function Login() { if ($_COOKIE["ID_USUARIO"] == "") { msg_box("ERRO! Faça Login."); parent . location("index.php"); } }
function message($title, $message, $link, $time = 2) { global $CONFIG; if ($CONFIG['display_redirection_page'] == 0) { header("Location: {$link}&message_id=" . cpgStoreTempMessage($message)); } else { pageheader($title, "<META http-equiv=\"refresh\" content=\"{$time};url={$link}\">"); msg_box($title, $message, Lang::item('common.continue'), $link); pagefooter(); } exit; }
function print_bad_lang($title, $url, $description, $reloadparent, $this_link = -1, $row = "", $act_as_admin = false) { global $mytrail, $ltrstr; $linkdata['title'] = $title; $linkdata['url'] = $url; $linkdata['description'] = $description; $linkdata['reloadparent'] = $reloadparent; $linkdata['this_link'] = $this_link; $linkdata['row'] = $row; $linkdata['act_as_admin'] = $act_as_admin; $str = base64_encode(serialize($linkdata)); print msg_box($ltrstr['Bad language'], print_badlang_link($str), $mytrail, "", 0, -1); exit; }
function form($reloadparent = false) { global $mytrail, $ltrstr, $ft, $notification, $sess; //die($notification); switch ($ft) { case SFT_CHSUBS: $str = $ltrstr['CHANGE SUBSCRIPTION']; $backtext = $ltrstr['Back without unsub']; break; case SFT_SUBSCRIBE: $str = $ltrstr['SUBSCRIBE']; $backtext = $ltrstr['Back without sub']; break; } print msg_box($str, print_subscription_form($notification, $ft, $reloadparent), $mytrail, $mytrail['path'], 0, $backtext); }
function cookie_consent_gallery_header($template_header) { if (!CPG_COOKIES_ALLOWED) { global $REFERER, $lang_plugin_cookie_consent, $lang_common; $ref = urlencode($REFERER); $text = <<<EOT <form action="index.php?file=cookie_consent/set&ref={$ref}" method="post"> {$lang_plugin_cookie_consent['why_cookies']} <br /> <input class="checkbox" type="checkbox" name="accept_cookies" id="accept_cookies" /> <label class="clickable_option" for="accept_cookies">{$lang_plugin_cookie_consent['accept']}</label> <input class="button" type="submit" value="{$lang_common['continue']}" /> </form> EOT; ob_start(); msg_box('', $text); $msg_box = ob_get_contents() . "<br />"; ob_end_clean(); // -> print message (checkbox, button, explanation which cookies are stored and why are they needed $template_header = str_replace('{CUSTOM_HEADER}', $msg_box . '{CUSTOM_HEADER}', $template_header); } return $template_header; }
if (!$superCage->cookie->keyExists($CONFIG['cookie_name'] . '_data')) { $cookie_warning = <<<EOT <tr> <td colspan="2" align="center" class="tableh2"> <span style="color:red"><b>{$lang_login_php['cookie_warning']}<b></span> </td> </tr> EOT; } if ($CONFIG['reg_requires_valid_email'] == 1) { $send_activation_link = '<br /><a href="send_activation.php" class="topmenu">' . $lang_login_php['send_activation_link'] . '</a>'; } pageheader($lang_login_php['login']); if ($superCage->get->getInt('force_login')) { msg_box($lang_login_php['force_login_title'], $lang_login_php['force_login']); } //$referer = urlencode($referer); echo '<form action="login.php?referer=' . urlencode($CPG_REFERER) . '" method="post" name="loginbox" id="cpgform">'; starttable('-1', $lang_login_php['enter_login_pswd'], 2); //see how users are allowed to login, can be username, email address or both $login_method = $lang_login_php[$CONFIG['login_method']]; echo <<<EOT {$login_failed} {$cookie_warning} <tr> <td class="tableb" width="40%">{$login_method}</td> <td class="tableb" width="60%"><input type="text" class="textinput" name="username" style="width: 100%" tabindex="1" /></td> </tr> <tr> <td class="tableb">{$lang_login_php['password']}</td>
function form($error = false) { global $mytrail, $ltrstr, $sess; print msg_box($ltrstr['Send Message'], print_send_message_form($error), $mytrail, $mytrail['path'], 0, $ltrstr['Go Back Message']); }
} pageheader(sprintf($lang_plugin_template['configure_x'], $lang_plugin_template['plugin_name'])); list($timestamp, $form_token) = getFormToken(); echo <<<EOT <form action="index.php?file=template/admin" method="post" name="template_settings"> EOT; starttable('100%', sprintf($lang_plugin_template['configure_x'], $lang_plugin_template['plugin_name']), 3, 'cpg_zebra'); if ($superCage->post->keyExists('submit')) { if ($config_changes_counter > 0) { echo <<<EOT <tr> <td class="tablef" colspan="2" > EOT; msg_box('', $lang_plugin_template['update_success'], '', '', 'success'); } else { msg_box('', $lang_plugin_template['no_changes'], '', '', 'validation'); } echo <<<EOT </td> </tr> EOT; } echo <<<EOT <!-- insert config option form code start --> <!-- insert config option form code end --> <tr> <td class="tablef" colspan="3"> <input type="hidden" name="form_token" value="{$form_token}" /> <input type="hidden" name="timestamp" value="{$timestamp}" /> <button type="submit" class="button" name="submit" value="{$lang_plugin_template['submit']}">{$lang_plugin_template['submit']}</button> </td>
