if (!$_SESSION['do_check'] || md5(getIp() . strtolower($string)) == $user_check) {
$sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver`";
$sql .= " WHERE Login = '******' AND Contact ='" . $contact . "'";
$data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
if ($data['Count'] > 0) {
if ($data[0]['Activated'] == 'YES') {
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_caver`";
$sql .= " SET Password ='******'";
$sql .= " WHERE Id = " . $data[0]['Id'];
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
if (!defined('NO_PHPBB_INSTALLED')) {
chgPwdphpBBuser($login, $password);
}
sendNewPwdMail($data[0], $password);
//echo $password;
trackAction("pwd_user", $data[0]['Id'], "T_caver");
$_SESSION['user_pwd_sent'] = true;
} else {
$activated = false;
$_SESSION['user_pwd_sent'] = false;
}
} else {
$_SESSION['user_pwd_sent'] = false;
$_SESSION['send_retry'] += 1;
}
} else {
$_SESSION['user_pwd_sent'] = false;
$_SESSION['send_retry'] += 1;
}
} else {
$_SESSION['send_retry'] = 1;
}
}
if (allowAccess(caver_delete_himself)) {
//Delete an account :
if (isset($_POST['delete_user'])) {
$password = isset($_POST['d_caver_password']) ? $_POST['d_caver_password'] : '';
$key = isset($_POST['d_key']) ? $_POST['d_key'] : '';
$password = crypt_xor(stripslashes($password), $key);
$login = isset($_POST['d_caver_login']) ? $_POST['d_caver_login'] : '';
$sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_caver` ";
$sql .= "WHERE `Id` = " . $_SESSION['user_id'] . " ";
$sql .= "AND `Password` = '" . getCryptedPwd($login, $password) . "' ";
$sql .= "AND `Login` = '" . $login . "'";
$data = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
if ($data['Count'] > 0) {
trackAction("delete_user", $_SESSION['user_id'], "T_caver");
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_caver` ";
$sql .= "WHERE `Id` = " . $_SESSION['user_id'];
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_caver` ";
$sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_grotto_caver` ";
$sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_caver_group` ";
$sql .= "WHERE `Id_caver` = " . $_SESSION['user_id'];
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$delete_failed = false;
} else {
$delete_failed = true;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$nid = $req['mysql_insert_id'];
trackAction("insert_massif", $nid, "T_massif");
} else {
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_massif` ";
$sql .= " SET ";
$sql .= "Locked = 'NO', ";
$sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
$sql .= "Name = " . returnDefault($name, 'text') . ", ";
$sql .= "Date_reviewed = Now() ";
$sql .= "WHERE Id = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` ";
$sql .= "WHERE `Id_massif` = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
trackAction("edit_massif", $id, "T_massif");
}
if ($list != "") {
if ($isNew == "True") {
$onid = $nid;
} else {
$onid = $id;
}
$arrList = explode("|", $list);
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES ";
foreach ($arrList as $value) {
$linked_id = explode($regForCat, $value);
$sql .= "(" . $onid . ", " . $linked_id[0] . ", " . $linked_id[1] . "), ";
}
$sql = substr($sql, 0, strlen($sql) - 2);
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql .= "Id_president = " . returnDefault($president, 'id') . ", ";
$sql .= "Id_vice_president = " . returnDefault($vice_pres, 'id') . ", ";
$sql .= "Id_treasurer = " . returnDefault($treasurer, 'id') . ", ";
$sql .= "Id_secretary = " . returnDefault($secretary, 'id') . ", ";
$sql .= "Latitude = " . returnDefault($latitude, 'latlng') . ", ";
$sql .= "Longitude = " . returnDefault($longitude, 'latlng') . ", ";
$sql .= "Custom_message = " . returnDefault($custom_message, 'text') . " ";
$sql .= "WHERE Id = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_grotto_entry` ";
$sql .= "WHERE `Id_grotto` = " . $id;
$status = "edit_grotto";
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$nid = $id;
}
trackAction($status, $nid, "T_grotto");
if ($list != "") {
if ($isNew == "True") {
