/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Name
$tag_name = param('tag_name', 'string', true);
param_check_regexp('tag_name', '/^[^,]+$/', T_('Tags cannot contain commas.'));
$this->set('name', $tag_name);
if ($existing_tag_ID = $this->dbexists('tag_name', $tag_name)) {
// Other tag already exists with the same name:
if (empty($this->ID)) {
// Suggest to edit existing tag for new creating tag
param_error('tag_name', sprintf(T_('This tag already exists. Do you want to <a %s>edit the existing tag</a>?'), 'href="?ctrl=itemtags&action=edit&tag_ID=' . $existing_tag_ID . '"'));
} else {
// Suggest to merge for existing tag
global $DB, $Messages, $display_merge_tags_form;
$new_tag_posts = intval($DB->get_var('SELECT COUNT( itag_itm_ID ) FROM T_items__itemtag WHERE itag_tag_ID = ' . $DB->quote($existing_tag_ID)));
$old_tag_posts = intval($DB->get_var('SELECT COUNT( itag_itm_ID ) FROM T_items__itemtag WHERE itag_tag_ID = ' . $DB->quote($this->ID)));
// Set this to know to display a confirmation message to merge this tag
$this->merge_tag_ID = $existing_tag_ID;
$this->merge_message = sprintf(T_('The previously named "%s" tag (applied to %d posts) will be merged with the existing "%s" tag (already applied to %d posts). Are you sure?'), $this->dget('name'), $old_tag_posts, $tag_name, $new_tag_posts, 'href="?ctrl=itemtags&action=merge&old_tag_ID=' . $this->ID . '&tag_ID=' . $existing_tag_ID . '&' . url_crumb('tag') . '"', 'href="?ctrl=itemtags&action=edit&tag_ID=' . $this->ID . '"');
// Return FALSE to don't save current changes without confirmation
return false;
}
}
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
global $force_upload_forbiddenext;
// Extensions
$this->old_extensions = $this->extensions;
if (param_string_not_empty('ftyp_extensions', T_('Please enter file extensions separated by space.'))) {
// Check if estensions has a valid format
$GLOBALS['ftyp_extensions'] = strtolower(trim($GLOBALS['ftyp_extensions']));
$reg_exp = '/^[a-z0-9]+( [a-z0-9]+)*$/';
if (!preg_match($reg_exp, $GLOBALS['ftyp_extensions'], $res)) {
// Extensiosn has an invalid format
param_error('ftyp_extensions', T_('Invalid file extensions format.'));
}
}
$this->set_from_Request('extensions');
// Name
param_string_not_empty('ftyp_name', T_('Please enter a name.'));
$this->set_from_Request('name');
// Mime type
$this->old_mimetype = $this->mimetype;
// asimo> TODO: Consider to add some further validation for the ftyp_mimetype param value
// If it will be correctly validated, the corresponding db field collation may be changed to 'ascii_bin'
param_string_not_empty('ftyp_mimetype', T_('Please enter a mime type.'));
$this->set_from_Request('mimetype');
// Icon for the mime type
param('ftyp_icon', 'string', '');
$this->set_from_Request('icon');
// View type
param('ftyp_viewtype', 'string');
$this->set_from_Request('viewtype');
// Allowed to upload theses extensions
param('ftyp_allowed', 'string', 'registered');
if ($GLOBALS['ftyp_allowed'] != 'admin') {
// Check if the extension is in the array of the not allowed extensions (_advanced.php)
$not_allowed = false;
$extensions = explode(' ', $GLOBALS['ftyp_extensions']);
foreach ($extensions as $extension) {
if (in_array($extension, $force_upload_forbiddenext)) {
$not_allowed = true;
continue;
}
}
if ($not_allowed) {
// this extension is not allowed
$GLOBALS['ftyp_allowed'] = 'admin';
}
}
$this->set_from_Request('allowed');
return !param_errors_detected();
}
$edited_UserfieldGroup = new UserfieldGroup();
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('userfieldgroup');
// Check permission:
$current_User->check_perm('users', 'edit', true);
// load data from request
if ($edited_UserfieldGroup->load_from_Request()) {
// We could load data from form without errors:
// Insert in DB:
$DB->begin();
// because of manual assigning ID,
// member function Userfield::dbexists() is overloaded for proper functionality
$q = $edited_UserfieldGroup->dbexists();
if ($q) {
// We have a duplicate entry:
param_error('ufgp_ID', sprintf(T_('This user field group already exists. Do you want to <a %s>edit the existing user field group</a>?'), 'href="?ctrl=userfieldsgroups&action=edit&ufgp_ID=' . $q . '"'));
} else {
$edited_UserfieldGroup->dbinsert();
$Messages->add(T_('New User field group created.'), 'success');
}
$DB->commit();
if (empty($q)) {
// What next?
switch ($action) {
case 'create_copy':
// Redirect so that a reload doesn't write to the DB twice:
header_redirect('?ctrl=userfieldsgroups&action=new&ufgp_ID=' . $edited_UserfieldGroup->ID, 303);
// Will EXIT
// We have EXITed already at this point!!
break;
case 'create_new':
param('pass1', 'string', '');
param('pass2', 'string', '');
// Call plugin event to allow catching input in general and validating own things from DisplayRegisterFormFieldset event
$Plugins->trigger_event('RegisterFormSent', array('login' => &$login, 'email' => &$email, 'locale' => &$locale, 'pass1' => &$pass1, 'pass2' => &$pass2));
if ($Messages->count('error')) {
// a Plugin has added an error
break;
}
// Check profile params:
profile_check_params(array('login' => $login, 'pass1' => $pass1, 'pass2' => $pass2, 'email' => $email, 'pass_required' => true));
// We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
$login = strtolower($login);
$UserCache =& get_Cache('UserCache');
if ($UserCache->get_by_login($login)) {
// The login is already registered
param_error('login', sprintf(T_('The login «%s» is already registered, please choose another one.'), $login));
}
if ($Messages->count('error')) {
break;
}
$DB->begin();
$new_User =& new User();
$new_User->set('login', $login);
$new_User->set('pass', md5($pass1));
// encrypted
$new_User->set('nickname', $login);
$new_User->set_email($email);
$new_User->set('ip', $Hit->IP);
$new_User->set('domain', $Hit->get_remote_host(true));
$new_User->set('browser', $Hit->user_agent);
$new_User->set_datecreated($localtimenow);
/**
* Validate variable
*
* @param string param name
* @param string validator function name
* @param boolean true if variable value can't be empty
* @param custom error message
* @return boolean true if OK
*/
function param_validate($variable, $validator, $required = false, $custom_msg = NULL)
{
/* Tblue> Note: is_callable() does not check whether a function is
* disabled (http://www.php.net/manual/en/function.is-callable.php#79151).
*/
if (!is_callable($validator)) {
debug_die('Validator function ' . $validator . '() is not callable!');
}
if (!isset($GLOBALS[$variable])) {
// Variable not set, we cannot handle this using the validator function...
if ($required) {
// Add error:
param_check_not_empty($variable, $custom_msg);
return false;
}
return true;
}
if ($GLOBALS[$variable] === '' && !$required) {
// Variable is empty or not set. That's fine since it isn't required:
return true;
}
$msg = $validator($GLOBALS[$variable]);
if (!empty($msg)) {
if (!empty($custom_msg)) {
$msg = $custom_msg;
}
param_error($variable, $msg);
return false;
}
return true;
}
$Settings->set('newusers_revalidate_emailchg', $newusers_revalidate_emailchg);
param('newusers_grp_ID', 'integer', true);
$Settings->set('newusers_grp_ID', $newusers_grp_ID);
param_integer_range('newusers_level', 0, 9, T_('User level must be between %d and %d.'));
$Settings->set('newusers_level', $newusers_level);
param('default_blog_ID', 'integer', true);
$Settings->set('default_blog_ID', $default_blog_ID);
param_integer_range('user_minpwdlen', 1, 32, T_('Minimun password length must be between %d and %d.'));
$Settings->set('user_minpwdlen', $user_minpwdlen);
param('js_passwd_hashing', 'integer', 0);
$Settings->set('js_passwd_hashing', $js_passwd_hashing);
// Session timeout
$timeout_sessions = param('timeout_sessions', 'integer', $Settings->get_default('timeout_sessions'));
if ($timeout_sessions < 300) {
// lower than 5 minutes: not allowed
param_error('timeout_sessions', sprintf(T_('You cannot set a session timeout below %d seconds.'), 300));
} elseif ($timeout_sessions < 86400) {
// lower than 1 day: notice/warning
$Messages->add(sprintf(T_('Warning: your session timeout is just %d seconds. Your users may have to re-login often!'), $timeout_sessions), 'note');
}
$Settings->set('timeout_sessions', $timeout_sessions);
param_integer_range('reloadpage_timeout', 0, 99999, T_('Reload-page timeout must be between %d and %d.'));
$Settings->set('reloadpage_timeout', $reloadpage_timeout);
if (!$Messages->count('error')) {
if ($Settings->dbupdate()) {
$Messages->add(T_('General settings updated.'), 'success');
}
}
}
// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
$AdminUI->disp_html_head();
/**
* Load data from Request form fields.
*
* @param array groups of params to load
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($groups = array())
{
global $Messages, $default_locale, $DB;
/**
* @var User
*/
global $current_User;
if (param('blog_name', 'string', NULL) !== NULL) {
// General params:
$this->set_from_Request('name');
$this->set('shortname', param('blog_shortname', 'string', true));
$this->set('locale', param('blog_locale', 'string', $default_locale));
}
if (param('archive_links', 'string', NULL) !== NULL) {
// Archive link type:
$this->set_setting('archive_links', get_param('archive_links'));
$this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
}
if (param('chapter_links', 'string', NULL) !== NULL) {
// Chapter link type:
$this->set_setting('chapter_links', get_param('chapter_links'));
}
if (param('category_prefix', 'string', NULL) !== NULL) {
$category_prefix = get_param('category_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
param_error('category_prefix', T_('Invalid category prefix.'));
}
$this->set_setting('category_prefix', $category_prefix);
}
if (param('tag_links', 'string', NULL) !== NULL) {
// Tag page link type:
$this->set_setting('tag_links', get_param('tag_links'));
}
if (param('tag_prefix', 'string', NULL) !== NULL) {
$category_prefix = get_param('tag_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
param_error('tag_prefix', T_('Invalid category prefix.'));
}
$this->set_setting('tag_prefix', $category_prefix);
}
if (param('chapter_posts_per_page', 'integer', NULL) !== NULL) {
// Chapter link type:
$this->set_setting('chapter_posts_per_page', get_param('chapter_posts_per_page'), true);
$this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
}
if (param('single_links', 'string', NULL) !== NULL) {
// Single post link type:
$this->set_setting('single_links', get_param('single_links'));
}
if (param('blog_skin_ID', 'integer', NULL) !== NULL) {
// Default blog:
$this->set_from_Request('skin_ID');
}
if (param('what_to_show', 'string', NULL) !== NULL) {
// Show x days or x posts?:
$this->set_setting('what_to_show', get_param('what_to_show'));
param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
$this->set_setting('posts_per_page', get_param('posts_per_page'));
$this->set_setting('archive_mode', param('archive_mode', 'string', true));
$this->set_setting('orderby', param('orderby', 'string', true));
$this->set_setting('orderdir', param('orderdir', 'string', true));
}
if (param('feed_content', 'string', NULL) !== NULL) {
// How much content in feeds?