/** * list_users() * * Get a list of users galleries */ function list_users() { global $CONFIG, $PAGE; global $lang_list_users, $template_user_list_info_box, $cpg_udb; $user_count = 0; $rowset = $cpg_udb->list_users_query($user_count); if (!$rowset) { msg_box($lang_list_users['user_list'], $lang_list_users['no_user_gal'], '', '', 'info'); return; } $user_per_page = $CONFIG['thumbcols'] * $CONFIG['thumbrows']; $totalPages = ceil($user_count / $user_per_page); $user_list = array(); foreach ($rowset as $user) { $cpg_nopic_data = cpg_get_system_thumb('nopic.jpg', $user['user_id']); $user_thumb = '<img src="' . $cpg_nopic_data['thumb'] . '" ' . $cpg_nopic_data['whole'] . ' class="image thumbnail" border="0" alt="" />'; $user_pic_count = $user['pic_count']; $user_thumb_pid = $user['gallery_pid'] ? $user['gallery_pid'] : $user['thumb_pid']; $user_album_count = $user['alb_count']; if ($user_pic_count) { $sql = "SELECT filepath, filename, url_prefix, pwidth, pheight " . "FROM {$CONFIG['TABLE_PICTURES']} " . "WHERE pid='{$user_thumb_pid}' AND approved='YES'"; $result = cpg_db_query($sql); if ($result->numRows()) { $picture = $result->fetchAssoc(true); $pic_url = get_pic_url($picture, 'thumb'); if (!is_image($picture['filename'])) { $image_info = cpg_getimagesize(urldecode($pic_url)); $picture['pwidth'] = $image_info[0]; $picture['pheight'] = $image_info[1]; } //thumb cropping //$image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size']); if (array_key_exists('system_icon', $picture) && $picture['system_icon'] == true) { $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size'], true, 'cat_thumb'); } else { $image_size = compute_img_size($picture['pwidth'], $picture['pheight'], $CONFIG['alb_list_thumb_size'], false, 'cat_thumb'); } $user_thumb = "<img src=\"" . $pic_url . "\" class=\"image thumbnail\" {$image_size['geom']} border=\"0\" alt=\"\" />"; } } $albums_txt = sprintf($lang_list_users['n_albums'], $user_album_count); $pictures_txt = sprintf($lang_list_users['n_pics'], $user_pic_count); $params = CPGPluginAPI::filter('user_caption_params', array('{USER_NAME}' => $user['user_name'], '{USER_ID}' => $user['user_id'], '{ALBUMS}' => $albums_txt, '{PICTURES}' => $pictures_txt)); $caption = template_eval($template_user_list_info_box, $params); $user_list[] = array('cat' => FIRST_USER_CAT + $user['user_id'], 'image' => $user_thumb, 'caption' => $caption); } theme_display_thumbnails($user_list, $user_count, '', '', 1, $PAGE, $totalPages, false, true, 'user'); }
// Create thumbnail and internediate image and add the image into the DB $result = add_picture($album, $filepath, $picture_name, 0, $title, $caption, $keywords, $user1, $user2, $user3, $user4, $category, $raw_ip, $hdr_ip, (int) $_POST['width'], (int) $_POST['height']); if (!$result) { @unlink($uploaded_pic); cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '<br /><br />' . $ERROR, __FILE__, __LINE__, true); } elseif ($PIC_NEED_APPROVAL) { pageheader($lang_info); msg_box($lang_info, $lang_db_input_php['upload_success'], $lang_continue, 'index.php'); // start: send admin approval mail added by gaugau: 03-11-09 if ($CONFIG['upl_notify_admin_email']) { include_once 'include/mailer.inc.php'; cpg_mail('admin', sprintf($lang_db_input_php['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_db_input_php['notify_admin_email_body'], USER_NAME, $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'editpics.php?mode=upload_approval')); } // end: send admin approval mail ob_end_flush(); } else { $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: '; $redirect = "displayimage.php?pos=" . -mysql_insert_id($CONFIG['LINK_ID']); header($header_location . $redirect); pageheader($lang_info, "<meta http-equiv=\"refresh\" content=\"1;url={$redirect}\" />"); msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect); pagefooter(); ob_end_flush(); exit; } break; // Unknow event // Unknow event default: cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); }