$onid = $nid;
} else {
$onid = $id;
}
$arrList = split('[|]+', $list);
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_grotto_entry` (`Id_grotto`, `Id_entry`) VALUES ";
foreach ($arrList as $value) {
$sql .= "(" . $onid . ", " . $value . "), ";
}
$sql = substr($sql, 0, strlen($sql) - 2);
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
}
$save_failed = false;
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` WHERE Id_entry = " . $onid;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
}
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_massif_cave` WHERE Id_massif = '" . $old_massif_id . "' AND Id_entry = " . $onid;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
if ($isMassifed == "YES" && !($isNetworked == "YES" && $isNewNetwork != "YES")) {
if ($isNewMassif == "YES") {
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_massif` ";
$sql .= "(`Id_author`, `Name`, `Date_inscription`)";
$sql .= " VALUES (";
$sql .= $_SESSION['user_id'] . ", ";
$sql .= returnDefault($massif_name, 'text') . ", ";
$sql .= "Now()) ";
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$massif_id = $req['mysql_insert_id'];
trackAction("insert_massif", $massif_id, "T_massif");
}
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_massif_cave` (`Id_massif`, `Id_cave`, `Id_entry`) VALUES (";
$sql .= returnDefault($massif_id, 'text') . ", ";
if ($isNetworked == "YES" && $isNewNetwork == "YES") {
$sql .= returnDefault($cave_id, 'text') . ", ";
$sql .= "0) ";
} else {
$sql .= "0, ";
$sql .= returnDefault($onid, 'text') . ") ";
}
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
}
if ($isNew == "True") {
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`T_single_entry` ";
//$sql .= "(`Id`, `Min_depth`, `Max_depth`, `Length`, `Is_diving`, `Temperature`)";
$sql .= returnDefault($caving, 'float') . ", ";
$sql .= returnDefault($approach, 'float') . ", ";
$sql .= returnDefault($id_answered, 'id') . ", ";
$sql .= returnDefault($alert_me, 'checkbox') . ", ";
}
if ($ncat == "comment" || $ncat == "location" || $ncat == "bibliography" || $ncat == "history") {
$sql .= returnDefault($id, 'id') . ", ";
}
$sql .= "'NO', ";
$sql .= $_SESSION['user_id'] . ", ";
$sql .= "Now() ";
$sql .= ") ";
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$nid = $req['mysql_insert_id'];
//Tracker
trackAction("insert_" . $ncat, $nid, "T_" . $ncat);
//Update the entry contribution flag
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_entry` ";
$sql .= "SET Has_contributions = 'YES' ";
$sql .= "WHERE Id = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
//Send an e-mail to the answered person
if ($id_answered != "" && $ncat == "comment") {
$get_answered_sql = "SELECT * FROM `" . $_SESSION['Application_host'] . "`.`T_comment` WHERE Id = " . $id_answered;
$answered_array = getDataFromSQL($get_answered_sql, __FILE__, $frame, __FUNCTION__);
if ($answered_array[0]["Alert"] == "YES") {
alertForCommentReply($id_answered, $nid, $category, $id);
}
}
if ($ncat == "rigging" || $ncat == "description") {
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_" . $ncat . "` (Id_entry, Id_" . $ncat . ") VALUES ( ";
$sql .= returnDefault($_SESSION['Application_url'] . '/upload/attachments/' . $attachment_file, 'text') . ") ";
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$file_id = $req['mysql_insert_id'];
trackAction("insert_file", $file_id, "T_file");
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_author_file` ";
$sql .= "(Id_author, Id_file) VALUES (";
$sql .= returnDefault($uploaded_author_id, 'id') . ", ";
$sql .= returnDefault($file_id, 'id') . ") ";
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
}
} elseif (isset($_GET['deleted']) && $_GET['deleted'] == "true") {
$file_id = isset($_GET['file_id']) ? $_GET['file_id'] : '';
if ($file_id != "") {
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_author_file` WHERE Id_file = " . $file_id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
trackAction("delete_file", $file_id, "T_file");
