private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '')
{
$output = false;
$encapsulation = $isSerialized ? '' : '"';
switch ($field[CONS_XML_TIPO]) {
case CONS_TIPO_INT:
if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) {
$output = $data[$name];
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_LINK:
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) {
$encapsulation = '';
}
if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) {
# non-mandatory links accept 0 values, otherwise 0 is not acceptable
if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) {
break;
} else {
if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) {
$data[$name] = 0;
} else {
if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') {
if ($field[CONS_XML_SPECIAL] == "ucase") {
$data[$name] = strtoupper($data[$name]);
}
if ($field[CONS_XML_SPECIAL] == "lcase") {
$data[$name] = strtolower($data[$name]);
}
}
}
}
# if this is a parent, check if this won't create a cyclic parenting
if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) {
if (!$isADD && $data[$name] == $data[$this->keys[0]]) {
$data[$name] = 0;
$this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self");
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
} else {
$antiCicle = $isADD ? array() : array($data[$this->keys[0]]);
$idP = isset($data[$name]) ? $data[$name] : 0;
if ($idP == null) {
$idP = 0;
}
while ($idP !== 0) {
$idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}");
if ($idP == NULL) {
$idP = 0;
}
if (in_array($idP, $antiCicle)) {
break;
}
// cicle!
$antiCicle[] = $idP;
}
unset($antiCicle);
if ($idP !== 0) {
# did not reach root
$this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]);
$data[$name] = 0;
if (isset($field[CONS_XML_MANDATORY])) {
return false;
}
}
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) {
$output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation;
} else {
if ($field[CONS_XML_DEFAULT] != "%UID%") {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
}
}
break;
case CONS_TIPO_FLOAT:
if (isset($data[$name]) && $data[$name] !== "") {
$data[$name] = fv($data[$name]);
if (is_numeric($data[$name])) {
$output = str_replace(",", ".", $data[$name]);
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $field[CONS_XML_DEFAULT];
}
}
break;
case CONS_TIPO_VC:
if (isset($data[$name])) {
if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") {
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
}
}
if (isset($field[CONS_XML_SPECIAL])) {
if ($field[CONS_XML_SPECIAL] == "urla") {
if (!isset($data[$name]) || $data[$name] == '') {
$source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}";
$tp = new CKTemplate($this->parent->template);
$tp->tbreak($source);
$data[$name] = $tp->techo($data);
unset($tp);
}
$data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name]))));
$data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL);
}
if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(129, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") {
if (!isMail($data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(130, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") {
$data[$name] = strtoupper($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") {
$data[$name] = strtolower($data[$name]);
$data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo);
}
if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(131, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") {
if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(132, $name, $this->name);
break;
}
}
if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") {
if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) {
$data[$name] = "";
$this->parent->errorControl->raise(133, $name, $this->name);
break;
} else {
$data[$name] = explode(":", $data[$name]);
$data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0];
$data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1];
$data[$name] = $data[$name][0] . ":" . $data[$name][1];
}
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
} else {
if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) {
$data[$name] = $field[CONS_XML_DEFAULT];
}
}
$output = $encapsulation . $data[$name] . $encapsulation;
}
break;
case CONS_TIPO_TEXT:
