/**
* Get tagdata for callback above class (EE2.x)
*
* @since 1.1.0
* @return array
*/
function ee_two_tagdata()
{
$this->EE =& get_instance();
// Directly load the typography helper from CI
require BASEPATH . 'helpers/typography_helper' . EXT;
$tagdata = $this->EE->TMPL->tagdata !== '' ? entity_decode($this->EE->TMPL->tagdata) : FALSE;
return $tagdata;
}
public function testEntityDecode()
{
$this->assertEquals('A test', entity_decode('A test'));
$this->assertEquals('hello ? bar', entity_decode('hello  ? bar'));
$this->assertEquals('hello ? bar', entity_decode('hello  ? bar'));
$this->assertEquals('hello ? bar', entity_decode('hello  ? bar'));
$this->assertEquals('hello A& bar', entity_decode('hello A& bar'));
$this->assertEquals('hello A/ & bar', entity_decode('hello A/ & bar'));
}
function home()
{
global $user;
$sql = 'SELECT *
FROM _email
WHERE email_active = ??
LIMIT ??';
if (!($email = _fieldrow(sql_filter($sql, 1, 1)))) {
$this->e('No queue emails.');
}
set_time_limit(0);
if (!$email['email_start']) {
$sql = 'UPDATE _email SET email_start = ?
WHERE email_id = ?';
_sql(sql_filter($sql, time(), $email['email_id']));
}
$sql = 'SELECT user_id, user_username, user_email
FROM _members
WHERE user_type = ?
AND user_id <> ?
ORDER BY user_username
LIMIT ??, ??';
$members = _rowset(sql_filter($sql, 1, 1, $email['email_last'], 100));
$i = 0;
foreach ($members as $row) {
if (!preg_match('/^[a-z0-9\\.\\-_\\+]+@[a-z0-9\\-_]+\\.([a-z0-9\\-_]+\\.)*?[a-z]+$/is', $row['user_email'])) {
continue;
}
if (!$i) {
include XFS . 'core/emailer.php';
$emailer = new emailer();
}
$emailer->use_template('mass');
$emailer->format('plain');
$emailer->from('TWC Kaulitz <*****@*****.**>');
$emailer->set_subject(entity_decode($email['email_subject']));
$emailer->email_address($row['user_email']);
$emailer->assign_vars(array('USERNAME' => $row['user_username'], 'MESSAGE' => entity_decode($email['email_message'])));
$emailer->send();
$emailer->reset();
sleep(2);
$i++;
}
if ($i) {
$email['email_last'] += $i;
$sql = 'UPDATE _email SET email_last = ?
WHERE email_id = ?';
_sql(sql_filter($sql, $email['email_last'], $email['email_id']));
} else {
$sql = 'UPDATE _email SET email_active = ?, email_end = ?
WHERE email_id = ?';
_sql(sql_filter($sql, 0, time(), $email['email_id']));
$this->e('Finished processing [' . $email['email_id'] . '] emails.');
}
$this->e('Processed ' . $i . ' emails.');
return;
}
/**
* Log Referrer data
*
* @access public
* @return bool
*/
function log_referrer()
{
// Is the nation of the user banend?
if (ee()->config->item('ip2nation') == 'y' && ee()->session->nation_ban_check(FALSE) === FALSE) {
return;
}
if (ee()->config->item('log_referrers') == 'n' or !isset($_SERVER['HTTP_REFERER'])) {
return;
}
// Load the typography helper so we can do entity_decode()
ee()->load->helper('typography');
$site_url = ee()->config->item('site_url');
$ref = !isset($_SERVER['HTTP_REFERER']) ? '' : ee()->security->xss_clean(entity_decode($_SERVER['HTTP_REFERER']));
$test_ref = strtolower($ref);
// Yes, a copy, not a reference
$domain = !ee()->config->item('cookie_domain') ? '' : ee()->config->item('cookie_domain');
// Throttling - Ten hits a minute is the limit
$query = ee()->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t FROM exp_referrers\n\t\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'\n\t\t\t\t\t\t\t AND (ref_from = '" . ee()->db->escape_str($ref) . "' OR ref_ip = '" . ee()->input->ip_address() . "')\n\t\t\t\t\t\t\t AND ref_date > '" . (ee()->localize->now - 60) . "'");
if ($query->row('count') > 10) {
return FALSE;
}
if (stristr($ref, '{') !== FALSE or stristr($ref, '}') !== FALSE) {
return FALSE;
}
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $ref)) {
if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') {
$test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref);
}
}
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) {
if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') {
$site_url = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url);
}
}
if ($test_ref != '' && strncasecmp($test_ref, $site_url, strlen($site_url)) != 0 && ($domain == '' or stristr($test_ref, $domain) === FALSE) && (ee()->blacklist->whitelisted == 'y' or ee()->blacklist->blacklisted == 'n')) {
// INSERT into database
$ref_to = ee()->security->xss_clean(ee()->functions->fetch_current_uri());
if (stristr($ref_to, '{') !== FALSE or stristr($ref_to, '}') !== FALSE) {
return FALSE;
}
$insert_data = array('ref_from' => $ref, 'ref_to' => $ref_to, 'ref_ip' => ee()->input->ip_address(), 'ref_date' => ee()->localize->now, 'ref_agent' => substr(ee()->input->user_agent(), 0, 100), 'site_id' => ee()->config->item('site_id'));
ee()->db->query(ee()->db->insert_string('exp_referrers', $insert_data));
// Prune Database
srand(time());
if (rand() % 100 < 5) {
$max = !is_numeric(ee()->config->item('max_referrers')) ? 500 : ee()->config->item('max_referrers');
$query = ee()->db->query("SELECT MAX(ref_id) as ref_id FROM exp_referrers WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'");
$row = $query->row_array();
if (isset($row['ref_id']) && $row['ref_id'] > $max) {
ee()->db->query("DELETE FROM exp_referrers WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' AND ref_id < " . ($row['ref_id'] - $max) . "");
}
}
}
}
/**
* EE 2.x version execution
*
* @return string
*/
function tweet_me_two()
{
$this->EE =& get_instance();
// Directly load the typography helper from CI
require BASEPATH . 'helpers/typography_helper' . EXT;
// I'm going to add a space to the front of the 'data' parameter so I don't have
// to write a crazy regular expression to get the job done. This is just to single
// out the strings that are twitter-related and not email addresses or div id links
// we don't want to process things like erik@erikreagan.com or <a href="#comments">
$tag_data = $this->EE->TMPL->fetch_param('data') != '' ? ' ' . entity_decode($this->EE->TMPL->fetch_param('data')) : entity_decode($this->EE->TMPL->tagdata);
$base_at_url = $this->EE->TMPL->fetch_param('base_at_url') != '' ? $this->EE->TMPL->fetch_param('base_at_url') : 'http://twitter.com/';
$base_hash_url = $this->EE->TMPL->fetch_param('base_hash_url') != '' ? $this->EE->TMPL->fetch_param('base_hash_url') : 'http://twitter.com/search?q=%23';
return array('tag_data' => $tag_data, 'base_at_url' => $base_at_url, 'base_hash_url' => $base_hash_url);
}
function geraXmlRSS($locaplic, $sql, $descricao, $output = "xml")
{
global $esquemaadmin;
if (empty($output)) {
$output = "xml";
}
//var_dump($_SERVER);exit;
$dbh = "";
include $locaplic . "/admin/php/conexao.php";
if ($convUTF) {
$xml = "<" . "?" . "xml version='1.0' encoding='UTF-8' " . "?" . ">";
} else {
$xml = "<" . "?" . "xml version='1.0' encoding='ISO-8859-1' " . "?" . ">";
}
$xml .= "<rss version='2.0'>";
