/** * Send email * Send an email to specified recipients. Supports RFC821-conform envelops. * * Email address must be formatted as in one of the following examples: * john.doe@some.domain.tld * <*****@*****.**> * "John Doe" <*****@*****.**> * "John Doe" john.doe@some.domain.tld * John Doe <*****@*****.**> * John Doe john.doe@some.domain.tld * NOTE: Sender name must have UTF-8 charset * * Attached files must be passed to this function as an array of following structure: * array ( <file_1>, <file_2>, ... ) * Single elements of that array must be an array of following structure: * array ( 'filename' => 'invoice.pdf', * 'mime_type' => 'application/pdf', * 'body' => <file_contents_als_string> ) * * * @param string $from Sender email address * @param mixed $to Receiver email address as string or multiple addresses as an array * @param string $subject Subject * @param mixed $cc CC Receiver email address as string or multiple addresses as an array * @param mixed $bcc BCC Receiver email address as string or multiple addresses as an array * @param string $body Email body * @param array $files Attached files as array * @return boolean TRUE on success or FALSE on error */ function send($from = '', $to = null, $subject = '', $cc = null, $bcc = null, $body = '', $files = null) { $result = false; $from = trim($from); $from_strict = $from; $to_array = array(); $to_strict_array = array(); $cc_array = array(); $cc_strict_array = array(); $bcc_array = array(); $bcc_strict_array = array(); $default_mime = 'application/octet-stream'; if (!empty($to)) { // From $from = PCPIN_Email::convertEmailAddressRFC($from, false); $from_strict = PCPIN_Email::convertEmailAddressRFC($from, true); // To if (!is_array($to)) { $to = trim($to); $to = $to != '' ? explode(';', $to) : array(); } foreach ($to as $to_str) { $to_str = trim($to_str); if ($to_str != '') { $to_str = PCPIN_Email::convertEmailAddressRFC($to_str, false); if ($to_str != '') { $to_array[] = $to_str; } $to_str_strict = PCPIN_Email::convertEmailAddressRFC($to_str, true); if ($to_str_strict != '') { $to_strict_array[] = $to_str_strict; } } } // CC if (!is_array($cc)) { $cc = trim($cc); $cc = $cc != '' ? explode(';', $cc) : array(); } foreach ($cc as $cc_str) { $cc_str = trim($cc_str); if ($cc_str != '') { $cc_str = PCPIN_Email::convertEmailAddressRFC($cc_str, false); if ($cc_str != '') { $cc_array[] = $cc_str; } $cc_str_strict = PCPIN_Email::convertEmailAddressRFC($cc_str, true); if ($cc_str_strict != '') { $cc_strict_array[] = $cc_str_strict; } } } // BCC if (!is_array($bcc)) { $bcc = trim($bcc); $bcc = $bcc != '' ? explode(';', $bcc) : array(); } foreach ($bcc as $bcc_str) { $bcc_str = trim($bcc_str); if ($bcc_str != '') { $bcc_str = PCPIN_Email::convertEmailAddressRFC($bcc_str, false); if ($bcc_str != '') { $bcc_array[] = $bcc_str; } $bcc_str_strict = PCPIN_Email::convertEmailAddressRFC($bcc_str, true); if ($bcc_str_strict != '') { $bcc_strict_array[] = $bcc_str_strict; } } } // Boundary $boundary = '===' . md5(PCPIN_Common::randomString(32)); // Headers $headers = array('Content-Type: multipart/mixed; boundary="' . $boundary . '";', 'Content-Transfer-Encoding: 7bit', 'MIME-Version: 1.0', 'X-Generator: PCPIN'); $headers_strict = $headers; // From if (!empty($from)) { $headers[] = 'From: ' . $from; } if (!empty($from_strict)) { $headers_strict[] = 'From: ' . $from_strict; } // CC if (!empty($cc_array)) { $headers[] = 'Cc: ' . implode(', ', $cc_array); } if (!empty($cc_strict_array)) { $headers_strict[] = 'Cc: ' . implode(', ', $cc_strict_array); } // BCC if (!empty($bcc_array)) { $headers[] = 'Bcc: ' . implode(', ', $bcc_array); } if (!empty($bcc_strict_array)) { $headers_strict[] = 'Bcc: ' . implode(', ', $bcc_strict_array); } // Create body $message = ''; if ($body != '') { $encoded_body = ''; $src = base64_encode($body); while (true) { $encoded_body .