/**
* gets (or creates) the captcha encryption key
*
* @return string
*/
function getCaptchaKey()
{
$key = getOption('zenphoto_captcha_key');
if (empty($key)) {
$admins = getAdministrators();
if (count($admins) > 0) {
$admin = array_shift($admins);
$key = $admin['pass'];
} else {
$key = 'No admin set';
}
$key = md5('zenphoto' . $key . 'captcha key');
setOption('zenphoto_captcha_key', $key);
}
return $key;
}
function contactformOptions()
{
setOptionDefault('contactform_introtext', '<p>Fields with <strong>*</strong> are required. HTML or any other code is not allowed. A copy of your e-mail will automatically be sent to the address you provided for your own records.</p>');
setOptionDefault('contactform_confirmtext', '<p>Please confirm that you really want to send this email. Thanks.</p>');
setOptionDefault('contactform_thankstext', '<p>Thanks for your message. A copy has been sent to your provided e-mail adress for your own records.</p>');
setOptionDefault('contactform_title', "show");
setOptionDefault('contactform_name', "required");
setOptionDefault('contactform_company', "show");
setOptionDefault('contactform_street', "show");
setOptionDefault('contactform_city', "show");
setOptionDefault('contactform_country', "show");
setOptionDefault('contactform_email', "required");
setOptionDefault('contactform_website', "show");
setOptionDefault('contactform_phone', "show");
setOptionDefault('contactform_captcha', 0);
setOptionDefault('contactform_subject', "required");
setOptionDefault('contactform_message', "required");
$admins = getAdministrators();
$admin = array_shift($admins);
$adminname = $admin['user'];
$adminemail = $admin['email'];
setOptionDefault('contactform_mailaddress', $adminemail);
}
}
}
if (isset($_POST['register_user'])) {
$pass = trim($_POST['adminpass']);
$user = trim($_POST['adminuser']);
$admin_n = trim($_POST['admin_name']);
$admin_e = trim($_POST['admin_email']);
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim($_POST['adminpass_2'])) {
if (empty($pass)) {
$pwd = null;
} else {
$pwd = passwordHash($_POST['adminuser'], $pass);
}
$notify = '';
$currentadmins = getAdministrators();
foreach ($currentadmins as $admin) {
if ($admin['user'] == $user) {
$notify = 'exists';
break;
}
}
if (!is_valid_email_zp($admin_e)) {
$notify = 'invalidemail';
}
if (empty($notify)) {
saveAdmin($user, $pwd, $admin_n, $admin_e, 0, NULL);
$link = FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
$message = sprintf(gettext('You have received this email because you registered on the site. To complete your registration visit %s.'), $link);
$headers = "From: " . get_language_string(getOption('gallery_title'), getOption('locale')) . "<zenphoto@" . $_SERVER['SERVER_NAME'] . ">";
$_zp_UTF8->send_mail($admin_e, gettext('Registration confirmation'), $message, $headers);
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}
//är den closed kan man inte välja ASSIGNED
echo "<option value=\"" . $i . "\">" . $todo_item_status[$i];
}
}
}
}
echo "</select> <input type=\"submit\" value=\"Change\">";
echo "</td></form></tr>";
echo "<tr><td>Assigned to: </td>";
echo "<form name=\"assignto\" method=\"post\" action=\"" . $_SERVER["PHP_SELF"] . "?id=" . $itemId . "\">";
echo "<td>";
if (!$item["assignedTo"]) {
if ($item["itemStatus"] != TODO_ITEM_CLOSED) {
echo "Nobody, assign to ";
echo "<select name=\"assignto\">";
$adminlist = getAdministrators($db);
for ($i = 0; $i < count($adminlist); $i++) {
echo "<option value=\"" . $adminlist[$i]["userId"] . "\">" . $adminlist[$i]["userName"];
}
echo "</select> <input type=\"submit\" value=\"Assign\">";
} else {
echo "Nobody";
}
} else {
echo "<a href=\"show_user.php?id=" . $item["assignedTo"] . "\">" . getUserName($db, $item["assignedTo"]) . "</a>";
if ($item["assignedTo"] == $_SESSION["userId"]) {
echo ", <a href=\"" . $_SERVER["PHP_SELF"] . "?id=" . $itemId . "&unassign=1\">unassign</a>";
} else {
echo ", only he can unassign himself.";
}
}
?>
<div id="container">
<?php
if (isset($_GET['saved'])) {
echo '<div class="messagebox" id="fade-message">';
echo "<h2>" . gettext("Saved") . "</h2>";
echo '</div>';
}
printSubtabs($tabs);
if ($subtab == 'admin') {
?>
<div id="tab_admin" class="box" style="padding: 15px;">
<?php
if ($_zp_loggedin & ADMIN_RIGHTS) {
$alterrights = '';
$admins = getAdministrators();
if (!$_zp_null_account || count($admins) == 0) {
$admins[''] = array('id' => -1, 'user' => '', 'pass' => '', 'name' => '', 'email' => '', 'rights' => ALL_RIGHTS ^ ALL_ALBUMS_RIGHTS);
}
} else {
$alterrights = ' DISABLED';
global $_zp_current_admin;
$admins = array($_zp_current_admin['user'] => $_zp_current_admin);
echo "<input type=\"hidden\" name=\"alter_enabled\" value=\"no\" />";
}
if (isset($_GET['mismatch'])) {
if ($_GET['mismatch'] == 'mismatch') {
$msg = gettext('You must supply a password');
} else {
$msg = gettext('Your passwords did not match');
}
$v = sanitize($conf[$option], 2);
}
if (!isset($v) || empty($v)) {
$v = $default;
}
setOptionDefault($option, $v);
}
require dirname(__FILE__) . '/zp-config.php';
setOption('zenphoto_release', ZENPHOTO_RELEASE);
//clear out old admin user and cleartext password
unset($_zp_conf_vars['adminuser']);
unset($_zp_conf_vars['adminpass']);
$admin = getOption('adminuser');
if (!empty($admin)) {
// transfer the old credentials and then remove them
if (count(getAdministrators()) == 0) {
// don't revert anything!
$pass = getOption('adminpass');
$string = preg_replace("/[^a-f0-9]/", "", $pass);
if (strlen($pass) == 32 && $pass == $string) {
// best guess it that it is a md5 pasword, not cleartext
saveAdmin($admin, $pass, getOption('admin_name'), getOption('admin_email'), ALL_RIGHTS, array());
}
}
$sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="adminuser"';
query($sql);
$sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="adminpass"';
query($sql);
$sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="admin_name"';
query($sql);
$sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="admin_email"';
/**
* Returns the email addresses of the Admin with ADMIN_USERS rights
*
* @param bit $rights what kind of admins to retrieve
* @return array
*/
function getAdminEmail($rights = ADMIN_RIGHTS)
{
$emails = array();
$admins = getAdministrators();
$user = array_shift($admins);
if (!empty($user['email'])) {
$emails[] = $user['email'];
}
foreach ($admins as $user) {
if ($user['rights'] & $rights && !empty($user['email'])) {
$emails[] = $user['email'];
}
}
return $emails;
}
