/**
* The whole could happen inside e_user class
* @return void
*/
function init_session()
{
/*
# Validate user
#
# - parameters none
# - return boolean
# - scope public
*/
// ----------------------------------------
global $user_pref, $currentUser;
$e107 = e107::getInstance();
// New user model
$user = e107::getUser();
define('USERIP', e107::getIPHandler()->getIP(FALSE));
define('POST_REFERER', md5($user->getToken()));
// Check for intruders - outside the model for now
// TODO replace __referer with e-token, remove the above
if (isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']) || isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])) {
// Die, die, die! DIE!!!
die('Unauthorized access!');
}
if (e107::isCli()) {
define('USER', true);
define('USERID', 1);
define('USERNAME', 'e107-cli');
define('USERTHEME', false);
define('ADMIN', true);
define('GUEST', false);
define('USERCLASS', '');
define('USEREMAIL', '');
define('USERCLASS_LIST', '');
define('USERCLASS', '');
define('USERJOINED', '');
return;
}
if ($user->hasBan()) {
$msg = e107::findPref('ban_messages/6');
if ($msg) {
echo e107::getParser()->toHTML($msg);
}
exit;
}
if (!$user->isUser()) {
define('USER', false);
define('USERID', 0);
define('USERTHEME', false);
define('ADMIN', false);
define('GUEST', true);
define('USERCLASS', '');
define('USEREMAIL', '');
define('USERSIGNATURE', '');
if ($user->hasSessionError()) {
define('LOGINMESSAGE', CORE_LAN10);
define('CORRUPT_COOKIE', true);
}
} else {
// we shouldn't use getValue() here, it's there for e.g. shortcodes, profile page render etc.
define('USERID', $user->getId());
define('USERNAME', $user->get('user_name'));
define('USERURL', $user->get('user_homepage', false));
//required for BC
define('USEREMAIL', $user->get('user_email'));
define('USER', true);
define('USERCLASS', $user->get('user_class'));
define('USERIMAGE', $user->get('user_image'));
define('USERPHOTO', $user->get('user_sess'));
define('USERJOINED', $user->get('user_join'));
define('USERVISITS', $user->get('user_visits'));
define('USERSIGNATURE', $user->get('user_signature'));
define('ADMIN', $user->isAdmin());
define('ADMINID', $user->getAdminId());
define('ADMINNAME', $user->getAdminName());
define('ADMINPERMS', $user->getAdminPerms());
define('ADMINEMAIL', $user->getAdminEmail());
define('ADMINPWCHANGE', $user->getAdminPwchange());
if (ADMIN) {
e107::getRedirect()->setPreviousUrl();
}
define('USERLV', $user->get('user_lastvisit'));
// BC - FIXME - get rid of them!
$currentUser = $user->getData();
$currentUser['user_realname'] = $user->get('user_login');
// Used by force_userupdate
$e107->currentUser =& $currentUser;
// if(defined('SETTHEME')) //override - within e_module for example.
// {
// $_POST['sitetheme'] = SETTHEME;
// $_POST['settheme'] = 1;
// }
// XXX could go to e_user class as well
if ($user->checkClass(e107::getPref('allow_theme_select', false), false)) {
// User can set own theme
if (isset($_POST['settheme'])) {
$uconfig = $user->getConfig();
if (e107::getPref('sitetheme') != $_POST['sitetheme']) {
require_once e_HANDLER . "theme_handler.php";
$utheme = new themeHandler();
$ut = $utheme->themeArray[$_POST['sitetheme']];
$uconfig->setPosted('sitetheme', $_POST['sitetheme'])->setPosted('sitetheme_custompages', $ut['custompages'])->setPosted('sitetheme_deflayout', $utheme->findDefault($_POST['sitetheme']));
} else {
$uconfig->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout');
}
$uconfig->save(true);
unset($ut);
}
} elseif ($user->getPref('sitetheme')) {
$user->getConfig()->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout')->save(false);
}
// XXX could go to e_user class as well END
if (!defined("USERTHEME")) {
define('USERTHEME', $user->getPref('sitetheme') && file_exists(e_THEME . $user->getPref('sitetheme') . "/theme.php") ? $user->getPref('sitetheme') : false);
}
$user_pref = $user->getPref();
}
define('USERCLASS_LIST', $user->getClassList(true));
define('e_CLASS_REGEXP', $user->getClassRegex());
define('e_NOBODY_REGEXP', '(^|,)' . e_UC_NOBODY . '(,|$)');
}
if ((isset($_POST['chat_submit']) || e_AJAX_REQUEST) && $_POST['cmessage'] != '') {
if (!USER && !$pref['anon_post']) {
// disallow post
} else {
$nick = trim(preg_replace("#\\[.*\\]#si", "", $tp->toDB($_POST['nick'])));
$cmessage = $_POST['cmessage'];
$cmessage = preg_replace("#\\[.*?\\](.*?)\\[/.*?\\]#s", "\\1", $cmessage);
$fp = new floodprotect();
if ($fp->flood("chatbox", "cb_datestamp")) {
if (strlen(trim($cmessage)) < 1000 && trim($cmessage) != "") {
$cmessage = $tp->toDB($cmessage);
if ($sql->select("chatbox", "*", "cb_message='{$cmessage}' AND cb_datestamp+84600>" . time())) {
$emessage = CHATBOX_L17;
} else {
$datestamp = time();
$ip = e107::getIPHandler()->getIP(FALSE);
if (USER) {
$nick = USERID . "." . USERNAME;
$sql->db_Update("user", "user_chats=user_chats+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' ");
} else {
if (!$nick) {
$nick = "0.Anonymous";
} else {
if ($sql->select("user", "*", "user_name='{$nick}' ")) {
$emessage = CHATBOX_L1;
} else {
$nick = "0." . $nick;
}
}
}
if (!$emessage) {
$dbPercent = 100.0 * $db_time / $clockTime;
// Format for display or logging
$rendertime = number_format($clockTime, 2);
// Clock time during page render
$db_time = number_format($db_time, 2);
// Clock time in DB render
$dbPercent = number_format($dbPercent, 0);
// DB as percent of clock
$memuse = eHelper::getMemoryUsage();
// Memory at end, in B/KB/MB/GB ;)
$queryCount = $sql->db_QueryCount();
$rinfo = '';
$logLine = '';
if ($pref['log_page_accesses']) {
// Collect the first batch of data to log
$logLine .= "'" . ($now = time()) . "','" . gmstrftime('%y-%m-%d %H:%M:%S', $now) . "','" . e107::getIPHandler()->getIP(FALSE) . "','" . e_PAGE . '?' . e_QUERY . "','" . $rendertime . "','" . $db_time . "','" . $queryCount . "','" . $memuse . "','" . $_SERVER['HTTP_USER_AGENT'] . "','{$_SERVER["REQUEST_METHOD"]}'";
}
if (function_exists('getrusage')) {
$ru = getrusage();
$cpuUTime = $ru['ru_utime.tv_sec'] + $ru['ru_utime.tv_usec'] * 1.0E-6;
$cpuSTime = $ru['ru_stime.tv_sec'] + $ru['ru_stime.tv_usec'] * 1.0E-6;
$cpuUStart = $eTimingStartCPU['ru_utime.tv_sec'] + $eTimingStartCPU['ru_utime.tv_usec'] * 1.0E-6;
$cpuSStart = $eTimingStartCPU['ru_stime.tv_sec'] + $eTimingStartCPU['ru_stime.tv_usec'] * 1.0E-6;
$cpuStart = $cpuUStart + $cpuSStart;
$cpuTot = $cpuUTime + $cpuSTime;
$cpuTime = $cpuTot - $cpuStart;
$cpuPct = 100.0 * $cpuTime / $rendertime;
/* CPU load during known clock time */
// Format for display or logging (Uncomment as needed for logging)
//$cpuUTime = number_format($cpuUTime, 3); // User cpu
//$cpuSTime = number_format($cpuSTime, 3); // System cpu
function get_poll($query)
{
global $e107;
$sql = e107::getDb();
if ($sql->gen($query)) {
$pollArray = $sql->fetch();
if (!check_class($pollArray['poll_vote_userclass'])) {
$POLLMODE = 'disallowed';
} else {
switch ($pollArray['poll_storage_method']) {
case POLL_MODE_COOKIE:
$userid = '';
$cookiename = 'poll_' . $pollArray['poll_id'];
if (isset($_COOKIE[$cookiename])) {
$POLLMODE = 'voted';
} else {
$POLLMODE = 'notvoted';
}
break;
case POLL_MODE_IP:
$userid = e107::getIPHandler()->getIP(FALSE);
$voted_ids = explode('^', substr($pollArray['poll_ip'], 0, -1));
if (in_array($userid, $voted_ids)) {
$POLLMODE = 'voted';
} else {
$POLLMODE = 'notvoted';
}
break;
case POLL_MODE_USERID:
if (!USER) {
$POLLMODE = 'disallowed';
} else {
$userid = USERID;
$voted_ids = explode('^', substr($pollArray['poll_ip'], 0, -1));
if (in_array($userid, $voted_ids)) {
$POLLMODE = 'voted';
} else {
$POLLMODE = 'notvoted';
}
}
break;
}
}
} else {
return FALSE;
}
if (isset($_POST['pollvote']) && $POLLMODE == 'notvoted' && $POLLMODE != 'disallowed') {
if ($_POST['votea']) {
// $sql -> db_Select("polls", "*", "poll_vote_userclass!=255 AND poll_type=1 ORDER BY poll_datestamp DESC LIMIT 0,1");
$row = $pollArray;
extract($row);
$votes = explode(chr(1), $poll_votes);
if (is_array($_POST['votea'])) {
/* multiple choice vote */
foreach ($_POST['votea'] as $vote) {
$vote = intval($vote);
$votes[$vote - 1]++;
}
} else {
$votes[$_POST['votea'] - 1]++;
}
$optionArray = explode(chr(1), $pollArray['poll_options']);
$optionArray = array_slice($optionArray, 0, -1);
foreach ($optionArray as $k => $v) {
if (!$votes[$k]) {
$votes[$k] = 0;
}
}
$votep = implode(chr(1), $votes);
$pollArray['poll_votes'] = $votep;
$sql->update("polls", "poll_votes = '{$votep}'" . ($pollArray['poll_storage_method'] != POLL_MODE_COOKIE ? ", poll_ip='" . $poll_ip . $userid . "^'" : '') . " WHERE poll_id=" . $poll_id);
/*echo "
<script type='text/javascript'>
<!--
setcook({$poll_id});
//-->
</script>
";
*/
$poll_cookie_expire = time() + 3600 * 24 * 356 * 15;
// FIXME cannot be used after 2023 (this year is the maxium unixstamp on 32 bit system)
cookie('poll_' . $poll_id . '', $poll_id, $poll_cookie_expire);
$POLLMODE = 'voted';
}
}
$this->pollRow = $pollArray;
$this->pollmode = $POLLMODE;
}
/**
* XUP Signup Method (falls-back to XUP login when existing user is detected).
* May be used as a simple XUP login link for existing and non-existing users.
