* @version $Id: register.php,v 1.89 2008/01/21 09:35:23 fplanque Exp $
*/
/**
* Includes:
*/
require_once dirname(__FILE__) . '/../conf/_config.php';
require_once $inc_path . '_main.inc.php';
// Login is not required on the register page:
$login_required = false;
param('action', 'string', '');
param('login', 'string', '');
param('email', 'string', '');
param('locale', 'string', $Settings->get('default_locale'));
param('redirect_to', 'string', '');
// do not default to $admin_url; "empty" gets handled better in the end (uses $blogurl, if no admin perms).
locale_activate($locale);
if (!$Settings->get('newusers_canregister')) {
$action = 'disabled';
}
switch ($action) {
case 'register':
/*
* Do the registration:
*/
param('pass1', 'string', '');
param('pass2', 'string', '');
// Call plugin event to allow catching input in general and validating own things from DisplayRegisterFormFieldset event
$Plugins->trigger_event('RegisterFormSent', array('login' => &$login, 'email' => &$email, 'locale' => &$locale, 'pass1' => &$pass1, 'pass2' => &$pass2));
if ($Messages->count('error')) {
// a Plugin has added an error
break;
$del_locale_messages = empty($del_locale['messages']) ? $del_locale_key : str_replace('-', '_', $del_locale['messages']);
$del_locale_path = $locales_path . $del_locale_messages . '/' . $del_locale_key . '.locale.php';
if (!file_exists($del_locale_path)) {
// Don't reset/delete the locale without file on disk
$nofile_locales[] = $del_locale_key;
$Messages->add(sprintf(T_('We cannot reload the locale %s because the file %s was not found.'), '<b>' . $del_locale_key . '</b>', '<b>' . $del_locale_path . '</b>'), 'error');
}
}
}
// forget DB locales:
unset($locales);
// delete everything from locales table
$q = $DB->query('DELETE FROM T_locales' . (empty($nofile_locales) ? '' : ' WHERE loc_locale NOT IN ( ' . $DB->quote($nofile_locales) . ' )'));
if (!isset($locales[$current_locale])) {
// activate default locale
locale_activate($default_locale);
}
// reset default_locale
$Settings->set('default_locale', $default_locale);
$Settings->dbupdate();
// Reload locales from files:
unset($locales);
include $conf_path . '_locales.php';
if (file_exists($conf_path . '_overrides_TEST.php')) {
// also overwrite settings again (just in case we override some local erelated things):
include $conf_path . '_overrides_TEST.php';
}
// Load all available locale defintions from locale folders:
locales_load_available_defs();
// Reenable default locale
locale_insert_default();
/**
* Icon Legend
*/
load_funcs('_core/ui/_iconlegend.class.php');
$IconLegend =& new IconLegend();
}
/**
* User locale selection:
*/
if (is_logged_in() && $current_User->get('locale') != $current_locale && !$locale_from_get) {
// change locale to users preference
/*
* User locale selection:
* TODO: this should get done before instantiating $current_User, because we already use T_() there...
*/
locale_activate($current_User->get('locale'));
if ($current_locale == $current_User->get('locale')) {
$default_locale = $current_locale;
$Debuglog->add('default_locale from user profile: ' . $default_locale, 'locale');
} else {
$Debuglog->add('locale from user profile could not be activated: ' . $current_User->get('locale'), 'locale');
}
}
// Init charset handling:
init_charsets($current_charset);
// Display login errors (and form). This uses $io_charset, so it's at the end.
