/** * Generates the RSS XML * @author Paul Heaney * @return string The XML string for the feed */ function generate_feed_xml() { global $CONFIG, $application_version_string; if (!empty($_SESSION['lang'])) { $lang = $_SESSION['lang']; } else { $lang = $CONFIG['default_i18n']; } $xml = "<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">"; $xml .= "<channel><title>{$this->title}</title>\n"; $xml .= "<link>" . application_url() . "</link>\n"; $xml .= "<atom:link href=\"{$this->feedurl}\" rel=\"self\" type=\"application/rss+xml\" />\n"; $xml .= "<description>{$this->description}</description>\n"; $xml .= "<language>{$lang}</language>\n"; $xml .= "<pubDate>" . date('r', $this->pubdate) . "</pubDate>\n"; $xml .= "<lastBuildDate>" . date('r', $this->pubdate) . "</lastBuildDate>\n"; $xml .= "<docs>http://blogs.law.harvard.edu/tech/rss</docs>"; $xml .= "<generator>{$CONFIG['application_name']} {$application_version_string}</generator>\n"; $xml .= "<webMaster>" . user_email($CONFIG['support_manager']) . " (Support Manager)</webMaster>\n"; if (is_array($this->items)) { foreach ($this->items as $item) { $xml .= $item->generateItem(); } } $xml .= "</channel></rss>\n"; return $xml; }
"><?php _e("Edit"); ?> </a> | </span> <span class='delete'><a onclick="return confirm('Bạn có chắc muốn xóa <?php course_name(); ?> ?');" href="<?php deletecourselink(); ?> "><?php _e("Delete"); ?> </a></span> <!--<span class='email'> | <?php echo make_clickable(user_email()); ?> </span>--> </div> </td> <td class="column-cfaculty"><?php faculty_name(); ?> </td> <td class="column-ccredit"><?php course_credit(); ?> </td> <td class="column-numstudent"><?php course_num_students('', true); ?>
/** Send a template email without using a trigger @author Ivan Lucas @param int $templateid: The ID number of the template to use @param array $paramarray. An associative array of template parameters This should at the very least be array('incidentid' => $id, 'triggeruserid' => $sit[2]) @param string $attach. Path and filename of file to attach @param string $attachtype. Type of file to attach (Default 'OCTET') @param string $attachdesc. Description of the attachment, (Default, same as filename) @retval bool TRUE: The email was sent successfully @retval bool FALSE: There was an error sending the mail @note This is v2 of this function, it has different paramters than v1 **/ function send_email_template($templateid, $paramarray, $attach = '', $attachtype = '', $attachdesc = '') { global $CONFIG, $application_version_string, $sit; if (!is_array($paramarray)) { trigger_error("Invalid Parameter Array", E_USER_NOTICE); $paramarray = array('triggeruserid' => $sit[2]); } if (!is_numeric($templateid)) { trigger_error("Invalid Template ID '{$templateid}'", E_USER_NOTICE); } // Grab the template $tsql = "SELECT * FROM `{$dbEmailTemplates}` WHERE id={$templateid} LIMIT 1"; $tresult = mysql_query($tsql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($tresult) > 0) { $template = mysql_fetch_object($tresult); } $paramarray = array('incidentid' => $paramarray['incidentid'], 'triggeruserid' => $sit[2]); $from = replace_specials($template->fromfield, $paramarray); $replyto = replace_specials($template->replytofield, $paramarray); $ccemail = replace_specials($template->ccfield, $paramarray); $bccemail = replace_specials($template->bccfield, $paramarray); $toemail = replace_specials($template->tofield, $paramarray); $subject = replace_specials($template->subjectfield, $paramarray); $body = replace_specials($template->body, $paramarray); $extra_headers = "Reply-To: {$replyto}\nErrors-To: " . user_email($sit[2]) . "\n"; $extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n"; $extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n"; if ($ccemail != '') { $extra_headers .= "CC: {$ccemail}\n"; } if ($bccemail != '') { $extra_headers .= "BCC: {$bccemail}\n"; } $extra_headers .= "\n"; // add an extra crlf to create a null line to separate headers from body // this appears to be required by some email clients - INL // Removed $mailerror as MIME_mail expects 5 args and not 6 of which is it not expect errors $mime = new MIME_mail($from, $toemail, html_entity_decode($subject), '', $extra_headers); $mime->attach($body, '', "text-plain; charset={$GLOBALS['i18ncharset']}", 'quoted-printable'); if (!empty($attach)) { if (empty($attachdesc)) { $attachdesc = "Attachment named {$attach}"; } $disp = "attachment; filename=\"{$attach}\"; name=\"{$attach}\";"; $mime->fattach($attach, $attachdesc, $attachtype, 'base64', $disp); } // actually send the email $rtnvalue = $mime->send_mail(); return $rtnvalue; }