$xml .= "<channel>\n";
$xml .= "<title>RSS</title>\n";
$xml .= "<description>" . str_replace("&", "&", $descricao) . "</description>\n";
$xml .= "<link></link>\n";
$xml .= "<docs></docs>\n";
$xml .= "<copyright>Gerado pelo i3Geo</copyright>\n";
$xml .= "<language>pt-br</language>\n";
$xml .= "<webmaster></webmaster>\n";
$json = array("description" => $descricao, "copyright" => "Gerado pelo i3Geo", "language" => "pt-br");
$jsonItems = array();
$qatlas = $dbh->query($sql);
foreach ($qatlas as $row) {
$xml .= "<item>\n";
$xml .= "<category/>\n";
$xml .= "<title>" . entity_decode($row["nome_ws"]) . "</title>\n";
$xml .= "<description>" . xmlTexto_prepara(entity_decode($row["desc_ws"])) . "</description>\n";
$link = xmlTexto_prepara($row["link_ws"]);
if (stristr($link, 'http') === FALSE) {
$link = "http://" . $_SERVER["HTTP_HOST"] . dirname($_SERVER["REQUEST_URI"]) . "/" . $link;
}
$xml .= "<link><![CDATA[" . $link . "]]></link>\n";
$xml .= "<pubDate/>\n";
$xml .= "<author>" . xmlTexto_prepara($row["autor_ws"]) . "</author>\n";
$xml .= "<nacessos></nacessos>\n";
$xml .= "<nacessosok></nacessosok>\n";
$xml .= "<id>" . xmlTexto_prepara($row["id_ws"]) . "</id>\n";
$xml .= "<tipo>" . $row["tipo_ws"] . "</tipo>\n";
$xml .= "</item>\n";
$jsonItems[] = array("title" => $row["nome_ws"], "description" => $row["desc_ws"], "link" => $link . "&output=json", "author" => $row["autor_ws"], "id" => $row["id_ws"], "tipo" => $row["tipo_ws"]);
}
$json["items"] = $jsonItems;
$xml .= "</channel></rss>\n";
$dbh = null;
$dbhw = null;
if ($output == "xml") {
return $xml;
} else {
return json_encode($json);
}
}
/**
* Evaluates the message and returns modifications for inline images and backgrounds
* @access public
* @return $message
*/
public function MsgHTML($message, $basedir = '')
{
preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images);
if (isset($images[2])) {
foreach ($images[2] as $i => $url) {
// do not change urls for absolute images (thanks to corvuscorax)
if (!preg_match('#^[A-z]+://#', $url)) {
$filename = basename($url);
$directory = dirname($url);
$directory == '.' ? $directory = '' : '';
$cid = 'cid:' . md5($filename);
$ext = pathinfo($filename, PATHINFO_EXTENSION);
$mimeType = self::_mime_types($ext);
if (strlen($basedir) > 1 && substr($basedir, -1) != '/') {
$basedir .= '/';
}
if (strlen($directory) > 1 && substr($directory, -1) != '/') {
$directory .= '/';
}
if ($this->AddEmbeddedImage($basedir . $directory . $filename, md5($filename), $filename, 'base64', $mimeType)) {
$message = preg_replace("/" . $images[1][$i] . "=\"" . preg_quote($url, '/') . "\"/Ui", $images[1][$i] . "=\"" . $cid . "\"", $message);
}
}
}
}
$this->IsHTML(true);
$this->Body = $message;
$textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\\/\\1>/s', '', $message)));
if (!empty($textMsg) && empty($this->AltBody)) {
//$this->AltBody = html_entity_decode($textMsg);
$this->AltBody = entity_decode($textMsg);
}
if (empty($this->AltBody)) {
$this->AltBody = 'To view this email message, open it in a program that understands HTML!' . "\n\n";
}
}
function home() {
global $core, $user, $style;
$sql = 'SELECT *
FROM _email
WHERE email_active = 1
AND (email_schedule > ??
OR email_schedule = 0)
ORDER BY email_priority, email_id
LIMIT 1';
if (!$email = sql_fieldrow(sql_filter($sql, time()))) {
$this->e('No queue.');
}
set_time_limit(0);
$sql = 'SELECT *
FROM ??
WHERE address_sent = 0
ORDER BY address_id
LIMIT ??';
if ($members = sql_rowset(sql_filter($sql, $email['email_data'], $email['email_batch']))) {
if (!$email['email_start']) {
$sql = 'UPDATE _email SET email_start = ?
WHERE email_id = ?';
sql_query(sql_filter($sql, time(), $email['email_id']));
}
}
$i = 0;
$sent_to = array();
foreach ($members as $row) {
$address_account = trim($row['address_account']);
if (!preg_match('/^[a-z0-9\.\-_\+]+@[a-z0-9\-_]+\.([a-z0-9\-_]+\.)*?[a-z]+$/is', $address_account)) {
$sql = 'UPDATE ?? SET address_sent = ?
WHERE address_id = ?';
sql_query(sql_filter($sql, $email['email_data'], 1, $row['address_id']));
continue;
}
if (!$i) {
include(XFS . 'core/emailer.php');
$emailer = new emailer();
}
$emailer->use_template('mass');
$emailer->format('html');
$emailer->from($email['email_from'] . ' <' . $email['email_from_address'] . '>');
$emailer->set_subject(entity_decode($email['email_subject']));
$emailer->email_address($address_account);
$name_compose = '';
if (isset($row['address_name']) && !empty($row['address_name'])) {
$row['address_name'] = preg_replace('/\s\s+/', ' ', $row['address_name']);
$name_compose = ucwords(strtolower(trim($row['address_name'])));
if (isset($row['address_last']) && !empty($row['address_last'])) {
$row['address_last'] = preg_replace('/\s\s+/', ' ', $row['address_last']);
$name_compose .= ' ' . ucwords(strtolower(trim($row['address_last'])));
}
if (!empty($name_compose)) {
$name_gretting = '';
if (isset($row['address_gender']) && !empty($row['address_gender'])) {
switch ($row['address_gender']) {
case 'Femenino':
$name_by = 'a';
break;
case 'Masculino':
$name_by = 'o';
break;
default:
$name_gretting = $core->config['email_gretting'];
break;
}
} else {
if (strpos($name_compose, 'Sra.') !== false || strpos($name_compose, 'Srta.') !== false) {
$name_by = 'a';
} else if (strpos($name_compose, 'Sr.') !== false) {
$name_by = 'o';
} else {
$name_gretting = $core->config['email_gretting'];
}
}
if (empty($email['email_gretting'])) {
$name_gretting = $core->config['email_gretting'];
}
if (!empty($name_gretting)) {
$name_compose = $name_gretting . ' ' . $name_compose;
} elseif (!empty($name_by)) {
if (strpos($email['email_gretting'], '*') !== false) {
$name_compose = str_replace('*', $name_by, $email['email_gretting']) . ' ' . $name_compose;
}
}
if (!empty($name_compose)) {
$name_compose .= ', ';
}
}
}
$email_message = entity_decode($email['email_message']);
if (strpos($email_message, '<system_image>') !== false) {
$enc_email_id = encode($email['email_id']);
$enc_address_id = encode($row['address_id']);
$system_image_link = _link('i' . $enc_email_id . '-' . $enc_address_id . '.jpg', false, false);
$email_message = str_replace('<system_image>', $system_image_link, $email_message);
}
$emailer->assign_vars(array(
'USERNAME' => $name_compose,
'MESSAGE' => $email_message)
);
$emailer->send();
$emailer->reset();
$sql = 'UPDATE ?? SET address_sent = ?
WHERE address_id = ?';
sql_query(sql_filter($sql, $email['email_data'], time(), $row['address_id']));
$i++;
$sql = 'UPDATE _email SET email_last = email_last + 1
WHERE email_id = ?';
sql_query(sql_filter($sql, $email['email_id']));
$sent_to[] = $row['address_account'];
sleep(1);
}
$sql = 'SELECT COUNT(address_id) AS total
FROM ??
WHERE address_sent = 0
ORDER BY address_id';
if (!sql_field(sql_filter($sql, $email['email_data']), 'total', 0)) {
$sql = 'UPDATE _email SET email_active = 0, email_end = ?
