$page = $this->GetPreference('pageid_login');
if (isset($params['returnto'])) {
$page = $params['returnto'];
}
// replace {$groupname} with the first groupname we can find that matches
$groups = $this->GetMemberGroupsArray($this->LoggedinId());
$groupname = $this->GetGroupName($groups[0]['groupid']);
$smarty->assign('username', $params['feu_input_username']);
$smarty->assign('group', $groupname);
$page = $this->ProcessTemplateFromData($page);
}
// send the event
$parms = array();
$parms['id'] = $this->LoggedInId();
$parms['username'] = $params['feu_input_username'];
$parms['ip'] = cge_utils::get_real_ip();
$this->SendEvent('OnLogin', $parms);
$this->_SendNotificationEmail('OnLogin', $parms);
if ($return_url != '') {
redirect($return_url);
} else {
if ($page) {
$id = ContentManager::GetPageIDFromAlias($page);
if ($id) {
$this->RedirectContent($id);
return;
}
die("couldn't get pageid for {$page}");
} else {
$this->RedirectContent($returnid);
}
/**
* Compare text against auto moderation rules
*
* @param string text
* @return boolean TRUE if text needs moderation, FALSE otherwise.
*/
public static function text_needs_moderation($text)
{
$mod = cms_utils::get_module('CGFeedback');
$t1 = $mod->GetPreference('moderate_comments');
if ($t1 == 0) {
return FALSE;
}
if ($t1 > 0) {
return TRUE;
}
$tmp = $mod->GetPreference('moderation_patterns');
if (!$tmp) {
return FALSE;
}
// no patterns, = auto pass.
$rules = explode("\n", $tmp);
if (!is_array($rules) || count($rules) == 0) {
return FALSE;
}
// no patterns = auto pass.
for ($i = 0; $i < count($rules); $i++) {
$rules[$i] = trim($rules[$i]);
if ($rules[$i] == '') {
continue;
}
if ($rules[$i] == '__EMAIL__') {
// check if text contains an email
$pattern = '/([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)/i';
if (preg_match($pattern, $text)) {
return TRUE;
}
} else {
if ($rules[$i] == '__IP_ADDRESS__') {
// check if text contains an ip address
$pattern = '/((1?\\d{1,2}|2[0-4]\\d|25[0-5])\\.){3}(1?\\d{1,2}|2[0-4]\\d|25[0-5]){1}/';
if (preg_match($pattern, $text)) {
return TRUE;
}
} else {
if ($rules[$i] == '__URL__') {
// check if text contains a URL
$pattern = '#\\b(([\\w-]+://?|www[.])[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|/)))#';
//$pattern = '/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)?/';
if (preg_match($pattern, $text)) {
return TRUE;
}
} else {
if (startswith('PATTERN:', $rules[$i])) {
// check if text matches a pattern
$pattern = substr($rules[$i], strlen('PATTERN:'));
$pattern = trim($pattern);
if ($pattern) {
$pattern = '|' . $pattern . '|';
if (preg_match($pattern, $text)) {
return TRUE;
}
}
} else {
// check for individual words/phrases
$pattern = '|' . $rules[$i] . '|i';
if (preg_match($pattern, $text)) {
return TRUE;
}
}
}
}
}
}
$tmp = $mod->GetPreference('moderation_iplist');
$tmp = trim($tmp);
if (!$tmp) {
return FALSE;
}
$iprules = explode("\n", $tmp);
if (!is_array($iprules) || count($iprules) == 0) {
return FALSE;
}
$ipaddr = cge_utils::get_real_ip();
if (!$ipaddr) {
return FALSE;
}
// no ip address?
