/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($columnName === 'lnk_url' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } elseif ($columnName === 'lnk_description') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { // org_shortname shouldn't be edited if ($columnName == 'org_shortname' && $this->new_record == false) { return false; } elseif ($columnName == 'org_homepage' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Check if a filename contains invalid characters. The characters will be checked with strValidCharacters. * In addition the function checks if the name contains .. or a . at the beginning. * @param string $filename Name of the file that should be checked. * @param bool $checkExtension If set to @b true then the extension will be checked against a blacklist of extensions: * php, php3, php4, php5, html, htm, htaccess, htpasswd, pl, js, vbs, asp, cgi, ssi * @return true Returns @true if filename contains only valid characters. Otherwise an AdmException is thrown * @throws AdmException SYS_FILENAME_EMPTY : Filename was empty * BAC_FILE_NAME_INVALID : Filename contains invalid characters * DOW_FILE_EXTENSION_INVALID : Filename contains invalid extension */ function admStrIsValidFileName($filename, $checkExtension = false) { // If the filename was not empty if (trim($filename) !== '') { // filename should only contains valid characters and don't start with a dot if (strValidCharacters($filename, 'file') && substr($filename, 0, 1) !== '.') { if ($checkExtension) { // check if the extension is not blacklisted $extensionBlacklist = array('php', 'php3', 'php4', 'php5', 'html', 'htm', 'htaccess', 'htpasswd', 'pl', 'js', 'vbs', 'asp', 'cgi', 'ssi'); $fileExtension = substr($filename, strrpos($filename, '.') + 1); if (in_array(strtolower($fileExtension), $extensionBlacklist, true)) { throw new AdmException('DOW_FILE_EXTENSION_INVALID'); } } return true; } else { throw new AdmException('BAC_FILE_NAME_INVALID'); } } else { throw new AdmException('SYS_FILENAME_EMPTY'); } }
} } // nun alle Profilfelder pruefen foreach ($gProfileFields->mProfileFields as $field) { $post_id = 'usf-' . $field->getValue('usf_id'); // check and save only fields that aren't disabled if ($gCurrentUser->editUsers() == true || $field->getValue('usf_disabled') == 0 || $field->getValue('usf_disabled') == 1 && $getNewUser > 0) { if (isset($_POST[$post_id])) { // Pflichtfelder muessen gefuellt sein // E-Mail bei Registrierung immer !!! if ($field->getValue('usf_mandatory') == 1 && strlen($_POST[$post_id]) == 0 || $getNewUser == 2 && $field->getValue('usf_name_intern') == 'EMAIL' && strlen($_POST[$post_id]) == 0) { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $field->getValue('usf_name'))); } // if social network then extract username from url if ($field->getValue('usf_name_intern') == 'FACEBOOK' || $field->getValue('usf_name_intern') == 'GOOGLE_PLUS' || $field->getValue('usf_name_intern') == 'TWITTER' || $field->getValue('usf_name_intern') == 'XING') { if (strValidCharacters($_POST[$post_id], 'url') && strpos($_POST[$post_id], '/') !== false) { if (strrpos($_POST[$post_id], '/profile.php?id=') > 0) { // extract facebook id (not facebook unique name) from url $_POST[$post_id] = substr($_POST[$post_id], strrpos($_POST[$post_id], '/profile.php?id=') + 16); } else { if (strrpos($_POST[$post_id], '/posts') > 0) { $_POST[$post_id] = substr($_POST[$post_id], 0, strrpos($_POST[$post_id], '/posts')); } $_POST[$post_id] = substr($_POST[$post_id], strrpos($_POST[$post_id], '/') + 1); if (strrpos($_POST[$post_id], '?') > 0) { $_POST[$post_id] = substr($_POST[$post_id], 0, strrpos($_POST[$post_id], '?')); } } } } // Wert aus Feld in das User-Klassenobjekt schreiben
