// don't send e-mail for approval
 $use_news_approving = true;
 //Preprocessing
 if ($error == false) {
     //get the news
     $tplname = 'admin_addnews';
     require $stylepath . '/news.inc.php';
     require $stylepath . '/admin_addnews.inc.php';
     $topicid = isset($_REQUEST['topic']) ? $_REQUEST['topic'] : 1;
     $newstext = isset($_REQUEST['newstext']) ? stripslashes($_REQUEST['newstext']) : '';
     $newshtml = isset($_REQUEST['newshtml']) ? $_REQUEST['newshtml'] : 0;
     $email = isset($_REQUEST['email']) ? stripslashes($_REQUEST['email']) : '';
     $emailok = false;
     tpl_set_var('email_error', '');
     if (isset($_REQUEST['submit'])) {
         $emailok = Email::isValidEmail($email);
         if ($emailok == true) {
             // filtern und ausgabe vorbereiten
             $tplname = 'admin_addnews_confirm';
             if ($newshtml == 0) {
                 $newstext = htmlspecialchars($newstext, ENT_COMPAT, 'UTF-8');
             } else {
                 require_once $rootpath . 'lib/class.inputfilter.php';
                 $myFilter = new InputFilter($allowedtags, $allowedattr, 0, 0, 1);
                 $newstext = $myFilter->process($newstext);
             }
             $rs = XDb::xSql("SELECT `name` FROM `news_topics` WHERE `id`= ? ", $topicid);
             $r = XDb::xFetchArray($rs);
             XDb::xFreeResults($rs);
             $newscontent = $tpl_newstopic;
             $newscontent = mb_ereg_replace('{date}', date('d.m.Y h:i:s', time()), $newscontent);
Exemple #2
0
         $longitude = -$longitude;
     }
 } else {
     $longitude = null;
     $lon_h_not_ok = false;
     $lon_min_not_ok = false;
 }
 $lon_not_ok = $lon_min_not_ok || $lon_h_not_ok;
 $lat_not_ok = $lat_min_not_ok || $lat_h_not_ok;
 //check if username is in the DB
 $username_exists = false;
 $username_not_ok = mb_ereg_match(User::REGEX_USERNAME, $username) ? false : true;
 if ($username_not_ok == false) {
     // username should not be formatted like an email-address
     // exception: $username == $email
     $username_not_ok = Email::isValidEmail($email);
 }
 if ($username_not_ok) {
     tpl_set_var('username_message', $error_username_not_ok);
 } else {
     if ($username != $usr['username']) {
         $q = "SELECT `username` FROM `user` WHERE `username`=:1 LIMIT 1";
         $s = $db->multiVariableQuery($q, $username);
         if ($db->rowCount($s) > 0) {
             $username_exists = true;
             tpl_set_var('username_message', $error_username_exists);
         }
     }
 }
 if ($radius != '') {
     $radius = $radius + 0;
Exemple #3
0
 //load language specific variables
 require_once $stylepath . '/' . $tplname . '.inc.php';
 tpl_set_var('new_email', '');
 tpl_set_var('message', '');
 tpl_set_var('email_message', '');
 tpl_set_var('code_message', '');
 tpl_set_var('change_email', $change_email);
 tpl_set_var('reset', $reset);
 tpl_set_var('getcode', $get_code);
 if (isset($_POST['submit_getcode']) || isset($_POST['submit_changeemail'])) {
     $new_email = $_POST['newemail'];
     tpl_set_var('new_email', htmlspecialchars($new_email, ENT_COMPAT, 'UTF-8'));
     //validate the email
     $email_exists = false;
     $new_email_not_ok = false;
     if (!Email::isValidEmail($new_email)) {
         $new_email_not_ok = true;
         tpl_set_var('email_message', $error_email_not_ok);
     } else {
         //prüfen, ob email schon in der Datenbank vorhanden
         $rs = XDb::xSql("SELECT `username` FROM `user` WHERE `email`= ? ", $new_email);
         if (false !== XDb::xFetchArray($rs)) {
             $email_exists = true;
             tpl_set_var('email_message', $error_email_exists);
         }
     }
     if (!$email_exists && !$new_email_not_ok) {
         if (isset($_POST['submit_getcode'])) {
             //send the secure code via email and store the new email in the database
             $secure_code = uniqid('');
             //code in DB eintragen