$this->set_setting('feed_content', get_param('feed_content'));
param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
$this->set_setting('posts_per_feed', get_param('posts_per_feed'));
}
if (param('blog_description', 'string', NULL) !== NULL) {
// Description:
$this->set_from_Request('shortdesc', 'blog_description');
}
if (param('blog_keywords', 'string', NULL) !== NULL) {
// Keywords:
$this->set_from_Request('keywords');
}
if (param('blog_tagline', 'html', NULL) !== NULL) {
// HTML tagline:
param_check_html('blog_tagline', T_('Invalid tagline'));
$this->set('tagline', get_param('blog_tagline'));
}
if (param('blog_longdesc', 'html', NULL) !== NULL) {
// HTML long description:
param_check_html('blog_longdesc', T_('Invalid long description'));
$this->set('longdesc', get_param('blog_longdesc'));
}
if (param('blog_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('blog_footer_text', T_('Invalid blog footer'));
$this->set_setting('blog_footer_text', get_param('blog_footer_text'));
}
if (param('single_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('single_item_footer_text', T_('Invalid single post footer'));
$this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
}
if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
$this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
}
if (param('blog_notes', 'html', NULL) !== NULL) {
// HTML notes:
param_check_html('blog_notes', T_('Invalid Blog Notes'));
$this->set('notes', get_param('blog_notes'));
}
if (in_array('pings', $groups)) {
// we want to load the ping checkboxes:
$blog_ping_plugins = param('blog_ping_plugins', 'array', array());
$blog_ping_plugins = array_unique($blog_ping_plugins);
$this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
}
if (in_array('features', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
$this->set('advanced_perms', param('advanced_perms', 'integer', 0));
$this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
$this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
$this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
}
if (param('blog_allowcomments', 'string', NULL) !== NULL) {
// Feedback options:
$this->set_from_Request('allowcomments');
$this->set_setting('new_feedback_status', param('new_feedback_status', 'string', 'draft'));
$this->set_setting('allow_rating', param('allow_rating', 'string', 'never'));
$this->set('allowtrackbacks', param('blog_allowtrackbacks', 'integer', 0));
// Public blog list
$this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
}
if (in_array('seo', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
$this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
$this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
$this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
$this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
$this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
$this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
$this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
$this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
$this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
$this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
$this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
$this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
$this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
$this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
$this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
$this->set_setting('title_link_type', param('title_link_type', 'string', ''));
$this->set_setting('permalinks', param('permalinks', 'string', ''));
}
/*
* ADVANCED ADMIN SETTINGS
*/
if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
// We have permission to edit advanced admin settings:
if (param('owner_login', 'string', NULL) !== NULL) {
// Permissions:
$UserCache =& get_Cache('UserCache');
$owner_User =& $UserCache->get_by_login(get_param('owner_login'), false, false);
if (empty($owner_User)) {
param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login')));
} else {
$this->set('owner_user_ID', $owner_User->ID);
$this->owner_User =& $owner_User;
}
}
if (param('blog_urlname', 'string', NULL) !== NULL) {
// check urlname
if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
$this->set_from_Request('urlname');
if (!preg_match('|^[A-Za-z0-9\\-]+$|', $this->urlname)) {
param_error('blog_urlname', T_('The url name is invalid.'));
}
if ($DB->get_var('SELECT COUNT(*)
FROM T_blogs
WHERE blog_urlname = ' . $DB->quote($this->get('urlname')) . '
AND blog_ID <> ' . $this->ID)) {
// urlname is already in use
param_error('blog_urlname', T_('This URL name is already in use by another blog. Please choose another name.'));
}
}
}
if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
// Blog URL parameters:
$this->set('access_type', $access_type);
if ($access_type == 'absolute') {
$blog_siteurl = param('blog_siteurl_absolute', 'string', true);
if (!preg_match('#^https?://.+#', $blog_siteurl)) {
$Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'), 'error');
}
$this->set('siteurl', $blog_siteurl);
} elseif ($access_type == 'relative') {
// relative siteurl
$blog_siteurl = param('blog_siteurl_relative', 'string', true);
if (preg_match('#^https?://#', $blog_siteurl)) {
$Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
}
$this->set('siteurl', $blog_siteurl);
} else {
$this->set('siteurl', '');
}
}
if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
// Aggregate list:
// fp> TODO: check perms on each aggregated blog (if changed)
// fp> TODO: better interface
if (!preg_match('#^([0-9]+(,[0-9]+)*)?$#', get_param('aggregate_coll_IDs'))) {
param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
}
$this->set_setting('aggregate_coll_IDs', get_param('aggregate_coll_IDs'));
}
if (param('source_file', 'string', NULL) !== NULL) {
// Static file:
$this->set_setting('source_file', get_param('source_file'));
$this->set_setting('static_file', param('static_file', 'string', ''));
}
if (param('blog_media_location', 'string', NULL) !== NULL) {
// Media files location:
$this->set_from_Request('media_location');
$this->set_media_subdir(param('blog_media_subdir', 'string', ''));
$this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
$this->set_media_url(param('blog_media_url', 'string', ''));
// check params
switch ($this->get('media_location')) {
case 'custom':
// custom path and URL
global $demo_mode, $media_path;
if ($this->get('media_fullpath') == '') {
param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
}
if (!preg_match('#^https?://#', $this->get('media_url'))) {
param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
}
if ($demo_mode) {
$canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
}
}
break;
case 'subdir':
global $media_path;
if ($this->get('media_subdir') == '') {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
} else {
// Test if it's below $media_path (subdir!)
$canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir'))));
} else {
// Validate if it's a valid directory name:
$subdir = substr($canonical_path, strlen($media_path));
if ($error = validate_dirname($subdir)) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
}
}
}
break;
}
}
}
return !param_errors_detected();
}
// Edit currency form:
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('currency');
// Check permission:
$current_User->check_perm('options', 'edit', true);
// Make sure we got an curr_ID:
param('curr_ID', 'integer', true);
// load data from request
if ($edited_Currency->load_from_Request()) {
// We could load data from form without errors:
// Update in DB:
$DB->begin();
$q = $edited_Currency->dbexists();
if ($q) {
// We have a duplicate entry:
param_error('curr_code', sprintf(T_('This currency already exists. Do you want to <a %s>edit the existing currency</a>?'), 'href="?ctrl=currencies&action=edit&curr_ID=' . $q . '"'));
} else {
$edited_Currency->dbupdate();
$Messages->add(T_('Currency updated.'), 'success');
}
$DB->commit();
if (empty($q)) {
// If no error, Redirect so that a reload doesn't write to the DB twice:
header_redirect('?ctrl=currencies', 303);
// Will EXIT
// We have EXITed already at this point!!
}
}
break;
case 'delete':
// Delete currency:
headers_content_mightcache('text/html');
phpinfo();
exit;
break;
case 'create_sample_hits':
$days = param('days', 'integer', 0);
$min_interval = param('min_interval', 'integer', 0);
$max_interval = param('max_interval', 'integer', 0);
if ($days < 1) {
param_error('days', 'Please enter how many days of stats to generate');
$action = 'show_create_hits';
break;
}
if ($min_interval > $max_interval || $min_interval < 0 || $max_interval <= 0) {
param_error('min_interval', 'Please enter correct interval values');
param_error('max_interval', 'Please enter correct interval values');
$action = 'show_create_hits';
break;
}
// Execute a creating of hits inside template in order to see a process
$template_action = 'create_sample_hits';
break;
case 'create_sample_messages':
$num_loops = param('num_loops', 'string', 0);
$num_messages = param('num_messages', 'string', 0);
$num_words = param('num_words', 'string', 0);
$max_users = param('max_users', 'string', 0);
if (!(param_check_number('num_loops', T_('"How many loops" field must be a number'), true) && param_check_number('num_messages', T_('"How many messages in each conversation" field must be a number'), true) && param_check_number('num_words', T_('"How many words in each message" field must be a number'), true) && param_check_number('max_users', T_('"Max # of participants in a conversation" field must be a number'), true))) {
// param errors
$action = 'show_create_messages';
break;
}
}
switch ($action) {
case 'new':
// Check that we have permission to edit options:
$current_User->check_perm('options', 'edit', true, NULL);
break;
case 'create':
// Check that we have permission to edit options:
$current_User->check_perm('options', 'edit', true, NULL);
// CREATE OBJECT:
load_class('/cron/model/_cronjob.class.php');
$edited_Cronjob =& new Cronjob();
$cjob_type = param('cjob_type', 'string', true);
if (!isset($cron_job_params[$cjob_type])) {
param_error('cjob_type', T_('Invalid job type'));
}
// start datetime:
param_date('cjob_date', T_('Please enter a valid date.'), true);
param_time('cjob_time');
$edited_Cronjob->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time')));
// repeat after:
$cjob_repeat_after_days = param('cjob_repeat_after_days', 'integer', 0);
$cjob_repeat_after_hours = param('cjob_repeat_after_hours', 'integer', 0);
$cjob_repeat_after_minutes = param('cjob_repeat_after_minutes', 'integer', 0);
$cjob_repeat_after = (($cjob_repeat_after_days * 24 + $cjob_repeat_after_hours) * 60 + $cjob_repeat_after_minutes) * 60;
// seconds
if ($cjob_repeat_after == 0) {
$cjob_repeat_after = NULL;
}
$edited_Cronjob->set('repeat_after', $cjob_repeat_after);
/**
* Load data from Request form fields.
*
* This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set).
*
* @param boolean true if we are returning to edit mode (new, switchtab...)
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($editing = false, $creating = false)
{
global $default_locale, $current_User, $localtimenow;
global $posttypes_reserved_IDs, $item_typ_ID;
// LOCALE:
if (param('post_locale', 'string', NULL) !== NULL) {
$this->set_from_Request('locale');
}
// POST TYPE:
$item_typ_ID = get_param('item_typ_ID');
if (empty($item_typ_ID)) {
// Try to get this from request if it has been not initialized by controller:
$item_typ_ID = param('item_typ_ID', 'integer', NULL);
}
if (!empty($item_typ_ID)) {
// Set new post type ID only if it is defined on request:
$this->set('ityp_ID', $item_typ_ID);
}
// URL associated with Item:
$post_url = param('post_url', 'string', NULL);
if ($post_url !== NULL) {
param_check_url('post_url', 'posting', '');
$this->set_from_Request('url');
}
if (empty($post_url) && $this->get_type_setting('use_url') == 'required') {
// URL must be entered
param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), '');
}
// Item parent ID:
$post_parent_ID = param('post_parent_ID', 'integer', NULL);
if ($post_parent_ID !== NULL) {
// If item parent ID is entered:
$ItemCache =& get_ItemCache();
if ($ItemCache->get_by_ID($post_parent_ID, false, false)) {
// Save only ID of existing item:
$this->set_from_Request('parent_ID');
} else {
// Display an error of the entered item parent ID is incorrect:
param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.'));
}
}
if (empty($post_parent_ID)) {
// If empty parent ID is entered:
if ($this->get_type_setting('use_parent') == 'required') {
// Item parent ID must be entered:
param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), '');
} else {
// Remove parent ID:
$this->set_from_Request('parent_ID');
}
}
if ($this->status == 'redirected' && empty($this->url)) {
// Note: post_url is not part of the simple form, so this message can be a little bit awkward there
param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!'));
}
// ISSUE DATE / TIMESTAMP:
$this->load_Blog();
if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) {
// Allow to update timestamp fields only if user has a permission to edit such fields
// and also if user has an access to back-office
$item_dateset = param('item_dateset', 'integer', NULL);
if ($item_dateset !== NULL) {
$this->set('dateset', $item_dateset);
if ($editing || $this->dateset == 1) {
// We can use user date:
if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) {
// only set it, if a (valid) date and time was given:
$this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time')));
// TODO: cleanup...
}
} elseif ($this->dateset == 0) {
// Set date to NOW:
$this->set('issue_date', date('Y-m-d H:i:s', $localtimenow));
}
}
}
// DEADLINE:
if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) {
$this->set_from_Request('datedeadline', 'item_deadline', true);
}
// SLUG:
if (param('post_urltitle', 'string', NULL) !== NULL) {
$this->set_from_Request('urltitle');
}
// <title> TAG:
$titletag = param('titletag', 'string', NULL);
if ($titletag !== NULL) {
$this->set_from_Request('titletag', 'titletag');
}
if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') {
// Title tag must be entered
param_check_not_empty('titletag', T_('Please provide a title tag.'), '');
}
// <meta> DESC:
$metadesc = param('metadesc', 'string', NULL);
if ($metadesc !== NULL) {
$this->set_setting('metadesc', get_param('metadesc'));
}
if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') {
// Meta description must be entered
param_check_not_empty('metadesc', T_('Please provide a meta description.'), '');
}
// <meta> KEYWORDS:
$metakeywords = param('metakeywords', 'string', NULL);
if ($metakeywords !== NULL) {
$this->set_setting('metakeywords', get_param('metakeywords'));
}
if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') {
// Meta keywords must be entered
param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), '');
}
// TAGS:
if ($current_User->check_perm('admin', 'restricted')) {
// User should has an access to back-office to edit tags
$item_tags = param('item_tags', 'string', NULL);
if ($item_tags !== NULL) {
$this->set_tags_from_string(get_param('item_tags'));
// Update setting 'suggest_item_tags' of the current User
global $UserSettings;
$UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0));
$UserSettings->dbupdate();
}
if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') {
// Tags must be entered
param_check_not_empty('item_tags', T_('Please provide at least one tag.'), '');
}
}
// WORKFLOW stuff:
param('item_st_ID', 'integer', NULL);
$this->set_from_Request('pst_ID', 'item_st_ID', true);
$item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL);
$item_assigned_user_login = param('item_assigned_user_login', 'string', NULL);
$this->assign_to($item_assigned_user_ID, $item_assigned_user_login);
$item_priority = param('item_priority', 'integer', NULL);
if ($item_priority !== NULL) {
// Set task priority only if it is gone from form
$this->set_from_Request('priority', 'item_priority', true);
}
// FEATURED checkbox:
$this->set('featured', param('item_featured', 'integer', 0), false);
// HIDE TEASER checkbox:
$this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0));
$goal_ID = param('goal_ID', 'integer', NULL);
if ($goal_ID !== NULL) {
// Goal ID
$this->set_setting('goal_ID', $goal_ID, true);
}
// ORDER:
param('item_order', 'double', NULL);
$this->set_from_Request('order', 'item_order', true);
// OWNER:
$this->creator_user_login = param('item_owner_login', 'string', NULL);
if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) {
// only admins can change the owner..
if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) {
$this->set_creator_by_login($this->creator_user_login);
}
}
// LOCATION COORDINATES:
if ($this->get_type_setting('use_coordinates') != 'never') {
// location coordinates are enabled, save map settings
param('item_latitude', 'double', NULL);
// get par value
$this->set_setting('latitude', get_param('item_latitude'), true);
param('item_longitude', 'double', NULL);
// get par value
$this->set_setting('longitude', get_param('item_longitude'), true);
param('google_map_zoom', 'integer', NULL);
// get par value
$this->set_setting('map_zoom', get_param('google_map_zoom'), true);
param('google_map_type', 'string', NULL);
// get par value
$this->set_setting('map_type', get_param('google_map_type'), true);
if ($this->get_type_setting('use_coordinates') == 'required') {
// The location coordinates are required
param_check_not_empty('item_latitude', T_('Please provide a latitude.'), '');
param_check_not_empty('item_longitude', T_('Please provide a longitude.'), '');
}
}
// CUSTOM FIELDS:
$custom_fields = $this->get_type_custom_fields();
foreach ($custom_fields as $custom_field) {
// update each custom field
$param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID'];
if (isset_param($param_name)) {
// param is set
$param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type'];
param($param_name, $param_type, NULL);
// get par value
$custom_field_make_null = $custom_field['type'] != 'double';
// store '0' values in DB for numeric fields
$this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null);
}
}
// COMMENTS:
if ($this->allow_comment_statuses()) {
// Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type
$post_comment_status = param('post_comment_status', 'string', 'open');
if (!empty($post_comment_status)) {
// 'open' or 'closed' or ...