= substr($src, 0, 76); $src = substr($src, 76); if ($src != '') { $encoded_body .= "\n"; } else { break; } } $message .= '--' . $boundary . "\n" . 'Content-Type: text/plain; charset=utf-8;' . "\n" . 'Content-Transfer-Encoding: base64' . "\n\n" . $encoded_body . "\n"; } // Attachments if (!empty($files)) { foreach ($files as $file) { if (empty($file['mime'])) { $file['mime'] = $default_mime; } if (empty($file['filename'])) { $file['filename'] = md5(PCPIN_Common::randomString(32)); } $file['mime'] = str_replace('"', '\\"', $file['mime']); $file['filename'] = str_replace('"', '\\"', PCPIN_Email::encodeHeaderValue($file['filename'])); $encoded_body = ''; $src = base64_encode($file['body']); $encoded_body = wordwrap($src, 70, "\n", true); $message .= '--' . $boundary . "\n" . 'Content-Type: ' . $file['mime'] . '; name="' . $file['filename'] . '";' . "\n" . 'Content-Transfer-Encoding: base64' . "\n" . 'Content-Disposition: attachment; filename="' . $file['filename'] . '"' . "\n\n" . $encoded_body . "\n"; } } if ($message != '') { $message .= "\n" . '--' . $boundary . '--' . "\n"; } // Trying to send mail if (false === ($result = mail(implode(', ', $to_array), PCPIN_Email::encodeHeaderValue($subject), $message, implode("\n", $headers)))) { // Failed. Trying to use RFC821-conform envelope. $result = mail(implode(', ', $to_strict_array), PCPIN_Email::encodeHeaderValue($subject), $message, implode("\n", $headers_strict)); } } return $result; }
$current_version = $version->_db_list[0]['version']; $last_check = $version->_db_list[0]['last_version_check'] > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($version->_db_list[0]['last_version_check'])) : $l->g('never'); $new_version_available = $version->_db_list[0]['new_version_available']; $new_version_url = $version->_db_list[0]['new_version_url']; } else { $current_version = 6.0; $last_check = $l->g('never'); $new_version_available = $current_version; $new_version_url = ''; } $current_version = number_format($current_version, 2, '.', ''); $new_version_available = number_format($new_version_available, 2, '.', ''); if (!empty($do_check)) { // Check for new version // Generate new security key $key = PCPIN_Common::randomString(36, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-()[].,'); $version->setVersionCheckKey($key); $session->_s_updateSession($session->_s_id, true, true, null, null, null, md5($key)); header('Location: ' . PCPIN_VERSIONCHECKER_URL . '?' . htmlspecialchars($key)); die; } // Initialize template handler _pcpin_loadClass('pcpintpl'); $tpl = new PcpinTpl(); $tpl->setBasedir('./tpl'); $tpl->readTemplatesFromFile('./admin/versions.tpl'); // Add global vars to template foreach ($global_tpl_vars as $key => $val) { $tpl->addGlobalVar($key, htmlspecialchars($val)); } // Add language expressions to template