// create and save new password and activation id $newPassword = PasswordHashing::genRandomPassword(8); $activationId = PasswordHashing::genRandomPassword(10); $user->setPassword($newPassword, true); $user->setValue('usr_activation_code', $activationId); $sysmail = new SystemMail($gDb); $sysmail->addRecipient($user->getValue('EMAIL'), $user->getValue('FIRST_NAME', 'database') . ' ' . $user->getValue('LAST_NAME', 'database')); $sysmail->setVariable(1, $newPassword); $sysmail->setVariable(2, $g_root_path . '/adm_program/system/password_activation.php?usr_id=' . $user->getValue('usr_id') . '&aid=' . $activationId); $sysmail->sendSystemMail('SYSMAIL_ACTIVATION_LINK', $user); $user->saveChangesWithoutRights(); $user->save(); } // always show a positive feedback to prevent hackers to validate an email-address or username $gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php'); if (strValidCharacters($_POST['recipient_email'], 'email')) { $gMessage->show($gL10n->get('SYS_LOSTPW_SEND_EMAIL', $_POST['recipient_email'])); } else { $gMessage->show($gL10n->get('SYS_LOSTPW_SEND_USERNAME', $_POST['recipient_email'])); } } catch (AdmException $e) { $e->showHtml(); } } else { /*********************HTML_PART*******************************/ // create html page object $page = new HtmlPage($headline); // add back link to module menu $lostPasswordMenu = $page->getMenu(); $lostPasswordMenu->addItem('menu_item_back', $gNavigation->getPreviousUrl(), $gL10n->get('SYS_BACK'), 'back.png'); $page->addHtml('<p class="lead">' . $gL10n->get('SYS_PASSWORD_FORGOTTEN_DESCRIPTION') . '</p>');
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($newValue !== '') { if ($columnName === 'gbc_email') { $newValue = admStrToLower($newValue); if (!strValidCharacters($newValue, 'email')) { // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt return false; } } } if ($columnName === 'gbc_text') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Get the value of a column of the database table. * If the value was manipulated before with @b setValue than the manipulated value is returned. * @param string $columnName The name of the database column whose value should be read * @param string $format For column @c usf_value_list the following format is accepted: @n * @b database returns database value of usf_value_list; @n * @b text extract only text from usf_value_list, image infos will be ignored @n * For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n * For text columns the format can be @b database that would be the database value without any transformations * @return Returns the value of the database column. * If the value was manipulated before with @b setValue than the manipulated value is returned. */ public function getValue($columnName, $format = '') { global $gL10n; if ($columnName === 'inf_description') { if (!isset($this->dbColumns['inf_description'])) { $value = ''; } elseif ($format === 'database') { $value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8'); } else { $value = $this->dbColumns['inf_description']; } } elseif ($columnName === 'inf_name_intern') { // internal name should be read with no conversion $value = parent::getValue($columnName, 'database'); } else { $value = parent::getValue($columnName, $format); } if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') { // if text is a translation-id then translate it if (strpos($value, '_') === 3) { $value = $gL10n->get(admStrToUpper($value)); } } elseif ($columnName === 'inf_value_list' && $format !== 'database') { if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') { $arrListValues = explode("\r\n", $value); $arrListValuesWithKeys = array(); // array with list values and keys that represents the internal value foreach ($arrListValues as $key => &$listValue) { if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') { // if value is imagefile or imageurl then show image if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) { // if there is imagefile and text separated by | then explode them if (strpos($listValue, '|') > 0) { $listValueImage = substr($listValue, 0, strpos($listValue, '|')); $listValueText = substr($listValue, strpos($listValue, '|') + 1); } else { $listValueImage = $listValue; $listValueText = $this->getValue('inf_name'); } // if text is a translation-id then translate it if (strpos($listValueText, '_') === 3) { $listValueText = $gL10n->get(admStrToUpper($listValueText)); } if ($format === 'text') { // if no image is wanted then return the text part or only the position of the entry if (strpos($listValue, '|') > 0) { $listValue = $listValueText; } else { $listValue = $key + 1; } } else { try { // create html for optionbox entry if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) { $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } elseif (admStrIsValidFileName($listValueImage, true)) { $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />'; } } catch (AdmException $e) { $e->showText(); } } } } // if text is a translation-id then translate it if (strpos($listValue, '_') === 3) { $listValue = $gL10n->get(admStrToUpper($listValue)); } // save values in new array that starts with key = 1 $arrListValuesWithKeys[++$key] = $listValue; } $value = $arrListValuesWithKeys; } } return $value; }
