function donateme($lang)
{
global $supported_currencies;
$action = 'init';
if (isset($_POST['donateme_donate'])) {
$action = 'donate';
}
$amount = $currency = $token = false;
switch ($action) {
case 'donate':
if (isset($_POST['donateme_amount'])) {
$amount = readarg($_POST['donateme_amount']);
}
if (isset($_POST['donateme_currency'])) {
$currency = readarg($_POST['donateme_currency']);
}
if (isset($_POST['donateme_token'])) {
$token = readarg($_POST['donateme_token']);
}
break;
default:
break;
}
$missing_amount = false;
$bad_amount = false;
$missing_currency = false;
$bad_currency = false;
$bad_token = false;
switch ($action) {
case 'donate':
if (!isset($_SESSION['donateme_token']) or $token != $_SESSION['donateme_token']) {
$bad_token = true;
break;
}
if (!$amount) {
$missing_amount = true;
} else {
if (!(is_numeric($amount) and $amount >= 1)) {
$bad_amount = true;
}
}
if (!$currency) {
$missing_currency = true;
} else {
if (!validate_currency($currency)) {
$bad_currency = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'donate':
if ($bad_token or $missing_amount or $bad_amount or $missing_currency or $bad_currency) {
break;
}
unset($_SESSION['donateme_token']);
require_once 'actions/paypalcheckout.php';
paypalcheckout($lang, $amount, $currency);
break;
default:
break;
}
$_SESSION['donateme_token'] = $token = token_id();
$errors = compact('missing_amount', 'bad_amount', 'missing_currency', 'bad_currency');
$output = view('donateme', $lang, compact('token', 'supported_currencies', 'amount', 'currency', 'errors'));
return $output;
}
function remindme($lang)
{
$with_name = true;
$with_captcha = true;
$action = 'init';
if (isset($_POST['remindme_send'])) {
$action = 'remindme';
}
$login = $confirmed = $code = $token = false;
if (!empty($_SESSION['login'])) {
$login = $_SESSION['login'];
} else {
if (!empty($_SESSION['user']['name'])) {
$login = $_SESSION['user']['name'];
} else {
if (!empty($_SESSION['user']['mail'])) {
$login = $_SESSION['user']['mail'];
}
}
}
switch ($action) {
case 'remindme':
if (isset($_POST['remindme_login'])) {
$login = strtolower(strflat(readarg($_POST['remindme_login'])));
}
if (isset($_POST['remindme_confirmed'])) {
$confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['remindme_code'])) {
$code = readarg($_POST['remindme_code']);
}
if (isset($_POST['remindme_token'])) {
$token = readarg($_POST['remindme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_confirmation = false;
$email_sent = false;
$user_page = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'remindme':
if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$login) {
$missing_login = true;
} else {
if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
$bad_login = true;
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'remindme':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
break;
}
require_once 'models/user.inc';
$user_id = user_find($login);
if (!$user_id) {
$bad_login = true;
require_once 'log.php';
write_log('password.err', substr($login, 0, 40));
break;
}
$user = user_get($user_id);
if (!$user) {
$internal_error = true;
break;
}
if (!$user['user_active'] or $user['user_banned']) {
$bad_login = true;
break;
}
require_once 'newpassword.php';
$newpassword = newpassword();
if (!user_set_newpassword($user_id, $newpassword)) {
$internal_error = true;
break;
}
require_once 'emailcrypto.php';
global $sitename, $webmaster;
$to = $user['user_mail'];
$subject = translate('email:new_password_subject', $lang);
$msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
$internal_error = true;
} else {
$email_sent = $to;
}
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
} else {
if ($email_sent) {
$user_page = url('user', $lang);
}
}
$_SESSION['remindme_token'] = $token = token_id();
$errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_sent', 'user_page');
$output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
return $output;
}
function login($lang)
{
$with_name = true;
$with_captcha = true;
$with_facebook = false;
$with_newuser = true;
$with_newpassword = true;
if ($with_facebook) {
require_once 'facebook.php';
$facebook = facebook();
}
$login = $password = $code = $token = false;
if (isset($_SESSION['login'])) {
$login = $_SESSION['login'];
}
$action = 'init';
if (isset($_POST['login_enter'])) {
$action = 'enter';
}
switch ($action) {
case 'init':
if ($with_facebook) {
$facebook_user = $facebook->getUser();
if ($facebook_user) {
try {
$facebook_user_profile = $facebook->api('/me', 'GET');
if (!empty($facebook_user_profile['email'])) {
$login = $facebook_user_profile['email'];
}
$action = 'facebook';
} catch (FacebookApiException $e) {
}
$facebook->destroySession();
}
}
break;
case 'enter':
if (isset($_POST['login_login'])) {
$login = strtolower(strflat(readarg($_POST['login_login'])));
