/**
* send "tell a friend" email
*/
function SendTellFriend($iSenderID = 0)
{
global $profileID;
$sRecipient = clear_xss($_POST['friends_emails']);
$sSenderName = clear_xss($_POST['name']);
$sSenderEmail = clear_xss($_POST['email']);
if (strlen(trim($sRecipient)) <= 0) {
return 0;
}
if (strlen(trim($sSenderEmail)) <= 0) {
return 0;
}
$sLinkAdd = $iSenderID > 0 ? 'idFriend=' . $iSenderID : '';
$rEmailTemplate = new BxDolEmailTemplates();
if ($profileID) {
$aTemplate = $rEmailTemplate->getTemplate('t_TellFriendProfile', $profileID);
$Link = getProfileLink($profileID, $sLinkAdd);
} else {
$aTemplate = $rEmailTemplate->getTemplate('t_TellFriend');
$Link = BX_DOL_URL_ROOT;
if (strlen($sLinkAdd) > 0) {
$Link .= '?' . $sLinkAdd;
}
}
$aPlus = array('Link' => $Link, 'FromName' => $sSenderName);
return sendMail($sRecipient, $aTemplate['Subject'], $aTemplate['Body'], '', $aPlus);
}
/**
* send "tell a friend" email
*/
function SendTellFriend($iSenderID = 0)
{
global $profileID;
$sSenderEmail = clear_xss(bx_get('sender_email'));
if (strlen(trim($sSenderEmail)) <= 0) {
return 0;
}
$sSenderName = clear_xss(bx_get('sender_name'));
$sSenderLink = $iSenderID != 0 ? getProfileLink($iSenderID) : BX_DOL_URL_ROOT;
$sRecipientEmail = clear_xss(bx_get('recipient_email'));
if (strlen(trim($sRecipientEmail)) <= 0) {
return 0;
}
$sLinkAdd = $iSenderID > 0 ? 'idFriend=' . $iSenderID : '';
$rEmailTemplate = new BxDolEmailTemplates();
if ($profileID) {
$aTemplate = $rEmailTemplate->getTemplate('t_TellFriendProfile', getLoggedId());
$Link = getProfileLink($profileID, $sLinkAdd);
} else {
$aTemplate = $rEmailTemplate->getTemplate('t_TellFriend', getLoggedId());
$Link = BX_DOL_URL_ROOT;
if (strlen($sLinkAdd) > 0) {
$Link .= '?' . $sLinkAdd;
}
}
return sendMail($sRecipientEmail, $aTemplate['Subject'], $aTemplate['Body'], '', array('Link' => $Link, 'SenderName' => $sSenderName, 'SenderLink' => $sSenderLink));
}
function actionGetImage($sParamValue, $sParamValue1)
{
$sParamValue = clear_xss($sParamValue);
$sParamValue1 = clear_xss($sParamValue1);
$iPointPos = strrpos($sParamValue1, '.');
$sKey = substr($sParamValue1, 0, $iPointPos);
$iId = $this->_oDb->getIdByHash($sKey);
if ($iId > 0) {
$sExt = substr($sParamValue1, $iPointPos + 1);
switch ($sExt) {
case 'png':
$sCntType = 'image/x-png';
break;
case 'gif':
$sCntType = 'image/gif';
break;
default:
$sCntType = 'image/jpeg';
}
$sPath = $this->_oConfig->getFilesPath() . $iId . str_replace('{ext}', $sExt, $this->_oConfig->aFilePostfix[$sParamValue]);
$sAdd = '';
if ($this->iHeaderCacheTime > 0) {
$iLastModTime = filemtime($sPath);
$sAdd = ", max-age={$this->iHeaderCacheTime}, Last-Modified: " . gmdate("D, d M Y H:i:s", $iLastModTime) . " GMT";
}
header("Cache-Control: must-revalidate, post-check=0, pre-check=0" . $sAdd);
header("Content-Type:" . $sCntType);
header("Content-Length: " . filesize($sPath));
readfile($sPath);
} else {
header("HTTP/1.0 404 Not Found");
echo _t('_sys_request_page_not_found_cpt');
}
exit;
}
/**
* page code function
*/
function PageCompPageMainCode($iID, $sConfCode)
{
global $site;
$ID = (int) $iID;
$ConfCode = clear_xss($sConfCode);
$p_arr = getProfileInfo($ID);
if (!$p_arr) {
$_page['header'] = _t("_Error");
$_page['header_text'] = _t("_Profile Not found");
return MsgBox(_t('_Profile Not found Ex'));
}
$aCode = array('message_status' => '', 'message_info' => '', 'bx_if:form' => array('condition' => false, 'content' => array('form' => '')), 'bx_if:next' => array('condtion' => false, 'content' => array('next_url' => '')));
if ($p_arr['Status'] == 'Unconfirmed') {
$ConfCodeReal = base64_encode(base64_encode(crypt($p_arr[Email], CRYPT_EXT_DES ? "secret_co" : "se")));
if (strcmp($ConfCode, $ConfCodeReal) != 0) {
$aForm = array('form_attrs' => array('action' => BX_DOL_URL_ROOT . 'profile_activate.php', 'method' => 'post', 'name' => 'form_change_status'), 'inputs' => array('conf_id' => array('type' => 'hidden', 'name' => 'ConfID', 'value' => $ID), 'conf_code' => array('type' => 'text', 'name' => 'ConfCode', 'value' => '', 'caption' => _t("_Confirmation code")), 'submit' => array('type' => 'submit', 'name' => 'submit', 'value' => _t("_Submit"))));
$oForm = new BxTemplFormView($aForm);
$aCode['message_status'] = _t("_Profile activation failed");
$aCode['message_info'] = _t("_EMAIL_CONF_FAILED_EX");
$aCode['bx_if:form']['condition'] = true;
$aCode['bx_if:form']['content']['form'] = $oForm->getCode();
} else {
$aCode['bx_if:next']['condition'] = true;
$aCode['bx_if:next']['content']['next_url'] = BX_DOL_URL_ROOT . 'member.php';
$send_act_mail = false;
if (getParam('autoApproval_ifJoin') == 'on' && !(getParam('sys_dnsbl_enable') && 'approval' == getParam('sys_dnsbl_behaviour') && bx_is_ip_dns_blacklisted('', 'join'))) {
$status = 'Active';
$send_act_mail = true;
$aCode['message_info'] = _t("_PROFILE_CONFIRM");
} else {
$status = 'Approval';
$aCode['message_info'] = _t("_EMAIL_CONF_SUCCEEDED", $site['title']);
}
$update = bx_admin_profile_change_status($ID, $status, $send_act_mail);
// Promotional membership
if (getParam('enable_promotion_membership') == 'on') {
$memership_days = getParam('promotion_membership_days');
setMembership($p_arr['ID'], MEMBERSHIP_ID_PROMOTION, $memership_days, true);
}
// check couple profile;
if ($p_arr['Couple']) {
$update = bx_admin_profile_change_status($p_arr['Couple'], $status);
//Promotional membership
if (getParam('enable_promotion_membership') == 'on') {
$memership_days = getParam('promotion_membership_days');
setMembership($p_arr['Couple'], MEMBERSHIP_ID_PROMOTION, $memership_days, true);
}
}
if (getParam('newusernotify')) {
$oEmailTemplates = new BxDolEmailTemplates();
$aTemplate = $oEmailTemplates->getTemplate('t_UserConfirmed', $p_arr['ID']);
sendMail($site['email_notify'], $aTemplate['Subject'], $aTemplate['Body'], $p_arr['ID']);
}
}
} else {
$aCode['message_info'] = _t('_ALREADY_ACTIVATED');
}
return $GLOBALS['oSysTemplate']->parseHtmlByName('profile_activate.html', $aCode);
}
function getFileConcept($iFileId, $aExtra = array())
{
$sOverride = false;
$oAlert = new BxDolAlerts($this->_oConfig->getMainPrefix(), 'display_player', $iFileId, getLoggedId(), array('extra' => $aExtra, 'override' => &$sOverride));
$oAlert->alert();
if ($sOverride) {
return $sOverride;
}
$iFileId = (int) $iFileId;
return '<div class="viewFile" style="width:100%">' . getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => (int) $_COOKIE['memberID'], 'password' => clear_xss($_COOKIE['memberPassword'])), true) . '</div>';
}