if (isset($data[$name])) {
# WYSIWYG garbage ...
if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) {
$data[$name] = str_replace(" ", " ", trim($data[$name]));
if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') {
if (!defined('C_XHTML_AUTOTAB')) {
include CONS_PATH_INCLUDE . "xmlHandler.php";
}
$data[$name] = parseHTML($data[$name], true);
if ($data[$name] === false) {
$this->parent->errorControl->raise(190, $name, $this->name);
$data[$name] = '';
break;
}
}
if ($this->invalidHTML($data[$name])) {
# external editors garbage that can break HTML
$this->parent->errorControl->raise(135, $name, $this->name);
}
}
if (!isset($field[CONS_XML_CUSTOM])) {
$data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo);
} else {
if (!$isSerialized) {
$data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo);
}
}
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_DATETIME:
case CONS_TIPO_DATE:
if (!isset($data[$name]) || $data[$name] == '') {
if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
} else {
if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) {
$output = "NOW()";
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
break;
}
}
}
if (!isset($data[$name]) && isset($data[$name . "_day"])) {
# date came into separated fields, merge them
$theDate = $this->parent->intlControl->mergeDate($data, $name . "_");
if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
# empty date can be ignored, or corrupt date
$output = $encapsulation . $theDate . $encapsulation;
} else {
# came in mySQL format or i18n fromat
if (isset($data[$name]) && $data[$name] != "") {
$data[$name] = trim($data[$name]);
$theDate = $data[$name];
$theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME);
// handles any format of human or sql date
if ($theDate === false) {
if (substr($data[$name], 0, 5) == "NOW()") {
$output = $data[$name];
$data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : "");
// might be used by friendly url or such
} else {
$this->parent->errorControl->raise(134, $name, $this->name);
}
} else {
$output = $encapsulation . $theDate . $encapsulation;
$data[$name] = $theDate;
// other fields might need it
}
} else {
if (isset($data[$name])) {
// blank
if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) {
break;
}
$output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL';
}
}
}
break;
case CONS_TIPO_ENUM:
if (isset($data[$name])) {
if ($data[$name] == "") {
# enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL
$output = "NULL";
} else {
$data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name]));
$output = $encapsulation . $data[$name] . $encapsulation;
if (isset($field[CONS_XML_AUTOPRUNE])) {
// possible prune
//$EnumPrunecache
preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs);
$enums = explode(",", $regs[1]);
$pruneRecipient = "";
for ($ec = 0; $ec < count($enums); $ec++) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') {
$pruneRecipient = $enums[$ec];
}
}
for ($ec = 0; $ec < count($enums); $ec++) {
if ("'" . $data[$name] . "'" == $enums[$ec]) {
if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') {
$EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient);
}
break;
// for
}
}
}
}
} else {
if ($isADD && isset($field[CONS_XML_DEFAULT])) {
$output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation;
}
}
break;
case CONS_TIPO_OPTIONS:
# must come as a string of 0 and 1
if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) {
# test if they are all 0 and 1!
$ok = true;
for ($c = 0; $c < strlen($data[$name]); $c++) {
if ($data[$name][$c] != "0" && $data[$name][$c] != "1") {
$ok = false;
break;
}
}
if ($ok) {
$output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation;
}
}
break;
case CONS_TIPO_UPLOAD:
if (!$isADD) {
# upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload
if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) {
// delete ou update
$ids = "";
foreach ($this->keys as $key) {
$ids .= $data[$key] . "_";
}
$ids = substr($ids, 0, strlen($ids) - 1);
$this->deleteUploads($data, $name, $ids);
}
$upOk = $this->prepareUpload($name, $kA, $data);
$upvalue = $upOk == '0' ? 'y' : 'n';
if ($upOk != 0 && $upOk != 4) {
# notification for the upload (4 = nothing sent, 0 = sent and ok)
$this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name);
}
if ($upOk != 4) {
$output = $encapsulation . $upvalue . $encapsulation;
} else {
// no change, but take this oportunity and check if the file exists!
