/**
* Displays the capture output of the main element
*/
function mosMainBody()
{
global $mosConfig_live_site;
// message passed via the url
$mosmsg = stripslashes(strval(mosGetParam($_REQUEST, 'mosmsg', '')));
$popMessages = false;
// Browser Check
$browserCheck = 0;
if (isset($_SERVER['HTTP_USER_AGENT']) && isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $mosConfig_live_site) !== false) {
$browserCheck = 1;
}
// Session Check
$sessionCheck = 0;
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
if (strlen($sessioncookie) == 32 || $sessioncookie == '-') {
$sessionCheck = 1;
}
// limit mosmsg to 150 characters
if (strlen($mosmsg) > 150) {
$mosmsg = substr($mosmsg, 0, 150);
}
// mosmsg outputed within html
if ($mosmsg && !$popMessages && $browserCheck && $sessionCheck) {
echo "\n<div class=\"message\">{$mosmsg}</div>";
}
echo $GLOBALS['_MOS_OPTION']['buffer'];
// mosmsg outputed in JS Popup
if ($mosmsg && $popMessages && $browserCheck && $sessionCheck) {
echo "\n<script language=\"javascript\">alert('" . addslashes($mosmsg) . "');</script>";
}
}
function getSessionToken()
{
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = zmgGetParam($_COOKIE, $sessionCookieName, null);
// Session ID / `value`
return mosMainFrame::sessionCookieValue($sessioncookie);
}
function pollAddVote($uid)
{
global $database;
// simple spoof check security
josSpoofCheck(0, 'poll');
$redirect = 1;
$sessionCookieName = mosMainFrame::sessionCookieName();
$sessioncookie = mosGetParam($_REQUEST, $sessionCookieName, '');
if (!$sessioncookie) {
echo '<h3>' . _ALERT_ENABLED . '</h3>';
echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">';
return;
}
$poll = new mosPoll($database);
if (!$poll->load((int) $uid)) {
echo '<h3>' . _NOT_AUTH . '</h3>';
echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">';
return;
}
$cookiename = "voted{$poll->id}";
$voted = mosGetParam($_COOKIE, $cookiename, '0');
if ($voted) {
echo "<h3>" . _ALREADY_VOTE . "</h3>";
echo "<input class=\"button\" type=\"button\" value=\"" . _CMN_CONTINUE . "\" onClick=\"window.history.go(-1);\">";
return;
}
$voteid = intval(mosGetParam($_POST, 'voteid', 0));
if (!$voteid) {
echo "<h3>" . _NO_SELECTION . "</h3>";
echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">';
return;
}
setcookie($cookiename, '1', time() + $poll->lag);
$query = "UPDATE #__poll_data" . "\n SET hits = hits + 1" . "\n WHERE pollid = " . (int) $poll->id . "\n AND id = " . (int) $voteid;
$database->setQuery($query);
$database->query();
$query = "UPDATE #__polls" . "\n SET voters = voters + 1" . "\n WHERE id = " . (int) $poll->id;
$database->setQuery($query);
$database->query();
$now = _CURRENT_SERVER_TIME;
$query = "INSERT INTO #__poll_date" . "\n SET date = " . $database->Quote($now) . ", vote_id = " . (int) $voteid . ", poll_id = " . (int) $poll->id;
$database->setQuery($query);
$database->query();
if ($redirect) {
mosRedirect(sefRelToAbs('index.php?option=com_poll&task=results&id=' . $uid), _THANKS);
} else {
echo '<h3>' . _THANKS . '</h3>';
echo '<form action="" method="GET">';
echo '<input class="button" type="button" value="' . _BUTTON_RESULTS . '" onClick="window.location=\'' . sefRelToAbs('index.php?option=com_poll&task=results&id=' . $uid) . '\'">';
echo '</form>';
}
}
/**
* Editmon object contructor.