function getFileConcept($iFileId, $aExtra = array())
{
$iFileId = (int) $iFileId;
if (empty($aExtra['ext'])) {
$sPlayer = getApplicationContent('video', 'player', array('id' => $iFileId, 'user' => $this->iViewer, 'password' => clear_xss($_COOKIE['memberPassword'])), true);
} else {
$sPlayer = str_replace("#video#", $aExtra['ext'], YOUTUBE_VIDEO_PLAYER);
$sPlayer = str_replace("#wmode#", getWMode(), $sPlayer);
$sPlayer = str_replace("#autoplay#", getSettingValue("video", "autoPlay") == TRUE_VAL ? "1" : "0", $sPlayer);
}
$iWidth = (int) $this->_oConfig->getGlParam('file_width');
return '<div class="viewFile" style="width: ' . ($iWidth + 2) . 'px;">' . $sPlayer . '</div>';
}
protected function _testClearXss($isAdmin, $sCalled)
{
// create mock object instance of HTMLPurifier class
require_once BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
$GLOBALS['oHtmlPurifier'] = $this->getMock('HTMLPurifier');
// set admin or not admin user
$GLOBALS['logged']['admin'] = $isAdmin;
// check if we have instance of correct class
$this->assertInstanceOf('HTMLPurifier', $GLOBALS['oHtmlPurifier']);
// we expect that 'purify' method should be called once(or never) when we call clear_xss function
$GLOBALS['oHtmlPurifier']->expects($this->{$sCalled}())->method('purify');
// call tested function
clear_xss('test');
}
function PageCodeEdit()
{
$aForm = array('form_attrs' => array('id' => 'adm-css-edit', 'name' => 'adm-css-edit', 'action' => $GLOBALS['site']['url_admin'] . 'css_file.php', 'method' => 'post', 'enctype' => 'multipart/form-data'), 'params' => array('db' => array('table' => '', 'key' => '', 'uri' => '', 'uri_title' => '', 'submit_name' => 'adm-css-save')), 'inputs' => array('css_file' => array('type' => 'select', 'name' => 'css_file', 'caption' => _t('_adm_txt_css_file'), 'value' => '', 'values' => array(), 'attrs' => array('onchange' => "javascript:document.forms['adm-css-edit'].submit();")), 'content' => array('type' => 'textarea', 'name' => 'content', 'caption' => _t('_adm_txt_css_content', $sFileName), 'value' => '', 'db' => array('pass' => 'XssHtml')), 'adm-css-save' => array('type' => 'submit', 'name' => 'adm-css-save', 'value' => _t('_adm_btn_css_save'))));
//--- Get CSS files ---//
$aItems = array();
$sBasePath = BX_DIRECTORY_PATH_ROOT . "templates/tmpl_" . $GLOBALS['oSysTemplate']->getCode() . "/css/";
$rHandle = opendir($sBasePath);
while (($sFile = readdir($rHandle)) !== false) {
if (is_file($sBasePath . $sFile) && substr($sFile, -3) == 'css') {
$aItems[] = array('key' => $sFile, 'value' => $sFile);
}
}
closedir($rHandle);
$sCurrentFile = isset($_POST['css_file']) && preg_match("/^\\w+\\.css\$/", $_POST['css_file']) ? $_POST['css_file'] : $aItems[0]['key'];
$aForm['inputs']['css_file']['value'] = $sCurrentFile;
$aForm['inputs']['css_file']['values'] = $aItems;
//--- Get CSS file's content ---//
$sContent = '';
$sAbsolutePath = $sBasePath . $sCurrentFile;
if (strlen($sCurrentFile) > 0 && is_file($sAbsolutePath)) {
$rHandle = fopen($sAbsolutePath, 'r');
while (!feof($rHandle)) {
$sContent .= fgets($rHandle, 4096);
}
fclose($rHandle);
}
//$aForm['inputs']['content']['value'] = isset($_POST['content']) ? $_POST['content'] : $sContent;
$aForm['inputs']['content']['value'] = $sContent;
$oForm = new BxTemplFormView($aForm);
$oForm->initChecker();
if ($oForm->isSubmittedAndValid()) {
if (file_exists($sAbsolutePath) && isRWAccessible($sAbsolutePath)) {
$rHandle = fopen($sAbsolutePath, 'w');
if ($rHandle) {
fwrite($rHandle, clear_xss($_POST['content']));
fclose($rHandle);
$mixedResult = '_adm_txt_css_success_save';
} else {
$mixedResult = '_adm_txt_css_failed_save';
}
} else {
$mixedResult = '_adm_txt_css_cannot_write';
}
}
$sResult = $GLOBALS['oAdmTemplate']->parseHtmlByName('design_box_content.html', array('content' => $oForm->getCode()));
if ($mixedResult !== true && !empty($mixedResult)) {
$sResult = MsgBox(_t($mixedResult, $sCurrentFile), 3) . $sResult;
}
return $sResult;
}
function getFileConcept($iFileId, $aExtra = array())
{
$sOverride = false;
$oAlert = new BxDolAlerts($this->_oConfig->getMainPrefix(), 'display_player', $iFileId, getLoggedId(), array('extra' => $aExtra, 'override' => &$sOverride));
$oAlert->alert();
if ($sOverride) {
return $sOverride;
}
$iFileId = (int) $iFileId;
if (empty($aExtra['ext'])) {
$sPlayer = getApplicationContent('video', 'player', array('id' => $iFileId, 'user' => $this->iViewer, 'password' => clear_xss($_COOKIE['memberPassword'])), true);
} else {
$sPlayer = str_replace("#video#", $aExtra['ext'], YOUTUBE_VIDEO_PLAYER);
$sPlayer = str_replace("#wmode#", getWMode(), $sPlayer);
$sPlayer = str_replace("#autoplay#", getSettingValue("video", "autoPlay") == TRUE_VAL ? "&autoplay=1" : "", $sPlayer);
}
return '<div class="viewFile" style="width:100%;">' . $sPlayer . '</div>';
}
function getProfilePhoto($aParams)
{
$iProfileId = !empty($aParams['profile_id']) ? (int) $aParams['profile_id'] : 0;
$sAlbum = !empty($aParams['album']) ? $aParams['album'] : 'profile_album_name';
$sType = !empty($aParams['type']) ? $aParams['type'] : 'icon';
$sReturnType = !empty($aParams['return_type']) ? $aParams['return_type'] : 'link';
$aDefaultAlbums = $this->oModule->_oConfig->getDefaultAlbums();
if (!empty($sAlbum) && in_array($sAlbum, $aDefaultAlbums)) {
bx_import('BxDolAlbums');
$sAlbum = BxDolAlbums::getAbumUri($this->oModule->_oConfig->getGlParam($sAlbum), $iProfileId);
}
$oAlbum = new BxDolAlbums('bx_photos');
$aAlbumInfo = $oAlbum->getAlbumInfo(array('fileUri' => $sAlbum, 'owner' => $iProfileId), array('ID'));
if (!$this->oModule->oAlbumPrivacy->check('album_view', $aAlbumInfo['ID'], getLoggedId())) {
return '';
}
$sKeywordGet = $sKeywordPost = null;
if (isset($_GET['keyword'])) {
$sKeywordGet = $_GET['keyword'];
unset($_GET['keyword']);
} elseif (isset($_POST['keyword'])) {
$sKeywordPost = $_POST['keyword'];
unset($_POST['keyword']);
}
$aSavePaginate = array();
if (isset($_GET['page'], $_GET['per_page'])) {
$aSavePaginate = array($_GET['page'], $_GET['per_page']);
}
unset($_GET['page']);
unset($_GET['per_page']);
$this->aCurrent['paginate']['perPage'] = 1;
$this->aCurrent['paginate']['page'] = 1;
$this->aCurrent['restriction']['owner']['value'] = $iProfileId;
$this->aCurrent['sorting'] = 'album_order';
$this->aCurrent['restriction']['album'] = array('value' => $sAlbum, 'field' => 'Uri', 'operator' => '=', 'paramName' => 'albumUri', 'table' => 'sys_albums');
$aFilesList = $this->getSearchData();
if (!empty($aSavePaginate)) {
list($_GET['page'], $_GET['per_page']) = $aSavePaginate;