$upvalue = 'n';
$path = CONS_FMANAGER . $this->name . "/";
if (is_dir($path)) {
if (isset($this->fields[$name][CONS_XML_FILEPATH])) {
$path .= $this->fields[$name][CONS_XML_FILEPATH];
if ($path[strlen($path) - 1] != "/") {
$path .= "/";
}
if (!is_dir($path)) {
safe_mkdir($path);
}
}
# prepares filename with item keys
$filename = $path . $name . "_";
foreach ($this->keys as $key) {
$filename .= $data[$key] . "_";
}
$filename .= "1";
$upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n';
}
$output = $encapsulation . $upvalue . $encapsulation;
}
}
break;
case CONS_TIPO_ARRAY:
if (isset($data[$name])) {
if (is_array($data[$name])) {
$output = $data[$name];
} else {
# came in serialized (JSON or php)
if ($data[$name][0] == '[') {
# JSON
$output = @json_decode($data[$name]);
} else {
$output = @unserialize($data[$name]);
}
# we will serialize the whole thing
if ($output === false) {
$this->parent->errorControl->raise(189, $name, $this->name);
$output = "";
}
}
}
break;
case CONS_TIPO_SERIALIZED:
if (isset($data[$name])) {
// came raw data, we store as is, YOU should serialize raw data
$data[$name] = addslashes_EX($data[$name], true);
if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") {
break;
}
$output = $encapsulation . $data[$name] . $encapsulation;
} else {
if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) {
// set to WRITE or ALL
// note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first
$sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}";
$serialized = $this->parent->dbo->fetch($sql);
if ($serialized === false) {
$serialized = array();
} else {
$serialized = @unserialize($serialized);
}
$serializedFields = 0;
foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) {
if (isset($data[$name . "_" . $exname])) {
$outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true);
if ($outfield !== false && $outfield != 'NULL') {
$serialized[$exname] = $outfield;
}
# we don't need to store NULL like in sql
}
}
$output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation;
}
}
break;
}
# switch
return $output;
}
$username = new user($sql, "username", $_POST['username']);
if ($username->load() == TRUE) {
$error['top'] .= "<p>The username is already taken.</p>";
$error['username'] = "******";
} else {
$filled['username'] = TRUE;
}
}
$isfilled = TRUE;
} else {
$error['top'] .= "<p>Your username must be between 3 and 25 characters.</p>";
$error['username'] = "******";
}
if (isset($_POST['email']) && $_POST['email'] != "") {
$fill['email'] = $_POST['email'];
if (strlen($_POST['email']) <= 3 || strlen($_POST['email']) >= 150 || isMail($_POST['email']) == FALSE) {
$error['top'] .= "<p>Please enter a valid email.</p>";
$error['email'] = "Please enter a valid email.";
} else {
$username = new user($sql, "email", $_POST['email']);
if ($username->load() == TRUE) {
$error['top'] .= "<p>The email is already in use.</p>";
$error['email'] = "The email is already in use.";
} else {
$filled['email'] = TRUE;
}
}
$isfilled = TRUE;
} else {
$error['top'] .= "<p>Please enter a valid email.</p>";
$error['email'] = "Please enter a valid email.";
<script>$(document).ready(function()
{
$("#verifylist").tablesorter();
}
);
</script>';
}
} else {
$pagecontent .= '<div class="notification red"><p>Failed to load users.</p></div>';
}
} elseif ($_GET['action'] == "users" && $sessus->adminusers == TRUE) {
if (isset($_GET['id'])) {
$pagecontent .= '<h3>Edit user</h3>';
if (intval($_GET['id']) != 0) {
$user = new user($sql, "id", intval($_GET['id']));
} elseif (isMail($_GET['id']) == TRUE) {
$user = new user($sql, "email", e($_GET['id']));
} else {
$user = new user($sql, "username", e($_GET['id']));
}
if ($user->load()) {
$redmsg = "";
$greenmsg = "";
if (isset($_POST['save'])) {
$changed = FALSE;
$redmsg = "";
$greenmsg = "";
if (isset($_POST['password'])) {
$password = randomString(25);
$user->changePW($password);
$greenmsg = '<p>New user password: '******'</p>
# php log has more than 1Mb, come on!
$this->raise(604, "size=" . filesize(CONS_HTTPD_ERRDIR . $httpderrlog), "PHP error log too big");
}
} else {
$httpderrlog = "";
}
if ($this->dimconfig['_errcontrol'] > 100) {
# system reports more than 100 errors!
$this->errorControl->raise(605, "errors=" . ($httpderrlog != "" && is_file(CONS_HTTPD_ERRDIR . $httpderrlog) ? filesize(CONS_HTTPD_ERRDIR . $httpderrlog) : $this->dimconfig['_errcontrol']), "Too many system errors");
}
// quota ok?
