/** * this function shows the email-form */ function _mailForm($MailFromName, $MailFrom, $Message, $Check = false) { $formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection); $formMaker->AddForm('contact_formular', '#', $this->_Translation->GetTranslation('send'), $this->_Translation->GetTranslation('contact'), 'post'); $formMaker->AddHiddenInput('contact_formular', 'page', GetPostOrGet('page')); $formMaker->AddHiddenInput('contact_formular', 'action', 'send'); $formMaker->AddInput('contact_formular', 'contact_mail_from_name', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('please_enter_your_name_here') . ' ' . $this->_Translation->GetTranslation('(required)'), $MailFromName); //Anti-Spam functionality (try to catch bots with a hidden field no (human) user would be able to see it) ;-) $formMaker->AddInput('contact_formular', 'contact_important_name', 'antispam', 'Important Name', 'This is a very important thing!', ''); if ($Check) { $formMaker->AddCheck('contact_formular', 'contact_mail_from_name', 'empty', $this->_Translation->GetTranslation('the_name_must_be_indicated')); } $formMaker->AddInput('contact_formular', 'contact_mail_from', 'text', $this->_Translation->GetTranslation('email'), $this->_Translation->GetTranslation('please_enter_your_email_here') . ' ' . $this->_Translation->GetTranslation('(required)'), $MailFrom); if ($Check) { $formMaker->AddCheck('contact_formular', 'contact_mail_from', 'empty', $this->_Translation->GetTranslation('the_email_must_be_indicated')); } if ($Check && $MailFrom != '') { $formMaker->AddCheck('contact_formular', 'contact_mail_from', 'not_email', $this->_Translation->GetTranslation('this_is_an_invalid_email_address')); } $formMaker->AddInput('contact_formular', 'contact_message', 'textarea', $this->_Translation->GetTranslation('message'), $this->_Translation->GetTranslation('please_enter_here_the_message_you_want_to_send') . ' ' . $this->_Translation->GetTranslation('(required)'), $Message); if ($Check) { $formMaker->AddCheck('contact_formular', 'contact_message', 'empty', $this->_Translation->GetTranslation('please_enter_your_message')); } if ($formMaker->CheckInputs('contact_formular', true) && $Check) { return ''; } $template = "\r\n\t\t\t\t</p>" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, $Check) . '<p>'; return $template; }
/** * Returns a formular to correct all wrong inputs * * @access private * @return string A template for the groupformular */ function _SaveGroup() { // Get external parameters $GroupID = GetPostOrGet('group_id'); $GroupName = GetPostOrGet('group_name'); $GroupDescription = GetPostOrGet('group_description'); // Generate the formular using formmaker $formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection); $formMaker->AddForm('save_group', 'admin.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('group'), 'post'); $formMaker->AddHiddenInput('save_group', 'page', 'groups'); $formMaker->AddHiddenInput('save_group', 'action', 'save_group'); $formMaker->AddHiddenInput('save_group', 'group_id', $GroupID); $formMaker->AddInput('save_group', 'group_name', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('this_is_the_name_of_the_new_group'), $GroupName); $formMaker->AddCheck('save_group', 'group_name', 'empty', $this->_Translation->GetTranslation('a_groupname_must_be_indicated')); $formMaker->AddCheck('save_group', 'group_name', 'allready_assigned', $this->_Translation->GetTranslation('the_groupname_you_indicated_is_already_assigned'), '', 'groups', 'group_name'); $formMaker->AddInput('save_group', 'group_description', 'text', $this->_Translation->GetTranslation('description'), $this->_Translation->GetTranslation('this_is_a_description_of_the_new_group'), $GroupDescription); $formMaker->AddCheck('save_group', 'group_description', 'empty', $this->_Translation->GetTranslation('a_groupdescription_musst_be_indicated')); if ($formMaker->CheckInputs('save_group', true)) { // everything is correct so insert the new gorup into the database $sql = "UPDATE " . DB_PREFIX . "groups\n\t\t\t\t\t\tSET group_name='{$GroupName}', group_description='{$GroupDescription}'\n\t\t\t\t\t\tWHERE group_id='{$GroupID}'"; $this->_SqlConnection->SqlQuery($sql); // Set the user to view the new group and maybee to add some users to it $template = "\r\n\t\t\t\t" . $this->_ViewGroup($GroupID); return $template; } else { // Generate the template to correct the inputs $template = "\r\n\t\t\t\t" . $formMaker->GenerateSingleFormTemplate($this->_ComaLate, true); return $template; } }