//user already logged in msg_box($lang_bridgemgr_php['recovery_success_title'], $lang_bridgemgr_php['recovery_success_content'], $lang_bridgemgr_php['goto_bridgemgr'], $CPG_PHP_SELF, 'success'); } else { // user not logged in yet msg_box($lang_bridgemgr_php['recovery_success_title'], $lang_bridgemgr_php['recovery_success_content'] . '<br />' . $lang_bridgemgr_php['recovery_success_advice_login'], $lang_bridgemgr_php['goto_login'], "login.php?referer=" . $CPG_PHP_SELF, 'success'); } } else { // authentication failed cpg_db_query("UPDATE {$CONFIG['TABLE_BRIDGE']} SET value = NOW() WHERE name = 'recovery_logon_timestamp'"); $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_failures'"); if ($results->numRows()) { $row = $results->fetchArray(true); } $number_of_failed_attempts = $row['value'] + 1; cpg_db_query("UPDATE {$CONFIG['TABLE_BRIDGE']} SET value = '{$number_of_failed_attempts}' WHERE name = 'recovery_logon_failures'"); msg_box($lang_bridgemgr_php['recovery_failure_title'], $lang_bridgemgr_php['recovery_failure_content'], $lang_bridgemgr_php['try_again'], $CPG_PHP_SELF, 'error'); } } break; default: // check if the wait time is over; if it isn't, disable the submit button $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_timestamp'"); if ($results->numRows()) { $row = $results->fetchArray(true); } $recovery_logon_timestamp = $row['value']; //print $recovery_logon_timestamp; $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_failures'"); if ($results->numRows()) { $row = $results->fetchArray(true); }
function check_user_info(&$error) { // function check_user_info - start global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email; global $lang_register_activated_email, $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short'] . '</li>'; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>'; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>'; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>'; } // check captcha if ($CONFIG['registration_captcha'] != 0) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li>' . $lang_errors['captcha_error'] . '</li>'; } } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>'; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { print 'sub<br />'; $catid = mysql_insert_id() + FIRST_USER_CAT; print $catid; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"; } if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
$imageflow_topcorrect = -200; } if ($imageflow_topcorrect > 400) { $imageflow_topcorrect = 400; } $imageflow_width = preg_replace("/\\s+/", "", $imageflow_width); if ($imageflow_autotime < 2) { $imageflow_autotime = 2; } if ($imageflow_autotime > 20) { $imageflow_autotime = 20; } $s = "UPDATE `{$CONFIG['TABLE_PREFIX']}mod_imageflow` SET imageflow_usewheel=({$imageflow_usewheel}),imageflow_usekeys=({$imageflow_usekeys}),imageflow_auto=({$imageflow_auto}),imageflow_autotime=({$imageflow_autotime}),imageflow_pictype=('{$imageflow_pictype}'), imageflow_useenlarge=({$imageflow_useenlarge}),imageflow_album=('{$imageflow_album}'),imageflow_procent=('{$imageflow_procent}'), imageflow_topcorrect=({$imageflow_topcorrect}), imageflow_width=('{$imageflow_width}'), imageflow_intable=({$imageflow_intable}), imageflow_numberofpics=({$imageflow_numberofpics}), imageflow_cache=({$imageflow_cache}), imageflow_bgcolor=('{$imageflow_bgcolor}'), imageflow_skipportrait=({$imageflow_skipportrait}), imageflow_align=('{$imageflow_align}')"; cpg_db_query($s); pageheader($lang_plugin_imageflow['display_name']); msg_box($lang_plugin_imageflow['display_name'], $lang_plugin_imageflow['update_success'], $lang_continue, 'index.php'); pagefooter(); exit; } pageheader($lang_plugin_imageflow['display_name']); ?> <script language="javascript" type="text/javascript"> function change() { var Nodes = document.getElementsByTagName("table") var max = Nodes.length for(var i = 0;i < max;i++) { var nodeObj = Nodes.item(i) var str = nodeObj.id if (str.match("section")) { nodeObj.style.display = 'none'; }
if (isset($_REQUEST['id'])) { $id = (int) $_REQUEST['id']; } else { $id = -1; } if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == $lang_minicms['submit'] && $_REQUEST['id'] > -1) { $MINICMS['conid'] = (int) $_REQUEST['conid']; $MINICMS['type'] = (int) $_REQUEST['type']; $title = mysql_real_escape_string($_REQUEST['title']); $content = mysql_real_escape_string($_REQUEST['minicms_content']); $query = "UPDATE {$CONFIG['TABLE_CMS']} SET title = '{$title}', content = '{$content}', type = '{$MINICMS['type']}' WHERE ID = '{$id}'"; $result = cpg_db_query($query); if ($result) { $redirect = urldecode($referer); pageheader($_POST['title'], "<meta http-equiv=\"refresh\" content=\"3;url={$redirect}\" />"); msg_box($lang_minicms['minicms'], $lang_minicms['page_success'], $lang_continue . " <br />", $redirect); pagefooter(); exit; } } if (isset($_REQUEST['conid']) && isset($_REQUEST['id']) && $_REQUEST['id'] == '-1' && $_REQUEST['submit'] == $lang_minicms['submit']) { $MINICMS['conid'] = (int) $_REQUEST['conid']; $MINICMS['type'] = (int) $_REQUEST['type']; $title = isset($_REQUEST['title']) ? mysql_real_escape_string($_REQUEST['title']) : $lang_minicms['article']; $content = mysql_real_escape_string($_REQUEST['minicms_content']); $query = "SELECT cpos FROM {$CONFIG['TABLE_CMS']} WHERE conid='{$MINICMS['conid']}' ORDER BY cpos DESC LIMIT 1"; $result = cpg_db_query($query); if ($result) { $cms = mysql_fetch_array($result); mysql_free_result($result); $cms['cpos'] += 1;