WHERE email_id = ?';
sql_query(sql_filter($sql, time(), $email['email_id']));
return $this->e('Finished sending ' . $i . ' emails.');
}
return $this->e('Processed ' . $i . ' emails.');
}
/**
* Blacklist Checker
*
* This function checks all of the available blacklists, such as urls,
* IP addresses, and user agents. URLs are checked as both referrers and
* in all $_POST'ed contents (such as comments).
*
* @access private
* @return bool
*/
function _check_blacklist()
{
// Check the referrer
// Since we already need to check all post values for illegal urls
// below, we'll temporarily write our referrer to $_POST.
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
$test_ref = ee()->security->xss_clean($_SERVER['HTTP_REFERER']);
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $test_ref)) {
if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') {
$test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref);
}
}
$_POST['HTTP_REFERER'] = $test_ref;
}
// No referrer, and no posted data - no need to blacklist.
// In other words, if your ip is blacklisted you can still see the
// site, but you can not contribute content.
if (count($_POST) == 0) {
return TRUE;
}
ee()->load->model('addons_model');
$installed = ee()->addons_model->module_installed('blacklist');
if (!$installed) {
unset($_POST['HTTP_REFERER']);
return TRUE;
}
// Whitelisted Items
$whitelisted_ip = array();
$whitelisted_url = array();
$whitelisted_agent = array();
$results = ee()->db->query("SELECT whitelisted_type, whitelisted_value FROM exp_whitelisted\n\t\t\t\t\t\t\t\t\t\t WHERE whitelisted_value != ''");
if ($results->num_rows() > 0) {
foreach ($results->result_array() as $row) {
if ($row['whitelisted_type'] == 'url') {
$whitelisted_url = explode('|', $row['whitelisted_value']);
} elseif ($row['whitelisted_type'] == 'ip') {
$whitelisted_ip = explode('|', $row['whitelisted_value']);
} elseif ($row['whitelisted_type'] == 'agent') {
$whitelisted_agent = explode('|', $row['whitelisted_value']);
}
}
}
if (ee()->config->item('cookie_domain') !== FALSE && ee()->config->item('cookie_domain') != '') {
$whitelisted_url[] = ee()->config->item('cookie_domain');
}
$site_url = ee()->config->item('site_url');
$whitelisted_url[] = $site_url;
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) {
if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') {
$whitelisted_url[] = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url);
}
}
// Domain Names Array
$domains = array('net', 'com', 'org', 'info', 'name', 'biz', 'us', 'de', 'uk');
// Blacklisted Checking
$query = ee()->db->query("SELECT blacklisted_type, blacklisted_value FROM exp_blacklisted");
if ($query->num_rows() == 0) {
unset($_POST['HTTP_REFERER']);
return TRUE;
}
// Load the typography helper so we can do entity_decode()
ee()->load->helper('typography');
foreach ($query->result_array() as $row) {
if ($row['blacklisted_type'] == 'url' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($_POST as $key => $value) {
// Smallest URL Possible
// Or no external links
if (is_array($value) or strlen($value) < 8) {
continue;
}
// Convert Entities Before Testing
$value = entity_decode($value);
$value .= ' ';
// Clear period from the end of URLs
$value = preg_replace("#(^|\\s|\\()((http://|http(s?)://|www\\.)\\w+[^\\s\\)]+)\\.([\\s\\)])#i", "\\1\\2{{PERIOD}}\\4", $value);
// Sometimes user content such as comments contain multiple
// urls, so we need to check them individually.
if (preg_match_all("/([f|ht]+tp(s?):\\/\\/[a-z0-9@%_.~#\\/\\-\\?&=]+.)" . "|(www.[a-z0-9@%_.~#\\-\\?&]+.)" . "|([a-z0-9@%_~#\\-\\?&]*\\.(" . implode('|', $domains) . "))/si", $value, $matches)) {
for ($i = 0; $i < count($matches['0']); $i++) {
// If this is a referrer or the comment module's
// url field we know that it's just a single match.
if ($key == 'HTTP_REFERER' or $key == 'url') {
$matches['0'][$i] = $value;
}
foreach ($blacklist_values as $bad_url) {
if ($bad_url != '' && stristr($matches['0'][$i], $bad_url) !== FALSE) {
$bad = 'y';
// Check Bad Against Whitelist - URLs
if (is_array($whitelisted_url) && count($whitelisted_url) > 0) {
$parts = explode('?', $matches['0'][$i]);
foreach ($whitelisted_url as $pure) {
if ($pure != '' && stristr($parts['0'], $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
// Check Bad Against Whitelist - IPs
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos(ee()->input->ip_address(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
// Referer mismatches get a access denied error
// since the url error doesn't make sense for a
// user who didn't take any actions.
if ($key == 'HTTP_REFERER') {
$this->blacklisted = 'y';
} else {
exit('Action Denied: Blacklisted Item Found' . "\n<br/>" . $matches['0'][$i]);
}
} else {
break;
// Free to move on
}
}
}
}
}
}
} elseif ($row['blacklisted_type'] == 'ip' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($blacklist_values as $bad_ip) {
if ($bad_ip != '' && strpos(ee()->input->ip_address(), $bad_ip) === 0) {
$bad = 'y';
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos(ee()->input->ip_address(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
$this->blacklisted = 'y';
break;
} else {
unset($_POST['HTTP_REFERER']);
return TRUE;
// whitelisted, so end
}
}
}
} elseif ($row['blacklisted_type'] == 'agent' && $row['blacklisted_value'] != '' && ee()->input->user_agent() != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($blacklist_values as $bad_agent) {
if ($bad_agent != '' && stristr(ee()->input->user_agent(), $bad_agent) !== FALSE) {
$bad = 'y';
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos(ee()->input->user_agent(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if (is_array($whitelisted_agent) && count($whitelisted_agent) > 0) {
foreach ($whitelisted_agent as $pure) {
if ($pure != '' && strpos(ee()->input->agent, $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
$this->blacklisted = 'y';
} else {
unset($_POST['HTTP_REFERER']);
return TRUE;
// whitelisted, so end
}
}
}
}
}
unset($_POST['HTTP_REFERER']);
return TRUE;
}
/**
* Blacklist Checker
*
* @access private
* @return bool
*/
function _check_blacklist()
{
// Check the Referrer Too
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
$test_ref = $this->EE->security->xss_clean($_SERVER['HTTP_REFERER']);
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $test_ref)) {
if (substr($test_ref, 0, 7) == 'http://' and substr($test_ref, 0, 11) != 'http://www.') {
$test_ref = preg_replace("#^http://(.+?)#", "http://www.\\1", $test_ref);
}
}
$_POST['HTTP_REFERER'] = $test_ref;
}
if (count($_POST) == 0 or !$this->EE->db->table_exists('exp_blacklisted')) {
unset($_POST['HTTP_REFERER']);
return TRUE;
}
// Whitelisted Items
$whitelisted_ip = array();
$whitelisted_url = array();
$whitelisted_agent = array();
if ($this->EE->db->table_exists('exp_whitelisted')) {
$results = $this->EE->db->query("SELECT whitelisted_type, whitelisted_value FROM exp_whitelisted \n\t\t\t\t\t\t\t\t\t\t\t WHERE whitelisted_value != ''");
if ($results->num_rows() > 0) {
foreach ($results->result_array() as $row) {
if ($row['whitelisted_type'] == 'url') {
$whitelisted_url = explode('|', $row['whitelisted_value']);
} elseif ($row['whitelisted_type'] == 'ip') {
$whitelisted_ip = explode('|', $row['whitelisted_value']);
} elseif ($row['whitelisted_type'] == 'agent') {
$whitelisted_agent = explode('|', $row['whitelisted_value']);
}
}
}
}
if ($this->EE->config->item('cookie_domain') !== FALSE && $this->EE->config->item('cookie_domain') != '') {
