/**
* Выполнить аутентификацию
*
* @param string $mail почта
* @param string $password пароль
* @param bool $autologin помнить на сайте
* @throws UserException Пользователь не существует
* @throws UserException Неверный пароль
* @throws UserException Пользователь не активирован
* @throws UserException Неверный формат почты
*/
public function authentication($mail, $password, $autologin = false, $isMd5 = false)
{
$bad = true;
if (checkMail($mail)) {
$res = $this->_sql->query("SELECT `id` , `mail` , `password` , INET_NTOA( `ip` ) AS `ip` , `register_date` , `name` , `second_name` , `gender` , `burthday` , `photo` , `country` , `region` , `city` , `street` , `utc_time` , `state` , `status` FROM `SITE_USERS` WHERE `mail`='{$mail}'");
$userResult = $this->_sql->GetRows($res);
if ($userResult == NULL) {
throw new UserException($mail, UserException::USR_NOT_EXSIST);
}
$userResult = $userResult[0];
$this->userID = $userResult["id"];
if (!$isMd5) {
$password = md5($password);
}
if ($userResult["password"] != $password) {
throw new UserException($mail, UserException::USR_PASSWORD_INCORRECT);
} else {
if ($this->checkIfActivated($userResult)) {
if ($autologin) {
setcookie("sec", md5($this->userID) . md5($userResult["mail"]), time() + 221356800, "/");
setcookie("id", $this->userID, time() + 221356800, "/");
}
$_SESSION["user"] = $userResult;
} else {
throw new UserException($mail, UserException::USR_NOT_ACTIVATED);
}
}
} else {
throw new UserException($mail, UserException::USR_NAME_INCORRECT);
}
return true;
}
function addComment($params)
{
$name = isset($_POST['comname']) ? addslashes(trim($_POST['comname'])) : '';
$content = isset($_POST['comment']) ? addslashes(trim($_POST['comment'])) : '';
$mail = isset($_POST['commail']) ? addslashes(trim($_POST['commail'])) : '';
$url = isset($_POST['comurl']) ? addslashes(trim($_POST['comurl'])) : '';
$imgcode = isset($_POST['imgcode']) ? addslashes(trim(strtoupper($_POST['imgcode']))) : '';
$blogId = isset($_POST['gid']) ? intval($_POST['gid']) : -1;
$pid = isset($_POST['pid']) ? intval($_POST['pid']) : 0;
if (ISLOGIN === true) {
$CACHE = Cache::getInstance();
$user_cache = $CACHE->readCache('user');
$name = addslashes($user_cache[UID]['name_orig']);
$mail = addslashes($user_cache[UID]['mail']);
$url = addslashes(BLOG_URL);
}
if ($url && strncasecmp($url, 'http', 4)) {
$url = 'http://' . $url;
}
doAction('comment_post');
$Comment_Model = new Comment_Model();
$Comment_Model->setCommentCookie($name, $mail, $url);
if ($Comment_Model->isLogCanComment($blogId) === false) {
emMsg('评论失败:该文章已关闭评论');
} elseif ($Comment_Model->isCommentExist($blogId, $name, $content) === true) {
emMsg('评论失败:已存在相同内容评论');
} elseif (ROLE == ROLE_VISITOR && $Comment_Model->isCommentTooFast() === true) {
emMsg('评论失败:您提交评论的速度太快了,请稍后再发表评论');
} elseif (empty($name)) {
emMsg('评论失败:请填写姓名');
} elseif (strlen($name) > 20) {
emMsg('评论失败:姓名不符合规范');
} elseif ($mail != '' && !checkMail($mail)) {
emMsg('评论失败:邮件地址不符合规范');
} elseif (ISLOGIN == false && $Comment_Model->isNameAndMailValid($name, $mail) === false) {
emMsg('评论失败:禁止使用管理员昵称或邮箱评论');