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW')); } if ($gValidLogin && strlen($gCurrentUser->getValue('EMAIL')) === 0) { // der eingeloggte Benutzer hat in seinem Profil keine gueltige Mailadresse hinterlegt, // die als Absender genutzt werden kann... $gMessage->show($gL10n->get('SYS_CURRENT_USER_NO_EMAIL', '<a href="' . $g_root_path . '/adm_program/modules/profile/profile.php">', '</a>')); } if ($getUserId > 0) { // usr_id wurde uebergeben, dann Kontaktdaten des Users aus der DB fischen $user = new User($gDb, $gProfileFields, $getUserId); // darf auf die User-Id zugegriffen werden if (!$gCurrentUser->editUsers() && !isMember($user->getValue('usr_id')) || strlen($user->getValue('usr_id')) === 0) { $gMessage->show($gL10n->get('SYS_USER_ID_NOT_FOUND')); } // besitzt der User eine gueltige E-Mail-Adresse if (!strValidCharacters($user->getValue('EMAIL'), 'email')) { $gMessage->show($gL10n->get('SYS_USER_NO_EMAIL', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'))); } } if (isset($_SESSION['ecard_request'])) { // if user is returned to this form after he submit it, // then try to restore all values that he has entered before $template = $_SESSION['ecard_request']['ecard_template']; $recipients = $_SESSION['ecard_request']['ecard_recipients']; $message = $_SESSION['ecard_request']['ecard_message']; } else { $template = $gPreferences['ecard_template']; $recipients = null; $message = ''; } // create html page object
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { // name, category and type couldn't be edited if it's a system field if (($columnName === 'usf_cat_id' || $columnName === 'usf_type' || $columnName === 'usf_name') && $this->getValue('usf_system') == 1) { return false; } elseif ($columnName === 'usf_cat_id' && $this->getValue($columnName) !== $newValue) { // erst einmal die hoechste Reihenfolgennummer der Kategorie ermitteln $sql = 'SELECT COUNT(*) as count FROM ' . TBL_USER_FIELDS . ' WHERE usf_cat_id = ' . $newValue; $countUserFieldsStatement = $this->db->query($sql); $row = $countUserFieldsStatement->fetch(); $this->setValue('usf_sequence', $row['count'] + 1); } elseif ($columnName === 'usf_description') { return parent::setValue($columnName, $newValue, false); } elseif ($columnName === 'usf_url' && $newValue !== '') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } return parent::setValue($columnName, $newValue, $checkValue); }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($columnName === 'usr_password' || $columnName === 'usr_new_password') { return false; } elseif ($columnName === 'usr_login_name') { if ($newValue === '' || !strValidCharacters($newValue, 'noSpecialChar')) { return false; } } return parent::setValue($columnName, $newValue, $checkValue); }
$_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']); $_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']); $_SESSION['user_email'] = strStripTags($_POST['user_email']); $_SESSION['user_login'] = strStripTags($_POST['user_login']); $_SESSION['user_password'] = $_POST['user_password']; $_SESSION['user_password_confirm'] = $_POST['user_password_confirm']; if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') { showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // username should only have valid chars if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) { showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // email should only have valid chars $_SESSION['user_email'] = admStrToLower($_SESSION['user_email']); if (!strValidCharacters($_SESSION['user_email'], 'email')) { showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } // password must be the same with password confirm if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) { showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } if (strlen($_SESSION['user_password']) < 8 || strlen($_SESSION['user_password_confirm']) < 8) { showNotice($gL10n->get('PRO_PASSWORD_LENGTH'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png'); } } // if config file exists than don't create a new one if ($_SESSION['create_config_file'] === false) { header('Location: installation.php?mode=8'); exit; }
