $refer . ", content_datestamp = '" . $starttime . "', content_enddate = '" . $endtime . "', content_class = '" . $_POST['content_class'] . "', content_pref = '" . $contentprefvalue . "', content_score='" . intval($_POST['content_score']) . "', content_meta='" . $_POST['content_meta'] . "', content_layout='" . $_POST['content_layout'] . "' WHERE content_id = '" . intval($_POST['content_id']) . "' "); $e107cache->clear("{$plugintable}"); $e107cache->clear("comment.{$plugintable}.{$_POST['content_id']}"); if (!$type || $type == "admin") { //jsx_location(e_SELF."?".e_QUERY.".cu"); $url = e_SELF . "?" . e_QUERY . ".cu"; e107::getRedirect()->go($url); } elseif ($type == "contentmanager") { //jsx_location(e_SELF."?u"); $url = e_SELF . "?u"; e107::getRedirect()->go($url); } } }
$user_prefs['email_password'] = $userMethods->HashPassword($new_pass, $email); $userData['data']['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); } $userData['data']['user_pwchange'] = time(); $userData['WHERE'] = 'user_id=' . USERID; validatorClass::addFieldTypes($userMethods->userVettingInfo, $userData, $userMethods->otherFieldTypes); $check = $sql->update('user', $userData); if ($check) { e107::getLog()->add('ADMINPW_01', '', E_LOG_INFORMATIVE, ''); $userMethods->makeUserCookie(array('user_id' => USERID, 'user_password' => $userData['data']['user_password']), FALSE); // Can't handle autologin ATM $mes->addSuccess(UDALAN_3 . " " . ADMINNAME); e107::getEvent()->trigger('adpword'); //@deprecated $eventData = array('user_id' => USERID, 'user_pwchange' => $userData['data']['user_pwchange']); e107::getEvent()->trigger('admin_password_update', $eventData); $ns->tablerender(UDALAN_2, $mes->render()); } else { $mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED); $ns->tablerender(LAN_UPDATED_FAILED, $mes->render()); } } else { $mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED); $ns->tablerender(LAN_UPDATED_FAILED, $mes->render()); } } } else { $text = "\n\t<form method='post' action='" . e_SELF . "'>\n\t\t<fieldset id='core-updateadmin'>\n\t\t\t<legend class='e-hideme'>" . UDALAN_8 . " " . ADMINNAME . "</legend>\n\t\t\t<table class='table adminform'>\n\t\t\t\t<colgroup>\n\t\t\t\t\t<col class='col-label' />\n\t\t\t\t\t<col class='col-control' />\n\t\t\t\t</colgroup>\n\t\t\t\t<tbody>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . UDALAN_4 . ":</td>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t" . ADMINNAME . "\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . LAN_PASSWORD . ":</td>\n\t\t\t\t\t\t<td>" . $frm->password('a_password', '', 20, 'generate=1&strength=1') . "\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td>" . UDALAN_6 . ":</td>\n\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t<input class='tbox input-text' type='password' name='a_password2' size='60' value='' maxlength='20' />\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tbody>\n\t\t\t</table>\n\t\t\t<div class='buttons-bar center'>\n\t\t\t\t<input type='hidden' name='ac' value='" . md5(ADMINPWCHANGE) . "' />" . $frm->admin_button('update_settings', 'no-value', 'update', UDALAN_7) . "\n\t\t\t\t\n\t\t\t</div>\n\t\t</fieldset>\n\t</form>\n\t\n\t"; $ns->tablerender(UDALAN_8 . " " . ADMINNAME, $text); } require_once e_ADMIN . 'footer.php';
} } } if (vartrue($records) > 30) { $records = 30; } if (isset($id)) { if ($id == 0) { $text = "<div style='text-align:center'>" . LAN_USER_49 . " " . SITENAME . "</div>"; $ns->tablerender(LAN_USER_48, $text); require_once FOOTERF; exit; } $loop_uid = $id; $ret = e107::getEvent()->trigger("showuser", $id); $ret2 = e107::getEvent()->trigger('user_profile_display', $id); if (!empty($ret) || !empty($ret2)) { $text = "<div style='text-align:center'>" . $ret . "</div>"; $ns->tablerender(LAN_USER_48, $text); require_once FOOTERF; exit; } if (vartrue($pref['profile_comments'])) { require_once e_HANDLER . "comment_class.php"; $comment_edit_query = 'comment.user.' . $id; } if (isset($_POST['commentsubmit']) && $pref['profile_comments']) { $cobj = new comment(); $cobj->enter_comment($_POST['author_name'], $_POST['comment'], 'profile', $id, $pid, $_POST['subject']); } if ($text = renderuser($id)) {