}
if (!is_null($sKeywordGet)) {
$_GET['keyword'] = clear_xss($sKeywordGet);
} elseif (!is_null($sKeywordPost)) {
$_POST['keyword'] = clear_xss($sKeywordPost);
}
if (!$this->aCurrent['paginate']['totalNum']) {
return '';
}
$aFile = array_pop($aFilesList);
$aFile['file_url'] = $this->getImgUrl($aFile['Hash'], $sType);
$aFile['view_url'] = BX_DOL_URL_ROOT . $this->oModule->_oConfig->getBaseUri() . 'view/' . $aFile['uri'];
if ($sReturnType == 'full') {
return $aFile;
}
return $aFile['file_url'];
}
/**
* Cange story
*/
function MemberEditStory()
{
global $max_l;
global $max_h;
global $member;
global $ADMIN;
$story_id = (int) $_POST['edit_id'];
$story_text = strlen($_POST['text']) > $max_l ? "LEFT ( '" . addslashes(clear_xss(process_pass_data($_POST['text']))) . "', {$max_l} )" : "'" . addslashes(clear_xss(process_pass_data($_POST['text']))) . "'";
$story_header = strlen($_POST['header']) > $max_h ? "LEFT ( '" . process_db_input($_POST['header']) . "', {$max_h} )" : "'" . process_db_input($_POST['header']) . "'";
$story_sender = $ADMIN ? (int) $_POST['sender'] : $member['ID'];
$story_active_add = $ADMIN ? '' : ", `active`=''";
//if admin logged, don't update status. if member - set inactive
$sQuery = "UPDATE `Stories` SET `Date` = NOW(), `Header` = {$story_header}, `Text` = {$story_text} {$story_active_add} WHERE `ID` = {$story_id} AND `Sender` = {$story_sender}";
$res = db_res($sQuery);
return $res;
}
/**
* Audio Player
*/
function serviceResponseAudioPlayer($oAlert)
{
if (!($iFileId = (int) $oAlert->iObject)) {
return false;
}
if (!($aFile = $this->_oDb->getRow("SELECT * FROM `RayMp3Files` WHERE `ID` = {$iFileId}"))) {
return false;
}
global $sIncPath;
global $sModulesPath;
global $sModule;
global $sFilesPath;
global $sFilesPathMp3;
global $oDb;
require_once $sIncPath . 'db.inc.php';
$sModule = "mp3";
$sModulePath = $sModulesPath . $sModule . '/inc/';
require_once $sModulesPath . $sModule . '/inc/header.inc.php';
require_once $sModulesPath . $sModule . '/inc/constants.inc.php';
require_once $sModulesPath . $sModule . '/inc/functions.inc.php';
require_once $sModulesPath . $sModule . '/inc/customFunctions.inc.php';
$sOverride = false;
switch ($aFile['Status']) {
case STATUS_PENDING:
case STATUS_PROCESSING:
$sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_processing'));
break;
case STATUS_DISAPPROVED:
if (!isAdmin()) {
$sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_disapproved'));
break;
}
case STATUS_APPROVED:
if (file_exists($GLOBALS['sFilesPathMp3'] . $iFileId . MP3_EXTENSION)) {
$sToken = getMp3Token($iFileId);
if (file_exists($GLOBALS['sFilesPathMp3'] . $iFileId . '.ogg')) {
$sSourceOgg = '<source type=\'audio/ogg; codecs="vorbis"\' src="' . BX_DOL_URL_ROOT . "flash/modules/mp3/get_file.php?id=" . $iFileId . "&token=" . $sToken . '&ext=ogg" />';
}
$sFlash = getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => getLoggedId(), 'password' => clear_xss($_COOKIE['memberPassword'])), true);
$sId = 'bx-media-' . genRndPwd(8, false);
$sJs = $sSourceOgg ? '' : '
var eMedia = document.createElement("audio");
if (eMedia.canPlayType && !eMedia.canPlayType("audio/mpeg")) {
var sReplace = "' . bx_js_string(BX_H5AV_FALLBACK ? $sFlash : '<b>Your browser doesn\'t support this media playback.</b>', BX_ESCAPE_STR_QUOTE) . '";
$("#' . $sId . '").replaceWith(sReplace);
}';
$sJs .= $aFile['Time'] ? '' : '
eFile.on("canplay", function (e) {
$.post("' . BX_DOL_URL_ROOT . 'flash/XML.php", {
module: "mp3",
action: "updateFileTime",
id: ' . $iFileId . ',
time: parseInt(this.duration * 1000)
});
});';
$sAutoPlay = TRUE_VAL == getSettingValue('mp3', 'autoPlay') && class_exists('BxSoundsPageView') ? 'autoplay' : '';
$sOverride = '
<audio controls ' . $sAutoPlay . ' preload="auto" autobuffer style="width:100%" id="' . $sId . '">
<source type=\'audio/mpeg; codecs="mp3"\' src="' . BX_DOL_URL_ROOT . "flash/modules/mp3/get_file.php?id=" . $iFileId . "&token=" . $sToken . '" />
' . $sSourceOgg . '
' . (BX_H5AV_FALLBACK ? $sFlash : '<b>Can not playback media - your browser doesn\'t support HTML5 audio/video tag.</b>') . '
</audio>
<script>
var eFile = $("#' . $sId . '");
eFile.on("play", function () {
var ePlaying = this;
$("audio").each(function () {
if (this != ePlaying)
this.pause();
});
});
' . $sJs . '
</script>';
break;
}
case STATUS_FAILED:
default:
$sOverride = $this->_oTemplate->addCss(array('default.css', 'common.css', 'general.css'), true) . MsgBox(_t('_sys_media_not_found'));
break;
}
$oAlert->aExtras['override'] = $sOverride;
return true;
}
function getFileConcept($iFileId, $aExtra = array())
{
$iFileId = (int) $iFileId;
$iWidth = (int) $this->_oConfig->getGlParam('file_width');
return '<div class="viewFile" style="width: ' . ($iWidth + 2) . 'px;">' . getApplicationContent('mp3', 'player', array('id' => $iFileId, 'user' => (int) $_COOKIE['memberID'], 'password' => clear_xss($_COOKIE['memberPassword'])), true) . '</div>';
}
function process_db_input($text, $strip_tags = 0, $addslashes = 0)
{
if (is_array($text)) {
foreach ($text as $k => $v) {
$text[$k] = process_db_input($v, $strip_tags, $addslashes);
}
return $text;
}
if (get_magic_quotes_gpc() && $addslashes == BX_SLASHES_AUTO || $addslashes == BX_SLASHES_STRIP) {
$text = stripslashes($text);
} elseif ($addslashes == BX_SLASHES_ADD) {
$text = addslashes($text);
}
switch ($strip_tags) {
case BX_TAGS_STRIP_AND_NL2BR:
return mysql_real_escape_string(nl2br(strip_tags($text)));
case BX_TAGS_STRIP:
return mysql_real_escape_string(strip_tags($text));
case BX_TAGS_SPECIAL_CHARS:
return mysql_real_escape_string(htmlspecialchars($text, ENT_QUOTES, 'UTF-8'));
case BX_TAGS_VALIDATE:
return mysql_real_escape_string(clear_xss($text));
case BX_TAGS_NO_ACTION:
default:
return mysql_real_escape_string($text);
}
}
function checkMemAction($iFileOwner, $sAction = 'view')
{
$iFileOwner = (int) $iFileOwner;
$sAction = clear_xss($sAction);
if ($this->oModule->isAdmin($this->oModule->_iProfileId) || $iFileOwner == $this->oModule->_iProfileId) {
return true;
}
$this->oModule->_defineActions();
$aCheck = checkAction($this->oModule->_iProfileId, $this->oModule->_defineActionName($sAction));
if ($aCheck[CHECK_ACTION_RESULT] != CHECK_ACTION_RESULT_ALLOWED) {
return false;
}
return true;
}
function actionUpload($sType, $aFile, $aFtpInfo)
{
$sLogin = htmlspecialchars_adv(clear_xss($aFtpInfo['login']));
$sPassword = htmlspecialchars_adv(clear_xss($aFtpInfo['password']));
$sPath = htmlspecialchars_adv(clear_xss($aFtpInfo['path']));
