function MG_approveSubmission($media_id) { global $_CONF, $_TABLES, $LANG_MG01; $mid = addslashes($media_id); $owner_uid = DB_getItem($_TABLES['mg_mediaqueue'], 'media_user_id', "media_id='" . $mid . "'"); DB_delete($_TABLES['mg_mediaqueue'], 'media_id', $mid); $album_id = DB_getItem($_TABLES['mg_media_album_queue'], 'album_id', "media_id='" . $mid . "'"); DB_save($_TABLES['mg_media_albums'], 'album_id, media_id, media_order', "{$album_id}, '{$mid}', 0"); require_once $_CONF['path'] . 'plugins/mediagallery/include/sort.php'; MG_SortMedia($album_id); DB_delete($_TABLES['mg_media_album_queue'], 'media_id', $mid); $sql = "SELECT media_filename, media_type " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . $mid . "'"; $result = DB_query($sql); list($media_filename, $media_type) = DB_fetchArray($result); $media_count = DB_getItem($_TABLES['mg_albums'], 'media_count', 'album_id=' . $album_id); $media_count++; DB_change($_TABLES['mg_albums'], 'media_count', $media_count, 'album_id', $album_id); MG_updateAlbumLastUpdate($album_id); $album_cover = DB_getItem($_TABLES['mg_albums'], 'album_cover', 'album_id=' . $album_id); if ($album_cover == -1 && $media_type == 0) { DB_change($_TABLES['mg_albums'], 'album_cover_filename', $media_filename, 'album_id', $album_id); } // email the owner / uploader that the item has been approved. COM_clearSpeedlimit(600, 'mgapprove'); $last = COM_checkSpeedlimit('mgapprove'); if ($last == 0) { $result2 = DB_query("SELECT username, fullname, email FROM {$_TABLES['users']} WHERE uid='" . $owner_uid . "'"); list($username, $fullname, $email) = DB_fetchArray($result2); if ($email != '') { $subject = $LANG_MG01['upload_approved']; $body = $LANG_MG01['upload_approved']; $body .= '<br' . XHTML . '><br' . XHTML . '>'; $body .= $LANG_MG01['thanks_submit']; $body .= '<br' . XHTML . '><br' . XHTML . '>'; $body .= $_CONF['site_name'] . '<br' . XHTML . '>'; $body .= $_CONF['site_url'] . '<br' . XHTML . '>'; $to = array(); $from = array(); $to = COM_formatEmailAddress($username, $email); $from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']); if (!COM_mail($to, $subject, $body, $from, true)) { COM_errorLog("Media Gallery Error - Unable to send queue notification email"); } COM_updateSpeedlimit('mgapprove'); } } // PLG_itemSaved($media_id, 'mediagallery'); // COM_rdfUpToDateCheck(); // COM_olderStuff(); return; }
/** * Email ad to a friend * * @param string $ad id of ad to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the ad * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg) { global $_CONF, $_TABLES, $LANG01, $LANG08; // check for correct $_CONF permission if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) { return $retval; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return $retval; } //Query ad $shortmsg = COM_stripslashes($shortmsg); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); $mailtext .= $LANG01[1] . ' ' . $author . LB; } $introtext = $story->DisplayElements('introtext'); $bodytext = $story->DisplayElements('bodytext'); $introtext = COM_undoSpecialChars(strip_tags($introtext)); $bodytext = COM_undoSpecialChars(strip_tags($bodytext)); $introtext = str_replace(array("\n\r", "\r"), LB, $introtext); $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext); $mailtext .= LB . $introtext; if (!empty($bodytext)) { $mailtext .= LB . LB . $bodytext; } $mailtext .= LB . LB . '------------------------------------------------------------' . LB; if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title'))); $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } COM_updateSpeedlimit('mail'); return $retval; }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET); $req->setHeader('User-Agent', 'Geeklog/' . VERSION); try { $response = $req->send(); $status = $response->getStatus(); if ($status == 200) { $body = $response->getBody(); if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $response->getHeader('content-type'); $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } // else: tough luck ... } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } elseif ($_CONF['check_trackback_link'] & 3) { COM_errorLog("Pingback verification: Got HTTP response code " . $response->getStatus() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } catch (HTTP_Request2_Exception $e) { if ($_CONF['check_trackback_link'] & 3) { // we were supposed to check for backlinks but didn't get the page COM_errorLog("Pingback verification: " . $e->getMessage() . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
function _userGetnewtoken() { global $_CONF, $_TABLES, $_USER, $LANG04; $retval = ''; $uid = 0; if ($_CONF['passwordspeedlimit'] == 0) { $_CONF['passwordspeedlimit'] = 300; // 5 minutes } COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'verifytoken'); $last = COM_checkSpeedlimit('verifytoken'); if ($last > 0) { $retval .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26], true, 'error'); } else { $username = isset($_POST['username']) ? $_POST['username'] : ''; $passwd = isset($_POST['passwd']) ? $_POST['passwd'] : ''; if (!empty($username) && !empty($passwd) && USER_validateUsername($username, 1)) { $encryptedPassword = ''; $uid = 0; $result = DB_query("SELECT uid,passwd FROM {$_TABLES['users']} WHERE username='******'"); if (DB_numRows($result) > 0) { $row = DB_fetchArray($result); $encryptedPassword = $row['passwd']; $uid = $row['uid']; } if ($encryptedPassword != '' && SEC_check_hash($passwd, $encryptedPassword)) { $retval .= requesttoken($uid, 3); } else { $retval .= newtokenform($uid); } } else { $retval .= newtokenform($uid); } } return $retval; }
/** * This will save a submission * * @param string $type Type of submission we are dealing with * @param array $A Data for that submission * */ function savesubmission($type, $A) { global $_CONF, $_TABLES, $LANG12; COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); $retval = COM_createHTMLDocument($retval); return $retval; } if (!empty($type) && $type !== 'story') { // Update the submitspeedlimit for user - assuming Plugin approves // submission record COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect $retval = PLG_saveSubmission($type, $A); if ($retval === false) { COM_errorLog("Could not save your submission. Bad type: {$type}"); } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page PLG_submissionSaved($type); COM_redirect($_CONF['site_url'] . '/index.php'); } else { PLG_submissionSaved($type); return $retval; } } if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) { $retval = savestory($A); PLG_submissionSaved($type); } else { $retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type); $retval = COM_createHTMLDocument($retval); } return $retval; }
/** * Authenticates the user if authentication headers are present * * Our handling of the speedlimit here requires some explanation ... * Atompub clients will usually try to do everything without logging in first. * Since that would mean that we can't provide feeds for drafts, items with * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED). * That, however, means that every request from an Atompub client will count * as one failed login attempt. So doing a couple of requests in quick * succession will surely get the client blocked. Therefore * - a request without any login credentials counts as one failed login attempt * - a request with wrong login credentials counts as two failed login attempts * - if, after a successful login, we have only one failed attempt on record, * we reset the speedlimit * This still ensures that * - repeated failed logins (without or with invalid credentials) will cause the * client to be blocked eventually * - this can not be used for dictionary attacks * */ function WS_authenticate() { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE; $uid = ''; $username = ''; $password = ''; $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']); $password = $_SERVER['PHP_AUTH_PW']; if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}'"); } /** this does not work! ******************************************************* } elseif (!empty($_SERVER['HTTP_X_WSSE']) && (strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) { // this is loosely based on a code snippet taken from Elgg (elgg.org) $wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']); $wsse = explode(',', $wsse); $username = ''; $pwdigest = ''; $created = ''; $nonce = ''; foreach ($wsse as $element) { $element = explode('=', $element); $key = array_shift($element); if (count($element) == 1) { $val = $element[0]; } else { $val = implode('=', $element); } $key = trim($key); $val = trim($val, "\x22\x27"); if ($key == 'Username') { $username = COM_applyBasicFilter($val); } elseif ($key == 'PasswordDigest') { $pwdigest = $val; } elseif ($key == 'Created') { $created = $val; } elseif ($key == 'Nonce') { $nonce = $val; } } if (!empty($username) && !empty($pwdigest) && !empty($created) && !empty($nonce)) { $uname = DB_escapeString($username); $pwd = DB_getItem($_TABLES['users'], 'passwd', "username = '******'"); // ... and here we would need the _unencrypted_ password if (!empty($pwd)) { $mydigest = pack('H*', sha1($nonce . $created . $pwd)); $mydigest = base64_encode($mydigest); if ($pwdigest == $mydigest) { $password = $pwd; } } } if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)"); } ******************************************************************************/ } elseif (!empty($_SERVER['REMOTE_USER'])) { /* PHP installed as CGI may not have access to authorization headers of * Apache. In that case, use .htaccess to store the auth header as * explained at * http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication */ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); $username = COM_applyBasicFilter($username); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])"); } } else { if ($WS_VERBOSE) { COM_errorLog("WS: No login given"); } // fallthrough (see below) } COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth'); if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) { WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded'); } if (!empty($username) && !empty($password)) { if ($_CONF['user_login_method']['3rdparty']) { // remote users will have to use username@servicename $u = explode('@', $username); if (count($u) > 1) { $sv = $u[count($u) - 1]; if (!empty($sv)) { $modules = SEC_collectRemoteAuthenticationModules(); foreach ($modules as $smod) { if (strcasecmp($sv, $smod) == 0) { array_pop($u); // drop the service name $uname = implode('@', $u); $status = SEC_remoteAuthentication($uname, $password, $smod, $uid); break; } } } } } if ($status == -1 && $_CONF['user_login_method']['standard']) { $status = SEC_authenticate($username, $password, $uid); } } if ($status == USER_ACCOUNT_ACTIVE) { $_USER = SESS_getUserDataFromId($uid); PLG_loginUser($_USER['uid']); // Global array of groups current user belongs to $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_CONF['restrict_webservices']) { if (!SEC_hasRights('webservices.atompub')) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices"); } // reset user, groups, and rights, just in case ... $_USER = array(); $_GROUPS = array(); $_RIGHTS = array(); WS_error(PLG_RET_AUTH_FAILED); } } if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in"); } // if there were less than 2 failed login attempts, reset speedlimit if (COM_checkSpeedlimit('wsauth', 2) == 0) { if ($WS_VERBOSE) { COM_errorLog("WS: Successful login - resetting speedlimit"); } COM_resetSpeedlimit('wsauth'); } } else { COM_updateSpeedlimit('wsauth'); if (!empty($username) && !empty($password)) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts"); } } elseif ($WS_VERBOSE) { COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt"); } WS_error(PLG_RET_AUTH_FAILED); } }
/** * Mails the contents of the contact form to that user * * @param int $uid User ID of person to send email to * @param bool $cc Whether to send a copy of the message to the author * @param string $author The name of the person sending the email * @param string $authoremail Email address of person sending the email * @param string $subject Subject of email * @param string $message Text of message to send * @return string Meta redirect or HTML for the contact form */ function CONTACT_contactemail($uid, $cc, $author, $authoremail, $subject, $message) { global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12, $MESSAGE; $retval = ''; // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check for correct 'to' user preferences $result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'"); $P = DB_fetchArray($result); if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) { $isAdmin = true; } else { $isAdmin = false; } if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=85'); } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); $last = COM_checkSpeedlimit('mail'); if ($last > 0) { $return .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG08[39] . $last . $LANG08[40] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); return $return; } if (!empty($author) && !empty($subject) && !empty($message)) { if (COM_isemail($authoremail) && strpos($author, '@') === false) { $result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}"); $A = DB_fetchArray($result); // Append the user's signature to the message $sig = ''; if (!COM_isAnonUser()) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}"); if (!empty($sig)) { $sig = strip_tags(COM_stripslashes($sig)); $sig = "\n\n-- \n" . $sig; } } $subject = COM_stripslashes($subject); $message = COM_stripslashes($message); // do a spam check with the unfiltered message text and subject $mailtext = $subject . "\n" . $message . $sig; $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $msg = PLG_itemPreSave('contact', $message); if (!empty($msg)) { define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($msg, 2) . CONTACT_contactform($uid, $cc, $subject, $message); return $retval; } $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $message = strip_tags($message) . $sig; if (!empty($A['fullname'])) { $to = COM_formatEmailAddress($A['fullname'], $A['email']); } else { $to = COM_formatEmailAddress($A['username'], $A['email']); } $from = COM_formatEmailAddress($author, $authoremail); $sent = COM_mail($to, $subject, $message, $from); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname'])); $ccmessage .= "\n------------------------------------------------------------\n\n" . $message; $sent = COM_mail($from, $subject, $ccmessage, $from); } COM_updateSpeedlimit('mail'); $retval .= COM_refresh($_CONF['site_url'] . '/' . $_CONTACT_CONF['folder_name'] . '/index.php?what=msg&msg=' . urlencode($sent ? $MESSAGE['27'] : $MESSAGE['85'])); } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($LANG08[3], 2) . CONTACT_contactform($uid, $cc, $subject, $message); } } else { $subject = strip_tags($subject); $subject = substr($subject, 0, strcspn($subject, "\r\n")); $subject = htmlspecialchars(trim($subject), ENT_QUOTES); define("CONTACT_TITLE", $LANG04[81]); $retval .= COM_errorLog($LANG08[4], 2) . CONTACT_contactform($uid, $cc, $subject, $message); } return $retval; }
function MG_sendPostCard() { global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST; global $LANG_DIRECTION, $LANG_CHARSET; $mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true)); $toname = COM_applyFilter($_POST['toname']); $toemail = COM_applyFilter($_POST['toemail']); $fromname = COM_applyFilter($_POST['fromname']); $fromemail = COM_applyFilter($_POST['fromemail']); $subject = strip_tags(COM_checkWords($_POST['subject'])); $message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message']))); $ccself = isset($_POST['ccself']) ? 1 : 0; $errCount = 0; $msg = ''; if (!COM_isEmail($toemail)) { $errCount++; } if (!COM_isEmail($fromemail)) { $errCount++; } if (empty($subject)) { $errCount++; } if (empty($message)) { $errCount++; } $captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : ''; $msg = PLG_itemPreSave('mediagallery', $captchaString); if ($msg != '') { $errCount++; } if ($errCount > 0) { return MG_editPostCard('edit', $mid, $msg); } $retval = ''; $aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"'); if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows < 1) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $M = DB_fetchArray($result); // trim the database $purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400; DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate); // save this one in the database $newsubject = DB_escapeString($subject); $newmessage = DB_escapeString($message); $pcId = COM_makesid(); $pc_time = time(); if (COM_isAnonUser()) { $uid = 1; } else { $uid = (int) $_USER['uid']; } $sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery: Error saving postcard"); } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard'); $last = COM_checkSpeedlimit('mgpostcard'); if ($last > 0) { $msg = sprintf($LANG_MG02['postcard_speedlimit'], $last); return MG_errorHandler($msg); } $alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId; // build the template... $T = new Template(MG_getTemplatePath($aid)); $T->set_file('postcard', 'postcard.thtml'); $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg'); if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } $T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit'])); $T->parse('output', 'postcard'); $retval .= $T->finish($T->get_var('output')); $msgData['subject'] = htmlspecialchars($subject); $msgData['htmlmessage'] = $retval; $msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link); $msgData['from']['email'] = $fromemail; $msgData['from']['name'] = $fromname; $msgData['to'][] = array('email' => $toemail, 'name' => $toname); if ($ccself) { $msgData['to'][] = array('email' => $fromemail, 'name' => $fromname); } foreach ($_MG_CONF['validExtensions'] as $tnext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) { $msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']); } } $msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif'); COM_emailNotification($msgData); $msgNo = 8; // update the sent post card database...Or maybe just log it in an error log? $logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid; MG_postcardLog($logentry); COM_updateSpeedlimit('mgpostcard'); header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid); exit; }
if (!in_array($type, $_PLUGINS)) { $type = 'article'; } } $pageBody .= handleunSubscribe($sid, $type); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } break; default: // New Comment // do our speed limit check here COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'comment'); $last = 0; $last = COM_checkSpeedlimit('comment'); if ($last > 0) { $goBack = '<br/><br/>' . $LANG03[48]; $pageBody .= COM_showMessageText($LANG03[7] . $last . $LANG03[8] . $goBack, $LANG12[26], true, 'error'); } else { $sid = isset($_REQUEST['sid']) ? COM_sanitizeID(COM_applyFilter($_REQUEST['sid'])) : ''; $type = isset($_REQUEST['type']) ? COM_applyFilter($_REQUEST['type']) : ''; $title = isset($_REQUEST['title']) ? strip_tags($_REQUEST['title']) : ''; $postmode = $_CONF['comment_postmode']; $pid = isset($_REQUEST['pid']) ? COM_applyFilter($_REQUEST['pid'], true) : 0; if ($type != 'article') { if (!in_array($type, $_PLUGINS)) { $type = ''; } } if (!empty($sid) && !empty($type)) {