$quota = isset($this->dimconfig['quota']) ? $this->dimconfig['quota'] : CONS_MAX_QUOTA;
$this->dimconfig['_usedquota'] = quota(CONS_FMANAGER, true) * 1024;
if ($this->dimconfig['_usedquota'] > $quota) {
$this->errorControl->raise(110);
if (isset($this->dimconfig['adminmail']) && isMail($this->dimconfig['adminmail'])) {
@mail($this->dimconfig['adminmail'], "QUOTA EXCEEDED @ " . $_SESSION['CODE'], "Quota exceeded: " . $this->dimconfig['_usedquota'] . " from {$quota}");
}
}
// auto clean
foreach ($this->modules as $name => &$module) {
if (isset($module->options[CONS_MODULE_AUTOCLEAN]) && $module->options[CONS_MODULE_AUTOCLEAN] != "" && (strpos($module->options[CONS_MODULE_AUTOCLEAN], "DAY") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "WEEK") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "MONTH") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "YEAR") !== false)) {
# daily only runs autocleans with DAY, WEEK, MONTH or YEAR
if ($module->options[CONS_MODULE_VOLATILE]) {
$sql = "DELETE FROM " . $module->dbname . " WHERE " . $module->options[CONS_MODULE_AUTOCLEAN];
$this->dbo->simpleQuery($sql);
} else {
$sql = "SELECT * FROM " . $module->dbname . " WHERE " . $module->options[CONS_MODULE_AUTOCLEAN];
$this->dbo->query($sql, $r, $n);
if ($n > 0) {
$this->safety = false;
function raise($errCode, $parameter = "", $module = "", $extended = "")
{
if (!CONS_ONSERVER && $errCode == 1000) {
return;
}
# this will happen every single hit on development mode
if ($this->errorCount == CONS_MAX_ERRORS) {
$errCode = 178;
}
// abort (gracefully)
if ($this->errorCount > CONS_MAX_ERRORS) {
die("178 too many errors, error during error report found");
}
#-- quickly set the fatal error flag
if (!isset($this->ERRORS[$errCode])) {
$parameter = $errCode;
$errCode = 603;
}
if (!is_dir(CONS_PATH_LOGS)) {
safe_mkdir(CONS_PATH_LOGS);
}
if (($this->ERRORS[$errCode] == CONS_ERROR_FATAL_MAIL || $this->ERRORS[$errCode] == CONS_ERROR_NOTIFYMAIL) && !CONS_ONSERVER) {
if (isMail(CONS_MASTERMAIL)) {
@mail(CONS_MASTERMAIL, "Fatal error at " . (isset($_SESSION['CODE']) ? $_SESSION['CODE'] : "Unknown domain") . " err {$errCode}", "Data: {$parameter}\nModule:{$module}", CONS_MASTERMAIL);
}
}
#-- 404 errors ...
if ($errCode == 103 || $errCode == 114 || $errCode == 166 || $errCode == 171) {
$fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/404.log", "a");
if ($fd) {
fwrite($fd, date("Y-m-d H:i:s") . " e{$errCode} " . $this->parent->context_str . $this->parent->action . " (" . $this->parent->original_action . ") referer=" . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "-") . "\n");
fclose($fd);
return;
} else {
$errCode = 179;
$parameter = $this->parent->context_str . $this->parent->action;
}
}
#-- ok normal errors ...