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`T_file` WHERE Id = " . $file_id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
}
}
}
}
$sql = "SELECT DISTINCT T_file.Id AS File_id, T_file.Path, T_author.Id, T_author.Validated, T_topography.Id_author, T_status.Name AS Status_name ";
$sql .= "FROM `" . $_SESSION['Application_host'] . "`.`T_request` ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_topography` ON T_request.Id = T_topography.Id_request ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_status` ON T_status.Id = T_request.Id_status ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_topo_author` ON J_topo_author.Id_topography = T_topography.Id ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_author` ON T_author.Id = J_topo_author.Id_author ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`J_author_file` ON J_author_file.Id_author = T_author.Id ";
$sql .= "LEFT OUTER JOIN `" . $_SESSION['Application_host'] . "`.`T_file` ON T_file.Id = J_author_file.Id_file ";
$sql .= "WHERE T_topography.Id = " . $topo_id;
function sendRequestMail($request_id)
{
if ($request_id != "") {
$request_sql = "SELECT T_label." . $_SESSION['language'] . " AS Status, T_status.Name AS Status_name, T_request.Name, ";
$request_sql .= "T_caver_a.Contact AS Aut_contact, T_caver_a.Nickname AS Aut_nick, ";
$request_sql .= "T_caver_b.Contact AS Rec_contact, T_caver_b.Nickname AS Rec_nick ";
$request_sql .= "FROM `" . $_SESSION['Application_host'] . "`.`T_topography` ";
$request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_request` ON T_request.Id = T_topography.Id_request ";
$request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_status` ON T_status.Id = T_request.Id_status ";
$request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_label` ON T_label.Id = T_status.Id_label ";
$request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_caver` T_caver_a ON T_caver_a.Id = T_request.Id_author ";
$request_sql .= "INNER JOIN `" . $_SESSION['Application_host'] . "`.`T_caver` T_caver_b ON T_caver_b.Id = T_request.Id_recipient ";
$request_sql .= "WHERE T_request.Id = '" . $request_id . "' ";
$request_data = getDataFromSQL($request_sql, __FILE__, "function", __FUNCTION__);
$status_lbl = $request_data[0]['Status'];
$request_name = $request_data[0]['Name'];
$status_name = $request_data[0]['Status_name'];
$rec_contact = $request_data[0]['Rec_contact'];
$rec_name = $request_data[0]['Rec_nick'];
$aut_contact = $request_data[0]['Aut_contact'];
$aut_name = $request_data[0]['Aut_nick'];
$copy = false;
switch ($status_name) {
case "submitted":
$mail_dest = $rec_contact;
$name_dest = $rec_name;
$mail_from = $aut_contact;
$name_from = $aut_name;
$subject = "<convert>#label=847<convert> '" . $request_name . "' <convert>#label=849<convert>.";
//La demande : //vous a été envoyée
$temp_body = "<convert>#label=851<convert>";
//Veuillez vérifier les droits d'auteurs et appliquer les modifications nécessaires à la topographie. Ensuite vous pourez choisir de valider ou refuser la demande.
break;
case "rejected":
$mail_dest = $aut_contact;
$name_dest = $aut_name;
$mail_from = $rec_contact;
$name_from = $rec_name;
$subject = "<convert>#label=846<convert> '" . $request_name . "' <convert>#label=848<convert> '" . $status_lbl . "'.";
//Votre demande : //est passée à l'état :
$temp_body = "<convert>#label=852<convert>";
//Votre demande a été rejetée, la cause du rejet peut être indiquée dans le champ commentaire de la demande. Veuillez modifier votre demande avant de la soumettre à nouveau.
break;
case "approved":
trackAction("approve_request", $request_id, "T_request");
$mail_dest = $aut_contact;
$name_dest = $aut_name;
$mail_from = $rec_contact;
$name_from = $rec_name;
$subject = "<convert>#label=846<convert> '" . $request_name . "' <convert>#label=848<convert> '" . $status_lbl . "'.";
//Votre demande : //est passée à l'état :
$temp_body = "<convert>#label=853<convert>";
//Votre demande a été accepté et est dès à présent en ligne, vous pouvez consulter les topographies sur GrottoCenter.org.