/** * This gets the state for the user * * Much of this code if from phpBB (www.phpbb.org). This checks the session * cookie and long term cookie to get the users state. * * @return array returns $_USER array * */ function SESS_sessionCheck() { global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE; if ($_SESS_VERBOSE) { COM_errorLog("***Inside SESS_sessionCheck***", 1); } unset($_USER); // We MUST do this up here, so it's set even if the cookie's not present. $user_logged_in = 0; $logged_in = 0; $userdata = array(); // Check for a cookie on the users's machine. If the cookie exists, build // an array of the users info and setup the theme. if (isset($_COOKIE[$_CONF['cookie_session']])) { $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]); if ($_SESS_VERBOSE) { COM_errorLog("got {$sessid} as the session id from lib-sessions.php", 1); } $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']); if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the session ID", 1); } if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); $userdata = SESS_getUserDataFromId($userid); if ($_SESS_VERBOSE) { COM_errorLog("Got " . count($userdata) . " pieces of data from userdata", 1); COM_errorLog(COM_debug($userdata), 1); } $_USER = $userdata; $_USER['auto_login'] = false; } } else { // Session probably expired, now check permanent cookie if (isset($_COOKIE[$_CONF['cookie_name']])) { $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $cookie_password = $_COOKIE[$_CONF['cookie_password']]; $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); } if (empty($cookie_password) || $cookie_password != $userpass) { // Invalid or manipulated cookie data SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { if (!defined('XHTML')) { define('XHTML', ''); } COM_displayMessageAndAbort(82, '', 403, 'Access denied'); } COM_updateSpeedlimit('login'); } else { if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata; $_USER['auto_login'] = true; } } } } } } } else { if ($_SESS_VERBOSE) { COM_errorLog('session cookie not found from lib-sessions.php', 1); } // Check if the persistent cookie exists if (isset($_COOKIE[$_CONF['cookie_name']])) { // Session cookie doesn't exist but a permanent cookie does. // Start a new session cookie; if ($_SESS_VERBOSE) { COM_errorLog('perm cookie found from lib-sessions.php', 1); } $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); $cookie_password = $_COOKIE[$_CONF['cookie_password']]; } if (empty($cookie_password) || $cookie_password != $userpass) { // Invalid or manipulated cookie data SEC_setCookie($_CONF['cookie_session'], '', time() - 10000); SEC_setCookie($_CONF['cookie_password'], '', time() - 10000); SEC_setCookie($_CONF['cookie_name'], '', time() - 10000); COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { if (!defined('XHTML')) { define('XHTML', ''); } COM_displayMessageAndAbort(82, '', 403, 'Access denied'); } COM_updateSpeedlimit('login'); } else { if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { $user_logged_in = 1; // Create new session and write cookie $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata; $_USER['auto_login'] = true; } } } } } } if ($_SESS_VERBOSE) { COM_errorLog("***Leaving SESS_sessionCheck***", 1); } // Ensure $_USER is set to avoid warnings (path exposure...) if (isset($_USER)) { return $_USER; } else { return NULL; } }
function FF_saveTopic($forumData, $postData, $action) { global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02; $retval = ''; $uploadErrors = ''; $msg = ''; $errorMessages = ''; $email = ''; $forumfiles = array(); $okToSave = true; $dt = new Date('now', $_USER['tzid']); $date = $dt->toUnix(); $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // verify postmode is allowed if (strtolower($postData['postmode']) == 'html') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // is forum readonly? if ($forumData['is_readonly'] == 1) { // Check if this user has moderation rights now to allow a post to a locked topic if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) { _ff_accessError(); } } if ($action == 'saveedit') { // does the forum match the forum id of the posted data? if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) { _ff_accessError(); } $editid = COM_applyFilter($postData['editid'], true); $forum = COM_applyFilter($postData['forum'], true); $editAllowed = false; if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } else { if ($_FF_CONF['allowed_editwindow'] > 0) { $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']); $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } } if ($postData['editpid'] < 1 && trim($postData['subject']) == '') { $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false); $okToSave = false; } elseif (!$editAllowed) { $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id']; $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link)); $okToSave = false; } } else { if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) { $email = isset($_USER['email']) ? $_USER['email'] : ''; } } if (isset($postData['name']) && $postData['name'] != '') { $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text'); $name = urldecode($name); } else { $okToSave = false; $errorMessages .= $LANG_GF02['invalid_name'] . '<br />'; } // speed limit check if (!SEC_hasRights('forum.edit')) { COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>'; $okToSave = false; } } // standard edit checks if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) { $errorMessages .= $LANG_GF02['msg18'] . '<br/>'; $okToSave = false; } // CAPTCHA check if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) { if (!isset($postData['captcha'])) { $postData['captcha'] = ''; } $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']); if ($msg != '') { $errorMessages .= $msg . '<br/>'; $okToSave = false; } } // spamx check if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) { // Check for SPAM $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... $errorMessages .= $LANG_GF02['spam_detected']; $okToSave = false; } } if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) { $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = plugin_itemPreSave_spamx('forum', $spamCheckData); if ($msg) { $errorMessages .= $msg; $okToSave = false; } } if ($okToSave == false) { $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' '); return array(false, $retval); } if ($okToSave == true) { if (!isset($postData['postmode_switch'])) { $postData['postmode_switch'] = 0; } $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); // validate postmode if ($postmode == 'html' || $postmode == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postmode = 'html'; } else { $postmode = 'text'; } } $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text'); $comment = _ff_preparefordb($postData['comment'], $postmode); $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : ''; $id = COM_applyFilter($postData['id'], true); $forum = COM_applyFilter($postData['forum'], true); $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : ''; $status = 0; if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $status += DISABLE_BBCODE; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $status += DISABLE_SMILIES; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $status += DISABLE_URLPARSE; } // If user has moderator edit rights only $locked = 0; $sticky = 0; if (isset($postData['modedit']) && $postData['modedit'] == 1) { if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked = 1; } if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky = 1; } } if ($action == 'savetopic') { $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $lastid; /* Check for any uploaded files - during add of new topic */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); // Update forums record DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } else { if ($action == 'savereply') { $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $id; /* Check for any uploaded files - during adding reply post */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid; if ($imagerecs != '') { $sql .= " AND id NOT IN ({$imagerecs})"; } DB_query($sql); DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id); DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } elseif ($action == 'saveedit') { $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")"; DB_query($sql); /* Check for any uploaded files - during save of edit */ $uploadErrors = _ff_check4files($editid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid); if ($topicPID == 0) { $topicPID = $editid; } $savedPostID = $editid; if ($postData['silentedit'] != 1) { DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID); //Remove any lastviewed records in the log so that the new updated topic indicator will appear DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID); } $topicparent = $topicPID; } } COM_updateSpeedLimit('forum'); PLG_itemSaved($savedPostID, 'forum'); CACHE_remove_instance('forumcb'); if (!COM_isAnonUser()) { //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic $nid = -$topicPID; $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid); $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid); $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid); $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum); $topic_name = $subject; if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) { $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) "; $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )"; DB_query($sql); } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) { // Had un-subcribed to topic and now wants to subscribe DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID); } elseif ($notify == '' and $currentTopicNotifyRecID > 1) { // Subscribed to topic - but does not want to be notified anymore DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); } elseif ($notify == '' and $currentForumNotifyRecID > 1) { // Subscribed to forum - but does not want to be notified about this topic DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'"); DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )"); } } if ($action != 'saveedit') { _ff_chknotifications($forum, $savedPostID, $uid); } $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID; if ($uploadErrors != '') { $autorefresh = false; } else { $autorefresh = true; } $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh); } else { $retval .= _ff_alertMessage($LANG_GF02['msg18']); } return array(true, $retval); }
