function confirmnewsletterunsubscribe($lang, $arglist)
{
head('title', translate('newsletter:title', $lang));
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$banner = build('banner', $lang);
list($timestamp, $mail) = $arglist;
$bad_mail = false;
$bad_time = false;
if (!newsletter_get_user($mail)) {
$bad_mail = true;
}
if (time() - $timestamp > 3600) {
$bad_time = true;
}
$subscribe_page = $unsubscribe_page = false;
$internal_error = false;
$contact_page = false;
if ($bad_mail or $bad_time) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
} else {
$r = newsletter_delete_user($mail);
if (!$r) {
$internal_error = true;
} else {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'unsubscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $mail;
@emailme($subject, $msg);
$subscribe_page = url('newslettersubscribe', $lang);
}
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$errors = compact('bad_mail', 'bad_time', 'internal_error', 'contact_page');
$content = view('confirmnewsletterunsubscribe', $lang, compact('mail', 'subscribe_page', 'unsubscribe_page', 'errors'));
$output = layout('standard', compact('banner', 'content'));
return $output;
}
function subscribe($lang)
{
global $sitekey, $system_languages;
$with_locale = count($system_languages) > 1;
// true, false
$with_captcha = true;
$action = 'init';
if (isset($_POST['subscribe_send'])) {
$action = 'subscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$user_locale = user_profile('locale');
if (!$user_locale) {
$user_locale = $lang;
}
$unsubscribe_page = false;
switch ($action) {
case 'init':
if ($sitekey) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
}
break;
case 'subscribe':
if (isset($_POST['subscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
}
if ($with_locale) {
if (isset($_POST['subscribe_locale'])) {
$user_locale = readarg($_POST['subscribe_locale']);
}
}
if (isset($_POST['subscribe_confirmed'])) {
$confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['subscribe_code'])) {
$code = readarg($_POST['subscribe_code']);
}
if (isset($_POST['subscribe_token'])) {
$token = readarg($_POST['subscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$missing_locale = false;
$bad_locale = false;
$missing_confirmation = false;
$email_registered = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'subscribe':
if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (newsletter_get_user($user_mail)) {
$duplicated_mail = true;
}
}
}
if ($with_locale) {
if (!$user_locale) {
$missing_locale = true;
} else {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'subscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
break;
}
$r = newsletter_create_user($user_mail, $user_locale);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'subscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
@emailme($subject, $msg);
$email_registered = true;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['subscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_registered');
$output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
return $output;
}
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore)
{
$user_id = user_profile('id');
$moderator = user_has_role('moderator');
// $user_id == $node_user_id || user_has_role('moderator')
$now = time();
$message_maxlen = 1000;
$with_captcha = false;
$action = 'init';
if ($user_id) {
if (isset($_POST['comment_comment'])) {
$action = 'comment';
} else {
if (isset($_POST['comment_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['comment_validate'])) {
$action = 'validate';
} else {
if (isset($_POST['comment_moderate'])) {
$action = 'moderate';
} else {
if (isset($_POST['comment_modify'])) {
$action = 'modify';
} else {
if (isset($_POST['comment_delete'])) {
$action = 'delete';
}
}
}
}
}
}
}
$id = $message = $token = false;
switch ($action) {
case 'validate':
if (isset($_POST['comment_code'])) {
$code = readarg($_POST['comment_code']);
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
case 'moderate':
if (isset($_POST['comment_moderate'])) {
$id = readarg($_POST['comment_moderate']);
}
break;
case 'modify':
case 'delete':
if (isset($_POST['comment_id'])) {
$id = readarg($_POST['comment_id']);
}
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_id = false;
$bad_id = false;
$missing_message = false;
$message_too_long = false;
switch ($action) {
case 'validate':
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
case 'modify':
case 'delete':
if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) {
$bad_token = true;
}
break;
default:
break;
}
switch ($action) {
case 'moderate':
case 'modify':
case 'delete':
if ($bad_token) {
break;
}
if (!$id) {
$missing_id = true;
break;
}
if (!is_numeric($id)) {
$id = false;
$bad_id = true;
break;
}
if (!$moderator) {
$r = node_get_comment($node_id, $id, $lang);
if (!$r) {
$id = false;
$bad_id = true;
break;
}
extract($r);
/* comment_user_id, comment_created */
if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) {
$id = false;
$bad_id = true;
break;
}
}
break;
default:
break;
}
switch ($action) {
case 'comment':
case 'validate':
case 'edit':
case 'modify':
if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) {
break;
}
if (!$message) {
$missing_message = true;
} else {
if (strlen(utf8_decode($message)) > $message_maxlen) {
$message_too_long = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'validate':
if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) {
break;
}
$ip_address = client_ip_address();
$r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'comment' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url;
@emailme($subject, $msg);
$message = false;
break;
case 'modify':
if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) {
break;
}
$r = node_set_comment($node_id, $id, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
case 'delete':
if ($bad_token or $missing_id or $bad_id) {
break;
}
$r = node_delete_comment($node_id, $id);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
default:
break;
}
$newcomment = $user_page = false;
if (!$id and !$nomore) {
