/**
* Display user name with a link to users profile
*
* - user - User - We create link for this User
* - short - boolean - Use short display name
*
* @param array $params
* @param Smarty $smarty
* @return string
*/
function smarty_function_user_link($params, &$smarty)
{
static $cache = array();
$user = array_var($params, 'user');
$short = array_var($params, 'short', false);
// User instance
if (instance_of($user, 'User')) {
if (!isset($cache[$user->getId()])) {
//BOF:mod 20121030
/*
//EOF:mod 20121030
$cache[$user->getId()] = '<a href="' . $user->getViewUrl() . '" class="user_link">' . clean($user->getDisplayName($short)) . '</a>';
//BOF:mod 20121030
*/
$cache[$user->getId()] = '<a href="' . $user->getViewUrl() . '" class="user_link">' . clean($user->getDisplayName()) . '</a>';
//EOF:mod 20121030
}
// if
return $cache[$user->getId()];
// AnonymousUser instance
} elseif (instance_of($user, 'AnonymousUser') && trim($user->getName()) && is_valid_email($user->getEmail())) {
return '<a href="mailto:' . $user->getEmail() . '" class="anonymous_user_link">' . clean($user->getName()) . '</a>';
// Unknown user
} else {
return '<span class="unknow_user_link unknown_object_link">' . clean(lang('Unknown user')) . '</span>';
}
// if
}
/**
* Authenticate user
*
* Returns TRUE on success or error message on failure
*
* @param string $email
* @param string $password
* @return boolean
*/
function authenticate($email, $password)
{
if (empty($email) || trim($password) == '') {
return 'Email address and password values are required';
}
// if
if (!is_valid_email($email)) {
return 'Invalid email address format';
}
// if
$user = $this->db->execute_one('SELECT role_id, password FROM ' . TABLE_PREFIX . 'users WHERE email = ?', array($email));
if (is_array($user)) {
if (!$this->checkUserPassword($password, $user['password'])) {
return 'Invalid password';
}
// if
} else {
return "Invalid email address. User does not exist";
}
// if
if (!$user['role_id']) {
return 'Authenticated user is not administrator';
}
// if
// Check administration access
if ($this->isUserAdministrator($user['role_id'])) {
return true;
} else {
return 'Authenticated user is not administrator';
}
// if
}
function get_email($query_result)
{
$possible_emails = array();
$valid_emails = array();
if (!empty($query_result[0]["mail"][0])) {
$valid_emails[] = $query_result[0]["mail"][0];
}
if (is_array($query_result[0]["proxyaddresses"])) {
foreach ($query_result[0]["proxyaddresses"] as $key => $val) {
if (is_numeric($key)) {
$email = strtolower($val);
if (substr($email, 0, 5) == "smtp:") {
$possible_emails[] = substr($email, 5);
} else {
$possible_emails[] = $email;
}
}
}
}
foreach ($possible_emails as $key => $val) {
if (is_valid_email($val) && !in_array($val, $valid_emails)) {
$valid_emails[] = $val;
}
}
return $valid_emails;
}
function smarty_function_mtcommentauthorlink($args, &$ctx)
{
$mt = MT::get_instance();
$comment = $ctx->stash('comment');
$name = $comment->comment_author;
if (!$name && isset($args['default_name'])) {
$name = $args['default_name'];
}
$name or $name = $mt->translate("Anonymous");
require_once "MTUtil.php";
$name = encode_html($name);
$email = $comment->comment_email;
$url = $comment->comment_url;
if (isset($args['show_email'])) {
$show_email = $args['show_email'];
} else {
$show_email = 0;
}
if (isset($args['show_url'])) {
$show_url = $args['show_url'];
} else {
$show_url = 1;
}
$target = isset($args['new_window']) && $args['new_window'] ? ' target="_blank"' : '';
_comment_follow($args, $ctx);
$cmntr = $ctx->stash('commenter');
if (!isset($cmntr) && isset($comment->comment_commenter_id)) {
$cmntr = $comment->commenter();
}
if ($cmntr) {
$name = isset($cmntr->author_nickname) ? encode_html($cmntr->author_nickname) : $name;
if ($cmntr->author_url) {
return sprintf('<a title="%s" href="%s"%s>%s</a>', encode_html($cmntr->author_url), encode_html($cmntr->author_url), $target, $name);
}
return $name;
} elseif ($show_url && $url) {
require_once "function.mtcgipath.php";
$cgi_path = smarty_function_mtcgipath($args, $ctx);
$comment_script = $ctx->mt->config('CommentScript');
$name = strip_tags($name);
$url = encode_html(strip_tags($url));
