/** * XoopsUserUtility::validate * * @return false|string */ public static function validate() { $xoops = Xoops::getInstance(); $args = func_get_args(); $args_num = func_num_args(); /* @var $user XoopsUser|null */ $user = null; $uname = null; $email = null; $pass = null; $vpass = null; switch ($args_num) { case 1: $user = $args[0]; break; case 2: list($uname, $email) = $args; break; case 3: list($user, $pass, $vpass) = $args; break; case 4: list($uname, $email, $pass, $vpass) = $args; break; default: return false; } if (is_object($user)) { $uname = $user->getVar('uname', 'n'); $email = $user->getVar('email', 'n'); } //$user = empty($user) ? null : trim($user); $uname = empty($uname) ? null : trim($uname); $email = empty($email) ? null : trim($email); $pass = empty($pass) ? null : trim($pass); $vpass = empty($vpass) ? null : trim($vpass); $xoops->getConfigs(); $stop = ''; // Invalid email address if (!$xoops->checkEmail($email)) { $stop .= XoopsLocale::E_INVALID_EMAIL . '<br />'; } if (strrpos($email, ' ') > 0) { $stop .= XoopsLocale::E_EMAIL_SHOULD_NOT_CONTAIN_SPACES . '<br />'; } // Check forbidden email address if current operator is not an administrator if (!$xoops->userIsAdmin) { $bad_emails = $xoops->getConfig('bad_emails'); if (!empty($bad_emails)) { foreach ($bad_emails as $be) { if (!empty($be) && preg_match('/' . $be . '/i', $email)) { $stop .= XoopsLocale::E_INVALID_EMAIL . '<br />'; break; } } } } $uname = XoopsLocale::trim($uname); $restriction = ''; switch ($xoops->getConfig('uname_test_level')) { case 0: // strict $restriction = '/[^a-zA-Z0-9\\_\\-]/'; break; case 1: // medium $restriction = '/[^a-zA-Z0-9\\_\\-\\<\\>\\,\\.\\$\\%\\#\\@\\!\\\'\']/'; break; case 2: // loose $restriction = '/[\\000-\\040]/'; break; } if (empty($uname) || preg_match($restriction, $uname)) { $stop .= XoopsLocale::E_INVALID_USERNAME . '<br />'; } // Check uname settings if current operator is not an administrator if (!$xoops->userIsAdmin) { $maxuname = $xoops->getConfig('maxuname'); if (!empty($maxuname) && mb_strlen($uname) > $maxuname) { $stop .= sprintf(XoopsLocale::EF_USERNAME_MUST_BE_LESS_THAN, $maxuname) . '<br />'; } $minuname = $xoops->getConfig('minuname'); if (!empty($minuname) && mb_strlen($uname) < $minuname) { $stop .= sprintf(XoopsLocale::EF_USERNAME_MUST_BE_MORE_THAN, $minuname) . '<br />'; } $bad_unames = $xoops->getConfig('bad_unames'); if (!empty($bad_unames)) { foreach ($bad_unames as $bu) { if (!empty($bu) && preg_match('/' . $bu . '/i', $uname)) { $stop .= XoopsLocale::E_NAME_IS_RESERVED . '<br />'; break; } } } } // Check if uname/email already exists if the user is a new one $uid = is_object($user) ? $user->getVar('uid') : 0; $user_handler = $xoops->getHandlerUser(); $myts = MyTextSanitizer::getInstance(); $criteria = new CriteriaCompo(new Criteria('uname', $myts->addSlashes($uname))); if ($uid > 0) { $criteria->add(new Criteria('uid', $uid, '<>')); } $count = $user_handler->getCount($criteria); if ($count > 0) { $stop .= XoopsLocale::E_USERNAME_TAKEN . '<br />'; } $criteria = new CriteriaCompo(new Criteria('email', $myts->addSlashes($email))); if ($uid > 0) { $criteria->add(new Criteria('uid', $uid, '<>')); } $count = $user_handler->getCount($criteria); if ($count > 0) { $stop .= XoopsLocale::E_EMAIL_TAKEN . '<br />'; } // If password is not set, skip password validation if ($pass === null && $vpass === null) { return $stop; } if (empty($pass) || empty($vpass)) { $stop .= XoopsLocale::E_MUST_PROVIDE_PASSWORD . '<br />'; } if (isset($pass) && isset($vpass) && $pass != $vpass) { $stop .= XoopsLocale::E_PASSWORDS_MUST_MATCH . '<br />'; } else { $minpass = $xoops->getConfig('minpass'); if ($pass != '' && !empty($minpass) && mb_strlen($pass) < $minpass) { $stop .= sprintf(XoopsLocale::EF_PASSWORD_MUST_BE_GREATER_THAN, $minpass) . '<br />'; } } return $stop; }