/** * This gets the state for the user * * Much of this code if from phpBB (www.phpbb.org). This checks the session * cookie and long term cookie to get the users state. * * @return void * */ function SESS_sessionCheck() { global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE; if ($_SESS_VERBOSE) { COM_errorLog("*** Inside SESS_sessionCheck ***", 1); } $_USER = array(); // Check for a cookie on the users's machine. If the cookie exists, build // an array of the users info and setup the theme. // Flag indicates if session cookie and session data exist $session_exists = true; if (isset($_COOKIE[$_CONF['cookie_session']])) { $sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]); if ($_SESS_VERBOSE) { COM_errorLog("Got {$sessid} as the session ID", 1); } $userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']); if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the session ID", 1); } if ($userid > 1) { // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); $_USER = SESS_getUserDataFromId($userid); if ($_SESS_VERBOSE) { $str = "Got " . count($_USER) . " pieces of data from userdata \n"; foreach ($_USER as $k => $v) { $str .= sprintf("%15s [%s] \n", $k, $v); } COM_errorLog($str, 1); } $_USER['auto_login'] = false; } } elseif ($userid == 1) { // Anonymous User has session so update any information SESS_updateSessionTime($sessid, $_CONF['cookie_ip']); } else { // Session probably expired $session_exists = false; } } else { if ($_SESS_VERBOSE) { COM_errorLog("Session cookie not found", 1); } $session_exists = false; } if ($session_exists === false) { // Check if the permanent cookie exists $userid = ''; if (isset($_COOKIE[$_CONF['cookie_name']])) { $userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']], true); } if (!empty($userid)) { // Session cookie or session data don't exist, but a permanent cookie does. // Start a new session cookie and session data; if ($_SESS_VERBOSE) { COM_errorLog("Got {$userid} as User ID from the permanent cookie", 1); } $cookie_password = ''; $userpass = ''; if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) { $cookie_password = $_COOKIE[$_CONF['cookie_password']]; $userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}"); } if (empty($cookie_password) || $cookie_password != $userpass) { if ($_SESS_VERBOSE) { COM_errorLog("Password comparison failed or cookie password missing", 1); } // Invalid or manipulated cookie data $ctime = time() - 10000; SEC_setCookie($_CONF['cookie_session'], '', $ctime); SEC_setCookie($_CONF['cookie_password'], '', $ctime); SEC_setCookie($_CONF['cookie_name'], '', $ctime); COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { if (!defined('XHTML')) { define('XHTML', ''); } COM_displayMessageAndAbort(82, '', 403, 'Access denied'); } COM_updateSpeedlimit('login'); } elseif ($userid > 1) { if ($_SESS_VERBOSE) { COM_errorLog("Password comparison passed", 1); } // Check user status $status = SEC_checkUserStatus($userid); if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) { if ($_SESS_VERBOSE) { COM_errorLog("Create new session and write cookie", 1); } // Create new session and write cookie $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); $_USER = SESS_getUserDataFromId($userid); $_USER['auto_login'] = true; } } } else { if ($_SESS_VERBOSE) { COM_errorLog("Permanent cookie not found", 1); } // Anonymous user has session id but it has been expired and wiped from the db so reset. // Or new anonymous user so create new session and write cookie. $userid = 1; $sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); } } if ($_SESS_VERBOSE) { COM_errorLog("*** Leaving SESS_sessionCheck ***", 1); } $_USER['session_id'] = $sessid; }
/** * Send report about abusive comment * * @param string $cid comment id * @param string $type type of comment ('article', 'poll', ...) * @return string Meta refresh or HTML for error message * */ function CMT_sendReport($cid, $type) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN; if (COM_isAnonUser()) { $retval = COM_siteHeader('menu', $LANG_LOGIN[1]); $retval .= SEC_loginRequiredForm(); $retval .= COM_siteFooter(); return $retval; } COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}"); $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'"); $A = DB_fetchArray($result); $title = $A['title']; $comment = $A['comment']; // strip HTML if posted in HTML mode if (preg_match('/<.*>/', $comment) != 0) { $comment = strip_tags($comment); } $author = COM_getDisplayName($A['uid']); if ($A['uid'] <= 1 && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } $mailbody = sprintf($LANG03[26], $username); $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n"; if ($type != 'article' && $type != 'poll') { $mailbody .= "{$LANG09['5']}: {$type}\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $comment . "\n\n"; } $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; $to = array(); $to = COM_formatEmailAddress('', $_CONF['site_mail']); COM_mail($to, $mailsubject, $mailbody); COM_updateSpeedlimit('mail'); return COM_refresh($_CONF['site_url'] . '/index.php?msg=27'); }
function MG_notifyModerators($aid) { global $LANG_DIRECTION, $LANG_CHARSET, $_USER, $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $LANG_MG01; $to = array(); if ($MG_albums[$aid]->moderate != 1 || $MG_albums[0]->owner_id) { return true; } $body = ''; $media_user_id = $_USER['uid']; if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } COM_clearSpeedlimit(600, 'mgnotify'); $last = COM_checkSpeedlimit('mgnotify'); if ($last == 0) { $subject = $LANG_MG01['new_upload_subject'] . $_CONF['site_name']; if (COM_isAnonUser()) { $uname = 'Anonymous'; } else { $uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . $media_user_id); } // build the template... $T = new Template(MG_getTemplatePath($aid)); $T->set_file('email', 'modemail.thtml'); $T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_MG01['new_upload_body'], 'lang_details' => $LANG_MG01['details'], 'lang_album_title' => 'Album', 'lang_uploaded_by' => $LANG_MG01['uploaded_by'], 'username' => $uname, 'album_title' => strip_tags($MG_albums[$aid]->title), 'url_moderate' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $aid . '&mode=moderate">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url'])); $T->parse('output', 'email'); $body .= $T->finish($T->get_var('output')); $altbody = $LANG_MG01['new_upload_body'] . $MG_albums[$aid]->title; $altbody .= "\n\r\n\r"; $altbody .= $LANG_MG01['details']; $altbody .= "\n\r"; $altbody .= $LANG_MG01['uploaded_by'] . ' ' . $uname . "\n\r"; $altbody .= "\n\r\n\r"; $altbody .= $_CONF['site_name'] . "\n\r"; $altbody .= $_CONF['site_url'] . "\n\r"; $groups = MG_getGroupList($MG_albums[$aid]->mod_group_id); $groupList = implode(',', $groups); $sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; $result = DB_query($sql); $nRows = DB_numRows($result); $toCount = 0; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['email'] != '') { if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']); } $toCount++; $to[] = array('email' => $row['email'], 'name' => $row['username']); } } if ($toCount > 0) { $msgData['htmlmessage'] = $body; $msgData['textmessage'] = $altBody; $msgData['subject'] = $subject; $msgData['from']['email'] = $_CONF['site_mail']; $msgData['from']['name'] = $_CONF['site_name']; $msgData['to'] = $to; COM_emailNotification($msgData); } else { COM_errorLog("MG Upload: Error - Did not find any moderators to email"); } COM_updateSpeedlimit('mgnotify'); } return true; }
/** * Merge User Accounts * * This validates the entered password and then merges a remote * account with a local account. * * @return string HTML merge form if error, redirect on success * */ function USER_mergeAccounts() { global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20; $retval = ''; $remoteUID = COM_applyFilter($_POST['remoteuid'], true); $localUID = COM_applyFilter($_POST['localuid'], true); $localpwd = $_POST['localp']; $localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID); $localRow = DB_fetchArray($localResult); if (SEC_check_hash($localpwd, $localRow['passwd'])) { // password is valid $sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows == 1) { $remoteRow = DB_fetchArray($result); if ($remoteUID == $remoteRow['uid']) { $remoteUID = (int) $remoteRow['uid']; $remoteService = substr($remoteRow['remoteservice'], 6); } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } } else { echo COM_refresh($_CONF['site_url'] . '/index.php'); } $sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID; DB_query($sql); $_USER['uid'] = $localRow['uid']; $local_login = true; SESS_completeLogin($localUID); $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_SYSTEM['admin_session'] > 0 && $local_login) { if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) { $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']); SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } COM_resetSpeedlimit('login'); // log the user out SESS_endUserSession($remoteUID); // Let plugins know a user is being merged