public function safety_email()
{
$safety_email = session('safety_email');
$auth_member = session('auth_member');
if (IS_POST && !$safety_email) {
$where['id'] = $auth_member['id'];
$where['pass'] = md5($_POST['pass']);
if ($res = M('Member')->where($where)->find()) {
session('safety_email', true);
$this->redirect("Member/safety_email");
} else {
$this->error('密码错误!');
}
} elseif (IS_POST && $safety_email) {
if (!check_email($_POST['email_code'])) {
$this->error('验证码错误或已过期!');
}
$_POST['id'] = $auth_member['id'];
$res = D('Member')->save_item($_POST);
if (!$res['status']) {
$this->error($res['error']);
} else {
session('safety_email', null);
$this->success('操作成功!', 'Member/safety');
}
} else {
$this->display();
}
}
function send_recover_mail($user)
{
global $site_key, $globals;
if (!check_email($user->email)) {
return false;
}
$now = time();
if (!empty($globals['email_domain'])) {
$domain = $globals['email_domain'];
} else {
$domain = get_server_name();
}
$key = md5($user->id . $user->pass . $now . $site_key . get_server_name());
$url = $globals['base_url'] . 'profile?login='******'&t=' . $now . '&k=' . $key;
//echo "$user->username, $user->email, $url<br />";
$to = $user->email;
$subject = _('Recuperación o verificación de contraseña de ') . get_server_name();
$subject = mb_encode_mimeheader($subject, "UTF-8", "B", "\n");
$message = $to . ': ' . _('para poder acceder sin la clave, conéctate a la siguiente dirección en menos de 15 minutos:') . "\n\n{$url}\n\n";
$message .= _('Pasado este tiempo puedes volver a solicitar acceso en: ') . "\nhttp://" . get_server_name() . $globals['base_url'] . "login?op=recover\n\n";
$message .= _('Una vez en tu perfil, puedes cambiar la clave de acceso.') . "\n" . "\n";
$message .= "\n\n" . _('Este mensaje ha sido enviado a solicitud de la dirección: ') . $globals['user_ip'] . "\n\n";
$message .= "-- \n " . _('el equipo de menéame');
$message = wordwrap($message, 70);
$headers = 'Content-Type: text/plain; charset="utf-8"' . "\n" . 'From: ' . _('Avisos') . ' ' . $domain . ' <' . _('no_contestar') . "@{$domain}>\n" . 'Reply-To: ' . _('no_contestar') . "@{$domain}\n" . 'X-Mailer: meneame.net' . "\n";
$headers .= 'MIME-Version: 1.0' . "\n";
//$pars = '-fweb@'.get_server_name();
mail($to, $subject, $message, $headers);
echo '<p><strong>' . _('Correo enviado, mira tu buzón, allí están las instrucciones. Mira también en la carpeta de spam.') . '</strong></p>';
return true;
}
/**
* Validates e-mail
* @param string $email
*/
public static function check_email($email)
{
if (check_email($email) == 0) {
echo 'Error validate e-mial';
exit;
}
}
public function Send()
{
if(!$this->IsAvailable())
return false;
$arNotification = $this->Notify->getNotification();
//No need to send about updates;
if($arNotification["ACTION"] == "UPDATE")
return 0;
$arEmailSubscribe = array();
$arAllSubscribe = $this->GetList(array(), array("ID" => array(self::SUBSCRIBE_ALL, self::SUBSCRIBE_IDEA_COMMENT.$arNotification["POST_ID"])), false, false, array("USER_ID", "USER_EMAIL"));
while($r = $arAllSubscribe->Fetch())
if(check_email($r["USER_EMAIL"]))
$arEmailSubscribe[$r["USER_ID"]] = $r["USER_EMAIL"];
foreach($arEmailSubscribe as $UserId => $Email)
{
//Avoid to send notification to author
if($UserId == $arNotification["AUTHOR_ID"])
continue;
$arNotification["EMIAL_TO"] = $Email;
//ADD_IDEA_COMMENT, ADD_IDEA
CEvent::Send($arNotification["ACTION"].'_'.$arNotification["TYPE"], SITE_ID, $arNotification);
}
return count($arEmailSubscribe)>0;
}
function registra_usuario($username, $password, $email)
{
global $db;
if (user_exists($username)) {
$mensaje_de_error = "El usuario " . $username . " ya existe";
} else {
if (check_email($email) == 0) {
$mensaje_de_error = "El mail no es válido";
} else {
if (email_exists($email)) {
$mensaje_de_error = "El mail " . $email . " ya existe";
} else {
$SELECT = "INSERT INTO usuarios ( usuario_login, usuario_password, usuario_email, usuario_nombre )";
$SELECT .= " VALUES ( '" . $username . "', '" . md5($password) . "', '" . $email . "', '" . $username . "' )";
$result = $db->get_results($SELECT);
logea("registro " . $username, "", $_SESSION["usuario"]);
//Creamos el ranking con un día atrás para que no obtenga beneficios de 60000 al actualizar el ranking hoy
$SELECT = "INSERT INTO ranking ( ranking_usuario, ranking_saldo, ranking_invertido, ranking_total, ranking_beneficio_hoy, ranking_fecha ) ";
$SELECT .= " VALUES ( '" . $username . "', '60000', '0', '60000', '0', CURDATE()-INTERVAL 1 DAY )";