// save position of combobox $arrListValues = $field->getValue('usf_value_list', 'text'); $position = 1; foreach ($arrListValues as $key => $value) { if (strcmp(admStrToLower($columnValue), admStrToLower(trim($arrListValues[$position]))) == 0) { // if col_value is text than save position if text is equal to text of position $user->setValue($field->getValue('usf_name_intern'), $position); } elseif (is_numeric($columnValue) && !is_numeric($arrListValues[$position]) && $columnValue > 0 && $columnValue < 1000) { // if col_value is numeric than save position if col_value is equal to position $user->setValue($field->getValue('usf_name_intern'), $columnValue); } $position++; } } elseif ($field->getValue('usf_type') == 'EMAIL') { $columnValue = admStrToLower($columnValue); if (strValidCharacters($columnValue, 'email')) { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255)); } } elseif ($field->getValue('usf_type') == 'INTEGER') { // number could contain dot and comma if (is_numeric(strtr($columnValue, ',.', '00')) == true) { $user->setValue($field->getValue('usf_name_intern'), $columnValue); } } elseif ($field->getValue('usf_type') == 'TEXT') { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 50)); } else { $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255)); } } } }
/** * set value for column usd_value of field * @param $fieldNameIntern * @param $fieldValue * @return bool */ public function setValue($fieldNameIntern, $fieldValue) { global $gPreferences; $returnCode = false; if ($fieldValue !== '') { switch ($this->mInventoryFields[$fieldNameIntern]->getValue('inf_type')) { case 'CHECKBOX': // Checkbox darf nur 1 oder 0 haben if ($fieldValue != 0 && $fieldValue != 1 && !$this->noValueCheck) { return false; } break; case 'DATE': // Datum muss gueltig sein und formatiert werden $date = new DateTimeExtended($fieldValue, $gPreferences['system_date']); if (!$date->isValid()) { if (!$this->noValueCheck) { return false; } } else { $fieldValue = $date->format('Y-m-d'); } break; case 'EMAIL': // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen $fieldValue = admStrToLower($fieldValue); if (!strValidCharacters($fieldValue, 'email') && !$this->noValueCheck) { return false; } break; case 'NUMBER': // A number must be numeric if (!is_numeric($fieldValue) && !$this->noValueCheck) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } break; case 'DECIMAL': // A number must be numeric if (!is_numeric(strtr($fieldValue, ',.', '00')) && !$this->noValueCheck) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } break; case 'URL': // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($fieldValue, 'url') && !$this->noValueCheck) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) { $fieldValue = 'http://' . $fieldValue; } break; } } $infId = $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id'); // first check if user has a data object for this field and then set value of this user field if (array_key_exists($infId, $this->mInventoryData)) { $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue); } elseif (isset($this->mInventoryFields[$fieldNameIntern]) && $fieldValue !== '') { $this->mInventoryData[$infId] = new TableAccess($this->mDb, TBL_INVENT_DATA, 'ind'); $this->mInventoryData[$infId]->setValue('ind_inf_id', $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id')); $this->mInventoryData[$infId]->setValue('ind_itm_id', $this->mItemId); $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue); } if ($returnCode && $this->mInventoryData[$infId]->hasColumnsValueChanged()) { $this->columnsValueChanged = true; } return $returnCode; }