if ($Messages->count('login_error')) {
require $htsrv_path . 'login.php';
exit;
}
$Timer->pause('_main.inc');
}
require skin_template_path('_item_comment_form.inc.php');
break;
case 'get_msg_form':
// display send message form
$recipient_id = param('recipient_id', 'integer', 0);
$recipient_name = param('recipient_name', 'string', '');
$subject = param('subject', 'string', '');
$email_author = param('email_author', 'string', '');
$email_author_address = param('email_author_address', 'string', '');
$redirect_to = param('redirect_to', 'url', '');
$post_id = NULL;
$comment_id = param('comment_id', 'integer', 0);
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog_ID);
locale_activate($Blog->get('locale'));
if ($recipient_id > 0) {
// Get identity link for existed users
$RecipientCache =& get_UserCache();
$Recipient = $RecipientCache->get_by_ID($recipient_id);
$recipient_link = $Recipient->get_identity_link(array('link_text' => 'nickname'));
} else {
if ($comment_id > 0) {
// Anonymous Users
$gender_class = '';
if (check_setting('gender_colored')) {
// Set a gender class if the setting is ON
$gender_class = ' nogender';
}
$recipient_link = '<span class="user anonymous' . $gender_class . '" rel="bubbletip_comment_' . $comment_id . '">' . $recipient_name . '</span>';
}
// required
param('comment_type', 'string', 'feedback');
param('redirect_to', 'url', '');
param('reply_ID', 'integer', 0);
// Only logged in users can post the meta comments
$comment_type = is_logged_in() ? $comment_type : 'feedback';
$action = param_arrayindex('submit_comment_post_' . $comment_item_ID, 'save');
$ItemCache =& get_ItemCache();
$commented_Item =& $ItemCache->get_by_ID($comment_item_ID);
// Make sure Blog is loaded
$commented_Item->load_Blog();
$blog = $commented_Item->Blog->ID;
// Initialize global $Blog to avoid restriction of redirect to external URL, for example, when collection URL is subdomain:
$Blog = $commented_Item->Blog;
// Re-Init charset handling, in case current_charset has changed:
locale_activate($commented_Item->Blog->get('locale'));
if (init_charsets($current_charset)) {
// Reload Blog(s) (for encoding of name, tagline etc):
$BlogCache->clear();
$commented_Item->load_Blog();
}
header('Content-Type: text/html; charset=' . $io_charset);
if ($Settings->get('system_lock')) {
// System is locked for maintenance, users cannot send a comment
$Messages->add(T_('You cannot leave a comment at this time because the system is under maintenance. Please try again in a few moments.'), 'error');
header_redirect();
// Will save $Messages into Session
}
// Check user permissions to post this comment:
if ($comment_type == 'meta') {
// Meta comment
/**
* Restore the locale in use before the switch
*
* @see locale_temp_switch()
* @return boolean true on success, false on failure (no locale stored before)
*/
function locale_restore_previous()
{
global $saved_locales;
if (!empty($saved_locales) && is_array($saved_locales)) {
locale_activate(array_pop($saved_locales));
return true;
}
return false;
}
/**
* Read messages from server and create posts
*
* @param resource $mbox created by pbm_connect() (by reference)
* @param integer the number of messages to process
* @return boolean true on success
*/
function pbm_process_messages(&$mbox, $limit)
{
global $Settings;
global $pbm_item_files, $pbm_messages, $pbm_items, $post_cntr, $del_cntr, $is_cron_mode;
// No execution time limit
set_max_execution_time(0);
// Are we in test mode?
$test_mode_on = $Settings->get('eblog_test_mode');
$post_cntr = 0;
$del_cntr = 0;
for ($index = 1; $index <= $limit; $index++) {
pbm_msg('<hr /><h3>Processing message #' . $index . ':</h3>');
$strbody = '';
$hasAttachment = false;
$hasRelated = false;
$pbm_item_files = array();
// reset the value for each new Item
// Save email to hard drive, otherwise attachments may take a lot of RAM
if (!($tmpMIME = tempnam(sys_get_temp_dir(), 'b2evoMail'))) {
pbm_msg(T_('Could not create temporary file.'), true);
continue;
}
imap_savebody($mbox, $tmpMIME, $index);
// Create random temp directory for message parts
$tmpDirMIME = pbm_tempdir(sys_get_temp_dir(), 'b2evo_');
