static function emailUser($option, $rowFrom, $rowTo, $allowPublic = 0, $name = '', $email = '', $subject = '', $message = '') { global $_CB_framework, $_PLUGINS, $ueConfig; $beforeResults = $_PLUGINS->trigger('onBeforeEmailUserForm', array(&$rowFrom, &$rowTo, 1, &$allowPublic, &$name, &$email, &$subject, &$message)); if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); window.history.go(-1); </script>\n"; exit; } if ($allowPublic && !$rowFrom->id) { $warning = CBTxt::T('IMPORTANT:<ol><li>Please be aware that emails may not be received by the intended users due to their email settings and spam filter.</li></ol>'); } else { $warning = CBTxt::Th('UE_EMAILFORMWARNING', 'IMPORTANT:<ol><li>Your email address on your profile is: <strong>%s</strong>.</li><li>Make sure that it is accurate and check your spam filter before sending, because the receiver will use it for his reply.</li><li>Please be aware that emails may not be received by the intended users due to their email settings and spam filter.</li></ol>'); } $pageTitle = CBTxt::T('SEND_MESSAGE_TO_NAME', 'Send message to [name]', array('[name]' => getNameFormat($rowTo->name, $rowTo->username, $ueConfig['name_format']))); if ($pageTitle) { $_CB_framework->setPageTitle($pageTitle); $_CB_framework->appendPathWay($pageTitle); } $afterResults = $_PLUGINS->trigger('onAfterEmailUserForm', array(&$rowFrom, &$rowTo, &$warning, 1, &$allowPublic, &$name, &$email, &$subject, &$message)); outputCbTemplate(1); cbValidator::loadValidation(); $pageClass = $_CB_framework->getMenuPageClass(); $return = '<div class="cbEmailUser cb_template cb_template_' . selectTemplate('dir') . ($pageClass ? ' ' . htmlspecialchars($pageClass) : null) . '">'; if ($rowFrom->id == $rowTo->id) { $return .= '<div class="page-header"><h3>' . CBTxt::Th('UE_NOSELFEMAIL', 'You are not allowed to send an email to yourself!') . '</h3></div>'; } else { $salt = cbMakeRandomString(16); $key = 'cbmv1_' . md5($salt . $rowTo->id . $rowTo->password . $rowTo->lastvisitDate . $rowFrom->password . $rowFrom->lastvisitDate) . '_' . $salt; $toUser = CBuser::getInstance((int) $rowTo->id); $return .= (CBTxt::Th('UE_EMAILFORMTITLE', 'Send a message via email to %s') ? '<div class="page-header"><h3>' . sprintf(CBTxt::Th('UE_EMAILFORMTITLE', 'Send a message via email to %s'), $toUser->getField('formatname', null, 'html', 'none', 'list', 0, true)) . '</h3></div>' : null) . '<form action="' . $_CB_framework->viewUrl('senduseremail') . '" method="post" id="adminForm" name="adminForm" class="cb_form form-auto cbValidation">'; if (is_array($beforeResults)) { $return .= implode('', $beforeResults); } if ($allowPublic && !$rowFrom->id) { $return .= '<div class="form-group cb_form_line clearfix">' . '<label for="emailName" class="col-sm-3 control-label">' . CBTxt::T('Name') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailName" id="emailName" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($name) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<label for="emailAddress" class="col-sm-3 control-label">' . CBTxt::T('Email Address') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailAddress" id="emailAddress" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($email) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>'; } $return .= '<div class="form-group cb_form_line clearfix">' . '<label for="emailSubject" class="col-sm-3 control-label">' . CBTxt::T('Subject') . '</label>' . '<div class="cb_field col-sm-9">' . '<input type="text" name="emailSubject" id="emailSubject" class="form-control required" size="50" maxlength="255" value="' . htmlspecialchars($subject) . '" />' . getFieldIcons(1, 1, null) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<label for="checkemail" class="col-sm-3 control-label">' . CBTxt::T('Message') . '</label>' . '<div class="cb_field col-sm-9">' . '<textarea name="emailBody" id="emailBody" class="form-control required" cols="50" rows="15">' . htmlspecialchars($message) . '</textarea>' . getFieldIcons(1, 1, null) . '</div>' . '</div>'; if (is_array($afterResults)) { $return .