private function processActivationLink() { global $userMethods; $sql = e107::getDb(); $tp = e107::getParser(); $ns = e107::getRender(); $log = e107::getLog(); $pref = e107::pref('core'); $qs = explode('.', e_QUERY); if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) { // FIXME TODO use generic multilanguage selection => e107::coreLan(); // return the message in the correct language. if (isset($qs[3]) && strlen($qs[3]) == 2) { require_once e_HANDLER . 'language_class.php'; $slng = new language(); $the_language = $slng->convert($qs[3]); if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) { include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE; } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } e107::getCache()->clear("online_menu_totals"); if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) { if ($row = $sql->fetch()) { $dbData = array(); $dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' "; $dbData['data'] = array('user_ban' => '0', 'user_sess' => ''); // Set initial classes, and any which the user can opt to join if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) { //print_a($init_class); exit; $dbData['data']['user_class'] = $init_class; } $userMethods->addNonDefaulted($dbData); validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData); $newID = $sql->update('user', $dbData); if ($newID === false) { $log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING); $ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101); return false; } // Log to user audit log if enabled $log->user_audit(USER_AUDIT_EMAILACK, $row); e107::getEvent()->trigger('userveri', $row); // Legacy event e107::getEvent()->trigger('user_signup_activated', $row); e107::getEvent()->trigger('userfull', $row); // 'New' event if (varset($pref['autologinpostsignup'])) { require_once e_HANDLER . 'login.php'; $usr = new userlogin(); $usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', ''); } $text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>"; $ns->tablerender(LAN_SIGNUP_75, $text); } } else { // Invalid activation code $log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING); echo e107::getMessage()->addError("Invalid URL")->render(); // header("location: ".e_BASE."index.php"); return false; } } }
// Now tidy up if ($photo_to_delete) { // Photo may be a flat file, or in the database delete_file($photo_to_delete); } if ($avatar_to_delete) { // Avatar may be a flat file, or in the database delete_file($avatar_to_delete); } // If user has changed display name, update the record in the online table if (isset($changedUserData['user_name']) && !$_uid) { $sql->db_Update('online', "online_user_id = '" . USERID . "." . $changedUserData['user_name'] . "' WHERE online_user_id = '" . USERID . "." . USERNAME . "'"); } e107::getEvent()->trigger('postuserset', $_POST); if (count($triggerData)) { e107::getEvent()->trigger('userdatachanged', $triggerData); } if (e_QUERY == 'update') { e107::redirect(); } if ($adminEdit && $message) { $mes->addSuccess($message); } if (isset($USERSETTINGS_MESSAGE)) { $message = str_replace("{MESSAGE}", $message, $USERSETTINGS_MESSAGE); } elseif (!deftrue('BOOTSTRAP')) { $message = "<div style='text-align:center'>" . $message . '</div>'; } $caption = isset($USERSETTINGS_MESSAGE_CAPTION) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK; } // End - if (!$error)...