$mimeParser = new mime_parser_class();
$mimeParser->mbox = 0;
// Set to 0 for parsing a single message file
$mimeParser->decode_headers = 1;
$mimeParser->ignore_syntax_errors = 1;
$mimeParser->extract_addresses = 0;
$MIMEparameters = array('File' => $tmpMIME, 'SaveBody' => $tmpDirMIME, 'SkipBody' => 1);
if (!$mimeParser->Decode($MIMEparameters, $decodedMIME)) {
pbm_msg(sprintf('MIME message decoding error: %s at position %d.', $mimeParser->error, $mimeParser->error_position), true);
rmdir_r($tmpDirMIME);
unlink($tmpMIME);
continue;
} else {
pbm_msg('MIME message decoding successful');
if (!$mimeParser->Analyze($decodedMIME[0], $parsedMIME)) {
pbm_msg(sprintf('MIME message analyse error: %s', $mimeParser->error), true);
rmdir_r($tmpDirMIME);
unlink($tmpMIME);
continue;
}
// Get message $subject and $post_date from headers (by reference)
if (!pbm_process_header($parsedMIME, $subject, $post_date)) {
// Couldn't process message headers
rmdir_r($tmpDirMIME);
unlink($tmpMIME);
continue;
}
// TODO: handle type == "message" recursively
// sam2kb> For some reason imap_qprint() demages HTML text... needs more testing
if ($parsedMIME['Type'] == 'html') {
// Mail is HTML
if ($Settings->get('eblog_html_enabled')) {
// HTML posting enabled
pbm_msg('HTML message part saved as ' . $parsedMIME['DataFile']);
$html_body = file_get_contents($parsedMIME['DataFile']);
}
foreach ($parsedMIME['Alternative'] as $alternative) {
// First try to get HTML alternative (when possible)
if ($alternative['Type'] == 'html' && $Settings->get('eblog_html_enabled')) {
// HTML text
pbm_msg('HTML alternative message part saved as ' . $alternative['DataFile']);
// sam2kb> TODO: we may need to use $html_body here instead
$strbody = file_get_contents($alternative['DataFile']);
break;
// stop after first alternative
} elseif ($alternative['Type'] == 'text') {
// Plain text
pbm_msg('Text alternative message part saved as ' . $alternative['DataFile']);
$strbody = imap_qprint(file_get_contents($alternative['DataFile']));
break;
// stop after first alternative
}
}
} elseif ($parsedMIME['Type'] == 'text') {
// Mail is plain text
pbm_msg('Plain-text message part saved as ' . $parsedMIME['DataFile']);
$strbody = imap_qprint(file_get_contents($parsedMIME['DataFile']));
}
// Check for attachments
if (!empty($parsedMIME['Attachments'])) {
$hasAttachment = true;
foreach ($parsedMIME['Attachments'] as $file) {
pbm_msg('Attachment: ' . $file['FileName'] . ' stored as ' . $file['DataFile']);
}
}
// Check for inline images
if (!empty($parsedMIME['Related'])) {
$hasRelated = true;
foreach ($parsedMIME['Related'] as $file) {
pbm_msg('Related file with content ID: ' . $file['ContentID'] . ' stored as ' . $file['DataFile']);
}
}
if (count($mimeParser->warnings) > 0) {
pbm_msg(sprintf('<h4>%d warnings during decode:</h4>', count($mimeParser->warnings)));
foreach ($mimeParser->warnings as $k => $v) {
pbm_msg('Warning: ' . $v . ' at position ' . $k);
}
}
}
unlink($tmpMIME);
if (empty($html_body)) {
// Plain text message
pbm_msg('Message type: TEXT');
pbm_msg('Message body: <pre style="font-size:10px">' . htmlspecialchars($strbody) . '</pre>');
// Process body. First fix different line-endings (dos, mac, unix), remove double newlines
$content = str_replace(array("\r", "\n\n"), "\n", trim($strbody));
// First see if there's an <auth> tag with login and password
if (($auth = pbm_get_auth_tag($content)) === false) {
// No <auth> tag, let's detect legacy "username:password" on the first line
$a_body = explode("\n", $content, 2);
// tblue> splitting only into 2 parts allows colons in the user PW
// Note: login and password cannot include '<' !
$auth = explode(':', strip_tags($a_body[0]), 2);
// Drop the first line with username and password
$content = $a_body[1];
}
} else {
// HTML message
pbm_msg('Message type: HTML');
if (($parsed_message = pbm_prepare_html_message($html_body)) === false) {
// No 'auth' tag provided, skip to the next message
rmdir_r($tmpDirMIME);
continue;
}
list($auth, $content) = $parsed_message;
}
// TODO: dh> should the password really get trimmed here?!