}); // The url router wasn't matching "/users/:email" probably something to do with the @ and the dots in emails if (startsWith(request_uri(), '/users/') && strlen(trim(request_uri(), '/')) > 5) { $email = remove_first(request_uri(), '/users/'); if (!account_exists($email)) { render('err404', null, false); die; } if ($email !== user_email() && !is_reviewer()) { render('err403', null, false); die; } $data = account_data($email); $email = $data['email']; if (request_method() == 'GET') { render('user', array('head_title' => $data['email'], 'user' => $data, 'user_apps' => app_get_user($data['email'], valid_bool(from($_REQUEST, 'show-deleted'))), 'is_self' => user_email() == $email)); } else { if (request_method() == 'POST') { $action = from($_REQUEST, 'action'); switch (strtolower($action)) { case 'desc': account_change_desc($email, from($_REQUEST, 'desc')); redirect('/users/' . $email); break; case 'username': account_change_username($email, from($_REQUEST, 'username')); redirect('/users/' . $email); break; case 'group': if (!is_admin()) { render('err403', null, false);
function app_add_note($app, $text) { if (!is_reviewer()) { return false; } $note = array('reviewer' => user_email(), 'type' => 'comment', 'time' => time(), 'text' => $text); $app->notes[] = $note; app_save($app); return true; }
?> <div class="message"><?php echo $message; ?> </div> <?php } ?> <form action="profile-update.php" method="POST"> <label><span class="label">Mật khẩu hiện tại:</span> <input type="password" name="password" value=""/></label> <label><span class="label">Họ tên:</span> <input type="text" name="full_name" value="<?php user_fullname(); ?> "/></label> <label><span class="label">Email: </span> <input type="text" name="email" value="<?php user_email(); ?> "/></label> <label><span class="label">Ngày sinh:</span> <input type="text" name="birdthday" value="<?php user_birthday(); ?> "/></label> <label><span class="label">Địa chỉ:</span> <input type="text" name="address" value="<?php user_address(); ?> "/></label> <label><span class="label">Mật khẩu mới:</span> <input type="password" name="newpass" value=""/></label> <label><span class="label">Nhập lại:</span> <input type="password" name="newpass_retype" value=""/></label> <input type="hidden" name="action" value="update"/> <input type="submit" value="<?php _e("Cập nhật");
echo SITE_URL; ?> users">users</a> <?php } ?> </div> <div id="user-top"> <?php if (logged_in()) { ?> <a href="<?php echo SITE_URL; ?> users/<?php echo user_email(); ?> "><?php echo get_username(); ?> </span> <a href="<?php echo SITE_URL; ?> logout">logout</a> <?php } else { ?> <a href="<?php echo SITE_URL; ?>
$holidaylist .= $strAfternoon; } if ($holiday->length == 'day') { $holidaylist .= $strFullDay; } $holidaylist .= ", "; $holidaylist .= holiday_type($holiday->type) . "\n"; } if (strlen($memo) > 3) { $holidaylist .= "\n{$SYSLANG['strCommentsSentWithRequest']}:\n\n"; $holidaylist .= "---\n{$memo}\n---\n\n"; } } // Mark the userid of the person who will approve the request so that they can see them $sql = "UPDATE `{$dbHolidays}` SET approvedby='{$approvaluser}' "; $sql .= "WHERE userid='{$user}' AND approved = " . HOL_APPROVAL_NONE; mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } $rtnvalue = trigger('TRIGGER_HOLIDAY_REQUESTED', array('userid' => $user, 'approvaluseremail' => user_email($approvaluser), 'listofholidays' => $holidaylist)); if ($rtnvalue === TRUE) { echo "<h2>{$strRequestSent}</h2>"; echo "<p align='center'>" . nl2br($holidaylist) . "</p>"; } else { echo "<p class='error'>{$strThereWasAProblemSendingYourRequest}</p>"; } } echo "<p align='center'><a href='holidays.php?user={$user}'>{$strMyHolidays}</p></p>"; } include APPLICATION_INCPATH . 'htmlfooter.inc.php';