if (is_object($module)) {
$module = $module->name;
}
$showToUser = CONS_DEVELOPER || $this->ERRORS[$errCode] == CONS_ERROR_NOTICE_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_WARNING_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_ERROR_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_SEC_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_NOTICESTOP || $this->ERRORS[$errCode] == CONS_ERROR_MESSAGE;
$lowLog = $this->ERRORS[$errCode] == CONS_ERROR_NOTICE || $this->ERRORS[$errCode] == CONS_ERROR_WARNING || $this->ERRORS[$errCode] == CONS_ERROR_WARNING_SHOW;
$securityLog = $this->ERRORS[$errCode] == CONS_ERROR_SEC || $this->ERRORS[$errCode] == CONS_ERROR_SEC_SHOW;
$highLog = $this->ERRORS[$errCode] == CONS_ERROR_ERROR || $this->ERRORS[$errCode] == CONS_ERROR_ERROR_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_FATAL || $this->ERRORS[$errCode] == CONS_ERROR_NOTIFYMAIL;
$actionLog = $this->ERRORS[$errCode] < CONS_ERROR_WARNING && ($errCode >= 300 && $errCode < 400);
$stopScript = $this->ERRORS[$errCode] == CONS_ERROR_FATAL || $this->ERRORS[$errCode] == CONS_ERROR_FATAL_NOLOG || $this->ERRORS[$errCode] == CONS_ERROR_NOTICESTOP || $this->ERRORS[$errCode] == CONS_ERROR_FATAL_MAIL;
$storeInWarning = $this->ERRORS[$errCode] != CONS_ERROR_MESSAGE;
$redWarning = $this->ERRORS[$errCode] != CONS_ERROR_MESSAGE && $this->ERRORS[$errCode] != CONS_ERROR_NOTICE_SHOW && $this->ERRORS[$errCode] != CONS_ERROR_NOTICE && !$actionLog;
# These are logs that, once displayed to the users, should be in red (actual errors)
if (!$actionLog) {
$this->errorCount++;
}
#--
$errstr = $this->parent->langOut('e' . $errCode) . " (e{$errCode}) {$module} {$parameter} {$extended}";
$errstrfull = $errCode . "|" . $module . "|" . $parameter . "|" . $extended . "|" . implode("|", $this->parent->log);
# Error file:
# date|client|uri|errCode|module|parameters|extended parameters|log[|...]
# Action file:
# YmdHismodule|parameter|extended parameters
$status = date("d/m/Y H:i:s") . "|" . (isset($_SESSION['CODE']) ? $_SESSION['CODE'] : '?') . "|" . $_SERVER['REQUEST_URI'];
if ($showToUser) {
$this->parent->setLog($redWarning ? $highLog || $stopScript ? CONS_LOGGING_ERROR : CONS_LOGGING_WARNING : ($errCode == 300 ? CONS_LOGGING_SUCCESS : CONS_LOGGING_NOTICE), $errstr);
}
if ($storeInWarning) {
$this->parent->warning[] = $errstr;
}
if ($lowLog || $securityLog || $highLog) {
if (isset($_SESSION['CODE'])) {
if (isset($_SESSION['CODE']) && !is_dir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/")) {
safe_mkdir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/");
}
if (!is_file(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log") || filesize(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log") < CONS_MAX_LOGFILESIZE) {
$fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log", "a");
if ($fd) {
fwrite($fd, $status . "|" . $errstrfull . "\n");
fclose($fd);
}
}
if ($highLog) {
if (isset($this->parent->dimconfig['_cronD']) && $this->parent->dimconfig['_cronD'] == date("d")) {
$this->parent->dimconfig['_errcontrol'] = isset($this->parent->dimconfig['_errcontrol']) ? $this->parent->dimconfig['_errcontrol'] + 1 : 1;
} else {
$this->parent->dimconfig['_errcontrol'] = 1;
}
$this->parent->saveConfig(true);
}
}
# centralized log (the framework supports multiple domains, this log is a single log for all domains)
if ($highLog && (!is_file(CONS_PATH_LOGS . "err" . date("Ymd") . ".log") || filesize(CONS_PATH_LOGS . "err" . date("Ymd") . ".log") < CONS_MAX_LOGFILESIZE)) {
$fd = fopen(CONS_PATH_LOGS . "err" . date("Ymd") . ".log", "a");
if ($fd) {
fwrite($fd, $status . "|" . $errstrfull . "\n");
fclose($fd);
}
}
}
if ($actionLog && !CONS_ECONOMICMODE) {
if (isset($_SESSION['CODE']) && !is_dir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/")) {
safe_mkdir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/");
}
$fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/act" . date("Ymd") . ".log", "a");
if ($fd) {
if ($errCode >= 301 && $errCode <= 305) {
$parameter = "e" . $errCode;
fwrite($fd, date("YmdHis") . $module . "|{$parameter}|{$extended}|{$extended}" . "\n");
} else {
$parameter = $parameter == CONS_ACTION_INCLUDE ? "include" : ($parameter == CONS_ACTION_UPDATE ? "edit" : ($parameter == CONS_ACTION_DELETE ? "delete" : $parameter));
fwrite($fd, date("YmdHis") . $module . "|{$parameter}|{$extended}|" . ($this->parent->logged() ? $_SESSION[CONS_SESSION_ACCESS_USER]['login'] : "******") . "\n");
}
fclose($fd);
}
}
if ($stopScript) {
$this->parent->headerControl->showHeaders('500', true);
echo "<div style='border:1px solid #FFCCCC;padding:10px;margin:20px;'>\n\t\t\t\t<b>{$parameter}</b> ({$errCode})\n\t\t\t \t<div style='border-top: 1px solid #CCCCCC;'>" . nl2br($this->errorToMessage($errCode, $parameter, $module, $extended)) . "</div>" . "<div style='border-top: 1px solid #CCCCCC;'>SystemLog:<br/><div style='font-size:10px'>" . implode("<br/>", $this->parent->log) . "</div></div>" . ($this->parent->debugmode ? "<div style='border-top: 1px solid #CCCCCC;'>DBLog:<br/><div style='font-size:10px'>" . implode("<br/>", $this->parent->dbo->log) . "</div></div>" : "") . ($this->parent->offlineMode ? "<div style='border-top: 1px solid #CCCCCC;'>DB DOWN</div>" : "") . "</div>Prescia";
$this->parent->close(true);
}
}
public function editar_usuario()
{
//carregar Model
$this->load->model('Usuarios_model', 'usuarios');
$check = array('nome' => TRUE, 'email' => TRUE, 'data' => TRUE);
$data = array();
$user = $_POST;
/*******************VALIDAÇOES DOS CAMPOS DO FORMULARIO*****************/
//Validar Campo Nome
if ($user['nome'] == '') {
$check['nome'] = FALSE;
$data['msg'][1] = "O campo nome precisa ser preenchido.";
}
//Validar Campo email
$this->load->helper('quick');
$check['email'] = isMail($user['email']);
if ($check['email'] == FALSE || $_POST['email'] == '') {
$check['email'] = FALSE;
$data['msg'][2] = "Email Inválido. Digite um email válido.";
}
//Validar o campo data
if ($user['data_de_nascimento'] == '') {
$check['data'] = FALSE;
$data['msg'][3] = "A data precisa ser preenchida.";
} elseif (!validateDate($user['data_de_nascimento'])) {
$check['data'] = FALSE;
$data['msg'][3] = "A data está no formato incorreto.";
}
//Se tudo deu certo na validação encaminha para o banco
if ($check['nome'] && $check['email'] && $check['data']) {
//Formate a data para armazenar no banco
$user['data_de_nascimento'] = to_mysql_data($user['data_de_nascimento']);
//Resgata id e prepara vetor para editar no banco
$id = $user['idd'];
unset($user['idd']);
$this->usuarios->editar_usuario($user, $id);
$data['mensagem'] = "Edição realizada!";
$data['usuario'] = $this->usuarios->info_do_usuario_pelo_id($id);
$this->template->load('template_view', 'usuario/editar_usuario', $data);
} else {
$data['mensagem'] = "Editar.";
$data['usuario'] = $this->usuarios->info_do_usuario_pelo_id($user['idd']);
$this->template->load('template_view', 'usuario/editar_usuario', $data);
}
}
function sendMail($mailto, $subject, &$mail, $mailfrom = "", $header = "", $isHTML = true, $attach = "")
{
# mailto = destination mail, accepts extended version (name <mail>) and comma delimited list
# subject = subject line
# mail = template with the fill mail >>>OBJECT<<<
# mailfrom = "from" mail
# header (optional) = headers, you might or might not fill a Content-Type
# isHTML = if true, adds proper Content-Type
# attach = filename for attachment
$subject = str_replace("\n", "", $subject);
// bye exploit
$subject = str_replace("\r", "", $subject);
// bye exploit
if (preg_match('!\\S!u', $subject) !== 0) {
$subject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
}
if ($mailfrom == "" && strpos($mailto, ",") === false) {
$mailfrom = $mailto;
}
// no mailfrom, use mailti
