/** * Displays the capture output of the main element */ function mosMainBody() { global $mosConfig_live_site; // message passed via the url $mosmsg = stripslashes(strval(mosGetParam($_REQUEST, 'mosmsg', ''))); $popMessages = false; // Browser Check $browserCheck = 0; if (isset($_SERVER['HTTP_USER_AGENT']) && isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $mosConfig_live_site) !== false) { $browserCheck = 1; } // Session Check $sessionCheck = 0; // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (strlen($sessioncookie) == 32 || $sessioncookie == '-') { $sessionCheck = 1; } // limit mosmsg to 150 characters if (strlen($mosmsg) > 150) { $mosmsg = substr($mosmsg, 0, 150); } // mosmsg outputed within html if ($mosmsg && !$popMessages && $browserCheck && $sessionCheck) { echo "\n<div class=\"message\">{$mosmsg}</div>"; } echo $GLOBALS['_MOS_OPTION']['buffer']; // mosmsg outputed in JS Popup if ($mosmsg && $popMessages && $browserCheck && $sessionCheck) { echo "\n<script language=\"javascript\">alert('" . addslashes($mosmsg) . "');</script>"; } }
function getSessionToken() { // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = zmgGetParam($_COOKIE, $sessionCookieName, null); // Session ID / `value` return mosMainFrame::sessionCookieValue($sessioncookie); }
function pollAddVote($uid) { global $database; // simple spoof check security josSpoofCheck(0, 'poll'); $redirect = 1; $sessionCookieName = mosMainFrame::sessionCookieName(); $sessioncookie = mosGetParam($_REQUEST, $sessionCookieName, ''); if (!$sessioncookie) { echo '<h3>' . _ALERT_ENABLED . '</h3>'; echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">'; return; } $poll = new mosPoll($database); if (!$poll->load((int) $uid)) { echo '<h3>' . _NOT_AUTH . '</h3>'; echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">'; return; } $cookiename = "voted{$poll->id}"; $voted = mosGetParam($_COOKIE, $cookiename, '0'); if ($voted) { echo "<h3>" . _ALREADY_VOTE . "</h3>"; echo "<input class=\"button\" type=\"button\" value=\"" . _CMN_CONTINUE . "\" onClick=\"window.history.go(-1);\">"; return; } $voteid = intval(mosGetParam($_POST, 'voteid', 0)); if (!$voteid) { echo "<h3>" . _NO_SELECTION . "</h3>"; echo '<input class="button" type="button" value="' . _CMN_CONTINUE . '" onClick="window.history.go(-1);">'; return; } setcookie($cookiename, '1', time() + $poll->lag); $query = "UPDATE #__poll_data" . "\n SET hits = hits + 1" . "\n WHERE pollid = " . (int) $poll->id . "\n AND id = " . (int) $voteid; $database->setQuery($query); $database->query(); $query = "UPDATE #__polls" . "\n SET voters = voters + 1" . "\n WHERE id = " . (int) $poll->id; $database->setQuery($query); $database->query(); $now = _CURRENT_SERVER_TIME; $query = "INSERT INTO #__poll_date" . "\n SET date = " . $database->Quote($now) . ", vote_id = " . (int) $voteid . ", poll_id = " . (int) $poll->id; $database->setQuery($query); $database->query(); if ($redirect) { mosRedirect(sefRelToAbs('index.php?option=com_poll&task=results&id=' . $uid), _THANKS); } else { echo '<h3>' . _THANKS . '</h3>'; echo '<form action="" method="GET">'; echo '<input class="button" type="button" value="' . _BUTTON_RESULTS . '" onClick="window.location=\'' . sefRelToAbs('index.php?option=com_poll&task=results&id=' . $uid) . '\'">'; echo '</form>'; } }
/** * Editmon object contructor. * * @return editmon * @access public */ function editmon() { global $mosConfig_lifetime, $mainframe, $_SESSION; $this->_lifetime = $mosConfig_lifetime; if (is_callable(array('mosMainframe', 'sessionCookieName'))) { // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); $this->_session_id = $sessionValueCheck; } else { if (isset($mainframe) && is_object($mainframe->_session)) { $this->_session_id = $mainframe->_session->session_id; } else { if (isset($_COOKIE['sessioncookie'])) { $sessioncookie = $_COOKIE['sessioncookie']; $this->_session_id = md5($sessioncookie . $_SERVER['REMOTE_ADDR']); } } } }
" ); //--> </script> <?php } if ($return && !(strpos($return, 'com_registration') || strpos($return, 'com_login'))) { // checks for the presence of a return url // and ensures that this url is not the registration or logout pages mosRedirect($return); } else { mosRedirect($mosConfig_live_site . '/index.php'); } } else { if ($option == 'cookiecheck') { // No cookie was set upon login. If it is set now, redirect to the given page. Otherwise, show error message. if (isset($_COOKIE[mosMainFrame::sessionCookieName()])) { mosRedirect($return); } else { mosErrorAlert(_ALERT_ENABLED); } } } } // detect first visit $mainframe->detect(); // set for overlib check $mainframe->set('loadOverlib', false); $gid = intval($my->gid); // gets template for page $cur_template = $mainframe->getTemplate(); /** temp fix - this feature is currently disabled */
