$tmp_user["user_id"] = $uid; $tmp_user["password_temp"] = $newpass; phorum_user_save($tmp_user); // Mail the new password. $user = phorum_user_get( $uid ); $maildata = array(); $maildata['mailmessage'] = wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72). "\n\n". $PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n". $PHORUM["DATA"]["LANG"]["Password"] .": $newpass". "\n\n". wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72); $maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"]; phorum_email_user(array( 0 => $user['email'] ), $maildata); $okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"]; } } // The entered email address was not found. else { $error = $PHORUM["DATA"]["LANG"]["LostPassError"]; } } // The user wants to login. else {
$_POST['email_temp']=""; unset($email_temp_part); } elseif($PHORUM['registration_control'] && !empty($_POST['email']) && strtolower($_POST['email']) != strtolower($PHORUM["DATA"]["PROFILE"]['email'])) { // ... generate the confirmation-code ... // $conf_code= mt_rand ( 1000000, 9999999); $_POST['email_temp']=$_POST['email']."|".$conf_code; // ... send email ... // $maildata=array( 'mailmessage' => wordwrap($PHORUM['DATA']['LANG']['EmailVerifyBody'], 72), 'mailsubject' => $PHORUM['DATA']['LANG']['EmailVerifySubject'], 'uname' => $PHORUM['DATA']['PROFILE']['username'], 'newmail' => $_POST['email'], 'mailcode' => $conf_code, 'cc_url' => phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=" . PHORUM_CC_MAIL) ); phorum_email_user(array($_POST['email']),$maildata); // Remember this for the template. $email_temp_part = $_POST['email']; unset($_POST['email']); } list($error,$okmsg) = phorum_controlcenter_user_save( $panel ); } } if (isset($email_temp_part)) { $PHORUM['DATA']['PROFILE']['email_temp_part'] = $email_temp_part; } // flip this due to db vs. UI wording. if ( !empty( $PHORUM['DATA']['PROFILE']["hide_email"] ) ) {
function phorum_email_moderators($message) { $PHORUM=$GLOBALS["PHORUM"]; $mail_users = phorum_user_get_moderators($PHORUM['forum_id'],false,true); if (count($mail_users)) { include_once("./include/format_functions.php"); if($message["status"] > 0) { // just notification of a new message $mailtext = $PHORUM["DATA"]["LANG"]['NewUnModeratedMessage']; } else { // posts needing approval $mailtext = $PHORUM["DATA"]["LANG"]['NewModeratedMessage']; } $mail_data = array( "mailmessage" => $mailtext, "mailsubject" => $PHORUM["DATA"]["LANG"]['NewModeratedSubject'], "forumname" => strip_tags($PHORUM["DATA"]["NAME"]), "forum_id" => $PHORUM['forum_id'], "message_id" => $message['message_id'], "author" => $message['author'], "subject" => $message['subject'], "full_body" => $message['body'], "plain_body" => phorum_strip_body($message['body']), "approve_url" => phorum_get_url(PHORUM_PREPOST_URL), "read_url" => phorum_get_url(PHORUM_READ_URL, $message['thread'], $message['message_id']) ); if (isset($_POST[PHORUM_SESSION_LONG_TERM])) { // strip any auth info from the read url $mail_data["read_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["read_url"]); $mail_data["approve_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["approve_url"]); } phorum_email_user($mail_users, $mail_data); } }
} $mail_users = phorum_api_user_list_moderators($PHORUM['forum_id'], $PHORUM['email_ignore_admin'], TRUE); if (count($mail_users)) { $mail_data = array("mailmessage" => $PHORUM["DATA"]["LANG"]['ReportPostEmailBody'], "mailsubject" => $PHORUM["DATA"]["LANG"]['ReportPostEmailSubject'], "forumname" => $PHORUM["DATA"]["NAME"], "reportedby" => $PHORUM["user"]["display_name"], "author" => $message["author"], "subject" => $message["subject"], "body" => wordwrap($message["body"], 72), "ip" => $message["ip"], "raw_date" => $message["datestamp"], "date" => phorum_date($PHORUM["short_date_time"], $message["datestamp"]), "explanation" => wordwrap($_POST["explanation"], 72), "url" => phorum_get_url(PHORUM_READ_URL, $message["thread"], $message_id), "delete_url" => phorum_get_url(PHORUM_MODERATION_URL, PHORUM_DELETE_MESSAGE, $message_id), "hide_url" => phorum_get_url(PHORUM_MODERATION_URL, PHORUM_HIDE_POST, $message_id), "edit_url" => phorum_get_url(PHORUM_POSTING_URL, 'moderation', $message_id), "reporter_url" => phorum_get_url(PHORUM_PROFILE_URL, $PHORUM["user"]["user_id"]), "message" => $message); if (isset($_POST[PHORUM_SESSION_LONG_TERM])) { // strip any auth info from the created urls $mail_data["url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["url"]); $mail_data["delete_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["delete_url"]); $mail_data["hide_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["hide_url"]); $mail_data["edit_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["edit_url"]); $mail_data["reporter_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["reporter_url"]); } if (isset($PHORUM["hooks"]["report"])) { $mail_data = phorum_hook("report", $mail_data); } phorum_email_user($mail_users, $mail_data); $PHORUM["DATA"]["URL"]["REDIRECT"] = phorum_get_url(PHORUM_FOREIGN_READ_URL, $message["forum_id"], $message["thread"]); $PHORUM["DATA"]["BACKMSG"] = $PHORUM["DATA"]["LANG"]["BackToThread"]; $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["ReportPostSuccess"]; $template = "message"; $report = true; } } else { $PHORUM["DATA"]["ReportPostMessage"] = $PHORUM["DATA"]["LANG"]['ReportPostNotAllowed']; } } // format message list($message) = phorum_format_messages(array($message)); $PHORUM["DATA"]["PostSubject"] = $message["subject"]; $PHORUM["DATA"]["PostAuthor"] = $message["author"]; $PHORUM["DATA"]["PostBody"] = $message["body"];
function phorum_email_moderators($message) { $PHORUM = $GLOBALS["PHORUM"]; $mail_users = phorum_api_user_list_moderators($PHORUM['forum_id'], $PHORUM['email_ignore_admin'], TRUE); if (count($mail_users)) { include_once "./include/format_functions.php"; if ($message["status"] > 0) { // just notification of a new message $mailsubjecttpl = 'NewUnModeratedSubject'; $mailmessagetpl = 'NewUnModeratedMessage'; $mailsubject = $PHORUM["DATA"]["LANG"]['NewUnModeratedSubject']; $mailmessage = $PHORUM["DATA"]["LANG"]['NewUnModeratedMessage']; } else { // posts needing approval $mailsubjecttpl = 'NewModeratedSubject'; $mailmessagetpl = 'NewModeratedMessage'; $mailsubject = $PHORUM["DATA"]["LANG"]['NewModeratedSubject']; $mailmessage = $PHORUM["DATA"]["LANG"]['NewModeratedMessage']; } $mail_data = array("forumname" => strip_tags($PHORUM["DATA"]["NAME"]), "forum_id" => $PHORUM['forum_id'], "message_id" => $message['message_id'], "author" => phorum_api_user_get_display_name($message["user_id"], $message["author"], PHORUM_FLAG_PLAINTEXT), "subject" => $message['subject'], "full_body" => $message['body'], "plain_body" => phorum_strip_body($message['body']), "approve_url" => phorum_get_url(PHORUM_CONTROLCENTER_URL, "panel=messages"), "read_url" => phorum_get_url(PHORUM_READ_URL, $message['thread'], $message['message_id']), "mailmessage" => $mailmessage, "mailsubject" => $mailsubject, "mailmessagetpl" => $mailmessagetpl, "mailsubjecttpl" => $mailsubjecttpl, "language" => $PHORUM['language']); if (isset($_POST[PHORUM_SESSION_LONG_TERM])) { // strip any auth info from the read url $mail_data["read_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["read_url"]); $mail_data["approve_url"] = preg_replace("!,{0,1}" . PHORUM_SESSION_LONG_TERM . "=" . urlencode($_POST[PHORUM_SESSION_LONG_TERM]) . "!", "", $mail_data["approve_url"]); } phorum_email_user($mail_users, $mail_data); } }
$userdata["active"] = PHORUM_USER_ACTIVE; // send reg approved message $maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["RegApprovedSubject"]; $maildata["mailmessage"] = wordwrap($PHORUM["DATA"]["LANG"]["RegApprovedEmailBody"], 72); phorum_email_user(array($user["email"]), $maildata); } } $userdata["user_id"] = $user_id; // only save it if something was changed if (isset($userdata['active'])) { phorum_api_user_save($userdata); } if (isset($_POST["disapprove"])) { $maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["RegRejectedSubject"]; $maildata["mailmessage"] = wordwrap($PHORUM["DATA"]["LANG"]["RegRejectedEmailBody"], 72); phorum_email_user(array($user["email"]), $maildata); phorum_api_user_delete($user_id); } } } if (empty($users)) { $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["NoUnapprovedUsers"]; } else { // get a fresh list to update any changes $users = phorum_db_user_get_unapproved(); // XSS prevention. foreach ($users as $id => $user) { $users[$id]["username"] = htmlspecialchars($user["username"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); $users[$id]["email"] = htmlspecialchars($user["email"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]); } $PHORUM["DATA"]["USERS"] = $users;
/** * error handling function * NOTE: This is not a required part of abstraction */ function phorum_db_pg_last_error($err){ if(isset($GLOBALS['PHORUM']['error_logging'])) { $logsetting = $GLOBALS['PHORUM']['error_logging']; } else { $logsetting = ""; } $adminemail = $GLOBALS['PHORUM']['system_email_from_address']; $cache_dir = $GLOBALS['PHORUM']['cache']; if (!defined("PHORUM_ADMIN")){ if($logsetting == 'mail') { include_once("./include/email_functions.php"); $data=array('mailmessage'=>"An SQL-error occured in your phorum-installation.\n\nThe error-message was:\n$err\n\n", 'mailsubject'=>'Phorum: an SQL-error occured'); phorum_email_user(array($adminemail),$data); } elseif($logsetting == 'file') { $fp = fopen($cache_dir."/phorum-sql-errors.log",'a'); fputs($fp,time().": $err\n"); fclose($fp); } else { echo htmlspecialchars($err); } exit(); }else{ echo "<!-- $err -->"; } }