if ($comment->comment_id && (!isset($args['no_redirect']) || isset($args['no_redirect']) && !$args['no_redirect']) && (!isset($args['nofollowfy']) || isset($args['nofollowfy']) && !$args['nofollowfy'])) {
return sprintf('<a title="%s" href="%s%s?__mode=red;id=%d"%s>%s</a>', $url, $cgi_path, $comment_script, $comment->comment_id, $target, $name);
} else {
return sprintf('<a title="%s" href="%s"%s>%s</a>', $url, $url, $target, $name);
}
} elseif ($show_email && $email && is_valid_email($email)) {
$email = encode_html(strip_tags($email));
$str = 'mailto:' . $email;
if ($args['spam_protect']) {
$str = spam_protect($str);
}
return sprintf('<a href="%s">%s</a>', $str, $name);
}
return $name;
}
/**
* Test Mailer
*
* @param void
* @return null
*/
function test_email()
{
$email_data = $this->request->post('email');
if (!is_array($email_data)) {
$email_data = array('recipient' => $this->logged_user->getEmail(), 'subject' => lang('activeCollab - test email'), 'message' => lang("<p>Hi,</p>\n\n<p>Purpose of this message is to test whether activeCollab can send emails or not</p>"));
}
// if
$this->smarty->assign('email_data', $email_data);
if ($this->request->isSubmitted()) {
$errors = new ValidationErrors();
$subject = trim(array_var($email_data, 'subject'));
$message = trim(array_var($email_data, 'message'));
$recipient = trim(array_var($email_data, 'recipient'));
if ($subject == '') {
$errors->addError(lang('Message subject is required'), 'subject');
}
// if
if ($message == '') {
$errors->addError(lang('Message body is required'), 'message');
}
// if
if (is_valid_email($recipient)) {
$recipient_name = null;
$recipient_email = $recipient;
} else {
if (($pos = strpos($recipient, '<')) !== false && str_ends_with($recipient, '>')) {
$recipient_name = trim(substr($recipient, 0, $pos));
$recipient_email = trim(substr($recipient, $pos + 1, strlen($recipient) - $pos - 2));
if (!is_valid_email($recipient_email)) {
$errors->addError(lang('Invalid email address'), 'recipient');
}
// if
} else {
$errors->addError(lang('Invalid recipient'), 'recipient');
}
// if
}
// if
if ($errors->hasErrors()) {
$this->smarty->assign('errors', $errors);
$this->render();
}
// if
$mailer =& ApplicationMailer::mailer();
$email_message = new Swift_Message($subject, $message, 'text/html', EMAIL_ENCODING, EMAIL_CHARSET);
if ($mailer->send($email_message, new Swift_Address($recipient_email, $recipient_name), $this->logged_user->getEmail())) {
flash_success('Test email has been sent, check your inbox');
} else {
flash_error('Failed to send out test email');
}
// if
$this->redirectTo('admin_tools_test_email');
}
// if
}
function send_email($email, $subject, $texte, $from = "", $headers = "")
{
global $hebergeur, $queue_mails, $flag_wordwrap, $os_serveur;
include_lcm('inc_filters');
if (!$from) {
$email_envoi = read_meta("email_sender");
$from = is_valid_email($email_envoi) ? $email_envoi : $email;
}
if (!is_valid_email($email)) {
return false;
}
lcm_debug("mail ({$email}): {$subject}");
$charset = read_meta('charset');
$headers = "From: {$from}\n" . "MIME-Version: 1.0\n" . "Content-Type: text/plain; charset={$charset}\n" . "Content-Transfer-Encoding: 8bit\n{$headers}";
$texte = filtrer_entites($texte);
$subject = filtrer_entites($subject);
// fignoler ce qui peut l'etre...
if ($charset != 'utf-8') {
$texte = str_replace("’", "'", $texte);
$subject = str_replace("’", "'", $subject);
}
// encoder le sujet si possible selon la RFC
if ($GLOBALS['flag_multibyte'] and @mb_internal_encoding($charset)) {
$subject = mb_encode_mimeheader($subject, $charset, 'Q');
}
if ($flag_wordwrap) {
$texte = wordwrap($texte);
}
if ($os_serveur == 'windows') {
$texte = preg_replace("/\r*\n/", "\r\n", $texte);
$headers = preg_replace("/\r*\n/", "\r\n", $headers);
}
switch ($hebergeur) {
case 'lycos':
$queue_mails[] = array('email' => $email, 'sujet' => $subject, 'texte' => $texte, 'headers' => $headers);
return true;
case 'free':
return false;
case 'online':
if (!($ret = @email('webmaster', $email, $subject, $texte))) {
lcm_log("ERROR mail: (online) returned false");
}
return $ret;
default:
if (!($ret = @mail($email, $subject, $texte, $headers))) {
lcm_log("ERROR mail: (default) returned false");
}
return $ret;
}
}
/**
* Validate the submission data by ensure required data exists and is in the
* desired format.