= '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . implode('', $afterResults) . '</div>' . '</div>'; } $return .= '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . sprintf($warning, $rowFrom->email) . '</div>' . '</div>' . '<div class="form-group cb_form_line clearfix">' . '<div class="col-sm-offset-3 col-sm-9">' . '<input type="submit" class="btn btn-primary cbEmailUserSubmit" value="' . htmlspecialchars(CBTxt::T('UE_SENDEMAIL', 'Send Email')) . '"' . cbValidator::getSubmitBtnHtmlAttributes() . ' />' . ' <input type="button" class="btn btn-default cbEmailUserCancel" value="' . htmlspecialchars(CBTxt::T('UE_CANCEL', 'Cancel')) . '" onclick="window.location=\'' . $_CB_framework->userProfileUrl((int) $rowTo->id) . '\'; return false;" />' . '</div>' . '</div>' . '<input type="hidden" name="fromID" value="' . (int) $rowFrom->id . '" />' . '<input type="hidden" name="toID" value="' . (int) $rowTo->id . '" />' . '<input type="hidden" name="protect" value="' . $key . '" />' . cbGetSpoofInputTag('emailuser') . cbGetAntiSpamInputTag(null, null, $allowPublic) . '</form>' . '</div>'; } echo $return; $_CB_framework->setMenuMeta(); }
/** * CB messaging spam protections: * * @param null $salt0 * @param null $salt1 * @param bool $allowPublic * @return array */ function cbGetAntiSpams($salt0 = null, $salt1 = null, $allowPublic = false) { global $_CB_framework; if ($salt0 === null || $salt1 === null) { $salt0 = cbMakeRandomString(32); $salt1 = $salt0; } $myId = (int) $_CB_framework->myId(); if (!$myId && $allowPublic) { $messageNumberSent = (int) $_CB_framework->getUserState('cb_message_number_sent', 0); $messageLastSent = $_CB_framework->getUserState('cb_message_last_sent', '0000-00-00 00:00:00'); $canSendMessage = true; } else { $user = CBuser::getMyUserDataInstance(); if ($user) { $messageNumberSent = (int) $user->message_number_sent; $messageLastSent = $user->message_last_sent; $canSendMessage = true; } else { $messageNumberSent = 0; $messageLastSent = '0000-00-00 00:00:00'; $canSendMessage = false; } } if (strlen($salt0) == 32 && strlen($salt1) == 32 && $canSendMessage) { $validate = array(); $validate[0] = 'cbsv1_' . md5($salt0 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $messageNumberSent . $messageLastSent . $_CB_framework->myId()) . '_' . $salt0; $validate[1] = 'cbsv1_' . md5($salt1 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $messageNumberSent . $messageLastSent . $_CB_framework->myUsername()) . '_' . $salt1; return $validate; } else { _cbExpiredSessionJSterminate(); exit; } }
function sendNewPass( $option ) { global $_CB_framework, $_CB_database, $ueConfig, $Itemid, $_PLUGINS, $_POST; // simple spoof check security cbSpoofCheck( 'lostPassForm' ); cbRegAntiSpamCheck(); $usernameExists = ( ( isset( $ueConfig['login_type'] ) ) && ( $ueConfig['login_type'] < 2 ) ); // ensure no malicous sql gets past $checkusername = trim( cbGetParam( $_POST, 'checkusername', '' ) ); $confirmEmail = trim( cbGetParam( $_POST, 'checkemail', '' ) ); $_PLUGINS->loadPluginGroup('user'); $_PLUGINS->trigger( 'onStartNewPassword', array( &$checkusername, &$confirmEmail )); if ($_PLUGINS->is_errors()) { cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' ); return; } $checkusername = stripslashes( $checkusername ); $confirmEmail = stripslashes( $confirmEmail ); // these two are used by _NEWPASS_SUB message below: $_live_site = $_CB_framework->getCfg( 'live_site' ); $_sitename = ""; // NEEDED BY _NEWPASS_SUB for sitename already added in subject by cbNotification class. was = $_CB_framework->getCfg( 'sitename' ); if ( $usernameExists && ( $confirmEmail != '' ) && ! $checkusername ) { $_CB_database->setQuery( "SELECT id, username FROM #__users" . "\n WHERE email = " . $_CB_database->Quote( $confirmEmail ) ); $userIdUsername = null; $result = $_CB_database->loadObjectList( $userIdUsername ); if ( $_CB_database->getErrorNum() || ( count( $result ) == 0 ) ) { cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), sprintf( _UE_EMAIL_DOES_NOT_EXISTS_ON_SITE, htmlspecialchars( $confirmEmail ) ), 'error' ); } foreach ( $result as $userIdUsername ) { $message = str_replace( '\n', "\n", sprintf( _UE_USERNAMEREMINDER_MSG, $_CB_framework->getCfg( 'sitename' ), $userIdUsername->username, $_live_site ) ); $subject = sprintf( _UE_USERNAMEREMINDER_SUB, $userIdUsername->username ); $_PLUGINS->trigger( 'onBeforeUsernameReminder', array( $userIdUsername->id, &$subject, &$message )); if ($_PLUGINS->is_errors()) { cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' ); return; } $cbNotification = new cbNotification(); $res = $cbNotification->sendFromSystem( $userIdUsername->id, $subject, $message ); if ( ! $res ) { break; } } $_PLUGINS->trigger( 'onAfterUsernameReminder', array( &$result, &$res ) ); if ( $res ) { cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_USERNAME_REMINDER_SENT, htmlspecialchars( $confirmEmail ) ) ); } else { cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_EMAIL_SENDING_ERROR ); } } elseif ( $confirmEmail != '' ) { if ( $usernameExists ) { $_CB_database->setQuery( "SELECT id FROM #__users" . "\n WHERE username = "******" AND email = " . $_CB_database->Quote( $confirmEmail ) ); } else { $_CB_database->setQuery( "SELECT id FROM #__users" . "\n WHERE email = " . $_CB_database->Quote( $confirmEmail ) ); } $user_id = $_CB_database->loadResult(); if ( ! $user_id ) { cbRedirect( cbSef( 'index.php?option=' . $option . '&task=lostPassword' . ( $Itemid ? '&Itemid=' . (int) $Itemid : '' ), false ), _ERROR_PASS ); } $newpass = cbMakeRandomString( 8, true ); // should be $user->setRandomPassword() but as this whole function needs to be redone to require clicking link for new password change, let's leave it for now. $message = str_replace( '\n', "\n", sprintf( _UE_NEWPASS_MSG, $checkusername, $_live_site, $newpass ) ); $subject = sprintf( _UE_NEWPASS_SUB, $checkusername ); $_PLUGINS->trigger( 'onBeforeNewPassword', array( $user_id, &$newpass, &$subject, &$message )); if ($_PLUGINS->is_errors()) { cbRedirect( cbSef("index.php?option=$option&task=lostPassword".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), $_PLUGINS->getErrorMSG(), 'error' ); return; } $cbNotification = new cbNotification(); $res = $cbNotification->sendFromSystem($user_id,$subject,$message); if ($res) { $_PLUGINS->trigger( 'onNewPassword', array($user_id,$newpass)); $cbUser = CBuser::getInstance( (int) $user_id ); $user = $cbUser->getUserData(); $newpass = $user->hashAndSaltPassword( $newpass ); $sql = "UPDATE #__users SET password = "******" WHERE id = " . (int) $user_id; $_CB_database->setQuery( $sql ); if (!$_CB_database->query()) { die("SQL error" . $_CB_database->stderr(true)); } cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), sprintf( _UE_NEWPASS_SENT, htmlspecialchars( $confirmEmail ) ) ); } else { cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ),_UE_NEWPASS_FAILED ); } } else { cbRedirect( cbSef("index.php?option=$option&task=done".($Itemid ? "&Itemid=". (int) $Itemid : ""), false ), _UE_NEWPASS_FAILED ); } }
/** * CB email to user spam protections: */ function cbGetAntiSpams($salt0 = null, $salt1 = null) { global $_CB_framework, $_CB_database; if ($salt0 === null || $salt1 === null) { $salt0 = cbMakeRandomString(32); $salt1 = $salt0; } $query = "SELECT message_number_sent, message_last_sent FROM #__comprofiler WHERE id = " . (int) $_CB_framework->myId(); $_CB_database->setQuery($query); $users = $_CB_database->loadObjectList(); if (!$_CB_database->getErrorNum() && strlen($salt0) == 32 && strlen($salt1) == 32 && count($users) == 1) { $message_number_sent = $users[0]->message_number_sent; $message_last_sent = $users[0]->message_last_sent; $validate = array(); $validate[0] = 'cbsv1_' . md5($salt0 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $message_number_sent . $message_last_sent . $_CB_framework->myId()) . '_' . $salt0; $validate[1] = 'cbsv1_' . md5($salt1 . $_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db') . $message_number_sent . $message_last_sent . $_CB_framework->myUsername()) . '_' . $salt1; return $validate; } else { _cbExpiredSessionJSterminate(); exit; } }