}
if (isset($_POST['login_password'])) {
$password = readarg($_POST['login_password']);
}
if (isset($_POST['login_code'])) {
$code = readarg($_POST['login_code']);
}
if (isset($_POST['login_token'])) {
$token = readarg($_POST['login_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_password = false;
$access_denied = false;
switch ($action) {
case 'enter':
if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
$bad_token = true;
break;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$password) {
$missing_password = true;
}
/* fall thru */
/* fall thru */
case 'facebook':
if (!$login) {
$missing_login = true;
} else {
if (!(validate_user_name($login) or validate_mail($login))) {
$bad_login = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'enter':
case 'facebook':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
break;
}
require_once 'models/user.inc';
$user = user_login($login, $password);
if (!$user) {
$access_denied = true;
require_once 'log.php';
write_log('enter.err', substr($login, 0, 100));
$_SESSION['login'] = $login;
break;
}
$user['ip'] = client_ip_address();
if (in_array('administrator', $user['role'])) {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'login' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
@emailme($subject, $msg);
if ($action == 'facebook') {
$access_denied = true;
break;
}
}
session_regenerate();
$_SESSION['user'] = $user;
unset($_SESSION['login']);
unset($_SESSION['login_token']);
return true;
default:
break;
}
$connectbar = false;
if ($with_facebook) {
$scope = 'email';
$facebook_login_url = $facebook->getLoginUrl(compact('scope'));
$connectbar = view('connect', $lang, compact('facebook_login_url'));
}
$password_page = $with_newpassword ? url('password', $lang) : false;
$newuser_page = $with_newuser ? url('newuser', $lang) : false;
$_SESSION['login_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
$output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
return $output;
}
function subscribe($lang)
{
global $sitekey, $system_languages;
$with_locale = count($system_languages) > 1;
// true, false
$with_captcha = true;
$action = 'init';
if (isset($_POST['subscribe_send'])) {
$action = 'subscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$user_locale = user_profile('locale');
if (!$user_locale) {
$user_locale = $lang;
}
$unsubscribe_page = false;
switch ($action) {
case 'init':
if ($sitekey) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
}
break;
case 'subscribe':
if (isset($_POST['subscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
}
if ($with_locale) {
if (isset($_POST['subscribe_locale'])) {
$user_locale = readarg($_POST['subscribe_locale']);
}
}
if (isset($_POST['subscribe_confirmed'])) {
$confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['subscribe_code'])) {
$code = readarg($_POST['subscribe_code']);
}
if (isset($_POST['subscribe_token'])) {
$token = readarg($_POST['subscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$missing_locale = false;
$bad_locale = false;
$missing_confirmation = false;
$email_registered = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'subscribe':
if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (newsletter_get_user($user_mail)) {
$duplicated_mail = true;
}
}
}
if ($with_locale) {
if (!$user_locale) {
$missing_locale = true;
} else {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'subscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
break;
}
$r = newsletter_create_user($user_mail, $user_locale);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'subscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
@emailme($subject, $msg);
$email_registered = true;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['subscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_registered');
$output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
return $output;
}
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore)
{
$user_id = user_profile('id');
$moderator = user_has_role('moderator');
// $user_id == $node_user_id || user_has_role('moderator')
$now = time();
$message_maxlen = 1000;
$with_captcha = false;
$action = 'init';
if ($user_id) {
if (isset($_POST['comment_comment'])) {
$action = 'comment';
} else {
if (isset($_POST['comment_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['comment_validate'])) {
$action = 'validate';
} else {
if (isset($_POST['comment_moderate'])) {
$action = 'moderate';
} else {
if (isset($_POST['comment_modify'])) {
$action = 'modify';
} else {
if (isset($_POST['comment_delete'])) {
$action = 'delete';
}
}
}
}
}
}
}
$id = $message = $token = false;
switch ($action) {
case 'validate':
if (isset($_POST['comment_code'])) {
$code = readarg($_POST['comment_code']);
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