if ($user_id) {
$newcomment = true;
} else {
$user_page = url('user', $lang);
}
}
$comments = node_get_all_comments($node_id, $lang);
$moderated = false;
if ($comments) {
if ($moderator) {
$moderated = true;
} else {
$moderated = array();
foreach ($comments as $c) {
if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) {
$moderated[] = $c['comment_id'];
}
}
}
}
$_SESSION['comment_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long');
$output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors'));
return $output;
}
function login($lang)
{
$with_name = true;
$with_captcha = true;
$with_facebook = false;
$with_newuser = true;
$with_newpassword = true;
if ($with_facebook) {
require_once 'facebook.php';
$facebook = facebook();
}
$login = $password = $code = $token = false;
if (isset($_SESSION['login'])) {
$login = $_SESSION['login'];
}
$action = 'init';
if (isset($_POST['login_enter'])) {
$action = 'enter';
}
switch ($action) {
case 'init':
if ($with_facebook) {
$facebook_user = $facebook->getUser();
if ($facebook_user) {
try {
$facebook_user_profile = $facebook->api('/me', 'GET');
if (!empty($facebook_user_profile['email'])) {
$login = $facebook_user_profile['email'];
}
$action = 'facebook';
} catch (FacebookApiException $e) {
}
$facebook->destroySession();
}
}
break;
case 'enter':
if (isset($_POST['login_login'])) {
$login = strtolower(strflat(readarg($_POST['login_login'])));
}
if (isset($_POST['login_password'])) {
$password = readarg($_POST['login_password']);
}
if (isset($_POST['login_code'])) {
$code = readarg($_POST['login_code']);
}
if (isset($_POST['login_token'])) {
$token = readarg($_POST['login_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_password = false;
$access_denied = false;
switch ($action) {
case 'enter':
if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
$bad_token = true;
break;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$password) {
$missing_password = true;
}
/* fall thru */
/* fall thru */
case 'facebook':
if (!$login) {
$missing_login = true;
} else {
if (!(validate_user_name($login) or validate_mail($login))) {
$bad_login = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'enter':
case 'facebook':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
break;
}
require_once 'models/user.inc';
$user = user_login($login, $password);
if (!$user) {
$access_denied = true;
require_once 'log.php';
write_log('enter.err', substr($login, 0, 100));
$_SESSION['login'] = $login;
break;
}
$user['ip'] = client_ip_address();
if (in_array('administrator', $user['role'])) {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'login' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
@emailme($subject, $msg);
if ($action == 'facebook') {
$access_denied = true;
break;
}
}
session_regenerate();
$_SESSION['user'] = $user;
unset($_SESSION['login']);
unset($_SESSION['login_token']);
return true;
default:
break;
}
$connectbar = false;
if ($with_facebook) {
$scope = 'email';
$facebook_login_url = $facebook->getLoginUrl(compact('scope'));
$connectbar = view('connect', $lang, compact('facebook_login_url'));
}
$password_page = $with_newpassword ? url('password', $lang) : false;
$newuser_page = $with_newuser ? url('newuser', $lang) : false;
$_SESSION['login_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
$output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
return $output;
}
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
$action = 'init';
if (isset($_POST['mailme_send'])) {
$action = 'send';
}
$mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
if (isset($_SESSION['user']['mail'])) {
$mail = $_SESSION['user']['mail'];
}
switch ($action) {
case 'send':
if (isset($_POST['mailme_mail'])) {
$mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
}
if (isset($_POST['mailme_subject'])) {
$subject = readarg($_POST['mailme_subject']);
}
if (isset($_POST['mailme_message'])) {
$message = readarg($_POST['mailme_message']);
}
if ($with_appointment) {
if (isset($_POST['mailme_date'])) {
$date = readarg($_POST['mailme_date']);
}
if (isset($_POST['mailme_hour'])) {
$hour = readarg($_POST['mailme_hour']);
}
if (isset($_POST['mailme_minute'])) {
$minute = readarg($_POST['mailme_minute']);
}
}
if (isset($_POST['mailme_code'])) {
$code = readarg($_POST['mailme_code']);
}
if (isset($_POST['mailme_token'])) {
$token = readarg($_POST['mailme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$missing_subject = false;
$bad_subject = false;
$missing_message = false;
$bad_appointment = false;
$email_sent = false;
$home_page = false;
$internal_error = false;
switch ($action) {
case 'send':
if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$mail) {
$missing_mail = true;
} else {
if (!validate_mail($mail)) {
$bad_mail = true;
}
}
if (!$subject) {
$missing_subject = true;
} else {
if (is_mail_injected($subject)) {
$bad_subject = true;
}
}
if (!$message) {
$missing_message = true;
}
if ($with_appointment) {
if ($date) {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_appointment = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_appointment = true;
} else {
if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
$bad_appointment = true;
}
}
}
}
if (is_numeric($hour) and is_numeric($minute)) {
if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
$bad_appointment = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'send':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
break;
}
require_once 'emailme.php';
if ($date) {
$f = translate('email:appointment', $lang);
$s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
$message .= "\n\n{$s}";
}
$r = emailme($subject, $message, $mail, $to);
if (!$r) {
$internal_error = true;
break;
}
$subject = $message = $date = $hour = $minute = false;
if ($with_home) {
global $home_action;
$home_page = url($home_action, $lang);
}
$email_sent = true;
break;
default:
break;
}
$_SESSION['mailme_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
$infos = compact('email_sent', 'home_page');
$output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
return $output;
}