PLG_moveUser($remoteUID, $_USER['uid']); // Ok, now delete everything related to this user // let plugins update their data for this user PLG_deleteUser($remoteUID); if (function_exists('CUSTOM_userDeleteHook')) { CUSTOM_userDeleteHook($remoteUID); } // Call custom account profile delete function if enabled and exists if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) { CUSTOM_userDelete($remoteUID); } // remove from all security groups DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID); // remove user information and preferences DB_delete($_TABLES['userprefs'], 'uid', $remoteUID); DB_delete($_TABLES['userindex'], 'uid', $remoteUID); DB_delete($_TABLES['usercomment'], 'uid', $remoteUID); DB_delete($_TABLES['userinfo'], 'uid', $remoteUID); // delete user photo, if enabled & exists if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}"); USER_deletePhoto($photo, false); } // delete subscriptions DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID); // in case the user owned any objects that require Admin access, assign // them to the Root user with the lowest uid $rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); $result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1"); $A = DB_fetchArray($result); $rootuser = $A['ug_uid']; if ($rootuser == '' || $rootuser < 2) { $rootuser = 2; } DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}"); // now delete the user itself DB_delete($_TABLES['users'], 'uid', $remoteUID); } else { // invalid password - let's try one more time // need to set speed limit and give them 3 tries COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge'); $last = COM_checkSpeedlimit('merge', 4); if ($last > 0) { COM_setMsg($LANG04[190], 'error'); echo COM_refresh($_CONF['site_url'] . '/users.php'); } else { COM_updateSpeedlimit('merge'); USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]); } return $retval; } // can't use COM_setMsg here since the session is being destroyed. echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522'); }
$subject = COM_stripslashes($_POST['subject']); $retval .= COM_startBlock($LANG03[17], '', COM_getBlockTemplate('_msg_block', 'header')) . $msg . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); echo $retval; } } if ($msg == '') { //Add Reply if ($_POST['aname'] != '') { $name = gf_preparefordb($_POST['aname'], 'text'); } else { $name = gf_preparefordb($_POST['name'], 'text'); } $name = urldecode($name); if ($name != '' && strlen(trim($_POST['comment'])) > $CONF_FORUM['min_comment_length']) { COM_clearSpeedlimit($CONF_FORUM['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $message = sprintf($LANG_GF01['SPEEDLIMIT'], $last, $CONF_FORUM['post_speedlimit']); alertMessage($message, $LANG_GF02['msg180']); } else { if ($CONF_FORUM['use_spamx_filter'] == 1) { // Check for SPAM $spamcheck = '<h1>' . $_POST['subject'] . '</h1><p>' . $_POST['comment'] . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... echo COM_showMessage($result, 'spamx'); gf_siteFooter(); exit; }
} if ($plugin == '') { die('no type specified'); } if ($vote_sent > $units) { die("Sorry, vote appears to be invalid."); } // kill the script because normal users will never see this. $canRate = PLG_canUserRate($plugin, $id_sent, $uid); if ($canRate) { // look up the item in our database.... list($rating_id, $current_rating, $current_votes) = RATING_getRating($plugin, $id_sent); $voted = RATING_hasVoted($plugin, $id_sent, $uid, $ip); $status = $voted; COM_clearSpeedlimit($_CONF['rating_speedlimit'], 'rate'); $last = COM_checkSpeedlimit('rate'); if ($last > 0) { $speedlimiterror = 1; $status = 2; } else { $speedlimiterror = 0; } if (!$voted && !$speedlimiterror) { //if the user hasn't yet voted, then vote normally... if ($vote_sent >= 1 && $vote_sent <= $units && $ip == $ip_num) { // keep votes within range, make sure IP matches - no monkey business! list($new_rating, $added) = RATING_addVote($plugin, $id_sent, $vote_sent, $uid, $ip); COM_updateSpeedlimit('rate'); } } else { $added = $current_votes;
if (isset($_GET['op'])) { if ($_GET['op'] == 'add') { $_POST['addevent'] = 1; } } if (isset($_POST['addevent']) || isset($_POST['addpersonalevent'])) { if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['submitloginrequired'] == 1)) { $display = CALENDAR_siteHeader($LANG_CAL_1[41]); $display .= SEC_loginRequiredForm(); $display .= CALENDAR_siteFooter(); echo $display; exit; } $slerror = ''; COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $slerror .= COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26], true); } echo CALENDAR_siteHeader(); if ($slerror != '') { echo $slerror; } else { if ($mode != 'personal' && $_CA_CONF['only_admin_submit'] == 1 && !SEC_hasRights('calendar.edit')) { echo 'Invalid request'; } else { echo plugin_submit_calendar($mode); } } echo CALENDAR_siteFooter(); exit;
/** * Send report about abusive comment * * @param string $cid comment id * @param string $type type of comment ('article', 'poll', ...) * @return string Meta refresh or HTML for error message * */ function CMT_sendReport($cid, $type) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG_LOGIN; if (empty($_USER['username'])) { $retval = COM_siteHeader('menu', $LANG_LOGIN[1]); $retval .= COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header')); $loginreq = new Template($_CONF['path_layout'] . 'submit'); $loginreq->set_file('loginreq', 'submitloginrequired.thtml'); $loginreq->set_var('xhtml', XHTML); $loginreq->set_var('login_message', $LANG_LOGIN[2]); $loginreq->set_var('site_url', $_CONF['site_url']); $loginreq->set_var('lang_login', $LANG_LOGIN[3]); $loginreq->set_var('lang_newuser', $LANG_LOGIN[4]); $loginreq->parse('errormsg', 'loginreq'); $retval .= $loginreq->finish($loginreq->get_var('errormsg')); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}"); $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = {$cid} AND type = '{$type}'"); $A = DB_fetchArray($result); $title = stripslashes($A['title']); $comment = stripslashes($A['comment']); // strip HTML if posted in HTML mode if (preg_match('/<.*>/', $comment) != 0) { $comment = strip_tags($comment); } $author = COM_getDisplayName($A['uid']); if ($A['uid'] <= 1 && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } $mailbody = sprintf($LANG03[26], $username); $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n"; if ($type != 'article' && $type != 'poll') { $mailbody .= "{$LANG09['5']}: {$type}\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $comment . "\n\n"; } $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; if (COM_mail($_CONF['site_mail'], $mailsubject, $mailbody)) { $msg = 27; // message sent } else { $msg = 85; // problem sending the email } COM_updateSpeedlimit('mail'); return COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}"); }
$files = urldecode($_POST['token_files']); } if (SECINT_checkToken() && !empty($method) && !empty($returnurl) && ($method === 'POST' && !empty($postdata) || $method === 'GET' && !empty($getdata))) { $display .= COM_showMessage(81); $display .= SECINT_authform($returnurl, $method, $postdata, $getdata, $files); } else { if (!empty($files)) { SECINT_cleanupFiles($files); } COM_redirect($_CONF['site_url'] . '/index.php'); } } break; default: // check to see if this was the last allowed attempt if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) { displayLoginErrorAndAbort(82, $LANG04[113], $LANG04[112]); } else { // Show login form if ($msg != 69 && $msg != 70) { if (COM_isAnonUser()) { if ($_CONF['custom_registration'] && function_exists('CUSTOM_loginErrorHandler')) { // Typically this will be used if you have a custom // main site page and need to control the login process $display .= CUSTOM_loginErrorHandler($msg); } else { $display .= loginform(false, $status); } } else { // user is already logged in $display .= COM_startBlock($LANG04['user_login']);
function MG_notifyModerators($aid) { global $LANG_DIRECTION, $_USER, $_MG_CONF, $_CONF, $_TABLES, $LANG_MG01; $sql = "SELECT moderate, album_title, mod_group_id " . "FROM {$_TABLES['mg_albums']} WHERE album_id = " . intval($aid); $result = DB_query($sql); $A = DB_fetchArray($result); if ($A['moderate'] != 1 || SEC_hasRights('mediagallery.admin')) { return true; } require_once $_CONF['path'] . 'plugins/mediagallery/include/lib/phpmailer/class.phpmailer.php'; $media_user_id = $_USER['uid']; if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } $charset = COM_getCharset(); COM_clearSpeedlimit(600, 'mgnotify'); $last = COM_checkSpeedlimit('mgnotify'); if ($last == 0) { $mail = new PHPMailer(); $mail->CharSet = $charset; if ($_CONF['mail_settings']['backend'] == 'smtp') { $mail->Host = $_CONF['mail_settings']['host'] . ':' . $_CONF['mail_settings']['port']; $mail->SMTPAuth = $_CONF['mail_settings']['auth']; $mail->Username = $_CONF['mail_settings']['username']; $mail->Password = $_CONF['mail_settings']['password']; $mail->Mailer = "smtp"; } elseif ($_CONF['mail_settings']['backend'] == 'sendmail') { $mail->Mailer = "sendmail"; $mail->Sendmail = $_CONF['mail_settings']['sendmail_path']; } else { $mail->Mailer = "mail"; } $mail->WordWrap = 76; $mail->IsHTML(true); $mail->Subject = $LANG_MG01['new_upload_subject'] . $_CONF['site_name']; if (!isset($_USER['uid']) || $_USER['uid'] < 2) { $uname = 'Anonymous'; } else { $uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . intval($media_user_id)); } // build the template... $T = COM_newTemplate(MG_getTemplatePath($aid)); $T->set_file('email', 'modemail.thtml'); $T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_MG01['new_upload_body'], 'lang_details' => $LANG_MG01['details'], 'lang_album_title' => 'Album', 'lang_uploaded_by' => $LANG_MG01['uploaded_by'], 'username' => $uname, 'album_title' => strip_tags($A['title']), 'url_moderate' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $aid . '&mode=moderate">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url'])); $body .= $T->finish($T->parse('output', 'email')); $mail->Body = $body; $altbody = $LANG_MG01['new_upload_body'] . $A['title']; $altbody .= "\n\r\n\r"; $altbody .= $LANG_MG01['details']; $altbody .= "\n\r"; $altbody .= $LANG_MG01['uploaded_by'] . ' ' . $uname . "\n\r"; $altbody .= "\n\r\n\r"; $altbody .= $_CONF['site_name'] . "\n\r"; $altbody .= $_CONF['site_url'] . "\n\r"; $mail->AltBody = $altbody; $mail->From = $_CONF['site_mail']; $mail->FromName = $_CONF['site_name']; $groups = MG_getGroupList($A['mod_group_id']); $groupList = implode(',', $groups); $sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; $result = DB_query($sql); $nRows = DB_numRows($result); $toCount = 0; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['email'] != '') { if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']); } $toCount++; $mail->AddAddress($row['email'], $row['username']); } } if ($toCount > 0) { if (!$mail->Send()) { COM_errorLog("MG Upload: Unable to send moderation email - error:" . $mail->ErrorInfo); } } else { COM_errorLog("MG Upload: Error - Did not find any moderators to email"); } COM_updateSpeedlimit('mgnotify'); } return true; }