$update->execute($data); $error = $q->errorInfo(); } //notify users via email //figure out who needs to receive this notification $q = $dbh->prepare("SELECT reader,username FROM cm_journals WHERE id =?"); $q->bindParam(1, $id[0]); $q->execute(); $u = $q->fetch(PDO::FETCH_ASSOC); $involved = $u['reader'] . $u['username']; $inv = explode(',', $involved); $this_user = array($_SESSION['login']); $notify = array_diff($inv, $this_user); foreach ($notify as $user) { $commenter = username_to_fullname($dbh, $_SESSION['login']); $email = user_email($dbh, $user); $subject = "ClinicCases: {$commenter} has commented on a journal."; $body = "{$commenter} has commented on a journal.n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } //TODO test on mail server break; case 'delete_comment': //Get current comment array for this journal $q = $dbh->prepare('SELECT comments FROM cm_journals WHERE id = ?'); $q->bindParam(1, $id[0]); $q->execute(); $error = $q->errorInfo(); $result = $q->fetch(PDO::FETCH_ASSOC); $old = unserialize($result['comments']); unset($old[$comment_id]);
$resps[] = all_active_users_a($dbh); } else { $resps[] = $responsible; } } $resps_flat = flatten_array($resps); $add_resp = $dbh->prepare("INSERT INTO cm_events_responsibles (id,event_id,username,time_added) VALUES (NULL, :last_id,:resp,NOW())"); for ($i = 0; $i < sizeof($resps_flat); $i++) { $data = array('last_id' => $event_id, 'resp' => $resps_flat[$i]); $add_resp->execute($data); } //Then notify only the newly-added users of the assignement via email $new_assignees = array_diff($resps_flat, $curs_flat); if (!empty($new_assignees)) { foreach ($new_assignees as $n) { $email = user_email($dbh, $resps_flat[$i]); $subject = "ClinicCases: You have been assigned to an event"; $body = "You have been assigned to an event (" . $_POST['task'] . ")in the " . case_id_to_casename($dbh, $case_id) . " case.\n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); //TODO test on mail server } } } break; case 'delete': $delete_event = $dbh->prepare("DELETE FROM cm_events WHERE id = :event_id"); $data = array('event_id' => $event_id); $delete_event->execute($data); $error = $delete_event->errorInfo(); //also remove all event assignments if (!$error[1]) {
} $forward_names_string = substr($forward_names, 0, -2); $forward_text = "<<<Forwarded this message to {$forward_names_string}" . "\n\n" . $reply_text; $tos = generate_recipients($dbh, $thread_id); $to = $tos['from'] . ',' . $tos['tos']; $cc = $tos['ccs']; $data = array('thread_id' => $thread_id, 'to' => $to, 'ccs' => $cc, 'sender' => $user, 'forward_text' => $forward_text); $q->execute($data); $error = $q->errorInfo(); //TODO notify forward recipients by email if (!$error[1]) { $msg_subject = get_subject($dbh, $thread_id); $preview = snippet(20, $reply_text); foreach ($forward_tos as $f) { if ($f != $user) { $email = user_email($dbh, $f); $subject = "ClinicCases: New Message: '" . $msg_subject . "'"; $body = username_to_fullname($dbh, $user) . " forwarded '" . $msg_subject . "' to you:\n\n'{$preview}'\n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } } } } break; case 'star_on': //add start to message $q = $dbh->prepare("UPDATE cm_messages SET `starred` = REPLACE(`starred`,:user,''),\n\t\t\tstarred = CONCAT(starred,:user) WHERE id = :id"); $user_string = $user . ","; $data = array('user' => $user_string, 'id' => $id); $q->execute($data); $error = $q->errorInfo();
if (!empty($_SESSION['lang'])) { $lang = $_SESSION['lang']; } else { $lang = $CONFIG['default_i18n']; } $count = 0; $pubdate = $now; $items = array(); while ($incident = mysql_fetch_object($result)) { // Get Last Update list($update_userid, $update_type, $update_currentowner, $update_currentstatus, $update_body, $update_timestamp, $update_nextaction, $update_id) = incident_lastupdate($incident->id); if ($count == 0) { $update_timestamp; } $authorname = user_realname($update_userid); $author = user_email($update_userid) . " (" . $authorname . ")"; $fi = new FeedItem(); $fi->title = "[{$incident->id}] - {$incident->title} ({$update_type})"; $fi->author = $author; $fi->link = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}"; $fi->description = "{$strUpdated} " . date($CONFIG['dateformat_datetime'], $update_timestamp) . " {$strby} <strong>{$authorname}</strong>. \n{$strStatus}: " . incidentstatus_name($update_currentstatus) . ". <br />\n\n" . strip_tags($update_body); $fi->pubdate = $update_timestamp; $fi->guid = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}#{$update_id}"; $count++; $items[] = $fi; } $feed = new Feed(); $feed->title = "{$CONFIG['application_shortname']} {$strIncidents}"; $feed->feedurl = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}"; $feed->description = "{$CONFIG['application_name']}: {$strIncidents} {$strFor} " . user_realname($userid) . " ({$strActionNeeded})"; $feed->pubdate = $pubdate;
