function update_user_comment_guestbook($comment, $post_key)
{
global $conf;
$comment_action = 'validate';
if (!verify_ephemeral_key($post_key)) {
$comment_action = 'reject';
} else {
if (!$conf['guestbook']['comments_validation'] or is_admin()) {
$comment_action = 'validate';
} else {
$comment_action = 'moderate';
}
}
if ($comment_action != 'reject') {
$user_where_clause = '';
if (!is_admin()) {
$user_where_clause = ' AND author_id = \'' . $GLOBALS['user']['id'] . '\'';
}
$query = '
UPDATE ' . GUESTBOOK_TABLE . '
SET content = \'' . $comment['content'] . '\',
validated = \'' . ($comment_action == 'validate' ? 'true' : 'false') . '\',
validation_date = ' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . '
WHERE id = ' . $comment['comment_id'] . $user_where_clause . '
;';
$result = pwg_query($query);
// mail admin and ask to validate the comment
if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$comment_url = add_url_params(GUESTBOOK_URL, array('comment_id' => $comm['id']));
$keyargs_content = array(get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username'])), get_l10n_args('Comment: %s', stripslashes($comment['content'])), get_l10n_args('', ''), get_l10n_args('Manage this user comment: %s', $comment_url), get_l10n_args('', ''), get_l10n_args('(!) This comment requires validation', ''));
pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username'])), $keyargs_content);
}
}
return $comment_action;
}
/**
* Tries to update a user comment
* only admin can update all comments
* users can edit their own comments if admin allow them
*
* @param array $comment
* @param string $post_key secret key sent back to the browser
* @return string validate, moderate, reject
*/
function update_user_comment($comment, $post_key)
{
global $conf, $page;
$comment_action = 'validate';
if (!verify_ephemeral_key($post_key, $comment['image_id'])) {
$comment_action = 'reject';
} elseif (!$conf['comments_validation'] or is_admin()) {
$comment_action = 'validate';
//one of validate, moderate, reject
} else {
$comment_action = 'moderate';
//one of validate, moderate, reject
}
// perform more spam check
$comment_action = trigger_change('user_comment_check', $comment_action, array_merge($comment, array('author' => $GLOBALS['user']['username'])));
// website
if (!empty($comment['website_url'])) {
$comm['website_url'] = strip_tags($comm['website_url']);
if (!preg_match('/^https?/i', $comment['website_url'])) {
$comment['website_url'] = 'http://' . $comment['website_url'];
}
if (!url_check_format($comment['website_url'])) {
$page['errors'][] = l10n('Your website URL is invalid');
$comment_action = 'reject';
}
}
if ($comment_action != 'reject') {
$user_where_clause = '';
if (!is_admin()) {
$user_where_clause = ' AND author_id = \'' . $GLOBALS['user']['id'] . '\'';
}
$query = '
UPDATE ' . COMMENTS_TABLE . '
SET content = \'' . $comment['content'] . '\',
website_url = ' . (!empty($comment['website_url']) ? '\'' . $comment['website_url'] . '\'' : 'NULL') . ',
validated = \'' . ($comment_action == 'validate' ? 'true' : 'false') . '\',
validation_date = ' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . '
WHERE id = ' . $comment['comment_id'] . $user_where_clause . '
;';
$result = pwg_query($query);
// mail admin and ask to validate the comment
if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$comment_url = get_absolute_root_url() . 'comments.php?comment_id=' . $comment['comment_id'];
$keyargs_content = array(get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username'])), get_l10n_args('Comment: %s', stripslashes($comment['content'])), get_l10n_args(''), get_l10n_args('Manage this user comment: %s', $comment_url), get_l10n_args('(!) This comment requires validation'));
pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username'])), $keyargs_content);
} elseif ($result) {
email_admin('edit', array('author' => $GLOBALS['user']['username'], 'content' => stripslashes($comment['content'])));
}
}
return $comment_action;
}
// | USA. |
// +-----------------------------------------------------------------------+
//----------------------------------------------------------- include
define('PHPWG_ROOT_PATH', './');
include_once PHPWG_ROOT_PATH . 'include/common.inc.php';
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_FREE);
//----------------------------------------------------------- user registration
if (!$conf['allow_user_registration']) {
page_forbidden('User registration closed');
}
trigger_notify('loc_begin_register');
if (isset($_POST['submit'])) {
if (!verify_ephemeral_key(@$_POST['key'])) {
set_status_header(403);
$page['errors'][] = l10n('Invalid/expired form key');
}
if (empty($_POST['password'])) {
$page['errors'][] = l10n('Password is missing. Please enter the password.');
} else {
if (empty($_POST['password_conf'])) {
$page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.');
} else {
if ($_POST['password'] != $_POST['password_conf']) {
$page['errors'][] = l10n('The passwords do not match');
}
}
}
register_user($_POST['login'], $_POST['password'], $_POST['mail_address'], true, $page['errors'], isset($_POST['send_password_by_mail']));
echo json_encode(compact('redirect_to'));
header('HTTP/1.1 200 OK');
exit;
} else {
$template->assign('REDIRECT_TO', $redirect_to);
}
} else {
if (isset($_GET['init_auth'])) {
$params = array();
if ($provider == 'OpenID') {
$params['openid_identifier'] = $_GET['openid_identifier'];
}
// try to authenticate
$adapter = $hybridauth->authenticate($provider, $params);
} else {
if (!verify_ephemeral_key(@$_GET['key'])) {
throw new Exception('Forbidden', 403);
}
$template->assign('LOADING', '&openid_identifier=' . @$_GET['openid_identifier'] . '&init_auth=1');
}
}
} catch (Exception $e) {
switch ($e->getCode()) {
case 5:
$template->assign('ERROR', l10n('Authentication canceled'));
break;
case 404:
$template->assign('ERROR', l10n('User not found'));
break;
default:
$template->assign('ERROR', l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', '<span title="' . $e->getMessage() . '">' . $e->getCode() . '</span>'));