/** * User login via external user provider * @param string $xup external user provider identifier * @return boolean success */ public final function loginProvider($xup) { if (!e107::getPref('social_login_active', false)) { return false; } if ($this->isUser()) { return true; } $userlogin = new userlogin(); $userlogin->login($xup, '', 'provider', false, true); $userdata = $userlogin->getUserData(); $this->setSessionData(true)->setData($userdata); e107::getEvent()->trigger('user_xup_login', $userdata); return $this->isUser(); }
<?php /** * @file * This file is loaded every time the core of e107 is included. ie. Wherever * you see require_once("class2.php") in a script. It allows a developer to * modify or define constants, parameters etc. which should be loaded prior to * the header or anything that is sent to the browser as output. It may also be * included in Ajax calls. */ e107::lan('nodejs_comment', false, true); // Register events. $event = e107::getEvent(); $event->register('postcomment', 'nodejs_comment_event_postcomment_callback'); $event->register('login', 'nodejs_comment_event_login_callback'); // TODO: send notifications after comment has been approved. /** * Event callback after triggering "postcomment". * * @param array $comment * Comment item. * * $comment contains: * - comment_pid * - comment_item_id * - comment_subject * - comment_author_id * - comment_author_name * - comment_author_email * - comment_datestamp * - comment_comment
function add($vars) { $tp = e107::getParser(); $sql = e107::getDb(); $pmsize = 0; $attachlist = ''; $pm_options = ''; $ret = ''; $addOutbox = TRUE; $maxSendNow = varset($this->pmPrefs['pm_max_send'], 100); // Maximum number of PMs to send without queueing them if (isset($vars['pm_from'])) { // Doing bulk send off cron task $info = array(); foreach ($vars as $k => $v) { if (strpos($k, 'pm_') === 0) { $info[$k] = $v; unset($vars[$k]); } } $addOutbox = FALSE; // Don't add to outbox - was done earlier } else { // Send triggered by user - may be immediate or bulk dependent on number of recipients $vars['options'] = ''; if (isset($vars['receipt']) && $vars['receipt']) { $pm_options .= '+rr+'; } if (isset($vars['uploaded'])) { foreach ($vars['uploaded'] as $u) { if (!isset($u['error']) || !$u['error']) { $pmsize += $u['size']; $a_list[] = $u['name']; } } $attachlist = implode(chr(0), $a_list); } $pmsize += strlen($vars['pm_message']); $pm_subject = trim($tp->toDB($vars['pm_subject'])); $pm_message = trim($tp->toDB($vars['pm_message'])); if (!$pm_subject && !$pm_message && !$attachlist) { // Error - no subject, no message body and no uploaded files return LAN_PM_65; } // Most of the pm info is fixed - just need to set the 'to' user on each send $info = array('pm_from' => $vars['from_id'], 'pm_sent' => time(), 'pm_read' => 0, 'pm_subject' => $pm_subject, 'pm_text' => $pm_message, 'pm_sent_del' => 0, 'pm_read_del' => 0, 'pm_attachments' => $attachlist, 'pm_option' => $pm_options, 'pm_size' => $pmsize); } if (isset($vars['to_userclass']) || isset($vars['to_array'])) { if (isset($vars['to_userclass'])) { $toclass = e107::getUserClass()->uc_get_classname($vars['pm_userclass']); $tolist = $this->get_users_inclass($vars['pm_userclass']); $ret .= LAN_PM_38 . ": {$toclass}<br />"; $class = TRUE; } else { $tolist = $vars['to_array']; $class = FALSE; } // Sending multiple PMs here. If more than some number ($maxSendNow), need to split into blocks. if (count($tolist) > $maxSendNow) { $totalSend = count($tolist); $targets = array_chunk($tolist, $maxSendNow); // Split into a number of lists, each with the maximum number of elements (apart from the last block, of course) unset($tolist); $array = new ArrayData(); $pmInfo = $info; $genInfo = array('gen_type' => 'pm_bulk', 'gen_datestamp' => time(), 'gen_user_id' => USERID, 'gen_ip' => ''); for ($i = 0; $i < count($targets) - 1; $i++) { // Save the list in the 'generic' table $pmInfo['to_array'] = $targets[$i]; // Should be in exactly the right format $genInfo['gen_intdata'] = count($targets[$i]); $genInfo['gen_chardata'] = $array->WriteArray($pmInfo, TRUE); $sql->insert('generic', array('data' => $genInfo, '_FIELD_TYPES' => array('gen_chardata' => 'string'))); // Don't want any of the clever sanitising now } $toclass .