} elseif (!empty($url) && preg_match("/^(http|https)\\:\\/\\/[^<>'\"]*\$/", $url) == false) {
emMsg('评论失败:主页地址不符合规范', 'javascript:history.back(-1);');
} elseif (empty($content)) {
emMsg('评论失败:请填写评论内容');
} elseif (strlen($content) > 8000) {
emMsg('评论失败:内容不符合规范');
} elseif (ROLE == ROLE_VISITOR && Option::get('comment_needchinese') == 'y' && !preg_match('/[\\x{4e00}-\\x{9fa5}]/iu', $content)) {
emMsg('评论失败:评论内容需包含中文');
} elseif (ISLOGIN == false && Option::get('comment_code') == 'y' && session_start() && (empty($imgcode) || $imgcode !== $_SESSION['code'])) {
emMsg('评论失败:验证码错误');
} else {
$_SESSION['code'] = null;
$Comment_Model->addComment($name, $content, $mail, $url, $imgcode, $blogId, $pid);
}
}
/**
* Зарегистрировать нового пользователя в системе
*
* @param string $mail Почта
* @param string $password Пароль
* @param string $name Имя
* @param string $surname Фамилия
* @param string $burthday Дата рождения
* @param bool $gender Пол
* @param integer $ip IP
* @throws UserException Если пользователь уже существует
* @throws UserException Если неверна дата рождения
* @throws UserException Не заполнены имя и фамилия
* @throws UserException Неверный формат почты
*/
public function register($mail, $password, $name, $surname, $burthday, $gender, $ip)
{
if (checkMail($mail)) {
if ($this->checkIfExsist($mail)) {
throw new UserException($mail, UserException::USR_ALREADY_EXIST);
}
if (!checkDateFormat($burthday)) {
throw new UserException($mail, UserException::USR_CHECK_BURTHDAY);
} else {
if ($name == "" && $surname == "") {
throw new UserException($mail, UserException::USR_NAME_EMPTY);
}
}
$textPassword = $password;
$password = md5($password);
$date = date("Y-m-d");
$query = "\r\n INSERT INTO `SITE_USERS` SET\r\n `mail`='{$mail}',\r\n `password`='{$password}',\r\n `ip`={$ip},\r\n `register_date`='{$date}',\r\n `name`='{$name}',\r\n `second_name`='{$surname}',\r\n `gender`={$gender},\r\n `burthday`='{$burthday}'\r\n ";
$this->_sql->query($query);
$querySelectId = $this->_sql->selFieldsWhere("SITE_USERS", "`mail`='{$mail}'", "id");
$arr = $this->_sql->GetRows($querySelectId);
$id = $arr[0]["id"];
$activationKey = $this->generateActivationKey(7);
$insertActivationRowData = array($id, $activationKey);
$this->_sql->insert("USERS_ACTIVATION_KEYS", $insertActivationRowData);
$p = new UserMailer();
$p->mail = $mail;
$embeddedImages = array("photos/no-photo.jpg", "photos/no-galary.jpg");
$s = new SmartyExst();
$s->assign("NAME", "{$name} {$surname}");
$s->assign("PASS", $textPassword);
$s->assign("ID", $id);
$s->assign("KEY", $activationKey);
$sendString = $s->fetch($this->mailTemplate);
$p->registerSend($sendString, $embeddedImages);
return $id;
} else {
throw new UserException($mail, UserException::USR_NAME_INCORRECT);
}
}
/**
* Fügt ein Mitglied in die Datenbank ein und setzt den Status auf "aktiv"
*
* @param String $name
* @param String $vorname
* @param Varchar $email
* @param String $faktor
*
* @return Integer Success/Error Code
*/
public function addMitglied($name, $vorname, $email, $faktor)
{
if (!checkMail($email)) {
return -1;
} else {
$cSql = "SELECT * FROM " . _TBL_MA_ . " WHERE name = LOWER('" . $name . "') OR email = LOWER('" . $email . "')";