public function displayPost() { $xoops = Xoops::getInstance(); if (Request::getMethod() !== 'POST') { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $id = Request::getInt('com_id'); $modid = Request::getInt('com_modid'); if (empty($modid)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } /* @var $comment CommentsComment */ $comment = $this->getHandlerComment()->get($id); if (!is_object($comment)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } if (!$comment->isNew()) { $modid = $comment->getVar('modid'); } else { $comment->setVar('modid', $modid); } $module = $xoops->getModuleById($modid); if (!is_object($module)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $moddir = $module->getVar('dirname'); if ($xoops->isAdminSide) { if (empty($id)) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $redirect_page = $this->url('admin/main.php?com_modid=' . $modid . '&com_itemid'); } else { if (COMMENTS_APPROVENONE == $xoops->getModuleConfig('com_rule', $module->getVar('dirname'))) { $xoops->redirect(\XoopsBaseConfig::get('url'), 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } $redirect_page = ''; } /* @var $plugin CommentsPluginInterface */ if ($plugin = \Xoops\Module\Plugin::getPlugin($moddir, 'comments')) { if (!$xoops->isAdminSide) { $redirect_page = $xoops->url('modules/' . $moddir . '/' . $plugin->pageName() . '?'); if (is_array($extraParams = $plugin->extraParams())) { $extra_params = ''; foreach ($extraParams as $extra_param) { $extra_params .= isset($_POST[$extra_param]) ? $extra_param . '=' . htmlspecialchars($_POST[$extra_param]) . '&' : $extra_param . '=amp;'; } $redirect_page .= $extra_params; } $redirect_page .= $plugin->itemName(); } $comment_url = $redirect_page; $op = Request::getBool('com_dopost') ? 'post' : ''; $op = Request::getBool('com_dopreview') ? 'preview' : $op; $op = Request::getBool('com_dodelete') ? 'delete' : $op; if ($op === 'preview' || $op === 'post') { if (!$xoops->security()->check()) { $op = ''; } } if ($op === 'post' && !$xoops->isUser()) { $xoopsCaptcha = XoopsCaptcha::getInstance(); if (!$xoopsCaptcha->verify()) { $captcha_message = $xoopsCaptcha->getMessage(); $op = 'preview'; } } $title = XoopsLocale::trim(Request::getString('com_title')); $text = XoopsLocale::trim(Request::getString('com_text')); $mode = XoopsLocale::trim(Request::getString('com_mode', 'flat')); $order = XoopsLocale::trim(Request::getString('com_order', COMMENTS_OLD1ST)); $itemid = Request::getInt('com_itemid'); $pid = Request::getInt('com_pid'); $rootid = Request::getInt('com_rootid'); $status = Request::getInt('com_status'); $dosmiley = Request::getBool('com_dosmiley'); $doxcode = Request::getBool('com_doxcode'); $dobr = Request::getBool('com_dobr'); $dohtml = Request::getBool('com_html'); $doimage = Request::getBool('com_doimage'); $icon = XoopsLocale::trim(Request::getString('com_icon')); $comment->setVar('title', $title); $comment->setVar('text', $text); $comment->setVar('itemid', $itemid); $comment->setVar('pid', $pid); $comment->setVar('rootid', $rootid); $comment->setVar('status', $status); $comment->setVar('dosmiley', $dosmiley); $comment->setVar('doxcode', $doxcode); $comment->setVar('dobr', $dobr); $comment->setVar('dohtml', $dohtml); $comment->setVar('doimage', $doimage); $comment->setVar('icon', $icon); switch ($op) { case "delete": $this->displayDelete(); break; case "preview": $comment->setVar('doimage', 1); if ($comment->getVar('dohtml') != 0) { if ($xoops->isUser()) { if (!