setParam('sys_ftp_login', $sLogin);
setParam('sys_ftp_password', $sPassword);
setParam('sys_ftp_dir', $sPath);
$sErrMsg = false;
$sName = mktime();
$sAbsolutePath = BX_DIRECTORY_PATH_ROOT . "tmp/" . $sName . '.zip';
$sPackageRootFolder = false;
if (!class_exists('ZipArchive')) {
$sErrMsg = '_adm_txt_modules_zip_not_available';
}
if (!$sErrMsg && $this->_isArchive($aFile['type']) && move_uploaded_file($aFile['tmp_name'], $sAbsolutePath)) {
// extract uploaded zip package into tmp folder
$oZip = new ZipArchive();
if ($oZip->open($sAbsolutePath) !== TRUE) {
$sErrMsg = '_adm_txt_modules_cannot_unzip_package';
}
if (!$sErrMsg) {
$sPackageRootFolder = $oZip->numFiles > 0 ? $oZip->getNameIndex(0) : false;
if (file_exists(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder)) {
// remove existing tmp folder with the same name
bx_rrmdir(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder);
}
if ($sPackageRootFolder && !$oZip->extractTo(BX_DIRECTORY_PATH_ROOT . 'tmp/')) {
$sErrMsg = '_adm_txt_modules_cannot_unzip_package';
}
$oZip->close();
}
// upload files to the correct folder via FTP
if (!$sErrMsg && $sPackageRootFolder) {
$oFtp = new BxDolFtp($_SERVER['HTTP_HOST'], $sLogin, $sPassword, $sPath);
if (!$oFtp->connect()) {
$sErrMsg = '_adm_txt_modules_cannot_connect_to_ftp';
}
if (!$sErrMsg && !$oFtp->isDolphin()) {
$sErrMsg = '_adm_txt_modules_destination_not_valid';
}
if (!$sErrMsg) {
$sConfigPath = BX_DIRECTORY_PATH_ROOT . "tmp/" . $sPackageRootFolder . $this->_aTypesConfig[$sType]['configfile'];
if (file_exists($sConfigPath)) {
include $sConfigPath;
$sConfigVar = !empty($this->_aTypesConfig[$sType]['configvarindex']) ? ${$this->_aTypesConfig[$sType]['configvar']}[$this->_aTypesConfig[$sType]['configvarindex']] : ${$this->_aTypesConfig[$sType]['configvar']};
$sSubfolder = $this->_aTypesConfig[$sType]['subfolder'];
$sSubfolder = str_replace('{configvar}', $sConfigVar, $sSubfolder);
$sSubfolder = str_replace('{packagerootfolder}', $sPackageRootFolder, $sSubfolder);
if (!$oFtp->copy(BX_DIRECTORY_PATH_ROOT . "tmp/" . $sPackageRootFolder . '/', $this->_aTypesConfig[$sType]['folder'] . $sSubfolder)) {
$sErrMsg = '_adm_txt_modules_ftp_copy_failed';
}
} else {
$sErrMsg = '_adm_txt_modules_wrong_package_format';
}
}
} else {
$sErrMsg = '_adm_txt_modules_cannot_unzip_package';
}
// remove temporary files
bx_rrmdir(BX_DIRECTORY_PATH_ROOT . 'tmp/' . $sPackageRootFolder);
unlink($sAbsolutePath);
} else {
$sErrMsg = '_adm_txt_modules_cannot_upload_package';
}
return $sErrMsg ? $sErrMsg : '_adm_txt_modules_success_upload';
}
/**
* @param $aProfileInfo - remote profile info
* @param $sAlternativeName - suffix to add to NickName to make it unique
* @return profile array info, ready for the local database
*/
protected function _convertRemoteFields($aProfileInfo, $sAlternativeName = '')
{
// process the date of birth
if (isset($aProfileInfo['birthday'])) {
$aProfileInfo['birthday'] = isset($aProfileInfo['birthday']) ? date('Y-m-d', strtotime($aProfileInfo['birthday'])) : '';
}
// define user's country and city
$aLocation = array();
if (isset($aProfileInfo['location']['name'])) {
$aLocation = $aProfileInfo['location']['name'];
} elseif (isset($aProfileInfo['hometown']['name'])) {
$aLocation = $aProfileInfo['hometown']['name'];
}
if ($aLocation) {
$aCountryInfo = explode(',', $aLocation);
$sCountry = $this->_oDb->getCountryCode(trim($aCountryInfo[1]));
$sCity = trim($aCountryInfo[0]);
//set default country name, especially for American brothers
if ($sCity && !$sCountry) {
$sCountry = $this->_oConfig->sDefaultCountryCode;
}
}
// try define the user's email
$sEmail = !empty($aProfileInfo['email']) ? $aProfileInfo['email'] : $aProfileInfo['proxied_email'];
// fill array with all needed values
$aProfileFields = array('NickName' => $aProfileInfo['nick_name'] . $sAlternativeName, 'Email' => $sEmail, 'Sex' => isset($aProfileInfo['gender']) ? $aProfileInfo['gender'] : '', 'DateOfBirth' => $aProfileInfo['birthday'], 'Password' => $aProfileInfo['password'], 'FullName' => (isset($aProfileInfo['first_name']) ? $aProfileInfo['first_name'] : '') . (isset($aProfileInfo['last_name']) ? ' ' . $aProfileInfo['last_name'] : ''), 'DescriptionMe' => clear_xss(isset($aProfileInfo['bio']) ? $aProfileInfo['bio'] : ''), 'Interests' => isset($aProfileInfo['interests']) ? $aProfileInfo['interests'] : '', 'Religion' => isset($aProfileInfo['religion']) ? $aProfileInfo['religion'] : '', 'Country' => $sCountry, 'City' => $sCity);
return $aProfileFields;
}
/**
* Create new profile;
*
* @param : $aProfileInfo (array) - some profile's information;
* @see : $this -> aFacebookProfileFields;
*
* @param : $sAlternativeName (string) - profiles alternative nickname;
* @return : error string or error or profile info array on success
*/
function _createProfileRaw($aProfileInfo, $sAlternativeName = '', $isAutoFriends = true, $isSetLoggedIn = true)
{
$sCountry = '';
$sCity = '';
//-- join by invite only --//
if (getParam('reg_by_inv_only') == 'on' && (!isset($_COOKIE['idFriend']) || getID($_COOKIE['idFriend']) == 0)) {
return _t('_registration by invitation only');
}
//--
// process the date of birth;
if (isset($aProfileInfo['birthday'])) {
$aProfileInfo['birthday'] = isset($aProfileInfo['birthday']) ? date('Y-m-d', strtotime($aProfileInfo['birthday'])) : '';
}
// generate new password for profile;
$sNewPassword = genRndPwd();
$sPasswordSalt = genRndSalt();
$aProfileInfo['password'] = encryptUserPwd($sNewPassword, $sPasswordSalt);
//-- define user's country and city --//
$aLocation = array();
if (isset($aProfileInfo['location']['name'])) {
$aLocation = $aProfileInfo['location']['name'];
} else {
if (isset($aProfileInfo['hometown']['name'])) {
$aLocation = $aProfileInfo['hometown']['name'];
}
}
if ($aLocation) {
$aCountryInfo = explode(',', $aLocation);
$sCountry = $this->_oDb->getCountryCode(trim($aCountryInfo[1]));
$sCity = trim($aCountryInfo[0]);
//set default country name, especially for American brothers
if ($sCity && !$sCountry) {
$sCountry = $this->_oConfig->sDefaultCountryCode;
}
}
//--
//try define the user's email
$sEmail = !empty($aProfileInfo['email']) ? $aProfileInfo['email'] : $aProfileInfo['proxied_email'];
//-- fill array with all needed values --//