*
* @param $data - data array to validate based on expectations
* @return bool - whether or not the data validated
*/
function validate_submission_data($data)
{
// name must not be empty
if (empty($data['name'])) {
return false;
}
// email must not be empty, nor invalid
if (empty($data['email']) || !is_valid_email($data['email'])) {
return false;
}
// comment must not be empty
if (empty($data['comment'])) {
return false;
}
return true;
}
public function get_user_by_email($email, $force_refresh = FALSE, $return_id = FALSE)
{
if (!$this->id) {
return FALSE;
}
if (!is_valid_email($email)) {
return FALSE;
}
$uid = FALSE;
$r = $this->db2->query('SELECT iduser FROM users WHERE email="' . $this->db2->escape($email) . '" LIMIT 1', FALSE);
if ($o = $this->db2->fetch_object($r)) {
$uid = intval($o->iduser);
return $return_id ? $uid : $this->get_user_by_id($uid);
}
return FALSE;
}
/**
* Handle fatal error
*
* @param Error $error
* @return null
*/
function handle_fatal_error($error)
{
if (DEBUG >= DEBUG_DEVELOPMENT) {
dump_error($error);
} else {
if (instance_of($error, 'RoutingError') || instance_of($error, 'RouteNotDefinedError')) {
header("HTTP/1.1 404 Not Found");
print '<h1>Not Found</h1>';
if (instance_of($error, 'RoutingError')) {
print '<p>Page "<em>' . clean($error->getRequestString()) . '</em>" not found.</p>';
} else {
print '<p>Route "<em>' . clean($error->getRouteName()) . '</em>" not mapped.</p>';
}
// if
print '<p><a href="' . assemble_url('homepage') . '">« Back to homepage</a></p>';
die;
}
// if
// Send email to administrator
if (defined('ADMIN_EMAIL') && is_valid_email(ADMIN_EMAIL)) {
$content = '<p>Hi,</p><p>activeCollab setup at ' . clean(ROOT_URL) . ' experienced fatal error. Info:</p>';
ob_start();
dump_error($error, false);
$content .= ob_get_clean();
@mail(ADMIN_EMAIL, 'activeCollab Crash Report', $content, "Content-Type: text/html; charset=utf-8");
}
// if
// log...
if (defined('ENVIRONMENT_PATH') && class_exists('Logger')) {
$logger =& Logger::instance();
$logger->logToFile(ENVIRONMENT_PATH . '/logs/' . date('Y-m-d') . '.txt');
}
// if
}
// if
$error_message = '<div style="text-align: left; background: white; color: red; padding: 7px 15px; border: 1px solid red; font: 12px Verdana; font-weight: normal;">';
$error_message .= '<p>Fatal error: activeCollab has failed to executed your request (reason: ' . clean(get_class($error)) . '). Information about this error has been logged and sent to administrator.</p>';
if (is_valid_url(ROOT_URL)) {
$error_message .= '<p><a href="' . ROOT_URL . '">« Back to homepage</a></p>';
}
// if
$error_message .= '</div>';
print $error_message;
die;
}
function parseText($input)
{
$email = array();
$invalid_email = array();
$input = ereg_replace("[^-A-Za-z._0-9@ ]", " ", $input);
$token = trim(strtok($input, " "));
while ($token !== "") {
if (strpos($token, "@") !== false) {
$token = ereg_replace("[^-A-Za-z._0-9@]", "", $token);
if (is_valid_email($email) !== true) {
$email[] = strtolower($token);
} else {
$invalid_email[] = strtolower($token);
}
}
$token = trim(strtok(" "));
}
$email = array_unique($email);
$invalid_email = array_unique($invalid_email);
// return array("valid_email"=>$email, "invalid_email" => $invalid_email);
return array("valid_email" => $email);
}
public function get_user_by_email($email, $force_refresh = FALSE, $return_id = FALSE)
{
if (!$this->id) {
return FALSE;
}
if (!is_valid_email($email)) {
return FALSE;
}
$cachekey = 'n:' . $this->id . 'usermail:' . strtolower($email);
$uid = $this->cache->get($cachekey);
if (FALSE != $uid && TRUE != $force_refresh) {
return $return_id ? $uid : $this->get_user_by_id($uid);
}
$uid = FALSE;
$r = $this->db->query('SELECT id FROM sk_user WHERE email="' . $this->db->e($email) . '" AND active=1 LIMIT 1', FALSE);
if ($o = $this->db->fetch_object($r)) {
$uid = intval($o->id);
$this->cache->set($cachekey, $uid, $BLOBALS['C']->CACHE_EXPIRE);
return $return_id ? $uid : $this->get_user_by_id($uid);
}
$this->cache->del($cachekey);
return FALSE;
}
public function validate(&$data, $nonce_name)
{
global $_wt_options;
$is_valid = parent::validate($data, $nonce_name);
if ($is_valid) {
$is_valid = true;
if (empty($data["comment_content"])) {
$is_valid = false;
$this->add_db_result("comment_content", "required", "Content is missing");
}
if (empty($data["comment_author"])) {
$is_valid = false;
$this->add_db_result("comment_author", "required", "Author is missing");
}
if (!empty($data["comment_event_id"]) && $data["comment_event_id"] == 0) {