*/
public function signup($redirectUrl = true, $loginAfterSuccess = true, $emailAfterSuccess = true)
{
if (!e107::getPref('social_login_active', false)) {
throw new Exception("Signup failed! This feature is disabled.", 100);
// TODO lan
}
if (!$this->getProvider()) {
throw new Exception("Signup failed! Wrong provider.", 2);
// TODO lan
}
if ($redirectUrl) {
if (true === $redirectUrl) {
$redirectUrl = SITEURL;
} elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) {
$redirectUrl = e107::getUrl()->create($redirectUrl);
}
}
if (e107::getUser()->isUser()) {
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already signed in. ", 1); // TODO lan
}
$this->adapter = $this->hybridauth->authenticate($this->getProvider());
$profile = $this->adapter->getUserProfile();
// returned back, if success...
if ($profile->identifier) {
$sql = e107::getDb();
$userMethods = e107::getUserSession();
$plainPwd = $userMethods->generateRandomString('************');
// auto plain passwords
// TODO - auto login name, shouldn't be used if system set to user_email login...
$userdata['user_loginname'] = $this->getProvider() . $userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#'));
$userdata['user_email'] = $sql->escape($profile->emailVerified ? $profile->emailVerified : $profile->email);
$userdata['user_name'] = $sql->escape($profile->displayName);
$userdata['user_login'] = $userdata['user_name'];
$userdata['user_customtitle'] = '';
// not used
$userdata['user_password'] = $userMethods->HashPassword($plainPwd, $userdata['user_loginname']);
// pwd
$userdata['user_sess'] = '';
//
$userdata['user_image'] = $profile->photoURL;
// avatar
$userdata['user_signature'] = '';
// not used
$userdata['user_hideemail'] = 1;
// hide it by default
$userdata['user_xup'] = $sql->escape($this->userId());
$pref = e107::pref('core');
if (!empty($pref['initial_user_classes'])) {
$userdata['user_class'] = $pref['initial_user_classes'];
} elseif (!empty($pref['user_new_period'])) {
$userdata['user_class'] = e_UC_NEWUSER;
} else {
$userdata['user_class'] = '';
}
// print_a($userdata);
// user_name, user_xup, user_email and user_loginname shouldn't match
$insert = !empty($userdata['user_email']) ? "OR user_email='" . $userdata['user_email'] . "' " : "";
if ($sql->count("user", "(*)", "user_xup='" . $sql->escape($this->userId()) . "' " . $insert . " OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) {
// $this->login($redirectUrl); // auto-login
e107::getUser()->loginProvider($this->userId());
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already exists. Please use 'login' instead.", 3);
}
if (empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0) == 0) {
throw new Exception("Signup failed! Can't access user email - registration without an email is impossible." . print_a($userdata, true), 4);
// TODO lan
}
// other fields
$now = time();
$userdata['user_id'] = null;
$userdata['user_join'] = $now;
$userdata['user_lastvisit'] = 0;
$userdata['user_currentvisit'] = 0;
$userdata['user_comments'] = 0;
$userdata['user_ip'] = e107::getIPHandler()->getIP(FALSE);
$userdata['user_ban'] = USER_VALIDATED;
$userdata['user_prefs'] = '';
$userdata['user_visits'] = 0;
$userdata['user_admin'] = 0;
$userdata['user_perms'] = '';
$userdata['user_realm'] = '';
$userdata['user_pwchange'] = $now;
$user = e107::getSystemUser(0, false);
$user->setData($userdata);
$user->getExtendedModel();
// init
//$user->setEditor(e107::getSystemUser(1, false));
$user->save(true);
// user model error
if ($user->hasError()) {
throw new Exception($user->renderMessages(), 5);
}
### Successful signup!
//$user->set('provider', $this->getProvider());
$userdata = $user->getData();
$userdata['provider'] = $this->getProvider();
// e107::getEvent()->trigger('userveri', $userdata); // Trigger New verified user.
e107::getEvent()->trigger('user_xup_signup', $userdata);
$ret = e107::getEvent()->trigger('usersupprov', $userdata);
// XXX - it's time to pass objects instead of array?
if (true === $ret) {
return $this;
}
// send email
if ($emailAfterSuccess) {
$user->set('user_password', $plainPwd)->email('signup');
}
e107::getUser()->setProvider($this);
// auto login
if ($loginAfterSuccess) {
e107::getUser()->loginProvider($this->userId());
// if not proper after-login, return true so user can see login screen
}
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return true;
}
return false;
}
function notify_flood($data)
{
$this->send('flood', NT_LAN_FL_1, NT_LAN_FL_2 . ': ' . e107::getIPHandler()->ipDecode($data, TRUE));
}
public function afterDelete($deleted_data, $id, $deleted_check)
{
e107::getIPHandler()->regenerateFiles();
}
/**
* Ban user trigger
* @param int $userid
* @return void
*/
public function ListBanTrigger($userid)
{
$sql = e107::getDb();
$mes = e107::getMessage();
$admin_log = e107::getAdminLog();
$iph = e107::getIPHandler();
$sysuser = e107::getSystemUser($userid, false);
if (!$sysuser->getId()) {
$mes->addError(USRLAN_223);
return;
}
$row = $sysuser->getData();
if ($row['user_perms'] == "0" || $row['user_perms'] == "0.") {
$mes->addWarning(USRLAN_7);
} else {
if ($sql->update("user", "user_ban='1' WHERE user_id='" . $userid . "' ")) {
e107::getLog()->add('USET_05', str_replace(array('--UID--', '--NAME--'), array($row['user_id'], $row['user_name']), USRLAN_161), E_LOG_INFORMATIVE);
$mes->addSuccess("(" . $userid . "." . $row['user_name'] . " - {$row['user_email']}) " . USRLAN_8);
}
if (trim($row['user_ip']) == "") {
$mes->addInfo(USRLAN_135);
} else {
if ($sql->count('user', '(*)', "user_ip = '{$row['user_ip']}' AND user_ban=0 AND user_id <> {$userid}") > 0) {
// Other unbanned users have same IP address
$mes->addWarning(str_replace("{IP}", $iph->ipDecode($row['user_ip']), USRLAN_136));
} else {
if ($iph->add_ban(6, USRLAN_149 . $row['user_name'] . '/' . $row['user_loginname'], $row['user_ip'], USERID)) {
// Successful IP ban
$mes->addSuccess(str_replace("{IP}", $iph->ipDecode($row['user_ip']), USRLAN_137));
} else {
// IP address on whitelist
$mes->addWarning(str_replace("{IP}", $iph->ipDecode($row['user_ip']), USRLAN_150));
}
}
}
}
// List data reload
$this->getTreeModel()->load(true);
}
$message .= "<div class='right'>(<a href='" . e_SELF . "?dabl'>" . FLALAN_16 . "</a>)</div>";
$mes->addInfo($message);
}
$gen = new convert();
$fla_total = $sql->db_Count('generic', '(*)', "WHERE gen_type='failed_login'");
if (!$sql->db_Select('generic', '*', "gen_type='failed_login' ORDER BY gen_datestamp DESC LIMIT {$from},{$amount}")) {
$mes->addInfo(FLALAN_2);
} else {
$faArray = $sql->db_getList('ALL', FALSE, FALSE);
$text = "\n\t\t<form method='post' action='" . e_SELF . "' id='flaform' >\n\t\t\t<fieldset id='core-fla'>\n\t\t\t\t<legend class='e-hideme'>" . ADLAN_146 . "</legend>\n\t\t\t\t<table class='table adminlist'>\n\t\t\t\t\t<colgroup>\n\t\t\t\t\t\t<col style='width: 20%' />\n\t\t\t\t\t\t<col style='width: 40%' />\n\t\t\t\t\t\t<col style='width: 20%' />\n\t\t\t\t\t\t<col style='width: 10%' />\n\t\t\t\t\t\t<col style='width: 10%' />\n\t\t\t\t\t</colgroup>\n\t\t\t\t\t<thead>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<th>" . LAN_DATE . "</th>\n\t\t\t\t\t\t\t<th>" . FLALAN_7 . "</th>\n\t\t\t\t\t\t\t<th>" . FLALAN_8 . "</th>\n\t\t\t\t\t\t\t<th class='center last'>\n\t\t\t\t\t\t\t\t" . LAN_DELETE . "<br/>\n\t\t\t\t\t\t\t\t" . $frm->checkbox('check_all_del', 'jstarget:fladelete', false, array('id' => false, 'class' => 'checkbox toggle-all')) . "\n\t\t\t\t\t\t\t</th>\n\t\t\t\t\t\t\t<th class='center last'>\n\t\t\t\t\t\t\t\t" . LAN_BAN . "<br/>\n\t\t\t\t\t\t\t\t" . $frm->checkbox_toggle('check-all-ban', 'flaban') . "\n\t\t\t\t\t\t\t</th>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</thead>\n\t\t\t\t\t<tbody>\n\t";
foreach ($faArray as $fa) {
extract($fa);
//FIXME kill extract()
$gen_chardata = str_replace(":::", "<br />", $tp->toHTML($gen_chardata));
$host = e107::getIPHandler()->get_host_name(getenv($gen_ip));
$text .= "\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>" . $gen->convert_date($gen_datestamp, "forum") . "</td>\n\t\t\t\t\t\t\t<td>" . $gen_chardata . "</td>\n\t\t\t\t\t\t\t<td>" . e107::getIPHandler()->ipDecode($fa['gen_ip']) . "<br />{$host}</td>\n\t\t\t\t\t\t\t<td class='center middle autocheck e-pointer'>\n\t\t\t\t\t\t\t\t" . $frm->checkbox('fladelete[]', $gen_id) . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t<td class='center middle autocheck e-pointer'>\n\t\t\t\t\t\t\t\t" . $frm->checkbox('flaban[]', $gen_id) . "\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t";
}
$text .= "\n\t\t\t\t\t</tbody>\n\t\t\t\t</table>\n\t\t\t\t<div class='buttons-bar center'>\n\t\t\t\t\t" . $frm->admin_button('delbanSubmit', FLALAN_10, 'delete', FLALAN_10, 'title=') . "\n\t\t\t\t</div>\n\t\t\t</fieldset>\n\t\t</form>\n\t";
$parms = $fla_total . "," . $amount . "," . $from . "," . e_SELF . '?' . "[FROM]." . $amount;
$nextprev = $tp->parseTemplate("{NEXTPREV={$parms}}");
if ($nextprev) {
$text .= "<div class='nextprev-bar'>" . $nextprev . "</div>";
}
}
$ns->tablerender(ADLAN_146, $mes->render() . $text);
require_once "footer.php";
/**
* Handle page DOM within the page header
*
* @return string JS source
*/
</div>
</div>
*/
$text .= $ns->tablerender("e107 News", $panelRSS, "core-infopanel_news", true);
// ---------------------Latest Stuff ---------------------------
require_once e_CORE . "shortcodes/batch/admin_shortcodes.php";
$text .= $ns->tablerender(ADLAN_LAT_1, $tp->parseTemplate("{ADMIN_LATEST=norender}"), "core-infopanel_latest", true);
$text .= $ns->tablerender(LAN_STATUS, $tp->parseTemplate("{ADMIN_STATUS=norender}"), "core-infopanel_latest", true);
// ---------------------- Who's Online ------------------------
// TODO Could use a new _menu item instead.