if (!($result = mysql_query($cSql, $this->DBConn)) || mysql_num_rows($result) == 0) {
$sql = "INSERT INTO " . _TBL_MA_ . " (name, vorname, email, eintritt, faktor) \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tVALUES ('" . $name . "', '" . $vorname . "', '" . $email . "', CURDATE(), '" . $faktor . "')";
if (!($result = mysql_query($sql, $this->DBConn)) || mysql_affected_rows($this->DBConn) != 1) {
return -2;
} else {
$sSql = "INSERT INTO " . _TBL_MA_STAT_ . " (maId, status, datum) VALUES (LAST_INSERT_ID(), 1, CURDATE())";
if (!($result = mysql_query($sSql, $this->DBConn)) || mysql_affected_rows($this->DBConn) != 1) {
return -3;
} else {
return 1;
}
}
} else {
return -4;
}
}
}
$data = $c->get();
$c->close();
$i['post']['face_url'] = stripslashes(textMiddle($data, '<img class=portrait-img src=\\x22', '\\x22>'));
}
/*
受信任的设置项,如果插件要使用系统的API去储存设置,必须通过set_save1或set_save2挂载点挂载设置名
具体挂载方法为:
global $PostArray;
$PostArray[] = '设置名';
为了兼容旧版本,可以global以后检查一下是不是空变量,为空则为旧版本
*/
$PostArray = array('face_img', 'face_baiduid', 'face_url');
doAction('set_save1');
//更改邮箱
if ($_POST['mail'] != $i['user']['email'] && !empty($_POST['mail'])) {
if (checkMail($_POST['mail'])) {
$mail = sqladds($_POST['mail']);
$z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email='{$mail}'");
if ($z['total'] > 0) {
msg('修改失败:邮箱已经存在');
}
$m->query("UPDATE `" . DB_PREFIX . "users` SET `email` = '{$mail}' WHERE `id` = '" . UID . "';");
} else {
msg('邮箱格式有误,请检查');
}
}
$set = array();
foreach ($PostArray as $value) {
if (!isset($i['post'][$value])) {
$i['post'][$value] = '';
}
mysql_query($query);
//$last_id = mysql_insert_id();
}
}
//Address Book Data Insert ---End---
//Customer Data Insert ---Start---
for($i=1;$i<=$data->sheets[0]['numRows'];$i++)
{
$customer_fname = " ";
$customer_lname = " ";
$customer_contactname = mysql_real_escape_string($data->sheets[0]['cells'][$i][3]);
$customer_email = $data->sheets[0]['cells'][$i][29];
$check_customer_email = checkMail($customer_email);
$customer_company_name = $data->sheets[0]['cells'][$i][2];
$comp_name = compName($customer_company_name);
$companyphone = $data->sheets[0]['cells'][$i][10];
$companyfax = $data->sheets[0]['cells'][$i][14];
$billing_add1 = $data->sheets[0]['cells'][$i][5];
$billing_add2 = $data->sheets[0]['cells'][$i][6];
$billing_city = $data->sheets[0]['cells'][$i][7];
$billing_state = $data->sheets[0]['cells'][$i][8];
$bill_state_val = State_Val($billing_state);
$billing_zip = $data->sheets[0]['cells'][$i][9];
$invoice_type = $data->sheets[0]['cells'][$i][18];
$billing_frequency = $data->sheets[0]['cells'][$i][19];
$account_status = $data->sheets[0]['cells'][$i][20];
$status = ($account_status == 'Y')? '1':'0';
$shipping_comp_name = " ";
$mail = addslashes($user_cache[UID]['mail']);
$url = addslashes(BLOG_URL);
}
if ($url && strncasecmp($url, 'http', 4)) {
$url = 'http://' . $url;
}
doAction('comment_post');
if ($Comment_Model->isLogCanComment($blogId) === false) {
mMsg('评论失败:该文章已关闭评论', $targetBlogUrl);
} elseif ($Comment_Model->isCommentExist($blogId, $name, $content) === true) {