*
* @return editmon
* @access public
*/
function editmon()
{
global $mosConfig_lifetime, $mainframe, $_SESSION;
$this->_lifetime = $mosConfig_lifetime;
if (is_callable(array('mosMainframe', 'sessionCookieName'))) {
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
// Session ID / `value`
$sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie);
$this->_session_id = $sessionValueCheck;
} else {
if (isset($mainframe) && is_object($mainframe->_session)) {
$this->_session_id = $mainframe->_session->session_id;
} else {
if (isset($_COOKIE['sessioncookie'])) {
$sessioncookie = $_COOKIE['sessioncookie'];
$this->_session_id = md5($sessioncookie . $_SERVER['REMOTE_ADDR']);
}
}
}
}
" );
//-->
</script>
<?php
}
if ($return && !(strpos($return, 'com_registration') || strpos($return, 'com_login'))) {
// checks for the presence of a return url
// and ensures that this url is not the registration or logout pages
mosRedirect($return);
} else {
mosRedirect($mosConfig_live_site . '/index.php');
}
} else {
if ($option == 'cookiecheck') {
// No cookie was set upon login. If it is set now, redirect to the given page. Otherwise, show error message.
if (isset($_COOKIE[mosMainFrame::sessionCookieName()])) {
mosRedirect($return);
} else {
mosErrorAlert(_ALERT_ENABLED);
}
}
}
}
// detect first visit
$mainframe->detect();
// set for overlib check
$mainframe->set('loadOverlib', false);
$gid = intval($my->gid);
// gets template for page
$cur_template = $mainframe->getTemplate();
/** temp fix - this feature is currently disabled */
/**
* Check if user session exists. Adapted from Joomla original code
*/
function shLookupSession()
{
global $mainframe;
return false;
// does not work in 1.5. Not needed anyway, as long as multilingual 303 redirect is not solved
$database =& JFactory::getDBO();
// initailize session variables
$session = new mosSession($database);
$option = strval(strtolower(JRequest::getVar('option')));
$mainframe = new mosMainFrame($database, $option, '.');
// purge expired sessions
$session->purge('core');
// can't purge as $mainframe is not initialized yet
// Session Cookie `name`
// WARNING : I am using the Hack from
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = strval(JRequest::getVar($sessionCookieName, null, 'COOKIE'));
// Session ID / `value`
$sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie);
// Check if existing session exists in db corresponding to Session cookie `value`
// extra check added in 1.0.8 to test sessioncookie value is of correct length
$ret = false;
if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) {
$ret = true;
}
unset($mainframe);
return $ret;
}
/**
* Shows the email form for a given content item.
* @param int The content item id
*/
function emailContentSend($uid, $gid)
{
global $database, $mainframe;
global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail;
$id = intval(mosGetParam($_REQUEST, 'id', 0));
if ($id) {
$query = 'SELECT attribs FROM #__content WHERE `id`=' . $id;
$database->setQuery($query);
$params = new mosParameters($database->loadResult());
} else {
$params = new mosParameters('');
}
$paramEmail = intval($params->get('email', 0));
if ($mosConfig_hideEmail && !$paramEmail) {
echo _NOT_AUTH;
return;
}
// simple spoof check security
josSpoofCheck(1);
// check for session cookie
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) {
mosErrorAlert(_NOT_AUTH);
}
$itemid = intval(mosGetParam($_POST, 'itemid', 0));
$now = _CURRENT_SERVER_TIME;
$nullDate = $database->getNullDate();
// query to check for state and access levels
$query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )";
$database->setQuery($query);
$row = NULL;
if ($database->loadObject($row)) {
/*
* check whether category is published
*/
if (!$row->cat_pub && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section is published
*/
if (!$row->sec_pub && $row->sectionid) {
mosNotAuth();
return;
}
/*
* check whether category access level allows access
*/
if ($row->cat_access > $gid && $row->catid) {
mosNotAuth();
return;
}
/*
* check whether section access level allows access
*/
if ($row->sec_access > $gid && $row->sectionid) {
mosNotAuth();
return;
}
$email = strval(mosGetParam($_POST, 'email', ''));
$yourname = strval(mosGetParam($_POST, 'yourname', ''));
$youremail = strval(mosGetParam($_POST, 'youremail', ''));
$subject = strval(mosGetParam($_POST, 'subject', ''));
if (empty($subject)) {
$subject = _EMAIL_INFO . ' ' . $yourname;
}
if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) {
mosErrorAlert(_EMAIL_ERR_NOINFO);
}
$query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0";
$database->setQuery($query);