/** * Database error handling function. * * @param $error - The error message. */ function phorum_database_error($error) { $PHORUM = $GLOBALS["PHORUM"]; // Flush output that we buffered so far (for displaying a // clean page in the admin interface). phorum_ob_clean(); /* * [hook] * database_error * * [description] * Give modules a chance to handle or process database errors. * This can be useful to implement addional logging backends and/or * alerting mechanisms. Another option is to fully override Phorum's * default database error handling by handling the error and then * calling exit() from the hook to prevent the default Phorum code * from running.<sbr/> * <sbr/> * Note: If you decide to use the full override scenario, then * it is best to make your module run the database_error hook * last, so other modules can still run their hook handling * before the script exits. To accomplish this, add this to your * module info: * <programlisting> * priority: run hook database_error after * * </programlisting> * * [category] * Miscellaneous * * [when] * At the start of the function * <literal>phorum_database_error</literal> (which you can find in * <filename>common.php</filename>). This function is called from * the database layer when some database error occurs. * * [input] * The error message that was returned from the database layer. * This error is not HTML escaped, so if you send it to the browser, * be sure to preprocess it using <phpfunc>htmlspecialchars</phpfunc>. * * [output] * Same as input. * * [example] * <hookcode> * function phorum_mod_foo_database_error($error) * { * // Log database errors to syslog facility "LOCAL0". * openlog("Phorum", LOG_PID | LOG_PERROR, LOG_LOCAL0); * syslog(LOG_ERR, $error); * * return $error; * } * </hookcode> */ if (isset($PHORUM["hooks"]["database_error"])) { phorum_hook("database_error", $error); } // Find out what type of error handling is required. $logopt = isset($PHORUM["error_logging"]) ? $PHORUM["error_logging"] : 'screen'; // Create a backtrace report, so it's easier to find out where a problem // is coming from. $backtrace = phorum_generate_backtrace(0); // Start the error page. ?> <html> <head><title>Phorum database error</title></head> <body> <h1>Phorum Database Error</h1> Sorry, a Phorum database error occurred.<br/> <?php // In admin scripts, we will always include the // error message inside a comment in the page. if (defined("PHORUM_ADMIN")) { print "<!-- " . htmlspecialchars($error, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) . " -->"; } switch ($logopt) { // Log the database error to a logfile. case "file": $cache_dir = $PHORUM["cache"]; $fp = fopen($cache_dir . "/phorum-sql-errors.log", "a"); fputs($fp, "Time: " . time() . "\n" . "Error: {$error}\n" . ($backtrace !== NULL ? "Back trace:\n{$backtrace}\n\n" : "")); fclose($fp); print "The error message has been written<br/>" . "to the phorum-sql-errors.log error log.<br/>" . "Please try again later!"; break; // Display the database error on screen. // Display the database error on screen. case "screen": $htmlbacktrace = $backtrace === NULL ? NULL : nl2br(htmlspecialchars($backtrace, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"])); print "Please try again later!" . "<h3>Error:</h3>" . htmlspecialchars($error, ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]) . ($backtrace !== NULL ? "<h3>Backtrace:</h3>\n{$htmlbacktrace}" : ""); break; // Send a mail to the administrator about the database error. // Send a mail to the administrator about the database error. case "mail": default: require_once "./include/email_functions.php"; $data = array("mailmessage" => "A database error occured in your Phorum installation.\n" . "\n" . "Error message:\n" . "--------------\n" . "\n" . "{$error}\n" . "\n" . ($backtrace !== NULL ? "Backtrace:\n----------\n\n{$backtrace}" : ""), "mailsubject" => "Phorum: A database error occured"); $adminmail = $PHORUM["system_email_from_address"]; phorum_email_user(array($adminmail), $data); print "The administrator of this forum has been<br/>" . "notified by email about the error.<br/>" . "Please try again later!"; break; } // Finish the error page. ?> </body> </html> <?php exit; }