static function emailUser($option, $rowFrom, $rowTo, $subject = '', $message = '') { global $ueConfig, $_PLUGINS; if ($rowFrom->id == $rowTo->id) { echo "<div class=\"contentheading\" >" . _UE_NOSELFEMAIL . "</div>"; return; } HTML_comprofiler::outputMosFormVal('#adminForm'); $_PLUGINS->loadPluginGroup('user'); $results = $_PLUGINS->trigger('onBeforeEmailUserForm', array(&$rowFrom, &$rowTo, 1)); //$ui=1 if ($_PLUGINS->is_errors()) { echo "<script type=\"text/javascript\">alert(\"" . $_PLUGINS->getErrorMSG() . "\"); window.history.go(-1); </script>\n"; exit; } ?> <div style="text-align:left;"> <div class="componentheading" ><?php echo sprintf(_UE_EMAILFORMTITLE, "<a href=\"" . cbSef("index.php?option=com_comprofiler&task=userProfile&user="******"\">" . getNameFormat($rowTo->name, $rowTo->username, $ueConfig['name_format']) . "</a>"); ?> </div> <form action="<?php echo cbSef("index.php?option={$option}" . getCBprofileItemid(true)); ?> " method="post" id="adminForm" name="adminForm"> <br /><?php echo _UE_EMAILFORMSUBJECT; ?> <br /> <?php if (is_array($results)) { echo implode("<br />", $results); } ?> <input mosReq="1" mosLabel="<?php echo htmlspecialchars(_UE_EMAILFORMSUBJECT); ?> " type="text" class="inputbox" name="emailSubject" size="50" value="<?php echo htmlspecialchars($subject); ?> " /><?php echo getFieldIcons(1, 1, null); ?> <br /> <br /><?php echo _UE_EMAILFORMMESSAGE; ?> <br /> <textarea mosReq="1" mosLabel='<?php echo htmlspecialchars(_UE_EMAILFORMMESSAGE); ?> ' class="inputbox" name="emailBody" cols="50" rows="15" ><?php echo htmlspecialchars($message); ?> </textarea><?php echo getFieldIcons(1, 1, null); echo '<br />'; $warning = _UE_EMAILFORMWARNING; $results = $_PLUGINS->trigger('onAfterEmailUserForm', array(&$rowFrom, &$rowTo, &$warning, 1)); //$ui=1 if (is_array($results)) { echo implode("<br />", $results); } ?> <div><?php echo sprintf($warning, $rowFrom->email); ?> </div> <input type="hidden" name="fromID" value="<?php echo $rowFrom->id; ?> " /> <input type="hidden" name="toID" value="<?php echo $rowTo->id; ?> " /> <input type="hidden" name="protect" value="<?php $salt = cbMakeRandomString(16); echo 'cbmv1_' . md5($salt . $rowTo->id . $rowTo->password . $rowTo->lastvisitDate . $rowFrom->password . $rowFrom->lastvisitDate) . '_' . $salt; ?> " /> <?php echo cbGetSpoofInputTag('emailUser'); echo "\t\t" . cbGetAntiSpamInputTag(); ?> <input type="hidden" name="option" value="<?php echo $option; ?> " /> <input type="hidden" name="task" value="sendUserEmail" /> <input type="submit" class="button" value="<?php echo _UE_SENDEMAIL; ?> " /> </form> </div> <div style="align:center;"> <?php echo getFieldIcons(1, 1, null, '', '', 2); ?> </div> <?php }
function _setActivationCode() { global $_CB_framework; $randomHash = md5(cbMakeRandomString()); $scrambleSeed = (int) hexdec(substr(md5($_CB_framework->getCfg('secret') . $_CB_framework->getCfg('db')), 0, 7)); $scrambledId = $scrambleSeed ^ (int) $this->id; $this->cbactivation = 'reg' . $randomHash . sprintf('%08x', $scrambledId); // for CMS compatibility (and JFusion compatibility): $this->activation = $randomHash; }