$xoops->user->isAdmin($comment->getVar('modid'))) { $comment->setVar('dohtml', 0); } } else { $comment->setVar('dohtml', 0); } } $xoops->header(); if (!$xoops->isAdminSide && !empty($captcha_message)) { echo $xoops->alert('error', $captcha_message); } echo $this->renderHeader($comment->getVar('title', 'p'), $comment->getVar('text', 'p'), false, time()); $this->displayCommentForm($comment); $xoops->footer(); break; case "post": $comment->setVar('doimage', 1); $comment_handler = $this->getHandlerComment(); $add_userpost = false; $call_approvefunc = false; $call_updatefunc = false; // RMV-NOTIFY - this can be set to 'comment' or 'comment_submit' $notify_event = false; if (!empty($id)) { $accesserror = false; if ($xoops->isUser()) { if ($xoops->user->isAdmin($comment->getVar('modid'))) { if (!empty($status) && $status != COMMENTS_PENDING) { $old_status = $comment->getVar('status'); $comment->setVar('status', $status); // if changing status from pending state, increment user post if (COMMENTS_PENDING == $old_status) { $add_userpost = true; if (COMMENTS_ACTIVE == $status) { $call_updatefunc = true; $call_approvefunc = true; // RMV-NOTIFY $notify_event = 'comment'; } } else { if (COMMENTS_HIDDEN == $old_status && COMMENTS_ACTIVE == $status) { $call_updatefunc = true; // Comments can not be directly posted hidden, // no need to send notification here } else { if (COMMENTS_ACTIVE == $old_status && COMMENTS_HIDDEN == $status) { $call_updatefunc = true; } } } } } else { $comment->setVar('dohtml', 0); if ($comment->getVar('uid') != $xoops->user->getVar('uid')) { $accesserror = true; } } } else { $comment->setVar('dohtml', 0); $accesserror = true; } if (false != $accesserror) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } } else { $comment->setVar('created', time()); $comment->setVar('ip', $xoops->getEnv('REMOTE_ADDR')); if ($xoops->isUser()) { if ($xoops->user->isAdmin($comment->getVar('modid'))) { $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; } else { $comment->setVar('dohtml', 0); switch ($xoops->getModuleConfig('com_rule')) { case COMMENTS_APPROVEALL: case COMMENTS_APPROVEUSER: $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; break; case COMMENTS_APPROVEADMIN: default: $comment->setVar('status', COMMENTS_PENDING); $notify_event = 'comment_submit'; break; } } if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) && $comment->getVar('noname')) { $comment->setVar('uid', 0); } else { $comment->setVar('uid', $xoops->user->getVar('uid')); } } else { $comment->setVar('dohtml', 0); $comment->setVar('uid', 0); if ($xoops->getModuleConfig('com_anonpost', $module->getVar('dirname')) != 1) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_mode=' . $mode . '&com_order=' . $order, 1, XoopsLocale::E_NO_ACCESS_PERMISSION); } } if ($comment->getVar('uid') == 0) { switch ($xoops->getModuleConfig('com_rule')) { case COMMENTS_APPROVEALL: $comment->setVar('status', COMMENTS_ACTIVE); $add_userpost = true; $call_approvefunc = true; $call_updatefunc = true; // RMV-NOTIFY $notify_event = 'comment'; break; case COMMENTS_APPROVEADMIN: case COMMENTS_APPROVEUSER: default: $comment->setVar('status', COMMENTS_PENDING); // RMV-NOTIFY $notify_event = 'comment_submit'; break; } } } if ($comment->getVar('title') == '') { $comment->setVar('title', XoopsLocale::NO_TITLE); } $comment->setVar('modified', time()); if (isset($extra_params)) { $comment->setVar('exparams', $extra_params); } if (false != $comment_handler->insert($comment)) { $newcid = $comment->getVar('id'); // set own id as root id if this is a top comment if ($comment->getVar('rootid') == 0) { $comment->setVar('rootid', $newcid); if (!