$whitelisted_url[] = $this->EE->config->item('cookie_domain');
}
$site_url = $this->EE->config->item('site_url');
$whitelisted_url[] = $site_url;
if (!preg_match("#^http://\\w+\\.\\w+\\.\\w*#", $site_url)) {
if (substr($site_url, 0, 7) == 'http://' and substr($site_url, 0, 11) != 'http://www.') {
$whitelisted_url[] = preg_replace("#^http://(.+?)#", "http://www.\\1", $site_url);
}
}
// Domain Names Array
$domains = array('net', 'com', 'org', 'info', 'name', 'biz', 'us', 'de', 'uk');
// Blacklisted Checking
$query = $this->EE->db->query("SELECT blacklisted_type, blacklisted_value FROM exp_blacklisted");
if ($query->num_rows() == 0) {
unset($_POST['HTTP_REFERER']);
return TRUE;
}
// Load the typography helper so we can do entity_decode()
$this->EE->load->helper('typography');
foreach ($query->result_array() as $row) {
if ($row['blacklisted_type'] == 'url' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($_POST as $key => $value) {
// Smallest URL Possible
// Or no external links
if (is_array($value) or strlen($value) < 8) {
continue;
}
// Convert Entities Before Testing
$value = entity_decode($value);
$value .= ' ';
// Clear period from the end of URLs
$value = preg_replace("#(^|\\s|\\()((http://|http(s?)://|www\\.)\\w+[^\\s\\)]+)\\.([\\s\\)])#i", "\\1\\2{{PERIOD}}\\4", $value);
if (preg_match_all("/([f|ht]+tp(s?):\\/\\/[a-z0-9@%_.~#\\/\\-\\?&=]+.)" . "|(www.[a-z0-9@%_.~#\\-\\?&]+.)" . "|([a-z0-9@%_~#\\-\\?&]*\\.(" . implode('|', $domains) . "))/si", $value, $matches)) {
for ($i = 0; $i < count($matches['0']); $i++) {
if ($key == 'HTTP_REFERER' or $key == 'url') {
$matches['0'][$i] = $value;
}
foreach ($blacklist_values as $bad_url) {
if ($bad_url != '' && stristr($matches['0'][$i], $bad_url) !== FALSE) {
$bad = 'y';
// Check Bad Against Whitelist - URLs
if (is_array($whitelisted_url) && count($whitelisted_url) > 0) {
$parts = explode('?', $matches['0'][$i]);
foreach ($whitelisted_url as $pure) {
if ($pure != '' && stristr($parts['0'], $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
// Check Bad Against Whitelist - IPs
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos($this->EE->input->ip_address(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
if ($key == 'HTTP_REFERER') {
$this->blacklisted = 'y';
} else {
exit('Action Denied: Blacklisted Item Found' . "\n<br/>" . $matches['0'][$i]);
}
} else {
break;
// Free to move on
}
}
}
}
}
}
} elseif ($row['blacklisted_type'] == 'ip' && $row['blacklisted_value'] != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($blacklist_values as $bad_ip) {
if ($bad_ip != '' && strpos($this->EE->input->ip_address(), $bad_ip) === 0) {
$bad = 'y';
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos($this->EE->input->ip_address(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
$this->blacklisted = 'y';
break;
} else {
unset($_POST['HTTP_REFERER']);
return TRUE;
// whitelisted, so end
}
}
}
} elseif ($row['blacklisted_type'] == 'agent' && $row['blacklisted_value'] != '' && $this->EE->input->user_agent() != '' && $this->whitelisted != 'y') {
$blacklist_values = explode('|', $row['blacklisted_value']);
if (!is_array($blacklist_values) or count($blacklist_values) == 0) {
continue;
}
foreach ($blacklist_values as $bad_agent) {
if ($bad_agent != '' && stristr($this->EE->input->user_agent(), $bad_agent) !== FALSE) {
$bad = 'y';
if (is_array($whitelisted_ip) && count($whitelisted_ip) > 0) {
foreach ($whitelisted_ip as $pure) {
if ($pure != '' && strpos($this->EE->input->user_agent(), $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if (is_array($whitelisted_agent) && count($whitelisted_agent) > 0) {
foreach ($whitelisted_agent as $pure) {
if ($pure != '' && strpos($this->EE->input->agent, $pure) !== FALSE) {
$bad = 'n';
$this->whitelisted = 'y';
break;
}
}
}
if ($bad == 'y') {
$this->blacklisted = 'y';
} else {
unset($_POST['HTTP_REFERER']);
return TRUE;
// whitelisted, so end
}
}
}
}
}
unset($_POST['HTTP_REFERER']);
return TRUE;
}
public function store() {
global $user, $config;
$this->param = explode('/', array_key(explode('//', $this->ref), 1));
$this->param = array_splice($this->param, 1, -1);
$sql = '';
$id = (isset($this->param[3])) ? (int) $this->param[3] : 0;
switch ($this->param[0]) {
case 'a':
if ($this->param[2] == 9) {
$sql = 'SELECT *
FROM _dl d, _artists a
WHERE d.id = ?
AND a.subdomain = ?
AND d.ub = a.ub';
$sql = sql_filter($sql, $id, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_dl',
'POST_TABLE' => 'dl_posts',
'HISTORY' => UH_M
);
} else {
$sql = 'SELECT *
FROM _artists
WHERE subdomain = ?';
$sql = sql_filter($sql, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_artists',
'POST_TABLE' => 'artists_posts',
'HISTORY' => UH_C
);
}
break;
case 'events':
$event_field = (is_numb($this->param[1])) ? 'id' : 'event_alias';
$sql = 'SELECT *
FROM _events
WHERE ?? = ?';
$sql = sql_filter($sql, $event_field, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_events',
'POST_TABLE' => 'events_posts',
'HISTORY' => UH_EP
);
break;
case 'news':
$sql = 'SELECT *
FROM _news
WHERE news_id = ?';
$sql = sql_filter($sql, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_news',
'POST_TABLE' => 'news_posts',
'HISTORY' => UH_NP
);
break;
case 'art':
$sql = 'SELECT *
FROM _art
WHERE art_id = ?';
$sql = sql_filter($sql, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_art',
'POST_TABLE' => 'art_posts',
'HISTORY' => UH_W
);
break;
case 'm':
$sql = 'SELECT *
FROM _members
WHERE username_base = ?';
$sql = sql_filter($sql, $this->param[1]);
$this->data = array(
'DATA_TABLE' => '_members',
'POST_TABLE' => 'members_posts',
'HISTORY' => UH_UPM
);
break;
default:
fatal_error();
break;
}
if (empty($sql)) {
fatal_error();
}
if (!$post_data = sql_fieldrow($sql)) {
fatal_error();
}
$post_reply = 0;
$error = w();
$update_sql = '';
$current_time = time();
$this->auth['user'] = $user->is('member');
$this->auth['adm'] = $user->is('founder');
/*
//
// Flood control
//
if (!$this->auth['adm'] && !$this->auth['mod'])
{
$where_sql = (!$this->auth['user']) ? "post_ip = '$user_ip'" : "poster_id = " . $userdata['user_id'];
$sql = "SELECT MAX(post_time) AS last_datetime
FROM " . $this->data['POST_TABLE'] . "
WHERE $where_sql";
if ($row = sql_fieldrow($sql)) {
if ((intval($row['last_datetime']) > 0) && ($current_time - intval($row['last_datetime'])) < 10)
{
$error[] = 'CHAT_FLOOD_CONTROL';
}
}
}
*/
//
// Check if message is empty
//
if (!sizeof($error)) {
$message = request_var('message', '', true);
// Check message
if (empty($message)) {
$error[] = 'EMPTY_MESSAGE';
}
}
//
// Insert processed data
//
if (!sizeof($error)) {
$update_sql = '';
$post_reply = (isset($this->param[4]) && $this->param[4] == 'reply') ? $id : 0;
$message = $this->prepare($message);
$insert_data = array(
'post_reply' => (int) $post_reply,
'post_active' => 1,
'poster_id' => (int) $user->d('user_id'),
'post_ip' => (string) $user->ip,
'post_time' => (int) $current_time,
'post_text' => (string) $message
);
switch ($this->param[0]) {
case 'a':
switch ($this->param[2]) {
case 9:
$insert_data['download_id'] = (int) $post_data['id'];
$update_sql = sql_filter('posts = posts + 1 WHERE id = ?', $post_data['id']);
$this->data['HISTORY_EXTRA'] = $post_data['ub'];
break;
case 12:
default:
$insert_data['post_ub'] = (int) $post_data['ub'];
$update_sql = sql_filter('posts = posts + 1 WHERE ub = ?', $post_data['ub']);
$this->data['HISTORY_EXTRA'] = $post_data['ub'];
$this->data['REPLY_TO_SQL'] = sql_filter('SELECT p.poster_id, m.user_id
FROM _artists_posts p, _members m
WHERE p.post_id = ?