if ($header != "" && $header[strlen($header) - 1] != "\n") {
$header .= "\n";
}
// add \n at the end of the last line of pre-defined header
$mailfrom = str_replace("\n", "", $mailfrom);
// bye exploit
if (strpos(strtoupper($header), "RETURN-PATH:") === false && isMail($mailfrom, true)) {
// no R-P, add if possible
$header .= "Return-path: {$mailfrom}\n";
}
if (strpos(strtoupper($header), "REPLY-TO:") === false && isMail($mailfrom, true)) {
// no R-T, add if possible
$header .= "Reply-To: {$mailfrom}\n";
}
if (strpos(strtoupper($header), "FROM:") === false && isMail($mailfrom, true)) {
// no FROM, add if possible
$header .= "From: {$mailfrom}\n";
}
if ($isHTML || $attach != "") {
// HTML mode with attachment
$isHTML = true;
$bound = "--=XYZ_" . md5(date("dmYis")) . "_ZYX";
$bnext = "--=NextPart_XYZ_" . md5(date("dm")) . ".E0_PART";
$header .= "Content-Type:multipart/" . ($attach != "" ? "mixed" : "alternative") . "; boundary=\"{$bound}\"\n";
} else {
// not HTML nor with attachment
$header .= "Content-Type:text/plain; charset=utf-8\n";
}
$header .= "MIME-Version: 1.0\n";
$header .= "x-mailer: PresciaMailer\n";
$mail->assign("IP", CONS_IP);
$mail->assign("HOUR", date("H:i"));
$mail->assign("DATA", date("d/m/Y"));
$mail->assign("DATE", date("m/d/Y"));
$corpo = $mail->techo();
if ($attach != "" && is_file($attach)) {
// deal with attachment
//Open file and convert to base64
$fOpen = fopen($attach, "rb");
$fAtach = fread($fOpen, filesize($attach));
$ext = explode(".", $attach);
$ext = array_pop($ext);
$fAtach = base64_encode($fAtach);
fclose($fOpen);
$fAtach = chunk_split($fAtach);
$corpoplain = preg_replace("/( ){2,}/", " ", cleanHTML($corpo));
// Add multipart message
$sBody = "This is a multipart MIME message.\n\n";
$sBody .= "--{$bound}\n";
$sBody .= "Content-Type: multipart/alternative; boundary=\"{$bnext}\"\n\n\n";
$sBody .= "--{$bnext}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bnext}\n";
$sBody .= "Content-Type:text/html; charset=utf-8\n\n";
$sBody .= "{$corpo} \n\n";
$sBody .= "--{$bnext}--\n\n";
$sBody .= "--{$bound}\n";
$fname = explode("/", str_replace("\\", "/", $attach));
$sBody .= "Content-Disposition: attachment; filename=" . array_pop($fname) . "\n";
if (!function_exists("getMime")) {
include_once CONS_PATH_INCLUDE . "getMime.php";
}
$sBody .= "Content-Type: " . getMime($ext) . "\n";
$sBody .= "Content-Transfer-Encoding: base64\n\n{$fAtach}\n";
$sBody .= "--{$bound}--\n\n";
} else {
if ($isHTML) {
$corpoplain = preg_replace("/( ){2,}/", " ", stripHTML($corpo));
$sBody = "This is a multipart MIME message.\n\n";
$sBody .= "--{$bound}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bound}\n" . "Content-Type: text/html; charset=utf-8\n\n" . $corpo . "\n\n" . "--{$bound}--\n";
} else {
$sBody = $corpo;
}
}
if (substr($subject, 0, 3) == "NS:") {
$sBody .= chr(0);
}
// Newsletter character flag
if (preg_match('@^([^<]*)<([^>]*)>(.?)$@i', $mailfrom, $matches) == 1) {
$mailfrom = $matches[2];
}
// removes expanded mail mode
$ok = false;
// will return false ONLY if ALL submissions fail
$mailto = explode(",", $mailto);
foreach ($mailto as $mt) {
$mt = trim($mt);
// Subject: =?UTF-8?B?".base64_encode($subject)."?=
if (!@mail($mt, $subject, $sBody, $header, '-f' . $mailfrom)) {
$ok = @mail($mt, $subject, $sBody, $header, '-r' . $mailfrom) || $ok;
} else {
$ok = true;
}
}
return $ok;
}
$sqlVerificar = "SELECT * FROM cliente WHERE cpf ='" . $cpf . "'";
$sql = mysql_query($sqlVerificar) or die(mysql_error());
$count = mysql_num_rows($sql);
//Funcao para validar CPF
$cpfValidar = CPF($cpf);
if ($cpfValidar == false) {
?>
<script>
window.location.href = 'cadastro.php?status=erro';
</script>
<?php
}
//Fim Validacao do CPF
//Validacao do E-mail
if (isMail($email) == false) {
?>
<script>
window.location.href = 'cadastro.php?statusEmail=erro';
</script>
<?php
}
// VERIFICAÇOES PARA SABER SE OS CAMPOS DIGITADOS ESTÃO VAZIOS.