/** * Generates the HTML to display the user profile tab * @param moscomprofilerTab $tab the tab database entry * @param moscomprofilerUser $user the user being displayed * @param int $ui 1 for front-end, 2 for back-end * @return mixed either string HTML for tab content, or false if ErrorMSG generated */ function getDisplayTab($tab,$user,$ui) { global $_CB_framework, $_POST, $_CB_OneTwoRowsStyleToggle; if ( ! $_CB_framework->myId() ) { return null; } $return = ""; $params = $this->params; $pmsType = $params->get('pmsType', '1'); $showTitle = $params->get('showTitle', "1"); $showSubject = $params->get('showSubject', "1"); $width = $params->get('width', "30"); $height = $params->get('height', "5"); $capabilities = $this->getPMScapabilites(); if (!$this->_checkPMSinstalled($pmsType) || ($capabilities === false)) { return false; } if ($_CB_framework->myId() == $user->id) { return null; } $newsub = null; $newmsg = null; // send PMS from this tab form input: if ( cbGetParam( $_POST, $this->_getPagingParamName("sndnewmsg") ) == _UE_PM_SENDMESSAGE ) { $sender = $this->_getReqParam("sender", null); $recip = $this->_getReqParam("recip", null); if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) ) { cbSpoofCheck( 'pms' ); $newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam if($pmsType=='3' || $pmsType=='4') { $newmsg = $this->_getReqParam("newmsg", null); } else { $newmsg = htmlspecialchars($this->_getReqParam("newmsg", null)); //don't allow html input on user profile! } if ( ( $newsub || $newmsg ) && isset( $_POST[$this->_getPagingParamName( "protect" )] ) ) { $parts = explode( '_', $this->_getReqParam('protect', '' ) ); if ( ( count( $parts ) == 3 ) && ( $parts[0] == 'cbpms1' ) && ( strlen( $parts[2] ) == 32 ) && ( $parts[1] == md5($parts[2].$user->id.$user->lastvisitDate) ) ) { if (!$newsub && $capabilities["subject"]) $newsub = _UE_PM_PROFILEMSG; if ($this->sendUserPMS($recip, $sender, $newsub, $newmsg, $systemGenerated=false, $escaped=true)) { $return .= "\n<script type='text/javascript'>alert('"._UE_PM_SENTSUCCESS."')</script>"; $newsub = null; $newmsg = null; } else { $return .= "\n<script type='text/javascript'>alert('".$this->getErrorMSG()."')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('"._UE_SESSIONTIMEOUT." "._UE_PM_NOTSENT." "._UE_TRYAGAIN."')</script>"; } } else { $return .= "\n<script type='text/javascript'>alert('"._UE_PM_EMPTYMESSAGE." "._UE_PM_NOTSENT."')</script>"; } } } // display Quick Message tab: $return .= "\n\t<div class=\"sectiontableentry".$_CB_OneTwoRowsStyleToggle."\" style=\"padding-bottom:5px;\">\n"; $_CB_OneTwoRowsStyleToggle = ($_CB_OneTwoRowsStyleToggle == 1 ? 2 : 1); if($showTitle) $return .= "\t\t<div class=\"titleCell\" style=\"align: left; text-align:left; margin-left: 0px;\">" .cbUnHtmlspecialchars(getLangDefinition($tab->title)).(($showSubject && $capabilities["subject"])?"" : ":")."</div>\n"; $return .= $this->_writeTabDescription( $tab, $user ); $base_url = $this->_getAbsURLwithParam(array()); $return .= '<form method="post" action="'.$base_url.'">'; $return .= '<table cellspacing="0" cellpadding="5" class="contentpane" style="border:0px;align:left;width:90%;">'; if ($showSubject && $capabilities["subject"]) { $return .= '<tr><td><b>'._UE_EMAILFORMSUBJECT.'</b></td>'; $return .= '<td><input type="text" class="inputbox" name="'.$this->_getPagingParamName("newsub") .'" size="'.($width-8).'" value="'.stripslashes($newsub).'" /></td></tr>'; $return .= '<tr class="sectiontableentry1"><td colspan="2"><b>'._UE_EMAILFORMMESSAGE.'</b></td></tr>'; } $return .= '<tr><td colspan="2"><textarea name="'.$this->_getPagingParamName("newmsg") .'" class="inputbox" rows="'.$height.'" cols="'.$width.'">'.stripslashes($newmsg).'</textarea></td></tr>'; $return .= '<tr><td colspan="2"><input type="submit" class="button" name="'.$this->_getPagingParamName("sndnewmsg").'" value="'._UE_PM_SENDMESSAGE.'" /></td></tr>'; $return .= '</table>'; $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("sender")."\" value=\"" . $_CB_framework->myId() . "\" />"; $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("recip")."\" value=\"$user->id\" />"; $salt = cbMakeRandomString( 32 ); $return .= "<input type=\"hidden\" name=\"".$this->_getPagingParamName("protect")."\" value=\"" . 'cbpms1_' . md5($salt.$user->id.$user->lastvisitDate) . '_' . $salt . "\" />"; $return .= cbGetSpoofInputTag( 'pms' ); $return .= '</form>'; $return .= "</div>"; return $return; }