case 'moderate':
if (isset($_POST['comment_moderate'])) {
$id = readarg($_POST['comment_moderate']);
}
break;
case 'modify':
case 'delete':
if (isset($_POST['comment_id'])) {
$id = readarg($_POST['comment_id']);
}
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_id = false;
$bad_id = false;
$missing_message = false;
$message_too_long = false;
switch ($action) {
case 'validate':
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
case 'modify':
case 'delete':
if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) {
$bad_token = true;
}
break;
default:
break;
}
switch ($action) {
case 'moderate':
case 'modify':
case 'delete':
if ($bad_token) {
break;
}
if (!$id) {
$missing_id = true;
break;
}
if (!is_numeric($id)) {
$id = false;
$bad_id = true;
break;
}
if (!$moderator) {
$r = node_get_comment($node_id, $id, $lang);
if (!$r) {
$id = false;
$bad_id = true;
break;
}
extract($r);
/* comment_user_id, comment_created */
if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) {
$id = false;
$bad_id = true;
break;
}
}
break;
default:
break;
}
switch ($action) {
case 'comment':
case 'validate':
case 'edit':
case 'modify':
if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) {
break;
}
if (!$message) {
$missing_message = true;
} else {
if (strlen(utf8_decode($message)) > $message_maxlen) {
$message_too_long = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'validate':
if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) {
break;
}
$ip_address = client_ip_address();
$r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'comment' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url;
@emailme($subject, $msg);
$message = false;
break;
case 'modify':
if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) {
break;
}
$r = node_set_comment($node_id, $id, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
case 'delete':
if ($bad_token or $missing_id or $bad_id) {
break;
}
$r = node_delete_comment($node_id, $id);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
default:
break;
}
$newcomment = $user_page = false;
if (!$id and !$nomore) {
if ($user_id) {
$newcomment = true;
} else {
$user_page = url('user', $lang);
}
}
$comments = node_get_all_comments($node_id, $lang);
$moderated = false;
if ($comments) {
if ($moderator) {
$moderated = true;
} else {
$moderated = array();
foreach ($comments as $c) {
if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) {
$moderated[] = $c['comment_id'];
}
}
}
}
$_SESSION['comment_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long');
$output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors'));
return $output;
}
function unsubscribe($lang)
{
$with_captcha = true;
$action = 'init';
if (isset($_POST['unsubscribe_send'])) {
$action = 'unsubscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$subscribe_page = false;
switch ($action) {
case 'init':
$subscribe_page = url('newslettersubscribe', $lang);
break;
case 'unsubscribe':
if (isset($_POST['unsubscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
}
if (isset($_POST['unsubscribe_confirmed'])) {
$confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['unsubscribe_code'])) {
$code = readarg($_POST['unsubscribe_code']);
}
if (isset($_POST['unsubscribe_token'])) {
$token = readarg($_POST['unsubscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$unknown_mail = false;
$missing_confirmation = false;
$mail_unsubscribed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'unsubscribe':
if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (!newsletter_get_user($user_mail)) {
$unknown_mail = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'unsubscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
break;
}
require_once 'urlencodeaction.php';
$id = 1;
// confirmnewsletterunsubscribe, see saction
$param = $user_mail;
$s64 = urlencodeaction($id, $param);
if (!$s64) {
$internal_error = true;
break;
}
$saction_page = url('saction', $lang);
if (!$saction_page) {
$internal_error = true;
break;
}
global $base_url;
$url = $base_url . $saction_page . '/' . $s64;
require_once 'emailtext.php';
$to = $user_mail;
$subject = translate('newsletter:unregister_subject', $lang);
$f = translate('newsletter:unregister_text', $lang);
$s = sprintf($f, $url);
$msg = $s . "\n\n" . translate('email:salutations', $lang);
emailtext($msg, $to, $subject, false);
$mail_unsubscribed = $user_mail;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['unsubscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('mail_unsubscribed');
$output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
return $output;
}
function useredit($lang, $user_id)
{
global $system_languages, $supported_roles;
$is_admin = user_has_role('administrator');
$is_owner = $user_id == user_profile('id');