$result = $db->get_results($SELECT);
}
}
}
return $mensaje_de_error;
}
function page_contact()
{
// Add departments
global $_CLASS;
$_CLASS['core_user']->user_setup();
$_CLASS['core_user']->add_lang();
$this->error = '';
$this->preview = !empty($_POST['preview']);
if ($this->preview || !empty($_POST['contact'])) {
$this->data['MESSAGE'] = trim(get_variable('message', 'POST', ''));
$this->data['NAME'] = get_variable('sender_name', 'POST', '');
$this->data['EMAIL'] = get_variable('sender_email', 'POST', '');
foreach ($this->data as $field => $value) {
if (!$value) {
$this->error .= $_CLASS['core_user']->lang['ERROR_' . $field] . '<br />';
unset($field, $value, $lang);
} elseif ($field == 'EMAIL' && !check_email($value)) {
$this->error .= $_CLASS['core_user']->lang['BAD_EMAIL'] . '<br />';
}
}
if (!$this->error) {
$this->send_feedback();
}
} else {
$this->data['NAME'] = $_CLASS['core_user']->is_user ? $_CLASS['core_user']->data['username'] : '';
$this->data['EMAIL'] = $_CLASS['core_user']->is_user ? $_CLASS['core_user']->data['user_email'] : '';
$this->data['MESSAGE'] = '';
}
$_CLASS['core_template']->assign_array(array('ERROR' => $this->error, 'MESSAGE' => $this->data['MESSAGE'], 'ACTION' => generate_link($_CLASS['core_display']->page['page_name']), 'SENDER_EMAIL' => $this->data['EMAIL'], 'SENDER_NAME' => $this->data['NAME']));
$_CLASS['core_template']->display('modules/contact/index.html');
}
/**
* add new comment
* @param int $id post id
* @param string $comment comment value
* @param int $parent_id 父评论的ID
*/
public function add_comment($id, $comment, $author = '', $email = '', $parent_id = 0, $type = 0)
{
if (empty($id) || empty($comment)) {
json_error(BigAppErr::$comment['code'], "empty id or comment");
}
$user_id = get_current_user_id();
$comment_type = bigapp_core::check_comment_status();
if ($comment_type == 2 && $user_id == 0) {
if ($author == '' or $email == '') {
json_error(BigAppErr::$comment['code'], 'need email or author');
}
if (false == check_email($email)) {
json_error(BigAppErr::$comment['code'], 'email format is wrong');
}
}
if ($comment_type == 3) {
if ($user_id == 0) {
json_error(BigAppErr::$login['code'], 'need login');
}
}
$commentdata = array("comment_post_ID" => $id, 'comment_content' => $comment, 'comment_approved' => 1, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_parent' => $parent_id, "user_ID" => $user_id);
$result = wp_new_comment($commentdata);
if (!$result) {
json_error(BigAppErr::$comment['code'], "creat new comment failed");
}
return array('id' => $result);
}
/**
* @return mixed
*/
public static function checkEmail($value)
{
if (empty($value) || check_email($value)) {
return true;
} else {
return Loc::getMessage('SENDER_ENTITY_CONTACT_VALID_EMAIL');
}
}
/**
* @return mixed
*/
public static function checkEmail($value)
{
if (empty($value) || check_email($value)) {
return true;
} else {
return Loc::getMessage('SENDER_ENTITY_MAILING_CHAIN_VALID_EMAIL_FROM');
}
}
function set_email($email)
{
if (!check_email($email)) {
$this->error_set('Comment::SetEmail:: incorrect email address.');
return false;
}
$this->email = trim($email);
return true;
}
function check_regist_form($id, $passwd, $passwd2, $name, $email, $comment)
{
if (check_id($id) && check_passwd($passwd) && check_retype_passwd($passwd, $passwd2) && check_email($email) && check_comment($comment)) {
return TRUE;
// check_name($name) &&
} else {
return FALSE;
}
}
public function create_identity($p)
{
$rcmail = rcmail::get_instance();
// prefs are set in create_user()
if ($this->prefs) {
if ($this->prefs['full_name']) {
$p['record']['name'] = $this->prefs['full_name'];
}
if (($this->identities_level == 0 || $this->identities_level == 2) && $this->prefs['email_address']) {
$p['record']['email'] = $this->prefs['email_address'];
}
if ($this->prefs['___signature___']) {
$p['record']['signature'] = $this->prefs['___signature___'];
}
if ($this->prefs['reply_to']) {
$p['record']['reply-to'] = $this->prefs['reply_to'];
}
if (($this->identities_level == 0 || $this->identities_level == 1) && isset($this->prefs['identities']) && $this->prefs['identities'] > 1) {
for ($i = 1; $i < $this->prefs['identities']; $i++) {
unset($ident_data);
$ident_data = array('name' => '', 'email' => '');
// required data
if ($this->prefs['full_name' . $i]) {
$ident_data['name'] = $this->prefs['full_name' . $i];
}
if ($this->identities_level == 0 && $this->prefs['email_address' . $i]) {
$ident_data['email'] = $this->prefs['email_address' . $i];