$nOnline = e107::getDB()->db_Select('online', '*');
$panelOnline = "\n\t\n\t\t<table class='table adminlist'>\n\t\t<colgroup>\n\t\t\t<col style='width: 10%' />\n <col style='width: 25%' />\n\t\t\t<col style='width: 10%' />\n\t\t\t<col style='width: 40%' />\n\t\t\t<col style='width: auto' />\n\t\t</colgroup>\n\t\t<thead>\n\t\t\t<tr>\n\t\t\t\t<th>Timestamp</th>\n\t\t\t\t<th>Username</th>\n\t\t\t\t<th>IP</th>\n\t\t\t\t<th>Page</th>\n\t\t\t\t<th>Agent</th>\n\t\t\t</tr>\n\t\t</thead>\n\t\t<tbody>";
if (e107::getDB()->db_Select('online', '*', "online_ip !='' LIMIT 20")) {
$newsarray = $e107->sql->db_getList();
foreach ($newsarray as $key => $val) {
$panelOnline .= "<tr>\n\t\t\t\t<td class='nowrap'>" . e107::getDateConvert()->convert_date($val['online_timestamp'], '%H:%M:%S') . "</td>\n\t\t\t\t\t<td>" . renderOnlineName($val['online_user_id']) . "</td>\n\t\t\t\t\t<td>" . e107::getIPHandler()->ipDecode($val['online_ip']) . "</td>\n\t\t\t\t\t<td><a href='" . $val['online_location'] . "' title='" . $val['online_location'] . "'>" . $tp->text_truncate($val['online_location'], 50, '...') . "</a></td>\n\t\t\t\t\t<td>" . $tp->text_truncate(str_replace("/", " / ", $val['online_agent']), 20, '...') . "</td>\n\t\t\t\t</tr>\n\t\t\t\t";
}
}
$panelOnline .= "</tbody></table>\n\t";
$text .= $ns->tablerender('Visitors Online : ' . $nOnline, $panelOnline, 'core-infopanel_online', true);
// --------------------- User Selected Menus -------------------
if (varset($pref['core-infopanel-menus'])) {
foreach ($pref['core-infopanel-menus'] as $val) {
$id = $frm->name2id('core-infopanel_' . $val);
$inc = $tp->parseTemplate("{PLUGIN={$val}|TRUE}");
$text .= $inc;
// $text .= $ns->tablerender("", $inc, $id,true);
}
}
$text .= "<div class='clear'> </div>";
$text .= render_infopanel_options();
public function __get($name)
{
switch ($name) {
case 'tp':
$ret = e107::getParser();
break;
case 'sql':
$ret = e107::getDb();
break;
case 'ecache':
$ret = e107::getCache();
break;
case 'arrayStorage':
$ret = e107::getArrayStorage();
break;
case 'e_event':
$ret = e107::getEvent();
break;
case 'ns':
$ret = e107::getRender();
break;
case 'url':
$ret = e107::getUrl();
break;
case 'admin_log':
$ret = e107::getAdminLog();
break;
case 'override':
$ret = e107::getSingleton('override', e_HANDLER . 'override_class.php');
break;
case 'notify':
$ret = e107::getNotify();
break;
case 'e_online':
$ret = e107::getOnline();
break;
case 'eIPHandler':
$ret = e107::getIPHandler();
break;
case 'user_class':
$ret = e107::getUserClass();
break;
default:
trigger_error('$e107->$' . $name . ' not defined', E_USER_WARNING);
return null;
break;
}
$this->{$name} = $ret;
return $ret;
}
$validator = new email_validation_class;
$validator->localuser= $adminuser;
$validator->localhost= $adminhost;
$validator->timeout=3;
// $validator->debug=1;
// $validator->html_debug=1;
if($validator->ValidateEmailBox($sender) != 1)
{
$error .= LANCONTACT_11."\\n";
}
}
*/
// No errors - so proceed to email the admin and the user (if selected).
if (empty($error)) {
$body .= "<br /><br />\n\t\t<table class='table'>\n\t\t<tr>\n\t\t<td>IP:</td><td>" . e107::getIPHandler()->getIP(TRUE) . "</td></tr>";
if (USER) {
$body .= "<tr><td>User:</td><td>#" . USERID . " " . USERNAME . "</td></tr>";
}
if (empty($_POST['contact_person']) && !empty($pref['sitecontacts'])) {
if ($pref['sitecontacts'] == e_UC_MAINADMIN) {
$query = "user_perms = '0' OR user_perms = '0.' ";
} elseif ($pref['sitecontacts'] == e_UC_ADMIN) {
$query = "user_admin = 1 ";
} else {
$query = "FIND_IN_SET(" . $pref['sitecontacts'] . ",user_class) ";
}
} else {
$query = "user_id = " . intval($_POST['contact_person']);
}
if ($sql->gen("SELECT user_name,user_email FROM `#user` WHERE " . $query . " LIMIT 1")) {
$val = $row['dblog_caller'];
if (strpos($val, '|') !== FALSE && strpos($val, '@') !== FALSE) {
list($file, $rest) = explode('|', $val);
list($routine, $rest) = explode('@', $rest);
$val = $file . '<br />Function: ' . $routine . '<br />Line: ' . $rest;
}
break;
case 'dblog_remarks':
// Look for pseudo-code for newlines, link insertion
$val = preg_replace_callback("#\\[!(\\w+?)(=.+?){0,1}!]#", 'log_process', $row['dblog_remarks']);
break;
case 'dblog_ip':
$val = e107::getIPHandler()->ipDecode($row['dblog_ip']);
break;
case 'comment_ip':
$val = e107::getIPHandler()->ipDecode($row['comment_ip']);
/* if (strlen($val) == 8) // New decoder should handle this automatically
{
$hexip = explode('.', chunk_split($val, 2, '.'));
$val = hexdec($hexip[0]). '.'.hexdec($hexip[1]).'.'.hexdec($hexip[2]).'.'.hexdec($hexip[3]);
} */
break;
case 'comment_comment':
$val = $tp->text_truncate($row['comment_comment'], 100, '...');
// Just display first bit of comment
break;
case 'online_location':
$val = str_replace($e107->base_path, '', $row['online_location']);
// Just display site-specific bit of path
break;
case 'del_check':
public function cal_log($event_type, $event_title = '', $event_string = '', $event_start = 0)
{
// All calendar-related logging intentionally passed through a single point to maintain control
// (so we could also add other info if we wanted)
// Event types:
// 1 - add event
// 2 - edit event
// 3 - delete event
// 4 - Bulk delete
// 5 - add multiple events
global $pref;
$e107 = e107::getInstance();
$log_titles = array('1' => 'EC_ADM_01', '2' => 'EC_ADM_02', '3' => 'EC_ADM_03', '4' => 'EC_ADM_04', '5' => 'EC_ADM_05', '6' => 'EC_ADM_06', '7' => 'EC_ADM_07', '8' => 'EC_ADM_08', '9' => 'EC_ADM_09', '10' => 'EC_ADM_10', '11' => 'EC_ADM_11');
// Do the notifies first
$cmessage = $log_titles[$event_type] . "<br />";
if ($event_start > 0) {
$cmessage .= 'Event Start: ' . strftime("%d-%B-%Y", $event_start) . "<br />";
$cmessage .= 'Event Link: ' . SITEURL . e_PLUGIN_ABS . 'calendar_menu/event.php?' . $event_start . " <br />";
} else {
$cmessage .= "Event Start unknown<br />";
}
$edata_ec = array('cmessage' => $cmessage, 'ip' => e107::getIPHandler()->getIP(FALSE));
switch ($event_type) {
case 5:
case 1:
$e107->e_event->trigger('ecalnew', $edata_ec);
break;
case 2:
case 3:
case 4:
$e107->e_event->trigger('ecaledit', $edata_ec);
break;
}
switch ($pref['eventpost_adminlog']) {
case 1:
if ($event_type == '1') {
return;
}
case 2:
break;
// Continue
// Continue
default:
return;
// Invalid or undefined option
}
$log_detail = array('1' => 'Event Calendar - add event ' . strftime("%d-%B-%Y", $event_start), '2' => 'Event Calendar - edit event ' . strftime("%d-%B-%Y", $event_start), '3' => 'Event Calendar - delete event ' . strftime("%d-%B-%Y", $event_start), '4' => 'Event Calendar - Bulk Delete', '5' => 'Event Calendar - multiple add ' . strftime("%d-%B-%Y", $event_start));
$e107->admin_log->log_event($log_titles[$event_type], $event_title . " \n" . $log_detail[$event_type] . "\n" . $event_string, '');
}
} else {
$colour = '??';
}
if ($err_code = strip_tags(isset($vals['err_direct']) ? $vals['err_direct'] : '')) {
$ref = addslashes(strip_tags(isset($vals['err_referer']) ? $vals['err_referer'] : ''));
// Uncomment the next two lines to create a separate CSV format log of invalid accesses - error code, entered URL, referrer
// $log_string = $err_code.",".$self.",".$ref;
// $logfp = fopen(e_LOG."errpages.csv", 'a+'); fwrite($logfp, $log_string."\n\r"); fclose($logfp);
$err_code .= ':';
}
if (strstr($ref, 'admin')) {
$ref = FALSE;
}
$screenstats = $res . '@' . $colour;
$agent = $_SERVER['HTTP_USER_AGENT'];
$ip = e107::getIPHandler()->ipDecode(USERIP);
$oldref = $ref;
// backup for search string being stripped off for referer
if ($ref && !strstr($ref, $_SERVER['HTTP_HOST'])) {
if (preg_match("#http://(.*?)(\$|/)#is", $ref, $match)) {
$ref = $match[0];
}
}
$pageDisallow = "cache|file|eself|admin";
$tagRemove = "(\\\\)|(\\s)|(\\')|(\")|(eself)|( )|(\\.php)|(\\.html)";
$tagRemove2 = "(\\\\)|(\\s)|(\\')|(\")|(eself)|( )";
/*
function logGetPageKey($url,$logQry=false,$err_code='')
{
global $pageDisallow, $tagRemove;
/**
* called to log the reason for a failed login.