$with_name = true;
$with_status = ($user_id != 1 and $is_admin);
$with_delete = ($user_id != 1 and $is_admin and !$is_owner);
$with_newpassword = false;
// ($user_id != 1 and $is_owner);
$with_locale = count($system_languages) > 1 ? true : false;
$with_role = ($user_id != 1 and $is_admin);
$with_timezone = ($user_id != 1 and $is_admin);
$with_website = true;
$with_info = false;
$confirmed = false;
$action = 'init';
if (isset($_POST['useredit_modify'])) {
$action = 'modify';
}
if ($with_newpassword) {
if (isset($_POST['useredit_change'])) {
$action = 'change';
}
}
if ($with_delete) {
if (isset($_POST['useredit_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['useredit_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['useredit_cancel'])) {
$action = 'cancel';
}
}
}
}
$user_name = $user_mail = $user_locale = $user_timezone = false;
$user_website = false;
$user_active = $user_banned = false;
$user_accessed = false;
$user_role = false;
$user_newpassword = false;
$user_lastname = $user_firstname = false;
$token = false;
switch ($action) {
case 'init':
case 'reset':
$r = user_get($user_id);
if ($r) {
extract($r);
/* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
}
$user_newpassword = false;
if ($with_info) {
$r = user_get_info($user_id);
if ($r) {
extract($r);
/* user_lastname, user_firstname */
}
}
if ($with_role) {
$user_role = user_get_role($user_id);
}
break;
case 'modify':
case 'change':
case 'delete':
case 'cancel':
if ($with_info) {
if (isset($_POST['useredit_lastname'])) {
$user_lastname = readarg($_POST['useredit_lastname']);
}
if (isset($_POST['useredit_firstname'])) {
$user_firstname = readarg($_POST['useredit_firstname']);
}
}
if (isset($_POST['useredit_name'])) {
$user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
}
if (isset($_POST['useredit_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
}
if (isset($_POST['useredit_website'])) {
$user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
}
if (isset($_POST['useredit_timezone'])) {
$user_timezone = readarg($_POST['useredit_timezone']);
}
if (isset($_POST['useredit_locale'])) {
$user_locale = readarg($_POST['useredit_locale']);
}
if ($with_role) {
if (isset($_POST['useredit_role'])) {
$user_role = readarg($_POST['useredit_role']);
}
}
if ($with_status) {
if (isset($_POST['useredit_active'])) {
$user_active = readarg($_POST['useredit_active']) == 'on';
}
if (isset($_POST['useredit_banned'])) {
$user_banned = readarg($_POST['useredit_banned']) == 'on';
}
if (isset($_POST['useredit_accessed'])) {
$user_accessed = (int) readarg($_POST['useredit_accessed']);
}
}
if ($with_newpassword) {
if (isset($_POST['useredit_newpassword'])) {
$user_newpassword = readarg($_POST['useredit_newpassword']);
}
}
if (isset($_POST['useredit_token'])) {
$token = readarg($_POST['useredit_token']);
}
break;
default:
break;
}
$bad_token = false;
$missing_lastname = false;
$missing_firstname = false;
$missing_name = false;
$bad_name = false;
$duplicated_name = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$bad_role = false;
$bad_website = false;
$missing_locale = false;
$bad_locale = false;
$bad_timezone = false;
$missing_newpassword = false;
$bad_newpassword = false;
$account_modified = false;
$password_changed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'modify':
if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
$bad_token = true;
}
if ($with_info) {
if (!$user_lastname) {
$missing_lastname = true;
}
if (!$user_firstname) {
$missing_firstname = true;
}
}
if ($with_name and !$user_name) {
$missing_name = true;
}
if ($user_name) {
if (!validate_user_name($user_name)) {
$bad_name = true;
} else {
if (!user_check_name($user_name, $user_id)) {
$duplicated_name = true;
}
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail)) {
$bad_mail = true;
} else {
if (!user_check_mail($user_mail, $user_id)) {
$duplicated_mail = true;
}
}
}
if ($user_role) {
foreach ($user_role as $role) {
if (!validate_role($role)) {
$bad_role = true;
break;
}
}
}
if ($user_website) {
if (!validate_website($user_website)) {
$bad_website = true;
} else {
$user_website = normalize_website($user_website);
}
}
if ($user_timezone) {
if (!validate_timezone($user_timezone)) {
$bad_timezone = true;
}
}
if ($with_locale and !$user_locale) {
$missing_locale = true;
}
if ($user_locale) {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
break;
case 'change':
if (!$user_newpassword) {
$missing_newpassword = true;
} else {
if (!validate_password($user_newpassword)) {
$bad_newpassword = true;
}
}
break;
default:
break;
}
$confirm_delete = false;
switch ($action) {
case 'modify':
if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
break;
}
$r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['name'] = $user_name;
$_SESSION['user']['mail'] = $user_mail;