} else {
$ident_data['email'] = $p['record']['email'];
}
if ($this->prefs['reply_to' . $i]) {
$ident_data['reply-to'] = $this->prefs['reply_to' . $i];
}
if ($this->prefs['___sig' . $i . '___']) {
$ident_data['signature'] = $this->prefs['___sig' . $i . '___'];
}
// insert identity
$identid = $rcmail->user->insert_identity($ident_data);
}
}
// copy address book
$contacts = $rcmail->get_address_book(null, true);
if ($contacts && count($this->abook)) {
foreach ($this->abook as $rec) {
// #1487096 handle multi-address and/or too long items
$rec['email'] = array_shift(explode(';', $rec['email']));
if (check_email(idn_to_ascii($rec['email']))) {
$rec['email'] = idn_to_utf8($rec['email']);
$contacts->insert($rec, true);
}
}
}
// mark identity as complete for following hooks
$p['complete'] = true;
}
return $p;
}
/**
* Processes (un)subscription requests to multiple lists
* @param string $address The email address
* @param array $list_ids The ids of the lists
* @param bool $subscribe TRUE if addresss should be subscribed to the lists, FALSE if it should be unsubscribed
* @return bool TRUE if operation was successful, else FALSE
*/
function gu_subscription_process($address, &$list_ids, $subscribe)
{
if (!check_email($address)) {
return gu_error(t("Invalid email address"));
}
$succ_list_names = array();
$fail_list_names = array();
// For each list we need to load it with all addresses
foreach ($list_ids as $list_id) {
$list = gu_list::get($list_id, TRUE);
// Don't allow subscriptions to private lists
if ($list->is_private()) {
$res = FALSE;
} else {
if ($subscribe) {
$res = $list->add($address, TRUE);
} else {
$res = $list->remove($address, TRUE);
}
}
if ($res) {
$succ_list_names[] = $list->get_name();
} else {
$fail_list_names[] = $list->get_name();
}
}
// Check if there were any successful
if (count($succ_list_names) < 1) {
return FALSE;
}
// Work out if we need to send any emails now, and if so create a sender
if (gu_config::get('list_send_welcome') || gu_config::get('list_send_goodbye') || gu_config::get('list_subscribe_notify') || gu_config::get('list_unsubscribe_notify')) {
$mailer = new gu_mailer();
if ($mailer->init()) {
$subject_prefix = count($succ_list_names) == 1 ? $succ_list_names[0] : gu_config::get('collective_name');
// Send welcome / goodbye message
if ($subscribe && gu_config::get('list_send_welcome') || !$subscribe && gu_config::get('list_send_goodbye')) {
$subject = '[' . $subject_prefix . '] ' . ($subscribe ? t('Subscription') : t('Unsubscription')) . t(' confirmation');
$action = $subscribe ? t('subscribed to') : t('unsubscribed from');
$text = t("This is an automated message to confirm that you have been % the following lists:", array($action)) . "\n\n* " . implode("\n* ", $succ_list_names) . "\n\n";
$text .= t('To change your subscriptions visit: ') . absolute_url('subscribe.php') . '?addr=' . $address . "\n\n";
$text .= t('Please do not reply to this message. Thank you.');
$mailer->send_mail($address, $subject, $text);
}
// Send admin notifications
if ($subscribe && gu_config::get('list_subscribe_notify') || !$subscribe && gu_config::get('list_unsubscribe_notify')) {
$subject = '[' . $subject_prefix . '] ' . ($subscribe ? t('Subscription') : t('Unsubscription')) . t(' notification');
$action = $subscribe ? t('subscribed to') : t('unsubscribed from');
$text = t("This is an automated message to notify you that % has been % the following lists:", array($address, $action)) . "\n\n* " . implode("\n* ", $succ_list_names) . "\n\n";
$mailer->send_admin_mail($subject, $text);
}
}
}
$action = $subscribe ? t('subscribed to') : t('unsubscribed from');
return gu_success(t('You have been % lists: <i>%</i>', array($action, implode('</i>, <i>', $succ_list_names))));
}
function guestbook_add()
{
global $db;
if (isset($_POST['submit'])) {
$last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="guestbook" AND IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\'');
if ($_POST['author'] == '' or $_POST['commentstext'] == '' or $_POST['captcha'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (!check_email($_POST['email']) and $_POST['email'] != '') {
table(ERROR, WRONG_EMAIL);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])) {
table(ERROR, CAPTCHA_WRONG);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif ($last > time() - SPAM_GUESTBOOK or @(int) $_COOKIE['guestbook'] > time() - SPAM_GUESTBOOK) {