if ($gPreferences['mail_sender_into_to'] == 1) { // always fill recipient if preference is set to prevent problems with provider $email->addRecipient($postFrom, $postName); } // all role members will be attached as BCC while ($row = $statement->fetchObject()) { if (strValidCharacters($row->email, 'email')) { $receiver[] = array($row->email, $row->first_name . ' ' . $row->last_name); } } } } else { // create user object $user = new User($gDb, $gProfileFields, $value); // only send email to user if current user is allowed to view this user and he has a valid email address if ($gCurrentUser->hasRightViewProfile($user) && strValidCharacters($user->getValue('EMAIL'), 'email')) { $receiver[] = array($user->getValue('EMAIL'), $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME')); } } $ReceiverString .= ' | ' . $value; } $ReceiverString = substr($ReceiverString, 3); } else { // message when no receiver is given $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW')); } // if no valid recipients exists show message if (count($receiver) === 0) { $gMessage->show($gL10n->get('MSG_NO_VALID_RECIPIENTS')); } // check if name is given
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($newValue !== '') { if ($columnName === 'gbo_email') { $newValue = admStrToLower($newValue); if (!strValidCharacters($newValue, 'email')) { // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt return false; } } elseif ($columnName === 'gbo_homepage') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($newValue, 'url')) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) { $newValue = 'http://' . $newValue; } } } if ($columnName === 'gbo_text') { return parent::setValue($columnName, $newValue, false); } return parent::setValue($columnName, $newValue, $checkValue); }
if ($return_code < 0) { $gMessage->show($gL10n->get('SYS_NO_RIGHTS')); } if ($return_code == 0) { // Benachrichtigungs-Email für neue Einträge if (!$gValidLogin) { $gbo_name = $_POST['gbo_name']; $gbo_email = $_POST['gbo_email']; $gbo_text = $_POST['gbo_text']; } else { $gbo_name = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME'); $gbo_email = $gCurrentUser->getValue('EMAIL'); $gbo_text = $_POST['gbo_text']; } $sender_name = $gbo_name; if (!strValidCharacters($gbo_email, 'email')) { $gbo_email = $gPreferences['email_administrator']; $sender_name = 'Administrator ' . $gCurrentOrganization->getValue('org_homepage'); } $notification = new Email(); $notification->adminNotfication($gL10n->get('GBO_EMAIL_NOTIFICATION_TITLE'), $gL10n->get('GBO_EMAIL_NOTIFICATION_MESSAGE', $gCurrentOrganization->getValue('org_longname'), $gbo_text, $gbo_name, date($gPreferences['system_date'], time())), $sender_name, $gbo_email); } // Der Inhalt des Formulars wird bei erfolgreichem insert/update aus der Session geloescht unset($_SESSION['guestbook_entry_request']); $gNavigation->deleteLastUrl(); // Der CaptchaCode wird bei erfolgreichem insert/update aus der Session geloescht if (isset($_SESSION['captchacode'])) { unset($_SESSION['captchacode']); } $url = $g_root_path . '/adm_program/modules/guestbook/guestbook.php?headline=' . $getHeadline; // Bei Moderation Hinweis ausgeben dass Nachricht erst noch geprüft werden muss
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME'))); } if ($userField->getValue('usf_system') == 0 && $_POST['usf_type'] === '') { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATATYPE'))); } if ($userField->getValue('usf_system') == 0 && $_POST['usf_cat_id'] == 0) { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_CATEGORY'))); } if (($_POST['usf_type'] === 'DROPDOWN' || $_POST['usf_type'] === 'RADIO_BUTTON') && $_POST['usf_value_list'] === '') { $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_VALUE_LIST'))); } // @ptabaden: Change Bugfix 3.1.2 if ($_POST['usf_icon'] !== '' && !strValidCharacters($_POST['usf_icon'], 'url')) { $gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('SYS_ICON'))); } if ($_POST['usf_url'] !== '' && !strValidCharacters($_POST['usf_url'], 'url')) { $gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('ORG_URL'))); } // Nachname und Vorname sollen immer Pflichtfeld bleiben if ($userField->getValue('usf_name_intern') === 'LAST_NAME' || $userField->getValue('usf_name_intern') === 'FIRST_NAME') { $_POST['usf_mandatory'] = 1; } if (isset($_POST['usf_name']) && $userField->getValue('usf_name') !== $_POST['usf_name']) { // Schauen, ob das Feld bereits existiert $sql = 'SELECT COUNT(*) AS count FROM ' . TBL_USER_FIELDS . ' WHERE usf_name LIKE \'' . $_POST['usf_name'] . '\' AND usf_cat_id = ' . $_POST['usf_cat_id'] . ' AND usf_id <> ' . $getUsfId; $statement = $gDb->query($sql); $row = $statement->fetch();