mMsg('评论失败:已存在相同内容评论', $targetBlogUrl);
} elseif ($Comment_Model->isCommentTooFast() === true) {
mMsg('评论失败:您提交评论的速度太快了,请稍后再发表评论', $targetBlogUrl);
} elseif (strlen($name) > 20 || strlen($name) == 0) {
mMsg('评论失败:姓名不符合规范', $targetBlogUrl);
} elseif ($mail != '' && !checkMail($mail)) {
mMsg('评论失败:邮件地址不符合规范', $targetBlogUrl);
} elseif (ISLOGIN == false && $Comment_Model->isNameAndMailValid($name, $mail) === false) {
mMsg('评论失败:禁止使用管理员昵称或邮箱评论', $targetBlogUrl);
} elseif (strlen($content) == '' || strlen($content) > 2000) {
mMsg('评论失败:内容不符合规范', $targetBlogUrl);
} elseif (ROLE == ROLE_VISITOR && Option::get('comment_needchinese') == 'y' && !preg_match('/[\\x{4e00}-\\x{9fa5}]/iu', $content)) {
mMsg('评论失败:评论内容需包含中文', $targetBlogUrl);
} elseif (ISLOGIN == false && Option::get('comment_code') == 'y' && session_start() && $imgcode != $_SESSION['code']) {
mMsg('评论失败:验证码错误', $targetBlogUrl);
} else {
$DB = Database::getInstance();
$ipaddr = getIp();
$utctimestamp = time();
if ($pid != 0) {
$comment = $Comment_Model->getOneComment($pid);
$city = $_POST['city'];
$postCode = $_POST['postCode'];
if (!empty($nip) && !empty($name) && !empty($lastname) && !empty($email)) {
function checkMail($checkmail)
{
if (filter_var($checkmail, FILTER_VALIDATE_EMAIL)) {
if (checkdnsrr(array_pop(explode("@", $checkmail)), "MX")) {
return true;
} else {
return false;
}
} else {
return false;
}
}
if (checkMail($email)) {
//dodatkowe informacje: ip i host użytkownika
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$mailText = "NIP:\n{$nip}\nLiczba osób:\n{$perNum}\nUlica:\n{$street}\nNumer domu:\n{$houseNumber}\nNumer mieszkania:\n{$apartmentNumber}\nPaństwo:\n{$country}\nMiasto:\n{$city}\nWojewództwo:\n{$region}\nKod pocztowy:\n{$postCode}\nOd: {$name}, {$lastname}, {$email} ({$ip}, {$host})";
$mailHeader = "Od: {$name} <{$email}>";
@mail($mojemail, 'Formularz zgłoszeniowy', $mailText, $mailHeader) or die('Błąd: formularz nie został wysłana');
echo 'Przesłane informacje:<br /> NIP: ';
echo $_POST['nip'];
echo '<br /> Imię: ';
echo $_POST['name'];
echo '<br />Nazwisko: ';
echo $_POST['lastname'];
echo '<br /> E-mail: ';
echo $_POST['email'];
echo '<br />Liczba osób: ';
$mail->send();
}
//Mail checker
function checkMail($mail)
{
if (preg_match("/^[_\\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\\.)+[a-zA-Z]{2,6}\$/i", $mail)) {
return true;
} else {
return false;
}
}
if (isset($_POST['nombre']) && !empty($_POST['nombre']) and isset($_POST['mail']) && !empty($_POST['mail']) and isset($_POST['mensaje']) && !empty($_POST['mensaje'])) {
$mail = mysqli_real_escape_string($db, $_POST['mail']);
$nombre = mysqli_real_escape_string($db, $_POST['nombre']);
$mensaje = mysqli_real_escape_string($db, $_POST['mensaje']);
if (checkMail($mail)) {
$sql = "INSERT INTO users (`id`, `nombre`, `email`, `mensaje`) VALUES('','{$nombre}','{$mail}','{$mensaje}')";
$saveDB = mysqli_query($db, $sql);
if ($saveDB) {
MailGin($mail, $nombre, $mensaje);