* @param string $plugname
* @return boolean Currently always returns false - could return some other value
*/
protected function invalidLogin($username, $reason, $extra_text = '')
{
global $pref, $sql;
$doCheck = FALSE;
// Flag set if need to ban check
switch ($reason) {
case LOGIN_ABORT:
// alt_auth reject
$message = LAN_LOGIN_21;
$this->genNote($this->userIP, $username, 'Alt_auth: ' . LAN_LOGIN_14);
$this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: ' . $username);
$doCheck = true;
break;
case LOGIN_DB_ERROR:
// alt_auth couldn't add valid user
$message = LAN_LOGIN_31;
$this->genNote($username, 'Alt_auth: ' . LAN_LOGIN_30);
// $this->logNote('LAN_ROLL_LOG_04', 'Alt_Auth: '.$username); // Added in alt_auth login
$doCheck = true;
break;
case LOGIN_BAD_PW:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_03', $username);
break;
case LOGIN_CHAP_FAIL:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_03', 'CHAP: ' . $username);
break;
case LOGIN_BAD_USER:
$message = LAN_LOGIN_21;
$this->genNote($username, LAN_LOGIN_14);
$this->logNote('LAN_ROLL_LOG_04', $username);
$doCheck = true;
break;
case LOGIN_BAD_USERNAME:
$message = LAN_LOGIN_21;
$this->logNote('LAN_ROLL_LOG_08', $username);
break;
case LOGIN_MULTIPLE:
$message = LAN_LOGIN_24;
$this->logNote('LAN_ROLL_LOG_07', "U: {$username} IP: {$this->userIP}");
$this->genNote($username, LAN_LOGIN_16);
$doCheck = true;
break;
case LOGIN_BAD_CODE:
$message = LAN_LOGIN_23;
$this->logNote('LAN_ROLL_LOG_02', $username);
break;
case LOGIN_NOT_ACTIVATED:
$srch = array("[", "]");
$repl = array("<a href='" . e_HTTP . "signup.php?resend'>", "</a>");
$message = str_replace($srch, $repl, LAN_LOGIN_22);
$this->logNote('LAN_ROLL_LOG_05', $username);
$this->genNote($username, LAN_LOGIN_27);
$doCheck = true;
break;
case LOGIN_BLANK_FIELD:
$message = LAN_LOGIN_20;
$this->logNote('LAN_ROLL_LOG_01', $username);
break;
case LOGIN_BAD_TRIGGER:
$message = $extra_text;
$this->logNote('LAN_ROLL_LOG_06', $username);
break;
case LOGIN_BANNED:
$message = LAN_LOGIN_21;
// Just give 'incorrect login' message
$this->genNote($username, LAN_LOGIN_25);
$this->logNote('LAN_ROLL_LOG_09', $username);
break;
default:
// Something's gone wrong!
$message = LAN_LOGIN_21;
// Just give 'incorrect login' message
$this->genNote($username, LAN_LOGIN_26);
$this->logNote('LAN_ROLL_LOG_10', $username);
}
e107::getMessage()->addError($message);
if ($this->testMode === true) {
return $message;
}
define('LOGINMESSAGE', $message);
if ($doCheck) {
if ($pref['autoban'] == 1 || $pref['autoban'] == 3) {
$fails = $sql->count("generic", "(*)", "WHERE gen_ip='{$this->userIP}' AND gen_type='failed_login' ");
$failLimit = vartrue($pref['failed_login_limit'], 10);
if ($fails >= $failLimit) {
$time = time();
$description = e107::getParser()->lanVars(LAN_LOGIN_18, $failLimit);
e107::getIPHandler()->add_ban(4, $description, $this->userIP, 1);
e107::getDb()->insert("generic", "0, 'auto_banned', '" . $time . "', 0, '{$this->userIP}', '{$extra_text}', '" . LAN_LOGIN_20 . ": " . e107::getParser()->toDB($username) . ", " . LAN_LOGIN_17 . ": " . md5($ouserpass) . "' ");
e107::getEvent()->trigger('user_ban_failed_login', array('time' => $time, 'ip' => $this->userIP, 'other' => $extra_text));
}
}
}
return false;
// Passed back to signal failed login
}
/**
* @return void
* @desc add query to dblog table
* @access private
*/
function db_Write_log($log_type = '', $log_remark = '', $log_query = '')
{
global $tp, $e107;
list($time_usec, $time_sec) = explode(" ", microtime());
$uid = USER ? USERID : '0';
$userstring = USER === true ? USERNAME : "******";
$ip = e107::getIPHandler()->getIP(FALSE);
$qry = $tp->toDB($log_query);
$this->insert('dblog', "0, {$time_sec}, {$time_usec}, '{$log_type}', 'DBDEBUG', {$uid}, '{$userstring}', '{$ip}', '', '{$log_remark}', '{$qry}'");
}
function sc_ip()
{
if ((ADMIN || MODERATOR) && !$this->postInfo['user_admin']) {
return e107::getIPHandler()->ipDecode($this->postInfo['post_ip']);
}
}
exit;
}
// Check if password reset was already requested
if ($result = $sql->select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '" . $row['user_loginname'] . FPW_SEPARATOR . "%'")) {
fpw_error(LAN_FPW4);
exit;
}
// Set unique reset code
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$rand_num = mt_rand(0, $maxran);
$datekey = date('r');
$rcode = md5($_SERVER['HTTP_USER_AGENT'] . serialize($pref) . $rand_num . $datekey);
// Prepare email
$link = SITEURL . 'fpw.php?' . $rcode;
$message = LAN_FPW5 . ' ' . SITENAME . ' ' . LAN_FPW14 . ': ' . e107::getIPHandler()->getIP(TRUE) . ".\n\n" . LAN_FPW15 . "\n\n" . LAN_FPW16 . "\n\n" . LAN_FPW17 . "\n\n{$link}";
// Set timestamp two days ahead so it doesn't get auto-deleted
$deltime = time() + 86400 * 2;
// Insert the password reset request into the database
$sql->insert('tmp', "'pwreset',{$deltime},'" . $row['user_loginname'] . FPW_SEPARATOR . $rcode . "'");
// Setup the information to log
$do_log['password_action'] = LAN_FPW18;
$do_log['user_id'] = $row['user_id'];
$do_log['user_name'] = $row['user_name'];
$do_log['user_loginname'] = $row['user_loginname'];
$do_log['activation_code'] = $rcode;
if (getperms('0')) {
$ns->tablerender("Testing Mode", print_a($message, true));
require_once FOOTERF;
exit;
}
function process_csv($filename, $override_imports, $override_expiry, $separator = ',', $quote = '"')
{
$sql = e107::getDb();
$pref['ban_durations'] = e107::getPref('ban_durations');
$emessage =& eMessage::getInstance();
// echo "Read CSV: {$filename} separator: {$separator}, quote: {$quote} override imports: {$override_imports} override expiry: {$override_expiry}<br />";
// Renumber imported bans
if ($override_imports) {
$sql->db_Update('banlist', "`banlist_bantype`=" . eIPHandler::BAN_TYPE_TEMPORARY . " WHERE `banlist_bantype` = " . eIPHandler::BAN_TYPE_IMPORTED);
}
$temp = file($filename);
$line_num = 0;
foreach ($temp as $line) {
// Process one entry
$line = trim($line);
$line_num++;
if ($line) {
$fields = explode($separator, $line);
$field_num = 0;
$field_list = array('banlist_bantype' => eIPHandler::BAN_TYPE_IMPORTED);
foreach ($fields as $f) {
$f = trim($f);
if (substr($f, 0, 1) == $quote) {
if (substr($f, -1, 1) == $quote) {
// Strip quotes
$f = substr($f, 1, -1);
// Strip off the quotes
} else {
$emessage->add(BANLAN_49 . $line_num, E_MESSAGE_ERROR);
return BANLAN_49 . $line_num;
}
}
// Now handle the field
$field_num++;
switch ($field_num) {
case 1:
// IP address
$field_list['banlist_ip'] = e107::getIPHandler()->ipEncode($f);
break;
case 2:
// Original date of ban
$field_list['banlist_datestamp'] = parse_date($f);
break;
case 3:
// Expiry of ban - depends on $override_expiry
if ($override_expiry) {
$field_list['banlist_banexpires'] = parse_date($f);
} else {
// Use default ban time from now
$field_list['banlist_banexpires'] = $pref['ban_durations'][eIPHandler::BAN_TYPE_IMPORTED] ? time() + 60 * 60 * $pref['ban_durations'][eIPHandler::BAN_TYPE_IMPORTED] : 0;
}
break;
case 4:
// Original ban type - we always ignore this and force to 'imported'
break;
case 5:
// Ban reason originally generated by E107
$field_list['banlist_reason'] = $f;
break;
case 6:
// Any user notes added
$field_list['banlist_notes'] = $f;
break;
default:
// Just ignore any others
}
}
$qry = "REPLACE INTO `#banlist` (" . implode(',', array_keys($field_list)) . ") values ('" . implode("', '", $field_list) . "')";
// echo count($field_list)." elements, query: ".$qry."<br />";
if (!$sql->db_Select_gen($qry)) {
$emessage->add(BANLAN_50 . $line_num, E_MESSAGE_ERROR);
return BANLAN_50 . $line_num;
}
}
}
// Success here - may need to delete old imported bans
if ($override_imports) {
$sql->db_Delete('banlist', "`banlist_bantype` = " . eIPHandler::BAN_TYPE_TEMPORARY);
}
@unlink($filename);
// Delete file once done
$emessage->add(str_replace('--NUM--', $line_num, BANLAN_51) . $filename, E_MESSAGE_SUCCESS);
return str_replace('--NUM--', $line_num, BANLAN_51) . $filename;
}
/**
* Auto-render Form Element
* @param string $key
* @param mixed $value
* @param array $attributes field attributes including render parameters, element options - see e_admin_ui::$fields for required format
* #param array (under construction) $required_data required array as defined in e_model/validator
* @return string
*/
function renderElement($key, $value, $attributes, $required_data = array(), $id = 0)
{
// return print_a($value,true);
$parms = vartrue($attributes['writeParms'], array());
$tp = e107::getParser();
if (is_string($parms)) {
parse_str($parms, $parms);
}
if (!empty($attributes['multilan'])) {
$value = is_array($value) ? varset($value[e_LANGUAGE], '') : $value;
$parms['post'] = "<small class='e-tip admin-multilanguage-field input-group-addon' style='cursor:help; padding-left:10px' title='Multi-language field'>" . $tp->toGlyph('fa-language') . "</small>";
}
if (empty($value) && !empty($parms['default'])) {
$value = $parms['default'];
}
// Two modes of read-only. 1 = read-only, but only when there is a value, 2 = read-only regardless.