$last > time() - SPAM_GUESTBOOK ? $zeit = SPAM_GUESTBOOK + $last - time() : ($zeit = SPAM_GUESTBOOK + $_COOKIE['guestbook'] - time());
table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_GUESTBOOK, $zeit), SPAM_PROTECTION_MSG));
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `author`, `beitrag`, `email`, `homepage`, `datum`, `IP`) VALUES ("guestbook", \'%s\', \'%s\', \'%s\', \'%s\', %d, \'%s\')', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), strsave($_SERVER['REMOTE_ADDR']));
if ($db->query($sql)) {
setcookie('guestbook', time(), time() + 365 * 86400);
header1('?section=guestbook');
}
}
unset($_SESSION['captcha']);
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
}
}
protected function validate_new_id()
{
$email_check = check_email($this->id);
if ($email_check == '') {
return true;
} else {
$this->errormsg[] = $email_check;
$this->errormsg[$this->id_field] = Config::lang('pAdminCreate_admin_username_text_error1');
return false;
}
}
public function CheckOption($option, $value, $type)
{
if ($value == '') {
return trans('Empty option value is not allowed!');
}
switch ($type) {
case CONFIG_TYPE_POSITIVE_INTEGER:
if (!preg_match('/^[1-9][0-9]*$/', $value)) {
return trans('Value of option "$a" must be a number grater than zero!', $option);
}
break;
case CONFIG_TYPE_BOOLEAN:
if (!isboolean($value)) {
return trans('Incorrect value! Valid values are: 1|t|true|y|yes|on and 0|n|no|off|false');
}
break;
case CONFIG_TYPE_RELOADTYPE:
if ($value != 'sql' && $value != 'exec') {
return trans('Incorrect reload type. Valid types are: sql, exec!');
}
break;
case CONFIG_TYPE_DOCTYPE:
if ($value != 'html' && $value != 'pdf') {
return trans('Incorrect value! Valid values are: html, pdf!');
}
break;
case CONFIG_TYPE_EMAIL:
if (!check_email($value)) {
return trans('Incorrect email address!');
}
break;
case CONFIG_TYPE_MARGINS:
if (!preg_match('/^\\d+,\\d+,\\d+,\\d+$/', $value)) {
return trans('Margins should consist of 4 numbers separated by commas!');
}
break;
case CONFIG_TYPE_MAIL_BACKEND:
if ($value != 'pear' && $value != 'phpmailer') {
return trans('Incorrect mail backend. Valid types are: pear, phpmailer!');
}
break;
case CONFIG_TYPE_MAIL_SECURE:
if ($value != 'ssl' && $value != 'tls') {
return trans('Incorrect mail security protocol. Valid types are: ssl, tls!');
}
break;
case CONFIG_TYPE_DATE_FORMAT:
if (!preg_match('/%[aAdejuw]+/', $value) || !preg_match('/%[bBhm]+/', $value) || !preg_match('/%[CgGyY]+/', $value)) {
return trans('Incorrect date format! Enter format for day (%a, %A, %d, %e, %j, %u, %w), month (%b, %B, %h, %m) and year (%C, %g, %G, %y, %Y)');
}
break;
}
return NULL;
}
public function validate($fields)
{
$fields =& $this->arResult["forms"][$this->request->getPost("id")]["fields"];
$errors =& $this->arResult["forms"][$this->request->getPost("id")]["errors"];
foreach ($fields as $field => $value) {
//Файл
if ($value["type"] == "file") {
$file = $this->request->getFile("file");
if ($file["size"] > 0) {
if ($file["type"] != "application/pdf") {
$errors[] = "Формат файла должен быть pdf";
} else {
if ($file["size"] > 1500000) {
$errors[] = "Файл должен быть меньше 1.5 Mb";
}
}
}
continue;
}
if (!$value["required"]) {
continue;
}
//captcha
if ($value["type"] == "captcha") {
if ($this->request->getPost($field) == "" || $this->request->getPost("captcha_sid") == "" || !$GLOBALS["APPLICATION"]->CaptchaCheckCode($this->request->getPost($field), $this->request->getPost("captcha_sid"))) {
$errors[] = "Поле \"{$value["placeholder"]}\" заполнено неверно";
}
continue;
}
if ($value["type"] == "text" || $value["type"] == "textarea") {
if ($this->request->getPost($field) == "") {
$errors[] = "Заполните поле \"{$value["placeholder"]}\"";
}
continue;
}
if ($value["type"] == "email") {
if (!check_email($this->request->getPost($field))) {
$errors[] = "Поле \"{$value["placeholder"]}\" не заполнено или заполнено неверно";
}
continue;
}
if ($value["type"] == "select") {
if (!in_array($this->request->getPost($field), $value["value"])) {
$errors[] = "Заполните поле \"{$value["placeholder"]}\"";
}
continue;
}
}
if (!empty($errors)) {
return false;
}
return true;
}
function invite($email)
{
global $CURUSER;
global $SITENAME;
global $BASEURL;
global $SITEEMAIL;
global $lang_takeinvite;
$id = $CURUSER[id];
$email = unesc(htmlspecialchars(trim($email)));
$email = safe_email($email);
if (!$email) {
bark($lang_takeinvite['std_must_enter_email']);
}
if (!check_email($email)) {
bark($lang_takeinvite['std_invalid_email_address']);
}
if (EmailBanned($email)) {