for ($i = 0; $i < count($iprules); $i++) {
$rule = trim($iprules[$i]);
if (empty($rule)) {
continue;
}
if (self::_testip($rule, $ipaddr)) {
return TRUE;
}
}
// everything passes
return FALSE;
}
function Login($username, $password, $groups = '', $md5pw = false, $force_logout = false)
{
$error = '';
$uid = -1;
$gCms = cmsms();
$db = $this->GetDb();
$mod = $this->GetModule();
$config = $gCms->GetConfig();
if (!$this->CheckPassword($username, $password, $groups, $md5pw)) {
$uid = $this->GetUserID($username);
if (!$uid) {
$uid = -1;
}
$error = $mod->Lang('error_loginfailed');
} else {
$uid = $this->GetUserID($username);
if ($force_logout) {
$this->Logout($uid);
}
if ($this->IsAccountExpired($uid)) {
$error = $mod->Lang('error_accountexpired');
} else {
if ($mod->GetPreference('allow_repeated_logins') == 0) {
// make sure this user isn't already logged in
$q = "SELECT * FROM " . cms_db_prefix() . "module_feusers_loggedin WHERE \n USERID = ?";
$dbresult = $db->Execute($q, array($uid));
if ($dbresult && $dbresult->RecordCount()) {
$error = $mod->Lang('error_norepeatedlogins');
}
}
}
}
$ip = cge_utils::get_real_ip();
if (!$error) {
$q = "INSERT INTO " . cms_db_prefix() . "module_feusers_loggedin (sessionid,lastused,userid)\n VALUES (?,?,?)";
/* we may need to start a session now */
if (session_id() == "") {
@session_start();
}
// log the user in
$dbresult = $db->Execute($q, array(session_id(), time(), $uid));
if (!$dbresult) {
return array(FALSE, $db->ErrorMsg());
}
// set the cookie
$module = $this->GetModule();
if ($module->GetPreference('cookie_keepalive', 0)) {
$expirytime = $module->GetPreference('user_session_expires');
@setcookie('feu_sessionid', session_id(), time() + $expirytime, "/");
@setcookie('feu_uid', $uid, time() + $expirytime, "/");
}
// and add history info
$this->add_history($uid, 'login');
return array($uid);
}
// log an invalid login
$this->add_history($uid, 'fail');
return array(FALSE, $error);
}
}
//
// Get custom field definitions
//
$tfields = cgfb_comment_ops::get_fielddefs();
foreach ($tfields as $fid => &$tfield) {
$tfield['attrib'] = $tfield['attribs'];
}
//
// Process form data
//
if (isset($params['submit'])) {
// Get data from the form
$comment->from_array($params);
$disable_html = $this->GetPreference('allow_comment_html', 0) == 0;
$comment->author_ip = cge_utils::get_real_ip();
if (isset($params['comment'])) {
$comment->data = trim($params['comment']);
$comment->data = $disable_html ? strip_tags($comment->data) : $comment->data;
}
foreach ($params as $key => $value) {
if (startswith($key, 'field_')) {
$fid = (int) substr($key, 6);
if (is_array($value)) {
$value = implode(',', $value);
}
$value = $disable_html ? strip_tags($value) : $value;
$comment->set_field_by_id($fid, $value);
}
}
if (isset($params['feedback_origurl'])) {
public function handle_file()
{
$uploads = cms_utils::get_module('Uploads');
// validate the data.
if (!isset($this->_data['src'])) {
throw UploadsException('Invalid attributes... no source file set');
}
if (!$this->_category) {
throw UploadsException('Invalid/Null upload category speciried');
}
if (!isset($this->_data['summary'])) {
$sumamry = basename($this->_data['src']);
$this->set_summary($summary);
}
if (!isset($this->_data['description'])) {
$this->_data['description'] = '';
}
if (!isset($this->_data['key'])) {
$this->_data['key'] = '';
}
if (!isset($this->_data['author'])) {
// author hasn't been previously set.
// try to find something we can use.
global $CMS_ADMIN_PAGE;
$author = 'Anonymous';
if (isset($CMS_ADMIN_PAGE)) {
// it's an admin action... get the currently logged in username
$uid = get_userid(FALSE);
if ($uid) {
$userops = cmsms()->GetUserOperations();
$user = $userops->LoadUserById($uid);
if ($user) {
$author = $user->username;
}
}
} else {
$feu = cms_utils::get_module('FrontEndUsers');
if ($feu) {
$tmp = $feu->LoggedInName();
if ($tmp) {
$author = $tmp;
}
}
}
$this->_data['author'] = $author;
}
$db = cmsms()->GetDb();
$destfile = $this->get_destfile();
$existing_fileid = null;
if (file_exists($destfile) && !isset($this->_data['allow_overwrite'])) {
// not allowing overwrite
throw new UploadsException('Destination File Exists: ' . $destfile);
} else {
if (file_exists($destfile)) {
// allowing overwrite... try to find a file id.