= ' [' . $totalSend . ']'; $tolist = $targets[count($targets) - 1]; // Send the residue now (means user probably isn't kept hanging around too long if sending lots) unset($targets); } foreach ($tolist as $u) { set_time_limit(30); $info['pm_to'] = intval($u['user_id']); // Sending to a single user now if ($pmid = $sql->insert('private_msg', $info)) { $info['pm_id'] = $pmid; e107::getEvent()->trigger('user_pm_sent', $info); unset($info['pm_id']); // prevent it from being used on the next record. if ($class == FALSE) { $toclass .= $u['user_name'] . ', '; } if (check_class($this->pmPrefs['notify_class'], $u['user_class'])) { $vars['to_info'] = $u; $this->pm_send_notify($u['user_id'], $vars, $pmid, count($a_list)); } } else { $ret .= LAN_PM_39 . ": {$u['user_name']} <br />"; e107::getMessage()->addDebug($sql->getLastErrorText()); } } if ($addOutbox) { $info['pm_to'] = $toclass; // Class info to put into outbox $info['pm_sent_del'] = 0; $info['pm_read_del'] = 1; if (!($pmid = $sql->insert('private_msg', $info))) { $ret .= LAN_PM_41 . '<br />'; } } } else { // Sending to a single person $info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now if ($pmid = $sql->insert('private_msg', $info)) { $info['pm_id'] = $pmid; e107::getEvent()->trigger('user_pm_sent', $info); if (check_class($this->pmPrefs['notify_class'], $vars['to_info']['user_class'])) { set_time_limit(30); $this->pm_send_notify($vars['to_info']['user_id'], $vars, $pmid, count($a_list)); } $ret .= LAN_PM_40 . ": {$vars['to_info']['user_name']}<br />"; } } return $ret; }
rename(e_UPLOAD . $filename, e_UPLOAD . $submitnews_file); } } } if ($filename && file_exists(e_UPLOAD . $submitnews_file)) { $submitnews_filearray[] = $submitnews_file; } } } } if ($submitnews_error === FALSE) { $sql->insert("submitnews", "0, '{$submitnews_user}', '{$submitnews_email}', '{$submitnews_title}', '" . intval($_POST['cat_id']) . "', '{$submitnews_item}', '" . time() . "', '{$ip}', '0', '" . implode(',', $submitnews_filearray) . "' "); $edata_sn = array("user" => $submitnews_user, "email" => $submitnews_email, "itemtitle" => $submitnews_title, "catid" => intval($_POST['cat_id']), "item" => $submitnews_item, "image" => $submitnews_file, "ip" => $ip); e107::getEvent()->trigger("subnews", $edata_sn); // bc e107::getEvent()->trigger("user_news_submit", $edata_sn); $mes = e107::getMessage(); $mes->addSuccess(LAN_134); echo $mes->render(); // $ns->tablerender(LAN_133, "<div style='text-align:center'>".LAN_134."</div>"); require_once FOOTERF; exit; } else { message_handler("P_ALERT", $message); } } $text = ""; if (!defined("USER_WIDTH")) { define("USER_WIDTH", "width:95%"); } if (!empty($pref['news_subheader'])) {
$logVals .= "&agent=" . $_SERVER['HTTP_USER_AGENT']; parse_str($logVals, $vals); $vals['referer'] = urldecode($vals['referer']); $vals['eself'] = urldecode($vals['eself']); if (empty($_SESSION['log_userLoggedPages']) || !in_array($vals['eself'], $_SESSION['log_userLoggedPages'])) { $_SESSION['log_userLoggedPages'][] = $vals['eself']; $logVals .= "&unique=1"; } else { $logVals .