$this->set_from_Request('comment_status');
}
}
// EXPIRY DELAY:
$expiry_delay = param_duration('expiry_delay');
if (empty($expiry_delay)) {
// Check if we have 'expiry_delay' param set as string from simple or mass form
$expiry_delay = param('expiry_delay', 'string', NULL);
}
if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') {
// Comment expiration must be entered
param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), '');
}
$this->set_setting('comment_expiry_delay', $expiry_delay, true);
// EXTRA PARAMS FROM MODULES:
modules_call_method('update_item_settings', array('edited_Item' => $this));
// RENDERERS:
if (param('renderers_displayed', 'integer', 0)) {
// use "renderers" value only if it has been displayed (may be empty)
global $Plugins;
$renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this));
$this->set('renderers', $renderers);
} else {
$renderers = $this->get_renderers_validated();
}
// CONTENT + TITLE:
if ($this->get_type_setting('allow_html')) {
// HTML is allowed for this post, we'll accept HTML tags:
$text_format = 'html';
} else {
// HTML is disallowed for this post, we'll encode all special chars:
$text_format = 'htmlspecialchars';
}
$editor_code = param('editor_code', 'string', NULL);
if ($editor_code) {
// Update item editor code if it was explicitly set
$this->set_setting('editor_code', $editor_code);
}
$content = param('content', $text_format, NULL);
if ($content !== NULL) {
// Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools)
param('post_title', 'htmlspecialchars', NULL);
// Do some optional filtering on the content
// Typically stuff that will help the content to validate
// Useful for code display.
// Will probably be used for validation also.
$Plugins_admin =& get_Plugins_admin();
$params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog);
$Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params);
// Title checking:
$use_title = $this->get_type_setting('use_title');
if ((!$editing || $creating) && $use_title == 'required') {
param_check_not_empty('post_title', T_('Please provide a title.'), '');
}
// Format raw HTML input to cleaned up and validated HTML:
param_check_html('content', T_('Invalid content.'));
$content = prepare_item_content(get_param('content'));
$this->set('content', $content);
$this->set('title', get_param('post_title'));
}
if (empty($content) && $this->get_type_setting('use_text') == 'required') {
// Content must be entered
param_check_not_empty('content', T_('Please enter some text.'), '');
}
// EXCERPT: (must come after content (to handle excerpt_autogenerated))
$post_excerpt = param('post_excerpt', 'text', NULL);
if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) {
$this->set('excerpt_autogenerated', 0);
// Set this to the '0' for saving a field 'excerpt' from a request
$this->set_from_Request('excerpt');
}
if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') {
// Content must be entered
param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), '');
}
// LOCATION (COUNTRY -> CITY):
load_funcs('regional/model/_regional.funcs.php');
// Check if this item has a special post type. Location is not required for special posts.
$not_special_post = !$this->is_special();
if ($this->country_visible()) {
// Save country
$country_ID = param('item_ctry_ID', 'integer', 0);
$country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist();
param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required);
$this->set_from_Request('ctry_ID', 'item_ctry_ID', true);
}
if ($this->region_visible()) {
// Save region
$region_ID = param('item_rgn_ID', 'integer', 0);
$region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID);
param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required);
$this->set_from_Request('rgn_ID', 'item_rgn_ID', true);
}
if ($this->subregion_visible()) {
// Save subregion
$subregion_ID = param('item_subrg_ID', 'integer', 0);
$subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID);
param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required);
$this->set_from_Request('subrg_ID', 'item_subrg_ID', true);
}
if ($this->city_visible()) {
// Save city
param('item_city_ID', 'integer', 0);
$city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID);
param_check_number('item_city_ID', T_('Please select a city'), $city_is_required);
$this->set_from_Request('city_ID', 'item_city_ID', true);
}
return !param_errors_detected();
}
}
break;
case 'update_settings':
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('collectionsettings');
// Check permission:
$current_User->check_perm('options', 'edit', true);
if (param('default_blog_ID', 'integer', NULL) !== NULL) {
$Settings->set('default_blog_ID', $default_blog_ID);
}
$Settings->set('blogs_order_by', param('blogs_order_by', 'string', true));
$Settings->set('blogs_order_dir', param('blogs_order_dir', 'string', true));
// Reload page timeout
$reloadpage_timeout = param_duration('reloadpage_timeout');
if ($reloadpage_timeout > 99999) {
param_error('reloadpage_timeout', sprintf(T_('Reload-page timeout must be between %d and %d seconds.'), 0, 99999));
}
$Settings->set('reloadpage_timeout', $reloadpage_timeout);
// Smart hit count
$Settings->set('smart_view_count', param('smart_view_count', 'integer', 0));
$new_cache_status = param('general_cache_enabled', 'integer', 0);
if (!$Messages->has_errors()) {
load_funcs('collections/model/_blog.funcs.php');
$result = set_cache_enabled('general_cache_enabled', $new_cache_status, NULL, false);
if ($result != NULL) {
// general cache setting was changed
list($status, $message) = $result;
$Messages->add($message, $status);
}
}
$Settings->set('newblog_cache_enabled', param('newblog_cache_enabled', 'integer', 0));
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Category
param('goal_gcat_ID', 'integer', true);
param_check_not_empty('goal_gcat_ID', T_('Please select a category.'));
$this->set_from_Request('gcat_ID');
// Name
$this->set_string_from_param('name', true);
// Key
$this->set_string_from_param('key', true);
// Temporary Redirection URL:
$this->set_string_from_param('temp_redir_url');
// Normal Redirection URL:
param('goal_redir_url', 'string');
if ($this->get('temp_redir_url') != '') {
// Normal Redirection URL is required when Temporary Redirection URL is not empty
param_check_not_empty('goal_redir_url', T_('Please enter Normal Redirection URL.'));
}
$this->set_from_Request('redir_url');
if ($this->get('temp_redir_url') != '' && $this->get('temp_redir_url') == $this->get('redir_url')) {
// Compare normal and temp urls
param_error('goal_temp_redir_url', T_('Temporary Redirection URL should not be equal to Normal Redirection URL'));
param_error('goal_redir_url', NULL, '');
}
// Temporary Start
$temp_start_date = param_date('goal_temp_start_date', T_('Please enter a valid date.'), false);
if (!empty($temp_start_date)) {
$temp_start_time = param('goal_temp_start_time', 'string');
$temp_start_time = empty($temp_start_time) ? '00:00:00' : param_time('goal_temp_start_time');
$this->set('temp_start_ts', form_date($temp_start_date, $temp_start_time));
} else {
$this->set('temp_start_ts', NULL);
}
// Temporary End
$temp_end_date = param_date('goal_temp_end_date', T_('Please enter a valid date.'), false);
if (!empty($temp_end_date)) {
$temp_end_time = param('goal_temp_end_time', 'string');
$temp_end_time = empty($temp_end_time) ? '00:00:00' : param_time('goal_temp_end_time');
$this->set('temp_end_ts', form_date($temp_end_date, $temp_end_time));
} else {
$this->set('temp_end_ts', NULL);
}
if ($this->get('temp_start_ts') !== NULL && $this->get('temp_end_ts') !== NULL && strtotime($this->get('temp_start_ts')) >= strtotime($this->get('temp_end_ts'))) {
// Compare Start and End dates
param_error('goal_temp_start_date', NULL, '');
param_error('goal_temp_start_time', NULL, '');
param_error('goal_temp_end_date', NULL, '');
param_error('goal_temp_end_time', T_('Temporary Start Date/Time should not be greater than Temporary End Date/Time'));
}
// Default value:
param('goal_default_value', 'string');
param_check_decimal('goal_default_value', T_('Default value must be a number.'));
$this->set_from_Request('default_value', 'goal_default_value', true);
// Notes
param('goal_notes', 'text');
$this->set_from_Request('notes', 'goal_notes');
return !param_errors_detected();
}
/**
* Checks for sanitized code.
*
* WARNING: this does *NOT* (necessarilly) make the HTML code safe.
* It only checks on it and produces error messages.
* It is NOT (necessarily) safe to use the output.
*
* @param string param name
* @param string error message
* @return boolean|string
*/
function param_check_html($var, $err_msg = '#', $field_err_msg = '#', $autobr = 0)
{
global $Messages;
$altered_html = check_html_sanity($GLOBALS[$var], 'posting', $autobr);
if ($altered_html === false) {
// We have errors, do not keep sanitization attemps:
if ($err_msg == '#') {
$err_msg = T_('Invalid XHTML.');
}
if ($field_err_msg == '#') {
$field_err_msg = T_('Invalid XHTML.');
}
param_error($var, $err_msg, $field_err_msg);
return false;
}
// Keep the altered HTML (balanced tags, etc.) - NOT necessarily safe if loose checking has been allowed.
$GLOBALS[$var] = $altered_html;
return $altered_html;
}
/**
* Check profile parameters and add errors through {@link param_error()}.
*
* @param array associative array.
* Either array( $value, $input_name ) or just $value;
* ($input_name gets used for associating it to a form fieldname)
* - 'login': check for non-empty
* - 'nickname': check for non-empty
* - 'icq': must be a number
* - 'email': mandatory, must be well formed
* - 'url': must be well formed, in allowed scheme, not blacklisted
* - 'pass1' / 'pass2': passwords (twice), must be the same and not == login (if given)
* - 'pass_required': false/true (default is true)
* @param User|NULL A user to use for additional checks (password != login/nick).
*/
function profile_check_params($params, $User = NULL)
{
global $Messages, $Settings;
foreach ($params as $k => $v) {
// normalize params:
if ($k != 'pass_required' && !is_array($v)) {
$params[$k] = array($v, $k);
}
}
// checking login has been typed:
if (isset($params['login']) && empty($params['login'][0])) {
param_error('login', T_('Please enter a login.'));
}
// checking the nickname has been typed
if (isset($params['nickname']) && empty($params['nickname'][0])) {
param_error($params['nickname'][1], T_('Please enter a nickname (can be the same as your login).'));
}
// if the ICQ UIN has been entered, check to see if it has only numbers
if (!empty($params['icq'][0])) {
if (!preg_match('#^[0-9]+$#', $params['icq'][0])) {
param_error($params['icq'][1], T_('The ICQ UIN can only be a number, no letters allowed.'));
}
}
// checking e-mail address
if (isset($params['email'][0])) {
if (empty($params['email'][0])) {
param_error($params['email'][1], T_('Please enter an e-mail address.'));
} elseif (!is_email($params['email'][0])) {
param_error($params['email'][1], T_('The email address is invalid.'));
}
}
// Checking URL:
if (isset($params['url'])) {
if ($error = validate_url($params['url'][0], 'commenting')) {
param_error($params['url'][1], T_('Supplied URL is invalid: ') . $error);
}
}
// Check passwords:
$pass_required = isset($params['pass_required']) ? $params['pass_required'] : true;
if (isset($params['pass1'][0]) && isset($params['pass2'][0])) {
if ($pass_required || !empty($params['pass1'][0]) || !empty($params['pass2'][0])) {
// Password is required or was given
// checking the password has been typed twice
if (empty($params['pass1'][0]) || empty($params['pass2'][0])) {
param_error($params['pass2'][1], T_('Please enter your password twice.'));
}
// checking the password has been typed twice the same:
if ($params['pass1'][0] !== $params['pass2'][0]) {
param_error($params['pass1'][1], T_('You typed two different passwords.'));
} elseif (strlen($params['pass1'][0]) < $Settings->get('user_minpwdlen')) {
param_error($params['pass1'][1], sprintf(T_('The minimum password length is %d characters.'), $Settings->get('user_minpwdlen')));
} elseif (isset($User) && $params['pass1'][0] == $User->get('login')) {
param_error($params['pass1'][1], T_('The password must be different from your login.'));
} elseif (isset($User) && $params['pass1'][0] == $User->get('nickname')) {
param_error($params['pass1'][1], T_('The password must be different from your nickname.'));
}
}
}
}
/**
* Check WordPress XML file for correct format
*
* @param string File path
* @param boolean TRUE - halt on errors
*/
function wpxml_check_file($file, $halt = false)
{
$internal_errors = libxml_use_internal_errors(true);
$xml = simplexml_load_file($file);
if (!$xml) {
// halt/display if loading produces an error
if ($halt) {
debug_die('There was an error when reading this WXR file');
} else {
param_error('wp_file', T_('There was an error when reading this WXR file'));
}
}
$wxr_version = $xml->xpath('/rss/channel/wp:wxr_version');
if (!$wxr_version) {
if ($halt) {
debug_die('This does not appear to be a WXR file, missing/invalid WXR version number');
} else {
param_error('wp_file', T_('This does not appear to be a WXR file, missing/invalid WXR version number'));
}
}
$wxr_version = (string) trim($wxr_version[0]);
if (!preg_match('/^\\d+\\.\\d+$/', $wxr_version)) {
// confirm that we are dealing with the correct file format
if ($halt) {
debug_die('This does not appear to be a WXR file, missing/invalid WXR version number');
} else {
param_error('wp_file', T_('This does not appear to be a WXR file, missing/invalid WXR version number'));
}
}
}
UPDATE T_plugins
SET plug_name = NULL,
plug_shortdesc = NULL
WHERE plug_ID = ' . $plugin_ID);
// Code:
$updated = $admin_Plugins->set_code($edit_Plugin->ID, $edited_plugin_code);
if (is_string($updated)) {
// error message
param_error('edited_plugin_code', $updated);
$action = 'edit_settings';
} elseif ($updated === 1) {
$Messages->add(T_('Plugin code updated.'), 'success');
}
// Priority:
if (!preg_match('~^1?\\d?\\d$~', $edited_plugin_priority)) {
param_error('edited_plugin_priority', T_('Plugin priority must be numeric (0-100).'));
} else {
$updated = $admin_Plugins->set_priority($edit_Plugin->ID, $edited_plugin_priority);
if ($updated === 1) {
$Messages->add(T_('Plugin priority updated.'), 'success');
}
}
// PluginSettings:
if ($edit_Plugin->Settings) {
if ($edit_Plugin->Settings->restore_defaults()) {
$Messages->add(T_('Restored default values.'), 'success');
} else {
$Messages->add(T_('Settings have not changed.'), 'note');
}
}
// Enable all events:
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
global $DB, $Settings, $UserSettings, $GroupCache, $Messages, $action;
global $current_User, $Session, $localtimenow;
$is_new_user = $this->ID == 0;
// ---- Login checking / START ----
$edited_user_login = param('edited_user_login', 'string');
if (empty($edited_user_login)) {
// Empty login
param_error('edited_user_login', T_('Please enter your login.'));
}
param_check_valid_login('edited_user_login');
$UserCache =& get_UserCache();
$UserLogin = $UserCache->get_by_login($edited_user_login);
if ($UserLogin && $UserLogin->ID != $this->ID) {
// The login is already registered
$login_error_message = T_('This login already exists.');
if ($current_User->check_perm('users', 'edit')) {
$login_error_message = sprintf(T_('This login «%s» already exists. Do you want to <a %s>edit the existing user</a>?'), $edited_user_login, 'href="' . get_user_settings_url('profile', $UserLogin->ID) . '"');
}
param_error('edited_user_login', $login_error_message);
}
if (!param_has_error('edited_user_login')) {
// We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes:
$this->set_from_Request('login', 'edited_user_login', true, 'utf8_strtolower');
}
// ---- Login checking / END ----
$is_identity_form = param('identity_form', 'boolean', false);
$is_admin_form = param('admin_form', 'boolean', false);
$has_full_access = $current_User->check_perm('users', 'edit');
$has_moderate_access = $current_User->check_perm('users', 'moderate');
// ******* Admin form or new user create ******* //
// In both cases current user must have users edit permission!