AND p.poster_id = m.user_id
AND m.user_type NOT IN (??)', $post_reply, USER_INACTIVE);
break;
}
break;
case 'events':
$insert_data['event_id'] = (int) $post_data['id'];
$update_sql = sql_filter('posts = posts + 1 WHERE id = ?', $post_data['id']);
break;
case 'news':
$insert_data['news_id'] = (int) $post_data['news_id'];
$update_sql = sql_filter('post_replies = post_replies + 1 WHERE news_id = ?', $post_data['news_id']);
break;
case 'art':
$insert_data['art_id'] = (int) $post_data['art_id'];
$update_sql = sql_filter('posts = posts + 1 WHERE art_id = ?', $post_data['art_id']);
break;
case 'm':
$insert_data['userpage_id'] = (int) $post_data['user_id'];
$update_sql = sql_filter('userpage_posts = userpage_posts + 1 WHERE user_id = ?', $post_data['user_id']);
$this->data['HISTORY_EXTRA'] = $post_data['user_id'];
break;
}
$post_id = sql_insert($this->data['POST_TABLE'], $insert_data);
if ($update_sql != '') {
$sql = 'UPDATE ' . $this->data['DATA_TABLE'] . ' SET ' . $update_sql;
sql_query($sql);
}
$reply_to = 0;
$history_extra = isset($this->data['HISTORY_EXTRA']) ? $this->data['HISTORY_EXTRA'] : 0;
if ($post_reply && isset($this->data['REPLY_TO_SQL'])) {
if ($reply_row = sql_fieldrow($this->data['REPLY_TO_SQL'])) {
$reply_to = ($reply_row['user_id'] != GUEST) ? $reply_row['user_id'] : 0;
}
$user->delete_unread($this->data['HISTORY'], $post_reply);
}
$notify = true;
if ($this->param[0] == 'm' && $user->d('user_id') == $post_data['user_id']) {
$notify = false;
}
if ($notify) {
if ($this->param[0] == 'm') {
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_message');
$emailer->email_address($post_data['user_email']);
$emailer->set_subject($user->d('username') . ' te envio un mensaje en Rock Republik');
$emailer->assign_vars(array(
'USERNAME_TO' => $post_data['username'],
'USERNAME_FROM' => $user->d('username'),
'USER_MESSAGE' => entity_decode($message),
'U_PROFILE' => s_link('m', $user->d('username_base')))
);
$emailer->send();
$emailer->reset();
$user->save_unread($this->data['HISTORY'], $post_id, $history_extra, $post_data['user_id']);
} else {
$user->save_unread($this->data['HISTORY'], $post_id, $history_extra, $reply_to, false);
// Points
//$user->points_add(1);
}
}
// Userpage messages
if ($this->param[0] == 'm') {
$sql = 'SELECT post_id
FROM _members_posts p, _members_unread u
WHERE u.item = p.post_id
AND p.userpage_id = ?
AND p.poster_id = ?';
if ($rows = sql_rowset(sql_filter($sql, $user->d('user_id'), $post_data['user_id']), false, 'post_id')) {
$sql = 'DELETE FROM _members_unread
WHERE user_id = ?
AND element = ?
AND item IN (??)';
sql_query(sql_filter($sql, $user->d('user_id'), UH_UPM, implode(',', $rows)));
}
}
} else {
$user->setup();
$return_message = parse_error($error) . '<br /><br /><br /><a href="' . $ref . '">' . lang('click_return_lastpage') . '</a>';
trigger_error($return_message);
}
return;
}
function _ad_acute($a)
{
foreach (w('a e i o u A E I O U') as $row) {
$row = '&' . $row . 'acute;';
$a = str_replace(entity_decode($row), $row, $a);
}
return $a;
}
function send()
{
global $core, $user;
// Escape all quotes, else the eval will fail.
$this->msg = str_replace("'", "\\'", $this->msg);
$this->msg = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . \$\\1 . '", $this->msg);
// Set vars
reset($this->vars);
while (list($key, $val) = each($this->vars)) {
${$key} = $val;
}
eval("\$this->msg = '{$this->msg}';");
// Clear vars
foreach ($this->vars as $key => $val) {
unset(${$key});
}
// We now try and pull a subject from the email body ... if it exists,
// do this here because the subject may contain a variable
$drop_header = '';
$match = array();
if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) {
$this->subject = trim($match[2]) != '' ? trim($match[2]) : ($this->subject != '' ? $this->subject : 'No Subject');
$drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
} else {
$this->subject = $this->subject != '' ? $this->subject : 'No Subject';
}
if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) {
$this->encoding = trim($match[2]) != '' ? trim($match[2]) : _lang('ENCODING');
$drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
} else {
$this->encoding = _lang('ENCODING');
}
if ($drop_header != '') {
$this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg));
}
$to = $this->addresses['to'];
$cc = isset($this->addresses['cc']) && count($this->addresses['cc']) ? implode(', ', $this->addresses['cc']) : '';
$bcc = isset($this->addresses['bcc']) && count($this->addresses['bcc']) ? implode(', ', $this->addresses['bcc']) : '';
// Build header
$this->extra_headers = ($this->reply_to != '' ? "Reply-to: {$this->reply_to}\n" : '') . ($this->from != '' ? "From: {$this->from}\n" : "From: " . $core->v('default_email') . "\n") . "Return-Path: " . $core->v('default_email') . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . get_host() . ">\nMIME-Version: 1.0\nContent-type: text/" . $this->eformat . "; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 2\nX-MSMail-Priority: High\n" . $this->extra_headers . ($cc != '' ? "Cc: {$cc}\n" : '') . ($bcc != '' ? "Bcc: {$bcc}\n" : '');
// Send message ... removed $this->encode() from subject for time being
$empty_to_header = $to == '' ? true : false;
$to = $to == '' ? 'Undisclosed-recipients:;' : $to;
if ($this->htmle) {
$this->msg = entity_decode($this->msg);
}
if ($core->v('mail_use_smtp')) {
require_once XFS . 'core/class.phpmailer.php';
$mail = new PHPMailer(true);
$mail->IsSMTP();
try {
$mail->SMTPDebug = 0;
$mail->Host = 'ssl://smtp.gmail.com:465';
$mail->Port = 465;
$mail->Username = $core->v('mail_ticket_login');
$mail->Password = $core->v('mail_ticket_key');
$mail->SMTPAuth = TRUE;
$mail->AddAddress($to);
if ($this->reply_to != '') {
$mail->AddReplyTo($this->reply_to);
}
if (isset($this->addresses['cc']) && count($this->addresses['cc'])) {
foreach ($this->addresses['cc'] as $row) {
$mail->AddCC($row);
}
}
if (isset($this->addresses['bcc']) && count($this->addresses['bcc'])) {
foreach ($this->addresses['bcc'] as $row) {
$mail->AddBCC($row);
}
}
$mail->SetFrom($this->from);
$mail->Subject = _utf8($this->subject);
$this->msg = _utf8($this->msg);
$mail->MsgHTML(str_replace("\n", '<br />', $this->msg));
$mail->AltBody = $this->msg;
$mail->Send();
return true;
} catch (phpmailerException $e) {
echo $e->errorMessage();
//Pretty error messages from PHPMailer
} catch (Exception $e) {
echo $e->getMessage();
//Boring error messages from anything else!