if (vartrue($attributes['readonly']) && (vartrue($value) || vartrue($attributes['readonly']) === 2)) {
if (vartrue($attributes['writeParms'])) {
$attributes['readParms'] = $attributes['writeParms'];
}
return $this->renderValue($key, $value, $attributes) . $this->hidden($key, $value);
//
}
// FIXME standard - writeParams['__options'] is introduced for list elements, bundle adding to writeParms is non reliable way
$writeParamsOptionable = array('dropdown', 'comma', 'radio', 'lanlist', 'language', 'user');
$writeParamsDisabled = array('layouts', 'templates', 'userclass', 'userclasses');
// FIXME it breaks all list like elements - dropdowns, radio, etc
if (vartrue($required_data[0]) || vartrue($attributes['required'])) {
// FIXME - another approach, raise standards, remove checks
if (in_array($attributes['type'], $writeParamsOptionable)) {
$parms['__options']['required'] = 1;
} elseif (!in_array($attributes['type'], $writeParamsDisabled)) {
$parms['required'] = 1;
}
}
// FIXME it breaks all list like elements - dropdowns, radio, etc
if (vartrue($required_data[3]) || vartrue($attributes['pattern'])) {
// FIXME - another approach, raise standards, remove checks
if (in_array($attributes['type'], $writeParamsOptionable)) {
$parms['__options']['pattern'] = vartrue($attributes['pattern'], $required_data[3]);
} elseif (!in_array($attributes['type'], $writeParamsDisabled)) {
$parms['pattern'] = vartrue($attributes['pattern'], $required_data[3]);
}
}
// XXX Fixes For the above. - use optArray variable. eg. $field['key']['writeParms']['optArray'] = array('one','two','three');
if (($attributes['type'] == 'dropdown' || $attributes['type'] == 'radio' || $attributes['type'] == 'checkboxes') && !empty($parms['optArray'])) {
$fopts = $parms;
$parms = $fopts['optArray'];
unset($fopts['optArray']);
$parms['__options'] = $fopts;
}
$this->renderElementTrigger($key, $value, $parms, $required_data, $id);
switch ($attributes['type']) {
case 'number':
$maxlength = vartrue($parms['maxlength'], 255);
unset($parms['maxlength']);
if (!vartrue($parms['size'])) {
$parms['size'] = 'mini';
}
if (!vartrue($parms['class'])) {
$parms['class'] = 'tbox number e-spinner';
}
if (!$value) {
$value = '0';
}
$ret = vartrue($parms['pre']) . $this->number($key, $value, $maxlength, $parms) . vartrue($parms['post']);
break;
case 'ip':
$ret = vartrue($parms['pre']) . $this->text($key, e107::getIPHandler()->ipDecode($value), 32, $parms) . vartrue($parms['post']);
break;
case 'email':
$maxlength = vartrue($parms['maxlength'], 255);
unset($parms['maxlength']);
$ret = vartrue($parms['pre']) . $this->email($key, $value, $maxlength, $parms) . vartrue($parms['post']);
// vartrue($parms['__options']) is limited. See 'required'=>true
break;
case 'url':
$maxlength = vartrue($parms['maxlength'], 255);
unset($parms['maxlength']);
$ret = vartrue($parms['pre']) . $this->url($key, $value, $maxlength, $parms) . vartrue($parms['post']);
// vartrue($parms['__options']) is limited. See 'required'=>true
break;
// case 'email':
// case 'email':
case 'password':
// encrypts to md5 when saved.
$maxlength = vartrue($parms['maxlength'], 255);
unset($parms['maxlength']);
$ret = vartrue($parms['pre']) . $this->password($key, $value, $maxlength, $parms) . vartrue($parms['post']);
// vartrue($parms['__options']) is limited. See 'required'=>true
break;
case 'text':
$maxlength = vartrue($parms['maxlength'], 255);
unset($parms['maxlength']);
if (!empty($parms['password'])) {
$ret = vartrue($parms['pre']) . $this->password($key, $value, $maxlength, $parms) . vartrue($parms['post']);
} else {
$ret = vartrue($parms['pre']) . $this->text($key, $value, $maxlength, $parms) . vartrue($parms['post']);
// vartrue($parms['__options']) is limited. See 'required'=>true
}
if (!empty($attributes['multilan'])) {
$ret = "<span class='input-group input-xxlarge'>" . $ret . "</span>";
}
break;
case 'tags':
$maxlength = vartrue($parms['maxlength'], 255);
$ret = vartrue($parms['pre']) . $this->tags($key, $value, $maxlength, $parms) . vartrue($parms['post']);
// vartrue($parms['__options']) is limited. See 'required'=>true
break;
case 'textarea':
$text = "";
if (vartrue($parms['append']) && vartrue($value)) {
$attributes['readParms'] = 'bb=1';
$text = $this->renderValue($key, $value, $attributes);
$text .= '<br />';
$value = "";
// Appending needs is performed and customized using function: beforeUpdate($new_data, $old_data, $id)
}
$text .= vartrue($parms['pre']) . $this->textarea($key, $value, vartrue($parms['rows'], 5), vartrue($parms['cols'], 40), vartrue($parms['__options'], $parms), varset($parms['counter'], false)) . vartrue($parms['post']);
$ret = $text;
break;
case 'bbarea':
$options = array('counter' => varset($parms['counter'], false));
// Media = media-category owner used by media-manager.
$ret = vartrue($parms['pre']) . $this->bbarea($key, $value, vartrue($parms['template']), vartrue($parms['media']), vartrue($parms['size'], 'medium'), $options) . vartrue($parms['post']);
break;
case 'image':
//TODO - thumb, image list shortcode, js tooltip...
$label = varset($parms['label'], 'LAN_EDIT');
unset($parms['label']);
$ret = $this->imagepicker($key, $value, defset($label, $label), $parms);
break;
case 'images':
// return print_a($value, true);
$ret = "";
$label = varset($parms['label'], 'LAN_EDIT');
for ($i = 0; $i < 5; $i++) {
$k = $key . '[' . $i . '][path]';
$ival = $value[$i]['path'];
$ret .= $this->imagepicker($k, $ival, defset($label, $label), $parms);
}
break;
case 'files':
if ($attributes['data'] == 'array') {
$parms['data'] = 'array';
}
$ret = '<ol>';
for ($i = 0; $i < 5; $i++) {
// $k = $key.'['.$i.'][path]';
// $ival = $value[$i]['path'];
$k = $key . '[' . $i . ']';
$ival = $value[$i];
$ret .= '<li>' . $this->filepicker($k, $ival, defset($label, $label), $parms) . '</li>';
}
$ret .= '</ol>';
break;
case 'file':
//TODO - thumb, image list shortcode, js tooltip...
$label = varset($parms['label'], 'LAN_EDIT');
unset($parms['label']);
$ret = $this->filepicker($key, $value, defset($label, $label), $parms);
break;
case 'icon':
$label = varset($parms['label'], 'LAN_EDIT');
$ajax = varset($parms['ajax'], true) ? true : false;
unset($parms['label'], $parms['ajax']);
$ret = $this->iconpicker($key, $value, defset($label, $label), $parms, $ajax);
break;
case 'date':
// date will show the datepicker but won't convert the value to unix. ie. string value will be saved. (or may be processed manually with beforeCreate() etc. Format may be determined by $parm.
// date will show the datepicker but won't convert the value to unix. ie. string value will be saved. (or may be processed manually with beforeCreate() etc. Format may be determined by $parm.
case 'datestamp':
// If hidden, value is updated regardless. eg. a 'last updated' field.
// If not hidden, and there is a value, it is retained. eg. during the update of an existing record.
// otherwise it is added. eg. during the creation of a new record.
if (vartrue($parms['auto']) && ($value == null || vartrue($parms['hidden']))) {
$value = time();
}
if (vartrue($parms['readonly'])) {
$ret = $this->renderValue($key, $value, $attributes) . $this->hidden($key, $value);
} elseif (vartrue($parms['hidden'])) {
$ret = $this->hidden($key, $value);
} else {
$ret = $this->datepicker($key, $value, $parms);
}
break;
case 'layouts':
//to do - exclude param (exact match)
$location = varset($parms['plugin']);
// empty - core
$ilocation = vartrue($parms['id'], $location);
// omit if same as plugin name
$where = vartrue($parms['area'], 'front');
//default is 'front'
$filter = varset($parms['filter']);
$merge = vartrue($parms['merge']) ? true : false;
$layouts = e107::getLayouts($location, $ilocation, $where, $filter, $merge, true);
if (varset($parms['default']) && !isset($layouts[0]['default'])) {
$layouts[0] = array('default' => $parms['default']) + $layouts[0];
}
$info = array();
if ($layouts[1]) {
foreach ($layouts[1] as $k => $info_array) {
if (isset($info_array['description'])) {
$info[$k] = defset($info_array['description'], $info_array['description']);
}
}
}
//$this->selectbox($key, $layouts, $value)
$ret = vartrue($parms['raw']) ? $layouts[0] : $this->radio_multi($key, $layouts[0], $value, array('sep' => "<br />"), $info);
break;
case 'templates':
//to do - exclude param (exact match)
$templates = array();
if (varset($parms['default'])) {
$templates['default'] = defset($parms['default'], $parms['default']);
}
$location = vartrue($parms['plugin']) ? e_PLUGIN . $parms['plugin'] . '/' : e_THEME;
$ilocation = vartrue($parms['location']);
$tmp = e107::getFile()->get_files($location . 'templates/' . $ilocation, vartrue($parms['fmask'], '_template\\.php$'), vartrue($parms['omit'], 'standard'), vartrue($parms['recurse_level'], 0));
foreach ($tmp as $files) {
$k = str_replace('_template.php', '', $files['fname']);
$templates[$k] = implode(' ', array_map('ucfirst', explode('_', $k)));
//TODO add LANS?
}
// override
$where = vartrue($parms['area'], 'front');
$location = vartrue($parms['plugin']) ? $parms['plugin'] . '/' : '';
$tmp = e107::getFile()->get_files(e107::getThemeInfo($where, 'rel') . 'templates/' . $location . $ilocation, vartrue($parms['fmask']), vartrue($parms['omit'], 'standard'), vartrue($parms['recurse_level'], 0));
foreach ($tmp as $files) {
$k = str_replace('_template.php', '', $files['fname']);
$templates[$k] = implode(' ', array_map('ucfirst', explode('_', $k)));
//TODO add LANS?