$user_pass = isset($auth[1]) ? trim(remove_magic_quotes($auth[1])) : NULL;
$user_login = trim(evo_strtolower(remove_magic_quotes($auth[0])));
if (empty($user_login) || empty($user_pass)) {
pbm_msg(sprintf(T_('Please add username and password in message body in format %s.'), '"<auth>username:password</auth>"'), true);
rmdir_r($tmpDirMIME);
continue;
}
// Authenticate user
pbm_msg('Authenticating user: «' . $user_login . '»');
$pbmUser =& pbm_validate_user_password($user_login, $user_pass);
if (!$pbmUser) {
pbm_msg(sprintf(T_('Authentication failed for user «%s»'), htmlspecialchars($user_login)), true);
rmdir_r($tmpDirMIME);
continue;
}
$pbmUser->get_Group();
// Load group
if (!empty($is_cron_mode)) {
// Assign current User if we are in cron mode. This is needed in order to check user permissions
global $current_User;
$current_User = duplicate($pbmUser);
}
// Activate User's locale
locale_activate($pbmUser->get('locale'));
pbm_msg('<b class="green">Success</b>');
if ($post_categories = xmlrpc_getpostcategories($content)) {
$main_cat_ID = array_shift($post_categories);
$extra_cat_IDs = $post_categories;
pbm_msg('Extra categories: ' . implode(', ', $extra_cat_IDs));
} else {
$main_cat_ID = $Settings->get('eblog_default_category');
$extra_cat_IDs = array();
}
pbm_msg('Main category ID: ' . $main_cat_ID);
$ChapterCache =& get_ChapterCache();
$pbmChapter =& $ChapterCache->get_by_ID($main_cat_ID, false, false);
if (empty($pbmChapter)) {
pbm_msg(sprintf(T_('Requested category %s does not exist!'), $main_cat_ID), true);
rmdir_r($tmpDirMIME);
continue;
}
$blog_ID = $pbmChapter->blog_ID;
pbm_msg('Blog ID: ' . $blog_ID);
$BlogCache =& get_BlogCache();
$pbmBlog =& $BlogCache->get_by_ID($blog_ID, false, false);
if (empty($pbmBlog)) {
pbm_msg(sprintf(T_('Requested blog %s does not exist!'), $blog_ID), true);
rmdir_r($tmpDirMIME);
continue;
}
// Check permission:
pbm_msg(sprintf('Checking permissions for user «%s» to post to Blog #%d', $user_login, $blog_ID));
if (!$pbmUser->check_perm('blog_post!published', 'edit', false, $blog_ID)) {
pbm_msg(T_('Permission denied.'), true);
rmdir_r($tmpDirMIME);
continue;
}
if (($hasAttachment || $hasRelated) && !$pbmUser->check_perm('files', 'add', false, $blog_ID)) {
pbm_msg(T_('You have no permission to add/upload files.'), true);
rmdir_r($tmpDirMIME);
continue;
}
pbm_msg('<b class="green">Success</b>');
// Remove content after terminator
$eblog_terminator = $Settings->get('eblog_body_terminator');
if (!empty($eblog_terminator) && ($os_terminator = evo_strpos($content, $eblog_terminator)) !== false) {
$content = evo_substr($content, 0, $os_terminator);
}
$post_title = pbm_get_post_title($content, $subject);
// Remove 'title' and 'category' tags
$content = xmlrpc_removepostdata($content);
// Remove <br> tags from string start and end
// We do it here because there might be extra <br> left after deletion of <auth>, <category> and <title> tags
$content = preg_replace(array('~^(\\s*<br[\\s/]*>\\s*){1,}~i', '~(\\s*<br[\\s/]*>\\s*){1,}$~i'), '', $content);
if ($hasAttachment || $hasRelated) {
// Handle attachments
if (isset($GLOBALS['files_Module'])) {
if ($mediadir = $pbmBlog->get_media_dir()) {
if ($hasAttachment) {
pbm_process_attachments($content, $parsedMIME['Attachments'], $mediadir, $pbmBlog->get_media_url(), $Settings->get('eblog_add_imgtag'), 'attach');
}
if ($hasRelated) {
pbm_process_attachments($content, $parsedMIME['Related'], $mediadir, $pbmBlog->get_media_url(), true, 'related');
}
} else {
pbm_msg(T_('Unable to access media directory. No attachments processed.'), true);
}
} else {
pbm_msg(T_('Files module is disabled or missing!'), true);
}
}
// CHECK and FORMAT content
global $Plugins;
$renderer_params = array('Blog' => &$pbmBlog, 'setting_name' => 'coll_apply_rendering');
$renderers = $Plugins->validate_renderer_list($Settings->get('eblog_renderers'), $renderer_params);
pbm_msg('Applying the following text renderers: ' . implode(', ', $renderers));
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display
// Will probably be used for validation also
$Plugins_admin =& get_Plugins_admin();
$params = array('object_type' => 'Item', 'object_Blog' => &$pbmBlog);
$Plugins_admin->filter_contents($post_title, $content, $renderers, $params);
pbm_msg('Filtered post content: <pre style="font-size:10px">' . htmlspecialchars($content) . '</pre>');
$context = $Settings->get('eblog_html_tag_limit') ? 'commenting' : 'posting';
$post_title = check_html_sanity($post_title, $context, $pbmUser);