if (($is_admin_form || $is_identity_form && $is_new_user) && $has_moderate_access) {
// level/group and email options are displayed on identity form only when creating a new user.
if ($this->ID != 1) {
// the admin user group can't be changed
param_integer_range('edited_user_level', 0, 10, T_('User level must be between %d and %d.'));
$this->set_from_Request('level', 'edited_user_level', true);
$edited_user_Group = $GroupCache->get_by_ID(param('edited_user_grp_ID', 'integer'));
if ($has_full_access || $has_moderate_access && $edited_user_Group->get('level') < $current_User->get_Group()->get('level')) {
$this->set_Group($edited_user_Group);
}
}
param('edited_user_source', 'string', true);
$this->set_from_Request('source', 'edited_user_source', true);
// set email, without changing the user status
$edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
param_check_email('edited_user_email', true);
$this->set_email($edited_user_email, false);
if ($is_admin_form) {
// Admin form
$notification_sender_email = utf8_strtolower(param('notification_sender_email', 'string', true));
param_check_email('notification_sender_email');
if (!empty($notification_sender_email)) {
// Change a value of setting
$UserSettings->set('notification_sender_email', $notification_sender_email, $this->ID);
} elseif ($UserSettings->get('notification_sender_email', $this->ID) != '') {
// Delete a setting record from DB
$UserSettings->delete('notification_sender_email', $this->ID);
}
$notification_sender_name = param('notification_sender_name', 'string', true);
if (!empty($notification_sender_name)) {
// Change a value of setting
$UserSettings->set('notification_sender_name', $notification_sender_name, $this->ID);
} elseif ($UserSettings->get('notification_sender_name', $this->ID) != '') {
// Delete a setting record from DB
$UserSettings->delete('notification_sender_name', $this->ID);
}
if ($has_full_access && !isset($this->dbchanges['user_email'])) {
// If email address is not changed
// Update status of email address in the T_email_address table
$edited_email_status = param('edited_email_status', 'string');
$EmailAddressCache =& get_EmailAddressCache();
$EmailAddress =& $EmailAddressCache->get_by_name($this->get('email'), false, false);
if (!$EmailAddress && $edited_email_status != 'unknown') {
// Create new record in the T_email_address table
$EmailAddress = new EmailAddress();
$EmailAddress->set('address', $this->get('email'));
}
if (!empty($EmailAddress)) {
// Save status of an email address
$EmailAddress->set('status', $edited_email_status);
$EmailAddress->dbsave();
}
}
if ($current_User->check_perm('spamblacklist', 'edit')) {
// User can edit IP ranges
// Update status of IP range in DB
$edited_iprange_status = param('edited_iprange_status', 'string');
$IPRangeCache =& get_IPRangeCache();
$IPRange =& $IPRangeCache->get_by_ip(int2ip($UserSettings->get('created_fromIPv4', $this->ID)));
if (!$IPRange && !empty($edited_iprange_status)) {
// IP range doesn't exist in DB, Create new record
$ip_24bit_start = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.0', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
$ip_24bit_end = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.255', int2ip($UserSettings->get('created_fromIPv4', $this->ID))));
$IPRange = new IPRange();
$IPRange->set('IPv4start', $ip_24bit_start);
$IPRange->set('IPv4end', $ip_24bit_end);
$IPRange->set('user_count', 1);
}
if ($IPRange) {
// Save status of IP range
if ($IPRange->get('status') != 'blocked' && $edited_iprange_status == 'blocked') {
// Status was changed to blocked, we should increase counter
$IPRange->set('block_count', $IPRange->block_count + 1);
} else {
if ($IPRange->get('status') == 'blocked' && $edited_iprange_status != 'blocked') {
// Status was changed from blocked to another, we should decrease counter
$IPRange->set('block_count', $IPRange->block_count - 1);
}
}
$IPRange->set('status', $edited_iprange_status, true);
$IPRange->dbsave();
}
}
if ($current_User->check_perm('stats', 'edit')) {
// User can edit Domains
$DomainCache =& get_DomainCache();
// Update status of Domain in DB
$edited_domain_status = param('edited_domain_status', 'string');
$user_domain = $UserSettings->get('user_domain', $this->ID);
$Domain =& $DomainCache->get_by_name($user_domain, false, false);
if (!$Domain && $edited_domain_status != 'unknown' && !empty($user_domain)) {
// Domain doesn't exist in DB, Create new record
$Domain = new Domain();
$Domain->set('name', $user_domain);
}
if ($Domain) {
// Save status of Domain
$Domain->set('status', $edited_domain_status, true);
$Domain->dbsave();
}
// Update status of Initial referer in DB
load_funcs('sessions/model/_hitlog.funcs.php');
$edited_initial_referer_status = param('edited_initial_referer_status', 'string');
$initial_referer = $UserSettings->get('initial_referer', $this->ID);
$initial_referer_domain = url_part($initial_referer, 'host');
$Domain =& get_Domain_by_url($initial_referer);
if (!$Domain && $edited_initial_referer_status != 'unknown' && !empty($initial_referer_domain)) {
// Domain doesn't exist in DB, Create new record
$Domain = new Domain();
$Domain->set('name', $initial_referer_domain);
}
if ($Domain) {
// Save status of Domain
$Domain->set('status', $edited_initial_referer_status, true);
$Domain->dbsave();
}
}
}
}
// ******* Identity form ******* //
if ($is_identity_form) {
$can_edit_users = $current_User->check_perm('users', 'edit');
$edited_user_perms = array('edited-user', 'edited-user-required');
global $edited_user_age_min, $edited_user_age_max;
param('edited_user_age_min', 'string', true);
param('edited_user_age_max', 'string', true);
param_check_interval('edited_user_age_min', 'edited_user_age_max', T_('Age must be a number.'), T_('The first age must be lower than (or equal to) the second.'));
if (!param_has_error('edited_user_age_min') && $Settings->get('minimum_age') > 0 && !empty($edited_user_age_min) && $edited_user_age_min < $Settings->get('minimum_age')) {
// Limit user by minimum age
param_error('edited_user_age_min', sprintf(T_('You must be at least %d years old to use this service.'), $Settings->get('minimum_age')));
}
$this->set_from_Request('age_min', 'edited_user_age_min', true);
$this->set_from_Request('age_max', 'edited_user_age_max', true);
$firstname_editing = $Settings->get('firstname_editing');
if (in_array($firstname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $firstname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Firstname
param('edited_user_firstname', 'string', true);
if ($firstname_editing == 'edited-user-required') {
// First name is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_firstname', T_('Please enter your first name.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_firstname', T_('Please enter your first name.'));
}
}
$this->set_from_Request('firstname', 'edited_user_firstname', true);
}
$lastname_editing = $Settings->get('lastname_editing');
if (in_array($lastname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $lastname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Lastname
param('edited_user_lastname', 'string', true);
if ($lastname_editing == 'edited-user-required') {
// Last name is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_lastname', T_('Please enter last name.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_lastname', T_('Please enter last name.'));
}
}
$this->set_from_Request('lastname', 'edited_user_lastname', true);
}
$nickname_editing = $Settings->get('nickname_editing');
if (in_array($nickname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $nickname_editing != 'hidden' && $can_edit_users) {
// User has a permissions to save Nickname
param('edited_user_nickname', 'string', true);
if ($nickname_editing == 'edited-user-required') {
// Nickname is required
if ($can_edit_users) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_nickname', T_('Please enter your nickname.'), 'note');
} else {
// Display an error message
param_check_not_empty('edited_user_nickname', T_('Please enter your nickname.'));
}
}
$this->set_from_Request('nickname', 'edited_user_nickname', true);
}
param('edited_user_gender', 'string', '');
if (param_check_gender('edited_user_gender', $Settings->get('registration_require_gender') == 'required')) {
$this->set_from_Request('gender', 'edited_user_gender', true);
}
// ---- Locations / START ----
load_funcs('regional/model/_regional.funcs.php');
if (user_country_visible()) {
// Save country
$country_ID = param('edited_user_ctry_ID', 'integer', true);
$country_is_required = $Settings->get('location_country') == 'required' && countries_exist();
if ($country_is_required && $can_edit_users && $country_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_ctry_ID', T_('Please select a country.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_ctry_ID', T_('Please select a country.'), $country_is_required);
}
$this->set_from_Request('ctry_ID', 'edited_user_ctry_ID', true);
}
if (user_region_visible()) {
// Save region
$region_ID = param('edited_user_rgn_ID', 'integer', true);
$region_is_required = $Settings->get('location_region') == 'required' && regions_exist($country_ID);
if ($region_is_required && $can_edit_users && $region_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_rgn_ID', T_('Please select a region.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_rgn_ID', T_('Please select a region'), $region_is_required);
}
$this->set_from_Request('rgn_ID', 'edited_user_rgn_ID', true);
}
if (user_subregion_visible()) {
// Save subregion
$subregion_ID = param('edited_user_subrg_ID', 'integer', true);
$subregion_is_required = $Settings->get('location_subregion') == 'required' && subregions_exist($region_ID);
if ($subregion_is_required && $can_edit_users && $subregion_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_subrg_ID', T_('Please select a sub-region.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_subrg_ID', T_('Please select a sub-region.'), $subregion_is_required);
}
$this->set_from_Request('subrg_ID', 'edited_user_subrg_ID', true);
}
if (user_city_visible()) {
// Save city
$city_ID = param('edited_user_city_ID', 'integer', true);
$city_is_required = $Settings->get('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID);
if ($city_is_required && $can_edit_users && $city_ID == 0) {
// Display a note message if user can edit all users
param_add_message_to_Log('edited_user_city_ID', T_('Please select a city.'), 'note');
} else {
// Display an error message
param_check_number('edited_user_city_ID', T_('Please select a city.'), $city_is_required);
}
$this->set_from_Request('city_ID', 'edited_user_city_ID', true);
}
// ---- Locations / END ----
// ---- Organizations / START ----
$organizations = param('organizations', 'array:string');
$org_roles = param('org_roles', 'array:string');
$this->update_organizations($organizations, $org_roles);
// ---- Organizations / END ----
// ---- Additional Fields / START ----
// Load all defined userfields for following checking of required fields
$this->userfield_defs_load();
// EXPERIMENTAL user fields & EXISTING fields:
// Get indices of existing userfields:
$userfield_IDs = $DB->get_results('
SELECT uf_ID, uf_ufdf_ID
FROM T_users__fields
WHERE uf_user_ID = ' . $this->ID);
foreach ($userfield_IDs as $userfield) {
if (!isset($this->userfield_defs[$userfield->uf_ufdf_ID])) {
// If user field definition doesn't exist in DB then delete field value of this user:
$this->userfield_update($userfield->uf_ID, NULL);
continue;
}
$field_type = $this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'text' ? 'text' : 'string';
$uf_val = param('uf_' . $userfield->uf_ID, $field_type, '');
if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'list' && $uf_val == '---') {
// Option list has a value '---' for empty value
$uf_val = '';
}
$uf_val = trim(strip_tags($uf_val));
if (empty($uf_val) && $this->userfield_defs[$userfield->uf_ufdf_ID][2] == 'require') {
// Display error for empty required field
if ($current_User->check_perm('users', 'edit')) {
// Display a note message if user can edit all users
param_add_message_to_Log('uf_' . $userfield->uf_ID, sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$userfield->uf_ufdf_ID][1]), 'note');
} else {
// Display an error message
param_error('uf_' . $userfield->uf_ID, T_('Please enter a value.'));
}
} else {
// Update field
if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'url') {
// Check url fields
param_check_url('uf_' . $userfield->uf_ID, 'commenting');
}
if ($this->userfield_defs[$userfield->uf_ufdf_ID][4] == 'list') {
// Option "Multiple values" == "List style"
// Split by comma and save each phrase as separate field
$uf_val = explode(',', $uf_val);
foreach ($uf_val as $v => $val) {
$val = trim($val);
if ($v == 0) {
// Update field with first value
$this->userfield_update($userfield->uf_ID, $val);
} else {
if (!empty($val)) {
// Add a new field for new values
$this->userfield_add($userfield->uf_ufdf_ID, $val);
}
}
}
} else {
// Forbidden & Allowed fields
$this->userfield_update($userfield->uf_ID, $uf_val);
}
}
}
// Duplicate fields:
if ($is_new_user) {
$user_id = param('orig_user_ID', 'integer', 0);
if ($user_id !== 0) {
$userfield_IDs = $DB->get_results('
SELECT uf_ID, uf_ufdf_ID
FROM T_users__fields
WHERE uf_user_ID = ' . $user_id);
foreach ($userfield_IDs as $userfield_ID) {
$uf_val = param('uf_' . $userfield_ID->uf_ID, 'string', '');
$uf_type = $userfield_ID->uf_ufdf_ID;
if (!empty($uf_val)) {
$this->userfield_add($uf_type, $uf_val);
}
}
}
}
$uf_new_fields = param('uf_new', 'array:array:string');
