function sendEmail($email_to, $email_title, $email_text, $email_header, $is_utf8 = false)
{
$res = "ok";
if (!$email_to) {
$res = "Mail send failed. Recipient email address is not defined.";
} else {
if (!$email_text) {
$res = "Mail send failed. Message text is not defined.";
} else {
if (!@$email_title) {
$email_title = "";
}
$errorMsg = "Cannot send email " . ($email_title ? "'" . $email_title . "'" : '') . ". This may indicate that mail transport agent is not correctly configured on server." . " Please ask your system administrator to correct the installation";
if (!checkSmtp()) {
return $errorMsg;
}
$email_title = "HEURIST " . $email_title;
if (!$email_header) {
$email_header = "From: HEURIST";
if (defined('HEURIST_SERVER_NAME')) {
$email_header = $email_header . " (" . HEURIST_DBNAME . ") <no-reply@" . HEURIST_SERVER_NAME . ">";
}
}
if ($is_utf8) {
$email_header = $email_header . "\r\nContent-Type: text/plain; charset=utf-8\r\n";
$email_title = '=?utf-8?B?' . base64_encode($email_title) . '?=';
}
$email_text = $email_text . "\n\n" . "-------------------------------------------\n" . "This email was generated by Heurist (info@HeuristNetwork.org)\n";
// This tends to confuse people who click on the link and get a list of databases
// .(defined('HEURIST_BASE_URL') ?(":\n".HEURIST_BASE_URL) :"")."\n";
$rv = mail($email_to, $email_title, $email_text, $email_header);
if (!$rv) {
$res = $errorMsg;
}
}
}
return $res;
}
function user_Update($system, $record)
{
if (user_Validate($system, $record)) {
$recID = intval(@$record['ugr_ID']);
$rectype = $record['ugr_Type'];
$is_registration = $rectype == 'user' && $recID < 1;
if ($is_registration && $system->get_system('sys_AllowRegistration') == 0) {
$system->addError(HEURIST_REQUEST_DENIED, 'Registration is not allowed for current database');
} else {
if ($is_registration || $system->is_admin2($recID)) {
//do not allow registration if approvement mail cannot be sent
if ($is_registration) {
if (false && !checkSmtp()) {
$system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Registration');
return false;
}
//check capture
if (@$_SESSION["captcha_code"] && $_SESSION["captcha_code"] != @$record['ugr_Captcha']) {
$system->addError(HEURIST_UNKNOWN_ERROR, 'Are you a bot? Please enter the correct answer to the challenge question');
return false;
}
if (@$_SESSION["captcha_code"]) {
unset($_SESSION["captcha_code"]);
}
}
if (@$record['ugr_Captcha']) {
unset($record['ugr_Captcha']);
}
$mysqli = $system->get_mysqli();
$res = mysql__select_value($mysqli, "select ugr_ID from sysUGrps where ugr_Name='" . $mysqli->real_escape_string($record['ugr_Enabled']) . "' or ugr_eMail='" . $mysqli->real_escape_string($record['ugr_eMail']) . "'");
if ($res != $recID) {
$system->addError(HEURIST_INVALID_REQUEST, 'The provided name or email already exists');
return false;
}
$is_approvement = false;
//encrypt password
$tmp_password = null;
if ($rectype == 'user') {
if (@$record['ugr_Password'] && $record['ugr_Password'] != '') {
$tmp_password = $record['ugr_Password'];
$record['ugr_Password'] = hash_it($tmp_password);
} else {
unset($record['ugr_Password']);
}
if ($system->get_user_id() < 1) {
//not logged in - always disabled
$record['ugr_Enabled'] = "n";
}
if ("y" == @$record['ugr_Enabled']) {
$is_approvement = user_isApprovement($system, $recID);
}
}
$res = mysql__insertupdate($mysqli, "sysUGrps", "ugr", $record);
if (is_numeric($res) > 0) {
$new_recID = $res;
//actions on complete
if ($rectype == 'user') {
$rv = true;
if ($recID < 1 && $system->get_user_id() < 1) {
$rv = user_EmailAboutNewUser($system, $new_recID);
} else {
if ($recID < 1 || $is_approvement) {
$rv = user_EmailApproval($system, $new_recID, $tmp_password, $is_approvement);
}
}
if (!$rv) {
return false;
}
} else {
if ($recID < 1) {
//this is addition of new group
//add current user as admin for new group
//changeRole($recID, get_user_id(), "admin", null, false, true);
}
}
return $res;
//returns affected record id
} else {
$system->addError(HEURIST_DB_ERROR, 'Cannot update record in database', $res);
}
} else {
$system->addError(HEURIST_REQUEST_DENIED, 'Operation denied. Not enough rights');
}
}
} else {
//$system->addError(HEURIST_INVALID_REQUEST, "All required fields are not defined");
}
return false;
}
/**
* put your comment there...