/** * Authenticates the user if authentication headers are present * * Our handling of the speedlimit here requires some explanation ... * Atompub clients will usually try to do everything without logging in first. * Since that would mean that we can't provide feeds for drafts, items with * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED). * That, however, means that every request from an Atompub client will count * as one failed login attempt. So doing a couple of requests in quick * succession will surely get the client blocked. Therefore * - a request without any login credentials counts as one failed login attempt * - a request with wrong login credentials counts as two failed login attempts * - if, after a successful login, we have only one failed attempt on record, * we reset the speedlimit * This still ensures that * - repeated failed logins (without or with invalid credentials) will cause the * client to be blocked eventually * - this can not be used for dictionary attacks * */ function WS_authenticate() { global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE; $uid = ''; $username = ''; $password = ''; $status = -1; if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $username = COM_applyFilter($username); $password = COM_applyFilter($password); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}'"); } } elseif (!empty($_SERVER['REMOTE_USER'])) { /* PHP installed as CGI may not have access to authorization headers of * Apache. In that case, use .htaccess to store the auth header */ list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']); list($username, $password) = explode(':', base64_decode($auth_data)); $username = COM_applyFilter($username); $password = COM_applyFilter($password); if ($WS_VERBOSE) { COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])"); } } else { if ($WS_VERBOSE) { COM_errorLog("WS: No login given"); } // fallthrough (see below) } COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth'); if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) { WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded'); } if (!empty($username) && !empty($password)) { if ($_CONF['user_login_method']['3rdparty']) { // remote users will have to use username@servicename $u = explode('@', $username); if (count($u) > 1) { $sv = $u[count($u) - 1]; if (!empty($sv)) { $modules = SEC_collectRemoteAuthenticationModules(); foreach ($modules as $smod) { if (strcasecmp($sv, $smod) == 0) { array_pop($u); // drop the service name $uname = implode('@', $u); $status = SEC_remoteAuthentication($uname, $password, $smod, $uid); break; } } } } } if ($status == -1 && $_CONF['user_login_method']['standard']) { $status = SEC_authenticate($username, $password, $uid); } } if ($status == USER_ACCOUNT_ACTIVE) { $_USER = SESS_getUserDataFromId($uid); PLG_loginUser($_USER['uid']); // Global array of groups current user belongs to $_GROUPS = SEC_getUserGroups($_USER['uid']); // Global array of current user permissions [read,edit] $_RIGHTS = explode(',', SEC_getUserPermissions()); if ($_CONF['restrict_webservices']) { if (!SEC_hasRights('webservices.atompub')) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices"); } // reset user, groups, and rights, just in case ... $_USER = array(); $_GROUPS = array(); $_RIGHTS = array(); WS_error(PLG_RET_AUTH_FAILED); } } if ($WS_VERBOSE) { COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in"); } // if there were less than 2 failed login attempts, reset speedlimit if (COM_checkSpeedlimit('wsauth', 2) == 0) { if ($WS_VERBOSE) { COM_errorLog("WS: Successful login - resetting speedlimit"); } COM_resetSpeedlimit('wsauth'); } } else { COM_updateSpeedlimit('wsauth'); if (!empty($username) && !empty($password)) { COM_updateSpeedlimit('wsauth'); if ($WS_VERBOSE) { COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts"); } } elseif ($WS_VERBOSE) { COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt"); } WS_error(PLG_RET_AUTH_FAILED); } }
/** * Handles a trackback ping for an entry. * * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * Note: Error messages are XML-formatted and echo'd out directly, as they * are supposed to be processed by some sort of software. * * @param string $sid ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @return boolean true = success, false = an error occured * * P.S. "Critical" errors are rejected with a HTTP 403 Forbidden status code. * According to RFC2616, this status code means * "The server understood the request, but is refusing to fulfill it. * Authorization will not help and the request SHOULD NOT be repeated." * See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4 * */ function TRB_handleTrackbackPing($sid, $type = 'article') { global $_CONF, $_TABLES; // Note: Error messages are hard-coded in English since there is no way of // knowing which language the sender of the trackback ping may prefer. $TRB_ERROR = array('no_url' => 'No URL given.', 'rejected' => 'Multiple posts not allowed.', 'spam' => 'Spam detected.', 'speedlimit' => 'Your last trackback comment was %d seconds ago. This site requires at least %d seconds between trackback comments.', 'no_link' => 'Trackback rejected as you do not seem to link to us.'); // the speed limit applies to trackback comments, too if (isset($_CONF['trackbackspeedlimit'])) { $speedlimit = $_CONF['trackbackspeedlimit']; } else { $speedlimit = $_CONF['commentspeedlimit']; } COM_clearSpeedlimit($speedlimit, 'trackback'); $last = COM_checkSpeedlimit('trackback'); if ($last > 0) { TRB_sendTrackbackResponse(1, sprintf($TRB_ERROR['speedlimit'], $last, $speedlimit), 403, 'Forbidden'); TRB_logRejected('Speedlimit', $_POST['url']); return false; } // update speed limit now in any case COM_updateSpeedlimit('trackback'); if (isset($_POST['url'])) { // a URL is mandatory ... if (substr($_POST['url'], 0, 4) != 'http') { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_url'], 403, 'Forbidden'); TRB_logRejected('No valid URL', $_POST['url']); return false; } // do spam check on the unfiltered post $result = TRB_checkForSpam($_POST['url'], $_POST['title'], $_POST['blog_name'], $_POST['excerpt']); if ($result == TRB_SAVE_SPAM) { TRB_sendTrackbackResponse(1, $TRB_ERROR['spam'], 403, 'Forbidden'); TRB_logRejected('Spam detected', $_POST['url']); return false; } if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($_POST['url']); if (empty($parts['host'])) { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_url'], 403, 'Forbidden'); TRB_logRejected('No valid URL', $_POST['url']); return false; } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_sendTrackbackResponse(1, $TRB_ERROR['spam'], 403, 'Forbidden'); TRB_logRejected('IP address mismatch', $_POST['url']); return false; } } } if ($_CONF['check_trackback_link'] & 3) { if (!TRB_linksToUs($sid, $type, $_POST['url'])) { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_link'], 403, 'Forbidden'); $comment = TRB_formatComment($_POST['url'], $_POST['title'], $_POST['blog_name'], $_POST['excerpt']); PLG_spamAction($comment, $_CONF['spamx']); TRB_logRejected('No link to us', $_POST['url']); return false; } } $saved = TRB_saveTrackbackComment($sid, $type, $_POST['url'], $_POST['title'], $_POST['blog_name'], $_POST['excerpt']); if ($saved == TRB_SAVE_REJECT) { TRB_sendTrackbackResponse(1, $TRB_ERROR['rejected'], 403, 'Forbidden'); TRB_logRejected('Multiple Trackbacks', $_POST['url']); return false; } if (isset($_CONF['notification']) && in_array('trackback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'trackback'); } TRB_sendTrackbackResponse(0); return true; } else { TRB_sendTrackbackResponse(1, $TRB_ERROR['no_url']); TRB_logRejected('No URL', $_POST['url']); } return false; }