$is_valid = false;
$this->add_db_result("comment_event_id", "required", "Comment event id is missing");
}
if (!empty($data["comment_author_email"]) && !is_valid_email($data["comment_author_email"])) {
$is_valid = false;
$this->add_db_result("comment_author_email", "field", "Email in not valid");
}
if (isset($data["recaptcha_challenge_field"]) && isset($data["recaptcha_response_field"])) {
require_once WT_PLUGIN_PATH . 'recaptcha/recaptchalib.php';
$private_key = (string) $_wt_options->options("captcha_private_key");
if (!empty($private_key)) {
$resp = recaptcha_check_answer($private_key, $_SERVER["REMOTE_ADDR"], $data["recaptcha_challenge_field"], $data["recaptcha_response_field"]);
$is_valid = $resp->is_valid;
$this->add_db_result("comment_captcha", "field", "The reCAPTCHA wasn't entered correctly. Go back and try it again.");
}
}
if (!$is_valid) {
$this->db_result("error", null, array("data" => $this->db_response_msg));
}
}
return $is_valid;
}
function author_save_new()
{
require_privs('admin.edit');
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$privs = assert_int($privs);
$length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name);
if ($name and $length <= 64 and is_valid_email($email)) {
$exists = safe_field('name', 'txp_users', "name = '" . $name . "'");
if ($exists) {
author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
return;
}
$password = generate_password(PASSWORD_LENGTH);
$hash = doSlash(txp_hash_password($password));
$nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
$rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = '******'\n\t\t\t");
if ($rs) {
send_password($RealName, $name, $email, $password);
author_list(gTxt('password_sent_to') . sp . $email);
return;
}
}
author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}
case 'text/csv':
case 'text/x-csv':
case 'application/x-csv':
case 'application/csv':
case 'text/comma-separated-values':
case 'application/octet-stream':
$_userInfo['csv'] = csvFileToArray($_FILES['cvsfile']['tmp_name'], $_userInfo['delimeter']);
if (is_array($_userInfo['csv'])) {
$_userInfo['nonImported'] = array();
$c = 1;
$_userInfo['csvTime'] = time();
foreach ($_userInfo['csv'] as $row) {
if (!isset($row[1])) {
$row[1] = '';
}
if (!empty($row[0]) && is_valid_email($row[0])) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address (";
$sql .= "address_email, address_name, address_key, address_subscription, address_verified, address_tstamp) VALUES (";
$sql .= "'" . aporeplace($row[0]) . "', ";
$sql .= "'" . aporeplace($row[1]) . "', ";
$sql .= "'" . aporeplace(shortHash($row[0] . time())) . "', ";
$sql .= "'" . ($_userInfo['subscribe_all'] ? '' : aporeplace(serialize($_userInfo['subscribe_select']))) . "', ";
$sql .= $_userInfo['subscribe_active'] . ", FROM_UNIXTIME(" . $_userInfo['csvTime'] . ") )";
$sql = _dbQuery($sql, 'INSERT');
if (empty($sql['INSERT_ID'])) {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1] . ' (' . mysql_error() . ')';
}
} else {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1];
}
$c++;
function shouldEnterFirstMessage()
{
global $captcha;
$chatimmediatly = verify_param('chatimmediately', "/^\\d{1}\$/", '') == 1;
if ($chatimmediatly) {
return false;
}
if (!isset($_REQUEST['submitted'])) {
displayStartChat();
return true;
} else {
$TML = new SmartyClass();
setupStartChat($TML);
$_SESSION['webim_uname'] = $visitor_name = getSecureText($_REQUEST['visitorname']);
$_SESSION['webim_email'] = $email = getSecureText($_REQUEST['email']);
$_SESSION['webim_phone'] = $phone = getSecureText($_REQUEST['phone']);
$message = getSecureText($_REQUEST['message']);
$captcha_num = getSecureText($_REQUEST['captcha']);
$has_errors = false;
if (!$captcha->checkNumber($captcha_num)) {
$TML->assign('errorcaptcha', true);
$has_errors = true;
} elseif (empty($visitor_name) && Visitor::getInstance()->canVisitorChangeName()) {
$TML->assign('errorname', true);
$has_errors = true;
} elseif (!is_valid_name($visitor_name) && Visitor::getInstance()->canVisitorChangeName()) {
$TML->assign('errornameformat', true);
$has_errors = true;
} elseif (empty($message)) {
$TML->assign('errormessage', true);
$has_errors = true;
} else {
if (!is_valid_email($email) && !intval($_SESSION['uid'])) {
$TML->assign('erroremailformat', true);
$has_errors = true;
}
}
$captcha->setNumber();
if ($has_errors) {
$TML->assign('visitorname', $visitor_name);
$TML->assign('email', $email);
$TML->assign('phone', $phone);