$query = 'SELECT upload_id FROM ' . cms_db_prefix() . 'module_uploads
WHERE upload_name = ? AND upload_category_id = ?';
$existing_fileid = $db->GetOne($query, basename($destname), $this->_category['uploads_category_id']);
}
}
// see if we're gonna watermark
$_created = array();
$can_unlink = FALSE;
$srcfile = $this->_data['src'];
if (isset($this->_data['do_watermark'])) {
$dn = dirname($destfile);
$fn = basename($destfile);
$wmname = cms_join_path($dn, 'wm_', $fn);
$wmobj = cge_setup::get_watermarker();
$res = $wmobj->create_watermarked_image($srcfile, $wmname);
if ($res !== FALSE) {
$can_unlink = TRUE;
$srcfile = $wmname;
$_created[] = $srcfile;
}
}
// see if we're gonna thumbnail.
$thumb_name = '';
if (isset($this->_data['do_thumbnail'])) {
$thumb_name = basename($destname);
$dn = dirname($destname);
$thumbfile = cms_join_path($dn, 'thumb_' . $thumb_name);
$uploads->imageTransform($srcfile, $thumbfile);
$_created[] = $thumbfile;
} else {
if (isset($this->_data['thumbnail'])) {
$thumb_name = basename($destname);
$dn = dirname($destname);
$thumbfile = cms_join_path($dn, 'thumb_' . $thumb_name);
@copy($this->_data['thumbnail'], $thumbfile);
$_created[] = $thumbfile;
}
}
// do the copy.
@unlink($destfile);
@copy($srcfile, $destfile);
$_created[] = $destfile;
// do the insert or update
$dbr = '';
if (!$existing_fileid) {
$existing_fileid = $db->GenId(cms_db_prefix() . 'module_uploads_seq');
// insert
$query = 'INSERT INTO ' . cms_db_prefix() . 'module_uploads
(upload_id,upload_category_id,upload_name,upload_author,
upload_summary,upload_description,upload_ip,upload_size,
upload_date, upload_key, upload_thumbnail)
VALUES (?,?,?,?,?,?,?,?,NOW(),?,?)';
$dbr = $db->Execute($query, array($existing_fileid, $this->_category['upload_category_id'], basename($destfile), $this->_data['author'], $this->_data['summary'], $this->_data['desciption'], cge_utils::get_real_ip(), filesize($this->_data['src']), $this->_data['key'], $thumb_name));
} else {
// update... delete custom fields.
$query = 'DELETE FROM ' . cms_db_prefix() . 'module_uploads_fieldvals WHERE upload_id = ?';
$dbr = $db->Execute($query, array($existing_fileid));
$query = 'UPDATE ' . cms_db_prefix() . 'module_uploads
SET upload_name = ?, upload_author = ?,
upload_summary = ?, upload_description = ?,
upload_ip = ?, upload_size = ?, upload_date = NOW(),
upload_key = ?, upload_thumbnail = ?
WHERE upload_id = ?';
$dbr = $db->Execute($query, array(basename($destfile), $this->_data['author'], $this->_data['summary'], $this->_data['desc'], cge_array::get_real_ip(), filesize($destfile), $this->_data['key'], $thumb_name, $existing_fileid));
}
if (!$dbr) {
foreach ($_created as $one) {
@unlink($one);
}
throw new UploadsException('Database operation failed: ' . $db->sql . ' -- ' . $db->ErrorMsg());
}
$fields = '';
$query = 'SELECT id,name FROM ' . cms_db_prefix() . 'module_uploads_fielddefs ORDER BY iorder';
$tmp = $db->GetArray($query);
if (!is_array($tmp)) {
$fields = cge_array::to_hash($tmp, 'name');
}
if (is_array($fields) && isset($this->_data['fields'])) {
// do the custom fields.
$iquery = 'INSERT INTO ' . cms_db_prefix() . 'module_uploads_fieldvals
(upload_id, fld_id, value) VALUES (?,?,?)';
foreach ($this->_data['fields'] as $key => $value) {
if (!isset($fields[$key])) {
continue;
}
$field_id = $fields[$key]['id'];
$db->Execute($iquery, array($existing_fileid, $ield_id, $value));
}
}
// add something to the audit log.
audit($existing_fileid, $uploads->GetName(), 'Uploaded file ' . basename($destfile));
// and we're done...
return $existing_fileid;
}