= "&unique=0"; } $logVals = str_replace('%3A', ':', $logVals); // make the URLs a bit cleaner, while keeping any urlqueries encoded. $lg = e107::getAdminLog(); $lg->addDebug(print_r($logVals, true)); $lg->toFile('SiteStats', 'Statistics Log', true); e107::getEvent()->trigger('user_log_stats', $vals); // ------------------------------------ --------------------- // We MUST have a timezone set in PHP >= 5.3. This should work for PHP >= 5.1: // @todo may be able to remove this check once minimum PHP version finalised if (function_exists('date_default_timezone_get')) { date_default_timezone_set(@date_default_timezone_get()); // Just set a default - it should default to UTC if no timezone set } //$logfp = fopen(e_LOG.'rcvstring.txt', 'a+'); fwrite($logfp, $logVals."\n"); fclose($logfp); //$logfp = fopen(e_LOG.'rcvstring.txt', 'a+'); fwrite($logfp, print_r($vals, TRUE)."\n"); fclose($logfp); $colour = strip_tags(isset($vals['colour']) ? $vals['colour'] : ''); $res = strip_tags(isset($vals['res']) ? $vals['res'] : ''); $self = strip_tags(isset($vals['eself']) ? $vals['eself'] : ''); $ref = addslashes(strip_tags(isset($vals['referer']) ? $vals['referer'] : '')); $logQry = isset($vals['qry']) && $vals['qry']; $date = date('z.Y', time());
require_once HEADERF; $action = $currentNewsAction; if (vartrue($NEWSLISTSTYLE)) { $template = array('start' => '', 'item' => $NEWSLISTSTYLE, 'end' => ''); } else { $template = e107::getTemplate('news', 'news', 'list'); } // Legacy Styling.. $param = array(); $param['itemlink'] = defined("NEWSLIST_ITEMLINK") ? NEWSLIST_ITEMLINK : ""; $param['thumbnail'] = defined("NEWSLIST_THUMB") ? NEWSLIST_THUMB : "border:0px"; $param['catlink'] = defined("NEWSLIST_CATLINK") ? NEWSLIST_CATLINK : ""; $param['caticon'] = defined("NEWSLIST_CATICON") ? NEWSLIST_CATICON : defset('ICONSTYLE', ''); $param['current_action'] = $action; // NEW - allow news batch shortcode override (e.g. e107::getScBatch('news', 'myplugin', true); ) e107::getEvent()->trigger('news_list_parse', $newsList); $text = ''; if (vartrue($template['start'])) { $text .= $tp->parseTemplate($template['start'], true); } foreach ($newsList as $row) { $text .= $ix->render_newsitem($row, 'return', '', $template['item'], $param); } if (vartrue($template['end'])) { $text .= $tp->parseTemplate($template['end'], true); } $icon = $row['category_icon'] ? "<img src='" . e_IMAGE . "icons/" . $row['category_icon'] . "' alt='' />" : ""; // Deprecated. // $parms = $news_total.",".$amount.",".$newsfrom.",".$e107->url->getUrl('core:news', 'main', "action=nextprev&to_action={$action}&subaction={$category}"); // $parms = $news_total.",".$amount.",".$newsfrom.",".e_SELF.'?'.$action.".".$category.".[FROM]"; //
$class_list[] = e_UC_ADMIN; if (strpos($row['user_perms'], '0') === 0) { $class_list[] = e_UC_MAINADMIN; } } $class_list[] = e_UC_MEMBER; $class_list[] = e_UC_PUBLIC; $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) { // Need to note in user audit trail e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); } $edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',', $class_list), 'user_admin' => $row['user_admin']); // Fix - set cookie before login trigger session_set(e_COOKIE, $cookieval, time() + 3600 * 24 * 30); e107::getEvent()->trigger("login", $edata_li); e107::getRedirect()->redirect(e_ADMIN_ABS . 'admin.php'); //echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n"; } } $e_sub_cat = 'logout'; if (ADMIN == FALSE) { define("e_IFRAME", TRUE); } if (!defset('NO_HEADER')) { require_once e_ADMIN . "header.php"; } if (ADMIN == FALSE) { // Needs help from Deso, Vesko and Stoev! :-) e107::css('inline', "\n\t\t\n\t\t\tbody \t\t\t\t{ \ttext-align: left; font-size:15px; line-height:1.5em; font-weight:normal; font-family:Arial, Helvetica, sans-serif; background:#081D28 url(" . e_IMAGE . "logo_template_large.png) no-repeat 50% 40px; }\n\t\t\ta\t\t\t\t\t{ \tcolor:#F6931E; text-decoration:none; }\n\t\t\ta:hover\t\t\t\t{ \tcolor:silver; text-decoration:none; }\n\t\t\t.bold\t\t\t\t{ \tfont-weight:bold; }\n\t\t\t.field\t\t\t\t{ \ttext-align:center;padding:5px }\n\t\t\t.field input\t\t{\tpadding:5px; \n\t\t\t\t\t\t\t\t\tborder-width:1px;\t\t\t\t\t\t\t\n \t\t\t\t\t\t\t\tborder-style:solid;\n \t\t\t\t\t\t\t\tborder-color:#aaa #c8c8c8 #c8c8c8 #aaa;\n\t\t\t\t\t\t\t\t\tbackground:#fff;\n\t\t\t\t\t\t\t\t\tfont:16px arial, helvetica, sans-serif;\n\t\t\t\t\t\t\t\t\t-moz-border-radius: 4px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius: 4px;\n\t\t\t\t\t\t\t\t\tborder-radius: 4px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\tbox-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t.field input:focus\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\n\t\t\t.field input:hover\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin \t\t{\n\t\t\t\t\t\t\t\t\tmargin-left:auto;\n\t\t\t\t\t\t\t\t\tmargin-right:auto;\n\t\t\t\t\t\t\t\t\tmargin-top:12%;\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\twidth:400px; \n\t\t\t\t\t\t\t\t\t/*\t\n\t\t\t\t\t\t\t\t\tpadding: 10px 20px 0 20px;\n\t\t\t\t\t\t\t\t\t-moz-border-radius:5px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius:5px;\n\t\t\t\t\t\t\t\t\tborder-radius:5px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\tbox-shadow:5px 5px 20px #000000;\t\n\t\t\t\t\t\t\t\t\tbackground-color: #FEFEFE;\n\t\t\t\t\t\t\t\t\t*/\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin label \t{ \tdisplay: none; text-align: right\t}\n\t\t\t\t\n\t\t\t\n\t\t\t.admin-submit \t\t{ \ttext-align: center; \tpadding:20px;\t}\n\t\t\t\n\t\t\t.submit\t\t\t\t{ }\n\t\t\t\n\t\t\n\t\t\t.placeholder \t\t{\tcolor: #bbb; font-style:italic\t}\n\t\n\t\t\t::-webkit-input-placeholder { font-style:italic;\tcolor: #bbb; \t}\n\t\t\n\t\t\t:-moz-placeholder \t{ font-style:italic;\tcolor: #bbb; \t\t}\n\t\t\t\n\t\t\th2\t\t\t\t\t{ text-align: center; color: #FAAD3D; }\n\t\t\t\n\t\t\t#username\t\t\t{background: url(" . e_IMAGE . "admin_images/admins_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\t \n\t\t\t#userpass\t\t\t{background: url(" . e_IMAGE . "admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\n\t\t\tinput[disabled] \t{\tcolor: silver;\t}\n\t\t\tbutton[disabled] span\t{\tcolor: silver;\t}\n\t\t\n\t\t"); $obj = new auth();
/** * Go online * @param boolean $online_tracking * @param boolean $flood_control * @return void */ public function goOnline($online_tracking = false, $flood_control = false) { // global $pref, $e_event; // Not needed as globals //global $online_timeout, $online_warncount, $online_bancount; // Not needed as globals //global $members_online, $total_online; // Not needed as globals global $listuserson; // FIXME - remove it, make it property, call e_online signleton - e107::getOnline() $e107 = e107::getInstance(); $sql = e107::getDb(); $user = e107::getUser(); if ($online_tracking || $flood_control) { $online_timeout = 300; list($ban_access_guest, $ban_access_member) = explode(',', e107::getPref('ban_max_online_access', '100,200')); $online_bancount = max($ban_access_guest, 50); // Safety net for incorrect values if ($user->isUser()) { $online_bancount = max($online_bancount, $ban_access_member); } $online_warncount = $online_bancount * 0.9; // Set warning threshold at 90% of ban threshold //TODO Add support for all queries. // $page = (strpos(e_SELF, 'forum_') !== FALSE) ? e_SELF.'.'.e_QUERY : e_SELF; // $page = (strpos(e_SELF, 'comment') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; // $page = (strpos(e_SELF, 'content') !== FALSE) ? e_SELF.'.'