}
$ret = vartrue($parms['raw']) ? $templates : $this->selectbox($key, $templates, $value);
break;
case 'checkboxes':
if (is_array($parms)) {
$eloptions = vartrue($parms['__options'], array());
if (is_string($eloptions)) {
parse_str($eloptions, $eloptions);
}
if ($attributes['type'] === 'comma') {
$eloptions['multiple'] = true;
}
unset($parms['__options']);
if (!is_array($value) && !empty($value)) {
$value = explode(",", $value);
}
$ret = vartrue($eloptions['pre']) . $this->checkboxes($key, $parms, $value, $eloptions) . vartrue($eloptions['post']);
}
return $ret;
break;
case 'dropdown':
case 'comma':
$eloptions = vartrue($parms['__options'], array());
if (is_string($eloptions)) {
parse_str($eloptions, $eloptions);
}
if ($attributes['type'] === 'comma') {
$eloptions['multiple'] = true;
}
unset($parms['__options']);
if (vartrue($eloptions['multiple']) && !is_array($value)) {
$value = explode(',', $value);
}
$ret = vartrue($eloptions['pre']) . $this->selectbox($key, $parms, $value, $eloptions) . vartrue($eloptions['post']);
break;
case 'radio':
// TODO - more options (multi-line, help)
$eloptions = vartrue($parms['__options'], array());
if (is_string($eloptions)) {
parse_str($eloptions, $eloptions);
}
unset($parms['__options']);
$ret = vartrue($eloptions['pre']) . $this->radio_multi($key, $parms, $value, $eloptions, false) . vartrue($eloptions['post']);
break;
case 'userclass':
case 'userclasses':
$uc_options = vartrue($parms['classlist'], 'public,guest,nobody,member,admin,main,classes');
// defaults to 'public,guest,nobody,member,classes' (userclass handler)
unset($parms['classlist']);
// $method = ($attributes['type'] == 'userclass') ? 'uc_select' : 'uc_select';
if (vartrue($attributes['type']) == 'userclasses') {
$parms['multiple'] = true;
}
$ret = vartrue($parms['pre']) . $this->uc_select($key, $value, $uc_options, vartrue($parms, array())) . vartrue($parms['post']);
break;
/*case 'user_name':
case 'user_loginname':
case 'user_login':
case 'user_customtitle':
case 'user_email':*/
/*case 'user_name':
case 'user_loginname':
case 'user_login':
case 'user_customtitle':
case 'user_email':*/
case 'user':
//user_id expected
// Just temporary solution, could be changed soon
if (!isset($parms['__options'])) {
$parms['__options'] = array();
}
if (!is_array($parms['__options'])) {
parse_str($parms['__options'], $parms['__options']);
}
if (empty($value) && varset($parms['currentInit'], USERID) !== 0 || vartrue($parms['current'])) {
$value = USERID;
if (vartrue($parms['current'])) {
$parms['__options']['readonly'] = true;
}
}
if (!is_array($value)) {
$value = $value ? e107::getSystemUser($value, true)->getUserData() : array();
// e107::user($value);
}
$colname = vartrue($parms['nameType'], 'user_name');
$parms['__options']['name'] = $colname;
if (!$value) {
$value = array();
}
$uname = varset($value[$colname]);
$value = varset($value['user_id'], 0);
$ret = $this->userpicker(vartrue($parms['nameField'], $key), $key, $uname, $value, vartrue($parms['__options']));
break;
case 'bool':
case 'boolean':
if (varset($parms['label']) === 'yesno') {
$lenabled = 'LAN_YES';
$ldisabled = 'LAN_NO';
} else {
$lenabled = vartrue($parms['enabled'], 'LAN_ENABLED');
$ldisabled = vartrue($parms['disabled'], 'LAN_DISABLED');
}
unset($parms['enabled'], $parms['disabled'], $parms['label']);
$ret = vartrue($parms['pre']) . $this->radio_switch($key, $value, defset($lenabled, $lenabled), defset($ldisabled, $ldisabled), $parms) . vartrue($parms['post']);
break;
case "checkbox":
$value = isset($parms['value']) ? $parms['value'] : $value;
$ret = vartrue($parms['pre']) . $this->checkbox($key, 1, $value, $parms) . vartrue($parms['post']);
break;
case 'method':
// Custom Function
$meth = !empty($attributes['method']) ? $attributes['method'] : $key;
$parms['field'] = $key;
$ret = call_user_func_array(array($this, $meth), array($value, 'write', $parms));
break;
case 'upload':
//TODO - from method
// TODO uploadfile SC is now processing uploads as well (add it to admin UI), write/readParms have to be added (see uploadfile.php parms)
$disbut = varset($parms['disable_button'], '0');
$ret = $tp->parseTemplate("{UPLOADFILE=" . (vartrue($parms['path']) ? e107::getParser()->replaceConstants($parms['path']) : e_UPLOAD) . "|nowarn&trigger=etrigger_uploadfiles&disable_button={$disbut}}");
break;
case 'hidden':
$value = isset($parms['value']) ? $parms['value'] : $value;
$ret = vartrue($parms['show']) ? $value ? $value : varset($parms['empty'], $value) : '';
$ret = $ret . $this->hidden($key, $value);
break;
case 'lanlist':
// installed languages
// installed languages
case 'language':
// all languages
$options = $attributes['type'] === 'language' ? e107::getLanguage()->getList() : e107::getLanguage()->getLanSelectArray();
$eloptions = vartrue($parms['__options'], array());
if (!is_array($eloptions)) {
parse_str($eloptions, $eloptions);
}
unset($parms['__options']);
if (vartrue($eloptions['multiple']) && !is_array($value)) {
$value = explode(',', $value);
}
$ret = vartrue($eloptions['pre']) . $this->selectbox($key, $options, $value, $eloptions) . vartrue($eloptions['post']);
break;
case null:
// Possibly used in db but should not be submitted in form. @see news_extended.
break;
default:
// No LAN necessary, debug only.
$ret = ADMIN ? "<span class='alert alert-error alert-danger'>" . LAN_ERROR . " Unknown 'type' : " . $attributes['type'] . "</span>" : $value;
break;
}
if (vartrue($parms['expand'])) {
$k = "exp-" . $this->name2id($key);
$text = "<a class='e-expandit e-tip' href='#{$k}'>" . $parms['expand'] . "</a>";
$text .= vartrue($parms['help']) ? '<div class="field-help">' . $parms['help'] . '</div>' : '';
$text .= "<div id='{$k}' class='e-hideme'>" . $ret . "</div>";
return $text;
} else {
$ret .= vartrue($parms['help']) ? '<div class="field-help">' . $tp->toHtml($parms['help'], false, 'defs') . '</div>' : '';
}
return $ret;
}
function sc_ipaddress($parm = '')
{
global $IPADDRESS, $e107;
//require_once(e_HANDLER."encrypt_handler.php");
return ADMIN ? "<a href='" . SITEURL . "userposts.php?0.comments." . $this->var['user_id'] . "'>" . COMLAN_330 . " " . e107::getIPHandler()->ipDecode($this->var['comment_ip']) . "</a>" : "";
}
/**
* Convert posted to model values after submit (based on field type)
* @param array $data
* @return void
*/
protected function convertToData(&$data)
{
$model = new e_model($data);
foreach ($this->getFields() as $key => $attributes) {
$value = vartrue($attributes['dataPath']) ? $model->getData($attributes['dataPath']) : $model->get($key);
if (null === $value) {
continue;
}
switch ($attributes['type']) {
case 'password':
//TODO more encryption options.
if (strlen($value) < 30) {
$value = md5($value);
}
break;
case 'datestamp':
if (!is_numeric($value)) {
if (!empty($attributes['writeParms'])) {
if (is_string($attributes['writeParms'])) {
parse_str($attributes['writeParms'], $opt);
} elseif (is_array($attributes['writeParms'])) {
$opt = $attributes['writeParms'];
}
}
$format = $opt['type'] ? 'input' . $opt['type'] : 'inputdate';
$value = trim($value) ? e107::getDate()->toTime($value, $format) : 0;
}
break;
case 'ip':
$value = trim($value) ? e107::getIPHandler()->ipEncode($value) : '';
break;
case 'dropdown':
// TODO - ask Steve if this check is required
// TODO - ask Steve if this check is required
case 'lanlist':
case 'userclasses':
case 'comma':
case 'checkboxes':
if (is_array($value)) {
// no sanitize here - data is added to model posted stack
// and validated & sanitized before sent to db
//$value = array_map(array(e107::getParser(), 'toDB'), $value);
$value = implode(',', $value);
}
break;
case 'images':
case 'files':
// XXX Cam @ SecretR: didn't work here. See model_class.php line 2046.
// if(!is_array($value))
// {
// $value = e107::unserialize($value);
// }
break;
}
/*
if($attributes['serialize'] == true)
{
$attributes['data'] = 'array';
}
if($attributes['data'] != 'array')
{
$value = e107::unserialize($value);
}
*/
if (vartrue($attributes['dataPath'])) {
$model->setData($attributes['dataPath'], $value);
} else {
$model->set($key, $value);
}
}
$data = $model->getData();
unset($model);
$this->toData($data);
}
}
// Work out data to be written to user audit trail
$signup_data = array('user_name', 'user_loginname', 'user_email', 'user_ip');
// foreach (array() as $f)
foreach ($signup_data as $f) {
$signup_data[$f] = $allData['data'][$f];
// Just copy across selected fields
}
$allData['data']['user_password'] = $userMethods->HashPassword($savePassword, $allData['data']['user_loginname']);
if (vartrue($pref['allowEmailLogin'])) {
// Need to create separate password for email login
//$allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
$allData['data']['user_prefs'] = e107::getArrayStorage()->serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
}
$allData['data']['user_join'] = time();
$allData['data']['user_ip'] = e107::getIPHandler()->getIP(FALSE);
if (!vartrue($allData['data']['user_name'])) {
$allData['data']['user_name'] = $allData['data']['user_loginname'];
$signup_data['user_name'] = $allData['data']['user_loginname'];
}
// The user_class, user_perms, user_prefs, user_realm fields don't have default value,
// so we put apropriate ones, otherwise - broken DB Insert
$allData['data']['user_class'] = '';
$allData['data']['user_perms'] = '';
$allData['data']['user_prefs'] = '';
$allData['data']['user_realm'] = '';
if (empty($allData['data']['user_signature'])) {
$allData['data']['user_signature'] = '';
// as above - default required in MYsQL strict mode.
}
// Actually write data to DB
function renderOnlineUsers($data = false)
{
$ol = e107::getOnline();
$tp = e107::getParser();
$panelOnline = "\n\t\t\t\t\n\t\t\t\t<table class='table table-condensed table-striped' style='width:96%;margin-left:auto;margin-right:auto'>\n\t\t\t\t<colgroup>\n\t\t\t\t\t<col style='width: 10%' />\n\t\t <col style='width: 25%' />\n\t\t\t\t\t<col style='width: 10%' />\n\t\t\t\t\t<col style='width: 40%' />\n\t\t\t\t\t<col style='width: auto' />\n\t\t\t\t</colgroup>\n\t\t\t\t<thead>\n\t\t\t\t\t<tr class='first'>\n\t\t\t\t\t\t<th>Timestamp</th>\n\t\t\t\t\t\t<th>Username</th>\n\t\t\t\t\t\t<th>IP</th>\n\t\t\t\t\t\t<th>Page</th>\n\t\t\t\t\t\t<th class='center'>Agent</th>\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\n\t\t\t\t<tbody>";
$online = $ol->userList() + $ol->guestList();
if ($data == 'count') {
return count($online);
}
// echo "Users: ".print_a($online);
foreach ($online as $val) {
$panelOnline .= "\n\t\t\t<tr>\n\t\t\t\t<td class='nowrap'>" . e107::getDateConvert()->convert_date($val['user_currentvisit'], '%H:%M:%S') . "</td>\n\t\t\t\t<td>" . $this->renderOnlineName($val['online_user_id']) . "</td>\n\t\t\t\t<td>" . e107::getIPHandler()->ipDecode($val['user_ip']) . "</td>\n\t\t\t\t<td><a class='e-tip' href='" . $val['user_location'] . "' title='" . $val['user_location'] . "'>" . $tp->html_truncate(basename($val['user_location']), 50, "...") . "</a></td>\n\t\t\t\t<td class='center'><a class='e-tip' href='#' title='" . $val['user_agent'] . "'>" . $this->browserIcon($val) . "</a></td>\n\t\t\t</tr>\n\t\t\t";
}
$panelOnline .= "</tbody></table>";
return $panelOnline;
}
/**
* Update user visit timestamp
* @return void
*/
protected function updateVisit()
{
// Don't update if main admin is logged in as current (non main admin) user
if (!$this->getParentId()) {
$sql = e107::getDb();
$this->set('last_ip', $this->get('user_ip'));
$current_ip = e107::getIPHandler()->getIP(FALSE);
$update_ip = $this->get('user_ip' != $current_ip ? ", user_ip = '" . $current_ip . "'" : "");
$this->set('user_ip', $current_ip);
if ($this->get('user_currentvisit') + 3600 < time() || !$this->get('user_lastvisit')) {
$this->set('user_lastvisit', (int) $this->get('user_currentvisit'));
$this->set('user_currentvisit', time());
$sql->db_Update('user', "user_visits = user_visits + 1, user_lastvisit = " . $this->get('user_lastvisit') . ", user_currentvisit = " . $this->get('user_currentvisit') . "{$update_ip} WHERE user_id='" . $this->getId() . "' ");
} else {
$this->set('user_currentvisit', time());
$sql->db_Update('user', "user_currentvisit = " . $this->get('user_currentvisit') . "{$update_ip} WHERE user_id='" . $this->getId() . "' ");
}
}
}
/**
* Create banlist-related text files as requested:
* List of whitelisted and blacklisted IP addresses
* file for easy import into .htaccess file (allow from...., deny from....)