echo "<div id='respuestaAjax'><script>document.getElementById('formulario').reset(); </script> \n\t\t\t\t\t\t\t<script>\n\t\t\t\t\t\t\tswal({ title: 'GRACIAS', \n\t\t\t\t\t\t\ttext: 'En breve nos comunicaremos contigo', \n\t\t\t\t\t\t\timageUrl: './img/succes.png', \n\t\t\t\t\t\t\tconfirmButtonColor: '#000'\n\t\t\t\t\t\t\t });\n\t\t\t\t\t\t \t </script></div>";
//*enviaMail($nombre,$mail,$mensaje);
//header('Location: ../thankyou.html');
} else {
echo "<div id='respuestaAjax'> \n\t\t\t\t\t\t \t<script>\n\t\t\t\t\t\t\tswal({ title: 'ERROR', \n\t\t\t\t\t\t\ttext: 'Error en base de datos', \n\t\t\t\t\t\t\timageUrl: './img/error.png', \n\t\t\t\t\t\t\tconfirmButtonColor: '#000'\n\t\t\t\t\t\t\t });\n\t\t\t\t\t\t \t </script></div>";
echo mysqli_error($db);
}
} else {
echo "<div id='respuestaAjax'> \n\t\t\t\t\t\t \t<script>\n\t\t\t\t\t\t\tswal({ title: 'ERROR', \n\t\t\t\t\t\t\ttext: 'Mail invalido', \n\t\t\t\t\t\t\timageUrl: './img/error.png', \n\t\t\t\t\t\t\tconfirmButtonColor: '#000'\n\t\t\t\t\t\t\t });\n\t\t\t\t\t\t \t </script></div>";
}
} else {
switch ($_GET['do']) {
case 'register':
$registerSubmit = filter_input(INPUT_POST, 'register', FILTER_SANITIZE_STRING);
// Sicherheitsfunktionen für POST
if ($registerSubmit) {
$mail = filter_input(INPUT_POST, 'mail');
$mailConfirm = filter_input(INPUT_POST, 'mailC');
$pw = filter_input(INPUT_POST, 'password');
$pwConfirm = filter_input(INPUT_POST, 'passwordC');
$agb = filter_input(INPUT_POST, 'agb');
// Error - array
$registerErrors = [];
// check mail
if (empty($mail)) {
$registerErrors['mail'][] = 'Bitte geben Sie Ihre E-Mail Adresse an.';
} elseif (!checkMail($_POST['mail'], $db)) {
$registerErrors['mail'][] = 'Diese E-Mail Adresse wird bereits verwendet.';
}
if (!filterEmail($mail)) {
$registerErrors['mail'][] = 'Die angegebene E-Mail Adresse ist ungültig.';
}
if (empty($mailConfirm)) {
$registerErrors['mailConfirm'][] = 'Bitte bestätigen die Ihre E-Mail Adresse.';
}
if ($mail !== $mailConfirm) {
$registerErrors['mailConfirm'][] = 'Die E-Mail Adresse stimmen nicht überein.';
}
// PASSWORD
if (empty($pw)) {
$registerErrors['password'][] = 'Bitte geben Sie ein Passwort ein.';
} elseif (!filterPassword($pw)) {
function dl_invite_yz()
{
global $m;
if (option::get('enable_reg') != '1') {
msg('注册失败:该站点已关闭注册');
}
$name = isset($_POST['user']) ? addslashes(strip_tags($_POST['user'])) : '';
$mail = isset($_POST['mail']) ? addslashes(strip_tags($_POST['mail'])) : '';
$pw = isset($_POST['pw']) ? addslashes(strip_tags($_POST['pw'])) : '';
$yr = isset($_POST['invite']) ? addslashes(strip_tags($_POST['invite'])) : '';
if (empty($name) || empty($mail) || empty($pw)) {
msg('注册失败:请正确填写账户、密码或邮箱');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE name='{$name}'");
$z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email='{$name}'");
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($x['total'] > 0) {
msg('注册失败:用户名已经存在');
}
if ($z['total'] > 0) {
msg('注册失败:邮箱已经存在');
}
if (!checkMail($mail)) {
msg('注册失败:邮箱格式不正确');
}
if (empty($yr)) {
msg('注册失败:请输入邀请码');
}
$invite = $m->fetch_array($m->query('select * from `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $yr . '"'));
if (!empty($invite['code'])) {
$dlyr = $invite['code'];
$m->query('DELETE FROM `' . DB_NAME . '`.`' . DB_PREFIX . 'dl_invite` where `code` = "' . $dlyr . '"');