$_SESSION['user']['website'] = $user_website;
$_SESSION['user']['locale'] = $user_locale;
$_SESSION['user']['timezone'] = $user_timezone;
}
if ($with_info) {
$r = user_set_info($user_id, $user_lastname, $user_firstname);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['lastname'] = $user_lastname;
$_SESSION['user']['firstname'] = $user_firstname;
}
}
if ($with_role) {
$r = user_set_role($user_id, $user_role);
if (!$r) {
$internal_error = true;
break;
}
}
if ($with_status) {
$r = user_set_status($user_id, $user_active, $user_banned);
if (!$r) {
$internal_error = true;
break;
}
}
$account_modified = true;
break;
case 'change':
if ($missing_newpassword or $bad_newpassword) {
break;
}
$r = user_set_newpassword($user_id, $user_newpassword);
if (!$r) {
$internal_error = true;
break;
}
$password_changed = true;
break;
case 'delete':
if (!$confirmed) {
$confirm_delete = true;
break;
}
$r = user_delete($user_id);
if (!$r) {
$internal_error = true;
break;
}
return false;
default:
break;
}
$user_newpassword = false;
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['useredit_token'] = $token = token_id();
$errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
$infos = compact('account_modified', 'password_changed');
$output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
return $output;
}
function postnews($lang, $newsletter_id, $page_id)
{
$postdate = $scheduled = $mailed = false;
$r = newsletter_get_post($newsletter_id, $page_id, $lang);
if ($r) {
extract($r);
// newsletter_post_scheduled, newsletter_post_mailed
$scheduled = $newsletter_post_scheduled;
$mailed = $newsletter_post_mailed;
}
if ($mailed) {
return view('postnews', $lang, compact('mailed'));
}
$action = 'init';
if (isset($_POST['postnews_post']) and !$scheduled) {
$action = 'post';
} else {
if (isset($_POST['postnews_cancel']) and $scheduled and !$mailed) {
$action = 'cancel';
}
}
$hmin = 8;
$hmax = 18;
$token = false;
$date = false;
$hour = $hmin;
$minute = 0;
switch ($action) {
case 'init':
break;
case 'post':
if (isset($_POST['postnews_date'])) {
$date = readarg($_POST['postnews_date']);
}
if (isset($_POST['postnews_hour'])) {
$hour = readarg($_POST['postnews_hour']);
}
if (isset($_POST['postnews_minute'])) {
$minute = readarg($_POST['postnews_minute']);
}
if (isset($_POST['postnews_token'])) {
$token = readarg($_POST['postnews_token']);
}
break;
case 'cancel':
break;
default:
break;
}
$bad_token = false;
$missing_date = false;
$bad_date = false;
$internal_error = false;
switch ($action) {
case 'post':
if (!isset($_SESSION['postnews_token']) or $token != $_SESSION['postnews_token']) {
$bad_token = true;
}
if (!is_numeric($hour)) {
$hour = $hmin;
} else {
if ($hour < $hmin) {
$hour = $hmin;
} else {
if ($hour >= $hmax) {
$hour = $hmax;
$minute = 0;
}
}
}
if (!is_numeric($minute)) {
$minute = 0;
} else {
if ($minute < 0) {
$minute = 0;
} else {
if ($minute > 59) {
$minute = 59;
}
}
}
if (!$date) {
$missing_date = true;
} else {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_date = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_date = true;
}
}
}
if ($missing_date or $bad_date) {
break;
}
$postdate = mktime($hour, $minute, 0, $d[3], $d[4], $d[1]);
if ($postdate < mktime($hmin, 0, 0)) {
$bad_date = true;
}
break;
default:
break;
}
switch ($action) {
case 'post':
if ($bad_token or $missing_date or $bad_date) {
break;
}
$r = newsletter_schedule_post($newsletter_id, $page_id, $lang, $postdate);
if (!$r) {
$internal_error = true;
break;
}
$scheduled = $postdate;
break;
case 'cancel':
$r = newsletter_cancel_post($newsletter_id, $page_id, $lang);
if (!$r) {
$internal_error = true;
break;
}
$scheduled = false;
break;
default:
break;
}
if (!$scheduled) {
$postdate = mktime($hour, $minute, 0);
if (time() > mktime($hmax + 1, 0, 0)) {
$postdate = strtotime('+1 day', $postdate);
}
}
$_SESSION['postnews_token'] = $token = token_id();
$errors = compact('missing_date', 'bad_date', 'internal_error');
$output = view('postnews', $lang, compact('token', 'scheduled', 'mailed', 'hmin', 'hmax', 'postdate', 'errors'));
return $output;
}
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
$action = 'init';
if (isset($_POST['mailme_send'])) {
$action = 'send';
}
$mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
if (isset($_SESSION['user']['mail'])) {
$mail = $_SESSION['user']['mail'];
}
switch ($action) {
case 'send':
if (isset($_POST['mailme_mail'])) {
$mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
}
if (isset($_POST['mailme_subject'])) {
$subject = readarg($_POST['mailme_subject']);
}
if (isset($_POST['mailme_message'])) {
$message = readarg($_POST['mailme_message']);
}
if ($with_appointment) {
if (isset($_POST['mailme_date'])) {
$date = readarg($_POST['mailme_date']);
}
if (isset($_POST['mailme_hour'])) {