/** * Create new session * @param int $user_id Optional ID of session owner user * @param int $last_message_id ID of last message received by session owner * @param int $language_id Optional. Selected language. If empty, then default language will be used. * @param string $backend_login Optional. 'y', if user is Administrator and logged directly into Admin Backend. */ function _s_newSession($user_id = 0, $last_message_id = 0, $language_id = 0, $backend_login = '******') { $ok = false; if ($backend_login !== 'y' && $backend_login !== 'n') { $backend_login = '******'; } $max_attempts = 100; do { // Generate new session ID $this->_s_id = PCPIN_Common::randomString(PCPIN_SID_LENGTH, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'); // Check new session ID if (!$this->_db_getList('_s_id', '_s_id = ' . $this->_s_id, 1)) { // New session ID is unique // Check language _pcpin_loadClass('language'); $language = new PCPIN_Language($this); if (empty($this->_conf_all['allow_language_selection']) || 0 == ($language_id = $language->checkLanguage($language_id))) { $language_id = $this->_conf_all['default_language']; } // Set all object properties up $this->_s_ip = PCPIN_CLIENT_IP; $this->_s_client_agent_name = PCPIN_CLIENT_AGENT_NAME; $this->_s_client_agent_version = PCPIN_CLIENT_AGENT_VERSION; $this->_s_client_os = PCPIN_CLIENT_OS; $this->_s_created = date('Y-m-d H:i:s'); $this->_s_last_ping = date('Y-m-d H:i:s'); $this->_s_language_id = $language_id; $this->_s_user_id = $user_id; $this->_s_security_code = md5(PCPIN_Common::randomString(mt_rand(100, 255))); $this->_s_security_code_img = ''; $this->_s_room_id = 0; $this->_s_room_date = ''; $this->_s_last_message_id = $last_message_id; $this->_s_last_sent_message_time = '0000-00-00 00:00:00'; $this->_s_last_sent_message_hash = ''; $this->_s_last_sent_message_repeats_count = 0; $this->_s_online_status = 1; $this->_s_online_status_message = ''; $this->_s_kicked = 'n'; $this->_s_stealth_mode = 'n'; $this->_s_backend = $backend_login; $this->_s_page_unloaded = 'n'; // Save session into database $ok = $this->_db_insertObj(); } $max_attempts--; } while ($ok !== true && $max_attempts > 0); $this->_db_freeList(); if (!$ok) { PCPIN_Common::dieWithError(-1, '<b>Fatal error</b>: Failed to create new session'); } }
} if (!PCPIN_Common::checkEmail($email, $session->_conf_all['email_validation_level'])) { // Email invalid $xmlwriter->setHeaderStatus(1); $xmlwriter->setHeaderMessage($l->g('email_invalid')); } else { if (!$current_user->checkEmailUnique($profile_user_id, $email)) { // Email address already taken $xmlwriter->setHeaderStatus(1); $xmlwriter->setHeaderMessage($l->g('email_already_taken')); } else { // Email address is free if ($current_user->is_admin !== 'y' && !empty($session->_conf_all['activate_new_emails'])) { // Email address needs to be activated $activation_required = 1; $email_new_activation_code = PCPIN_Common::randomString(18, 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'); $profile_user->email_new = $email; $profile_user->email_new_date = date('Y-m-d H:i:s'); $profile_user->email_new_activation_code = md5($email_new_activation_code); $profile_user->_db_updateObj($profile_user->id); $email_body = $l->g('email_email_address_activation'); $email_body = str_replace('[HOURS]', $session->_conf_all['new_email_activation_timeout'], $email_body); $email_body = str_replace('[SENDER]', $session->_conf_all['chat_email_sender_name'], $email_body); $email_body = str_replace('[ACTIVATION_URL]', str_replace(' ', '%20', $session->_conf_all['base_url']) . '?activate_email&activation_code=' . urlencode($email_new_activation_code), $email_body); $email_body = str_replace('[CHAT_NAME]', $session->_conf_all['chat_name'], $email_body); PCPIN_Email::send('"' . $session->_conf_all['chat_email_sender_name'] . '"' . ' <' . $session->_conf_all['chat_email_sender_address'] . '>', $email, $l->g('email_address_activation'), null, null, $email_body); $xmlwriter->setHeaderStatus(0); $xmlwriter->setHeaderMessage(str_replace('[EMAIL]', $email, $l->g('email_address_activation_sent'))); } else { // Save new email address $activation_required = 0;