// Recommended & required fields (it still not saved in DB)
$uf_add_fields = param('uf_add', 'array:array:string');
// Added fields
// Add a new field: (JS is not enabled)
if ($action == 'add_field') {
// Button 'Add' new field is pressed
$new_field_type = param('new_field_type', 'integer', 0);
if (empty($new_field_type)) {
// We cannot add a new field without type
param_error('new_field_type', T_('Please select a field type.'));
} else {
// Save an adding field(in the array) to display it again if errors will be exist
$new_field_type_exists = false;
if ($this->userfield_defs[$new_field_type][4] == 'allowed' || $this->userfield_defs[$new_field_type][4] == 'list') {
// This field can be duplicated
global $add_field_types;
$add_field_types = array($new_field_type);
} else {
// We should to solve we can add this field or don't
if (!isset($uf_new_fields[$new_field_type]) && !isset($uf_add_fields[$new_field_type])) {
// User is adding this field first time
if (is_array($userfield_IDs) && count($userfield_IDs) > 0) {
// User has fields that saved in DB
foreach ($userfield_IDs as $userfield) {
if ($userfield->uf_ufdf_ID == $new_field_type) {
// New adding field already exists for current user in DB
$new_field_type_exists = true;
break;
}
}
}
if (!$new_field_type_exists) {
// Field doesn't still exist for current user
global $add_field_types;
$add_field_types = array($new_field_type);
}
} else {
// Field exists, no duplicates available
$new_field_type_exists = true;
}
if ($new_field_type_exists) {
// Field already is added for current user, we should display error about this
param_error('new_field_type', T_('You already added this field, please select another.'));
}
}
if (!$new_field_type_exists) {
// Mark a new field to enter a value
param_error('uf_add[' . $new_field_type . '][]', T_('Please enter a value in this new field.'));
}
}
}
// Save a New recommended & require fields AND Adding fields
if (count($uf_new_fields) > 0 || count($uf_add_fields) > 0) {
$uf_fields = array('new' => $uf_new_fields, 'add' => $uf_add_fields);
foreach ($uf_fields as $uf_type => $uf_new_fields) {
if ($uf_type == 'add') {
// Save an adding fields to display it again if errors will be exist
global $add_field_types;
if (!isset($add_field_types)) {
// Don't rewrite already existing array
$add_field_types = array();
}
}
foreach ($uf_new_fields as $uf_new_id => $uf_new_vals) {
foreach ($uf_new_vals as $uf_new_val) {
if ($this->userfield_defs[$uf_new_id][0] == 'list' && $uf_new_val == '---') {
// Option list has a value '---' for empty value
$uf_new_val = '';
}
$uf_new_val = trim(strip_tags($uf_new_val));
if ($uf_new_val != '') {
// Insert a new field in DB if it is filled
if ($this->userfield_defs[$uf_new_id][0] == 'url') {
// Check url fields
param_check_url('uf_' . $uf_type . '[' . $uf_new_id . '][]', 'commenting');
}
if ($this->userfield_defs[$uf_new_id][4] == 'list') {
// Option "Multiple values" == "List style"
// Split by comma and save each phrase as separate field
$uf_new_val = explode(',', $uf_new_val);
foreach ($uf_new_val as $val) {
$val = trim($val);
if (!empty($val)) {
// Exclude empty values(spaces)
$this->userfield_add((int) $uf_new_id, $val);
}
}
} else {
// Forbidden & Allowed fields
$this->userfield_add((int) $uf_new_id, $uf_new_val);
}
} elseif (empty($uf_new_val) && $this->userfield_defs[$uf_new_id][2] == 'require') {
// Display error for empty required field & new adding field
if ($current_User->check_perm('users', 'edit')) {
// Display a note message if user can edit all users
param_add_message_to_Log('uf_' . $uf_type . '[' . $uf_new_id . '][]', sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$uf_new_id][1]), 'note');
} else {
// Display an error message
param_error('uf_' . $uf_type . '[' . $uf_new_id . '][]', T_('Please enter a value.'));
}
}
if ($uf_type == 'add') {
// Save new added field, it used on the _user_identity.form
$add_field_types[] = $uf_new_id;
}
}
}
}
}
// ---- Additional Fields / END ----
// update profileupdate_date, because a publicly visible user property was changed
$this->set_profileupdate_date();
}
// ******* Password form ******* //
$is_password_form = param('password_form', 'boolean', false);
if ($is_password_form || $is_new_user) {
$reqID = param('reqID', 'string', '');
global $edited_user_pass1, $edited_user_pass2;
$edited_user_pass1 = param('edited_user_pass1', 'string', true);
$edited_user_pass2 = param('edited_user_pass2', 'string', true);
// Remove the invalid chars from password vars
$edited_user_pass1 = preg_replace('/[<>&]/', '', $edited_user_pass1);
$edited_user_pass2 = preg_replace('/[<>&]/', '', $edited_user_pass2);
if ($is_new_user || !empty($reqID) && $reqID == $Session->get('core.changepwd.request_id')) {
// current password is not required:
// - new user creating process
// - password change requested by email
if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'))) {
// We can set password
$this->set_password($edited_user_pass2);
}
} else {
// ******* Password edit form ****** //
$current_user_pass = param('current_user_pass', 'string', true);
if ($this->ID != $current_User->ID) {
// Set the messages when admin changes a password of other user
$checkpwd_params = array('msg_pass_new' => T_('Please enter new password.'), 'msg_pass_twice' => T_('Please enter new password twice.'));
} else {
// Use default messages
$checkpwd_params = array();
}
if (!strlen($current_user_pass)) {
param_error('current_user_pass', T_('Please enter your current password.'));
param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
} else {
if ($has_full_access && $this->ID != $current_User->ID) {
// Admin is changing a password of other user, Check a password of current admin
$pass_to_check = $current_User->pass;
$current_user_salt = $current_User->salt;
} else {
// User is changing own pasword
$pass_to_check = $this->pass;
$current_user_salt = $this->salt;
}
if ($pass_to_check == md5($current_user_salt . $current_user_pass, true)) {
if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params)) {
// We can set password
$this->set_password($edited_user_pass2);
}
} else {
param_error('current_user_pass', T_('Your current password is incorrect.'));
param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params);
}
}
}
}
// Used in Preferences & Notifications forms
$has_messaging_perm = $this->check_perm('perm_messaging', 'reply');
// ******* Preferences form ******* //
$is_preferences_form = param('preferences_form', 'boolean', false);
if ($is_preferences_form) {
// Other preferences
param('edited_user_locale', 'string', true);
$this->set_from_Request('locale', 'edited_user_locale', true);
// Session timeout
$edited_user_timeout_sessions = param('edited_user_timeout_sessions', 'string', NULL);
if (isset($edited_user_timeout_sessions) && ($current_User->ID == $this->ID || $current_User->check_perm('users', 'edit'))) {
switch ($edited_user_timeout_sessions) {
case 'default':
$UserSettings->set('timeout_sessions', NULL, $this->ID);
break;
case 'custom':
$UserSettings->set('timeout_sessions', param_duration('timeout_sessions'), $this->ID);
break;
}
}
$UserSettings->set('show_online', param('edited_user_showonline', 'integer', 0), $this->ID);
}
// ******* Notifications form ******* //
$is_subscriptions_form = param('subscriptions_form', 'boolean', false);
if ($is_subscriptions_form) {
if ($action == 'subscribe') {
// Do only subscribe to new blog (Don't update the user's settings from the same form)
// A selected blog to subscribe
$subscribe_blog_ID = param('subscribe_blog', 'integer', 0);
// Get checkbox values:
$sub_items = param('sub_items_new', 'integer', 0);
$sub_comments = param('sub_comments_new', 'integer', 0);
// Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
if ($subscribe_blog_ID && ($sub_items || $sub_comments)) {
// We need to record values:
$DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
VALUES ( ' . $DB->quote($subscribe_blog_ID) . ', ' . $DB->quote($this->ID) . ', ' . $DB->quote($sub_items) . ', ' . $DB->quote($sub_comments) . ' )');
$Messages->add(T_('Subscriptions have been changed.'), 'success');
} else {
// Display an error message to inform user about incorrect actions
$Messages->add(T_('Please select at least one setting to subscribe on the selected blog.'), 'error');
}
} else {
// Update user's settings
// Email communication
$edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true));
param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.'));
param_check_email('edited_user_email', true);
$this->set_email($edited_user_email);
// set messaging options
if ($has_messaging_perm) {
$UserSettings->set('enable_PM', param('PM', 'integer', 0), $this->ID);
}
$emails_msgform = $Settings->get('emails_msgform');
if ($emails_msgform == 'userset' || $emails_msgform == 'adminset' && $current_User->check_perm('users', 'edit')) {
// enable email option is displayed only if user can set or if admin can set and current User is an administrator
$UserSettings->set('enable_email', param('email', 'integer', 0), $this->ID);
}
// Email format
$UserSettings->set('email_format', param('edited_user_email_format', 'string', 'auto'), $this->ID);
// set notification options
if ($has_messaging_perm) {
// update 'notify messages' only if user has messaging rights and this option was displayed
$UserSettings->set('notify_messages', param('edited_user_notify_messages', 'integer', 0), $this->ID);
$UserSettings->set('notify_unread_messages', param('edited_user_notify_unread_messages', 'integer', 0), $this->ID);
}
if ($this->check_role('post_owner')) {
// update 'notify_published_comments' only if user has at least one post or user has right to create new post
$UserSettings->set('notify_published_comments', param('edited_user_notify_publ_comments', 'integer', 0), $this->ID);
}
$is_comment_moderator = $this->check_role('comment_moderator');
if ($is_comment_moderator || $this->check_role('comment_editor')) {
// update 'notify_comment_moderation' only if user is comment moderator/editor at least in one blog
$UserSettings->set('notify_comment_moderation', param('edited_user_notify_cmt_moderation', 'integer', 0), $this->ID);
}
if ($this->check_perm('admin', 'restricted', false)) {
// update 'notify_meta_comments' only if edited user has a permission to back-office
$UserSettings->set('notify_meta_comments', param('edited_user_notify_meta_comments', 'integer', 0), $this->ID);
}
if ($is_comment_moderator) {
// update 'send_cmt_moderation_reminder' only if user is comment moderator at least in one blog
$UserSettings->set('send_cmt_moderation_reminder', param('edited_user_send_cmt_moderation_reminder', 'integer', 0), $this->ID);
}
if ($this->check_role('post_moderator')) {
// update 'notify_post_moderation' and 'send_cmt_moderation_reminder' only if user is post moderator at least in one blog
$UserSettings->set('notify_post_moderation', param('edited_user_notify_post_moderation', 'integer', 0), $this->ID);
$UserSettings->set('send_pst_moderation_reminder', param('edited_user_send_pst_moderation_reminder', 'integer', 0), $this->ID);
}
if ($this->grp_ID == 1) {
$UserSettings->set('send_activation_reminder', param('edited_user_send_activation_reminder', 'integer', 0), $this->ID);
}
if ($this->check_perm('users', 'edit')) {
// edited user has permission to edit all users, save notification preferences
$UserSettings->set('notify_new_user_registration', param('edited_user_notify_new_user_registration', 'integer', 0), $this->ID);
$UserSettings->set('notify_activated_account', param('edited_user_notify_activated_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_closed_account', param('edited_user_notify_closed_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_reported_account', param('edited_user_notify_reported_account', 'integer', 0), $this->ID);
$UserSettings->set('notify_changed_account', param('edited_user_notify_changed_account', 'integer', 0), $this->ID);
}
if ($this->check_perm('options', 'edit')) {
// edited user has permission to edit options, save notification preferences
$UserSettings->set('notify_cronjob_error', param('edited_user_notify_cronjob_error', 'integer', 0), $this->ID);
}
// Newsletter
$UserSettings->set('newsletter_news', param('edited_user_newsletter_news', 'integer', 0), $this->ID);
$UserSettings->set('newsletter_ads', param('edited_user_newsletter_ads', 'integer', 0), $this->ID);
// Emails limit per day
param_integer_range('edited_user_notification_email_limit', 0, 999, T_('Notificaiton email limit must be between %d and %d.'));
$UserSettings->set('notification_email_limit', param('edited_user_notification_email_limit', 'integer', 0), $this->ID);
param_integer_range('edited_user_newsletter_limit', 0, 999, T_('Newsletter limit must be between %d and %d.'));
$UserSettings->set('newsletter_limit', param('edited_user_newsletter_limit', 'integer', 0), $this->ID);
/**
* Update the subscriptions:
*/
$subs_blog_IDs = param('subs_blog_IDs', 'string', true);
$subs_item_IDs = param('subs_item_IDs', 'string', true);
// Work the blogs:
$subscription_values = array();
$unsubscribed = array();
$subs_blog_IDs = explode(',', $subs_blog_IDs);
foreach ($subs_blog_IDs as $loop_blog_ID) {
// Make sure no dirty hack is coming in here:
$loop_blog_ID = intval($loop_blog_ID);
// Get checkbox values:
$sub_items = param('sub_items_' . $loop_blog_ID, 'integer', 0);
$sub_comments = param('sub_comments_' . $loop_blog_ID, 'integer', 0);
if ($sub_items || $sub_comments) {
// We have a subscription for this blog
$subscription_values[] = "( {$loop_blog_ID}, {$this->ID}, {$sub_items}, {$sub_comments} )";
} else {
// No subscription here:
$unsubscribed[] = $loop_blog_ID;
}
}
// Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something
if (count($subscription_values)) {
// We need to record values:
$DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments )
VALUES ' . implode(', ', $subscription_values));
}
if (count($unsubscribed)) {
// We need to make sure some values are cleared:
$DB->query('DELETE FROM T_subscriptions
WHERE sub_user_ID = ' . $this->ID . '
AND sub_coll_ID IN (' . implode(', ', $unsubscribed) . ')');
}
// Individual post subscriptions
if (!empty($subs_item_IDs)) {
// user was subscribed to at least one post update notification
$subs_item_IDs = explode(',', $subs_item_IDs);
$unsubscribed = array();
foreach ($subs_item_IDs as $loop_item_ID) {
if (!param('item_sub_' . $loop_item_ID, 'integer', 0)) {
// user wants to unsubscribe from this post notifications
$unsubscribed[] = $loop_item_ID;
}
}
if (!empty($unsubscribed)) {
// unsubscribe list is not empty, delete not wanted subscriptions
$DB->query('DELETE FROM T_items__subscriptions
WHERE isub_user_ID = ' . $this->ID . '
AND isub_item_ID IN (' . implode(', ', $unsubscribed) . ')');
}
}
}
}
// ******* Advanced form ******* //
$is_advanced_form = param('advanced_form', 'boolean', false);
if ($is_advanced_form) {
$UserSettings->set('admin_skin', param('edited_user_admin_skin', 'string'), $this->ID);
// Action icon params:
param_integer_range('edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
$UserSettings->set('action_icon_threshold', param('edited_user_action_icon_threshold', 'integer', true), $this->ID);
param_integer_range('edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.'));
$UserSettings->set('action_word_threshold', param('edited_user_action_word_threshold', 'integer'), $this->ID);
$UserSettings->set('display_icon_legend', param('edited_user_legend', 'integer', 0), $this->ID);
// Set bozo validador activation
$UserSettings->set('control_form_abortions', param('edited_user_bozo', 'integer', 0), $this->ID);
// Focus on first
$UserSettings->set('focus_on_first_input', param('edited_user_focusonfirst', 'integer', 0), $this->ID);
// Results per page
$edited_user_results_page_size = param('edited_user_results_page_size', 'integer', NULL);
if (isset($edited_user_results_page_size)) {
$UserSettings->set('results_per_page', $edited_user_results_page_size, $this->ID);
}
}
if ($is_preferences_form || $is_identity_form && $is_new_user) {
// Multiple session
$multiple_sessions = $Settings->get('multiple_sessions');
if ($multiple_sessions != 'adminset_default_no' && $multiple_sessions != 'adminset_default_yes' || $current_User->check_perm('users', 'edit')) {
$UserSettings->set('login_multiple_sessions', param('edited_user_set_login_multiple_sessions', 'integer', 0), $this->ID);
}
}
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Group
param_string_not_empty('ufdf_ufgp_ID', T_('Please select a group.'));
$this->set_from_Request('ufgp_ID');
// Type
param_string_not_empty('ufdf_type', T_('Please enter a type.'));
$this->set_from_Request('type');
// Name
param_string_not_empty('ufdf_name', T_('Please enter a name.'));
$this->set_from_Request('name');
// Options
if (param('ufdf_type', 'string') == 'list') {
// Save 'Options' only for Field type == 'Option list'
$ufdf_options = explode("\n", param('ufdf_options', 'text'));
if (count($ufdf_options) < 2) {
// We don't want save an option list with one item
param_error('ufdf_options', T_('Please enter at least 2 options on 2 different lines.'));
}
$this->set_from_Request('options');
}
// Required
param_string_not_empty('ufdf_required', 'Please select Hidden, Optional, Recommended or Required.');
$this->set_from_Request('required');
// Duplicated
param_string_not_empty('ufdf_duplicated', 'Please select Forbidden, Allowed or List style.');
$this->set_from_Request('duplicated');
// Order
if ($this->group_ID != $this->ufgp_ID) {
// Group is changing, set order as last
$this->set('order', $this->get_last_order($this->ufgp_ID));
}
// Suggest
if (param('ufdf_type', 'string') == 'word') {
// Save 'Suggest values' only for Field type == 'Single word'
param('ufdf_suggest', 'integer', 0);
$this->set_from_Request('suggest');
}
// Bubbletip
param('ufdf_bubbletip', 'text', '');
$this->set_from_Request('bubbletip');
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @param array groups of params to load
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($groups = array())
{
global $Messages, $default_locale, $DB;
/**
* @var User
*/
global $current_User;
// Load collection settings and clear update cascade array
$this->load_CollectionSettings();
$this->CollectionSettings->clear_update_cascade();
if (param('blog_name', 'string', NULL) !== NULL) {
// General params:
$this->set_from_Request('name');
$this->set('shortname', param('blog_shortname', 'string', true));
$this->set('locale', param('blog_locale', 'string', $default_locale));
}
if (param('archive_links', 'string', NULL) !== NULL) {
// Archive link type:
$this->set_setting('archive_links', get_param('archive_links'));
$this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
}
if (param('chapter_links', 'string', NULL) !== NULL) {
// Chapter link type:
$this->set_setting('chapter_links', get_param('chapter_links'));
}
if (param('category_prefix', 'string', NULL) !== NULL) {
$category_prefix = get_param('category_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
param_error('category_prefix', T_('Invalid category prefix.'));
}
$this->set_setting('category_prefix', $category_prefix);
}
if (param('atom_redirect', 'string', NULL) !== NULL) {
param_check_url('atom_redirect', 'commenting');
$this->set_setting('atom_redirect', get_param('atom_redirect'));
param('rss2_redirect', 'string', NULL);
param_check_url('rss2_redirect', 'commenting');
$this->set_setting('rss2_redirect', get_param('rss2_redirect'));
}
if (param('image_size', 'string', NULL) !== NULL) {
$this->set_setting('image_size', get_param('image_size'));
}
if (param('tag_links', 'string', NULL) !== NULL) {
// Tag page link type:
$this->set_setting('tag_links', get_param('tag_links'));
}
if (param('tag_prefix', 'string', NULL) !== NULL) {
$tag_prefix = get_param('tag_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
param_error('tag_prefix', T_('Invalid tag prefix.'));
}
$this->set_setting('tag_prefix', $tag_prefix);
}
// Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
$this->set_setting('tag_prefix', 'tag');
}
// Use rel="tag" attribute? (checkbox)
$this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
if (param('chapter_content', 'string', NULL) !== NULL) {
// What kind of content on chapter pages?
$this->set_setting('chapter_content', get_param('chapter_content'));
}
if (param('tag_content', 'string', NULL) !== NULL) {
// What kind of content on tags pages?
$this->set_setting('tag_content', get_param('tag_content'));
}
if (param('archive_content', 'string', NULL) !== NULL) {
// What kind of content on archive pages?
$this->set_setting('archive_content', get_param('archive_content'));
}
if (param('filtered_content', 'string', NULL) !== NULL) {
// What kind of content on filtered pages?
$this->set_setting('filtered_content', get_param('filtered_content'));
}
if (param('main_content', 'string', NULL) !== NULL) {
// What kind of content on main pages?
$this->set_setting('main_content', get_param('main_content'));
}
// Chapter posts per page:
$this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
// Tag posts per page:
$this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
if (param('single_links', 'string', NULL) !== NULL) {
// Single post link type:
$this->set_setting('single_links', get_param('single_links'));
}
if (param('slug_limit', 'integer', NULL) !== NULL) {
// Limit slug length:
$this->set_setting('slug_limit', get_param('slug_limit'));
}
if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
// Default blog:
$this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
}
if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
// Default blog:
$this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
}
if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
// Default blog:
$this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
}
if (param('archives_sort_order', 'string', NULL) !== NULL) {
$this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
}
if (param('feed_content', 'string', NULL) !== NULL) {
// How much content in feeds?
$this->set_setting('feed_content', get_param('feed_content'));
param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
$this->set_setting('posts_per_feed', get_param('posts_per_feed'));
}
if (param('comment_feed_content', 'string', NULL) !== NULL) {
// How much content in comment feeds?
$this->set_setting('comment_feed_content', get_param('comment_feed_content'));
param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
$this->set_setting('comments_per_feed', get_param('comments_per_feed'));
}
if (param('require_title', 'string', NULL) !== NULL) {
// Title for items required?
$this->set_setting('require_title', get_param('require_title'));
}
if (param('blog_description', 'string', NULL) !== NULL) {
// Description:
$this->set_from_Request('shortdesc', 'blog_description');
}
if (param('blog_keywords', 'string', NULL) !== NULL) {
// Keywords:
$this->set_from_Request('keywords');
}
if (param('blog_tagline', 'html', NULL) !== NULL) {
// HTML tagline:
param_check_html('blog_tagline', T_('Invalid tagline'));
$this->set('tagline', get_param('blog_tagline'));
}
if (param('blog_longdesc', 'html', NULL) !== NULL) {
// HTML long description:
param_check_html('blog_longdesc', T_('Invalid long description'));
$this->set('longdesc', get_param('blog_longdesc'));
}
if (param('blog_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('blog_footer_text', T_('Invalid blog footer'));
$this->set_setting('blog_footer_text', get_param('blog_footer_text'));
}
if (param('single_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('single_item_footer_text', T_('Invalid single post footer'));
$this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
}
if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
$this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
}
if (param('blog_notes', 'html', NULL) !== NULL) {
// HTML notes:
param_check_html('blog_notes', T_('Invalid Blog Notes'));
$this->set('notes', get_param('blog_notes'));
param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
$this->set_setting('max_footer_credits', get_param('max_footer_credits'));
}
if (in_array('pings', $groups)) {
// we want to load the ping checkboxes:
$blog_ping_plugins = param('blog_ping_plugins', 'array/string', array());
$blog_ping_plugins = array_unique($blog_ping_plugins);
$this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
}
if (in_array('authors', $groups)) {
// we want to load the multiple authors params
$this->set('advanced_perms', param('advanced_perms', 'integer', 0));
$this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
}
if (in_array('features', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('allow_html_post', param('allow_html_post', 'integer', 0));
$this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
$this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
$this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
$this->set_setting('post_categories', param('post_categories', 'string', NULL));
$this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
// Show x days or x posts?:
$this->set_setting('what_to_show', param('what_to_show', 'string', ''));
param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
$this->set_setting('posts_per_page', get_param('posts_per_page'));
$this->set_setting('orderby', param('orderby', 'string', true));
$this->set_setting('orderdir', param('orderdir', 'string', true));
// Time frame
$this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
$this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
$this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
$this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
// Location
$location_country = param('location_country', 'string', 'hidden');
$location_region = param('location_region', 'string', 'hidden');
$location_subregion = param('location_subregion', 'string', 'hidden');
$location_city = param('location_city', 'string', 'hidden');
if ($location_city == 'required') {
// If city is required - all location fields also are required
$location_country = $location_region = $location_subregion = 'required';
} else {
if ($location_subregion == 'required') {
// If subregion is required - country & region fields also are required
$location_country = $location_region = 'required';
} else {
if ($location_region == 'required') {
// If region is required - country field also is required
$location_country = 'required';
}
}
}
$this->set_setting('location_country', $location_country);
$this->set_setting('location_region', $location_region);
$this->set_setting('location_subregion', $location_subregion);
$this->set_setting('location_city', $location_city);
// Set to show Latitude & Longitude params for this blog items
$this->set_setting('show_location_coordinates', param('show_location_coordinates', 'integer', 0));
// Load custom double & varchar fields
$custom_field_names = array();
$this->load_custom_fields('double', $update_cascade_query, $custom_field_names);
$this->load_custom_fields('varchar', $update_cascade_query, $custom_field_names);
if (!empty($update_cascade_query)) {
// Some custom fields were deleted and these fields must be deleted from the item settings table also. Add required query.