$hour = readarg($_POST['mailme_hour']);
}
if (isset($_POST['mailme_minute'])) {
$minute = readarg($_POST['mailme_minute']);
}
}
if (isset($_POST['mailme_code'])) {
$code = readarg($_POST['mailme_code']);
}
if (isset($_POST['mailme_token'])) {
$token = readarg($_POST['mailme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$missing_subject = false;
$bad_subject = false;
$missing_message = false;
$bad_appointment = false;
$email_sent = false;
$home_page = false;
$internal_error = false;
switch ($action) {
case 'send':
if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$mail) {
$missing_mail = true;
} else {
if (!validate_mail($mail)) {
$bad_mail = true;
}
}
if (!$subject) {
$missing_subject = true;
} else {
if (is_mail_injected($subject)) {
$bad_subject = true;
}
}
if (!$message) {
$missing_message = true;
}
if ($with_appointment) {
if ($date) {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_appointment = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_appointment = true;
} else {
if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
$bad_appointment = true;
}
}
}
}
if (is_numeric($hour) and is_numeric($minute)) {
if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
$bad_appointment = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'send':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
break;
}
require_once 'emailme.php';
if ($date) {
$f = translate('email:appointment', $lang);
$s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
$message .= "\n\n{$s}";
}
$r = emailme($subject, $message, $mail, $to);
if (!$r) {
$internal_error = true;
break;
}
$subject = $message = $date = $hour = $minute = false;
if ($with_home) {
global $home_action;
$home_page = url($home_action, $lang);
}
$email_sent = true;
break;
default:
break;
}
$_SESSION['mailme_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
$infos = compact('email_sent', 'home_page');
$output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
return $output;
}
function upload($lang)
{
$maxfilesize = 1000000;
$action = 'init';
if (isset($_POST['upload_put'])) {
$action = 'upload';
}
$file = $name = $type = $error = false;
$size = 0;
$token = false;
switch ($action) {
case 'upload':
if (isset($_POST['upload_token'])) {
$token = readarg($_POST['upload_token']);
}
if (isset($_FILES['upload_file'])) {
if (isset($_FILES['upload_file']['tmp_name'])) {
$file = $_FILES['upload_file']['tmp_name'];
}
if (isset($_FILES['upload_file']['error'])) {
$error = $_FILES['upload_file']['error'];
}
if (isset($_FILES['upload_file']['name'])) {
$name = $_FILES['upload_file']['name'];
}
if (isset($_FILES['upload_file']['type'])) {
$type = $_FILES['upload_file']['type'];
}
if (isset($_FILES['upload_file']['size'])) {
$size = $_FILES['upload_file']['size'];
}
}
break;
default:
break;
}
$bad_token = false;
$missing_file = false;
$bad_file = false;
$bad_name = false;
$bad_size = false;
$bad_copy = false;
$copy_error = false;
$file_copied = false;
switch ($action) {
case 'upload':
if (!isset($_SESSION['upload_token']) or $token != $_SESSION['upload_token']) {
$bad_token = true;
break;
}
if (!$file) {
$missing_file = true;
} else {
if (!is_uploaded_file($file)) {
$bad_file = true;
} else {
if ($error != UPLOAD_ERR_OK) {
$bad_copy = true;
} else {
if ($size > $maxfilesize) {
$bad_size = true;
} else {
if (!validate_filename($name) or !is_filename_allowed($name)) {
$bad_name = true;
}
}
}
}
}
break;
default:
break;
}
switch ($action) {
case 'upload':
if ($bad_token or $missing_file or $bad_file or $bad_size or $bad_name or $bad_copy) {
break;
}
$filecopy = FILES_DIR . DIRECTORY_SEPARATOR . $name;
if (!@move_uploaded_file($file, $filecopy)) {
$copy_error = true;
break;
}
$file_copied = true;
break;
default:
break;
}
$_SESSION['upload_token'] = $token = token_id();
$errors = compact('missing_file', 'bad_file', 'bad_size', 'bad_name', 'bad_copy', 'copy_error');
$infos = compact('file_copied');
$output = view('upload', $lang, compact('token', 'maxfilesize', 'name', 'errors', 'infos'));
return $output;
}
function configure($lang)
{
global $system_languages;
global $base_url;
$writable_files = array(CONFIG_DIRNAME . DIRECTORY_SEPARATOR . DB_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . CONFIG_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . ALIASES_INC, LOGOS_DIRNAME . DIRECTORY_SEPARATOR . SITELOGO_PNG, SITEMAP_XML, ROBOTS_TXT, AVATARS_DIRNAME, LOG_DIRNAME, TMP_DIRNAME, PHPQRCODECACHE_DIRNAME);
$bad_write_permission = false;
foreach ($writable_files as $fname) {
$fpath = ROOT_DIR . DIRECTORY_SEPARATOR . $fname;
clearstatcache(true, $fpath);
if (!is_writable($fpath)) {
if (!is_array($bad_write_permission)) {
$bad_write_permission = array();
}
$bad_write_permission[] = $fname;
}
}
$token = false;
if (isset($_POST['configure_token'])) {