bark($lang_takeinvite['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_takeinvite['std_wrong_email_address_domains'] . allowedemails());
}
$body = "\n你好,\n\n我邀请你加入 {$SITENAME}, 这是一个拥有丰富资源的非开放社区. \n如果你有兴趣加入我们请阅读规则并确认邀请.最后,确保维持一个良好的分享率 \n分享允许的资源.\n\n欢迎到来! :)\n";
$body = str_replace("<br />", "<br />", nl2br(trim(strip_tags($body))));
if (!$body) {
bark($lang_takeinvite['std_must_enter_personal_message']);
}
// check if email addy is already in use
$a = @mysql_fetch_row(@sql_query("select count(*) from users where email=" . sqlesc($email))) or die(mysql_error());
if ($a[0] != 0) {
bark($lang_takeinvite['std_email_address'] . htmlspecialchars($email) . $lang_takeinvite['std_is_in_use']);
}
$b = @mysql_fetch_row(@sql_query("select count(*) from invites where invitee=" . sqlesc($email))) or die(mysql_error());
if ($b[0] != 0) {
bark($lang_takeinvite['std_invitation_already_sent_to'] . htmlspecialchars($email) . $lang_takeinvite['std_await_user_registeration']);
}
$ret = sql_query("SELECT username FROM users WHERE id = " . sqlesc($id)) or sqlerr();
$arr = mysql_fetch_assoc($ret);
$hash = md5(mt_rand(1, 10000) . $CURUSER['username'] . TIMENOW . $CURUSER['passhash']);
$title = $SITENAME . $lang_takeinvite['mail_tilte'];
$message = <<<EOD
{$lang_takeinvite['mail_one']}{$arr[username]}{$lang_takeinvite['mail_two']}
<b><a href="http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}" target="_blank">{$lang_takeinvite['mail_here']}</a></b><br />
http://{$BASEURL}/signup.php?type=invite&invitenumber={$hash}
<br />{$lang_takeinvite['mail_three']}{$invite_timeout}{$lang_takeinvite['mail_four']}{$arr[username]}{$lang_takeinvite['mail_five']}<br />
{$body}
<br /><br />{$lang_takeinvite['mail_six']}
EOD;
sent_mail($email, $SITENAME, $SITEEMAIL, change_email_encode(get_langfolder_cookie(), $title), change_email_encode(get_langfolder_cookie(), $message), "invitesignup", false, false, '', get_email_encode(get_langfolder_cookie()));
//this email is sent only when someone give out an invitation
sql_query("INSERT INTO invites (inviter, invitee, hash, time_invited) VALUES ('" . mysql_real_escape_string($id) . "', '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($hash) . "', " . sqlesc(date("Y-m-d H:i:s")) . ")");
}
function save_reply()
{
if (!$this->setting->get_conf('system.enable_comment')) {
form_ajax_failed('text', lang('album_comment_closed'));
}
$comment['email'] = safe_convert($this->getPost('email'));
$comment['author'] = safe_convert($this->getPost('author'));
$comment['content'] = safe_convert($this->getPost('content'));
$comment['ref_id'] = intval($this->getPost('ref_id'));
$comment['type'] = intval($this->getPost('type'));
$comment['reply_author'] = safe_convert($this->getPost('reply_author'));
$comment['pid'] = intval($this->getPost('pid'));
$this->plugin->trigger('before_post_comment');
if ($this->setting->get_conf('system.enable_comment_captcha') && !$this->user->loggedin()) {
$captcha =& loader::lib('captcha');
if (!$captcha->check($this->getPost('captcha'))) {
form_ajax_failed('text', lang('invalid_captcha_code'));
}
}
if ($comment['email'] && !check_email($comment['email'])) {
form_ajax_failed('text', lang('error_email'));
}
if (!$comment['author']) {
form_ajax_failed('text', lang('error_comment_author'));
}
if (!$comment['content']) {
form_ajax_failed('text', lang('empty_content'));
}
if (!$comment['ref_id'] || !$comment['type'] || !$comment['pid'] || !$comment['reply_author']) {
form_ajax_failed('text', lang('miss_argument'));
}
$comment['post_time'] = time();
$comment['author_ip'] = get_real_ip();
if ($this->setting->get_conf('system.comment_audit') == 1 && !$this->user->loggedin()) {
$comment['status'] = 0;
} else {
$comment['status'] = 1;
}
if ($reply_id = $this->mdl_comment->save($comment)) {
$comment['id'] = $reply_id;
$this->output->set('info', $comment);
$this->plugin->trigger('reply_comment', $reply_id);
form_ajax_success('text', loader::view('comments/view', false));
} else {
form_ajax_failed('text', lang('reply_failed'));
}
}
function check_form()
{
global $error;
global $vars;
global $db;
global $config;
//
if (!strlen($vars['name_f'])) {
$error[] = _SIGNUP_PLEASE_ENTER_FNAME;
}
if (preg_match('/[<>"]/', $vars['name_f'])) {
$error[] = _SIGNUP_PLEASE_ENTER_FNAME;
}
if (!strlen($vars['name_l'])) {
$error[] = _SIGNUP_PLEASE_ENTER_LNAME;
}
if (preg_match('/[<>"]/', $vars['name_l'])) {
$error[] = _SIGNUP_PLEASE_ENTER_LNAME;
}
if (preg_match('/[^0-9a-zA-Z_ ]+/', $vars['login'])) {