$aProfileFields = array('NickName' => $aProfileInfo['nick_name'] . $sAlternativeName, 'Email' => $sEmail, 'Sex' => isset($aProfileInfo['gender']) ? $aProfileInfo['gender'] : '', 'DateOfBirth' => $aProfileInfo['birthday'], 'Password' => $aProfileInfo['password'], 'FullName' => (isset($aProfileInfo['first_name']) ? $aProfileInfo['first_name'] : '') . (isset($aProfileInfo['last_name']) ? ' ' . $aProfileInfo['last_name'] : ''), 'DescriptionMe' => clear_xss(isset($aProfileInfo['bio']) ? $aProfileInfo['bio'] : ''), 'Interests' => isset($aProfileInfo['interests']) ? $aProfileInfo['interests'] : '', 'Religion' => isset($aProfileInfo['religion']) ? $aProfileInfo['religion'] : '', 'Country' => $sCountry, 'City' => $sCity);
//--
bx_import('BxDolStopForumSpam');
$oBxDolStopForumSpam = new BxDolStopForumSpam();
if (2 == getParam('ipBlacklistMode') && bx_is_ip_blocked()) {
return _t('_Sorry, your IP been banned');
} elseif ('on' == getParam('sys_dnsbl_enable') && 'block' == getParam('sys_dnsbl_behaviour') && bx_is_ip_dns_blacklisted('', 'join facebook') || $oBxDolStopForumSpam->isSpammer(array('email' => $aProfileFields['Email'], 'ip' => getVisitorIP(false)), 'join facebook')) {
return sprintf(_t('_sys_spam_detected'), BX_DOL_URL_ROOT . 'contact.php');
}
// check fields existence;
foreach ($aProfileFields as $sKey => $mValue) {
if (!$this->_oDb->isFieldExist($sKey)) {
// (field not existence) remove from array;
unset($aProfileFields[$sKey]);
}
}
//-- add some system values --//
$aProfileFields['Role'] = BX_DOL_ROLE_MEMBER;
$aProfileFields['DateReg'] = date('Y-m-d H:i:s');
// set current date;
$aProfileFields['Salt'] = $sPasswordSalt;
//--
$iExistingProfileId = $this->_oDb->isEmailExisting($sEmail);
//check redirect page
if ('join' == $this->_oConfig->sRedirectPage && !$iExistingProfileId) {
return array('profile_info_fb' => $aProfileInfo, 'profile_fields' => $aProfileFields, 'join_page_redirect' => true);
}
// create new profile;
if ($iExistingProfileId) {
$iProfileId = $iExistingProfileId;
} else {
$iProfileId = $this->_oDb->createProfile($aProfileFields);
}
$oProfileFields = new BxDolProfilesController();
//remember FB uid for created member
$this->_oDb->saveFbUid($iProfileId, $aProfileInfo['id']);
// check profile status;
if (!$iExistingProfileId) {
if (getParam('autoApproval_ifNoConfEmail') == 'on') {
if (getParam('autoApproval_ifJoin') == 'on') {
$sProfileStatus = 'Active';
if (!empty($aProfileInfo['email'])) {
$oProfileFields->sendActivationMail($iProfileId);
}
} else {
$sProfileStatus = 'Approval';
if (!empty($aProfileInfo['email'])) {
$oProfileFields->sendApprovalMail($iProfileId);
}
}
} else {
if (!empty($aProfileInfo['email'])) {
$oProfileFields->sendConfMail($iProfileId);
$sProfileStatus = 'Unconfirmed';
} else {
if (getParam('autoApproval_ifJoin') == 'on') {
$sProfileStatus = 'Active';
} else {
$sProfileStatus = 'Approval';
}
}
}
// update profile's status;
$this->_oDb->updateProfileStatus($iProfileId, $sProfileStatus);
$oProfileFields->createProfileCache($iProfileId);
if (!empty($aProfileInfo['email'])) {
//-- send email notification --//
$oEmailTemplate = new BxDolEmailTemplates();
$aTemplate = $oEmailTemplate->getTemplate('t_fb_connect_password_generated', $iProfileId);
$aNewProfileInfo = getProfileInfo($iProfileId);
$aPlus = array('NickName' => getNickName($aNewProfileInfo['ID']), 'NewPassword' => $sNewPassword);
sendMail($aNewProfileInfo['Email'], $aTemplate['Subject'], $aTemplate['Body'], '', $aPlus);
}
//--
if (BxDolModule::getInstance('BxWmapModule')) {
BxDolService::call('wmap', 'response_entry_add', array('profiles', $iProfileId));
}
// create system event
$oZ = new BxDolAlerts('profile', 'join', $iProfileId);
$oZ->alert();
}
bx_member_ip_store($iProfileId);
// auto-friend members if they are already friends on Facebook
if ($isAutoFriends) {
$this->_makeFriends($iProfileId);
}
// set logged
if ($isSetLoggedIn) {
$aProfile = getProfileInfo($iProfileId);
$this->setLogged($iProfileId, $aProfile['Password'], '', false);
}
return array('profile_info_fb' => $aProfileInfo, 'profile_id' => $iProfileId, 'existing_profile' => $iExistingProfileId ? true : false);
}
function process_html_db_input($sText)
{
return addslashes(clear_xss(trim(process_pass_data($sText))));
}
function fillGroupArrByPostValues(&$arrGroup)
{
foreach ($arrGroup as $fieldName => $arrField) {
switch ($arrField['Type']) {
case 'text':
case 'dropdown':
$arrGroup[$fieldName]['Value'] = trim(process_pass_data($_POST[$fieldName]));
break;
case 'html':
$arrGroup[$fieldName]['Value'] = clear_xss(trim(process_pass_data($_POST[$fieldName])));
break;
case 'bool':
$arrGroup[$fieldName]['Value'] = (bool) ($_POST[$fieldName] == 'yes');
break;
}
}
}
/**
* Send message
*/
function MemberSendMessage($member, $recipient, $must_use_credits = false)
{
global $site;
$en_dest_choice = getParam("enable_msg_dest_choice");
$max_message_size = getParam("max_inbox_message_size");
$max_messages = getParam("max_inbox_messages");
// Check if recipient is active
if ('Active' != $recipient['Status']) {
return 10;
}
// Check if member is blocked
if (db_arr("SELECT `ID`, `Profile` FROM `BlockList` WHERE `Profile` = {$member['ID']} AND `ID` = '{$recipient['ID']}';")) {
return 5;
}
// If must use credits then check for enough amount
if ($must_use_credits && getProfileCredits($member['ID']) < (double) $msg_credits) {
return 21;
}
// antispam ))
if (db_arr("SELECT `ID` FROM `Messages` WHERE `Sender` = {$member[ID]} AND date_add(`Date`, INTERVAL 1 MINUTE) > Now()")) {
return 3;
}
// Get sender info
$sender = getProfileInfo($member['ID']);
$aPlus = array();
$aPlus['ProfileReference'] = $sender ? '<a href="' . getProfileLink($member['ID']) . '">' . $sender['NickName'] . '</a> (' . getProfileLink($member['ID']) . ') ' : '<b>' . _t("_Visitor") . '</b>';
// Don't send notification if message is sending to email
if ($_POST['notify'] && !($_POST['sendto'] == "email" || $_POST['sendto'] == "both")) {
$message_text = getParam("t_Compose");
$subject = getParam('t_Compose_subject');
$aPlus['senderNickName'] = $sender ? $sender['NickName'] : _t("_Visitor");
$notify_res = sendMail($recipient['Email'], $subject, $message_text, $recipient['ID'], $aPlus);
if (!$notify_res) {
echo "<div class=\"err\">" . _t("_Notification send failed") . "</div><br />\n";
}
}
// Send message to email
if ($en_dest_choice && ($_POST['sendto'] == "email" || $_POST['sendto'] == "both")) {
$message_text = getParam("t_Message");
$subject = process_pass_data($_POST['mes_subject']);
$aPlus['MessageText'] = strmaxtextlen(clear_xss(replace_full_uris(process_pass_data($_POST['text']))), $max_message_size);
$result = sendMail($recipient['Email'], $subject, $message_text, $recipient['ID'], $aPlus);
}
// Send message to communicator