} else { $comment_data = mysql_fetch_array($result); } if (GALLERY_ADMIN_MODE) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}'"; } elseif (USER_ID) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_id ='" . USER_ID . "' LIMIT 1"; } else { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE msg_id='{$msg_id}' AND author_md5_id ='{$USER['ID']}' AND author_id = '0' LIMIT 1"; } $result = cpg_db_query($query); $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: '; $redirect = "displayimage.php?pos=" . -$comment_data['pid']; header($header_location . $redirect); pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url={$redirect}\">"); msg_box($lang_info, $lang_delete_php['comment_deleted'], $lang_continue, $redirect); pagefooter(); ob_end_flush(); break; // Picture // Picture case 'picture': $pid = (int) $_GET['id']; pageheader($lang_delete_php['del_pic']); starttable("100%", $lang_delete_php['del_pic'], 6); output_table_header(); $aid = delete_picture($pid); output_caption(); echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; echo "<div class=\"admin_menu_thumb\"><a href=\"thumbnails.php?album={$aid}\" class=\"adm_menu\">{$lang_continue}</a></div>\n"; echo "</td></tr>\n";
$row = cpg_db_fetch_row($result); mysql_free_result($result); $hash = $row['order_md5_id']; header('Location: ' . str_replace('&', '&', "index.php?file=photo_shop/photo_shop_download_order&order={$hash}")); die; break; case "create_dir": if (!verify_paid($_GET['oid'])) { cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } $CONFIG['photo_shop_download_passwd_mail'] == '1' ? $send_admin_mail = true : ($send_admin_mail = false); pageheader($lang_photoshop_admin['o_board_title']); if (photo_shop_ipn_download(USER_ID, $_GET['oid'], $send_admin_mail, false)) { msg_box("{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%'); } else { msg_box("{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_created_folder_error']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], "index.php?file=photo_shop/photo_shop_myorders", '100%'); } pagefooter(); die; break; } } // end dowhat //now we do the bridging, this is very sucky... //we have to get all object vars from the bridge child and save them in an array, then we extend core_udb with photo shop functions $udb_var = get_object_vars($cpg_udb); class photo_shop_udb extends core_udb { function photo_shop_fetch_orders($box, $sort_codes, $sort, $lower_limit, $orders_per_page) { global $CONFIG, $udb_var;
if (is_array($element)) { if (!isset($post[$element[1]])) { /*cpg_die(CRITICAL_ERROR, "Missing admin value for '{$element[1]}'", __FILE__, __LINE__);*/ continue; } $value = addslashes($post[$element[1]]); if ($MINICMS[$element[1]] !== stripslashes($value)) { cpg_db_query("UPDATE {$CONFIG['TABLE_CMS_CONFIG']} SET value = '{$value}' WHERE name = '{$element[1]}'"); if ($CONFIG['log_mode'] == CPG_LOG_ALL) { log_write('CONFIG UPDATE SQL: ' . "UPDATE {$CONFIG['TABLE_CMS_CONFIG']} SET value = '{$value}' WHERE name = '{$element[1]}'\n" . 'TIME: ' . date("F j, Y, g:i a") . "\n" . 'USER: '******'user_name'], CPG_DATABASE_LOG); } } } } pageheader($lang_minicms['minicms']); msg_box($lang_minicms['minicms'], $lang_minicms['page_success'], $lang_common['continue'], 'index.php'); } pagefooter(); exit; } pageheader($lang_minicms['minicms']); $signature = 'Coppermine Photo Gallery ' . COPPERMINE_VERSION . ' (' . COPPERMINE_VERSION_STATUS . ')'; //echo "<form action=\"$PHP_SELF\" method=\"post\">"; echo "<form action=\"" . $CPG_PHP_SELF . '?file=minicms/cms_config' . "\" method=\"post\">"; starttable('100%', "{$lang_minicms['minicms']} - {$signature}", 2); create_form($lang_minicms_config); echo '</table></td></tr>'; echo <<<EOT <tr> <td align="left" class="tablef"> <table border="0" cellspacing="0" cellpadding="0" width="100%">