$comment_handler->updateByField($comment, 'rootid', $comment->getVar('rootid'))) { $comment_handler->delete($comment); $xoops->header(); echo $xoops->alert('error', $comment->getHtmlErrors()); $xoops->footer(); } } // call custom approve function if any if (false != $call_approvefunc) { $plugin->approve($comment); } if (false != $call_updatefunc) { $criteria = new CriteriaCompo(new Criteria('modid', $comment->getVar('modid'))); $criteria->add(new Criteria('itemid', $comment->getVar('itemid'))); $criteria->add(new Criteria('status', COMMENTS_ACTIVE)); $comment_count = $comment_handler->getCount($criteria); $plugin->update($comment->getVar('itemid'), $comment_count); } // increment user post if needed $uid = $comment->getVar('uid'); if ($uid > 0 && false != $add_userpost) { $member_handler = $xoops->getHandlerMember(); $poster = $member_handler->getUser($uid); if ($poster instanceof XoopsUser) { $member_handler->updateUserByField($poster, 'posts', $poster->getVar('posts') + 1); } } // RMV-NOTIFY // trigger notification event if necessary if ($notify_event && $xoops->isActiveModule('notifications')) { $notifications = Notifications::getInstance(); $not_modid = $comment->getVar('modid'); $not_catinfo = $notifications->getCommentsCategory($module->getVar('dirname')); $not_category = $not_catinfo['name']; $not_itemid = $comment->getVar('itemid'); $not_event = $notify_event; // Build an ABSOLUTE URL to view the comment. Make sure we // point to a viewable page (i.e. not the system administration // module). $comment_tags = array(); $comment_tags['X_COMMENT_URL'] = $comment_url . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'); if ($xoops->isActiveModule('notifications')) { Notifications::getInstance()->getHandlerNotification()->triggerEvent($not_category, $not_itemid, $not_event, $comment_tags, false, $not_modid); } } if (!isset($comment_post_results)) { // if the comment is active, redirect to posted comment if ($comment->getVar('status') == COMMENTS_ACTIVE) { $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_id=' . $comment->getVar('id') . '&com_rootid=' . $comment->getVar('rootid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST); } else { // not active, so redirect to top comment page $xoops->redirect($redirect_page . '=' . $comment->getVar('itemid') . '&com_mode=' . $mode . '&com_order=' . $order . '#comment' . $comment->getVar('id'), 1, _MD_COMMENTS_THANKSPOST); } } } else { if (!isset($purge_comment_post_results)) { $xoops->header(); echo $xoops->alert('error', $comment->getHtmlErrors()); $xoops->footer(); } else { $comment_post_results = $comment->getErrors(); } } break; default: $xoops->redirect(\XoopsBaseConfig::get('url') . '/', 1, implode('<br />', $xoops->security()->getErrors())); break; } } }
/** * @deprecated * @param $text * @return string */ function xoops_trim($text) { $xoops = Xoops::getInstance(); $xoops->deprecated(__FUNCTION__ . ' is deprecated since XOOPS 2.6.0. See how to replace it in file ' . __FILE__ . ' line ' . __LINE__); return XoopsLocale::trim($text); }