$TML->assign('captcha_num', '');
$TML->display('start-chat.tpl');
return true;
}
return false;
}
}
function author_save_new()
{
require_privs('admin.edit');
extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
$privs = assert_int($privs);
if ($name && is_valid_email($email)) {
$password = doSlash(generate_password(6));
$nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
$rs = safe_insert('txp_users', "\n\t\t\t\tprivs = {$privs},\n\t\t\t\tname = '{$name}',\n\t\t\t\temail = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce = '{$nonce}',\n\t\t\t\tpass = password(lower('{$password}'))\n\t\t\t");
if ($rs) {
send_password($RealName, $name, $email, $password);
admin(gTxt('password_sent_to') . sp . $email);
return;
}
}
admin(gTxt('error_adding_new_author'));
}
$addresses = array_map('trim', $addresses);
for ($i = 0; $i < count($addresses); ++$i) {
$octets = explode('.', $addresses[$i]);
for ($c = 0; $c < count($octets); ++$c) {
$octets[$c] = strlen($octets[$c]) > 1 ? ltrim($octets[$c], "0") : $octets[$c];
if ($c > 3 || preg_match('/[^0-9]/', $octets[$c]) || intval($octets[$c]) > 255) {
message('You entered an invalid IP/IP-range.');
}
}
$cur_address = implode('.', $octets);
$addresses[$i] = $cur_address;
}
$ban_ip = implode(' ', $addresses);
}
require PUN_ROOT . 'include/email.php';
if ($ban_email != '' && !is_valid_email($ban_email)) {
if (!preg_match('/^[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})$/', $ban_email)) {
message('The e-mail address (e.g. user@domain.com) or partial e-mail address domain (e.g. domain.com) you entered is invalid.');
}
}
if ($ban_expire != '' && $ban_expire != 'Never') {
$ban_expire = strtotime($ban_expire);
if ($ban_expire == -1 || $ban_expire <= time()) {
message('You entered an invalid expire date. The format should be YYYY-MM-DD and the date must be at least one day in the future.');
}
} else {
$ban_expire = 'NULL';
}
$ban_user = $ban_user != '' ? '\'' . $db->escape($ban_user) . '\'' : 'NULL';
$ban_ip = $ban_ip != '' ? '\'' . $db->escape($ban_ip) . '\'' : 'NULL';
$ban_email = $ban_email != '' ? '\'' . $db->escape($ban_email) . '\'' : 'NULL';
$email = $aDko[$dept]['email'];
}
$TML = new SmartyClass();
$TML->assignCompanyInfoAndTheme();
$has_errors = false;
if ($mode != 'cons' && empty($email)) {
$TML->assign('erroremail', true);
$has_errors = true;
} elseif ($mode != 'cons' && !is_valid_email($email)) {
$TML->assign('erroremailformat', true);
$has_errors = true;
}
if ($mode == 'cons' && empty($email_from)) {
$TML->assign('erroremail_from', true);
$has_errors = true;
} elseif ($mode == 'cons' && !is_valid_email($email_from)) {
$TML->assign('erroremailformat_from', true);
$has_errors = true;
}
if ($has_errors) {
$TML->assign('threadid', $_REQUEST['threadid']);
$TML->assign('token', $_REQUEST['token']);
$TML->assign('level', $_REQUEST['level']);
if ($mode != 'cons') {
$TML->display('send-history.tpl');
} else {
// отделы службы поддержки free-lance ---
$aDetps = array();
foreach ($aDkoOrder as $nOrder) {
$aDetps[] = array('value' => $nOrder, 'title' => $aDko[$nOrder]['option']);
}
function createTxp()
{
$GLOBALS['textarray'] = setup_load_lang(ps('lang'));
if (!is_valid_email(ps('email'))) {
exit(graf(gTxt('email_required')));
}
require txpath . '/config.php';
$ddb = $txpcfg['db'];
$duser = $txpcfg['user'];
$dpass = $txpcfg['pass'];
$dhost = $txpcfg['host'];
$dprefix = $txpcfg['table_prefix'];
$dbcharset = $txpcfg['dbcharset'];
$siteurl = str_replace("http://", '', ps('siteurl'));
$siteurl = rtrim($siteurl, "/");
define("PFX", trim($dprefix));
define('TXP_INSTALL', 1);
include_once txpath . '/lib/txplib_update.php';
include txpath . '/setup/txpsql.php';
// This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
extract(doSlash(psa(array('name', 'pass', 'RealName', 'email'))));
$nonce = md5(uniqid(rand(), true));
mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
echo fbCreate();
}
$cpdata = array('acontent_aid' => $result['INSERT_ID'], 'acontent_uid' => $feedimport_result['cnt_object']['author_id'], 'acontent_created' => date('Y-m-d H:i:s', now()), 'acontent_tstamp' => date('Y-m-d H:i:s', now()), 'acontent_title' => '', 'acontent_subtitle' => '', 'acontent_text' => '', 'acontent_html' => '', 'acontent_sorting' => 100, 'acontent_visible' => 1, 'acontent_before' => '', 'acontent_after' => '', 'acontent_top' => 0, 'acontent_block' => 'CONTENT', 'acontent_anchor' => 0, 'acontent_module' => '', 'acontent_comment' => $article_title, 'acontent_paginate_page' => 0, 'acontent_paginate_title' => '', 'acontent_granted' => 0, 'acontent_tab' => '', 'acontent_image' => '', 'acontent_files' => '', 'acontent_redirect' => '', 'acontent_alink' => '', 'acontent_template' => '', 'acontent_spacer' => '', 'acontent_category' => '', 'acontent_lang' => '', 'acontent_alink' => '', 'acontent_redirect' => '', 'acontent_form' => '', 'acontent_media' => '', 'acontent_newsletter' => '');