if ($_POST['sendto'] == "lovemail" || $_POST['sendto'] == "both") {
// Restrict with total messages count
$messages_count = db_arr("SELECT COUNT(*) AS `mess_count` FROM `Messages` WHERE `Recipient` = '{$recipient['ID']}'");
$messages_count = $messages_count['mess_count'];
if ($messages_count - 1 > $max_messages) {
$del_res = db_res("SELECT `ID` FROM `Messages` WHERE `Recipient` = '{$recipient['ID']}' ORDER BY `Date` ASC LIMIT " . ($messages_count - $max_messages + 1));
while ($del_arr = mysql_fetch_array($del_res)) {
db_res("DELETE FROM `Messages` WHERE `ID` = {$del_arr['ID']}");
}
}
// Insert message into database
$message_text = strmaxtextlen(addslashes(clear_xss(process_pass_data($_POST['text']))), $max_message_size);
$message_subject = strmaxwordlen(process_db_input($_POST['mes_subject']), 30);
$result = db_res("INSERT INTO `Messages` ( `Date`, `Sender`, `Recipient`, `Text`, `Subject`, `New` ) VALUES ( NOW(), {$member['ID']}, {$recipient['ID']}, '{$message_text}', '{$message_subject}', '1' )");
}
// If sending successful then mark as performed action
if ($result) {
checkAction($member['ID'], ACTION_ID_SEND_MESSAGE, true);
if ($must_use_credits) {
decProfileCredits($member['ID'], $msg_credits);
}
} else {
return 1;
}
return 0;
}
function actionGetList($sMode = '', $sOwnerId = '', $sAdd = '', $sAdd1 = '', $sAdd2 = '')
{
//input values
$sMode = clear_xss($sMode);
$iOwnerId = (int) $sOwnerId;
$aAdd = array($sAddParam, $sAddParam1, $sAddParam2);
bx_import('SearchUnit', $this->_aModule);
$oTmpAdsSearch = new BxAdsSearchUnit();
$oTmpAdsSearch->bShowCheckboxes = false;
$oTmpAdsSearch->aCurrent['paginate']['perPage'] = 10;
$oTmpAdsSearch->aCurrent['restriction']['owner']['value'] = $iOwnerId;
switch ($sMode) {
case 'manage':
$oTmpAdsSearch->bShowCheckboxes = true;
$oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'active';
$oTmpAdsSearch->aCurrent['second_restr'] = 'manage';
break;
case 'pending':
$oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'new';
$oTmpAdsSearch->aCurrent['second_restr'] = 'outtime';
break;
case 'expired':
$oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'active';
$oTmpAdsSearch->aCurrent['second_restr'] = 'expired';
break;
case 'disapproved':
$oTmpAdsSearch->aCurrent['restriction']['activeStatus']['value'] = 'inactive';
$oTmpAdsSearch->aCurrent['second_restr'] = 'outtime';
break;
case 'view':
default:
$oTmpAdsSearch->aCurrent['second_restr'] = 'manage';
}
$sCode = $oTmpAdsSearch->displayResultBlock();
$sPgn = '';
if ($oTmpAdsSearch->aCurrent['paginate']['totalNum'] == 0) {
$sCode = MsgBox(_t('_Empty'));
} else {
bx_import('BxDolPaginate');
$sBoxId = 'ads_' . $iOwnerId . '_' . $sMode;
$sLink = BX_DOL_URL_ROOT . $this->_oConfig->getBaseUri() . 'get_list/' . $sMode . '/' . $iOwnerId;
$oPgn = new BxDolPaginate(array('page_url' => 'javascript:void();', 'count' => $oTmpAdsSearch->aCurrent['paginate']['totalNum'], 'per_page' => $oTmpAdsSearch->aCurrent['paginate']['perPage'], 'page' => $oTmpAdsSearch->aCurrent['paginate']['page'], 'on_change_page' => 'getHtmlData(\'' . $sBoxId . '\', \'' . $sLink . '&page={page}&per_page={per_page}\');', 'on_change_per_page' => 'getHtmlData(\'' . $sBoxId . '\', \'' . $sLink . '&page=1&per_page=\' + this.value);'));
$sPgn = '<div class="clear_both"></div>' . $oPgn->getPaginate();
}
header('Content-Type: text/xml; charset=UTF-8');
echo $sCode . $sPgn;
exit;
}
/**
* check html message, remove unknown tags, chech for xhtml errors
*/
function cleanPost(&$s)
{
if (get_magic_quotes_gpc()) {
$s = stripslashes($s);
}
$s = clear_xss($s);
}
function _updateLanguage($bInstall, $aLanguage, $iCategoryId = 0)
{
global $MySQL;
$sPath = $this->_sHomePath . 'install/langs/' . $aLanguage['name'] . '.php';
if (!file_exists($sPath)) {
return false;
}
include $sPath;
//--- Process delete ---//
if (isset($aLangContentDelete) && is_array($aLangContentDelete)) {
foreach ($aLangContentDelete as $sKey) {
$MySQL->query("DELETE FROM `sys_localization_keys`, `sys_localization_strings` USING `sys_localization_keys`, `sys_localization_strings` WHERE `sys_localization_keys`.`ID`=`sys_localization_strings`.`IDKey` AND `sys_localization_keys`.`Key`='" . $sKey . "' AND `sys_localization_strings`.`IDLanguage`='" . $aLanguage['id'] . "'");
}
}
//--- Process add ---//
if (isset($aLangContentAdd) && is_array($aLangContentAdd)) {
foreach ($aLangContentAdd as $sKey => $sValue) {
$mixedResult = $MySQL->query("INSERT IGNORE INTO `sys_localization_keys`(`IDCategory`, `Key`) VALUES('" . $iCategoryId . "', '" . $sKey . "')");
if ($mixedResult === false || $mixedResult <= 0) {
continue;
}
$iLangKeyId = (int) $MySQL->lastId();
$MySQL->query("INSERT INTO `sys_localization_strings`(`IDKey`, `IDLanguage`, `String`) VALUES('" . $iLangKeyId . "', '" . $aLanguage['id'] . "', '" . addslashes($sValue) . "')");
}
}
//--- Process Update ---//
if (isset($aLangContentUpdate) && is_array($aLangContentUpdate)) {
foreach ($aLangContentUpdate as $sKey => $sValue) {
$iLangKeyId = (int) $MySQL->getOne("SELECT `ID` FROM `sys_localization_keys` WHERE `Key`='" . $sKey . "'");
if ($iLangKeyId == 0) {
continue;
}
$MySQL->query("UPDATE `sys_localization_strings` SET `String`='" . addslashes(clear_xss($sValue)) . "' WHERE `IDKey`='" . $iLangKeyId . "' AND `IDLanguage`='" . $aLanguage['id'] . "'");
}
}
return true;
}
function getResultCodeArray(&$oSearch, $sCode)
{
$aCode = array('code' => MsgBox(_t('_Empty')), 'paginate' => '');
$iCount = $oSearch->aCurrent['paginate']['totalNum'];
if ($iCount > 0) {
$aCode['code'] = $GLOBALS['oFunctions']->centerContent($sCode, '.sys_file_search_unit');
$sLink = BX_DOL_URL_ROOT . $this->_oConfig->getBaseUri() . 'administration/home/' . $oSearch->aCurrent['restriction']['activeStatus']['value'];
$sKeyWord = bx_get('keyword');
if ($sKeyWord !== false) {
$sLink .= '&keyword=' . clear_xss($sKeyWord);
}
$aExclude = array('r');
$aLinkAddon = $oSearch->getLinkAddByPrams($aExclude);
$oPaginate = new BxDolPaginate(array('page_url' => $sLink, 'count' => $iCount, 'per_page' => $oSearch->aCurrent['paginate']['perPage'], 'page' => $oSearch->aCurrent['paginate']['page'], 'on_change_page' => 'return !loadDynamicBlock(' . $oSearch->id . ', \'' . $sLink . $aLinkAddon['params'] . $aLinkAddon['paginate'] . '\');', 'on_change_per_page' => 'return !loadDynamicBlock(' . $oSearch->id . ', \'' . $sLink . $aLinkAddon['params'] . '&page=1&per_page=\' + this.value);'));
$aCode['paginate'] = $oPaginate->getPaginate();
}
return $aCode;
}
/**
* Functions to process user input.
