/**
* Returns value if it is a valid email format, FALSE otherwise.
*
* @param mixed $key
* @return mixed
*
* @tag validator
*/
function testEmail($key)
{
if (!$this->keyExists($key)) {
return false;
}
if (Inspekt::isEmail($this->_getValue($key))) {
return $this->_getValue($key);
}
return FALSE;
}
<?php
require_once "../lib/includes/session.php";
require_once "../lib/includes/sanitize-all.php";
if (!empty($_POST["email"]) && !empty($_POST["password"]) && !empty($_POST["javascript"])) {
// Auto load the class when it is beeing created
spl_autoload_register(function ($class) {
require_once "../lib/classes/" . $class . ".class.php";
});
require_once "../lib/classes/Inspekt.php";
if (!Inspekt::isEmail($_POST["email"])) {
die("Please write a correct Email address");
}
$user = new User();
$login = $user->checkCredentials($_POST["email"], $_POST["password"], $_POST["javascript"], $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR'], session_id());
if ($login && isset($_SESSION['employee'])) {
header("Location: dashboard.php");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<!-- <link rel="shortcut icon" href="../../assets/ico/favicon.ico"> -->
}
$pic_markup = <<<EOT
<object id="SWFlash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" type="application/x-shockwave-flash" width="{$thumb_size['width']}" height="{$thumb_size['height']}">
<param name="autostart" value="true" />
<param name="src" value="{$markup_picname}" />
</object>
EOT;
} else {
if (!stristr($normal_pic_url, 'http:')) {
$normal_pic_url = $gallery_url_prefix . $normal_pic_url;
}
$pic_markup = '<img src="' . $normal_pic_url . '" alt="" vspace="8" border="0" class="image" />';
}
// Check supplied email address
$valid_sender_email = Inspekt::isEmail($sender_email);
$valid_recipient_email = Inspekt::isEmail($recipient_email);
if (!$valid_sender_email && $superCage->post->keyExists('sender_name')) {
$sender_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</div>';
}
if (!$valid_recipient_email && $superCage->post->keyExists('sender_name')) {
$recipient_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</div>';
}
$gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
pageheader($lang_ecard_php['title']);
if ($superCage->post->keyExists('submit')) {
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
// Create and send the e-card
if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) {
/**
* Generated from @assert ('webmaster') === FALSE.
*/
public function testIsEmail6()
{
$this->assertSame(FALSE, Inspekt::isEmail('webmaster'));
}
if ($superCage->post->keyExists('change_profile') && USER_ID && UDB_INTEGRATION == 'coppermine') {
//!defined('UDB_INTEGRATION')) {
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$error = false;
if ($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) {
$email = $superCage->post->getEscaped('email');
if (!Inspekt::isEmail($email)) {
$error = $lang_register_php['email_warning2'] . ' [' . $email . ']';
//preg_match('#' . $adminDataValue['regex'] . '#i', $evaluate_value) == FALSE
} elseif (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}' AND user_id <> " . USER_ID;
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = $lang_register_php['err_duplicate_email'];
}
}
}
$sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_profile1 = '{$profile1}', user_profile2 = '{$profile2}', user_profile3 = '{$profile3}', user_profile4 = '{$profile4}', user_profile5 = '{$profile5}', user_profile6 = '{$profile6}'" . (($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) && !$error ? ", user_email = '{$email}'" : "") . " WHERE user_id = '" . USER_ID . "'";
$result = cpg_db_query($sql);
CPGPluginAPI::action('profile_submit_form', null);
$title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME));
if (!$error) {
$row = $result->fetchArray(true);
$comment = bb_decode($row['msg_body']);
if ($CONFIG['enable_smilies']) {
$comment = process_smilies($comment);
}
$msg_author = $row['msg_author'];
$comment_field_name = sprintf($lang_report_php['comment_field_name'], $msg_author);
$type = $lang_report_php['type_comment'];
$template = $template_report_comment_email;
$form_action = "{$CPG_PHP_SELF}?pid={$pid}&msg_id={$cid}&what=comment";
//template_extract_block($template_report_form, 'reason_missing'); //need help to toggle off reason(missing) since doesn't apply to comments
} else {
//template_extract_block($template_report_form, 'display_comment'); //need help remove comment preview when reporting picture
}
// Check supplied email address
$valid_sender_email = Inspekt::isEmail($sender_email);
$invalid_email = '<div class="cpg_message_error">' . $lang_report_php['invalid_email'] . '</div>';
if (!$valid_sender_email && $superCage->post->keyExists('subject')) {
$sender_email_warning = $invalid_email;
}
// Create and send the e-card
if ($superCage->post->keyExists('subject') && $valid_sender_email) {
$gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
} else {
$n_picname = get_pic_url($row, 'fullsize');
}
if (!stristr($n_picname, 'http:')) {
$n_picname = $gallery_url_prefix . $n_picname;
}
// check captcha
if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) {
if (!captcha_plugin_enabled('contact')) {
require_once "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha)) {
$captcha_remark = $lang_errors['captcha_error'];
$expand_array[] = 'captcha_remark';
$error++;
}
} else {
CPGPluginAPI::action('captcha_contact_validate', null);
}
}
// check email address
if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) {
if (!Inspekt::isEmail($email_address)) {
$expand_array[] = 'email_remark';
$error++;
}
}
// check subject field
if ($CONFIG['contact_form_subject_field'] >= 2 && $subject == '') {
$expand_array[] = 'subject_remark';
$error++;
}
// check message field
if ($message == '') {
$expand_array[] = 'message_remark';
$error++;
}
// send the mail if no error occured
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
/**
* Returns value if it is a valid email format, FALSE otherwise.
*
* @param mixed $key
* @return mixed
* @throws Exception
* @tag validator
*/
public function testEmail($key)
{
$value = $this->getValueOrNull($key);
if (!is_null($value) && Inspekt::isEmail($value)) {
return $value;
}
return false;
}