* Generic CSV-format export file
*
* @param string $options {ip|htaccess|csv} - comma separated list (no spaces) to select which files to write
* @param string $typeList - optional comma-separated list of ban types required (default is all)
* Uses constants:
* BAN_FILE_IP_NAME Saves list of banned and whitelisted IP addresses
* BAN_FILE_ACTION_NAME Details of actions for different ban types
* BAN_FILE_HTACCESS File in format for direct paste into .htaccess
* BAN_FILE_CSV_NAME
* BAN_FILE_EXTENSION File extension to append
*
*/
public function writeBanListFiles($options = 'ip', $typeList = '')
{
e107::getMessage()->addDebug("Writing new Banlist files.");
$sql = e107::getDb();
$ipManager = e107::getIPHandler();
$optList = explode(',', $options);
$fileList = array();
// Array of file handles once we start
$fileNameList = array('ip' => eIPHandler::BAN_FILE_IP_NAME, 'htaccess' => eIPHandler::BAN_FILE_HTACCESS, 'csv' => eIPHandler::BAN_FILE_CSV_NAME);
$qry = 'SELECT * FROM `#banlist` ';
if ($typeList != '') {
$qry .= " WHERE`banlist_bantype` IN ({$typeList})";
}
$qry .= ' ORDER BY `banlist_bantype` DESC';
// Order ensures whitelisted addresses appear first
// Create a temporary file for each type as demanded. Vet the options array on this pass, as well
foreach ($optList as $k => $opt) {
if (isset($fileNameList[$opt])) {
if ($tmp = fopen($this->ourConfigDir . $fileNameList[$opt] . '_tmp' . eIPHandler::BAN_FILE_EXTENSION, 'w')) {
$fileList[$opt] = $tmp;
// Save file handle
fwrite($fileList[$opt], "<?php\n; die();\n");
//echo "Open File for write: ".$this->ourConfigDir.$fileNameList[$opt].'_tmp'.eIPHandler::BAN_FILE_EXTENSION.'<br />';
} else {
unset($optList[$k]);
/// @todo - flag error?
}
} else {
unset($optList[$k]);
}
}
if ($sql->db_Select_gen($qry)) {
while ($row = $sql->db_Fetch(MYSQL_ASSOC)) {
$row['banlist_ip'] = $this->trimWildcard($row['banlist_ip']);
if ($row['banlist_ip'] == '') {
continue;
}
// Ignore empty IP addresses
if ($ipManager->whatIsThis($row['banlist_ip']) != 'ip') {
continue;
}
// Ignore non-numeric IP Addresses
if ($row['banlist_bantype'] == eIPHandler::BAN_TYPE_LEGACY) {
$row['banlist_bantype'] = eIPHandler::BAN_TYPE_UNKNOWN;
}
// Handle legacy bans
foreach ($optList as $opt) {
$line = '';
switch ($opt) {
case 'ip':
// IP_address action expiry_time additional_parameters
$line = $row['banlist_ip'] . ' ' . $row['banlist_bantype'] . ' ' . $row['banlist_banexpires'] . "\n";
break;
case 'htaccess':
$line = ($row['banlist_bantype'] > 0 ? 'allow from ' : 'deny from ') . $row['banlist_ip'] . "\n";
break;
case 'csv':
/// @todo - when PHP5.1 is minimum, can use fputcsv() function
$line = $row['banlist_ip'] . ',' . $this->dateFormat($row['banlist_datestamp']) . ',' . $this->dateFormat($row['banlist_expires']) . ',';
$line .= $row['banlist_bantype'] . ',"' . $row['banlist_reason'] . '","' . $row['banlist_notes'] . '"' . "\n";
break;
}
fwrite($fileList[$opt], $line);
}
}
}
// Now close each file
foreach ($optList as $opt) {
fclose($fileList[$opt]);
}
// Finally, delete the working file, rename the temporary one
// Docs suggest that 'newname' is auto-deleted if it exists (as it usually should)
// - but didn't appear to work, hence copy then delete
foreach ($optList as $opt) {
$oldName = $this->ourConfigDir . $fileNameList[$opt] . '_tmp' . eIPHandler::BAN_FILE_EXTENSION;
$newName = $this->ourConfigDir . $fileNameList[$opt] . eIPHandler::BAN_FILE_EXTENSION;
copy($oldName, $newName);
unlink($oldName);
}
}
/**
* Insert a new thread or a reply/quoted reply.
*/
function insertPost()
{
$postInfo = array();
$threadInfo = array();
$threadOptions = array();
$fp = new floodprotect();
if (isset($_POST['newthread']) && trim($_POST['subject']) == '' || trim($_POST['post']) == '') {
message_handler('ALERT', 5);
} else {
if ($fp->flood('forum_thread', 'thread_datestamp') == false && !ADMIN) {
echo "<script type='text/javascript'>document.location.href='" . e_BASE . "index.php'</script>\n";
exit;
}
$hasPoll = $this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '';
if (USER) {
$postInfo['post_user'] = USERID;
$threadInfo['thread_lastuser'] = USERID;
$threadInfo['thread_user'] = USERID;
$threadInfo['thread_lastuser_anon'] = '';
} else {
$postInfo['post_user_anon'] = $_POST['anonname'];
$threadInfo['thread_lastuser_anon'] = $_POST['anonname'];
$threadInfo['thread_user_anon'] = $_POST['anonname'];
}
$time = time();
$postInfo['post_entry'] = $_POST['post'];
$postInfo['post_forum'] = $this->data['forum_id'];
$postInfo['post_datestamp'] = $time;
$postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE);
$threadInfo['thread_lastpost'] = $time;
if (isset($_POST['no_emote'])) {
$postInfo['post_options'] = serialize(array('no_emote' => 1));
}
//If we've successfully uploaded something, we'll have to edit the post_entry and post_attachments
$newValues = array();
if ($uploadResult = $this->processAttachments()) {
foreach ($uploadResult as $ur) {
//$postInfo['post_entry'] .= $ur['txt'];
// $_tmp = $ur['type'].'*'.$ur['file'];
// if($ur['thumb']) { $_tmp .= '*'.$ur['thumb']; }
// if($ur['fname']) { $_tmp .= '*'.$ur['fname']; }
$type = $ur['type'];
$newValues[$type][] = $ur['file'];
// $attachments[] = $_tmp;
}
// $postInfo['_FIELD_TYPES']['post_attachments'] = 'array';
$postInfo['post_attachments'] = e107::serialize($newValues);
//FIXME XXX - broken encoding when saved to DB.
}
// var_dump($uploadResult);
switch ($this->action) {
// Reply only. Add the post, update thread record with latest post info.
// Update forum with latest post info
case 'rp':
$postInfo['post_thread'] = $this->id;
$newPostId = $this->forumObj->postAdd($postInfo);
break;
// New thread started. Add the thread info (with lastest post info), add the post.
// Update forum with latest post info
// New thread started. Add the thread info (with lastest post info), add the post.
// Update forum with latest post info
case 'nt':
$threadInfo['thread_sticky'] = MODERATOR ? (int) $_POST['threadtype'] : 0;
$threadInfo['thread_name'] = $_POST['subject'];
$threadInfo['thread_forum_id'] = $this->id;
$threadInfo['thread_active'] = 1;
$threadInfo['thread_datestamp'] = $time;
if ($hasPoll) {
$threadOptions['poll'] = '1';
}
if (is_array($threadOptions) && count($threadOptions)) {
$threadInfo['thread_options'] = serialize($threadOptions);
} else {
$threadInfo['thread_options'] = '';
}
if ($postResult = $this->forumObj->threadAdd($threadInfo, $postInfo)) {
$newPostId = $postResult['postid'];
$newThreadId = $postResult['threadid'];
$this->data['thread_id'] = $newThreadId;
// $this->data['thread_sef'] = $postResult['threadsef'];
$this->data['thread_sef'] = eHelper::title2sef($threadInfo['thread_name'], 'dashl');
if ($_POST['email_notify']) {
$this->forumObj->track('add', USERID, $newThreadId);
}
}
break;
}
e107::getMessage()->addDebug(print_a($postInfo, true));
// e107::getMessage()->addDebug(print_a($this,true));
if ($postResult === -1 || $newPostId === -1) {
require_once HEADERF;
$message = LAN_FORUM_3006 . "<br ><a class='btn btn-default' href='" . $_SERVER['HTTP_REFERER'] . "'>Return</a>";
$text = e107::getMessage()->addError($message)->render();
e107::getRender()->tablerender(LAN_PLUGIN_FORUM_NAME, $text);
// change to forum-title pref.
require_once FOOTERF;
exit;
}
$threadId = $this->action == 'nt' ? $newThreadId : $this->id;
//If a poll was submitted, let's add it to the poll db
if ($this->action == 'nt' && varset($_POST['poll_title']) && $_POST['poll_option'][0] != '' && $_POST['poll_option'][1] != '') {
require_once e_PLUGIN . 'poll/poll_class.php';
$_POST['iid'] = $threadId;
$poll = new poll();
$poll->submit_poll(2);
}
e107::getCache()->clear('newforumposts');
// $postInfo = $this->forumObj->postGet($newPostId, 'post');
// $forumInfo = $this->forumObj->forumGet($postInfo['post_forum']);
// $threadLink = e107::getUrl()->create('forum/thread/last', $postInfo);
// $forumLink = e107::getUrl()->create('forum/forum/view', $forumInfo);
$threadLink = e107::url('forum', 'topic', $this->data, 'full') . "&last=1";
$forumLink = e107::url('forum', 'forum', $this->data);
if ($this->forumObj->prefs->get('redirect')) {
$this->redirect($threadLink);
// header('location:'.e107::getUrl()->create('forum/thread/last', $postInfo, array('encode' => false, 'full' => true)));
exit;
} else {
require_once HEADERF;
$template = $this->getTemplate('posted');
$SHORTCODES = array('THREADLINK' => $threadLink, 'FORUMLINK' => $forumLink);
$txt = isset($_POST['newthread']) ? $template['thread'] : $template['reply'];
$txt = e107::getParser()->parseTemplate($txt, true, $SHORTCODES);
e107::getRender()->tablerender('Forums', e107::getMessage()->render() . $txt);
require_once FOOTERF;
exit;
}
}
}
/**
* Go online
* @param boolean $online_tracking
* @param boolean $flood_control
* @return void
*/
public function goOnline($online_tracking = false, $flood_control = false)
{
// global $pref, $e_event; // Not needed as globals
//global $online_timeout, $online_warncount, $online_bancount; // Not needed as globals
//global $members_online, $total_online; // Not needed as globals
global $listuserson;
// FIXME - remove it, make it property, call e_online signleton - e107::getOnline()
$e107 = e107::getInstance();
$sql = e107::getDb();
$user = e107::getUser();
if ($online_tracking || $flood_control) {
$online_timeout = 300;
list($ban_access_guest, $ban_access_member) = explode(',', e107::getPref('ban_max_online_access', '100,200'));
$online_bancount = max($ban_access_guest, 50);
// Safety net for incorrect values
if ($user->isUser()) {
$online_bancount = max($online_bancount, $ban_access_member);
}
$online_warncount = $online_bancount * 0.9;
// Set warning threshold at 90% of ban threshold
//TODO Add support for all queries.