if (!empty($_POST['email'])) { $emailaddress = addslashes($_POST['email']); $sql = "SELECT user_id, user_group,user_active,user_name, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$emailaddress}' AND user_active = 'NO'"; $results = cpg_db_query($sql); if (mysql_num_rows($results)) { // something has been found start $USER_DATA = mysql_fetch_array($results); $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $USER_DATA['user_actkey']; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $USER_DATA['user_name'], '{ACT_LINK}' => $act_link); if (!cpg_mail($USER_DATA['user_email'], sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } // output the message pageheader($lang_send_activation_php['resend_act_link'], "<META http-equiv=\"refresh\" content=\"3;url=index.php\">"); $referer = 'index.php'; msg_box($lang_send_activation_php['resend_act_link'], sprintf($lang_send_activation_php['activation_email_sent'], $USER_DATA['user_email']), $lang_common['continue'], $referer); pagefooter(); exit; // something has been found end } else { $lookup_failed = <<<EOT <tr> <td colspan="2" align="center" class="tableh2"> <span style="color:red"><b>{$lang_send_activation_php['err_unk_user']}<b></span> </td> </tr> EOT; } } pageheader($lang_send_activation_php['resend_act_link']);
//user already logged in msg_box($lang_bridgemgr_php['recovery_success_title'], $lang_bridgemgr_php['recovery_success_content'], $lang_bridgemgr_php['goto_bridgemgr'], $_SERVER['PHP_SELF'], "-1"); } else { // user not logged in yet msg_box($lang_bridgemgr_php['recovery_success_title'], $lang_bridgemgr_php['recovery_success_content'] . '<br />' . $lang_bridgemgr_php['recovery_success_advice_login'], $lang_bridgemgr_php['goto_login'], "login.php?referer=" . $_SERVER['PHP_SELF'], "-1"); } } else { // authentification failed cpg_db_query("UPDATE {$CONFIG['TABLE_BRIDGE']} SET value = NOW() WHERE name = 'recovery_logon_timestamp'"); $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_failures'"); if (mysql_num_rows($results)) { $row = mysql_fetch_array($results); } $number_of_failed_attempts = $row['value'] + 1; cpg_db_query("UPDATE {$CONFIG['TABLE_BRIDGE']} SET value = '{$number_of_failed_attempts}' WHERE name = 'recovery_logon_failures'"); msg_box($lang_bridgemgr_php['recovery_failure_title'], $lang_bridgemgr_php['recovery_failure_content'], $lang_bridgemgr_php['try_again'], $_SERVER['PHP_SELF'], "-1"); } } break; default: // check if the wait time is over; if it isn't, disable the submit button $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_timestamp'"); if (mysql_num_rows($results)) { $row = mysql_fetch_array($results); } $recovery_logon_timestamp = $row['value']; //print $recovery_logon_timestamp; $results = cpg_db_query("SELECT value FROM {$CONFIG['TABLE_BRIDGE']} WHERE name = 'recovery_logon_failures'"); if (mysql_num_rows($results)) { $row = mysql_fetch_array($results); }
if ($superCage->post->keyExists('visiblehookpoints_display')) { if ($superCage->post->getInt('visiblehookpoints_display') == 1) { $value = 1; } elseif ($superCage->post->getInt('visiblehookpoints_display') == 0) { $value = 0; } else { $value = 2; } if ($value != $CONFIG['plugin_visiblehookpoints_display']) { $f = cpg_db_query("UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '{$value}' WHERE name = 'plugin_visiblehookpoints_display'"); if (version_compare(COPPERMINE_VERSION, '1.5.1') == -1) { $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: '; $redirect = "index.php?file=visiblehookpoints/index&action=config"; header($header_location . $redirect); pageheader('Information', "<meta http-equiv=\"refresh\" content=\"0;url={$redirect}\" />"); msg_box('Information', $lang_plugin_php['visiblehookpoints_settings_saved'], 'continue', $redirect); pagefooter(); ob_end_flush(); exit; } else { cpgRedirectPage('index.php?file=visiblehookpoints/index&action=config', $lang_common['information'], $lang_plugin_php['visiblehookpoints_settings_saved'], 1); } } } else { $message_id = ''; } pageheader($lang_plugin_php['visiblehookpoints_config_name'] . ' - ' . $lang_plugin_php['visiblehookpoints_plugin_config']); visiblehookpoints_configure(); break; default: cpg_die(ERROR, $lang_plugin_php['visiblehookpoints_error'], __FILE__, __LINE__);
$user_id = USER_ID; // Compose the query $query_string = "SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE ("; if (USER_ID) { $query_string .= "user_id={$user_id} OR "; } if ($raw_ip != $hdr_ip) { $query_string .= "'{$raw_ip}' LIKE ip_addr OR '{$hdr_ip}' LIKE ip_addr "; } elseif ($raw_ip != '') { $query_string .= "'{$raw_ip}' LIKE ip_addr "; } $query_string .= ") AND brute_force=0 LIMIT 1"; $result = cpg_db_query($query_string); unset($query_string); if (mysql_num_rows($result)) { pageheader($lang_common['error']); msg_box($lang_common['information'], $lang_errors['banned']); pagefooter(); exit; } mysql_free_result($result); // Retrieve the "private" album set if (!GALLERY_ADMIN_MODE && $CONFIG['allow_private_albums']) { get_private_album_set(); } if (!USER_IS_ADMIN && $CONFIG['offline'] && $CPG_PHP_SELF != 'login.php' && $CPG_PHP_SELF != 'update.php') { pageheader($lang_errors['offline_title']); msg_box($lang_errors['offline_title'], $lang_errors['offline_text']); pagefooter(); exit; }