*
*
* @param $type - "user" or "group"
* @param mixed $commonNames
* @param mixed $rt
*/
function updateUserGroup($type, $colNames, $recID, $groupID, $values)
{
global $db, $sysUGrps_ColumnNames;
$ret = null;
if (count($colNames) && count($values)) {
$isInsert = $recID < 0;
//check rights for update
if (!$isInsert) {
$ret = checkPermission($type, $recID);
if ($ret != null) {
return $ret;
}
} else {
//remove ugr_ID
$idx = array_search('ugr_ID', $colNames);
if ($idx !== false) {
unset($colNames[$idx]);
unset($values[$idx]);
}
//add password by default
if (array_search('ugr_Password', $colNames) === false) {
array_push($colNames, 'ugr_Password');
array_push($values, '');
}
if (array_search('ugr_Name', $colNames) === false) {
array_push($colNames, 'ugr_Name');
array_push($values, $values[array_search('ugr_eMail', $colNames)]);
}
}
$query = "";
$fieldNames = "";
$parameters = array("");
$fieldNames = join(",", $colNames);
$tmp_password = "";
foreach ($colNames as $colName) {
$val = array_shift($values);
if (array_key_exists($colName, $sysUGrps_ColumnNames)) {
if ($type == 'user' && $colName == "ugr_Password") {
$tmp_password = $val;
$s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./';
$salt = $s[rand(0, strlen($s) - 1)] . $s[rand(0, strlen($s) - 1)];
$val = crypt($val, $salt);
} else {
if ($colName == "ugr_Enabled") {
if (!is_logged_in()) {
//it is not possible to enable user - if not admin
$val = "n";
}
$ugr_Enabled = $val;
}
}
//array_push($ret['error'], "$colName is not a valid column name for defDetailTypes val= $val was not used");
if ($query != "") {
$query = $query . ",";
}
if ($isInsert) {
$query = $query . "?";
//if($fieldNames!="") $fieldNames=$fieldNames.",";
//$fieldNames = $fieldNames.$colName;
} else {
$query = $query . "{$colName} = ?";
}
$parameters[0] = $parameters[0] . $sysUGrps_ColumnNames[$colName];
//take datatype from array
array_push($parameters, $val);
}
}
//for columns
$isApprovement = false;
if (!$isInsert && isset($ugr_Enabled) && $ugr_Enabled == "y") {
$isApprovement = isApprovement($type, $recID);
}
if ($type == 'user' && $isInsert && !is_logged_in() || $isApprovement) {
if (!checkSmtp()) {
if (!is_logged_in()) {
$ret = 'Your registration is not possible since registration ';
} else {
$ret = 'Approval is not possible since ';
}
$ret = $ret . 'email cannot be sent as the smtp mail system has not been properly installed on this server. Please ask your system administrator to correct the installation';
return $ret;
}
}
if ($query != "") {
if ($isInsert) {
$query = "insert into sysUGrps (" . $fieldNames . ") values (" . $query . ")";
} else {
$query = "update sysUGrps set " . $query . " where ugr_ID = {$recID}";
}
$rows = execSQL($db, $query, $parameters, true);
if ($rows == 0 || is_string($rows)) {
$oper = $isInsert ? "inserting" : "updating";
if (strpos(" " . $rows, "Duplicate entry") > 0) {
$ret = "Error {$oper} {$type}. Either 'Login name' or 'Email' already exists in database.";
} else {
$ret = "error {$oper} {$type}# {$recID} in updateUserGroup - " . $rows;
//$msqli->error;
}
} else {
if ($isInsert) {
$recID = $db->insert_id;
if ($type == 'user') {
if (!is_logged_in()) {
sendNewUserInfoEmail($recID);
} else {
if (isset($ugr_Enabled) && $ugr_Enabled == "y") {
sendApprovalEmail($recID, $tmp_password);
}
}
if ($groupID) {
//add new user to specified group
changeRole($groupID, $recID, "member", null, false, false);
}
} else {
//this is addition of new group
//add current user as admin for new group
changeRole($recID, get_user_id(), "admin", null, false, true);
}
$ret = -$recID;
} else {
if ($isApprovement) {
sendApprovalEmail($recID, null);
}
$ret = $recID;
}
}
}
}
//if column names
if ($ret == null) {
$ret = "no data supplied for updating {$type} - {$recID}";
}
return $ret;
}
function sendReportEmail($importRty, $localRtyID)
{
global $sourceDBName, $targetDBName, $sourceDBID;
if (checkSmtp()) {
$email_text = 'Import record type ' . $importRty["rty_ID"] . ' (' . $importRty["rty_OriginatingDBID"] . '-' . $importRty["rty_IDInOriginatingDB"] . ') "' . $importRty["rty_Name"] . "\"\n" . 'From database #' . $sourceDBID . ' "' . $sourceDBName . '" to "' . $targetDBName . '" at ' . HEURIST_SERVER_URL;
$rv = sendEmail(HEURIST_MAIL_TO_INFO, "Import recordtype", $email_text, null);
}
}