/** * Saves a new 'version' of a Menu by it's ID * @access private * @return void */ function _CheckMenu() { // Get external parameters $MenuID = GetPostOrGet('menu_id'); $MenuTitle = GetPostOrGet('menu_title'); $MenuName = GetPostOrGet('menu_name'); // Check external parameter if (is_numeric($MenuID)) { // Get the data of the menu from the database $sql = "SELECT *\n\t\t \t\t\t\tFROM " . DB_PREFIX . "menu\n\t\t \t\t\t\tWHERE menu_id='{$MenuID}'"; $menuResult = $this->_SqlConnection->SqlQuery($sql); $menu = mysql_fetch_object($menuResult); // Initialize the formmaker class $formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), &$this->_SqlConnection); $formMaker->AddForm('check_menu', 'admin.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('new_menu'), 'post'); // Add hiddeninputs to place the backcome of the menu $formMaker->AddHiddenInput('check_menu', 'page', 'menueditor'); $formMaker->AddHiddenInput('check_menu', 'action', 'check_menu'); $formMaker->AddHiddenInput('check_menu', 'menu_id', $MenuID); // Add the inputs to the formmaker $formMaker->AddInput('check_menu', 'menu_title', 'text', $this->_Translation->GetTranslation('menu_title'), $this->_Translation->GetTranslation('type_here_the_title_of_the_menu'), $MenuTitle); $formMaker->AddCheck('check_menu', 'menu_title', 'empty', $this->_Translation->GetTranslation('you_have_to_define_a_menu_title')); $formMaker->AddInput('check_menu', 'menu_name', 'text', $this->_Translation->GetTranslation('menu_name'), $this->_Translation->GetTranslation('type_here_the_name_of_the_menu'), $MenuName); $formMaker->AddCheck('check_menu', 'menu_name', 'empty', $this->_Translation->GetTranslation('you_have_to_define_a_menu_name')); if ($menu->menu_name != $MenuName) { $formMaker->AddCheck('check_menu', 'menu_name', 'already_assigned', $this->_Translation->GetTranslation('this_menu_name_is_already_assigned'), '', 'menu', 'menu_name'); } if ($formMaker->CheckInputs('check_menu', true)) { // Add menu to the database $sql = "UPDATE " . DB_PREFIX . "menu\n\t \t\t\t\t\tSET menu_name='{$MenuName}', menu_title='{$MenuTitle}'\n\t \t\t\t\t\tWHERE menu_id='{$MenuID}'"; $this->_SqlConnection->SqlQuery($sql); // Set user to the HomePage of the usermanager $template = "\r\n\t\t\t\t" . $this->_HomePage(); return $template; } else { // Generate to edit the errors $template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true); return $template; } } }
/** * Checks the inputs of the user and saves them to the database if they are correct * @access private * @return string The template for the correctionspage */ function _CheckProfile() { // Get external parameters $UserID = GetPostOrGet('user_id'); // Check wether the actual logged in user is the same that should be edited if ($UserID == $this->_User->ID) { // Get the values of the editfields $UserShowname = GetPostOrGet('user_showname'); $UserName = GetPostOrGet('user_name'); $UserEmail = GetPostOrGet('user_email'); $UserPassword = GetPostOrGet('user_password'); $UserPasswordRepetition = GetPostOrGet('user_password_repetition'); $UserPreferredLanguage = GetPostOrGet('user_preferred_language'); // Get the missing data of the user $sql = "SELECT user_email\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\n\t\t\t\t\t\tWHERE user_id='{$this->_User->ID}'"; $userResult = $this->_SqlConnection->SqlQuery($sql); $user = mysql_fetch_object($userResult); mysql_free_result($userResult); // Initialize the formmaker class $formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection); $formMaker->AddForm('edit_user', 'special.php', $this->_Translation->GetTranslation('save'), $this->_Translation->GetTranslation('user'), 'post'); $formMaker->AddHiddenInput('edit_user', 'page', 'userinterface'); $formMaker->AddHiddenInput('edit_user', 'action', 'check_profile'); $formMaker->AddHiddenInput('edit_user', 'user_id', $UserID); $formMaker->AddInput('edit_user', 