$this->CollectionSettings->add_update_cascade($update_cascade_query);
}
// call modules update_collection_features on this blog
modules_call_method('update_collection_features', array('edited_Blog' => &$this));
}
if (in_array('comments', $groups)) {
// we want to load the workflow checkboxes:
// load moderation statuses
$moderation_statuses = get_visibility_statuses('moderation');
$blog_moderation_statuses = array();
foreach ($moderation_statuses as $status) {
if (param('notif_' . $status, 'integer', 0)) {
$blog_moderation_statuses[] = $status;
}
}
$this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
$this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
$this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
$this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
$this->set_setting('comments_register', param('comments_register', 'integer', 0));
}
if (in_array('other', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
$this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
$this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
// Public blog list
$this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0));
$this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
$this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
$this->set_setting('archive_mode', param('archive_mode', 'string', true));
}
if (param('allow_comments', 'string', NULL) !== NULL) {
// Feedback options:
$this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
$this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
$new_feedback_status = param('new_feedback_status', 'string', 'draft');
if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
// Only admin can set this setting to 'Public'
$this->set_setting('new_feedback_status', $new_feedback_status);
}
$this->set_setting('disable_comments_bypost', param('disable_comments_bypost', 'string', '0'));
$this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
$this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
$this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
$this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
$this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
$this->set_setting('rating_question', param('rating_question', 'text'));
$this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
$blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
// Only admin can turn ON this setting
$this->set('allowtrackbacks', $blog_allowtrackbacks);
}
$this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
// call modules update_collection_comments on this blog
modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
$threaded_comments = param('threaded_comments', 'integer', 0);
$this->set_setting('threaded_comments', $threaded_comments);
$this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
$this->set_setting('comments_per_page', get_param('comments_per_page'));
$this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
$this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
}
if (in_array('seo', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
$this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
$this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
$this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
$this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
$this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
$this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
$this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
$this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
$this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
$this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
$this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
$this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
$this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
$this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
$this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
$this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
$this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
$this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
$this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
$this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
$this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
$this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
$this->set_setting('title_link_type', param('title_link_type', 'string', ''));
$this->set_setting('permalinks', param('permalinks', 'string', ''));
$this->set_setting('404_response', param('404_response', 'string', ''));
$this->set_setting('help_link', param('help_link', 'string', ''));
$this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
$this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
$this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
}
/*
* ADVANCED ADMIN SETTINGS
*/
if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
// We have permission to edit advanced admin settings:
if (in_array('cache', $groups)) {
// we want to load the cache params:
$this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
$this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
$this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
}
if (in_array('styles', $groups)) {
// we want to load the styles params:
$this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
$this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
}
if (in_array('login', $groups)) {
// we want to load the login params:
$this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
$this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
}
if (param('blog_head_includes', 'html', NULL) !== NULL) {
// HTML header includes:
param_check_html('blog_head_includes', T_('Invalid Custom meta section'));
$this->set_setting('head_includes', get_param('blog_head_includes'));
}
if (param('blog_footer_includes', 'html', NULL) !== NULL) {
// HTML header includes:
param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
$this->set_setting('footer_includes', get_param('blog_footer_includes'));
}
if (param('owner_login', 'string', NULL) !== NULL) {
// Permissions:
$UserCache =& get_UserCache();
$owner_User =& $UserCache->get_by_login(get_param('owner_login'));
if (empty($owner_User)) {
param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login')));
} else {
$this->set('owner_user_ID', $owner_User->ID);
$this->owner_User =& $owner_User;
}
}
if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
// check urlname
if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) {
if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»"));
$blog_urlname = NULL;
}
if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
FROM T_blogs
WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
AND blog_ID <> ' . $this->ID)) {
// urlname is already in use
param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another blog. Please choose another name.'), "«{$blog_urlname}»"));
$blog_urlname = NULL;
}
if (isset($blog_urlname)) {
$this->set_from_Request('urlname');
}
}
}
if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
// Blog URL parameters:
$this->set('access_type', $access_type);
if ($access_type == 'absolute') {
$blog_siteurl = param('blog_siteurl_absolute', 'string', true);
if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
// It looks like valid absolute URL, so we may update the blog siteurl
$this->set('siteurl', $blog_siteurl);
} else {
// It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
$Messages->add(T_('Blog Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . ' ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
}
} elseif ($access_type == 'relative') {
// relative siteurl
$blog_siteurl = param('blog_siteurl_relative', 'string', true);
if (preg_match('#^https?://#', $blog_siteurl)) {
$Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
}
$this->set('siteurl', $blog_siteurl);
} else {
$this->set('siteurl', '');
}
}
if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
// Aggregate list: (can be '*')
$aggregate_coll_IDs = get_param('aggregate_coll_IDs');
if ($aggregate_coll_IDs != '*') {
// Sanitize the string
$aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
}
// fp> TODO: check perms on each aggregated blog (if changed)
// fp> TODO: better interface
if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!'));
}
$this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
}
if (param('blog_media_location', 'string', NULL) !== NULL) {
// Media files location:
$this->set_from_Request('media_location');
$this->set_media_subdir(param('blog_media_subdir', 'string', ''));
$this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
$this->set_media_url(param('blog_media_url', 'string', ''));
// check params
switch ($this->get('media_location')) {
case 'custom':
// custom path and URL
global $demo_mode, $media_path;
if ($this->get('media_fullpath') == '') {
param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
}
if (!preg_match('#^https?://#', $this->get('media_url'))) {
param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
}
if ($demo_mode) {
$canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
}
}
break;
case 'subdir':
global $media_path;
if ($this->get('media_subdir') == '') {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
} else {
// Test if it's below $media_path (subdir!)
$canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir'))));
} else {
// Validate if it's a valid directory name:
$subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
if ($error = validate_dirname($subdir)) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
}
}
}
break;
}
}
}
return !param_errors_detected();
}
check_perm_posttype($post_extracats);
// CREATE NEW POST:
load_class('items/model/_item.class.php', 'Item');
$edited_Item = new Item();
// Set the params we already got:
$edited_Item->set('status', $post_status);
$edited_Item->set('main_cat_ID', $post_category);
$edited_Item->set('extra_cat_IDs', $post_extracats);
// Set object params:
$edited_Item->load_from_Request($action == 'create_edit', true);
$Plugins->trigger_event('AdminBeforeItemEditCreate', array('Item' => &$edited_Item));
if (!empty($mass_create)) {
// ------ MASS CREATE ------
$Items =& create_multiple_posts($edited_Item, param('paragraphs_linebreak', 'boolean', 0));
if (empty($Items)) {
param_error('content', T_('Content must not be empty.'));
}
}
$result = !$Messages->has_errors();
if ($result) {
// There are no validation errors
if (isset($Items) && !empty($Items)) {
// We can create multiple posts from single post
foreach ($Items as $edited_Item) {
// INSERT NEW POST INTO DB:
$result = $edited_Item->dbinsert();
}
} else {
// INSERT NEW POST INTO DB:
$result = $edited_Item->dbinsert();
}
if ($timeout_sessions < $crumb_expires) {
// lower than $crumb_expires: not allowed
param_error('timeout_sessions', sprintf(T_('You cannot set a session timeout below %d minutes.'), floor($crumb_expires / 60)));
} elseif ($timeout_sessions < 300) {
// lower than 5 minutes: not allowed
param_error('timeout_sessions', sprintf(T_('You cannot set a session timeout below %d minutes.'), 5));
} elseif ($timeout_sessions < 86400) {
// lower than 1 day: notice/warning
$Messages->add(sprintf(T_('Warning: your session timeout is just %d minutes. Your users may have to re-login often!'), floor($timeout_sessions / 60)), 'note');
}
$Settings->set('timeout_sessions', $timeout_sessions);
// Session timeout
$timeout_online = param_duration('timeout_online');
if ($timeout_online < 300) {
// lower than 5 minutes: not allowed
param_error('timeout_online', sprintf(T_('You cannot set an online/offline timeout below %d minutes.'), 5));
} elseif ($timeout_online > 21600) {
// hihger than 6 hours: notice/warning
$Messages->add(sprintf(T_('You cannot set an online/offline timeout above %d hours.'), 6));
}
$Settings->set('timeout_online', $timeout_online);
// keep old allow_avatars setting value to check if we need to invalidate pagecaches
$old_allow_avatars = $Settings->get('allow_avatars');
// UPDATE general settings:
param('allow_avatars', 'integer', 0);
$Settings->set('allow_avatars', $allow_avatars);
param('uset_min_picture_size', 'integer', 0);
param('uset_nickname_editing', 'string', 'edited-user');
param('uset_firstname_editing', 'string', 'edited-user');
param('uset_lastname_editing', 'string', 'edited-user');
param('uset_location_country', 'string', 'optional');
function action_select($i, $action)
{
global $db, $where_types, $where_connect_types;
// Cache the tables for table checks
$tables = cache_tables();
// Check for the 'table' paramater
if (!array_key_exists('table', $action)) {
return param_error("select action", "table", "action {$i}");
}
// To make life easier
$table = $action['table'];
if (!in_array($table, $tables)) {
return herror("select action", "table '{$action['table']}' for " . "action {$i} does not exist");
}
if (!array_key_exists('columns', $action)) {
return param_error("select action", "columns", "action {$i}");
}
if (!count($action['columns'])) {
return herror("select action", "paramater 'columns' for action {$i} " . "exists but contains no columns");
}
$column_cache[$table] = cache_columns($table);
foreach ($action['columns'] as $column) {
if (!check_column($column, $table, $column_cache)) {
return herror("select action", "column '{$column}' for action {$i} does " . "not exist");
}
}
$columns = $action['columns'];
$relation_tables = array();
$relation_aliases = array();
$relation_columns = array();
$relation_join_sql = '';
// Check if there is any relations
if (array_key_exists('relations', $action)) {
// Prefix the columns since we are doing a relation
foreach ($columns as $column) {
$new_columns[] = "{$table}.{$column}";
}
$columns = $new_columns;
if (!count($action['relations'])) {
return herror("select action", "paramater 'relations' for action {$i} " . "exists but contains no relations");
}
$relation_ids = array();
foreach ($action['relations'] as $foreign_table => $relation) {
if (!in_array($foreign_table, $tables)) {
return herror("select action", "table '{$foreign_table}' for " . "relation '{$foreign_table}' in action {$i} does not exist");
}
if (!array_key_exists('id', $relation)) {
return param_error("select action", "id", "relation " . "'{$foreign_table}' in action {$i}");
}
if (!in_array($relation['id'], $column_cache[$table])) {
return herror("select action", "column '{$relation['id']}' " . "on table '{$table}' for relation '{$foreign_table}' in " . "action {$i} does not exist");
}
if (!array_key_exists('foreign_id', $relation)) {
return param_error("select action", "foreign_id", "relation " . "'{$foreign_table}' in action {$i}");
}
$column_cache[$foreign_table] = cache_columns($foreign_table);
if (!in_array($relation['foreign_id'], $column_cache[$foreign_table])) {
return herror("select action", "column '{$relation['foreign_id']}' " . "on table '{$foreign_table}' for relation '{$foreign_table}' in " . "action {$i} does not exist");
}
if (!array_key_exists('columns', $relation)) {
return param_error("select action", "columns", "relation " . "'{$foreign_table}' in action {$i}");
}
if (!count($relation['columns'])) {
return herror("select action", "paramater 'columns' for " . "relation '{$foreign_table}' in action {$i} exists but " . "contains no columns");
}
foreach ($relation['columns'] as $relation_column => $alias) {
if (!check_column($relation_column, $foreign_table, $column_cache)) {
return herror("select action", "invalid column " . "'{$relation_column}' for relation '{$foreign_table}' in action {$i}");
}
if (trim($alias) == '') {
$alias = "{$foreign_table}_{$relation_column}";
}
if (in_array($alias, $columns) || in_array($alias, $relation_aliases)) {
return herror("select action", "alias '{$alias}' of column" . "'{$relation_column}' for relation '{$foreign_table}' in " . "action {$i} conflicts with an existing column or alias");
}
$relation_aliases[] = $alias;
$relation_columns[] = "{$foreign_table}.{$relation_column} {$alias}";
}
$relation_tables[] = $foreign_table;
$relation_ids[] = "{$foreign_table}.{$relation['foreign_id']} = " . "{$action['table']}.{$relation['id']}";
}
$relation_join_sql = " LEFT JOIN (" . implode(', ', $relation_tables) . ") ON (" . implode(' AND ', $relation_ids) . ")";
}
$columns = array_merge($columns, $relation_columns);
$where = array();
$where_values = array();
$where_type = ' AND ';
if (array_key_exists('where_type', $action)) {
if (!array_key_exists($action['where_type'], $where_connect_types)) {
return herror("select action", "invalid where type " . "'{$action['where_type']}' for action {$i}");
}
$where_type = $where_connect_types[$action['where_type']];
}
if (array_key_exists('where', $action)) {
// TODO: More type-checking like this
if (!is_array($action['where'])) {
return herror("select action", "paramater 'where' for action {$i} " . "exists but is not an object");
}
if (!count($action['where'])) {
return herror("select action", "paramater 'where' for action {$i} " . "exists but contains no where expressions");
}
$j = 0;
foreach ($action['where'] as $expr) {
if (!array_key_exists('type', $expr)) {
return param_error("select action", "type", "where " . "expression {$j} in action {$i}");
}
if (!array_key_exists($expr['type'], $where_types)) {
return herror("select action", "where expression type {$expr['type']}" . " does not exists for where expression {$j} in action {$i}");
}
if (!array_key_exists('column', $expr)) {
return param_error("select action", "column", "where " . "expression {$j} in action {$i}");
}
// MySQL error for action 1: Column 'id' in where clause is ambiguous
if ($relation_join_sql == '' || in_array($group['column'], $relation_aliases)) {
$column = $expr['column'];
} else {
$column = full_column_name($table, $expr['column']);
}
// Check all tables, including relation tables
if (!check_column($column, $table, $column_cache) && !in_array($expr['column'], $relation_aliases)) {
return herror("select action", "invalid column " . "'{$column}' for where expression {$j} in action {$i}");
}
if (!array_key_exists('value', $expr)) {
return param_error("select action", "value", "where " . "expression {$j} in action {$i}");
}
$where[] = "{$column} {$where_types[$expr['type']]} ?";
$where_values[] = $expr['value'];
$j++;
}
$where = " WHERE " . implode($where_type, $where);
} else {
$where = '';
}
$group_by = array();
if (array_key_exists('group_by', $action)) {
if (!count($action['group_by'])) {
return herror("select action", "paramater 'group_by' for action {$i} " . "exists but contains no group expressions");
}
$j = 0;
foreach ($action['group_by'] as $group) {
if (!array_key_exists('column', $group)) {
return param_error("select action", "column", "group " . "expression {$j} in action {$i}");
}
// MySQL error for action 1: Column 'id' in where clause is ambiguous
if ($relation_join_sql == '' || in_array($group['column'], $relation_aliases)) {
$column = $group['column'];
} else {
$column = full_column_name($table, $group['column']);
}
// Check all tables, including relation tables
if (!check_column($column, $table, $column_cache) && !in_array($group['column'], $relation_aliases)) {
return herror("select action", "invalid column " . "'{$column}' for group expression {$j} in action {$i}");
}
$direction = 'ASC';
if (array_key_exists('direction', $group)) {
$direction = mb_strtoupper($group['direction']);
if ($direction != 'ASC' && $direction != 'DESC') {
return herror("select action", "invalid direction " . "'{$direction}' for group expression {$j} in action {$i}");
}
}
$group_by[] = "{$column} {$direction}";
$j++;
}
$group_by = " GROUP BY " . implode(', ', $group_by);
} else {
$group_by = '';
}
$order_by = array();
if (array_key_exists('order_by', $action)) {
if (!count($action['order_by'])) {
return herror("select action", "paramater 'order_by' for action {$i} " . "exists but contains no order expressions");
}
$j = 0;
foreach ($action['order_by'] as $order) {
if (!array_key_exists('column', $order)) {
return param_error("select action", "column", "order " . "expression {$j} in action {$i}");
}
// MySQL error for action 1: Column 'id' in where clause is ambiguous
if ($relation_join_sql == '' || in_array($group['column'], $relation_aliases)) {
$column = $order['column'];
} else {
$column = full_column_name($table, $order['column']);
}
// Check all tables, including relation tables
if (!check_column($column, $table, $column_cache) && !in_array($order['column'], $relation_aliases)) {
return herror("select action", "invalid column " . "'{$column}' for order expression {$j} in action {$i}");
}
$direction = 'ASC';
if (array_key_exists('direction', $order)) {
$direction = mb_strtoupper($order['direction']);
if ($direction != 'ASC' && $direction != 'DESC') {
return herror("select action", "invalid direction " . "'{$direction}' for order expression {$j} in action {$i}");
}
}
$order_by[] = "{$column} {$direction}";
$j++;
}
$order_by = " ORDER BY " . implode(', ', $order_by);
} else {
$order_by = '';
}
$limit = '';
if (array_key_exists('limit', $action)) {
if (!is_int($action['limit']) || $action['limit'] < 0) {
return herror("select action", "limit for in action {$i} must be a " . "positive integer");
}
if (array_key_exists('offset', $action)) {
if (!is_int($action['offset']) || $action['offset'] < 0) {
return herror("select action", "offset must be a positive " . "integer for action {$i}\n");
}
$limit = " LIMIT {$action['offset']}, {$action['limit']}";
} else {
$limit = " LIMIT {$action['limit']}";
}
} else {
if (array_key_exists('offset', $action)) {
return herror("select action", "to include the paramater 'offset', " . "you must also include the paramater 'limit'");
}
}
if (!auth_validate_request($_POST['email'], $action)) {
return herror("select action", "authentication error for action {$i}");
}
$columns = implode(', ', $columns);
$sql = "SELECT {$columns} FROM {$action['table']}{$relation_join_sql}{$where}" . "{$group_by}{$order_by}{$limit}";
$stmt = $db->prepare($sql);
if (!$stmt) {
return herror_sql("select action", "MySQL error for action {$i}");
}
if (!$stmt->execute($where_values)) {
return herror_stmt($stmt, "select action", "MySQL error for action {$i}");
}
$rows = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$rows[] = $row;
}
$stmt->closeCursor();
return array('rows' => $rows);
}
$current_User->check_perm('users', 'edit', true);
// load data from request
if ($edited_Invitation->load_from_Request()) {
// We could load data from form without errors:
// While inserting into DB, ID property of Invitation object will be set to autogenerated ID
// So far as we set ID manualy, we need to preserve this value
// When assignment of wrong value will be fixed, we can skip this
$entered_invitation_id = $edited_Invitation->ID;
// Insert in DB:
$DB->begin();
// because of manual assigning ID,
// member function Invitation::dbexists() is overloaded for proper functionality
$duplicated_invitation_ID = $edited_Invitation->dbexists('ivc_code', $edited_Invitation->get('code'));
if ($duplicated_invitation_ID) {
// We have a duplicate entry:
param_error('ivc_ID', sprintf(T_('This invitation code already exists. Do you want to <a %s>edit the existing invitation code</a>?'), 'href="?ctrl=invitations&action=edit&ivc_ID=' . $duplicated_invitation_ID . '"'));
} else {
$edited_Invitation->dbinsert();
$Messages->add(T_('New invitation code created.'), 'success');
}
$DB->commit();
if (empty($duplicated_invitation_ID)) {
// What next?