$value = in_array($name, $field_list) ? '1' : '0'; $name = str_replace(' ', '_', $name); $sql = "UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '{$value}' WHERE name = 'plugin_displayfields_{$name}'"; cpg_db_query($sql); if ($CONFIG['log_mode'] == CPG_LOG_ALL) { log_write('CONFIG UPDATE SQL: ' . $sql . ";\n" . 'TIME: ' . date("F j, Y, g:i a") . "\n" . 'USER: '******'user_name'], CPG_DATABASE_LOG); } } $sql = "UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '{$_POST['admin_showall']}' WHERE name = 'plugin_displayfields_adminshowall'"; cpg_db_query($sql); if ($CONFIG['log_mode'] == CPG_LOG_ALL) { log_write('CONFIG UPDATE SQL: ' . $sql . ";\n" . 'TIME: ' . date("F j, Y, g:i a") . "\n" . 'USER: '******'user_name'], CPG_DATABASE_LOG); } } pageheader($lang_plugin_displayfields['display_name']); msg_box($lang_plugin_displayfields['display_name'], $lang_plugin_displayfields['page_success'], $lang_continue, 'index.php'); pagefooter(); exit; } pageheader($lang_plugin_displayfields['display_name']); starttable('100%', $lang_plugin_displayfields['display_name'] . ' - <a href="pluginmgr.php" class="admin_menu">Plugin Manager</a>', 3); echo '<tr><td>' . "\n"; echo <<<EOT \t<br /> \t<h3>{$lang_plugin_displayfields_config['select_fields']}:</h3> \t<form action="{$_SERVER['REQUEST_URI']}" method="post"> EOT; $field_cb = ''; $keys = array_keys($plugin_displayfields_params); sort($keys); for ($i = 0; $i < count($keys); $i++) {
// the password is empty. Is the current user the gallery admin? if ($USER_DATA['user_group'] == 1) { $USER_DATA['user_email'] = $CONFIG['gallery_admin_email']; } else { cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__); //not the gallery admin account } } // send the email if (!cpg_mail($USER_DATA['user_email'], sprintf($lang_forgot_passwd_php['passwd_reminder_subject'], $CONFIG['gallery_name']), sprintf($lang_forgot_passwd_php['passwd_reminder_body'], $USER_DATA['user_name'], $USER_DATA['user_password'], $CONFIG['ecards_more_pic_target'] . 'login.php'))) { cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__); } // output the message pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">"); $referer = 'login.php'; msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $USER_DATA['user_email']), $lang_continue, $referer); $USER_DATA['user_password'] = '******'; pagefooter(); exit; // something has been found end } else { $lookup_failed = <<<EOT <tr> <td colspan="2" align="center" class="tableh2"> <font size="1" color="red"><b>{$lang_forgot_passwd_php['err_unk_user']}<b></font> </td> </tr> EOT; } }
$CLEAN['remember_me'] = 1; } else { $CLEAN['remember_me'] = 0; } } $referer = $_GET['referer'] ? $_GET['referer'] : 'index.php'; if (strpos($referer, "http") !== false) { $referer = "index.php"; } $login_failed = ''; $cookie_warning = ''; if (isset($_POST['submitted'])) { if ($USER_DATA = $cpg_udb->login(addslashes($CLEAN['username']), addslashes($CLEAN['password']), isset($CLEAN['remember_me']))) { $referer = preg_replace("'&'", "&", $referer); pageheader($lang_login_php['login'], "<META http-equiv=\"refresh\" content=\"3;url={$referer}\">"); msg_box($lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']), $lang_common['continue'], $referer); pagefooter(); exit; } else { log_write("Failed login attempt with Username: {$CLEAN['username']} from IP {$_SERVER['REMOTE_ADDR']} on " . localised_date(-1, $log_date_fmt), CPG_SECURITY_LOG); $login_failed = <<<EOT <tr> <td colspan="2" align="center" class="tableh2"> <span style="color:red"><b>{$lang_login_php['err_login']}<b></span> </td> </tr> EOT; // get IP address of the person who tried to log in, look it up on the banning table and increase the brute force counter. If the brute force counter has reached a critical limit, set a regular banning record $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_BANNED']} WHERE ip_addr='{$raw_ip}' OR ip_addr='{$hdr_ip}'"); $failed_logon_counter = mysql_fetch_array($result); mysql_free_result($result);