'user_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $UserShowname); $formMaker->AddCheck('edit_user', 'user_showname', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated')); if ($this->_User->Showname != $UserShowname) { $formMaker->AddCheck('edit_user', 'user_showname', 'already_assigned', $this->_Translation->GetTranslation('the_name_is_already_assigned'), '', 'users', 'user_showname'); } $formMaker->AddInput('edit_user', 'user_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $UserName); $formMaker->AddCheck('edit_user', 'user_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated')); if ($this->_User->Name != $UserName) { $formMaker->AddCheck('edit_user', 'user_name', 'already_assigned', $this->_Translation->GetTranslation('the_nickname_is_already_assigned'), '', 'users', 'user_name'); } $formMaker->AddInput('edit_user', 'user_email', 'text', $this->_Translation->GetTranslation('email'), $this->_Translation->GetTranslation('using_the_email_address_the_user_is_contacted_by_the_system'), $UserEmail); $formMaker->AddCheck('edit_user', 'user_email', 'empty', $this->_Translation->GetTranslation('the_email_address_must_be_indicated')); $formMaker->AddCheck('edit_user', 'user_email', 'not_email', $this->_Translation->GetTranslation('this_is_not_a_valid_email_address')); if ($user->user_email != $UserEmail) { $formMaker->AddCheck('edit_user', 'user_email', 'already_assigned', $this->_Translation->GetTranslation('the_email_is_already_assigned_to_another_user'), '', 'users', 'user_email'); } $formMaker->AddInput('edit_user', 'user_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), !empty($UserPassword) ? $UserPassword : ''); $formMaker->AddInput('edit_user', 'user_password_repetition', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), !empty($UserPasswordRepetition) ? $UserPasswordRepetition : ''); if (!empty($UserPassword) || !empty($UserPasswordRepetition)) { $formMaker->AddCheck('edit_user', 'user_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty')); $formMaker->AddCheck('edit_user', 'user_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'user_password_repetition'); $formMaker->AddCheck('edit_user', 'user_password_repetition', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty')); } $formMaker->AddInput('edit_user', 'user_preferred_language', 'select', $this->_Translation->GetTranslation('preferred_language'), $this->_Translation->GetTranslation('this_is_your_preferred_language_of_the_installed_ones')); // Get all languages installed in the system $languageFolder = dir(__ROOT__ . "/lang/"); while ($file = $languageFolder->read()) { // check if the found file is really a language file if ($file != "." && $file != ".." && strpos($file, 'lang_') === 0 && substr($file, -4) == '.php') { // extract the pure language name $file = str_replace('lang_', '', $file); $file = str_replace('.php', '', $file); // Check wether the language is the actual one of the user if ($UserPreferredLanguage == $file) { $selected = true; } else { $selected = false; } // Add the found language to the formmaker class $formMaker->AddSelectEntry('edit_user', 'user_preferred_language', $selected, $file, $this->_Translation->GetTranslation($file)); } } // Get custom fields $sql = "SELECT value.custom_fields_values_value, field.custom_fields_information, field.custom_fields_name, field.custom_fields_title, field.custom_fields_type, field.custom_fields_required\n\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\tOR value.custom_fields_values_userid IS NULL"; $customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql); while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) { // Get external value for that field ${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name); // Add input to the formmaker class $formMaker->AddInput('edit_user', $customFieldsData->custom_fields_name, 'text', $customFieldsData->custom_fields_title, $customFieldsData->custom_fields_information . ($customFieldsData->custom_fields_required == 1 ? ' ' . $this->_Translation->GetTranslation('(required)') : ''), ${$customFieldsData->custom_fields_name}); // Get the type of the field switch ($customFieldsData->custom_fields_type) { case 'EMail': $type = 'not_email'; $text = $this->_Translation->GetTranslation('this_is_not_a_valid_email_address'); break; case 'ICQ': $type = 'not_icq'; $text = $this->_Translation->GetTranslation('this_is_not_a_valid_icq_number'); break; default: $type = ''; $text = ''; break; } // Add necessary checks if ($customFieldsData->custom_fields_required == 1) { // Check wether the field has any value $formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, 'empty', sprintf($this->_Translation->GetTranslation('you_have_to_give_a_value_for_the_field_%field%!'), $customFieldsData->custom_fields_title)); // Check wether the field has the necessary value if (!empty($type) && !empty($text)) { $formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text); } } else { if (!empty(${$customFieldsData->custom_fields_name})) { $formMaker->AddCheck('edit_user', $customFieldsData->custom_fields_name, $type, $text); } } } if ($formMaker->CheckInputs('edit_user', true)) { $user_password = !empty($UserPassword) ? ", user_password='******'" : ''; // Update the user in the database $sql = "UPDATE " . DB_PREFIX . "users\n\t\t\t\t\t\t\tSET user_showname='{$UserShowname}',\n\t\t\t\t\t\t\t\tuser_name='{$UserName}',\n\t\t\t\t\t\t\t\tuser_preferred_language='{$UserPreferredLanguage}',\n\t\t\t\t\t\t\t\tuser_email='{$UserEmail}'{$user_password}\n\t\t\t\t\t\t\tWHERE user_id={$UserID}"; $this->_SqlConnection->SqlQuery($sql); // Get custom fields $sql = "SELECT value.custom_fields_values_value, field.custom_fields_name, value.custom_fields_values_id, field.custom_fields_id, value.custom_fields_values_userid\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "custom_fields field\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "custom_fields_values value\n\t\t\t\t\t\tON field.custom_fields_id = value.custom_fields_values_fieldid)\n\t\t\t\t\t\tWHERE value.custom_fields_values_userid='{$this->_User->ID}'\n\t\t\t\t\t\tOR value.custom_fields_values_userid IS NULL"; $customFieldsDataResult = $this->_SqlConnection->SqlQuery($sql); while ($customFieldsData = mysql_fetch_object($customFieldsDataResult)) { // Get external value for that field ${$customFieldsData->custom_fields_name} = GetPostOrGet($customFieldsData->custom_fields_name); if ($customFieldsData->custom_fields_values_userid != '') { // Update existing entry $sql = "UPDATE " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\tSET custom_fields_values_value='" . ${$customFieldsData->custom_fields_name} . "'\n\t\t\t\t\t\t\t\t\tWHERE custom_fields_values_id='{$customFieldsData->custom_fields_values_id}'"; $this->_SqlConnection->SqlQuery($sql); } else { // Insert a new entry into the database $sql = "INSERT INTO " . DB_PREFIX . "custom_fields_values\n\t\t\t\t\t\t\t\t\t(custom_fields_values_userid, custom_fields_values_fieldid, custom_fields_values_value)\n\t\t\t\t\t\t\t\t\tVALUES ('{$this->_User->ID}', '{$customFieldsData->custom_fields_id}', '" . ${$customFieldsData->custom_fields_name} . "')"; $this->_SqlConnection->SqlQuery($sql); } } // Set user back to userinterface header('Location: special.php?page=userinterface&lang=' . $UserPreferredLanguage); die; } else { // Generate the template $template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true); return $template; } } else { if ($this->_User->IsAdmin) { header('Location: admin.php?page=users&action=edit_user&user_id=' . $UserID); } else { return $this->_Translation->GetTranslation('you_have_no_right_to_edit_the_profile_of_another_user'); } } }
/** * Checks the administrator inputs * @access private * @param string $Language The actual language * @return void Returns the add administrator page or sets the user back to the database settings */ function _CheckAdministrator($Language) { // Get external parameters $Style = GetPostOrGet('style'); $Confirmation = GetPostOrGet('confirmation'); $AdminShowName = GetPostOrGet('admin_showname'); $AdminName = GetPostOrGet('admin_name'); $AdminPassword = GetPostOrGet('admin_password'); $AdminPassword2 = GetPostOrGet('admin_password2'); // Give config variables their default value to prevent PHP Eclipse from warning about a missing variable $d_server = 'localhost'; $d_pre = 'comacms_'; $d_user = '******'; $d_pw = ''; $d_base = 'comacms'; // Is the database realy Initialized or tries someone to skip the