// CP WYSIWYG HTML
if (preg_match('/<[^<]+>/', $article_content) || preg_match('/&[A-Za-z]+|#x[\\dA-Fa-f]+|#\\d+;/', $article_content)) {
$cpdata['acontent_type'] = 14;
$cpdata['acontent_html'] = $article_content;
} else {
$cpdata['acontent_type'] = 0;
$cpdata['acontent_text'] = $article_content;
}
// Inset CP Data
$insert = _dbInsert('phpwcms_articlecontent', $cpdata);
if (!isset($insert['INSERT_ID'])) {
dumpVar(mysql_error());
}
}
$feedimport_result['status'][] = date('Y-m-d, H:i:s', $article_begin) . LF . $article_title . LF . $rssvalue->get_permalink() . LF . PHPWCMS_URL . 'phpwcms.php?do=articles&p=2&s=1&id=' . $result['INSERT_ID'];
$data = array('cref_type' => 'feed_to_article_import', 'cref_rid' => $result['INSERT_ID'], 'cref_str' => 'feedimport_' . $article_unique_hash);
_dbInsert('phpwcms_crossreference', $data);
$article_sort_counter = $article_sort_counter + 10;
}
}
// check if status email should be sent
if (!empty($feedimport_result['cnt_object']['import_status_email']) && is_valid_email($feedimport_result['cnt_object']['import_status_email'])) {
$feedimport_result['status'] = implode(LF . LF, $feedimport_result['status']);
sendEmail(array('recipient' => $feedimport_result['cnt_object']['import_status_email'], 'subject' => 'Import Status: ' . $feedimport_result['cnt_name'], 'isHTML' => 0, 'text' => $feedimport_result['status'], 'fromName' => 'Feed Importer'));
}
}
}
// we quit here
exit;
}
function txpMail($to_address, $subject, $body, $reply_to = null)
{
global $txp_user, $prefs;
// if mailing isn't possible, don't even try
if (is_disabled('mail')) {
return false;
}
// Likely sending passwords
if (isset($txp_user)) {
extract(safe_row('RealName, email', 'txp_users', "name = '" . doSlash($txp_user) . "'"));
} else {
extract(safe_row('RealName, email', 'txp_users', "email = '" . doSlash($to_address) . "'"));
}
if ($prefs['override_emailcharset'] and is_callable('utf8_decode')) {
$charset = 'ISO-8859-1';
$RealName = utf8_decode($RealName);
$subject = utf8_decode($subject);
$body = utf8_decode($body);
} else {
$charset = 'UTF-8';
}
$RealName = encode_mailheader(strip_rn($RealName), 'phrase');
$subject = encode_mailheader(strip_rn($subject), 'text');
$email = strip_rn($email);
if (!is_null($reply_to)) {
$reply_to = strip_rn($reply_to);
}
$sep = !IS_WIN ? "\n" : "\r\n";
$body = str_replace("\r\n", "\n", $body);
$body = str_replace("\r", "\n", $body);
$body = str_replace("\n", $sep, $body);
$headers = "From: {$RealName} <{$email}>" . $sep . 'Reply-To: ' . (isset($reply_to) ? $reply_to : "{$RealName} <{$email}>") . $sep . 'X-Mailer: Textpattern' . $sep . 'Content-Transfer-Encoding: 8bit' . $sep . 'Content-Type: text/plain; charset="' . $charset . '"' . $sep;
if (is_valid_email($prefs['smtp_from'])) {
if (IS_WIN) {
ini_set('sendmail_from', $prefs['smtp_from']);
} elseif (!ini_get('safe_mode')) {
return mail($to_address, $subject, $body, $headers, '-f' . $prefs['smtp_from']);
}
}
return mail($to_address, $subject, $body, $headers);
}
/**
* Set email value
*
* @param string $value
* @return null
* @throws InvalidParamError
*/
function setEmail($value)
{
if (!is_null($value) && !is_valid_email($value)) {
throw new InvalidParamError('value', $value, "{$value} is not a valid email address");
}
// if
$this->email = $value;
}
$errors[] = no_field("form.field.agent_name");
}
if (!$commonname) {
$errors[] = no_field("form.field.agent_commonname");
}
if (!$login) {
$errors[] = no_field("form.field.login");
} else {
if (!preg_match("/^[\\w_\\.]+\$/", $login)) {
$errors[] = getlocal("page_agent.error.wrong_login");
}
}
if ($email != '' && !is_valid_email($email)) {
$errors[] = wrong_field("form.field.mail");
}
if ($jabber != '' && !is_valid_email($jabber)) {
$errors[] = wrong_field("form.field.jabber");
}
if ($jabbernotify && $jabber == '') {
if ($settings['enablejabber'] == "1") {
$errors[] = no_field("form.field.jabber");
} else {
$jabbernotify = false;
}
}
if (!$opId && !$password) {
$errors[] = no_field("form.field.password");
}
if ($password != $passwordConfirm) {
