function init(&$udm, $plugin_instance = null)
{
parent::init($udm, $plugin_instance);
if (isset($_GET['email']) && email_is_valid($_GET['email']) && !$this->udm->uid) {
$this->udm->setData(array('Email' => $_GET['email']));
}
//do nothing if the user is using PHPlist
if ($udm->getPlugin('PHPlist', 'Save')) {
return true;
}
//otherwise initialize a blast module
$init_blaster_method = 'init' . AMP_MODULE_BLAST;
if (AMP_MODULE_BLAST && method_exists($this, $init_blaster_method)) {
$this->{$init_blaster_method}($udm, $plugin_instance);
}
}
}
if (!email_is_valid($to)) {
echo '<p style="color: red;">You must set-up a valid (to) email address before this contact page will work.</p>';
}
if (isset($_POST['contact_submitted'])) {
$return = "\r";
$youremail = trim(htmlspecialchars($_POST['your_email']));
$yourname = stripslashes(strip_tags($_POST['your_name']));
$yourmessage = stripslashes(strip_tags($_POST['your_message']));
$contact_name = "Name: " . $yourname;
$message_text = "Message: " . $yourmessage;
$user_answer = trim(htmlspecialchars($_POST['user_answer']));
$answer = trim(htmlspecialchars($_POST['answer']));
$message = $contact_name . $return . $message_text;
$headers = "From: " . $youremail;
if (email_is_valid($youremail) && !eregi("\r", $youremail) && !eregi("\n", $youremail) && $yourname != "" && $yourmessage != "" && substr(md5($user_answer), 5, 10) === $answer) {
mail($to, $subject, $message, $headers);
$yourname = '';
$youremail = '';
$yourmessage = '';
echo '<p style="color: blue;">' . $contact_submitted . '</p>';
} else {
echo '<p style="color: red;">Please enter your name, a valid email address, your message and the answer to the simple maths question before sending your message.</p>';
}
}
$number_1 = rand(1, 9);
$number_2 = rand(1, 9);
$answer = substr(md5($number_1 + $number_2), 5, 10);
?>
<form id="contact" action="contact.php" method="post">
<div class="form_settings">
/**
* Allows the validation of a custom field value without setting it
* or needing a bug to exist.
* @param integer $p_field_id Custom field identifier.
* @param string $p_value Custom field value.
* @return boolean
* @access public
*/
function custom_field_validate($p_field_id, $p_value)
{
custom_field_ensure_exists($p_field_id);
$t_query = 'SELECT name, type, possible_values, valid_regexp,
access_level_rw, length_min, length_max, default_value
FROM {custom_field}
WHERE id=' . db_param();
$t_result = db_query($t_query, array($p_field_id));
$t_row = db_fetch_array($t_result);
$t_name = $t_row['name'];
$t_type = $t_row['type'];
$t_possible_values = $t_row['possible_values'];
$t_valid_regexp = $t_row['valid_regexp'];
$t_length_min = $t_row['length_min'];
$t_length_max = $t_row['length_max'];
$t_default_value = $t_row['default_value'];
$t_valid = true;
$t_length = utf8_strlen($p_value);
switch ($t_type) {
case CUSTOM_FIELD_TYPE_STRING:
# Empty fields are valid
if ($t_length == 0) {
break;
}
# Regular expression string validation
if (!is_blank($t_valid_regexp)) {
$t_valid &= preg_match('/' . $t_valid_regexp . '/', $p_value);
}
# Check the length of the string
$t_valid &= 0 == $t_length_min || $t_length >= $t_length_min;
$t_valid &= 0 == $t_length_max || $t_length <= $t_length_max;
break;
case CUSTOM_FIELD_TYPE_NUMERIC:
# Empty fields are valid
if ($t_length == 0) {
break;
}
$t_valid &= is_numeric($p_value);
# Check the length of the number
$t_valid &= 0 == $t_length_min || $t_length >= $t_length_min;
$t_valid &= 0 == $t_length_max || $t_length <= $t_length_max;
break;
case CUSTOM_FIELD_TYPE_FLOAT:
# Empty fields are valid
if ($t_length == 0) {
break;
}
# Allow both integer and float numbers
$t_valid &= is_numeric($p_value) || is_float($p_value);
# Check the length of the number
$t_valid &= 0 == $t_length_min || $t_length >= $t_length_min;
$t_valid &= 0 == $t_length_max || $t_length <= $t_length_max;
break;
case CUSTOM_FIELD_TYPE_DATE:
# gpc_get_cf for date returns the value from strtotime
# For 32 bit systems, supported range will be 13 Dec 1901 20:45:54 UTC to 19 Jan 2038 03:14:07 UTC
$t_valid &= $p_value !== false;