/** * Check if user session exists. Adapted from Joomla original code */ function shLookupSession() { global $mainframe; return false; // does not work in 1.5. Not needed anyway, as long as multilingual 303 redirect is not solved $database =& JFactory::getDBO(); // initailize session variables $session = new mosSession($database); $option = strval(strtolower(JRequest::getVar('option'))); $mainframe = new mosMainFrame($database, $option, '.'); // purge expired sessions $session->purge('core'); // can't purge as $mainframe is not initialized yet // Session Cookie `name` // WARNING : I am using the Hack from $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = strval(JRequest::getVar($sessionCookieName, null, 'COOKIE')); // Session ID / `value` $sessionValueCheck = mosMainFrame::sessionCookieValue($sessioncookie); // Check if existing session exists in db corresponding to Session cookie `value` // extra check added in 1.0.8 to test sessioncookie value is of correct length $ret = false; if ($sessioncookie && strlen($sessioncookie) == 32 && $sessioncookie != '-' && $session->load($sessionValueCheck)) { $ret = true; } unset($mainframe); return $ret; }
/** * Shows the email form for a given content item. * @param int The content item id */ function emailContentSend($uid, $gid) { global $database, $mainframe; global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_hideEmail; $id = intval(mosGetParam($_REQUEST, 'id', 0)); if ($id) { $query = 'SELECT attribs FROM #__content WHERE `id`=' . $id; $database->setQuery($query); $params = new mosParameters($database->loadResult()); } else { $params = new mosParameters(''); } $paramEmail = intval($params->get('email', 0)); if ($mosConfig_hideEmail && !$paramEmail) { echo _NOT_AUTH; return; } // simple spoof check security josSpoofCheck(1); // check for session cookie // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) { mosErrorAlert(_NOT_AUTH); } $itemid = intval(mosGetParam($_POST, 'itemid', 0)); $now = _CURRENT_SERVER_TIME; $nullDate = $database->getNullDate(); // query to check for state and access levels $query = "SELECT a.*, cc.name AS category, s.name AS section, s.published AS sec_pub, cc.published AS cat_pub," . "\n s.access AS sec_access, cc.access AS cat_access, s.id AS sec_id, cc.id as cat_id" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope = 'content'" . "\n WHERE a.id = " . (int) $uid . "\n AND a.state = 1" . "\n AND a.access <= " . (int) $gid . "\n AND ( a.publish_up = " . $database->Quote($nullDate) . " OR a.publish_up <= " . $database->Quote($now) . " )" . "\n AND ( a.publish_down = " . $database->Quote($nullDate) . " OR a.publish_down >= " . $database->Quote($now) . " )"; $database->setQuery($query); $row = NULL; if ($database->loadObject($row)) { /* * check whether category is published */ if (!$row->cat_pub && $row->catid) { mosNotAuth(); return; } /* * check whether section is published */ if (!$row->sec_pub && $row->sectionid) { mosNotAuth(); return; } /* * check whether category access level allows access */ if ($row->cat_access > $gid && $row->catid) { mosNotAuth(); return; } /* * check whether section access level allows access */ if ($row->sec_access > $gid && $row->sectionid) { mosNotAuth(); return; } $email = strval(mosGetParam($_POST, 'email', '')); $yourname = strval(mosGetParam($_POST, 'yourname', '')); $youremail = strval(mosGetParam($_POST, 'youremail', '')); $subject = strval(mosGetParam($_POST, 'subject', '')); if (empty($subject)) { $subject = _EMAIL_INFO . ' ' . $yourname; } if ($uid < 1 || !$email || !$youremail || JosIsValidEmail($email) == false || JosIsValidEmail($youremail) == false) { mosErrorAlert(_EMAIL_ERR_NOINFO); } $query = "SELECT template" . "\n FROM #__templates_menu" . "\n WHERE client_id = 0" . "\n AND menuid = 0"; $database->setQuery($query); $template = $database->loadResult(); // determine Itemid for Item if ($itemid) { $_itemid = '&Itemid=' . $itemid; } else { $itemid = $mainframe->getItemid($uid, 0, 0); $_itemid = '&Itemid=' . $itemid; } // link sent in email $link = sefRelToAbs('index.php?option=com_content&task=view&id=' . $uid . $_itemid); // message text $msg = sprintf(_EMAIL_MSG, html_entity_decode($mosConfig_sitename, ENT_QUOTES), $yourname, $youremail, $link); // mail function $success = mosMail($youremail, $yourname, $email, $subject, $msg); if (!$success) { mosErrorAlert(_EMAIL_ERR_NOINFO); } HTML_content::emailSent($email, $template); } else { mosNotAuth(); return; } }