* DON'T use to process data before passing to SQL query - use db prepare instead @see BxDolDb::prepare.
* It is ok to use bx_process_input and then db prepare.
* @param $mixedData data to process
* @param $iDataType how to handle data, possible valies:
* BX_DATA_INT - integer value
* BX_DATA_FLOAT - float values
* BX_DATA_CHECKBOX - 'on' or empty string
* BX_DATA_TEXT - text data, single line (default)
* BX_DATA_TEXT_MULTILINE - text data, multiple lines
* BX_DATA_HTML - HTML data
* BX_DATA_DATE - date data type stored as yyyy-mm-dd
* BX_DATA_DATE_TS' - date data type stored as unixtimestamp
* BX_DATA_DATETIME_TS - date/time data type stored as unixtimestamp
* @param $mixedParams optional parameters to pass for validation
* @return the filtered data, or FALSE if the filter fails.
*/
function bx_process_input($mixedData, $iDataType = BX_DATA_TEXT, $mixedParams = false, $isCheckMagicQuotes = true)
{
if (is_array($mixedData)) {
foreach ($mixedData as $k => $v) {
$mixedData[$k] = bx_process_input($v, $iDataType, $mixedParams);
}
return $mixedData;
}
if (get_magic_quotes_gpc() && $isCheckMagicQuotes) {
$mixedData = stripslashes($mixedData);
}
switch ($iDataType) {
case BX_DATA_INT:
return filter_var(trim($mixedData), FILTER_VALIDATE_INT);
case BX_DATA_FLOAT:
return filter_var(trim($mixedData), FILTER_VALIDATE_FLOAT);
case BX_DATA_CHECKBOX:
return 'on' == trim($mixedData) ? 'on' : '';
case BX_DATA_DATE:
// maybe consider using strtotime
$mixedData = trim($mixedData);
if (!preg_match('/^\\d{4}-\\d{1,2}-\\d{1,2}$/', $mixedData)) {
return false;
}
list($iYear, $iMonth, $iDay) = explode('-', $mixedData);
// 1985-10-28
$iDay = intval($iDay);
$iMonth = intval($iMonth);
$iYear = intval($iYear);
return sprintf("%04d-%02d-%02d", $iYear, $iMonth, $iDay);
case BX_DATA_DATE_TS:
$mixedData = trim($mixedData);
if (!preg_match('/^\\d{4}-\\d{1,2}-\\d{1,2}$/', $mixedData)) {
return false;
}
list($iYear, $iMonth, $iDay) = explode('-', $mixedData);
$iDay = intval($iDay);
$iMonth = intval($iMonth);
$iYear = intval($iYear);
$iRet = mktime(0, 0, 0, $iMonth, $iDay, $iYear);
return $iRet > 0 ? $iRet : false;
case BX_DATA_DATETIME_TS:
if (!preg_match('#(\\d+)\\-(\\d+)\\-(\\d+)[\\sT]{1}(\\d+):(\\d+):(\\d+)#', $mixedData, $m) && !preg_match('#(\\d+)\\-(\\d+)\\-(\\d+)[\\sT]{1}(\\d+):(\\d+)#', $mixedData, $m)) {
return bx_process_input($mixedData, BX_DATA_DATE_TS, $mixedParams, $isCheckMagicQuotes);
}
$iDay = $m[3];
$iMonth = $m[2];
$iYear = $m[1];
$iH = $m[4];
$iM = $m[5];
$iS = isset($m[6]) ? $m[6] : 0;
$iRet = mktime($iH, $iM, $iS, $iMonth, $iDay, $iYear);
return $iRet > 0 ? $iRet : false;
case BX_DATA_HTML:
return clear_xss($mixedData);
case BX_DATA_TEXT_MULTILINE:
return nl2br(htmlspecialchars_adv($mixedData));
case BX_DATA_TEXT:
default:
return $mixedData;
}
}
/**
* Perform admin or moderator actions
*
* @param $sAction string
* @param $iViewerId integer
* @param $iTargetId integer
* @return mixed - HTML code or FALSE
*/
function PageListControl($sAction, $iViewerId, $iTargetId)
{
$sAction = clear_xss($sAction);
$iViewerId = (int) $iViewerId;
$iTargetId = (int) $iTargetId;
$mixedRes = FALSE;
$sMsg = '_Error';
if (isAdmin($iViewerId) or isModerator($iViewerId) and $iViewerId != $iTargetId) {
switch ($sAction) {
case 'activate':
case 'deactivate':
$mixedRes = _setStatus($iTargetId, $sAction);
break;
case 'ban':
if (bx_admin_profile_ban_control($iTargetId)) {
$sMsg = '_Success';
}
$mixedRes = MsgBox(_t($sMsg));
break;
case 'unban':
if (bx_admin_profile_ban_control($iTargetId, FALSE)) {
$sMsg = '_Success';
}
$mixedRes = MsgBox(_t($sMsg));
break;
case 'featured':
case 'unfeatured':
$mixedRes = _setFeature($iTargetId, $sAction);
break;
case 'delete':
profile_delete($iTargetId);
$mixedRes = MsgBox(_t('_Success')) . genAjaxyPopupJS($iTargetId, 'ajaxy_popup_result_div', BX_DOL_URL_ROOT . 'browse.php');
break;
case 'delete_spam':
profile_delete($iTargetId, TRUE);
$mixedRes = MsgBox(_t('_Success')) . genAjaxyPopupJS($iTargetId, 'ajaxy_popup_result_div', BX_DOL_URL_ROOT . 'browse.php');
break;
default:
}
}
return $mixedRes;
}
function AddRecord()
{
global $record_maxlength;
global $period;
global $record_limit;
global $logged;
$ret = "";
$record_text = addslashes(clear_xss(process_pass_data($_POST['newrecord'])));
$record_sender = strlen($_COOKIE['memberID']) ? (int) $_COOKIE['memberID'] : "";
$record_recipient = (int) $_REQUEST['owner'];
$ip = getenv('HTTP_CLIENT_IP') ? getenv('HTTP_CLIENT_IP') : getenv('REMOTE_ADDR');
if (!$record_recipient) {
return $ret;
}
// Test if IP is defined
if (!$ip) {
$ret .= "<br />\r\n\t\t\t<table width=\"100%\" cellpadding=\"1\" cellspacing=\"1\" border=\"0\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td class=\"text\" align=\"center\">\r\n\t\t\t\t\t\t<br />" . _t_err("_sorry, i can not define you ip adress. IT'S TIME TO COME OUT !") . "<br />\r\n\t\t\t\t\t</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\n";
return $ret;
}
// Test if last message is old enough
$last_count = db_arr("SELECT COUNT( * ) AS `last_count` FROM `Guestbook` WHERE `IP` = '{$ip}' AND (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`Date`) < {$period}*60)");
if ($last_count['last_count'] != 0) {
$ret .= "<br />\r\n\t\t\t<table width=\"100%\" cellpadding=\"1\" cellspacing=\"1\" border=\"0\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td class=\"text\" align=\"center\">\r\n\t\t\t\t\t\t<br />" . _t_err("_You have to wait for PERIOD minutes before you can write another message!", $period) . "<br />\r\n\t\t\t\t\t</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\n";
return $ret;
}
// Restrict with total records count