break;
case CUSTOM_FIELD_TYPE_CHECKBOX:
case CUSTOM_FIELD_TYPE_MULTILIST:
# Checkbox fields can hold a null value (when no checkboxes are ticked)
if ($p_value === '') {
break;
}
# If checkbox field value is not null then we need to validate it
$t_values = explode('|', $p_value);
$t_possible_values = custom_field_prepare_possible_values($t_row['possible_values']);
$t_possible_values = explode('|', $t_possible_values);
$t_invalid_values = array_diff($t_values, $t_possible_values);
$t_valid &= count($t_invalid_values) == 0;
break;
case CUSTOM_FIELD_TYPE_ENUM:
case CUSTOM_FIELD_TYPE_LIST:
case CUSTOM_FIELD_TYPE_RADIO:
# List fields can be empty (when they are not shown on the
# form, or shown with no default values and never clicked)
if (is_blank($p_value)) {
break;
}
# If list field value is not empty then we need to validate it
$t_possible_values = custom_field_prepare_possible_values($t_row['possible_values']);
$t_values_arr = explode('|', $t_possible_values);
$t_valid &= in_array($p_value, $t_values_arr);
break;
case CUSTOM_FIELD_TYPE_EMAIL:
if ($p_value !== '') {
$t_valid &= email_is_valid($p_value);
}
break;
default:
break;
}
return (bool) $t_valid;
}
/**
* Given a login username provided by the user via the web UI or our API,
* get the user id. The login username can be a username or an email address.
* The email address will work as long there is a single enabled account with
* such address and it is not blank.
*
* @param string $p_login_name The login name.
* @return integer|boolean user id or false.
*/
function auth_get_user_id_from_login_name($p_login_name)
{
$t_user_id = user_get_id_by_name($p_login_name);
# If user is not found by name, check by email as long as there is only
# a single match.
if ($t_user_id === false && !is_blank($p_login_name) && config_get_global('email_login_enabled') && email_is_valid($p_login_name)) {
$t_user_ids_by_email = user_get_enabled_ids_by_email($p_login_name);
if (count($t_user_ids_by_email) == 1) {
$t_user_id = $t_user_ids_by_email[0];
}
}
return $t_user_id;
}
/**
* Check if the email address is valid
* trigger an ERROR if it isn't
* @param string $p_email
* @return null
*/
function email_ensure_valid($p_email)
{
if (!email_is_valid($p_email)) {
trigger_error(ERROR_EMAIL_INVALID, ERROR);
}
}
function addemail($email, $listid)
{
if (email_is_valid($email)) {
$emailid = emailcheck($email);
if ($emailid) {
echo $emailid;
if (subcheck($emailid, $listid) != true) {
subadd($emailid, $listid);
}
} else {
$emailid = emailadd($email);
emailprop($emailid);
subadd($emailid, $listid);
}
}
}
private function validate_email_address($p_email_address)
{
// Lets see if the email address is valid and maybe we already have a cached result
if (isset($this->_validated_email_list[$p_email_address])) {
$t_valid = $this->_validated_email_list[$p_email_address];
} else {
$t_valid = email_is_valid($p_email_address) && ($this->_mail_disposable_email_checker === OFF || !email_is_disposable($p_email_address));
$this->_validated_email_list[$p_email_address] = $t_valid;
}
return $t_valid;
}
function do_list_invalid_subscribers()
{
global $dbcon;
$list = $_SESSION['list'];
## get mailing list ##
$sql = "SELECT DISTINCT email.id, email.email ";
$sql .= "FROM subscription, email ";
$sql .= "WHERE email.id=subscription.userid ";
if ($list != 9000) {
$sql .= "AND subscription.listid={$list} ";
}
$result = $dbcon->Execute("{$sql}") or die($dbcon->ErrorMsg());
if ($result->RecordCount() == 0) {
echo "No records returned";
}
set_time_limit(0);
echo "Invalid email addresses:<p>";
while (!$result->EOF) {
if (!email_is_valid($result->Fields("email"))) {
echo $result->Fields("id") . ' -- "' . $result->Fields("email") . '"<br>';
}
$result->MoveNext();
}
}
$fields_with_max_lengths = array("first_name" => 30, "last_name" => 30, "username" => 20, "email" => 30, "password" => 16);
foreach ($fields_with_max_lengths as $field => $max) {