$errors[] = getlocal("my_settings.error.password_match");
}
if (!empty($errors)) {
message($errors[0]);
}
$username_updated = true;
}
}
// We only allow administrators to update the post count
if ($pun_user['g_id'] == PUN_ADMIN) {
$form['num_posts'] = intval($_POST['num_posts']);
}
}
if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod']) {
require PUN_ROOT . 'include/email.php';
// Validate the email address
$form['email'] = strtolower(trim($_POST['req_email']));
if (!is_valid_email($form['email'])) {
message($lang_common['Invalid email']);
}
}
break;
case 'personal':
$form = array('realname' => pun_trim($_POST['form']['realname']), 'url' => pun_trim($_POST['form']['url']), 'location' => pun_trim($_POST['form']['location']));
// Add http:// if the URL doesn't contain it already (while allowing https://, too)
if ($form['url'] != '' && !preg_match('#^https?://#i', $form['url'])) {
$form['url'] = 'http://' . $form['url'];
}
if ($pun_user['g_id'] == PUN_ADMIN) {
$form['title'] = pun_trim($_POST['title']);
} else {
if ($pun_user['g_set_title'] == '1') {
$form['title'] = pun_trim($_POST['title']);
/**
* Verifies that an email address is valid
*
* @param string Email address
*
* @return boolean
*/
function verify_email(&$email)
{
return is_valid_email($email);
}
$p_inscription = $_POST['submit-inscription'];
if ($p_inscription) {
$erreur = array();
// nettoyage
$inscription = clean($_POST["inscription"]);
$honeypot = clean($_POST["Honeypot"]);
// honey pot
if ($honeypot != "") {
die("dégage spammeur de l'enfer");
}
// validation
function is_valid_email($inscription)
{
return filter_var($inscription, FILTER_VALIDATE_EMAIL);
}
if (is_valid_email($inscription) == false) {
$erreur["inscription"] = "Oups, ce mail n'est pas valide";
}
if ($inscription == "") {
$erreur["inscription"] = "Oups, tu as oublier d'indiquer ton mail";
}
// insertion
if (empty($erreur)) {
//Vérification de doublons
$sql = 'SELECT * FROM list WHERE mail = :mail';
$preparedStatement = $connexion->prepare($sql);
$preparedStatement->bindValue(':mail', $inscription);
$preparedStatement->execute();
if ($preparedStatement->fetch()) {
$erreur['already'] = "Oups, ce mail est déjà inscrit dans notre base de donnée";
} else {
} else {
$password1 = pun_trim($_POST['req_password1']);
$password2 = pun_trim($_POST['req_password2']);
}
// Validate username and passwords
check_username($username);
if (pun_strlen($password1) < 4) {
$errors[] = $lang->t('Pass too short');
} else {
if ($password1 != $password2) {
$errors[] = $lang->t('Pass not match');
}
}
// Validate email
require PUN_ROOT . 'include/email.php';
if (!is_valid_email($email1)) {
$errors[] = $lang->t('Invalid email');
} else {
if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2) {
$errors[] = $lang->t('Email not match');
}
}
// Check if it's a banned email address
if (is_banned_email($email1)) {
if ($pun_config['p_allow_banned_email'] == '0') {
$errors[] = $lang->t('Banned email');
}
$banned_email = true;
// Used later when we send an alert email
} else {
$banned_email = false;
if (@$_GET['aksi'] == "recommend") {
$seftitle = text_filter(cleanText($_GET['seftitle']));
$id = text_filter(cleanText($_GET['id']));
$tengah .= '<div class="right_post">Kirim Artikel Ke Teman</div>';
$data = mysql_fetch_array(mysql_query("SELECT judul FROM artikel WHERE id='{$id}' AND publikasi=1"));
$judul_artikel = $data['judul'];
$tengah .= '<div class="left_message"><p>Anda ing memberitahu teman Anda tentang artikel ini yang berjudul : <b>' . $judul_artikel . '</b></p></div>';
if (isset($_POST['submit'])) {
$yemail = text_filter($_POST['yemail']);
$femail = text_filter($_POST['femail']);
$pesan = text_filter($_POST['pesan']);
$error = '';
if (!is_valid_email($yemail)) {
$error .= "your email invalid, Please use the standard format (admin@domain.com)<br />";
}
if (!is_valid_email($femail)) {
$error .= "Friend email invalid, Please use the standard format (admin@domain.com)<br />";
}
$yname = text_filter($_POST['yname']);
$fname = text_filter($_POST['fname']);
if (!$fname) {
$error .= "Error: Please enter your Frind's Name!<br />";
}
if (!$yname) {
$error .= "Error: Please enter your Name!<br />";
}
$gfx_check = intval($_POST['gfx_check']);
if ($_POST['gfx_check'] != $_SESSION['Var_session'] or !isset($_SESSION['Var_session'])) {
$error .= "Error: Security Code Invalid <br />";
}
if ($error) {
function customer_update($event, $step)
{
global $txp_user, $vars, $txpcfg, $prefs;
extract($prefs);
extract(doSlash($_REQUEST));