function fix_ratepic() { //replaces distribution ratepic by function to manage votes if (defined("RATEPIC_PHP")) { global $CONFIG; // Check if required parameters are present if (!isset($_GET['pic']) || !isset($_GET['rate'])) { return ""; } $pic = (int) $_GET['pic']; $rate = (int) $_GET['rate']; $rate = min($rate, 10); $rate = max($rate, 1); // If user does not accept script's cookies, we don't accept the vote if (!isset($_COOKIE[$CONFIG['cookie_name'] . '_data'])) { header('Location: displayimage.php?pos=' . -$pic); exit; } // If referer is not displayimage.php we don't accept the vote if (!eregi("displayimage", $_SERVER["HTTP_REFERER"])) { header('Location: displayimage.php?pos=' . -$pic); exit; } // Retrieve picture/album information & check if user can rate picture, and if this is a contest - else let go to normal ratepic $sql = "SELECT a.votes as votes_allowed, a.contest, p.votes as votes, pic_rating, owner_id " . "FROM {$CONFIG['TABLE_PICTURES']} AS p, {$CONFIG['TABLE_ALBUMS']} AS a " . "WHERE p.aid = a.aid AND pid = '{$pic}' LIMIT 1"; $result = cpg_db_query($sql); if (!mysql_num_rows($result)) { return ""; } $row = mysql_fetch_array($result); if (!USER_CAN_RATE_PICTURES || $row['votes_allowed'] == 'NO' || $row['contest'] == 'NO') { return ""; } //removed previous votes for USER_ID cpg_db_query("DELETE FROM `{$CONFIG['TABLE_PREFIX']}user_votes` WHERE pid = {$pic} AND user_id = " . USER_ID); // insert new vote cpg_db_query("INSERT INTO `{$CONFIG['TABLE_PREFIX']}user_votes` SET pid = {$pic}, rating = {$rate},user_id = " . USER_ID); // get average rating and store them with the image $result = cpg_db_query("SELECT COUNT(rating), SUM(rating) FROM `{$CONFIG['TABLE_PREFIX']}user_votes` WHERE pid = {$pic}"); if ($row = mysql_fetch_array($result)) { $count = $row[0]; $average = round($row[1] * 2000.0 / $count); } else { $count = 0; $average = 0; } $result = cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET pic_rating = '{$average}', votes = {$count} WHERE pid = '{$pic}' LIMIT 1"); // record the details of hits for the picture if the option is set in CONFIG if ($CONFIG['vote_details']) { $client_details = cpg_determine_client(); $os = $client_details['os']; $browser = $client_details['browser']; $time = time(); $referer = addslashes(htmlentities($_SERVER['HTTP_REFERER'])); cpg_db_query("INSERT INTO {$CONFIG['TABLE_VOTE_STATS']} SET pid = {$pic},rating = {$rate},Ip = '{$raw_ip}',sdate = '{$time}',referer = '{$referer}',browser = '{$browser}',os = '{$os}'"); } $location = "displayimage.php?pos=" . -$pic; $header_location = @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ? 'Refresh: 0; URL=' : 'Location: '; header($header_location . $location); pageheader($lang_info, "<META http-equiv=\"refresh\" content=\"1;url={$location}\">"); msg_box($lang_info, $lang_rate_pic_php['rate_ok'], $lang_continue, $location); pagefooter(); ob_end_flush(); } return ""; }
} pagefooter(); die; break; case "copy_files": if (photo_shop_ipn_download_check($_GET['uid'], $_GET['oid'])) { $sql = "SELECT order_md5_id FROM {$CONFIG['TABLE_SHOP']} WHERE oid='{$_GET['oid']}' AND cd='1'"; $result = cpg_db_query($sql); $row = cpg_db_fetch_row($result); mysql_free_result($result); $hash = $row['order_md5_id']; header('Location: ' . str_replace('&', '&', "index.php?file=photo_shop/photo_shop_download_order&order={$hash}&return_lnk=index")); die; } else { pageheader($lang_photoshop_admin['o_board_title']); msg_box("{$lang_photoshop_ipn['ipn_no_download_items']} {$_GET['oid']}", "{$lang_photoshop_ipn['ipn_no_download_items']} {$_GET['oid']}", $lang_photoshop_ipn['ipn_continue'], str_replace('&', '&', "index.php?file=photo_shop/photo_shop_admin&box={$_REQUEST['box']}"), '100%'); pagefooter(); die; } break; case "paypal_log": $sql = "SELECT * FROM {$CONFIG['TABLE_SHOP_PAYPAL_LOG']} WHERE invoice='{$_GET['oid']}'"; $result = cpg_db_query($sql); $row = cpg_db_fetch_row($result); mysql_free_result($result); echo "<html><head><title>{$lang_photoshop_ipn['ipn_log']}</title></head><body bgcolor=lightgray><h3>{$lang_photoshop_ipn['ipn_log']}</h3>"; foreach ($row as $key => $value) { if (!is_numeric($key)) { echo "{$key}: {$value}<br>"; } }
} if ($slider_numberofpics != strval(intval($slider_numberofpics))) { $slider_numberofpics = 15; } if ($slider_numberofpics < 8) { $slider_numberofpics = 8; } if ($slider_speed != strval(intval($slider_speed))) { $slider_speed = 1; } if ($slider_speed > 10 || $slider_speed < 1) { $slider_speed = 1; } $s = "UPDATE `{$CONFIG['TABLE_PREFIX']}plugin_slider` SET slider_pictype=('{$slider_pictype}'), slider_autowidth=({$slider_autowidth}), slider_useenlarge=({$slider_useenlarge}), slider_album=('{$slider_album}'), slider_width=({$slider_width}), slider_numberofpics=({$slider_numberofpics}), slider_speed=({$slider_speed}), slider_bgcolor=('{$slider_bgcolor}'), slider_skipportrait=({$slider_skipportrait}), slider_align=('{$slider_align}')"; cpg_db_query($s); msg_box($lang_plugin_slider['display_name'], $lang_plugin_slider['update_success']); } require './plugins/slider/include/load_sliderset.php'; starttable('100%', $lang_plugin_slider['main_title'] . ' - Version ' . $lang_plugin_slider['version']); ?> <TR> <TD class=tableh2 colSpan=3><?php echo $lang_plugin_slider['main_title']; ?> </TD> </TR> <TR> <td><form action="<?php $_SERVER['PHP_SELF']; ?>