$value = trim($_POST[$field]);
if (!value_within_range($value, 1, $max)) {
$error_messages[$field] = ucfirst($field) . " is too long.";
}
}
$fields_required = array("first_name", "last_name", "username", "email", "password");
foreach ($fields_required as $field) {
$value = trim($_POST[$field]);
if (!has_presence($value)) {
$error_messages[$field] = ucfirst($field) . " is required.";
}
}
$email = trim($_POST["email"]);
if (!email_is_valid($email)) {
$error_messages["email"] = "Please enter a valid email address.";
}
// If there are no errors, proceed with the update.
if (empty($error_messages)) {
$_POST = array_map('addslashes', $_POST);
$_POST = array_map('htmlentities', $_POST);
$user_id = $id;
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query = "UPDATE user SET ";
$query .= "first_name = '{$first_name}', ";
//creates a user account
//get variables
$email1 = strtolower(set_post('email1', ''));
$email2 = strtolower(set_post('email2', ''));
$password1 = set_post('password1', '');
$password2 = set_post('password2', '');
//check if form submitted
if (!isset($_POST['email1']) || !isset($_POST['email2']) || !isset($_POST['password1']) || !isset($_POST['password2'])) {
return false;
}
//variables not set yet
//error checking
$terror = false;
//if an error occurred
if (!email_is_valid($email1) || !email_is_valid($email2)) {
notices_set('Invalid email address', 'error');
$terror = true;
}
if ($email1 != $email2) {
notices_set('Emails do not match', 'error');
$terror = true;
}
if (!password_is_valid($password1) || !password_is_valid($password2)) {
notices_set('Invalid password - Passwords must be at least ' . REQ_PASSWORD_LENGTH, 'error');
$terror = true;
}
if ($password1 != $password2) {
notices_set('Passwords do not match', 'error');
$terror = true;
}
function do_login($username, $password)
{
//logs a user in
//get variables
$user = strtolower(sql_filter($username));
$password = sql_filter($password);
//check if email or username login
$tstring = " email='{$user}' ";
if (!email_is_valid($user)) {
$tstring = " username='******' ";
}
//hash password
$sql = sql_query(" SELECT hash_token FROM `users` WHERE {$tstring} LIMIT 1 ");
//get users unique hash token
if (sql_count($sql) <= 0) {
//no user found
notices_set('Email or username not found, please try again.', 'error');
return false;
}
$data = sql_fetch($sql);
//get user data
$password = password_encrypt($password, $data['hash_token']);
//use users hash token to create password
//check login info
$sql = sql_query(" SELECT * FROM `users` WHERE {$tstring} AND password='******' LIMIT 1 ");
if (sql_count($sql) <= 0) {
//wrong login info
notices_set('Invalid password, please try again or request a password reset.', 'error');
return false;
}
$data = sql_fetch($sql);
//get users info
//set session info
if (isset($_SESSION['notices'])) {
$tnotices = $_SESSION['notices'];
}
//store current notices
clear_session();
//clear old session
session_start();
//start new session
session_regenerate_id();
//create new session id
//save session id and last login
sql_query(" UPDATE `users` SET session_id='" . session_id() . "', last_login=NOW() WHERE id='{$data['id']}' LIMIT 1 ");
//set session variables
$_SESSION['id'] = $data['id'];
//save users id
$_SESSION['email'] = $data['email'];
//save users email
$_SESSION['notices'] = $tnotices;
//pass last notices
//set notices
if (isset($data['confirm'])) {
if (date('Y-m-d') > date('Y-m-d', strtotime($data['joined']))) {
//over a day old since joined
notices_set('Your email is not verified. We have sent you an email to verify your account. <a href="verify_resend?e=' . $email . '">Click here to send ' . $email . ' another confirmation code »</a>', 'alert');
} else {
//just joined - don't tell them to reverify
notices_set('Your email is not verified. We have sent you an email to verify your account.', 'alert');
}
}
//done
return true;
}
/**
* Allows the validation of a custom field value without setting it
* or needing a bug to exist.