$token = readarg($_POST['configure_token']);
}
$action = 'init';
if (isset($_POST['configure_configure'])) {
$action = 'configure';
}
$sitename = $webmaster = '';
$content_languages = false;
$default_language = false;
$db_flag = false;
$db_type = 'mysql';
$db_reuse = false;
$db_host = 'localhost';
$db_admin_user = $db_admin_password = '';
$db_name = $db_user = $db_password = $db_prefix = '';
$site_admin_user = $site_admin_password = '';
switch ($action) {
case 'init':
$sitename = 'mysite.net';
$webmaster = '*****@*****.**';
$content_languages = array($lang);
$default_language = $lang;
$db_flag = true;
$db_reuse = false;
$db_name = 'mysite';
$db_user = '******';
$db_prefix = 'mysite_';
do {
$db_password = newpassword(8);
} while (!validate_password($db_password));
break;
case 'configure':
if (isset($_POST['configure_sitename'])) {
$sitename = readarg($_POST['configure_sitename']);
}
if (isset($_POST['configure_webmaster'])) {
$webmaster = readarg($_POST['configure_webmaster']);
}
if (isset($_POST['configure_content_languages'])) {
$content_languages = readarg($_POST['configure_content_languages']);
}
if (isset($_POST['configure_default_language'])) {
$default_language = readarg($_POST['configure_default_language']);
}
if (isset($_POST['configure_db_flag'])) {
$db_flag = readarg($_POST['configure_db_flag']) == 'yes' ? true : false;
}
if (isset($_POST['configure_db_type'])) {
$db_type = readarg($_POST['configure_db_type']);
}
if (isset($_POST['configure_db_reuse'])) {
$db_reuse = readarg($_POST['configure_db_reuse']) == 'yes' ? true : false;
}
if (isset($_POST['configure_db_admin_user'])) {
$db_admin_user = readarg($_POST['configure_db_admin_user']);
}
if (isset($_POST['configure_db_admin_password'])) {
$db_admin_password = readarg($_POST['configure_db_admin_password']);
}
if (isset($_POST['configure_db_name'])) {
$db_name = readarg($_POST['configure_db_name']);
}
if (isset($_POST['configure_db_host'])) {
$db_host = readarg($_POST['configure_db_host']);
}
if (isset($_POST['configure_db_user'])) {
$db_user = readarg($_POST['configure_db_user']);
}
if (isset($_POST['configure_db_password'])) {
$db_password = readarg($_POST['configure_db_password']);
}
if (isset($_POST['configure_db_prefix'])) {
$db_prefix = readarg($_POST['configure_db_prefix']);
}
if (isset($_POST['configure_site_admin_user'])) {
$site_admin_user = readarg($_POST['configure_site_admin_user']);
}
if (isset($_POST['configure_site_admin_password'])) {
$site_admin_password = readarg($_POST['configure_site_admin_password']);
}
break;
default:
break;
}
$bad_token = false;
$missing_sitename = false;
$missing_webmaster = false;
$missing_content_languages = false;
$bad_content_languages = false;
$missing_default_language = false;
$bad_default_language = false;
$missing_db_admin_user = false;
$missing_db_admin_password = false;
$bad_db_type = false;
$missing_db_name = false;
$bad_db_name = false;
$bad_db_prefix = false;
$missing_db_host = false;
$bad_db_host = false;
$missing_db_user = false;
$bad_db_user = false;
$missing_db_password = false;
$weak_db_password = false;
$missing_site_admin_user = false;
$bad_site_admin_user = false;
$missing_site_admin_password = false;
$weak_site_admin_password = false;
$db_error = false;
$file_error = false;
$internal_error = false;
switch ($action) {
case 'configure':
if (!isset($_SESSION['configure_token']) or $token != $_SESSION['configure_token']) {
$bad_token = true;
}
if (empty($sitename)) {
$missing_sitename = true;
}
if (empty($webmaster)) {
$missing_webmaster = true;
}
if (empty($content_languages)) {
$missing_content_languages = true;
} else {
if (!is_array($content_languages)) {
$bad_content_languages = true;
} else {
foreach ($content_languages as $clang) {
if (!in_array($clang, $system_languages)) {
$bad_content_languages = true;
break;
}
}
if (empty($default_language)) {
$default_language = $content_languages[0];
} else {
if (!in_array($default_language, $content_languages)) {
$bad_default_language = true;
}
}
}
}
if ($db_flag) {
if (empty($db_name)) {
$missing_db_name = true;
} else {
if (!$db_reuse and !validate_db_name($db_name)) {
$bad_db_name = true;
}
}
if (empty($db_type) or !in_array($db_type, array('mysql', 'pgsql'))) {
$bad_db_type = true;
}
if (!empty($db_prefix) and !validate_db_name($db_prefix)) {
$bad_db_prefix = true;
}
if (!$db_reuse) {
if (empty($db_admin_user)) {
$missing_db_admin_user = true;
}
if (empty($db_admin_password)) {
$missing_db_admin_password = true;
}
}
if (empty($db_host)) {
$missing_db_host = true;
} else {
if (!(validate_host_name($db_host) or validate_ip_address($db_host))) {
$bad_db_host = true;
}
}
if (empty($db_user)) {
$missing_db_user = true;
} else {
if (!$db_reuse and !validate_db_name($db_user)) {
$bad_db_user = true;
}
}
if (empty($db_password)) {