function sendmail($con_id, $option) { global $mainframe, $database, $Itemid; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_db; // simple spoof check security josSpoofCheck(1); $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE id = " . (int) $con_id; $database->setQuery($query); $contact = $database->loadObjectList(); if (count($contact) > 0) { $default = $mosConfig_sitename . ' ' . _ENQUIRY; $email = strval(mosGetParam($_POST, 'email', '')); $text = strval(mosGetParam($_POST, 'text', '')); $name = strval(mosGetParam($_POST, 'name', '')); $subject = strval(mosGetParam($_POST, 'subject', $default)); $email_copy = strval(mosGetParam($_POST, 'email_copy', 0)); $menu = $mainframe->get('menu'); $mparams = new mosParameters($menu->params); $bannedEmail = $mparams->get('bannedEmail', ''); $bannedSubject = $mparams->get('bannedSubject', ''); $bannedText = $mparams->get('bannedText', ''); $sessionCheck = $mparams->get('sessionCheck', 1); // check for session cookie if ($sessionCheck) { // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessioncookie = mosGetParam($_COOKIE, $sessionCookieName, null); if (!(strlen($sessioncookie) == 32 || $sessioncookie == '-')) { mosErrorAlert(_NOT_AUTH); } } // Prevent form submission if one of the banned text is discovered in the email field if ($bannedEmail) { $bannedEmail = explode(';', $bannedEmail); foreach ($bannedEmail as $value) { if (stristr($email, $value)) { mosErrorAlert(_NOT_AUTH); } } } // Prevent form submission if one of the banned text is discovered in the subject field if ($bannedSubject) { $bannedSubject = explode(';', $bannedSubject); foreach ($bannedSubject as $value) { if (stristr($subject, $value)) { mosErrorAlert(_NOT_AUTH); } } } // Prevent form submission if one of the banned text is discovered in the text field if ($bannedText) { $bannedText = explode(';', $bannedText); foreach ($bannedText as $value) { if (stristr($text, $value)) { mosErrorAlert(_NOT_AUTH); } } } // test to ensure that only one email address is entered $check = explode('@', $email); if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) { mosErrorAlert(_CONTACT_MORE_THAN); } if (!$email || !$text || JosIsValidEmail($email) == false) { mosErrorAlert(_CONTACT_FORM_NC); } $prefix = sprintf(_ENQUIRY_TEXT, $mosConfig_live_site); $text = $prefix . "\n" . $name . ' <' . $email . '>' . "\n\n" . stripslashes($text); $success = mosMail($email, $name, $contact[0]->email_to, $mosConfig_fromname . ': ' . $subject, $text); if (!$success) { mosErrorAlert(_CONTACT_FORM_NC); } // parameter check $params = new mosParameters($contact[0]->params); $emailcopyCheck = $params->get('email_copy', 0); // check whether email copy function activated if ($email_copy && $emailcopyCheck) { $copy_text = sprintf(_COPY_TEXT, $contact[0]->name, $mosConfig_sitename); $copy_text = $copy_text . "\n\n" . $text . ''; $copy_subject = _COPY_SUBJECT . $subject; $success = mosMail($mosConfig_mailfrom, $mosConfig_fromname, $email, $copy_subject, $copy_text); if (!$success) { mosErrorAlert(_CONTACT_FORM_NC); } } $link = sefRelToAbs('index.php?option=com_contact&task=view&contact_id=' . $contact[0]->id . '&Itemid=' . $Itemid); mosRedirect($link, _THANK_MESSAGE); } }
/** * Returns the Joomla/Mambo Session ID * @static */ function getSessionId() { global $mainframe; // Joomla >= 1.0.8 if (is_callable(array('mosMainframe', 'sessionCookieName'))) { // Session Cookie `name` $sessionCookieName = mosMainFrame::sessionCookieName(); // Get Session Cookie `value` $sessionCookie = vmGet($_COOKIE, $sessionCookieName, null); // Session ID / `value` return mosMainFrame::sessionCookieValue($sessionCookie); } elseif (is_callable(array('mosSession', 'getCurrent'))) { $session =& mosSession::getCurrent(); return $session->session_id; } elseif (!empty($mainframe->_session->session_id)) { // Set the sessioncookie if its missing // this is needed for joomla sites only return $mainframe->_session->session_id; } else { return session_id(); } }
function remCookieName_Pass() { $value = mosHash('remembermecookiepassword' . mosMainFrame::sessionCookieName()); return $value; }