/** * Send report about abusive comment * * @param string $cid comment id * @param string $type type of comment ('article', 'polls', ...) * @return string Meta refresh or HTML for error message * */ function CMT_sendReport($cid, $type) { global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08; if (COM_isAnonUser()) { $retval = SEC_loginRequiredForm(); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27])); return $retval; } COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}"); $result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = {$cid} AND type = '{$type}'"); $A = DB_fetchArray($result); $title = stripslashes($A['title']); $comment = stripslashes($A['comment']); // strip HTML if posted in HTML mode if (preg_match('/<.*>/', $comment) != 0) { $comment = strip_tags($comment); } $author = COM_getDisplayName($A['uid']); if ($A['uid'] <= 1 && !empty($A['ipaddress'])) { // add IP address for anonymous posters $author .= ' (' . $A['ipaddress'] . ')'; } $mailbody = sprintf($LANG03[26], $username); $mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n"; if ($type != 'article') { $mailbody .= "{$LANG09['5']}: {$type}\n"; } if ($_CONF['emailstorieslength'] > 0) { if ($_CONF['emailstorieslength'] > 1) { $comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...'; } $mailbody .= $comment . "\n\n"; } $mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n"; $mailbody .= "\n------------------------------\n"; $mailbody .= "\n{$LANG08['34']}\n"; $mailbody .= "\n------------------------------\n"; $mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27]; if (COM_mail($_CONF['site_mail'], $mailsubject, $mailbody)) { $msg = 27; // message sent } else { $msg = 85; // problem sending the email } COM_updateSpeedlimit('mail'); return COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}"); }
/** * This will save a submission * * @param string $type Type of submission we are dealing with * @param array $A Data for that submission * */ function savesubmission($type, $A) { global $_CONF, $_TABLES, $_USER, $LANG12; $retval = COM_siteHeader(); COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[30] . $last . $LANG12[31] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . COM_siteFooter(); return $retval; } if (!empty($type) && $type != 'story') { // Update the submitspeedlimit for user - assuming Plugin approves // submission record COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect $retval = PLG_saveSubmission($type, $A); if ($retval === false) { COM_errorLog("Could not save your submission. Bad type: {$type}"); } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page return COM_refresh($_CONF['site_url'] . '/index.php'); } else { return $retval; } } if (!empty($A['title']) && !empty($A['introtext'])) { $retval = savestory($A); } else { $retval .= COM_startBlock($LANG12[22], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG12[23] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . submissionform($type) . COM_siteFooter(); } return $retval; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08; $dt = new Date('now', $_USER['tzid']); $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retURL = $storyurl . '?msg=85'; } else { $retURL = $storyurl . '&msg=85'; } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { echo COM_refresh($retURL); exit; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { echo COM_refresh($retURL); exit; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { echo COM_refresh($retURL); exit; } $filter = sanitizer::getInstance(); if ($html) { $filter->setPostmode('html'); } else { $filter->setPostmode('text'); } $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']); $filter->setAllowedElements($allowedElements); $filter->setCensorData(true); $filter->setReplaceTags(true); $filter->setNamespace('glfusion', 'mail_story'); $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); $result = DB_query($sql); if (DB_numRows($result) == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { if ($html) { $shortmsg = $filter->filterHTML($shortmsg); } $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $dt->setTimestamp($A['day']); if ($html) { $mailtext .= '<p>------------------------------------------------------------</p>' . '<p>' . COM_undoSpecialChars($A['title']) . '</p>' . '<p>' . $dt->format($_CONF['date'], true) . '</p>'; } else { $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($A['title']) . LB . $dt->format($_CONF['date'], true) . LB; } if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($A['uid']); $mailtext .= $LANG01[1] . ' ' . $author . LB; } if ($html) { $mailtext .= '<p>' . $filter->displayText($A['introtext']) . '<br />' . $filter->displayText($A['bodytext']) . '</p>' . '<p>------------------------------------------------------------</p>'; } else { $mailtext .= $filter->displayText($A['introtext']) . LB . $filter->displayText($A['bodytext']) . LB . LB . '------------------------------------------------------------' . LB; } if ($A['commentcode'] == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = array(); $mailfrom = array(); $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title'])); $rc = COM_mail($mailto, $subject, $mailtext, $mailfrom, $html); COM_updateSpeedlimit('mail'); if ($rc) { if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=27'); } else { $retval = COM_refresh($storyurl . '&msg=27'); } } else { // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=26'); } else { $retval = COM_refresh($storyurl . '&msg=26'); } } echo COM_refresh($retval); exit; }
/** * Handle a pingback for an entry. * Also takes care of the speedlimit and spam. Assumes that the caller of this * function has already checked permissions! * * @param string $id ID of entry that got pinged * @param string $type type of that entry ('article' for stories, etc.) * @param string $url URL of the page that pinged us * @param string $oururl URL that got pinged on our site * @return object XML-RPC response */ function PNB_handlePingback($id, $type, $url, $oururl) { global $_CONF, $_TABLES, $PNB_ERROR; require_once 'HTTP/Request.php'; if (!isset($_CONF['check_trackback_link'])) { $_CONF['check_trackback_link'] = 2; } // handle pingbacks to articles on our own site $skip_speedlimit = false; if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) { if (!isset($_CONF['pingback_self'])) { $_CONF['pingback_self'] = 0; // default: skip self-pingbacks } if ($_CONF['pingback_self'] == 0) { return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped'])); } elseif ($_CONF['pingback_self'] == 2) { $skip_speedlimit = true; } } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback'); if (!$skip_speedlimit) { $last = COM_checkSpeedlimit('pingback'); if ($last > 0) { return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit'])); } } // update speed limit in any case COM_updateSpeedlimit('pingback'); if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) { if ($_CONF['check_trackback_link'] & 4) { $parts = parse_url($url); if (empty($parts['host'])) { TRB_logRejected('Pingback: No valid URL', $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } else { $ip = gethostbyname($parts['host']); if ($ip != $_SERVER['REMOTE_ADDR']) { TRB_logRejected('Pingback: IP address mismatch', $url); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } } } // See if we can read the page linking to us and extract at least // the page's title out of it ... $title = ''; $excerpt = ''; $http = new http_class(); $http->timeout = 0; $http->data_timeout = 0; $http->debug = 0; $http->html_debug = 0; $http->user_agent = 'glFusion/' . GVERSION; $error = $http->GetRequestArguments($url, $arguments); $error = $http->Open($arguments); $error = $http->SendRequest($arguments); if ($error == "") { $http->ReadReplyHeaders($headers); if ($http->response_status == 200) { $error = $http->ReadWholeReplyBody($body); if ($error == "" || strlen($body) > 0) { if ($_CONF['check_trackback_link'] & 3) { if (!TRB_containsBacklink($body, $oururl)) { TRB_logRejected('Pingback: No link to us', $url); $comment = TRB_formatComment($url); PLG_spamAction($comment, $_CONF['spamx']); return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } } preg_match(':<title>(.*)</title>:i', $body, $content); if (empty($content[1])) { $title = ''; // no title found } else { $title = trim(COM_undoSpecialChars($content[1])); } if ($_CONF['pingback_excerpt']) { // Check which character set the site that sent the Pingback // is using $charset = 'ISO-8859-1'; // default, see RFC 2616, 3.7.1 $ctype = $headers['content-type']; $c = explode(';', $ctype); foreach ($c as $ct) { $ch = explode('=', trim($ct)); if (count($ch) === 2) { if (trim($ch[0]) === 'charset') { $charset = trim($ch[1]); break; } } } if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) { if (function_exists('mb_convert_encoding')) { $body = @mb_convert_encoding($body, COM_getCharset(), $charset); } elseif (function_exists('iconv')) { $body = @iconv($charset, COM_getCharset(), $body); } } $excerpt = PNB_makeExcerpt($body, $oururl); } // we could also run the rest of the other site's page // through the spam filter here ... } else { COM_errorLog("Pingback verification: unable to retrieve response body"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: Got HTTP response code " . $http->response_status . " when requesting {$url}"); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } } else { COM_errorLog("Pingback verification: " . $error . " when requesting " . $url); return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']); } // check for spam first $saved = TRB_checkForSpam($url, $title, '', $excerpt); if ($saved == TRB_SAVE_SPAM) { return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']); } // save as a trackback comment $saved = TRB_saveTrackbackComment($id, $type, $url, $title, '', $excerpt); if ($saved == TRB_SAVE_REJECT) { return new XML_RPC_Response(0, 49, $PNB_ERROR['multiple']); } if (isset($_CONF['notification']) && in_array('pingback', $_CONF['notification'])) { TRB_sendNotificationEmail($saved, 'pingback'); } return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['success'])); }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg, $html = 0) { global $_CONF, $_TABLES, $_USER, $LANG01, $LANG08; $dt = new Date('now', $_USER['tzid']); $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retURL = $storyurl . '?msg=85'; } else { $retURL = $storyurl . '&msg=85'; } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { echo COM_refresh($retURL); exit; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { echo COM_refresh($retURL); exit; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { echo COM_refresh($retURL); exit; } $filter = sanitizer::getInstance(); if ($html) { $filter->setPostmode('html'); } else { $filter->setPostmode('text'); } $allowedElements = $filter->makeAllowedElements($_CONF['htmlfilter_default']); $filter->setAllowedElements($allowedElements); $filter->setCensorData(true); $filter->setReplaceTags(true); $filter->setNamespace('glfusion', 'mail_story'); $sql = "SELECT uid,title,introtext,bodytext,story_image,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($sid) . "'" . COM_getTopicSql('AND') . COM_getPermSql('AND'); $result = DB_query($sql); if (DB_numRows($result) == 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); $result = PLG_checkforSpam($shortmsg, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } USES_lib_html2text(); $T = new Template($_CONF['path_layout'] . 