$template = $database->loadResult();
// determine Itemid for Item
if ($itemid) {
$_itemid = '&Itemid=' . $itemid;
} else {
$itemid = $mainframe->getItemid($uid, 0, 0);
$_itemid = '&Itemid=' . $itemid;
}
// link sent in email
$link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid);
// message text
$msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link);
// mail function
$success = mosMail($youremail, $yourname, $email, $subject, $msg);
if (!$success) {
mosErrorAlert(_EMAIL_ERR_NOINFO);
}
HTML_content::emailSent($email, $template);
} else {
mosNotAuth();
return;
}
}
function sendmail($con_id, $option)
{
global $mainframe, $database, $Itemid;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_db;
// simple spoof check security
josSpoofCheck(1);
$query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE id = " . (int) $con_id;
$database->setQuery($query);
$contact = $database->loadObjectList();
if (count($contact) > 0) {
$default = $mosConfig_sitename . ' ' . _ENQUIRY;
$email = strval(mosGetParam($_POST, 'email', ''));
$text = strval(mosGetParam($_POST, 'text', ''));
$name = strval(mosGetParam($_POST, 'name', ''));
$subject = strval(mosGetParam($_POST, 'subject', $default));
$email_copy = strval(mosGetParam($_POST, 'email_copy', 0));
$menu = $mainframe->get('menu');
$mparams = new mosParameters($menu->params);
$bannedEmail = $mparams->get('bannedEmail', '');
$bannedSubject = $mparams->get('bannedSubject', '');
$bannedText = $mparams->get('bannedText', '');
$sessionCheck = $mparams->get('sessionCheck', 1);
// check for session cookie
if ($sessionCheck) {
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null);
if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) {
mosErrorAlert(_NOT_AUTH);
}
}
// Prevent form submission if one of the banned text is discovered in the email field
if ($bannedEmail) {
$bannedEmail = explode(';', $bannedEmail);
foreach ($bannedEmail as $value) {
if (stristr($email, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// Prevent form submission if one of the banned text is discovered in the subject field
if ($bannedSubject) {
$bannedSubject = explode(';', $bannedSubject);
foreach ($bannedSubject as $value) {
if (stristr($subject, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// Prevent form submission if one of the banned text is discovered in the text field
if ($bannedText) {
$bannedText = explode(';', $bannedText);
foreach ($bannedText as $value) {
if (stristr($text, $value)) {
mosErrorAlert(_NOT_AUTH);
}
}
}
// test to ensure that only one email address is entered
$check = explode('@', $email);
if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) {
mosErrorAlert(_CONTACT_MORE_THAN);
}
if (!$email || !$text || JosIsValidEmail($email) == false) {
mosErrorAlert(_CONTACT_FORM_NC);
}
$prefix = sprintf(_ENQUIRY_TEXT, $mosConfig_live_site);
$text = $prefix . "\n" . $name . ' <' . $email . '>' . "\n\n" . stripslashes($text);
$success = mosMail($email, $name, $contact[0]->email_to, $mosConfig_fromname . ': ' . $subject, $text);
if (!$success) {
mosErrorAlert(_CONTACT_FORM_NC);
}
// parameter check
$params = new mosParameters($contact[0]->params);
$emailcopyCheck = $params->get('email_copy', 0);
// check whether email copy function activated
if ($email_copy && $emailcopyCheck) {
$copy_text = sprintf(_COPY_TEXT, $contact[0]->name, $mosConfig_sitename);
$copy_text = $copy_text . "\n\n" . $text . '';
$copy_subject = _COPY_SUBJECT . $subject;
$success = mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $copy_subject, $copy_text);
if (!$success) {
mosErrorAlert(_CONTACT_FORM_NC);
}
}
$link = sefRelToAbs('index.php?option=com_contact&task=view&contact_id=' . $contact[0]->id . '&Itemid=' . $Itemid);
mosRedirect($link, _THANK_MESSAGE);
}
}
/**
* Returns the Joomla/Mambo Session ID
* @static
*/
function getSessionId()
{
global $mainframe;
// Joomla >= 1.0.8
if (is_callable(array('mosMainframe', 'sessionCookieName'))) {
// Session Cookie `name`
$sessionCookieName = mosMainFrame::sessionCookieName();
// Get Session Cookie `value`
$sessionCookie = vmGet($_COOKIE, $sessionCookieName, null);
// Session ID / `value`
return mosMainFrame::sessionCookieValue($sessionCookie);
} elseif (is_callable(array('mosSession', 'getCurrent'))) {
$session =& mosSession::getCurrent();
return $session->session_id;
} elseif (!empty($mainframe->_session->session_id)) {
// Set the sessioncookie if its missing
// this is needed for joomla sites only
return $mainframe->_session->session_id;
} else {
return session_id();
}
}
function remCookieName_Pass()
{
$value = mosHash('remembermecookiepassword' . mosMainFrame::sessionCookieName());
return $value;
}