databasesettings? if ($Confirmation != 'yes') { header("Location: install.php?page=5&lang={$Language}&style={$Style}&confirmation=yes"); } // Initialize the FormMaker class $formMaker = new FormMaker($this->_Translation->GetTranslation('todo'), $this->_SqlConnection); // Add a new form for the admin registration $formMaker->AddForm('admin_registration', 'install.php', $this->_Translation->GetTranslation('next'), $this->_Translation->GetTranslation('create_administrator'), 'post'); // Add the hidden inputs $formMaker->AddHiddenInput('admin_registration', 'page', '8'); $formMaker->AddHiddenInput('admin_registration', 'lang', $Language); $formMaker->AddHiddenInput('admin_registration', 'style', $Style); $formMaker->AddHiddenInput('admin_registration', 'confirmation', 'yes'); // Add the inputs $formMaker->AddInput('admin_registration', 'admin_showname', 'text', $this->_Translation->GetTranslation('name'), $this->_Translation->GetTranslation('the_name_that_is_displayed_if_the_user_writes_a_news_for_example'), $AdminShowName); $formMaker->AddInput('admin_registration', 'admin_name', 'text', $this->_Translation->GetTranslation('loginname'), $this->_Translation->GetTranslation('with_this_nick_the_user_can_login_so_he_must_not_fill_in_his_long_name'), $AdminName); $formMaker->AddInput('admin_registration', 'admin_password', 'password', $this->_Translation->GetTranslation('password'), $this->_Translation->GetTranslation('with_this_password_the_user_can_login_to_restricted_areas'), $AdminPassword); $formMaker->AddInput('admin_registration', 'admin_password2', 'password', $this->_Translation->GetTranslation('password_repetition'), $this->_Translation->GetTranslation('it_is_guaranteed_by_a_repetition_that_the_user_did_not_mistype_during_the_input'), $AdminPassword2); // Add the checks for the formular $formMaker->AddCheck('admin_registration', 'admin_showname', 'empty', $this->_Translation->GetTranslation('the_name_must_be_indicated')); $formMaker->AddCheck('admin_registration', 'admin_name', 'empty', $this->_Translation->GetTranslation('the_nickname_must_be_indicated')); $formMaker->AddCheck('admin_registration', 'admin_password', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty')); $formMaker->AddCheck('admin_registration', 'admin_password', 'not_same_password_value_as', $this->_Translation->GetTranslation('the_password_and_its_repetition_are_unequal'), 'admin_password2'); $formMaker->AddCheck('admin_registration', 'admin_password2', 'empty', $this->_Translation->GetTranslation('the_password_field_must_not_be_empty')); // Check the form and generate errorinformations $ok = $formMaker->CheckInputs('admin_registration', true); // If everything is ok if ($ok && $Confirmation == 'yes') { include __ROOT__ . '/config.php'; $sql = "INSERT INTO {$d_pre}users (user_name, user_showname, user_password, user_registerdate, user_admin, user_activated)\n\t\t\t\t\t\tVALUES ('{$AdminName}', '{$AdminShowName}', '" . md5($AdminPassword) . "', '" . mktime() . "', 1, 1);\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('install_date', '" . mktime() . "');\n\t\t\t\t\t\tINSERT INTO {$d_pre}config (config_name, config_value)\n\t\t\t\t\t\tVALUES ('style', '{$Style}');\n\t\t\t\t\t\tINSERT INTO {$d_pre}pages (page_lang, page_access, page_name, page_title, page_parent_id, page_creator, page_type, page_date, page_edit_comment)\n\t\t\t\t\t\tVALUES('{$Language}', 'public', 'home', '" . $this->_Translation->GetTranslation('homepage') . "', 0, 1, 'text', " . mktime() . ", 'Installed the Homepage');"; $this->_SqlConnection = new Sql($d_user, $d_pw, $d_server); $this->_SqlConnection->Connect($d_base); $this->_SqlConnection->SqlExecMultiple($sql); $lastid = mysql_insert_id(); $sql = "INSERT INTO {$d_pre}pages_text (page_id, text_page_text,text_page_html)\n\t\t\t\t\t\tVALUES ({$lastid}, '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "', '" . $this->_Translation->GetTranslation('welcome_to_this_homepage') . "')"; $this->_SqlConnection->SqlQuery($sql); // Lead on to the next page header("Location: install.php?page=9&lang={$Language}&style={$Style}"); die; } else { // Generate template $template = "\r\n\t\t\t\t" . $formMaker->GenerateMultiFormTemplate(&$this->_ComaLate, true); return $template; } }