* @param int $p_field_id custom field id
* @param string $p_value custom field value
* @return bool
* @access public
*/
function custom_field_validate($p_field_id, $p_value)
{
$c_field_id = db_prepare_int($p_field_id);
custom_field_ensure_exists($p_field_id);
$t_custom_field_table = db_get_table('custom_field');
$query = "SELECT name, type, possible_values, valid_regexp,\n\t\t\t\t \t\t access_level_rw, length_min, length_max, default_value\n\t\t\t\t FROM {$t_custom_field_table}\n\t\t\t\t WHERE id=" . db_param();
$result = db_query_bound($query, array($c_field_id));
$row = db_fetch_array($result);
$t_name = $row['name'];
$t_type = $row['type'];
$t_possible_values = $row['possible_values'];
$t_valid_regexp = $row['valid_regexp'];
$t_length_min = $row['length_min'];
$t_length_max = $row['length_max'];
$t_default_value = $row['default_value'];
$t_valid = true;
$t_length = utf8_strlen($p_value);
switch ($t_type) {
case CUSTOM_FIELD_TYPE_STRING:
# Regular expression string validation
if (!is_blank($t_valid_regexp) && !is_blank($p_value)) {
$t_valid &= preg_match("/{$t_valid_regexp}/", $p_value);
}
# Check the length of the string
$t_valid &= 0 == $t_length_min || $t_length >= $t_length_min;
$t_valid &= 0 == $t_length_max || $t_length <= $t_length_max;
break;
case CUSTOM_FIELD_TYPE_NUMERIC:
$t_valid &= $t_length == 0 || is_numeric($p_value);
break;
case CUSTOM_FIELD_TYPE_FLOAT:
# Allow both integer and float numbers
$t_valid &= $t_length == 0 || is_numeric($p_value) || is_float($p_value);
break;
case CUSTOM_FIELD_TYPE_DATE:
# gpc_get_cf for date returns the value from strftime
# Either false (php >= 5.1) or -1 (php < 5.1) for failure
$t_valid &= $p_value == null || $p_value !== false && $p_value > 0;
break;
case CUSTOM_FIELD_TYPE_CHECKBOX:
# Checkbox fields can hold a null value (when no checkboxes are ticked)
if ($p_value === '') {
break;