switch ($action) {
case 'create_copy':
// Redirect so that a reload doesn't write to the DB twice:
header_redirect('?ctrl=invitations&action=new&ivc_ID=' . $edited_Invitation->ID, 303);
// Will EXIT
// We have EXITed already at this point!!
break;
case 'create_new':
$Session->set('account_closing_success', true);
} else {
// db update was unsuccessful
$Messages->add(T_('Unable to close your account. Please contact to system administrator.'));
}
header_redirect();
/* exited */
break;
case 'retrievepassword':
// Send password change request by mail
global $servertimenow;
$login_required = true;
// Do not display "Without login.." link on the form
if (empty($login)) {
// Don't allow empty request
param_error($dummy_fields['login'], T_('You must enter your username or your email address so we know where to send the password recovery email.'), '');
// Set this var to know after redirection if error was here
$lostpassword_error = true;
$action = 'lostpassword';
break;
}
$request_ts_login = $Session->get('core.changepwd.request_ts_login');
if ($request_ts_login != NULL) {
list($last_request_ts, $last_request_login) = preg_split('~_~', $request_ts_login);
if ($login == $last_request_login && $servertimenow - $pwdchange_request_delay < $last_request_ts) {
// the same request was sent from the same session in the last $pwdchange_request_delay seconds ( 5 minutes by default )
$Messages->add(sprintf(T_('We have already sent you a password recovery email at %s. Please allow %d minutes for delivery before requesting a new one.'), date(locale_datetimefmt(), $last_request_ts), $pwdchange_request_delay / 60));
$action = 'req_login';
break;
}
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Group
$old_group_ID = $this->ufgp_ID;
// Save old group ID to know if it was changed
param_string_not_empty('ufdf_ufgp_ID', T_('Please select a group.'));
$this->set_from_Request('ufgp_ID');
// Type
param_string_not_empty('ufdf_type', T_('Please enter a type.'));
$this->set_from_Request('type');
// Code
$code = param('ufdf_code', 'string');
param_check_not_empty('ufdf_code', T_('Please provide a code to uniquely identify this field.'));
param_check_regexp('ufdf_code', '#^[a-z0-9_]{1,20}$#', T_('The field code must contain only lowercase letters, digits or the "_" sign. 20 characters max.'));
$this->set_from_Request('code');
// Name
param_string_not_empty('ufdf_name', T_('Please enter a name.'));
$this->set_from_Request('name');
// Icon name
param('ufdf_icon_name', 'string');
$this->set_from_Request('icon_name', 'ufdf_icon_name', true);
// Options
if (param('ufdf_type', 'string') == 'list') {
// Save 'Options' only for Field type == 'Option list'
$ufdf_options = param('ufdf_options', 'text');
if (count(explode("\n", $ufdf_options)) < 2) {
// We don't want save an option list with one item
param_error('ufdf_options', T_('Please enter at least 2 options on 2 different lines.'));
} elseif (utf8_strlen($ufdf_options) > 255) {
// This may not happen in normal circumstances because the textarea max length is set to 255 chars
// This extra check is for the case if js is not enabled or someone would try to directly edit the html
param_error('ufdf_options', T_('"Options" field content can not be longer than 255 symbols.'));
}
$this->set('options', $ufdf_options);
}
// Required
param_string_not_empty('ufdf_required', 'Please select Hidden, Optional, Recommended or Required.');
$this->set_from_Request('required');
// Duplicated
param_string_not_empty('ufdf_duplicated', 'Please select Forbidden, Allowed or List style.');
$this->set_from_Request('duplicated');
// Order
if ($old_group_ID != $this->ufgp_ID) {
// Group is changing, set order as last
$this->set('order', $this->get_last_order($this->ufgp_ID));
}
// Suggest
if (param('ufdf_type', 'string') == 'word') {
// Save 'Suggest values' only for Field type == 'Single word'
param('ufdf_suggest', 'integer', 0);
$this->set_from_Request('suggest');
}
// Bubbletip
param('ufdf_bubbletip', 'text', '');
$this->set_from_Request('bubbletip', NULL, true);
if (!param_errors_detected()) {
// Field code must be unique, Check it only when no errors on the form
if ($field_ID = $this->dbexists('ufdf_code', $this->get('code'))) {
// We have a duplicate entry:
param_error('ufdf_code', sprintf(T_('Another user field already uses this code. Do you want to <a %s>edit the existing user field</a>?'), 'href="?ctrl=userfields&action=edit&ufdf_ID=' . $field_ID . '"'));
}
}
return !param_errors_detected();
}
/**
* Load data from Request form fields.
*
* @return boolean true if loaded data seems valid.
*/
function load_from_Request()
{
// Address
global $emadr_address;
param_string_not_empty('emadr_address', T_('Please enter email address.'));
$emadr_address = utf8_strtolower(get_param('emadr_address'));
param_check_email('emadr_address', true);
if ($existing_emadr_ID = $this->dbexists('emadr_address', get_param('emadr_address'))) {
// Check if a email address already exists with the same address
global $admin_url;
param_error('emadr_address', sprintf(T_('This email address already exists. Do you want to <a %s>edit the existing email address</a>?'), 'href="' . $admin_url . '?ctrl=email&tab=blocked&emadr_ID=' . $existing_emadr_ID . '"'));
}
$this->set_from_Request('address');
// Status
$emadr_status = param('emadr_status', 'string', true);
if (!empty($emadr_status)) {
$this->set('status', $emadr_status);
}
// Sent count
param('emadr_sent_count', 'integer', '');
param_check_number('emadr_sent_count', T_('The count must be a number.'), true);
$this->set_from_Request('sent_count', 'emadr_sent_count', true);
// Sent count since last error
param('emadr_sent_last_returnerror', 'integer', '');
param_check_number('emadr_sent_last_returnerror', T_('The count must be a number.'), true);
$this->set_from_Request('sent_last_returnerror', 'emadr_sent_last_returnerror', true);
// Permanent errors count
param('emadr_prmerror_count', 'integer', '');
param_check_number('emadr_prmerror_count', T_('The count must be a number.'), true);
$this->set_from_Request('prmerror_count', 'emadr_prmerror_count', true);
// Permanent errors count
param('emadr_tmperror_count', 'integer', '');
param_check_number('emadr_tmperror_count', T_('The count must be a number.'), true);
$this->set_from_Request('tmperror_count', 'emadr_tmperror_count', true);
// Permanent errors count
param('emadr_spamerror_count', 'integer', '');
param_check_number('emadr_spamerror_count', T_('The count must be a number.'), true);
$this->set_from_Request('spamerror_count', 'emadr_spamerror_count', true);
// Permanent errors count
param('emadr_othererror_count', 'integer', '');
param_check_number('emadr_othererror_count', T_('The count must be a number.'), true);
$this->set_from_Request('othererror_count', 'emadr_othererror_count', true);
return !param_errors_detected();
}
/**
* Validate the answer against our stored one.
*
* In case of error we add a message of category 'error' which prevents the comment from
* being posted.
*
* @param array Associative array of parameters.
* @param string Form type ( comment|register|message )
*/
function BeforeCommentFormInsert(&$params, $form_type = 'comment')
{
if (!empty($params['is_preview'])) {
return;
}
if ($this->CaptchaValidated($params, $form_type) === false) {
$validate_error = $params['validate_error'];
param_error('captcha_qstn_' . $this->ID . '_answer', $validate_error);
}
}
// Edit country form:
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('country');
// Check permission:
$current_User->check_perm('options', 'edit', true);
// Make sure we got an ctry_ID:
param('ctry_ID', 'integer', true);
// load data from request
if ($edited_Country->load_from_Request()) {
// We could load data from form without errors:
// Update in DB:
$DB->begin();
$q = $edited_Country->dbexists();
if ($q) {
// We have a duplicate entry:
param_error('ctry_code', sprintf(T_('This country already exists. Do you want to <a %s>edit the existing country</a>?'), 'href="?ctrl=countries&action=edit&ctry_ID=' . $q . '"'));
} else {
$edited_Country->dbupdate();
$Messages->add(T_('Country updated.'), 'success');
}
$DB->commit();
if (empty($q)) {
// If no error, Redirect so that a reload doesn't write to the DB twice:
header_redirect('?ctrl=countries', 303);
// Will EXIT
// We have EXITed already at this point!!
}
}
break;
case 'delete':
// Delete country:
param_integer_range('antispam_threshold_publish', -100, 100, T_('The threshold must be between -100 and 100.'));
$Settings->set('antispam_threshold_publish', $antispam_threshold_publish);
param_integer_range('antispam_threshold_delete', -100, 100, T_('The threshold must be between -100 and 100.'));
$Settings->set('antispam_threshold_delete', $antispam_threshold_delete);
param('antispam_block_spam_referers', 'integer', 0);
$Settings->set('antispam_block_spam_referers', $antispam_block_spam_referers);
param('antispam_report_to_central', 'integer', 0);
$Settings->set('antispam_report_to_central', $antispam_report_to_central);
$changed_weight = false;
param('antispam_plugin_spam_weight', 'array:integer', array());
foreach ($antispam_plugin_spam_weight as $l_plugin_ID => $l_weight) {
if (!is_numeric($l_weight)) {
continue;
}
if ($l_weight < 0 || $l_weight > 100) {
param_error('antispam_plugin_spam_weight[' . $l_plugin_ID . ']', T_('Spam weight has to be in the range of 0-100.'));
continue;
}
if ($DB->query('
UPDATE T_plugins
SET plug_spam_weight = ' . $DB->quote($l_weight) . '
WHERE plug_ID = ' . (int) $l_plugin_ID)) {
$changed_weight = true;
}
}
if ($changed_weight) {
// Reload plugins table (for display):
$Plugins->loaded_plugins_table = false;
$Plugins->load_plugins_table();
}
// Suspicious users