/** * Insert new user into database * @param string $login Login name * @param string $password Password (NOT encoded!!!) * @param string $email E-Mail address * @param int $hide_email Hide E-Mail address? (0: No, 1: Yes) * @param string $guest Flag: "y" if user is a guest, "n" if user was registered * @param string $activation_code If new account activation enabled: Activation code (MD5-encoded) * @param int $language_id Language ID. If empty: language ID from current session will be used * @return boolean TRUE on success or FALSE on error */ function newUser($login, $password = '', $email = '', $hide_email = 0, $guest = 'n', $activation_code = '', $language_id = 0) { $result = false; $this->id = 0; $login = trim($login); $email = trim($email); if ($login != '' && $password != '') { $this->id = 0; $this->login = $login; $this->password = md5($password); $this->password_new = md5(PCPIN_Common::randomString(mt_rand(100, 255))); $this->email = $email; $this->email_new = ''; $this->email_new_date = ''; $this->email_new_activation_code = ''; $this->hide_email = $hide_email; $this->joined = date('Y-m-d H:i:s'); $this->activated = $activation_code == '' ? 'y' : 'n'; $this->activation_code = $activation_code; $this->last_login = ''; $this->previous_login = ''; $this->time_online = 0; $this->date_format = $this->_conf_all['date_format']; $this->last_message_id = 0; $this->moderated_rooms = ''; $this->moderated_categories = ''; $this->is_admin = 'n'; $this->banned_by = 0; $this->banned_by_username = ''; $this->banned_until = ''; $this->banned_permanently = 'n'; $this->ban_reason = ''; $this->muted_users = ''; $this->global_muted_by = 0; $this->global_muted_by_username = ''; $this->global_muted_until = ''; $this->global_muted_permanently = 'n'; $this->global_muted_reason = ''; $this->time_zone_offset = 0; $this->is_guest = $guest; $this->show_message_time = ''; $this->outgoing_message_color = ''; $this->language_id = !empty($language_id) ? $language_id : $this->_s_language_id; $this->allow_sounds = ''; $this->room_selection_view = $this->_conf_all['room_selection_display_type']; // Insert row if ($this->_db_insertObj()) { $result = true; $this->id = $this->_db_lastInsertID(); $this_id = $this->id; // Add new nickname _pcpin_loadClass('nickname'); $nickname = new PCPIN_Nickname($this); if (!$nickname->_db_getList('id', 'nickname_plain = ' . $login, 1)) { $nickname->addNickname($this_id, '^' . $this->_conf_all['default_nickname_color'] . $login); } $this->id = $this_id; } } return $result; }
/** * Constructor * @param string $header_service Service name * @param string $encoding Optional. XML encoding * @param string $name Optional. Name of the root element * @param string $type Optional. Type of the root element * @param boolean $indent Optional. Whether to indent XML or not * @param string $indent_string Optional. Indent string */ function PCPIN_XMLWrite($header_service, $encoding = PCPIN_XMLDOC_ENCODING, $name = PCPIN_XMLDOC_ROOT_NAME, $indent = PCPIN_XMLDOC_INDENT, $indent_string = PCPIN_XMLDOC_INDENT_STRING) { $this->set('root_name', $name); $this->set('encoding', $encoding); $this->set('indent', $indent); $this->set('indent_string', $indent_string); $this->set('cdata_escape_sequence', '_' . PCPIN_Common::randomString(12) . '_'); $this->set('xml_data', array()); $this->set('header_service', $header_service); }