'email/'); $T->set_file(array('html_msg' => 'mailstory_html.thtml', 'text_msg' => 'mailstory_text.thtml')); // filter any HTML from the short message $shortmsg = $filter->filterHTML($shortmsg); $html2txt = new html2text($shortmsg, false); $shortmsg_text = $html2txt->get_text(); $story_body = COM_truncateHTML($A['introtext'], 512); $html2txt = new html2text($story_body, false); $story_body_text = $html2txt->get_text(); $dt->setTimestamp($A['day']); $story_date = $dt->format($_CONF['date'], true); $story_title = COM_undoSpecialChars($A['title']); $story_url = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($A['uid']); } else { $author = ''; } if ($A['story_image'] != '') { $story_image = $_CONF['site_url'] . $A['story_image']; } else { $story_image = ''; } $T->set_var(array('shortmsg_html' => $shortmsg, 'shortmsg_text' => $shortmsg_text, 'story_title' => $story_title, 'story_date' => $story_date, 'story_url' => $story_url, 'author' => $author, 'story_image' => $story_image, 'story_body_html' => $story_body, 'story_body_text' => $story_body_text, 'lang_by' => $LANG01[1], 'site_name' => $_CONF['site_name'], 'from_name' => $from, 'disclaimer' => sprintf($LANG08[23], $from, $fromemail))); $T->parse('message_body_html', 'html_msg'); $message_body_html = $T->finish($T->get_var('message_body_html')); $T->parse('message_body_text', 'text_msg'); $message_body_text = $T->finish($T->get_var('message_body_text')); $msgData = array('htmlmessage' => $message_body_html, 'textmessage' => $message_body_text, 'subject' => $story_title, 'from' => array('email' => $_CONF['site_mail'], 'name' => $from), 'to' => array('email' => $toemail, 'name' => $to)); $mailto = array(); $mailfrom = array(); $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = COM_undoSpecialChars(strip_tags('Re: ' . $A['title'])); $rc = COM_mail($mailto, $msgData['subject'], $msgData['htmlmessage'], $mailfrom, true, 0, '', $msgData['textmessage']); COM_updateSpeedlimit('mail'); if ($rc) { if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=27'); } else { $retval = COM_refresh($storyurl . '&msg=27'); } } else { // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '" . DB_escapeString($sid) . "'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=26'); } else { $retval = COM_refresh($storyurl . '&msg=26'); } } echo COM_refresh($retval); exit; }
/** * Email story to a friend * * @param string $sid id of story to email * @param string $to name of person / friend to email * @param string $toemail friend's email address * @param string $from name of person sending the email * @param string $fromemail sender's email address * @param string $shortmsg short intro text to send with the story * @return string Meta refresh * * Modification History * * Date Author Description * ---- ------ ----------- * 4/17/01 Tony Bibbs Code now allows anonymous users to send email * and it allows user to input a message as well * Thanks to Yngve Wassvik Bergheim for some of * this code * */ function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg) { global $_CONF, $_TABLES, $LANG01, $LANG08; require_once $_CONF['path_system'] . 'lib-story.php'; $storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=85'); } else { $retval = COM_refresh($storyurl . '&msg=85'); } // check for correct $_CONF permission if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) { return $retval; } // check if emailing of stories is disabled if ($_CONF['hideemailicon'] == 1) { return $retval; } // check mail speedlimit COM_clearSpeedlimit($_CONF['speedlimit'], 'mail'); if (COM_checkSpeedlimit('mail') > 0) { return $retval; } $story = new Story(); $result = $story->loadFromDatabase($sid, 'view'); if ($result != STORY_LOADED_OK) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $shortmsg = COM_stripslashes($shortmsg); $mailtext = sprintf($LANG08[23], $from, $fromemail) . LB; if (strlen($shortmsg) > 0) { $mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB; } // just to make sure this isn't an attempt at spamming users ... $result = PLG_checkforSpam($mailtext, $_CONF['spamx']); if ($result > 0) { COM_updateSpeedlimit('mail'); COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB; if ($_CONF['contributedbyline'] == 1) { $author = COM_getDisplayName($story->displayElements('uid')); $mailtext .= $LANG01[1] . ' ' . $author . LB; } $introtext = $story->DisplayElements('introtext'); $bodytext = $story->DisplayElements('bodytext'); $introtext = COM_undoSpecialChars(strip_tags($introtext)); $bodytext = COM_undoSpecialChars(strip_tags($bodytext)); $introtext = str_replace(array("\n\r", "\r"), LB, $introtext); $bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext); $mailtext .= LB . $introtext; if (!empty($bodytext)) { $mailtext .= LB . LB . $bodytext; } $mailtext .= LB . LB . '------------------------------------------------------------' . LB; if ($story->DisplayElements('commentcode') == 0) { // comments allowed $mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments'); } else { // comments not allowed - just add the story's URL $mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid); } $mailto = COM_formatEmailAddress($to, $toemail); $mailfrom = COM_formatEmailAddress($from, $fromemail); $subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title'))); $sent = COM_mail($mailto, $subject, $mailtext, $mailfrom); if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') { $ccmessage = sprintf($LANG08[38], $to); $ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext; $sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom); } COM_updateSpeedlimit('mail'); // Increment numemails counter for story DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'"); if ($_CONF['url_rewrite']) { $retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85')); } else { $retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85')); } return $retval; }
function FM_notifyAdmins($filename, $file_user_id, $description) { global $LANG_DIRECTION, $LANG_CHARSET, $LANG_FM00, $_USER, $_FM_CONF, $_CONF, $_TABLES; $html = false; $altBody = ''; $to = array(); $body = ''; $description = stripslashes($description); // already escaped for db if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } COM_clearSpeedlimit(300, 'fmnotify'); $last = COM_checkSpeedlimit('fmnotify'); if ($last == 0) { $html = true; $subject = $LANG_FM00['new_upload'] . $_CONF['site_name']; if (!isset($file_user_id) || $file_user_id < 2) { $uname = 'Anonymous'; } else { $uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . intval($file_user_id)); } // build the template... $T = new Template($_CONF['path'] . 'plugins/filemgmt/templates'); $T->set_file('email', 'notifyemail.thtml'); $T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_FM00['new_upload_body'], 'lang_details' => $LANG_FM00['details'], 'lang_filename' => $LANG_FM00['filename'], 'lang_uploaded_by' => $LANG_FM00['uploaded_by'], 'username' => $uname, 'filename' => $filename, 'description' => $description, 'url_moderate' => '<a href="' . $_CONF['site_admin_url'] . '/plugins/filemgmt/index.php?op=listNewDownloads">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url'])); $T->parse('output', 'email'); $body .= $T->finish($T->get_var('output')); $altbody = $LANG_FM00['new_upload_body'] . $_CONF['site_name']; $altbody .= "\n\r\n\r"; $altbody .= $LANG_FM00['details']; $altbody .= "\n\r"; $altbody .= $LANG_FM00['filename'] . ' ' . $filename . "\n\r"; $altbody .= "\n\r"; $altbody .= $description . "\n\r"; $altbody .= "\n\r"; $altbody .= $LANG_FM00['uploaded_by'] . ' ' . $uname . "\n\r"; $altbody .= "\n\r\n\r"; $altbody .= $_CONF['site_name'] . "\n\r"; $altbody .= $_CONF['site_url'] . "\n\r"; $group_id = DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="filemgmt Admin"'); $groups = FM_getGroupList($group_id); if (count($groups) == 0) { $groupList = '1'; } else { $groupList = implode(',', $groups); } $sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))"; $result = DB_query($sql); $nRows = DB_numRows($result); $toCount = 0; for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); if ($row['email'] != '') { COM_errorLog("FileMgmt Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']); $toCount++; $to[] = array('email' => $row['email'], 'name' => $row['username']); } } if ($toCount > 0) { $msgData['htmlmessage'] = $body; $msgData['textmessage'] = $altBody; $msgData['subject'] = $subject; $msgData['from']['email'] = $_CONF['site_mail']; $msgData['from']['name'] = $_CONF['site_name']; $msgData['to'] = $to; COM_emailNotification($msgData); } else { COM_errorLog("FileMgmt Upload: Error - Did not find any administrators to email"); } COM_updateSpeedlimit('fmnotify'); } return true; }