.e_QUERY : $page; $page = e_REQUEST_URI; // mod rewrite & single entry support // FIXME parse url, trigger registered e_online callbacks $page = e107::getParser()->toDB($page, true); /// @todo - try not to use toDB() - triggers prefilter $ip = e107::getIPHandler()->getIP(FALSE); $udata = $user->isUser() && USER ? $user->getId() . '.' . $user->getName() : '0'; // USER check required to make sure they logged in without an error. $agent = $_SERVER['HTTP_USER_AGENT']; // XXX - more exceptions, e.g. hide online location for admins/users (pref), e_jlsib.php, etc // XXX - more advanced flod timing when e_AJAX_REQUEST, e.g. $ban_access_ajax = 300 $update_page = deftrue('e_AJAX_REQUEST') ? '' : ", online_location='{$page}'"; $insert_query = array('online_timestamp' => time(), 'online_flag' => 0, 'online_user_id' => $udata, 'online_ip' => $ip, 'online_location' => $page, 'online_pagecount' => 1, 'online_active' => 0, 'online_agent' => $agent, 'online_language' => e_LAN); // !deftrue('e_AJAX_REQUEST') // TODO add option to hide users from online list? boolean online_hide field? // don't do anything if main admin logged in as another user if ($user->isUser() && !$user->getParentId()) { // Find record that matches IP or visitor, or matches user info if ($sql->select('online', '*', "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) { $row = $sql->fetch(); if ($row['online_user_id'] == $udata) { //Matching user record if ($row['online_timestamp'] < time() - $online_timeout) { //It has been at least 'online_timeout' seconds since this user's info last logged //Update user record with timestamp, current IP, current page and set pagecount to 1 $query = "online_timestamp='" . time() . "', online_ip='{$ip}'{$update_page}, online_pagecount=1, `online_active` = 1 WHERE online_user_id='{$row['online_user_id']}'"; } else { if (!$user->isAdmin()) { $row['online_pagecount']++; } // Update user record with current IP, current page and increment pagecount $query = "online_ip='{$ip}'{$update_page}, `online_pagecount` = '" . intval($row['online_pagecount']) . "', `online_active` = 1 WHERE `online_user_id` = '{$row['online_user_id']}'"; } } else { //Found matching visitor record (ip only) for this user if ($row['online_timestamp'] < time() - $online_timeout) { // It has been at least 'timeout' seconds since this user has connected // Update record with timestamp, current IP, current page and set pagecount to 1 $query = "`online_timestamp` = '" . time() . "', `online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = 1, `online_active` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } else { // Another visit within the timeout period if (!$user->isAdmin()) { $row['online_pagecount']++; } //Update record with current IP, current page and increment pagecount $query = "`online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = " . intval($row['online_pagecount']) . ", `online_active` =1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } } $sql->update('online', $query); } else { $sql->insert('online', $insert_query); } } elseif (!$user->getParentId()) { //Current page request is from a guest if ($sql->select('online', '*', "`online_ip` = '{$ip}' AND `online_user_id` = '0'")) { // Recent visitor $row = $sql->fetch(); if ($row['online_timestamp'] < time() - $online_timeout) { //Update record with timestamp, current page, and set pagecount to 1 $query = "`online_timestamp` = '" . time() . "'{$update_page}, `online_pagecount` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } else { //Update record with current page and increment pagecount $row['online_pagecount']++; // echo "here {$online_pagecount}"; $query = "`online_pagecount` = {$row['online_pagecount']}{$update_page} WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'"; } $sql->update('online', $query); } else { // New visitor $sql->insert('online', $insert_query); } } if ($user->isAdmin() || e107::getPref('autoban') != 1 && e107::getPref('autoban') != 2 || !isset($row['online_pagecount'])) { $row['online_pagecount'] = 1; } // Always allow localhost - any problems are usually semi-intentional! if (varset($row['online_ip']) != '127.0.0.1' && varset($row['online_ip']) != e107::LOCALHOST_IP && varset($row['online_ip']) != e107::LOCALHOST_IP2) { // Check for excessive access if ($row['online_pagecount'] > $online_bancount) { e107::lan('core', 'banlist', true); //e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_banlist.php' $reason = e107::getParser()->lanVars(BANLAN_78, $row['online_pagecount']); // str_replace('--HITS--',$row['online_pagecount'], BANLAN_78) if (true === e107::getIPHandler()->add_ban(2, $reason, $ip, 0)) { e107::getEvent()->trigger('flood', $ip); //BC e107::getEvent()->trigger('user_ban_flood', $ip); exit; } } elseif ($row['online_pagecount'] >= $online_warncount) { echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>" . LAN_WARNING . "</b><br /><br />" . CORE_LAN6 . "<br /></div>"; exit; } } // Delete records for users (and guests) not seen for a while // FIXME - DB optimization - mark records as deleted (online_deleted=1), delete once per hour (could be pref) via e_cron // FIXME - Additional prefs for this (it does 2-3 more queries no matter someone need them), could be also separate method // Speed up ajax requests if (!deftrue('e_AJAX_REQUEST')) { $sql->delete('online', '`online_timestamp` < ' . (time() - $online_timeout)); // FIXME - don't use constants below, save data in class vars, call e_online signleton - e107::getOnline() // $total_online = $sql->db_Count('online'); // 1 less query! :-) if ($total_online = $sql->gen('SELECT o.*,u.user_image FROM #online AS o LEFT JOIN #user AS u ON o.online_user_id = u.user_id WHERE o.online_pagecount > 0 ORDER BY o.online_timestamp DESC')) { $member_list = ''; $members_online = 0; $listuserson = array(); while ($row = $sql->fetch()) { $row['online_bot'] = $this->isBot($row['online_agent']); // Sort into usable format and add bot field. $user = array('user_location' => $row['online_location'], 'user_bot' => $this->isBot($row['online_agent']), 'user_agent' => $row['online_agent'], 'user_ip' => $row['online_ip'], 'user_currentvisit' => $row['online_timestamp'], 'user_online' => $row['online_flag'], 'user_pagecount' => $row['online_pagecount'], 'user_active' => $row['online_active'], 'user_image' => vartrue($row['user_image'], false), 'online_user_id' => $row['online_user_id'], 'user_language' => $row['online_language']); if ($row['online_user_id'] != 0) { $vals = explode('.', $row['online_user_id'], 2); $user['user_id'] = $vals[0]; $user['user_name'] = $vals[1]; $member_list .= "<a href='" . SITEURL . "user.php?id.{$vals[0]}'>{$vals[1]}</a> "; $listuserson[$row['online_user_id']] = $row['online_location']; $this->users[] = $user; $members_online++; } else { $user['user_id'] = 0; $user['user_name'] = 'guest'; // Maybe should just be an empty string? $this->guests[] = $user; } } } define('TOTAL_ONLINE', $total_online); define('MEMBERS_ONLINE', $members_online); define('GUESTS_ONLINE', $total_online - $members_online); define('ON_PAGE', $sql->db_Count('online', '(*)', "WHERE `online_location` = '{$page}' ")); define('MEMBER_LIST', $member_list); //update most ever online $olCountPrefs = e107::getConfig('history'); // Get historic counts of members on line $olCountPrefs->setParam('nologs', true); if ($total_online > $olCountPrefs->get('most_members_online') + $olCountPrefs->get('most_guests_online')) { $olCountPrefs->set('most_members_online', MEMBERS_ONLINE); $olCountPrefs->set('most_guests_online', GUESTS_ONLINE); $olCountPrefs->set('most_online_datestamp', time()); $olCountPrefs->save(false, true, false); } } } else { define('e_TRACKING_DISABLED', true); // Used in forum, online menu define('TOTAL_ONLINE', ''); define('MEMBERS_ONLINE', ''); define('GUESTS_ONLINE', ''); define('ON_PAGE', ''); define('MEMBER_LIST', ''); } }
private function triggerNotify($new_data) { $visibility = explode(",", $new_data['news_class']); if (in_array(e_UC_PUBLIC, $visibility)) { e107::getEvent()->trigger('admin_news_notify', $new_data); e107::getMessage()->addSuccess("Email notification triggered"); } else { e107::getMessage()->addWarning("News item visibility must include 'everyone' for email notifications to work."); } }