function check_user_info(&$error) { global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login; //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = addslashes($_POST['user_profile1']); $profile2 = addslashes($_POST['user_profile2']); $profile3 = addslashes($_POST['user_profile3']); $profile4 = addslashes($_POST['user_profile4']); $profile5 = addslashes($_POST['user_profile5']); $profile6 = addslashes($_POST['user_profile6']); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists']; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short']; } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short']; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff']; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch']; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email']; } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email']; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
break; case 'groups_alb_access': //show what albums user groups can see pageheader($lang_usermgr_php['groups_alb_access']); list_groups_alb_access(); pagefooter(); break; case 'group_alb_access': //show what albums specific group can see $group_id = $superCage->get->getInt('gid'); $sql = "\r\n SELECT group_name\r\n FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums\r\n WHERE group_id = {$group_id} AND albums.visibility = groups.group_id\r\n "; $result = cpg_db_query($sql); $group = mysql_fetch_array($result); if (!mysql_num_rows($result)) { pageheader($lang_usermgr_php['group_no_access']); msg_box($lang_usermgr_php['notice'] . ' ' . cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), $lang_usermgr_php['group_no_access']); } else { mysql_free_result($result); $group_name = $group['group_name']; pageheader(sprintf($lang_usermgr_php['group_can_access'], $group_name)); starttable(500, sprintf($lang_usermgr_php['group_can_access'], $group_name) . ' ' . cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), 3); echo "\r\n <td>{$lang_usermgr_php['category']}</td>\r\n <td>{$lang_common['album']}</td>\r\n <td>{$lang_usermgr_php['modify']}</td>\r\n "; list_group_alb_access($group_id); endtable(); } pagefooter(); break; default: cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1"); pageheader($lang_usermgr_php['title']); if ($superCage->post->keyExists('username') || $superCage->get->keyExists('username')) {
// Reset Password $new_password = $cpg_udb->make_password(); require 'include/passwordhash.inc.php'; $sql = "UPDATE {$cpg_udb->usertable} SET " . cpg_password_create_update_string($new_password) . " WHERE {$cpg_udb->field['email']} = '{$row['user_email']}'"; cpg_db_query($sql); $template_vars = array('{USER_NAME}' => $row['user_name'], '{PASSWORD}' => $new_password, '{SITE_LINK}' => $CONFIG['ecards_more_pic_target'] . (substr($CONFIG["ecards_more_pic_target"], -1) == '/' ? '' : '/') . 'login.php', '{SITE_NAME}' => $CONFIG['gallery_name']); // send the password if (!cpg_mail($row['user_email'], sprintf($lang_forgot_passwd_php['passwd_reset_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_forgot_passwd_php['reset_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_forgot_passwd_php['failed_sending_email'], __FILE__, __LINE__); } $sql = "DELETE FROM {$cpg_udb->sessionstable} WHERE session_id = '" . md5($CLEAN['key'] . $CLEAN['id']) . "'"; cpg_db_query($sql); // output the message pageheader($lang_forgot_passwd_php['forgot_passwd'], "<META http-equiv=\"refresh\" content=\"3;url=login.php\">"); $referer = 'login.php'; msg_box($lang_forgot_passwd_php['forgot_passwd'], sprintf($lang_forgot_passwd_php['email_sent'], $row['user_email']), $lang_common['continue'], $referer); $USER_DATA['user_password'] = '******'; pagefooter(); exit; } pageheader($lang_forgot_passwd_php['forgot_passwd']); echo '<form action="forgot_passwd.php" method="post" name="passwordreminder" id="cpgform">'; $email_icon = cpg_fetch_icon('mail', 2); $ok_icon = cpg_fetch_icon('ok', 2); starttable('-1', cpg_fetch_icon('key_enter', 2) . $lang_forgot_passwd_php['forgot_passwd'], 2); echo <<<EOT {$lookup_failed} <tr> <td class="tableb" width="40%">{$email_icon}{$lang_forgot_passwd_php['enter_email']}</td> <td class="tableb" width="60%"><input type="text" class="textinput" name="email" style="width: 100%" /></td>