$missing_db_password = true;
} else {
if (!$db_reuse and !validate_password($db_password)) {
$weak_db_password = true;
}
}
if (empty($site_admin_user)) {
$missing_site_admin_user = true;
} else {
if (!validate_db_name($site_admin_user)) {
$bad_site_admin_user = true;
}
}
if (empty($site_admin_password)) {
$missing_site_admin_password = true;
} else {
if (!validate_password($site_admin_password)) {
$weak_site_admin_password = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'configure':
if ($bad_token or $bad_write_permission or $missing_sitename or $missing_webmaster or $missing_content_languages or $bad_default_language or $missing_db_admin_user or $missing_db_admin_password or $missing_db_name or $bad_db_name or $bad_db_type or $missing_db_host or $bad_db_host or $missing_db_user or $bad_db_user or $missing_db_password or $weak_db_password or $missing_site_admin_user or $bad_site_admin_user or $missing_site_admin_password or $weak_site_admin_password) {
break;
}
$site_admin_mail = $site_admin_user . '@' . $sitename;
$languages = array($default_language);
foreach ($content_languages as $clang) {
if ($clang != $default_language) {
$languages[] = $clang;
}
}
if ($db_flag) {
switch ($db_type) {
case 'pgsql':
require_once 'configurepgsql.php';
break;
case 'mysql':
default:
require_once 'configuremysql.php';
break;
}
if (!$db_reuse) {
try {
create_db($db_admin_user, $db_admin_password, 'localhost', $db_name, $db_user, $db_password);
} catch (PDOException $e) {
$db_error = $e->getMessage();
break;
}
}
try {
init_db($db_host, $db_name, $db_user, $db_password, $db_prefix, $site_admin_user, $site_admin_password, $site_admin_mail, $default_language);
} catch (PDOException $e) {
$db_error = $e->getMessage();
break;
}
$img = identicon($site_admin_user, AVATAR_SIZE);
@imagepng($img, AVATARS_DIR . DIRECTORY_SEPARATOR . $site_admin_user . '.png');
$db_inc = build_db_inc($db_host, $db_name, $db_user, $db_password, $db_prefix, $db_type);
$config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, 1, 'home', 'page', $languages);
$features = array('captcha', 'avatar', 'rssfeed', 'home', 'contact', 'user', 'nobody', 'account', 'password', 'newuser', 'search', 'suggest', 'download', 'admin', 'adminuser', 'pagecontent', 'pagevisit', 'page', 'editpage', 'folder', 'folderedit', 'story', 'storyedit', 'book', 'bookedit', 'newsletter', 'newsletteredit', 'newslettersubscribe', 'newsletterunsubscribe', 'thread', 'threadedit', 'node', 'editnode', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
$aliases_inc = build_aliases_inc($features, $languages);
} else {
$db_inc = build_db_inc(false, false, false, false, false, false);
$config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, false, 'homepage', 'anypage', $languages);
$features = array('captcha', 'avatar', 'rssfeed', 'homepage', 'contact', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
$aliases_inc = build_aliases_inc($features, $languages);
}
if (!$db_inc or !$config_inc or !$aliases_inc) {
$internal_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . DB_INC, array('<?php', $db_inc))) {
$file_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . CONFIG_INC, array('<?php', $config_inc))) {
$file_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . ALIASES_INC, array("<?php", $aliases_inc))) {
$file_error = true;
break;
}
$sitemap_xml = build_sitemap_xml($sitename, $languages);
@file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . SITEMAP_XML, array('<?xml version="1.0" encoding="UTF-8"?>', "\n", $sitemap_xml));
$robots_txt = build_robots_txt($sitename, $languages);
@file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . ROBOTS_TXT, $robots_txt);
$logo = strlogo($sitename);
@imagepng($logo, LOGOS_DIR . DIRECTORY_SEPARATOR . SITELOGO_PNG, 9, PNG_ALL_FILTERS);
imagedestroy($logo);
session_reopen();
reload($base_url);
return false;
default:
break;
}
$_SESSION['configure_token'] = $token = token_id();
$errors = compact('bad_write_permission', 'missing_sitename', 'missing_webmaster', 'missing_content_languages', 'bad_default_language', 'missing_db_admin_user', 'missing_db_admin_password', 'bad_db_type', 'missing_db_name', 'bad_db_name', 'missing_db_host', 'bad_db_host', 'bad_db_prefix', 'missing_db_user', 'bad_db_user', 'missing_db_password', 'weak_db_password', 'missing_site_admin_user', 'bad_site_admin_user', 'missing_site_admin_password', 'weak_site_admin_password');
$output = view('configure', $lang, compact('token', 'sitename', 'webmaster', 'db_error', 'file_error', 'internal_error', 'content_languages', 'default_language', 'db_flag', 'db_type', 'db_reuse', 'db_admin_user', 'db_admin_password', 'db_name', 'db_host', 'db_prefix', 'db_user', 'db_password', 'site_admin_user', 'site_admin_password', 'errors'));
return $output;
}
