// don't send e-mail for approval
$use_news_approving = true;
//Preprocessing
if ($error == false) {
//get the news
$tplname = 'admin_addnews';
require $stylepath . '/news.inc.php';
require $stylepath . '/admin_addnews.inc.php';
$topicid = isset($_REQUEST['topic']) ? $_REQUEST['topic'] : 1;
$newstext = isset($_REQUEST['newstext']) ? stripslashes($_REQUEST['newstext']) : '';
$newshtml = isset($_REQUEST['newshtml']) ? $_REQUEST['newshtml'] : 0;
$email = isset($_REQUEST['email']) ? stripslashes($_REQUEST['email']) : '';
$emailok = false;
tpl_set_var('email_error', '');
if (isset($_REQUEST['submit'])) {
$emailok = Email::isValidEmail($email);
if ($emailok == true) {
// filtern und ausgabe vorbereiten
$tplname = 'admin_addnews_confirm';
if ($newshtml == 0) {
$newstext = htmlspecialchars($newstext, ENT_COMPAT, 'UTF-8');
} else {
require_once $rootpath . 'lib/class.inputfilter.php';
$myFilter = new InputFilter($allowedtags, $allowedattr, 0, 0, 1);
$newstext = $myFilter->process($newstext);
}
$rs = XDb::xSql("SELECT `name` FROM `news_topics` WHERE `id`= ? ", $topicid);
$r = XDb::xFetchArray($rs);
XDb::xFreeResults($rs);
$newscontent = $tpl_newstopic;
$newscontent = mb_ereg_replace('{date}', date('d.m.Y h:i:s', time()), $newscontent);
$longitude = -$longitude;
}
} else {
$longitude = null;
$lon_h_not_ok = false;
$lon_min_not_ok = false;
}
$lon_not_ok = $lon_min_not_ok || $lon_h_not_ok;
$lat_not_ok = $lat_min_not_ok || $lat_h_not_ok;
//check if username is in the DB
$username_exists = false;
$username_not_ok = mb_ereg_match(User::REGEX_USERNAME, $username) ? false : true;
if ($username_not_ok == false) {
// username should not be formatted like an email-address
// exception: $username == $email
$username_not_ok = Email::isValidEmail($email);
}
if ($username_not_ok) {
tpl_set_var('username_message', $error_username_not_ok);
} else {
if ($username != $usr['username']) {
$q = "SELECT `username` FROM `user` WHERE `username`=:1 LIMIT 1";
$s = $db->multiVariableQuery($q, $username);
if ($db->rowCount($s) > 0) {
$username_exists = true;
tpl_set_var('username_message', $error_username_exists);
}
}
}
if ($radius != '') {
$radius = $radius + 0;
//load language specific variables
require_once $stylepath . '/' . $tplname . '.inc.php';
tpl_set_var('new_email', '');
tpl_set_var('message', '');
tpl_set_var('email_message', '');
tpl_set_var('code_message', '');
tpl_set_var('change_email', $change_email);
tpl_set_var('reset', $reset);
tpl_set_var('getcode', $get_code);
if (isset($_POST['submit_getcode']) || isset($_POST['submit_changeemail'])) {
$new_email = $_POST['newemail'];
tpl_set_var('new_email', htmlspecialchars($new_email, ENT_COMPAT, 'UTF-8'));
//validate the email
$email_exists = false;
$new_email_not_ok = false;
if (!Email::isValidEmail($new_email)) {
$new_email_not_ok = true;
tpl_set_var('email_message', $error_email_not_ok);
} else {
//prüfen, ob email schon in der Datenbank vorhanden
$rs = XDb::xSql("SELECT `username` FROM `user` WHERE `email`= ? ", $new_email);
if (false !== XDb::xFetchArray($rs)) {
$email_exists = true;
tpl_set_var('email_message', $error_email_exists);
}
}
if (!$email_exists && !$new_email_not_ok) {
if (isset($_POST['submit_getcode'])) {
//send the secure code via email and store the new email in the database
$secure_code = uniqid('');
//code in DB eintragen