}
# If checkbox field value is not null then we need to validate it... (note: no "break" statement here!)
# If checkbox field value is not null then we need to validate it... (note: no "break" statement here!)
case CUSTOM_FIELD_TYPE_MULTILIST:
$t_values = explode('|', $p_value);
$t_possible_values = custom_field_prepare_possible_values($row['possible_values']);
$t_possible_values = explode('|', $t_possible_values);
$t_invalid_values = array_diff($t_values, $t_possible_values);
$t_valid &= count($t_invalid_values) == 0;
break;
case CUSTOM_FIELD_TYPE_ENUM:
case CUSTOM_FIELD_TYPE_LIST:
case CUSTOM_FIELD_TYPE_RADIO:
$t_possible_values = custom_field_prepare_possible_values($row['possible_values']);
$t_values_arr = explode('|', $t_possible_values);
$t_valid &= in_array($p_value, $t_values_arr);
break;
case CUSTOM_FIELD_TYPE_EMAIL:
if ($p_value !== '') {
$t_valid &= email_is_valid($p_value);
}
break;
default:
break;
}
return (bool) $t_valid;
}
<?php
function email_is_valid($email)
{
return preg_match('/[^\\@]+\\@.+\\.[^\\.]{2,}/m', $email);
}
function is_ajax()
{
return strtolower(@$_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
}
define('MCAPI_KEY', '');
define('MCAPI_LIST_ID', '');
$response = array('ok' => false, 'message' => 'No email found.');
if (isset($_POST['email']) && email_is_valid($_POST['email'])) {
$email = $_REQUEST['email'];
require_once 'wp-includes/MCAPI.class.php';
$mcapi = new MCAPI(MCAPI_KEY);
$answer = $mcapi->listSubscribe(MCAPI_LIST_ID, $email, array('FNAME' => '', 'LNAME' => '', 'INTERESTS' => ''));
if ($mcapi->errorCode) {
$response['message'] = $mcapi->errorMessage;
} else {
$response['message'] = 'Thank you!';
$response['ok'] = true;
}
} else {
$response['message'] = 'Please provide a valid email.';
}
if (is_ajax()) {
echo json_encode($response);
exit;
} else {
$system .= "<br>";
}
$system .= $msg;
}
}
if ($_POST['action'] == "edit") {
$agilemantis_pb->id = $_POST['id'];
$agilemantis_pb->name = $_POST['pbl_name'];
$pb_name_old = $_POST['pbl_name_old'];
$agilemantis_pb->email = $_POST['pbl_email'];
$agilemantis_pb->user_id = $_POST['pbl_user_id'];
$agilemantis_pb->description = $_POST['pbl_description'];
if (empty($agilemantis_pb->name)) {
$system = plugin_lang_get('edit_product_backlog_error_922600');
} else {
if (empty($_POST['pbl_email']) || email_is_valid($agilemantis_pb->email) == false) {
$system = plugin_lang_get('edit_product_backlog_error_923600');
} else {
$isNewPBOk = !$_POST['id'] && $agilemantis_pb->isNameUnique();
// New PB with unique name?
$isExistingPbOk = $_POST['id'] > 0 & ($agilemantis_pb->name != $pb_name_old && $agilemantis_pb->isNameUnique() || $agilemantis_pb->name == $pb_name_old);
// PB name didn't change, Ok!
