function update_user_comment_guestbook($comment, $post_key) { global $conf; $comment_action = 'validate'; if (!verify_ephemeral_key($post_key)) { $comment_action = 'reject'; } else { if (!$conf['guestbook']['comments_validation'] or is_admin()) { $comment_action = 'validate'; } else { $comment_action = 'moderate'; } } if ($comment_action != 'reject') { $user_where_clause = ''; if (!is_admin()) { $user_where_clause = ' AND author_id = \'' . $GLOBALS['user']['id'] . '\''; } $query = ' UPDATE ' . GUESTBOOK_TABLE . ' SET content = \'' . $comment['content'] . '\', validated = \'' . ($comment_action == 'validate' ? 'true' : 'false') . '\', validation_date = ' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . ' WHERE id = ' . $comment['comment_id'] . $user_where_clause . ' ;'; $result = pwg_query($query); // mail admin and ask to validate the comment if ($result and $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $comment_url = add_url_params(GUESTBOOK_URL, array('comment_id' => $comm['id'])); $keyargs_content = array(get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username'])), get_l10n_args('Comment: %s', stripslashes($comment['content'])), get_l10n_args('', ''), get_l10n_args('Manage this user comment: %s', $comment_url), get_l10n_args('', ''), get_l10n_args('(!) This comment requires validation', '')); pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username'])), $keyargs_content); } } return $comment_action; }
/** * Tries to update a user comment * only admin can update all comments * users can edit their own comments if admin allow them * * @param array $comment * @param string $post_key secret key sent back to the browser * @return string validate, moderate, reject */ function update_user_comment($comment, $post_key) { global $conf, $page; $comment_action = 'validate'; if (!verify_ephemeral_key($post_key, $comment['image_id'])) { $comment_action = 'reject'; } elseif (!$conf['comments_validation'] or is_admin()) { $comment_action = 'validate'; //one of validate, moderate, reject } else { $comment_action = 'moderate'; //one of validate, moderate, reject } // perform more spam check $comment_action = trigger_change('user_comment_check', $comment_action, array_merge($comment, array('author' => $GLOBALS['user']['username']))); // website if (!empty($comment['website_url'])) { $comm['website_url'] = strip_tags($comm['website_url']); if (!preg_match('/^https?/i', $comment['website_url'])) { $comment['website_url'] = 'http://' . $comment['website_url']; } if (!url_check_format($comment['website_url'])) { $page['errors'][] = l10n('Your website URL is invalid'); $comment_action = 'reject'; } } if ($comment_action != 'reject') { $user_where_clause = ''; if (!is_admin()) { $user_where_clause = ' AND author_id = \'' . $GLOBALS['user']['id'] . '\''; } $query = ' UPDATE ' . COMMENTS_TABLE . ' SET content = \'' . $comment['content'] . '\', website_url = ' . (!empty($comment['website_url']) ? '\'' . $comment['website_url'] . '\'' : 'NULL') . ', validated = \'' . ($comment_action == 'validate' ? 'true' : 'false') . '\', validation_date = ' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . ' WHERE id = ' . $comment['comment_id'] . $user_where_clause . ' ;'; $result = pwg_query($query); // mail admin and ask to validate the comment if ($result and $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $comment_url = get_absolute_root_url() . 'comments.php?comment_id=' . $comment['comment_id']; $keyargs_content = array(get_l10n_args('Author: %s', stripslashes($GLOBALS['user']['username'])), get_l10n_args('Comment: %s', stripslashes($comment['content'])), get_l10n_args(''), get_l10n_args('Manage this user comment: %s', $comment_url), get_l10n_args('(!) This comment requires validation')); pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($GLOBALS['user']['username'])), $keyargs_content); } elseif ($result) { email_admin('edit', array('author' => $GLOBALS['user']['username'], 'content' => stripslashes($comment['content']))); } } return $comment_action; }
// | USA. | // +-----------------------------------------------------------------------+ //----------------------------------------------------------- include define('PHPWG_ROOT_PATH', './'); include_once PHPWG_ROOT_PATH . 'include/common.inc.php'; // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | // +-----------------------------------------------------------------------+ check_status(ACCESS_FREE); //----------------------------------------------------------- user registration if (!$conf['allow_user_registration']) { page_forbidden('User registration closed'); } trigger_notify('loc_begin_register'); if (isset($_POST['submit'])) { if (!verify_ephemeral_key(@$_POST['key'])) { set_status_header(403); $page['errors'][] = l10n('Invalid/expired form key'); } if (empty($_POST['password'])) { $page['errors'][] = l10n('Password is missing. Please enter the password.'); } else { if (empty($_POST['password_conf'])) { $page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.'); } else { if ($_POST['password'] != $_POST['password_conf']) { $page['errors'][] = l10n('The passwords do not match'); } } } register_user($_POST['login'], $_POST['password'], $_POST['mail_address'], true, $page['errors'], isset($_POST['send_password_by_mail']));
echo json_encode(compact('redirect_to')); header('HTTP/1.1 200 OK'); exit; } else { $template->assign('REDIRECT_TO', $redirect_to); } } else { if (isset($_GET['init_auth'])) { $params = array(); if ($provider == 'OpenID') { $params['openid_identifier'] = $_GET['openid_identifier']; } // try to authenticate $adapter = $hybridauth->authenticate($provider, $params); } else { if (!verify_ephemeral_key(@$_GET['key'])) { throw new Exception('Forbidden', 403); } $template->assign('LOADING', '&openid_identifier=' . @$_GET['openid_identifier'] . '&init_auth=1'); } } } catch (Exception $e) { switch ($e->getCode()) { case 5: $template->assign('ERROR', l10n('Authentication canceled')); break; case 404: $template->assign('ERROR', l10n('User not found')); break; default: $template->assign('ERROR', l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', '<span title="' . $e->getMessage() . '">' . $e->getCode() . '</span>'));