$error[] = _SIGNUP_INVALID_USERNAME;
} elseif (strlen($vars['login']) < $config['login_min_length']) {
$error[] = sprintf(_SIGNUP_INVALID_USERNAME_2, $config['login_min_length']);
} elseif (!($member_id = $db->check_uniq_login($vars['login'], $vars['email'], $vars['pass0'], 1))) {
$error[] = sprintf(_SIGNUP_INVALID_USERNAME_3, $vars[login]);
}
if (!check_email($vars['email'])) {
$error[] = _SIGNUP_PLEASE_ENTER_EMAIL;
} elseif ($config['unique_email'] && $member_id <= 0 && $db->users_find_by_string($vars['email'], 'email', 1)) {
$error[] = _SIGNUP_INVALID_EMAIL_1 . '<br />' . sprintf(_SIGNUP_INVALID_EMAIL_2, '<a href="member.php">', '</a>', '<br />');
}
if (!strlen($vars['pass0'])) {
$error[] = _SIGNUP_PLEASE_ENTER_PSWD;
} elseif (strlen($vars['pass0']) < $config['pass_min_length']) {
$ll = $config[pass_min_length];
$error[] = sprintf(_SIGNUP_INVALID_PASS_1, $ll);
}
if ($vars['pass0'] != $vars['pass1']) {
$error[] = _SIGNUP_INVALID_PASS_2;
}
if (!strlen($vars['aff_payout_type']) && count(aff_get_payout_methods(1)) > 1) {
$error[] = _AFF_SIGNUP_PLEASE_PAYOUT_TYPE;
}
$error = array_merge($error, plugin_validate_signup_form($vars, 'affiliate_signup'));
return !count($error);
}
public function add()
{
global $mysql, $langArray, $categories;
if (!isset($_POST['username']) || trim($_POST['username']) == '') {
$error['username'] = $langArray['error_not_set_name'];
}
if (!isset($_POST['email']) || !check_email($_POST['email'])) {
$error['email'] = $langArray['error_invalid_email'];
}
if (isset($error)) {
return $error;
}
if (!isset($_POST['issue_id'])) {
$_POST['issue_id'] = 0;
}
$issue = '';
if (isset($categories[$_POST['issue_id']])) {
$issue = $categories[$_POST['issue_id']]['name'];
}
$text = $langArray['username'] . ': ' . $_POST['username'] . '
' . $langArray['email'] . ': ' . $_POST['email'] . '
' . $langArray['issue'] . ': ' . $issue . '
' . $langArray['description_of_issue'] . ': ' . $_POST['issue_details'] . '
';
$mysql->query("\n\t\t\tINSERT INTO `contacts` (\n\t\t\t\t`name`,\n\t\t\t\t`email`,\n\t\t\t\t`issue`,\n\t\t\t\t`issue_id`,\n\t\t\t\t`short_text`,\n\t\t\t\t`datetime`\n\t\t\t)\n\t\t\tVALUES (\n\t\t\t\t'" . sql_quote($_POST['username']) . "',\n\t\t\t\t'" . sql_quote($_POST['email']) . "',\n\t\t\t\t'" . sql_quote($issue) . "',\n\t\t\t\t'" . intval($_POST['issue_id']) . "',\n\t\t\t\t'" . sql_quote($text) . "',\n\t\t\t\tNOW()\n\t\t\t)\n\t\t", __FUNCTION__);
#发送邮件
$mysql->query("\n\t\t\tSELECT *\n\t\t\tFROM `system`\n\t\t\tWHERE `key` = 'admin_mail' OR `key` = 'contact_mail'\n\t\t");
while ($d = $mysql->fetch_array()) {
if ($d['key'] == 'contact_mail') {
$sendTo = $d['value'];
break;
}
$sendTo = $d['value'];
}
$emailClass = new email();
$emailClass->to($sendTo);
$emailClass->fromEmail = $_POST['email'];
$emailClass->contentType = 'text/plain';
$emailClass->subject = "[" . DOMAIN . "] Contact form";
$emailClass->message = $text;
$emailClass->send();
unset($emailClass);
return true;
}
public function updateUser($user, $withpass)
{
$error = false;
//account
$dalUser = new DALUser();
$nrUsers = $dalUser->getUserByUserNameExcludeId($user->getAccount(), $user->getId());
if (trim($user->getAccount()) == "") {
$phpError["account"] = "Username is a required field!";
$error = true;
} elseif ($nrUsers != 0) {
$phpError["account"] = "Username allready exists!";
$error = true;
}
//email
if (trim($user->getEmail()) == "") {
$phpError["email"] = "E-mail is a required field!";
$error = true;
} elseif (!check_email(trim($user->getEmail()))) {
$phpError["email"] = "Invalid e-mail!";
$error = true;
}
//password
if (trim($user->getPassword()) == "") {
$phpError["password"] = "******";
$error = true;
} elseif (strlen($user->getPassword()) < 4) {
$phpError["password"] = "******";
$error = true;
}
if ($error == true) {
return $phpError;
} else {
if ($withpass) {
//md5-encryptie
$Password = md5($user->getPassword());
$user->setPassword($Password);
//echo $user->getPassword();
}
parent::updateUser($user);
return $user->getId();
}
}
public function sendMail()
{
$tp = $this->tp;
$error = "";
$message = '<h1>Thank you for your order</h1><hr>
<strong>Amount Purchased:</strong> ' . $this->purchased_currency . '<br>
<strong>Currency Purchased:</strong> ' . $this->foreign_currency . '<br>
<strong>Total Due:</strong> ' . $this->amount_due . '<hr>';
$sender_name = $tp->toEmail('JunkNet.co.za', TRUE, 'RAWTEXT');
$sender = check_email($this->email);
$subject = $tp->toEmail('Your Order', TRUE, 'RAWTEXT');
$to = $sender;