$RealName = $billing_firstname . " " . $billing_lastname;
$user_id = assert_int($user_id);
if (!isset($shipping_same_as_billing)) {
$shipping_same_as_billing = 0;
} else {
$shipping_same_as_billing = 1;
}
if (!function_exists("generate_password")) {
require_once txpath . '/include/txp_admin.php';
}
if (!function_exists("is_valid_email")) {
require_once txpath . '/lib/txplib_misc.php';
}
if ($name && is_valid_email($email)) {
$password = doSlash(generate_password(6));
$nonce = doSlash(md5(uniqid(rand(), true)));
$rs = safe_update('txp_users', "\r\n\t\t\t\tprivs\t\t = 0,\r\n\t\t\t\tname\t\t = '{$name}',\r\n\t\t\t\temail\t\t = '{$email}',\r\n\t\t\t\tRealName = '{$RealName}',\r\n\t\t\t\tbilling_company = '{$billing_company}',\r\n\t\t\t\tbilling_address1 = '{$billing_address1}',\r\n\t\t\t\tbilling_address2 = '{$billing_address2}',\r\n\t\t\t\tbilling_city = '{$billing_city}',\r\n\t\t\t\tbilling_state = '{$billing_state}',\r\n\t\t\t\tbilling_zip = '{$billing_zip}',\r\n\t\t\t\tbilling_country = '{$billing_country}',\r\n\t\t\t\tbilling_fax = '{$billing_fax}',\r\n\t\t\t\tbilling_phone = '{$billing_phone}',\r\n\t\t\t\tshipping_same_as_billing = {$shipping_same_as_billing},\r\n\t\t\t\tshipping_company = '{$shipping_company}',\r\n\t\t\t\tshipping_address1 = '{$shipping_address1}',\r\n\t\t\t\tshipping_address2 = '{$shipping_address2}',\r\n\t\t\t\tshipping_city = '{$shipping_city}',\r\n\t\t\t\tshipping_state = '{$shipping_state}',\r\n\t\t\t\tshipping_zip = '{$shipping_zip}',\r\n\t\t\t\tshipping_country = '{$shipping_country}',\r\n\t\t\t\tshipping_fax = '{$shipping_fax}',\r\n\t\t\t\tshipping_phone = '{$shipping_phone}',\r\n\t\t\t\tshipping_firstname = '{$shipping_firstname}',\r\n\t\t\t\tshipping_lastname = '{$shipping_lastname}',\r\n\t\t\t\tbilling_firstname = '{$billing_firstname}',\r\n\t\t\t\tbilling_lastname = '{$billing_lastname}'", "user_id = {$user_id}");
if ($rs) {
customers_list('', '', "customer updated");
} else {
customers_list("There was an error trying to update customer");
}
}
}
function createTxp()
{
$GLOBALS['textarray'] = setup_load_lang($_SESSION['lang']);
$_SESSION['name'] = ps('name');
$_SESSION['realname'] = ps('RealName');
$_SESSION['pass'] = ps('pass');
$_SESSION['email'] = ps('email');
$_SESSION['theme'] = ps('theme');
if ($_SESSION['name'] == '') {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>';
exit;
}
if (!$_SESSION['pass']) {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>';
exit;
}
if (!is_valid_email($_SESSION['email'])) {
echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button(__FUNCTION__) . n . '</div>' . n . '</div>';
exit;
}
global $txpcfg;
if (!isset($txpcfg['db'])) {
if (!is_readable(txpath . '/config.php')) {
$problems[] = graf('<span class="error">' . setup_gTxt('config_php_not_found', array('{file}' => txpspecialchars(txpath . '/config.php')), 'raw') . '</span>');
} else {
@(include txpath . '/config.php');
}
}
if (!isset($txpcfg) || $txpcfg['db'] != $_SESSION['ddb'] || $txpcfg['table_prefix'] != $_SESSION['dprefix']) {
$problems[] = graf('<span class="error">' . setup_gTxt('config_php_does_not_match_input', 'raw') . '</span>');
echo txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . join(n, $problems) . n . setup_config_contents() . n . '</div>' . n . '</div>';
exit;
}
$ddb = $txpcfg['db'];
$duser = $txpcfg['user'];
$dpass = $txpcfg['pass'];
$dhost = $txpcfg['host'];
$dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0;
$dprefix = $txpcfg['table_prefix'];
$dbcharset = $txpcfg['dbcharset'];
$siteurl = str_replace("http://", '', $_SESSION['siteurl']);
$siteurl = str_replace(' ', '%20', rtrim($siteurl, "/"));
$urlpath = preg_replace('#^[^/]+#', '', $siteurl);
define("PFX", trim($dprefix));
define('TXP_INSTALL', 1);
include_once txpath . '/lib/txplib_update.php';
include txpath . '/setup/txpsql.php';
$nonce = md5(uniqid(rand(), true));
$hash = doSlash(txp_hash_password($_SESSION['pass']));
mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,\n\t\t\t'" . doSlash($_SESSION['name']) . "',\n\t\t\t'{$hash}',\n\t\t\t'" . doSlash($_SESSION['realname']) . "',\n\t\t\t'" . doSlash($_SESSION['email']) . "',\n\t\t\t1,\n\t\t\tnow(),\n\t\t\t'{$nonce}')");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1");
// cf. update/_to_4.2.0.php.
// TODO: Position might need altering when prefs panel layout is altered
$theme = $_SESSION['theme'] ? $_SESSION['theme'] : 'classic';
mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'");
echo fbCreate();
}