}
return;
}
$result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$core->v('default_email')}");
// Did it work?
if (!$result) {
trigger_error('Failed sending email :: PHP :: ' . $result);
}
return true;
}
protected function _press_home()
{
global $bio;
$sql = 'SELECT *
FROM _newsletter
WHERE newsletter_active = 1
LIMIT 1';
if (!($newsletter = _fieldrow($sql))) {
$this->warning->set('no_newsletter');
}
set_time_limit(0);
if (!$newsletter->newsletter_start) {
$sql = 'UPDATE _newsletter SET newsletter_start = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, time(), $newsletter->newsletter_id));
}
$sql = 'SELECT bio_id, bio_alias, bio_name, bio_address, bio_lastvisit
FROM _bio b
??
RIGHT JOIN _bio_newsletter bn ON b.bio_id = bn.newsletter_bio
AND bn.newsletter_receive = ?
WHERE b.bio_lastvisit >= ?
AND b.bio_status <> ?
ORDER BY b.bio_name
LIMIT ??, ??';
$sql_country = '';
if (!empty($newsletter->newsletter_country)) {
$sql_country = sql_filter(' LEFT JOIN _countries ON bio_country = country_id
AND country_id IN (??)', implode(', ', w($newsletter->newsletter_country)));
}
$members = _rowset(sql_filter($sql, $sql_country, 1, $newsletter['newsletter_lastvisit'], 2, $newsletter->newsletter_last, $core->v('newsletter_process')));
$i = 0;
foreach ($members as $row) {
if (!is_email($row['user_email'])) {
continue;
}
$email = array('USERNAME' => $row->username, 'MESSAGE' => entity_decode($email->email_message));
$core->email->init('press', 'mass:plain', $email);
$core->email->subject(entity_decode($email['email_subject']));
if (!empty($row['user_public_email']) && $row['user_email'] != $row['user_public_email'] && is_email($row['user_public_email'])) {
$core->email->cc($row->bio_address_public);
}
$core->email->send($row->user_email);
$sql_history = array('history_newsletter' => $newsletter->newsletter_id, 'history_bio' => $row->bio_id, 'history_time' => time());
sql_put('_newsletter_history', $sql_history);
sleep(2);
$i++;
}
if ($i) {
$email['email_last'] += $i;
$sql = 'UPDATE _newsletter SET newsletter_last = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, $newsletter->newsletter_last, $newsletter->newsletter_id));
} else {
$sql = 'UPDATE _newsletter SET newsletter_active = ?, newsletter_end = ?
WHERE newsletter_id = ?';
sql_query(sql_filter($sql, 0, time(), $newsletter->newsletter_id));
$this->warning->set('finished: ' . $newsletter->newsletter_id);
}
return $this->warning->set('completed: ' . $i);
}
protected function _feed_home()
{
global $core;
$format = '<?xml version="1.0" encoding="iso-8859-1"?>
<rss version="2.0">
<channel>
<title>%s</title>
<link>%s</link>
<language>es-gt</language>
<description><![CDATA[%s]]></description>
<lastBuildDate>%s</lastBuildDate>
<webMaster>%s</webMaster>
%s
</channel>
</rss>';
$tags = w('author title link guid description pubDate');
$last_entry = time();
$feed = '';
$sql = 'SELECT r.ref_subject, r.ref_content, r.ref_time, r.ref_link, b.bio_name
FROM _reference r, _reference_type t, _bio b
WHERE r.ref_bio = b.bio_id
AND r.ref_type = t.type_id
ORDER BY r.ref_time DESC
LIMIT 20';
$reference = sql_rowset($sql);
foreach ($reference as $i => $row) {
if (!$i) {
$last_entry = $row->ref_time;
}
$a = array($row->username, '<![CDATA[' . entity_decode($row->ref_subject, false) . ']]>', $row->ref_link, $row->ref_link, '<![CDATA[' . entity_decode($row->ref_content, false) . ']]>', date('D, d M Y H:i:s \\G\\M\\T', $row->ref_time));
$feed .= "\t<item>";
foreach ($a as $j => $v) {
$feed .= '<' . $tags[$j] . '>' . $v . '</' . $tags[$j] . '>';
}
$feed .= "</item>\n";
}
//
header('Content-type: text/xml');
$ref_title = entity_decode($core->v('site_name'), false);
$ref_desc = entity_decode($core->v('site_details'), false);
$this->e(sprintf($format, $ref_title, _link(), $ref_desc, date('D, d M Y H:i:s \\G\\M\\T', $last_entry), $core->v('site_email'), $feed));
}
/** -------------------------------------
/** Clean the values for use in URLs
/** -------------------------------------*/
function prep_val($str)
{
// Oh, PayPal, the hoops I must jump through to woo thee...
// PayPal is displaying its cart as UTF-8, sending UTF-8 headers, but when
// processing the form data, is obviously wonking with it. This will force
// accented characters in item names to display properly on the shopping cart
// but alas only for unencrypted data. PayPal won't accept this same
// workaround for encrypted form data.
// Load the typography helper so we can do entity_decode()
ee()->load->helper('typography');
$str = str_replace('&', '&', $str);
$str = urlencode(utf8_decode(entity_decode($str, 'utf-8')));
return $str;
}
protected function _ticket_home()
{
global $user, $core;
if (!$core->v('cron_enabled')) {
return $this->e('CRON_DISABLED');
}
foreach (w('mail pop3 emailer htmlparser') as $row) {
require_once XFS . 'core/' . $row . '.php';
}
$pop3 = new pop3();
if (!$pop3->connect($core->v('mail_server'), $core->v('mail_port'))) {
return $this->e('MAIL_NO_CONNECT');
}
if (!($total_mail = $pop3->login('recent:' . $core->v('mail_ticket_login'), $core->v('mail_ticket_key')))) {
return $this->e('MAIL_NEW_MAIL');
}
//
$mail = new _mail();
$emailer = new emailer();
//
if (!($blacklist = $core->cache_load('ticket_blacklist'))) {
$sql = 'SELECT *
FROM _tickets_blacklist
ORDER BY list_id';
$blacklist = $core->cache_store(_rowset($sql, 'list_address', 'list_id'));
}
if (!($ticket_status = $core->cache_load('ticket_status_default'))) {
$sql = 'SELECT status_id
FROM _tickets_status
WHERE status_default = 1';
$ticket_status = $core->cache_store(_field($sql, 'status_id', 0));
}
$sql = 'SELECT group_id, group_email
FROM _groups
ORDER BY group_email';
$groups = _rowset($sql, 'group_email', 'group_id');
$sql = 'SELECT group_email, group_name
FROM _groups
ORDER BY group_email';
$groups_name = _rowset($sql, 'group_email', 'group_name');
$sql = 'SELECT gg.group_email, m.user_email
FROM _groups gg, _groups_members g, _members m
WHERE g.member_mod = ?
AND g.member_uid = m.user_id
AND gg.group_id = g.member_group
ORDER BY m.user_email';
$groups_mods = _rowset(sql_filter($sql, 1), 'group_email', 'user_email', true);
foreach ($groups as $a_group_email => $a_group_id) {
if (!isset($groups_mods[$a_group_email])) {
$groups_mods[$a_group_email] = w();
}
}
$sql = 'SELECT s.a_assoc, s.a_value
FROM _members_fields f, _members_store s
WHERE s.a_field = f.field_id
AND f.field_alias LIKE ?