break;
case "canceled":
trackAction("cancel_request", $request_id, "T_request");
$mail_dest = $rec_contact;
$name_dest = $rec_name;
$mail_from = $aut_contact;
$name_from = $aut_name;
$subject = "<convert>#label=847<convert> '" . $request_name . "' <convert>#label=850<convert>.";
//La demande : //a été signalée comme illicite
$temp_body = "<convert>#label=851<convert>";
//Veuillez vérifier les droits d'auteurs et appliquer les modifications nécessaires à la topographie. Ensuite vous pourez choisir de valider ou refuser la demande.
break;
}
$mail_body = "<p><convert>#label=470<convert> " . $name_dest . ",<br />";
//Bonjour
$mail_body .= $subject . "<br/>";
$mail_body .= $temp_body . "</p>";
$mail_body .= "<ul><li><convert>#label=854<convert> " . $name_dest . " " . $mail_dest . "</li>";
//Vous :
$mail_body .= "<li><convert>#label=855<convert> " . $name_from . " " . $mail_from . "</li>";
//Votre contact (Leader) :
$mail_body .= "<li><convert>#label=861<convert>: " . $request_id . "</li></ul>";
//Numéro de la demande :
$mail_body .= getSignature();
return sendMail($mail_dest, $subject, $mail_body, "", "", $copy);
} else {
return false;
}
}
trackAction("insert_url", $nid, "T_url");
} else {
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_url` ";
$sql .= " SET ";
$sql .= "Locked = 'NO', ";
$sql .= "Id_reviewer = " . $_SESSION['user_id'] . ", ";
$sql .= "Name = " . returnDefault($name, 'text') . ", ";
$sql .= "Url = " . returnDefault($link, 'url') . ", ";
$sql .= "Comments = " . returnDefault($comments, 'text') . ", ";
$sql .= "Date_reviewed = Now() ";
$sql .= "WHERE Id = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$sql = "DELETE FROM `" . $_SESSION['Application_host'] . "`.`J_entry_url` ";
$sql .= "WHERE `Id_url` = " . $id;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
trackAction("edit_url", $id, "T_url");
}
if ($isNew == "True") {
$onid = $nid;
} else {
$onid = $id;
}
if ($list != "") {
$arrList = split('[|]+', $list);
//Establish the relationship between entries and this url
$sql = "INSERT INTO `" . $_SESSION['Application_host'] . "`.`J_entry_url` (`Id_url`, `Id_entry`) VALUES ";
foreach ($arrList as $value) {
$sql .= "(" . $onid . ", " . $value . "), ";
}
$sql = substr($sql, 0, strlen($sql) - 2);
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$subject .= "; Category: " . $category;
}
if ($bad_name != "") {
$subject .= "; Id: " . $bad_name;
}
sendMessageToWM($admin_id, $contact, $real_mail, $name, $subject, nl2br($body));
if ($category == 'topography' && $bad_name != '') {
$sql = "SELECT Id FROM T_status WHERE Name = 'canceled'";
$status_id = getDataFromSQL($sql, __FILE__, $frame, __FUNCTION__);
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_topography` SET Enabled = 'NO' WHERE Id_request = " . $bad_name;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
$user_login = $_SESSION['user_login'] == '' ? "guest" : $_SESSION['user_login'];
$date_stamp = '---- <convert>#label=230<convert>: ' . $user_login . ' ' . date("Y-m-d H:i:s") . ' ----';
$sql = "UPDATE `" . $_SESSION['Application_host'] . "`.`T_request` SET Id_status = " . returnDefault($status_id[0]['Id'], 'id') . ", Comments = " . returnDefault($date_stamp . "\n" . $body, 'text') . " WHERE Id = " . $bad_name;
$req = execSQL($sql, $frame, __FILE__, __FUNCTION__);
trackAction("edit_request", $bad_name, "T_request");
sendRequestMail($bad_name);
}
$send_failed = false;
}
}
function formIsValid()
{
$string = isset($_POST['m_check']) ? $_POST['m_check'] : '';
$check = True;
$check = $check && (md5(getIp() . strtolower($string)) == $_SESSION['userCheck'] || USER_IS_CONNECTED);
return $check;
}
if (!USER_IS_CONNECTED) {
deleteImage();
}