$content = check_html_sanity($content, $context, $pbmUser);
global $Messages;
if ($Messages->has_errors()) {
// Make it easier for user to find and correct the errors
pbm_msg("\n" . sprintf(T_('Processing message: %s'), $post_title), true);
pbm_msg($Messages->get_string(T_('Cannot post, please correct these errors:'), 'error'), true);
$Messages->clear();
rmdir_r($tmpDirMIME);
continue;
}
if ($test_mode_on) {
// Test mode
pbm_msg('<b class="green">It looks like the post can be successfully saved in the database. However we will not do it in test mode.</b>');
} else {
load_class('items/model/_item.class.php', 'Item');
global $pbm_items, $DB, $localtimenow;
$post_status = 'published';
pbm_msg(sprintf('<h4>Saving item "%s" in the database</h4>', $post_title));
// INSERT NEW POST INTO DB:
$edited_Item = new Item();
$edited_Item->set_creator_User($pbmUser);
$edited_Item->set($edited_Item->lasteditor_field, $pbmUser->ID);
$edited_Item->set('title', $post_title);
$edited_Item->set('content', $content);
$edited_Item->set('datestart', $post_date);
$edited_Item->set('datemodified', date('Y-m-d H:i:s', $localtimenow));
$edited_Item->set('main_cat_ID', $main_cat_ID);
$edited_Item->set('extra_cat_IDs', $extra_cat_IDs);
$edited_Item->set('status', $post_status);
$edited_Item->set('locale', $pbmUser->locale);
$edited_Item->set('renderers', $renderers);
// INSERT INTO DB:
$edited_Item->dbinsert('through_email');
pbm_msg(sprintf('Item created?: ' . (isset($edited_Item->ID) ? 'yes' : 'no')));
// Execute or schedule notifications & pings:
$edited_Item->handle_post_processing(true);
if (!empty($pbm_item_files)) {
// Attach files
$FileCache =& get_FileCache();
$order = 1;
foreach ($pbm_item_files as $filename) {
pbm_msg(sprintf('Saving file "%s" in the database', $filename));
$pbmFile =& $FileCache->get_by_root_and_path('collection', $pbmBlog->ID, $filename);
$pbmFile->meta = 'notfound';
// Save time and don't try to load meta from DB, it's not there anyway
$pbmFile->dbsave();
pbm_msg(sprintf('File saved?: ' . (isset($pbmFile->ID) ? 'yes' : 'no')));
pbm_msg(sprintf('Attaching file "%s" to the post', $filename));
// Let's make the link!
$pbmLink = new Link();
$pbmLink->set('itm_ID', $edited_Item->ID);
$pbmLink->set('file_ID', $pbmFile->ID);
$pbmLink->set('position', 'aftermore');
$pbmLink->set('order', $order++);
$pbmLink->dbinsert();
pbm_msg(sprintf('File attached?: ' . (isset($pbmLink->ID) ? 'yes' : 'no')));
}
}
// Save posted items sorted by author user for reports
$pbm_items['user_' . $pbmUser->ID][] = $edited_Item;
++$post_cntr;
}
pbm_msg('Message posting successful');
// Delete temporary directory
rmdir_r($tmpDirMIME);
if (!$test_mode_on && $Settings->get('eblog_delete_emails')) {
pbm_msg('Marking message for deletion from inbox: ' . $index);
imap_delete($mbox, $index);
++$del_cntr;
}
}
// Expunge messages marked for deletion
imap_expunge($mbox);
return true;
}
/**
* Activate the blog locale and the corresponding charset
*
* @param integer the blog Id
*/
function activate_blog_locale($blog)
{
global $current_charset;
if (empty($blog) || $blog <= 0) {
// $blog is not a valid blog ID
return;
}
$BlogCache =& get_BlogCache();
$Blog = $BlogCache->get_by_ID($blog, false, false);
if (!empty($Blog)) {
// Activate the blog locale
locale_activate($Blog->get('locale'));
// Re-Init charset handling, in case current_charset has changed:
init_charsets($current_charset);
}
}
if (empty($default_locale)) {
// db doesn't exists yet
$default_locale = locale_from_httpaccept();
}
// echo 'detected locale: ' . $default_locale. '<br />';
if (isset($locales[$default_locale]) && $evo_charset != $locales[$default_locale]['charset']) {
// Redirect to install page with correct defined locale in order to avoid broken chars, e.g. when db locale has utf8 encoding and default locale - latin1
header_redirect('index.php?locale=' . $default_locale);
// Exit here.
}
}
// Activate default locale:
if (!locale_activate($default_locale)) {
// Could not activate locale (non-existent?), fallback to en-US:
$default_locale = 'en-US';
locale_activate('en-US');
}
init_charsets($current_charset);
if ($action == 'menu-install' && !($old_db_version = get_db_version())) {
// Force to step 3 (Select install options) if DB is not installed yet
$action = 'menu-options';
}
switch ($action) {
case 'evoupgrade':
case 'auto_upgrade':
case 'svn_upgrade':
$title = T_('Upgrade from a previous version');
break;
case 'newdb':
$title = T_('New Install');
break;