// $page = (strpos(e_SELF, 'forum_') !== FALSE) ? e_SELF.'.'.e_QUERY : e_SELF;
// $page = (strpos(e_SELF, 'comment') !== FALSE) ? e_SELF.'.'.e_QUERY : $page;
// $page = (strpos(e_SELF, 'content') !== FALSE) ? e_SELF.'.'.e_QUERY : $page;
$page = e_REQUEST_URI;
// mod rewrite & single entry support
// FIXME parse url, trigger registered e_online callbacks
$page = e107::getParser()->toDB($page, true);
/// @todo - try not to use toDB() - triggers prefilter
$ip = e107::getIPHandler()->getIP(FALSE);
$udata = $user->isUser() && USER ? $user->getId() . '.' . $user->getName() : '0';
// USER check required to make sure they logged in without an error.
$agent = $_SERVER['HTTP_USER_AGENT'];
// XXX - more exceptions, e.g. hide online location for admins/users (pref), e_jlsib.php, etc
// XXX - more advanced flod timing when e_AJAX_REQUEST, e.g. $ban_access_ajax = 300
$update_page = deftrue('e_AJAX_REQUEST') ? '' : ", online_location='{$page}'";
$insert_query = array('online_timestamp' => time(), 'online_flag' => 0, 'online_user_id' => $udata, 'online_ip' => $ip, 'online_location' => $page, 'online_pagecount' => 1, 'online_active' => 0, 'online_agent' => $agent, 'online_language' => e_LAN);
// !deftrue('e_AJAX_REQUEST')
// TODO add option to hide users from online list? boolean online_hide field?
// don't do anything if main admin logged in as another user
if ($user->isUser() && !$user->getParentId()) {
// Find record that matches IP or visitor, or matches user info
if ($sql->select('online', '*', "(`online_ip` = '{$ip}' AND `online_user_id` = '0') OR `online_user_id` = '{$udata}'")) {
$row = $sql->fetch();
if ($row['online_user_id'] == $udata) {
//Matching user record
if ($row['online_timestamp'] < time() - $online_timeout) {
//It has been at least 'online_timeout' seconds since this user's info last logged
//Update user record with timestamp, current IP, current page and set pagecount to 1
$query = "online_timestamp='" . time() . "', online_ip='{$ip}'{$update_page}, online_pagecount=1, `online_active` = 1 WHERE online_user_id='{$row['online_user_id']}'";
} else {
if (!$user->isAdmin()) {
$row['online_pagecount']++;
}
// Update user record with current IP, current page and increment pagecount
$query = "online_ip='{$ip}'{$update_page}, `online_pagecount` = '" . intval($row['online_pagecount']) . "', `online_active` = 1 WHERE `online_user_id` = '{$row['online_user_id']}'";
}
} else {
//Found matching visitor record (ip only) for this user
if ($row['online_timestamp'] < time() - $online_timeout) {
// It has been at least 'timeout' seconds since this user has connected
// Update record with timestamp, current IP, current page and set pagecount to 1
$query = "`online_timestamp` = '" . time() . "', `online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = 1, `online_active` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
} else {
// Another visit within the timeout period
if (!$user->isAdmin()) {
$row['online_pagecount']++;
}
//Update record with current IP, current page and increment pagecount
$query = "`online_user_id` = '{$udata}'{$update_page}, `online_pagecount` = " . intval($row['online_pagecount']) . ", `online_active` =1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
}
}
$sql->update('online', $query);
} else {
$sql->insert('online', $insert_query);
}
} elseif (!$user->getParentId()) {
//Current page request is from a guest
if ($sql->select('online', '*', "`online_ip` = '{$ip}' AND `online_user_id` = '0'")) {
// Recent visitor
$row = $sql->fetch();
if ($row['online_timestamp'] < time() - $online_timeout) {
//Update record with timestamp, current page, and set pagecount to 1
$query = "`online_timestamp` = '" . time() . "'{$update_page}, `online_pagecount` = 1 WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
} else {
//Update record with current page and increment pagecount
$row['online_pagecount']++;
// echo "here {$online_pagecount}";
$query = "`online_pagecount` = {$row['online_pagecount']}{$update_page} WHERE `online_ip` = '{$ip}' AND `online_user_id` = '0'";
}
$sql->update('online', $query);
} else {
// New visitor
$sql->insert('online', $insert_query);
}
}
if ($user->isAdmin() || e107::getPref('autoban') != 1 && e107::getPref('autoban') != 2 || !isset($row['online_pagecount'])) {
$row['online_pagecount'] = 1;
}
// Always allow localhost - any problems are usually semi-intentional!
if (varset($row['online_ip']) != '127.0.0.1' && varset($row['online_ip']) != e107::LOCALHOST_IP && varset($row['online_ip']) != e107::LOCALHOST_IP2) {
// Check for excessive access
if ($row['online_pagecount'] > $online_bancount) {
e107::lan('core', 'banlist', true);
//e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_banlist.php'
$reason = e107::getParser()->lanVars(BANLAN_78, $row['online_pagecount']);
// str_replace('--HITS--',$row['online_pagecount'], BANLAN_78)
if (true === e107::getIPHandler()->add_ban(2, $reason, $ip, 0)) {
e107::getEvent()->trigger('flood', $ip);
//BC
e107::getEvent()->trigger('user_ban_flood', $ip);
exit;
}
} elseif ($row['online_pagecount'] >= $online_warncount) {
echo "<div style='text-align:center; font: 11px verdana, tahoma, arial, helvetica, sans-serif;'><b>" . LAN_WARNING . "</b><br /><br />" . CORE_LAN6 . "<br /></div>";
exit;
}
}
// Delete records for users (and guests) not seen for a while
// FIXME - DB optimization - mark records as deleted (online_deleted=1), delete once per hour (could be pref) via e_cron
// FIXME - Additional prefs for this (it does 2-3 more queries no matter someone need them), could be also separate method
// Speed up ajax requests
if (!deftrue('e_AJAX_REQUEST')) {
$sql->delete('online', '`online_timestamp` < ' . (time() - $online_timeout));
// FIXME - don't use constants below, save data in class vars, call e_online signleton - e107::getOnline()
// $total_online = $sql->db_Count('online'); // 1 less query! :-)
if ($total_online = $sql->gen('SELECT o.*,u.user_image FROM #online AS o LEFT JOIN #user AS u ON o.online_user_id = u.user_id WHERE o.online_pagecount > 0 ORDER BY o.online_timestamp DESC')) {
$member_list = '';
$members_online = 0;
$listuserson = array();
while ($row = $sql->fetch()) {
$row['online_bot'] = $this->isBot($row['online_agent']);
// Sort into usable format and add bot field.
$user = array('user_location' => $row['online_location'], 'user_bot' => $this->isBot($row['online_agent']), 'user_agent' => $row['online_agent'], 'user_ip' => $row['online_ip'], 'user_currentvisit' => $row['online_timestamp'], 'user_online' => $row['online_flag'], 'user_pagecount' => $row['online_pagecount'], 'user_active' => $row['online_active'], 'user_image' => vartrue($row['user_image'], false), 'online_user_id' => $row['online_user_id'], 'user_language' => $row['online_language']);
if ($row['online_user_id'] != 0) {
$vals = explode('.', $row['online_user_id'], 2);
$user['user_id'] = $vals[0];
$user['user_name'] = $vals[1];
$member_list .= "<a href='" . SITEURL . "user.php?id.{$vals[0]}'>{$vals[1]}</a> ";
$listuserson[$row['online_user_id']] = $row['online_location'];
$this->users[] = $user;
$members_online++;
} else {
$user['user_id'] = 0;
$user['user_name'] = 'guest';
// Maybe should just be an empty string?
$this->guests[] = $user;
}
}
}
define('TOTAL_ONLINE', $total_online);
define('MEMBERS_ONLINE', $members_online);
define('GUESTS_ONLINE', $total_online - $members_online);
define('ON_PAGE', $sql->db_Count('online', '(*)', "WHERE `online_location` = '{$page}' "));
define('MEMBER_LIST', $member_list);
//update most ever online
$olCountPrefs = e107::getConfig('history');
// Get historic counts of members on line
$olCountPrefs->setParam('nologs', true);
if ($total_online > $olCountPrefs->get('most_members_online') + $olCountPrefs->get('most_guests_online')) {
$olCountPrefs->set('most_members_online', MEMBERS_ONLINE);
$olCountPrefs->set('most_guests_online', GUESTS_ONLINE);
$olCountPrefs->set('most_online_datestamp', time());
$olCountPrefs->save(false, true, false);
}
}
} else {
define('e_TRACKING_DISABLED', true);
// Used in forum, online menu
define('TOTAL_ONLINE', '');
define('MEMBERS_ONLINE', '');
define('GUESTS_ONLINE', '');
define('ON_PAGE', '');
define('MEMBER_LIST', '');
}
}
function user_audit($event_type, $event_data, $id = '', $u_name = '')
{
global $e107, $tp;
list($time_usec, $time_sec) = explode(" ", microtime());
// Log event time immediately to minimise uncertainty
$time_usec = $time_usec * 1000000;
// See whether we should log this
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
if (!isset($user_logging_opts[$event_type])) {
return;
}
// Finished if not set to log this event type
if ($this->rldb == NULL) {
$this->rldb = new db();
}
// Better use our own db - don't know what else is going on
if ($id) {
$userid = $id;
} else {
$userid = USER === TRUE ? USERID : 0;
}
if ($u_name) {
$userstring = $u_name;
} else {
$userstring = USER === true ? USERNAME : "******";
}
$userIP = e107::getIPHandler()->getIP(FALSE);
$eventcode = 'USER_' . $event_type;
$title = 'LAN_AUDIT_LOG_0' . $event_type;
// This creates a string which will be displayed as a constant
$spacer = '';
$detail = '';
foreach ($event_data as $k => $v) {
$detail .= $spacer . $k . '=>' . $v;
$spacer = '<br />';
}
$this->rldb->db_Insert("audit_log", "0, " . intval($time_sec) . ', ' . intval($time_usec) . ", '{$eventcode}', {$userid}, '{$userstring}', '{$userIP}', '{$title}', '{$detail}' ");
}