if ($isNewPBOk || $isExistingPbOk) {
if (!$agilemantis_pb->editProductBacklog()) {
$system = plugin_lang_get('edit_product_backlog_error_982601');
} else {
if ($_POST['pbl_email'] != $_POST['pbl_email_old']) {
$t_team_user_id = $agilemantis_pb->getTeamUserId($agilemantis_pb->id);
user_set_field($t_team_user_id, 'email', $_POST['pbl_email']);
}
$agilemantis_pb->updatePBCustomFieldStrings($pb_name_old, $agilemantis_pb->name);
function senddelemail($pemail)
{
global $board, $dbcon, $Web_url, $modinid;
$getuid = $dbcon->Execute("Select id, uniqueid from {$board} where pemail = " . $dbcon->qstr($pemail));
$uid = $getuid->Fields("uniqueid");
$messagetext = "To remove your listing simply visit this page " . $Web_url . $board . "_signin.php?deluid={$uid}";
if (email_is_valid($pemail)) {
mail($pemail, "remove your {$board} posting", "{$messagetext}", "From:" . AMPSystem_Email::sanitize($MM_email_from));
echo "An e-mail has been sent to you with instructions on how to remove yourself from the board.";
} else {
echo "Your email is invalid or not in our system<br><br>";
deleteform();
}
}
function send_messages()
{
ignore_user_abort(1);
set_time_limit(0);
flush();
$message = $this->build_message();
if ($this->type == 'Email-Admin') {
$sql = "Select distinct u.Email, m.message_ID from messages_to_contacts m, blast_system_users u where m.system_user_ID= u.id and m.status = 'New' and m.blast_ID =" . $this->blast_ID;
} else {
$sql = "Select distinct u.Email, m.message_ID from messages_to_contacts m, userdata u where m.user_ID= u.id and m.status = 'New' and m.blast_ID =" . $this->blast_ID;
}
$R = $this->dbcon->Execute($sql) or die($sql . $this->dbcon->ErrorMsg());
$this->set_message_blast_status('Loaded', 'New');
$this->set_blast_status("Sending Messages");
$this->set_start_time();
$good = 0;
$bad = 0;
$total = 0;
while (!$R->EOF) {
if (email_is_valid($R->Fields("Email"))) {
$this->set_message_status($R->Fields("message_ID"), "Sending");
// cutomize the email message for this user
$message_output = $this->encode_blast_email($message['htmlmessage'], $message['textmessage'], $R->Fields("message_ID"));
$mail = new html_mime_mail(array("Reply-To: " . $message['reply_to_address'], "X-Mailer: AMP v3.5", "X-MessageId: " . $R->Fields("message_ID")));
// cutomize the email message for this user
if ($message['sendformat'] == 'HTML' or $message['sendformat'] == 'HTML and Text') {
$mail->add_html($message_output['html'], $message_output['text']);
} else {
if ($message['sendformat'] == 'Text') {
$mail->add_text($message_output['text']);
}
}
$mail->build_message();
if ($mail->send("", $R->Fields("Email"), $message['from_name'], $message['from_email'], $message['subject'])) {
$good++;
$this->set_message_status($R->Fields("message_ID"), "Done");
} else {
$bad++;
$this->set_message_status($R->Fields("message_ID"), "Server Failure");
}
} else {
$bad++;
$this->set_message_status($R->Fields("message_ID"), "Bad Address");
}
$total++;
$R->MoveNext();
}
$response = "{$good} messages sent, {$bad} messages failed to send in {$total} attempts.<br>";
$this->set_blast_status("Complete");
$this->set_start_time();
return $response;
}
<?php
//send a password reset request to a user
//check if form submitted
if (!isset($_POST['email'])) {
return false;
}
//variables not set yet
//get variables
$email = set_post('email', '');
if (empty($email) || !email_is_valid($email)) {
notices_set('Invalid email.', 'error');
return false;
}
//check if it is valid
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email}' LIMIT 1 ");
if (sql_count($sql) <= 0) {
notices_set('Invalid email.', 'error');
return false;
}
$data = sql_fetch($sql);
//create code
$confirm = confirm_token_create($email);
//delete all tokens for that email
sql_query(" DELETE FROM `password_reset` WHERE user='******'id']}' LIMIT 1 ");
//insert
sql_query(" INSERT INTO `password_reset` (user, token) VALUES('{$data['id']}' , '{$confirm}') \n\t\t\tON DUPLICATE KEY UPDATE token='{$confirm}' ");
//send email
email_send('password_reset', 'Planling Password Reset', array($email => $email), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/password?e=' . $email . '&t=' . $confirm));
//set message
notices_set('Instructions on how to reset your password has been sent to <strong>' . $email . '</strong>.', 'success');
function e_addemail($email, $listid)
{
if (email_is_valid($email)) {
$emailid = e_emailcheck($email);
if ($emailid) {
echo $emailid;
if (e_subcheck($emailid, $listid) != true) {
e_subadd($emailid, $listid);
}
} else {
$emailid = e_emailadd($email);
//emailprop($emailid);
e_subadd($emailid, $listid);
}
}
// end valid
}