$cleanedFrom = trim(strip_tags('*****@*****.**'));
$headers = "From: " . $cleanedFrom . "\n";
$headers .= "Reply-To: " . strip_tags('*****@*****.**') . "\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\n";
if (mail($to, $subject, $message, $headers)) {
echo "message sent";
}
}
function verify_reg($username, $email, $password, $password2)
{
global $main_smarty, $the_template;
if (!isset($username) || strlen($username) < 3) {
$main_smarty->assign('register_error_text', "usertooshort");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if (!preg_match('/^[a-zA-Z0-9_\\-\\.@]+$/', $username)) {
$main_smarty->assign('register_error_text', "usernameinvalid");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if (user_exists(trim($username))) {
$main_smarty->assign('register_error_text', "usernameexists");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if (!check_email(trim($email))) {
$main_smarty->assign('register_error_text', "bademail");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if (email_exists(trim($email))) {
$main_smarty->assign('register_error_text', "emailexists");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if (strlen($password) < 5) {
$main_smarty->assign('register_error_text', "fivecharpass");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
if ($password !== $password2) {
$main_smarty->assign('register_error_text', "nopassmatch");
$main_smarty->display($the_template . '/register_error.tpl');
$error = true;
}
return $error;
}
public function addmail()
{
$ajax = intval($_REQUEST['ajax']);
if (!check_ipop_limit(get_client_ip(), "subscribe#addmail", intval(app_conf("SUBMIT_DELAY")), 0)) {
showErr($GLOBALS['lang']['SUBMIT_TOO_FAST'], $ajax);
}
if (trim($_REQUEST['email']) == '') {
showErr($GLOBALS['lang']['EMAIL_EMPTY_TIP'], $ajax);
}
if (!check_email($_REQUEST['email'])) {
showErr($GLOBALS['lang']['EMAIL_FORMAT_ERROR_TIP'], $ajax);
}
if ($_REQUEST['othercity'] && trim($_REQUEST['othercity']) != '') {
//提交其他城市
$other_city = htmlspecialchars(addslashes($_REQUEST['othercity']));
$other_city_item = $GLOBALS['db']->getRow("select * from " . DB_PREFIX . "deal_city where name = '" . $other_city . "'");
if ($other_city_item) {
$city_id = $other_city_item['id'];
} else {
$new_city['name'] = $other_city;
$new_city['pid'] = $GLOBALS['db']->getOne("select id from " . DB_PREFIX . "deal_city where pid = 0");
$GLOBALS['db']->autoExecute(DB_PREFIX . "deal_city", $new_city);
$city_id = $GLOBALS['db']->insert_id();
}
} elseif (intval($_REQUEST['cityid']) != 0) {
$city_id = intval($_REQUEST['cityid']);
} else {
$city_item = get_current_deal_city();
$city_id = $city_item['id'];
}
$mail_item['mail_address'] = addslashes(trim(htmlspecialchars($_REQUEST['email'])));
$mail_item['city_id'] = $city_id;
$mail_item['is_effect'] = 1;
if ($GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "mail_list where mail_address='" . $mail_item['mail_address'] . "'") == 0) {
//没有订阅过
$GLOBALS['db']->autoExecute(DB_PREFIX . "mail_list", $mail_item);
}
showSuccess($GLOBALS['lang']['SUBSCRIBE_SUCCESS'], $ajax);
}
function formregister($forms)
{
global $DB;
$obj = new xajaxResponse();
$blad = false;
$form = $forms['register'];
$obj->script("removeClassid('id_name','alerts');");
$obj->assign("id_name_alerts", "innerHTML", "");
$obj->script("removeClassid('id_zip','alerts');");
$obj->assign("id_zip_alerts", "innerHTML", "");
$obj->script("removeClassid('id_url','alerts');");
$obj->assign("id_url_alerts", "innerHTML", "");
$obj->script("removeClassid('id_email','alerts');");
$obj->assign("id_email_alerts", "innerHTML", "");
if (empty($form['name'])) {
$blad = true;
$obj->script("addClassId('id_name','alerts');");
$obj->assign("id_name_alerts", "innerHTML", "Nazwa firmy jest wymagana");
}
if (!empty($form['zip']) && !check_zip($form['zip'])) {
$blad = true;
$obj->script("addClassId('id_zip','alerts');");
$obj->assign("id_zip_alerts", "innerHTML", "Błędnie wprowadzono kod pocztowy");
}
if (!empty($form['email']) && !check_email($form['email'])) {
$blad = true;
// $obj->script("addClassId('id_email','alerts');");
$obj->assign("id_email_alerts", "innerHTML", "Błędnie wprowadzono adres skrzynki pocztowej");
} elseif (!empty($form['newsletter']) && empty($form['email'])) {
$blad = true;
// $obj->script("addClassId('id_email','alerts');");
$obj->assign("id_email_alerts", "innerHTML", "Proszę wprowadzić adres skrzynki pocztowej");
}
if (!$blad) {
$obj->assign("id_info", "innerHTML", "<br>Proszę czekać, dane są przesyłane<br>");