public function setValue($fieldNameIntern, $fieldValue) { global $gPreferences; $returnCode = false; if ($fieldValue !== '') { if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') { // Checkbox darf nur 1 oder 0 haben if ($fieldValue != 0 && $fieldValue != 1 && $this->noValueCheck != true) { return false; } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DATE') { // Datum muss gueltig sein und formatiert werden $date = DateTime::createFromFormat($gPreferences['system_date'], $fieldValue); if ($date == false) { if ($this->noValueCheck != true) { return false; } } else { $fieldValue = $date->format('Y-m-d'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') { // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen $fieldValue = admStrToLower($fieldValue); if (!strValidCharacters($fieldValue, 'email') && $this->noValueCheck != true) { return false; } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'NUMBER') { // A number must be numeric if (is_numeric($fieldValue) == false && $this->noValueCheck != true) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DECIMAL_NUMBER') { // A number must be numeric if (is_numeric(strtr($fieldValue, ',.', '00')) == false && $this->noValueCheck != true) { return false; } else { // numbers don't have leading zero $fieldValue = ltrim($fieldValue, '0'); } } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') { // Homepage darf nur gueltige Zeichen enthalten if (!strValidCharacters($fieldValue, 'url') && $this->noValueCheck != true) { return false; } // Homepage noch mit http vorbelegen if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) { $fieldValue = 'http://' . $fieldValue; } } } // first check if user has a data object for this field and then set value of this user field if (array_key_exists($this->mProfileFields[$fieldNameIntern]->getValue('usf_id'), $this->mUserData)) { $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue); } elseif (isset($this->mProfileFields[$fieldNameIntern]) == true && $fieldValue !== '') { $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')] = new TableAccess($this->mDb, TBL_USER_DATA, 'usd'); $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usf_id', $this->mProfileFields[$fieldNameIntern]->getValue('usf_id')); $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usr_id', $this->mUserId); $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue); } if ($returnCode && $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->hasColumnsValueChanged()) { $this->columnsValueChanged = true; } return $returnCode; }
/** * method adds BCC recipients to mail * Bcc Empfänger werden ersteinmal gesammelt, damit später Päckchen verschickt werden können * @param string $address * @param string $name * @return bool */ public function addBlindCopy($address, $name = '') { $address = admStrToLower($address); // Blindcopy must be Ascii-US formated, so encode in MimeHeader $asciiName = stripslashes($name); if (strValidCharacters($address, 'email')) { //$this->emBccArray[] = '"'. $asciiName. '" <'. $address. '>'; $this->emBccArray[] = array('name' => $asciiName, 'address' => $address); $this->emAddresses = $this->emAddresses . $name . "\r\n"; return true; } return false; }
/** * Creates a html structure for a form field. This structure contains the label and the div for the form element. * After the form element is added the method closeControlStructure must be called. * @param string $id The id of this field structure. * @param string $label The label of the field. This string should already be translated. * @param int $property (optional) With this param you can set the following properties: * - @b FIELD_DEFAULT : The field can accept an input. * - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value. * - @b FIELD_DISABLED : The field will be disabled and could not accept an input. * @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA. * If set a help icon will be shown where the user can see the text if he hover over the icon. * If you need an additional parameter for the text you can add an array. The first entry * must be the unique text id and the second entry will be a parameter of the text id. * @param string $icon (optional) An icon can be set. This will be placed in front of the label. * @param string $class (optional) An additional css classname for the row. The class @b admFieldRow * is set as default and need not set with this parameter. */ protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '') { $cssClassRow = ''; $htmlIcon = ''; $htmlHelpIcon = ''; $htmlIdFor = ''; // set specific css class for this row if ($class !