$error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strFrom) . "</p>\n"; } // check reply to field if ($replytofield == '') { $errors = 1; $error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strReplyTo) . "</p>\n"; } // Store email body in session if theres been an error if ($errors > 0) { $_SESSION['temp-emailbody'] = $bodytext; } else { unset($_SESSION['temp-emailbody']); } // send email if no errors if ($errors == 0) { $extra_headers = "Reply-To: {$replytofield}\nErrors-To: " . user_email($sit[2]) . "\n"; $extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n"; $extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n"; if ($ccfield != '') { $extra_headers .= "CC: {$ccfield}\n"; } if ($bccfield != '') { $extra_headers .= "BCC: {$bccfield}\n"; } $extra_headers .= "\n"; // add an extra crlf to create a null line to separate headers from body // this appears to be required by some email clients - INL $mime = new MIME_mail($fromfield, $tofield, html_entity_decode($subjectfield), '', $extra_headers, $mailerror); // INL 5 Aug 09, quoted-printable seems to split lines in unexpected places, base64 seems to work ok $mime->attach($bodytext, 'bodytext', "text/plain; charset={$GLOBALS['i18ncharset']}", 'quoted-printable', 'inline'); // check for attachment
} // Don't send email when approving 'all' to avoid an error message if ($user != 'all') { $bodytext = "Message from {$CONFIG['application_shortname']}: " . user_realname($sit[2]) . " has "; if ($approve == 'FALSE') { $bodytext .= "rejected"; } else { $bodytext .= "approved"; } $bodytext .= " your request for "; if ($startdate == 'all') { $bodytext .= "all days requested\n\n"; } else { $bodytext .= "the "; $bodytext .= date('l j F Y', mysql2date($startdate)); $bodytext .= "\n"; } $email_from = user_email($sit[2]); $email_to = user_email($user); $email_subject = "Re: {$CONFIG['application_shortname']}: Holiday Approval Request"; $rtnvalue = send_email($email_to, $email_from, $email_subject, $bodytext); // FIXME this should use triggers } //if ($rtnvalue===TRUE) echo "<p align='center'>".user_realname($user)." has been notified of your decision</p>"; //else echo "<p class='error'>There was a problem sending your notification</p>"; plugin_do('holiday_ack'); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR); } header("Location: holiday_request.php?user={$view}&mode=approval"); exit;
$data = array('title' => $title, 'body' => $text, 'color' => $color, 'id' => $id); $q->execute($data); $error = $q->errorInfo(); //now, update cm_board_viewers with users who are allowed to see post //first, delete old viewers $del_viewers = $dbh->prepare("DELETE FROM cm_board_viewers WHERE post_id = ?"); $del_viewers->bindParam(1, $id); $del_viewers->execute(); //second, add current viewers $viewers_query = $dbh->prepare("INSERT INTO cm_board_viewers (`id`, `post_id`,`viewer`) VALUES (NULL,:post_id,:viewer)"); foreach ($viewers as $v) { $data = array('post_id' => $id, 'viewer' => $v); $viewers_query->execute($data); //Notify viewer; TODO test with mail server $author = username_to_fullname($dbh, $_SESSION['login']); $email = user_email($dbh, $v); $subject = "ClinicCases: {$author} posted on your Board"; $body = "{$author} posted on your Board in ClinicCases: {$title}.\n\n" . CC_EMAIL_FOOTER; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); } break; case 'delete': $q = $dbh->prepare("DELETE FROM cm_board WHERE id = ?"); $q->bindParam(1, $item_id); $q->execute(); $error = $q->errorInfo(); //check for attachments and delete them $attch = $dbh->prepare("SELECT * FROM cm_board_attachments WHERE post_id = ?"); $attch->bindParam(1, $item_id); $attch->execute(); if ($attch->rowCount() > 0) {
ini_set('session.cookie_lifetime', 0); // ini_set('session.cookie_secure', 1); only on https ini_set('session.cookie_httponly', 1); ini_set('session.use_cookies', 1); ini_set('session.use_only_cookies', 1); ini_set('session.cache_expire', 30); ini_set('default_socket_timeout', 60); ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.entropy_length', 256); ini_set('session.gc_maxlifetime', 2678400); session_set_cookie_params(0); session_start(); // Reset session variables in case stuff changed if (logged_in()) { if (account_exists(user_email())) { create_session(user_email(), false); } else { destroy_session(); } } function destroy_session() { if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); } if (isset($_COOKIE['login'])) { unset($_COOKIE['login']); setcookie('login', '', time() - 3600, '/'); } session_unset();