$obj->script("xajax_sendregister(xajax.getFormValues('register'));");
}
return $obj;
}
function shout($ajax = 0)
{
global $db, $maxshout, $lshouttext, $lshoutnick, $shout_max_zeichen, $userid, $chkMe;
$qry = db("SELECT * FROM " . $db['shout'] . "\n ORDER BY id DESC LIMIT " . $maxshout . "");
$i = 1;
while ($get = _fetch($qry)) {
$class = $color % 2 ? "navShoutContentFirst" : "navShoutContentSecond";
$color++;
if (permission("shoutbox")) {
$delete = '<a href="../shout/?action=admin&do=delete&id=' . $get['id'] . '" onclick="return(DZCP.del(\'' . _confirm_del_shout . '\'))"><img src="../inc/images/delete_small.gif" title="' . _button_title_del . '" alt="' . _button_title_del . '" /></a>';
} else {
$delete = "";
}
$is_num = preg_match("#\\d#", $get['email']);
if ($is_num && !check_email($get['email'])) {
$nick = autor($get['email'], "navShout");
} else {
$nick = '<a class="navShout" href="mailto:' . eMailAddr($get['email']) . '" title="' . $get['nick'] . '">' . cut($get['nick'], $lshoutnick) . '</a>';
}
$show .= show("menu/shout_part", array("nick" => $nick, "datum" => date("j.m.Y H:i", $get['datum']) . _uhr, "text" => bbcode(wrap(re($get['text']), $lshouttext)), "class" => $class, "del" => $delete));
$i++;
}
if (settings('reg_shout') == 1 && $chkMe == 'unlogged') {
$dis = ' style="text-align:center;cursor:wait" disabled="disabled"';
$dis1 = ' style="cursor:wait;color:#888" disabled="disabled"';
$only4reg = _shout_must_reg;
} else {
if ($chkMe == "unlogged") {
$form = show("menu/shout_form", array("dis" => $dis));
$sec = show("menu/shout_antispam", array("help" => _login_secure_help, "dis" => $dis));
} else {
$form = autor($userid, "navShout");
}
}
$add = show("menu/shout_add", array("form" => $form, "t_zeichen" => _zeichen, "noch" => _noch, "dis1" => $dis1, "dis" => $dis, "only4reg" => $only4reg, "security" => $sec, "zeichen" => $shout_max_zeichen));
$shout = show("menu/shout", array("shout" => $show, "shoutbox" => _shoutbox_head, "archiv" => _shoutbox_archiv, "add" => $add));
return empty($ajax) ? '<table class="navContent" cellspacing="0">' . $shout . '</table>' : $show;
}
private function analyseEmails()
{
$params = services::getService('pageParams');
if ($params->getParam('emails')) {
$one_at_least = false;
// seperate them
$emails = explode(',', $params->getParam('emails'));
foreach ($emails as $email) {
$email = trim($email, " \t\n\r");
if (check_email($email)) {
$this->emails[] = $email;
$one_at_least = true;
}
}
// prove them
if ($one_at_least) {
return true;
} else {
return false;
}
} else {
return false;
}
}
<?php
$id = intval($_SESSION['user']['id']);
$user = fetch_assoc(query("SELECT `id`, `login`, `jmeno`, `prijmeni`, `nick`, `email`, `password` FROM `uzivatel` WHERE `id`='{$id}'"));
$smarty->assign("user", $user);
if ($_POST['edit']) {
if ($_POST['email'] != '' and check_email($_POST['email'])) {
$err['info'][] = "Email má nesprávný formát.";
}
if ($err) {
$smarty->assign("err", $err);
} else {
$inp[] = "`email`='" . addslashes($_POST['email']) . "'";
if (query("UPDATE `uzivatel` SET " . implode(",", $inp) . " WHERE `id`='{$id}'")) {
go($setup['adm']['www'] . "profil/nastaveni.html?msgOk=info");
}
}
}
if ($_POST['change_pass']) {
$oldPass = sha1($id . $_POST['password_old']);
$newPass = $_POST['password'];
if ($oldPass != $user['password'] and $user['password'] != '') {
$err['pass'][] = "Špatné původní heslo.";
}
if (!$newPass) {
$err['pass'][] = "Není vyplněno heslo.";
}
if ($newPass != $_POST['password_again']) {
$err['pass'][] = "Hesla se neshodují.";
}
if (strlen($newPass) < "4") {
protected function validate_new_id()
{
if ($this->id == '') {
$this->errormsg[$this->id_field] = Config::lang('pCreate_mailbox_username_text_error1');
return false;
}
$email_check = check_email($this->id);
if ($email_check != '') {
$this->errormsg[$this->id_field] = $email_check;
return false;
}
list(, $domain) = explode('@', $this->id);
if (!$this->create_allowed($domain)) {
$this->errormsg[] = Config::lang('pCreate_mailbox_username_text_error3');
return false;
}
# check if an alias with this name already exists - if yes, don't allow to create the mailbox
$handler = new AliasHandler(1);
$handler->calledBy('MailboxHandler');
# make sure mailbox creation still works if the alias limit for the domain is hit
if (!$handler->init($this->id)) {
# TODO: keep original error message from AliasHandler
$this->errormsg[] = Config::lang('email_address_already_exists');
return false;
}
return true;
# still here? good!
}