== '') { $cssClassRow .= ' ' . $class; } // if necessary set css class for a mandatory element if ($property === FIELD_REQUIRED && $this->showRequiredFields) { $cssClassMandatory = ' admidio-form-group-required'; $cssClassRow .= $cssClassMandatory; $this->flagRequiredFields = true; } if ($id !== '') { $htmlIdFor = ' for="' . $id . '"'; $this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">'); } else { $this->addHtml('<div class="form-group' . $cssClassRow . '">'); } if (strlen($icon) > 0) { // create html for icon if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) { $htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />'; } elseif (admStrIsValidFileName($icon, true)) { $htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />'; } } if ($helpTextId !== '') { $htmlHelpIcon = $this->getHelpTextIcon($helpTextId); } // add label element if ($this->type === 'vertical' || $this->type === 'navbar') { if ($label !== '') { $this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>'); } } else { if ($label !== '') { $this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label> <div class="col-sm-9">'); } else { $this->addHtml('<div class="col-sm-offset-3 col-sm-9">'); } } }
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { // encode Password with phpAss if (($columnName === 'usr_password' || $columnName === 'usr_new_password') && strlen($newValue) < 30) { $checkValue = false; $passwordHasher = new PasswordHash(9, true); // only use private hash because of compatibility $newValue = $passwordHasher->HashPassword($newValue); } elseif ($columnName === 'usr_login_name') { if ($newValue === '' || !strValidCharacters($newValue, 'noSpecialChar')) { return false; } } return parent::setValue($columnName, $newValue, $checkValue); }
$checkboxes = array('enable_download_module'); break; case 'guestbook': $checkboxes = array('enable_guestbook_captcha', 'enable_gbook_comments4all', 'enable_intial_comments_loading'); break; case 'ecards': $checkboxes = array('enable_ecard_module'); break; case 'lists': $checkboxes = array('lists_hide_overview_details'); break; case 'messages': $checkboxes = array('enable_mail_module', 'enable_pm_module', 'enable_chat_module', 'enable_mail_captcha', 'mail_html_registered_users', 'mail_into_to', 'mail_show_former'); if ($_POST['mail_sendmail_address'] !== '') { $_POST['mail_sendmail_address'] = admStrToLower($_POST['mail_sendmail_address']); if (!strValidCharacters($_POST['mail_sendmail_address'], 'email')) { $gMessage->show($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('MAI_SENDER_EMAIL'))); } } break; case 'photos': $checkboxes = array('photo_download_enabled', 'photo_keep_original'); break; case 'profile': $checkboxes = array('profile_log_edit_fields', 'profile_show_map_link', 'profile_show_roles', 'profile_show_former_roles', 'profile_show_extern_roles'); break; case 'events': $checkboxes = array('enable_dates_ical', 'dates_show_map_link', 'dates_show_rooms'); break; case 'links': if (!is_numeric($_POST['weblinks_redirect_seconds']) || $_POST['weblinks_redirect_seconds'] < 0) {
/** * Set a new value for a column of the database table. * The value is only saved in the object. You must call the method @b save to store the new value to the database * @param string $columnName The name of the database column whose value should get a new value * @param mixed $newValue The new value that should be stored in the database field * @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked. * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed */ public function setValue($columnName, $newValue, $checkValue = true) { if ($columnName === 'usr_password' || $columnName === 'usr_new_password') { return false; } elseif ($columnName === 'usr_login_name') { // @ptabaden: Change in reference to 3.1.2 if ($newValue !== '' && !strValidCharacters($newValue, 'noSpecialChar')) { return false; } } return parent::setValue($columnName, $newValue, $checkValue); }