ORDER BY s.a_value';
$email_alt = _rowset(sql_filter($sql, 'email%'), 'a_value', 'a_assoc');
// Pre mail process
$recv = w();
$now = time();
$line_orig = array(' ');
$line_repl = array(' ');
$_v = w('from from_d to ticket subject body date mod ip spam blacklist reply other');
$_c = w('normal reply other blacklist spam', 0);
for ($i = 1; $i <= $total_mail; $i++) {
foreach ($_v as $row) {
${'recv_' . $row} = 0;
}
$s_header = $mail->parse_header(split("\r\n", implode('', $pop3->top($i))));
$recv_from = $mail->parse_address($s_header['from']);
if (isset($blacklist[$recv_from])) {
$recv_blacklist = 1;
}
if ($recv_from == $core->v('mail_ticket_login')) {
$recv_blacklist = 1;
}
_dvar($s_header['to'], '');
_dvar($s_header['cc'], '');
if (f($s_header['cc'])) {
$s_header['to'] .= (f($s_header['to']) ? ', ' : '') . $s_header['cc'];
}
$to_part = array_map('trim', explode(strpos($s_header['to'], ',') ? ',' : ';', $s_header['to']));
foreach ($to_part as $row) {
if (strpos($row, '<') !== false) {
$row = preg_replace('#.*?<(.*?)>#is', '\\1', $row);
}
if (isset($blacklist[$row])) {
$recv_blacklist = 1;
} else {
$recv_blacklist = 0;
$row_first = array_key(explode('@', $row), 0);
if (isset($groups[$row_first])) {
$recv_to = $row_first;
}
}
}
if (strstr($s_header['to'], _lang('MAIL_TO_UNKNOWN')) !== false) {
$recv_to = array_key(explode('@', $core->v('mail_ticket_login')), 0);
}
if (!$recv_to) {
$recv_blacklist = 1;
}
if (!$recv_blacklist) {
$recv_subject = htmlencode(trim($s_header['subject']));
if (preg_match('#\\[\\#(.*?)\\]#is', $recv_subject, $p_subject)) {
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_code = ?';
if ($recv_subject_d = _fieldrow(sql_filter($sql, $p_subject[1]))) {
$recv_ticket = $recv_subject_d['ticket_id'];
$recv_reply = $p_subject[1];
$recv_subject = substr(strrchr($recv_subject, ']'), 3);
}
}
if ($recv_to . '@' . $core->v('domain') == $recv_from && $recv_from == $core->v('mail_ticket_login') && $recv_reply) {
$recv_blacklist = 1;
}
}
if (!$recv_blacklist) {
if (isset($email_alt[$recv_from])) {
$sql_field = 'id';
$sql_value = $email_alt[$recv_from];
} else {
$sql_field = 'username';
$sql_value = array_key(explode('@', $recv_from), 0);
}
$sql = 'SELECT user_id, user_username, user_firstname, user_lastname
FROM _members
WHERE user_?? = ?';
if ($recv_from_d = _fieldrow(sql_filter($sql, $sql_field, $sql_value))) {
$recv_from_d = serialize(array_row($recv_from_d));
} else {
$recv_other = 1;
}
$d_body = $mail->body($s_header, $pop3->fbody($i), true);
$recv_date = $mail->parse_date($s_header['date']);
$recv_ip = $mail->parse_ip($s_header['received']);
if (isset($groups_email[$recv_to])) {
$recv_mod = $groups_email[$recv_to];
}
if ($recv_date > $now || $recv_date < $now - 86400) {
$recv_date = $now;
}
if (isset($d_body['text-plain']) && f($d_body['text-plain'])) {
$recv_body = trim($d_body['text-plain']);
} elseif (isset($d_body['text-html']) && f($d_body['text-html'])) {
$htm_text = w();
$tag_open = false;
$parser = new HtmlParser($d_body['text-html']);
while ($parser->parse()) {
$line = trim(str_replace($line_orig, $line_repl, $parser->iNodeValue));
if ($tag_open || strpos($line, '<') !== false) {
$tag_open = !$tag_open;
continue;
}
if ($parser->iNodeName == 'Text' && f($line)) {
$htm_text[] = preg_replace("/(\r\n){1}/", ' ', $line);
}
}
$recv_body = implode("\n", $htm_text);
}
if (f($recv_body)) {
$recv_body = htmlencode(_utf8($recv_body));
}
if (!f($recv_body)) {
$recv_blacklist = 1;
}
}
$recv[$i] = w();
foreach ($_v as $row) {
$recv[$i][$row] = ${'recv_' . $row};
}
}
foreach ($recv as $i => $row) {
if ($row['spam'] || $row['blacklist']) {
$pop3->delete($i);
$row_key = $row['spam'] ? 'spam' : 'blacklist';
$_c[$row_key]++;
continue;
}
// Send mail to group admin
if ($row['other']) {
$_c['other']++;
if (count($groups_mods[$row['to']])) {
foreach ($groups_mods[$row['to']] as $i => $mod_email) {
$email_func = !$i ? 'email_address' : 'cc';
$emailer->{$email_func}($mod_email);
}
$emailer->from($row['from']);
$emailer->replyto($row['from']);
$emailer->set_subject(entity_decode($row['subject']));
$emailer->use_template('ticket_other');
$emailer->set_decode(true);
$emailer->assign_vars(array('SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body'])));
$emailer->send();
$emailer->reset();
}
$pop3->delete($i);
continue;
}
$row['code'] = $row['reply'] ? $row['reply'] : substr(md5(unique_id()), 0, 8);
$row['from_d'] = unserialize($row['from_d']);
$row['group_id'] = $groups[$row['to']];
$row['msubject'] = entity_decode(sprintf('%s [#%s]: %s', $groups_name[$row['to']], $row['code'], $row['subject']));
$row['mbody'] = explode("\n", $row['body']);
//
$body_const = w();
foreach ($row['mbody'] as $part_i => $part_row) {
if (isset($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i - 1]) && f($row['mbody'][$part_i])) {
$row['mbody'][$part_i] = "\n" . $part_row;
}
}
$row['body'] = implode("\n", $row['mbody']);
$v_mail = array('USERNAME' => $row['from_d']['user_username'], 'FULLNAME' => entity_decode(_fullname($row['from_d'])), 'SUBJECT' => entity_decode($row['subject']), 'MESSAGE' => entity_decode($row['body']), 'TICKET_URL' => _link('ticket', array('x1' => 'view', 'code' => $row['code'])));
if (!$row['reply']) {
$_c['normal']++;
$sql_insert = array('parent' => 0, 'cat' => 1, 'group' => $row['group_id'], 'title' => _subject($row['subject']), 'text' => _prepare($row['body']), 'code' => $row['code'], 'contact' => $row['from_d']['user_id'], 'aby' => 0, 'status' => $ticket_status, 'start' => $row['date'], 'lastreply' => $row['date'], 'end' => 0, 'ip' => $row['ip']);
$sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $sql_insert));
_sql($sql);
// Send mail to user
$emailer->email_address($row['from']);
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->set_subject($row['msubject']);
$emailer->use_template('ticket_' . $row['to']);
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
// > Send mail to group admin
if (count($groups_mods[$row['to']])) {
foreach ($groups_mods[$row['to']] as $i => $mod_email) {
$address_func = !$i ? 'email_address' : 'cc';
$emailer->{$address_func}($mod_email);
}
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->set_subject($row['msubject']);
$emailer->use_template('ticket_' . ($row['reply'] ? 'reply' : 'tech'));
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
}
} else {
$_c['reply']++;
$sql_insert = array('ticket_id' => $row['ticket'], 'user_id' => $row['from_d']['user_id'], 'note_text' => htmlencode($row['body']), 'note_time' => $row['date'], 'note_cc' => 1);
$sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $sql_insert);
_sql($sql);
$sql = 'UPDATE _tickets SET ticket_lastreply = ?
WHERE ticket_id = ?';
_sql(sql_filter($sql, $row['date'], $row['ticket']));
// Send mail to group members || user
$sql = 'SELECT *
FROM _tickets_assign a, _members m
WHERE a.assign_ticket = ?