*/ if (!empty($sk) && !empty($nv) && !empty($dl)) { _pcpin_loadClass('version'); $version = new PCPIN_Version($session); if ($version->_db_getList(1)) { $current_version = $version->_db_list[0]['version']; $last_check = $version->_db_list[0]['last_version_check'] > '0000-00-00 00:00:00' ? $current_user->makeDate(PCPIN_Common::datetimeToTimestamp($version->_db_list[0]['last_version_check'])) : $l->g('never'); $new_version_available = $version->_db_list[0]['new_version_available']; $new_version_url = $version->_db_list[0]['new_version_url']; $version_check_key = $version->_db_list[0]['version_check_key']; } else { $current_version = 6.0; $last_check = $l->g('never'); $new_version_available = $current_version; $new_version_url = ''; $version_check_key = PCPIN_Common::randomString(mt_rand(10, 20)); } $version->_db_freeList(); // Check security key if (!empty($version_check_key) && md5($sk) == $version_check_key) { if ($session->_db_getList('_s_id', '_s_security_code = ' . $version_check_key, 1)) { // Security key check passed $old_session = $session->_db_list[0]['_s_id']; // Save version number $version->setLastVersionCheckTime(); $version->setNewestAvailableVersion($nv); $version->setVersionCheckKey(); $version->setNewVersionDownloadUrl(base64_decode($dl)); $session->_s_updateSession($old_session, false, true, null, null, null, ''); header('Location: ' . PCPIN_ADMIN_FORMLINK . '?s_id=' . $old_session . '&ainc=versions&version_checked'); die;
// Avatar $avatar->deleteAvatar($current_user_set['id']); if (!empty($_pcpin_slave_userdata['avatar'])) { $new_avatar_data = null; if (PCPIN_IMAGE_CHECK_OK === PCPIN_Image::checkImage($new_avatar_data, $_pcpin_slave_userdata['avatar'], $session->_conf_all['avatar_image_types'], 0, 0, 0, true)) { if ($binaryfile->newBinaryFile(file_get_contents($_pcpin_slave_userdata['avatar']), $new_avatar_data['mime'], $new_avatar_data['width'], $new_avatar_data['height'], 'log')) { $avatar->addAvatar($binaryfile->id, $current_user_set['id']); } } } } } else { // User not exists yet $login = $_pcpin_slave_userdata['login']; // Create new user $current_user->newUser($_pcpin_slave_userdata['login'], PCPIN_Common::randomString(32), $_pcpin_slave_userdata['email'], $_pcpin_slave_userdata['hide_email'], 'n', ''); $current_user->password = $_pcpin_slave_userdata['password']; $_pcpin_slave_userdata_md5_password = $_pcpin_slave_userdata['password']; $current_user->_db_updateObj($current_user->id); // Userdata $current_userdata->_db_getList('user_id = ' . $current_user->id, 1); $current_userdata_set = $current_userdata->_db_list[0]; $current_userdata->_db_freeList(); $update_args = array(); foreach ($_pcpin_slave_userdata as $key => $val) { if (!is_null($val) && isset($current_userdata_set[$key]) && $current_userdata_set[$key] != $val) { $update_args[$key] = $val; } } if (!empty($update_args)) { $current_userdata->_db_updateRow($current_user->id, 'user_id', $update_args);
/** * Export language object as string. * Output string will have following format: <hash><data> * <hash> - MD5 hash of the <data> (32 chars) * <data> - Serialized and BASE64-encoded array in following format: * array ( * // Header data. * 'data_type' => 'language' , * 'pcpin_version' => 'pcpin_chat_<version>' , * 'date_created' => '<UNIX_TIMESTAMP>' , * 'rand' => '<RANDOM_STRING_32_BYTES>' , * // Main data block as serialized and BASE64-encoded array in following format (all values are hexadecial): * 'data' => array ( * 'iso_name' => '<ISO_CODE>' , * 'local_name' => '<LOCAL_NAME>' , * 'expressions' => array ( * array ( * 'code' => '<EXPRESSION_CODE>' , * 'value' => '<EXPRESSION_VALUE>' , * 'multi_row' => '<EXPRESSION_MULTI_ROW>' * ) , * ... * ) * ) * ) * @param int $language_id Language ID to export * @return mixed (string) Language data string on success or (boolean) FALSE on error */ function exportLanguage($language_id = 0) { $out = false; if (!empty($language_id) && $this->_db_getList('x0iso_name, x0name, x0local_name', 'id = ' . $language_id, 1)) { $lng = array('data_type' => 'language', 'pcpin_version' => 'pcpin_chat_' . PCPIN_VERSION, 'date_created' => time(), 'rand' => PCPIN_Common::randomString(32), 'data' => array('iso_name' => $this->_db_list[0]['iso_name'], 'local_name' => $this->_db_list[0]['local_name'], 'expressions' => array())); $this->_db_freeList(); _pcpin_loadClass('language_expression'); $language_expression = new PCPIN_Language_Expression($this); if ($language_expression->_db_getList('x0code, x0value, x0multi_row', 'language_id = ' . $language_id)) { while ($expr = array_pop($language_expression->_db_list)) { $lng['data']['expressions'][] = array('code' => $expr['code'], 'value' => $expr['value'], 'multi_row' => $expr['multi_row']); } $out = base64_encode(serialize($lng)); unset($lng); // Get hash $out = strtoupper(md5($out)) . $out; } } return $out; }
$tries = 100; do { $login = $l->g('guest') . mt_rand(0, 999); if ($current_user->checkUsernameUnique($login) && $current_user->newUser($login, PCPIN_Common::randomString(mt_rand(100, 255)), '', 1, 'y')) { // User created $xmlwriter->setHeaderMessage('OK'); $xmlwriter->setHeaderStatus(0); $user_created = true; // Create new session and log it in $session->_s_logIn($current_user->id, 0, $language_id); // Update user $current_user->_db_loadObj($current_user->id); $current_user->previous_login = '******'; $current_user->last_login = date('Y-m-d H:i:s'); $current_user->time_zone_offset = $time_zone_offset; $current_user->password_new = md5(PCPIN_Common::randomString(mt_rand(30, 120))); $current_user->_db_updateObj($session->_s_user_id); // Insert system message $msg->addMessage(101, 'n', 0, '', 0, 0, $session->_s_user_id); break; } if (--$tries == 0) { break; } } while (true); if (!$user_created) { $xmlwriter->setHeaderMessage($l->g('error')); } } } }
} if (empty($errortext)) { // Check data if ($current_user->_db_getList('id,login', 'email = ' . $email, 'activated = y', 'is_guest = n', 1)) { // Email address found $user_id = $current_user->_db_list[0]['id']; $login = $current_user->_db_list[0]['login']; $current_user->_db_freeList(); } else { // Wrong Email $errortext[] = $l->g('email_not_found'); } } if (!empty($errortext)) { $xmlwriter->setHeaderStatus(1); $xmlwriter->setHeaderMessage('- ' . implode("\n- ", $errortext)); } else { // Reset password $password_new = PCPIN_Common::randomString(mt_rand(6, 8), 'abcdefghijklmnopqrstuvwxyz0123456789'); $current_user->_db_updateRow($user_id, 'id', array('password_new' => md5($password_new))); // Send "password reset" email $email_body = $l->g('email_password_reset'); $email_body = str_replace('[CHAT_NAME]', $session->_conf_all['chat_name'], $email_body); $email_body = str_replace('[USERNAME]', $login, $email_body); $email_body = str_replace('[PASSWORD]', $password_new, $email_body); $email_body = str_replace('[URL]', str_replace(' ', '%20', $session->_conf_all['base_url']), $email_body); $email_body = str_replace('[SENDER]', $session->_conf_all['chat_email_sender_name'], $email_body); PCPIN_Email::send('"' . $session->_conf_all['chat_email_sender_name'] . '"' . ' <' . $session->_conf_all['chat_email_sender_address'] . '>', $email, $l->g('password_reset'), null, null, $email_body); $xmlwriter->setHeaderStatus(0); $xmlwriter->setHeaderMessage(str_replace('[EMAIL]', $email, $l->g('new_password_sent'))); }