$total_count = db_arr("SELECT COUNT(*) AS `total_count` FROM `Guestbook` WHERE `Recipient` = '{$record_recipient}'");
if ($total_count['total_count'] - 1 > $record_limit) {
$del_res = db_res("SELECT `ID` FROM `Guestbook` WHERE `Recipient` = '{$record_recipient}' ORDER BY `Date` ASC LIMIT " . ($total_count['total_count'] - $record_limit + 1));
while ($del_arr = mysql_fetch_array($del_res)) {
db_res("DELETE FROM `Guestbook` WHERE `ID` = {$del_arr['ID']}");
}
}
// Perform insertion
db_res("INSERT INTO `Guestbook` SET `Date` = NOW(), `IP` = '{$ip}', `Sender` = '{$record_sender}', `Recipient` = '{$record_recipient}', `Text` = '{$record_text}', `New` = '1'");
return $ret;
}
function processPostValues($bCouple, &$aValues, &$aErrors, $iPage = 0, $iProfileID = 0, $iBlockOnly = 0)
{
$iHumans = $bCouple ? 2 : 1;
// number of members in profile (single/couple), made for double arrays
if ($this->iAreaID == 1) {
// join
$this->aBlocks = $this->aArea[$iPage];
}
foreach ($this->aBlocks as $iBlockID => $aBlock) {
if ($iBlockOnly > 0 and $iBlockOnly != $iBlockID) {
continue;
}
$aItems = $aBlock['Items'];
foreach ($aItems as $iItemID => $aItem) {
$sItemName = $aItem['Name'];
for ($iHuman = 0; $iHuman < $iHumans; $iHuman++) {
if ($iHuman == 1 and in_array($sItemName, $this->aCoupleMutual)) {
continue;
}
$mValue = null;
switch ($aItem['Type']) {
case 'text':
case 'area':
case 'pass':
case 'select_one':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) {
$mValue = process_pass_data($_POST[$sItemName][$iHuman]);
}
break;
case 'html_area':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) {
$mValue = clear_xss(process_pass_data($_POST[$sItemName][$iHuman]));
}
break;
case 'bool':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and $_POST[$sItemName][$iHuman] == 'yes') {
$mValue = true;
} else {
$mValue = false;
}
break;
case 'num':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and trim($_POST[$sItemName][$iHuman]) !== '') {
$mValue = (int) trim($_POST[$sItemName][$iHuman]);
}
break;
case 'date':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and trim($_POST[$sItemName][$iHuman]) !== '') {
list($iYear, $iMonth, $iDay) = explode('-', $_POST[$sItemName][$iHuman]);
// 1985-10-28
$iDay = intval($iDay);
$iMonth = intval($iMonth);
$iYear = intval($iYear);
$mValue = sprintf("%04d-%02d-%02d", $iYear, $iMonth, $iDay);
}
break;
case 'select_set':
$mValue = array();
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman]) and is_array($_POST[$sItemName][$iHuman])) {
foreach ($_POST[$sItemName][$iHuman] as $sValue) {
$mValue[] = process_pass_data($sValue);
}
}
break;
case 'range':
if (isset($_POST[$sItemName]) and isset($_POST[$sItemName][$iHuman])) {
if (is_array($_POST[$sItemName][$iHuman])) {
$aRange = $_POST[$sItemName][$iHuman];
} else {
$aRange = explode('-', $_POST[$sItemName][$iHuman], 2);
}
$mValue = array(null, null);
$aRange[0] = isset($aRange[0]) ? trim($aRange[0]) : '';
$aRange[1] = isset($aRange[1]) ? trim($aRange[1]) : '';
if ($aRange[0] !== '') {
$mValue[0] = (int) $aRange[0];
}
if ($aRange[1] !== '') {
$mValue[1] = (int) $aRange[1];
}
}
break;
case 'system':
switch ($aItem['Name']) {
case 'Couple':
case 'TermsOfUse':
case 'Featured':
//they are boolean
if (isset($_POST[$sItemName]) and $_POST[$sItemName] == 'yes') {
$mValue = true;
} else {
$mValue = false;
}
break;
case 'Captcha':
case 'Status':
// they are select_one
if (isset($_POST[$sItemName])) {
$mValue = process_pass_data($_POST[$sItemName]);
}
break;
case 'ProfilePhoto':
if (isset($_FILES['ProfilePhoto'])) {
if ($_FILES['ProfilePhoto']['error'] == UPLOAD_ERR_OK) {
$sTmpName = tempnam($GLOBALS['dir']['tmp'], 'pphot');
if (move_uploaded_file($_FILES['ProfilePhoto']['tmp_name'], $sTmpName)) {
$mValue = basename($sTmpName);
}
}
} elseif (isset($_POST['ProfilePhoto']) && trim($_POST['ProfilePhoto'])) {
$mValue = preg_replace('/[^a-zA-Z0-9\\.]/', '', $_POST['ProfilePhoto']);
}
break;
}
break;
}
$rRes = $this->checkPostValue($iBlockID, $iItemID, $mValue, $iHuman, $iProfileID);
if ($rRes !== true) {
$aErrors[$iHuman][$sItemName] = $rRes;
}
//it is returned error text
//if password on edit page
if ($aItem['Type'] == 'pass' and ($this->iAreaID == 2 or $this->iAreaID == 3 or $this->iAreaID == 4)) {
if (empty($mValue)) {
$mValue = $aValues[$iHuman][$sItemName];
} else {
$mValue = encryptUserPwd($mValue, $aValues[$iHuman]['Salt']);
}
}
$aValues[$iHuman][$sItemName] = $mValue;
}
}
}
}
function addComment($profileID)
{
global $logged;
global $oProfile;
if ($logged['member']) {
$record_sender = (int) $_COOKIE['memberID'];
} else {
return;
}
$period = 1;
// time period before user can add another record (in minutes)
$record_maxlength = 1600;
// max length of record
// Test if IP is defined
$ip = getVisitorIP();
if ($ip == '0.0.0.0') {
return _t_err("_sorry, i can not define you ip adress. IT'S TIME TO COME OUT !");
}
// get record text
$record_text = addslashes(clear_xss(trim(process_pass_data($_POST['commenttext']))));
if (strlen($record_text) < 2) {
return _t_err("_enter_message_text");
}
// Test if last message is old enough
$last_count = db_value("SELECT COUNT(*) FROM `ProfilesComments` WHERE `IP` = '{$ip}' AND (UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`Date`) < {$period}*60)");
if ($last_count != 0) {
return _t_err("_You have to wait for PERIOD minutes before you can write another message!", $period);
}
$replyTO = (int) $_POST['replyTO'];
// Perform insertion
$query = "\n\t\tINSERT INTO `ProfilesComments` SET\n\t\t\t`Date` = NOW(),\n\t\t\t`IP` = '{$ip}',\n\t\t\t`Sender` = {$record_sender},\n\t\t\t`Recipient` = {$oProfile->_iProfileID},\n\t\t\t`Text` = '{$record_text}',\n\t\t\t`New` = '1',\n\t\t\t`ReplyTO` = {$replyTO}\n\t\t";
db_res($query);
}