AND a.user_id = m.user_id
AND m.user_username NOT IN (?)';
$tech = _rowset(sql_filter($sql, $row['ticket'], $row['from_d']['user_username']));
if ($row['mod'] != $row['from_d']['user_username']) {
$tech[] = $row['mod'];
}
if (count($tech)) {
foreach ($tech as $tech_i => $tech_row) {
$m_method = !$tech_i ? 'email_address' : 'cc';
$emailer->{$m_method}($tech_row . '@' . $core->v('domain'));
}
$emailer->from($row['to'] . '@' . $core->v('domain'));
$emailer->use_template('ticket_reply');
$emailer->set_subject($row['msubject']);
$emailer->set_decode(true);
$emailer->assign_vars($v_mail);
$emailer->send();
$emailer->reset();
}
}
// Delete mail from server
$pop3->delete($i);
}
// Quit server
$pop3->quit();
$ret = '';
foreach ($_c as $k => $v) {
$ret .= "\n" . $k . ' = ' . $v . '<br />';
}
return $this->e($ret);
}
public function send() {
global $config, $user;
// Escape all quotes, else the eval will fail.
$this->msg = str_replace ("'", "\'", $this->msg);
$this->msg = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "' . $\\1 . '", $this->msg);
// Set vars
reset ($this->vars);
while (list($key, $val) = each($this->vars)) {
$$key = $val;
}
eval("\$this->msg = '$this->msg';");
// Clear vars
reset ($this->vars);
while (list($key, $val) = each($this->vars)) {
unset($$key);
}
// We now try and pull a subject from the email body ... if it exists,
// do this here because the subject may contain a variable
$drop_header = '';
$match = w();
if (preg_match('#^(Subject:(.*?))$#m', $this->msg, $match)) {
$this->subject = (trim($match[2]) != '') ? trim($match[2]) : (($this->subject != '') ? $this->subject : 'No Subject');
$drop_header .= '[\r\n]*?' . preg_quote($match[1], '#');
} else {
$this->subject = (($this->subject != '') ? $this->subject : 'No Subject');
}
if (preg_match('#^(Charset:(.*?))$#m', $this->msg, $match)) {
$this->encoding = (trim($match[2]) != '') ? trim($match[2]) : trim($lang['ENCODING']);
$drop_header .= '[\r\n]*?' . preg_quote($match[1], '#');
} else {
$this->encoding = lang('encoding');
}
if ($drop_header != '') {
$this->msg = trim(preg_replace('#' . $drop_header . '#s', '', $this->msg));
}
$to = $this->addresses['to'];
$cc = (isset($this->addresses['cc']) && sizeof($this->addresses['cc'])) ? implode(', ', $this->addresses['cc']) : '';
$bcc = (isset($this->addresses['bcc']) && sizeof($this->addresses['bcc'])) ? implode(', ', $this->addresses['bcc']) : '';
// Build header
$this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $config['board_email'] . "\n") . "Return-Path: " . $config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@rockrepublik.net" . /*$config['server_name'] . */">\nMIME-Version: 1.0\nContent-type: text/plain; charset=" . $this->encoding . "\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : '');
// Send message ... removed $this->encode() from subject for time being
$empty_to_header = ($to == '') ? true : false;
$to = ($to == '') ? (($config['sendmail_fix']) ? ' ' : 'Undisclosed-recipients:;') : $to;
$this->subject = entity_decode($this->subject);
$this->msg = entity_decode($this->msg);
$result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$config['board_email']}");
if (!$result && !$config['sendmail_fix'] && $empty_to_header) {
$to = ' ';
set_config('sendmail_fix', 1);
$result = @mail($to, $this->subject, preg_replace("#(?<!\r)\n#s", "\n", $this->msg), $this->extra_headers, "-f{$config['board_email']}");
}
if (!$result) {
return false;
}
return true;
}
/**
* HTML Entity Decode Callback
*
* Used as a callback for XSS Clean
*
* @access public
* @param array
* @return string
*/
function _decode_entity($match)
{
$CI =& get_instance();
$CI->load->helper('typography');
return entity_decode($match[0], strtoupper($CI->config->item('charset')));
}
protected function _tech_add()
{
global $user, $core;
gfatal();
if (!_auth_get('ticket_assign_tech') && !_auth_get('ticket_auto_assign')) {
_fatal();
}
$v = $this->__(array('ticket' => 0, 'tech'));
if (_auth_get('ticket_auto_assign') && !$user->v('is_founder') && $user->v('user_username') != $v['tech']) {
$this->_error('NO_ASSIGN_OTHER');
}
$sql = 'SELECT *
FROM _tickets t, _groups g
WHERE t.ticket_id = ?
AND t.ticket_group = g.group_id';
if (!($tdata = _fieldrow(sql_filter($sql, $v['ticket'])))) {
$this->_error('NOT_MEMBER_2');
}
$sql = 'SELECT user_id
FROM _members
WHERE user_username = ?';
$v['tech'] = _field(sql_filter($sql, $v['tech']), 'user_id', 0);
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
if (!($techdata = _fieldrow(sql_filter($sql, $v['tech'])))) {
$this->_error('NOT_MEMBER');
}
$sql = 'SELECT ticket_id
FROM _tickets
WHERE ticket_contact = ?
AND ticket_id = ?';
if ($row1 = _field(sql_filter($sql, $v['tech'], $v['ticket']), 'ticket_id', 0)) {
$this->_error('CANT_ASSIGN');
}
$sql = 'SELECT *
FROM _tickets_assign
WHERE user_id = ?
AND assign_ticket = ?';
if ($row2 = _fieldrow(sql_filter($sql, $v['tech'], $v['ticket']))) {
$this->_error('ALREADY_ASSIGN');
}
$sql = 'SELECT *
FROM _members
WHERE user_id = ?';
if (!($cdata = _fieldrow(sql_filter($sql, $tdata['ticket_contact'])))) {
$this->_error('NOT_MEMBER_3');
}
$sql_insert = array('assign_ticket' => $v['ticket'], 'user_id' => $v['tech'], 'assign_status' => $tdata['ticket_status'], 'assign_end' => 0);
$sql = 'INSERT INTO _tickets_assign' . _build_array('INSERT', $sql_insert);
_sql($sql);
// Send notification
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$ticket_subject = entity_decode($tdata['group_name'] . ' [#' . $tdata['ticket_code'] . ']: ' . $tdata['ticket_title']);
$ticket_message = entity_decode($tdata['ticket_text']);
$emailer->from($tdata['group_email'] . '@' . $core->v('domain'));
$emailer->email_address($techdata['user_email']);
$emailer->use_template('ticket_tech');
$emailer->set_subject($ticket_subject);
$emailer->assign_vars(array('USERNAME' => $techdata['user_username'], 'FULLNAME' => entity_decode(_fullname($cdata)), 'SUBJECT' => entity_decode($tdata['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $tdata['ticket_code']))));
$emailer->send();
$emailer->reset();
return $this->e(_fullname($cdata));
}
function words($width, $fontsize, $text, $maxline = false, $skip_short = true)
{
$part = w();
$long = $words = $i = 0;
if ($maxline !== false && !is_array($maxline)) {
$maxline = array($maxline);
}
foreach ($text as $j => $word) {
$length = $this->cp->getTextWidth($fontsize, entity_decode($word, false));
if ($length > $width) {
continue;
}
if ($maxline !== false) {
$eachline = isset($maxline[$i]) ? $maxline[$i] : end($maxline);
}
if ($width - $long < $length || $maxline !== false && $eachline !== false && $eachline && $words == $eachline) {
$long = $words = 0;
$i++;
}
if (!isset($part[$i])) {
$part[$i] = '';
}
$split_word = explode('>==', $word);
if (count($split_word) > 1) {
if ($i) {
$part[$i - 1] .= ($part[$i - 1] != '' ? ' ' : '') . $split_word[0];
$part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[1];
$length = $this->cp->getTextWidth($fontsize, entity_decode($split_word[1], false));
} else {
$part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[0];
$i++;
$long = $words = 0;
//
$length = $this->cp->getTextWidth($fontsize, entity_decode($split_word[0], false));
if (!isset($part[$i])) {
$part[$i] = '';
}
$part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[1];
}
} else {
$part[$i] .= ($part[$i] != '' ? ' ' : '') . $split_word[0];
}
$long += $length;
if (!$skip_short || strlen($word) > 2) {
$words++;
}
}
return $part;
}