if ($nome == '') {
echo "<script>alert('DIGITE SEU NOME')</script>";
echo "<script>window.location.href = 'cadastro.php'</script>";
} else {
if ($cpf == '') {
echo "<script>alert('DIGITE O SEU CPF')</script>";
echo "<script>window.location.href = 'cadastro.php'</script>";
} else {
return preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))\$/i", $verify_email);
}
$error_name = false;
$error_email = false;
$validate = false;
if (isset($_POST["subs_submit"])) {
$name = "";
$email = "";
// Get the first name
if (trim($_POST['ftr_name']) === '') {
$error_name = true;
} else {
$name = trim($_POST['ftr_name']);
}
// Get the email
if (trim($_POST['email']) === '' || !isMail($_POST['email'])) {
$error_email = true;
} else {
$email = trim($_POST['email']);
}
if (!$error_name && !$error_email) {
if (isset($name) && isset($email)) {
//Check and Insert data into Database
global $wpdb;
$table_name = $wpdb->prefix . 'subs';
if ($wpdb->get_var("SHOW TABLES LIKE '{$table_name}'") != $table_name) {
//table not in database. Create new table
$charset_collate = $wpdb->get_charset_collate();
$sql = "CREATE TABLE {$table_name} (\n\t\t\t\tid mediumint(9) NOT NULL AUTO_INCREMENT,\n\t\t\t\tname text NOT NULL,\n\t\t\t\temail text NOT NULL,\n\t\t\t\tUNIQUE KEY id (id)\n\t\t\t\t) {$charset_collate};";
require_once ABSPATH . 'wp-admin/includes/upgrade.php';
dbDelta($sql);
}
$data = array('name' => $_POST['name'], 'email' => isset($_POST['email']) ? $_POST['email'] : '', 'login' => isset($_POST['ulogin']) ? $_POST['ulogin'] : '', 'password' => $_POST['upassword'], 'userprefs' => serialize($up), 'id_group' => $this->registrationGroup);
if ($core->logged()) {
$data['id'] = $_SESSION[CONS_SESSION_ACCESS_USER]['id'];
unset($data['id_group']);
unset($data['login']);
if ($_POST['upassword'] == '') {
unset($_POST['upassword']);
}
# remember to allow users to change themselves
$ok = $core->runAction('users', CONS_ACTION_UPDATE, $data);
} else {
if ($core->tCaptcha('captcha', true)) {
$core->safety = false;
// allow guests to register (add user)
if (!isset($_REQUEST['email']) && isMail($data['login'])) {
$data['email'] = $data['login'];
}
// if the email is the login
$ok = $core->runAction('users', CONS_ACTION_INCLUDE, $data);
$core->safety = true;
if ($ok) {
$id = $core->lastReturnCode;
$core->authControl->logUser($id, CONS_AUTH_SESSION_NEW);
} else {
$core->authControl->logsGuest();
}
}
}
$core->action = "profile";
if ($ok) {