} else {
msg('注册失败:邀请码错误或已被使用');
}
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$role = 'user';
}
doAction('admin_reg_2');
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
setcookie("wmzz_tc_user", $name);
setcookie("wmzz_tc_pw", EncodePwd($pw));
doAction('admin_reg_3');
ReDirect('index.php');
echo '}';
die;
}
$statement->execute(array($task, $description, $ip));
$taskId = $pdo->query('SELECT LAST_INSERT_ID()')->fetchColumn();
$queryBits = array();
foreach ((array) @$_POST['label'] as $labelId) {
$queryBits[] = sprintf('(%d, %d)', $taskId, (int) $labelId);
}
// labels
if (!empty($queryBits)) {
$queryBits = implode(', ', $queryBits);
$pdo->query("INSERT INTO {$tablesPrefix}tasks_labels (task_id, label_id) VALUES {$queryBits}");
}
// notifications
$mail = trim($_POST['mail']) ?: null;
if ($mail) {
if (!checkMail($mail)) {
throw new FormException('Invalid e-mail address.');
}
$statement = $pdo->prepare("INSERT INTO {$tablesPrefix}tasks_notify (task_id, email, ipv4)\n\t\t\t\tVALUES (?, ?, ?)");
$statement->execute(array($taskId, $mail, $ip));
}
$pdo->commit();
if (!empty($notificationsEmail) && checkMail($notificationsEmail)) {
$body = $task . "\n\n" . $description . "\n\n" . sprintf('http://%s?issue=%d', $_SERVER['HTTP_HOST'] . preg_replace('/\\?.*$/', '', $_SERVER['REQUEST_URI']), $taskId) . "\n";
sendMail(sprintf('noreply@%s', $_SERVER['HTTP_HOST']), $notificationsEmail, sprintf('%sNew issue submitted', $projectTitle ? "{$projectTitle} " : ''), $body);
}
header(sprintf('Location: ?issue=%d', $taskId), null, 303);
exit;
} catch (FormException $e) {
$errorMessage = $e->getMessage();
}
}
View::output();
}
if ($action == 'update') {
LoginAuth::checkToken();
$User_Model = new User_Model();
$photo = isset($_POST['photo']) ? addslashes(trim($_POST['photo'])) : '';
$nickname = isset($_POST['name']) ? addslashes(trim($_POST['name'])) : '';
$email = isset($_POST['email']) ? addslashes(trim($_POST['email'])) : '';
$description = isset($_POST['description']) ? addslashes(trim($_POST['description'])) : '';
$login = isset($_POST['username']) ? addslashes(trim($_POST['username'])) : '';
$newpass = isset($_POST['newpass']) ? addslashes(trim($_POST['newpass'])) : '';
$repeatpass = isset($_POST['repeatpass']) ? addslashes(trim($_POST['repeatpass'])) : '';
if (strlen($nickname) > 20) {
emDirect("./blogger.php?error_a=1");
} else {
if ($email != '' && !checkMail($email)) {
emDirect("./blogger.php?error_b=1");
} elseif (strlen($newpass) > 0 && strlen($newpass) < 6) {
emDirect("./blogger.php?error_c=1");
} elseif (!empty($newpass) && $newpass != $repeatpass) {
emDirect("./blogger.php?error_d=1");
} elseif ($User_Model->isUserExist($login, UID)) {
emDirect("./blogger.php?error_e=1");
} elseif ($User_Model->isNicknameExist($nickname, UID)) {
emDirect("./blogger.php?error_f=1");
}
}
if (!empty($newpass)) {
$PHPASS = new PasswordHash(8, true);
$newpass = $PHPASS->HashPassword($newpass);
$User_Model->updateUser(array('password' => $newpass), UID);
if ($mailAdd && $mailDismiss) {
throw new FormException('You cannot add and dismiss e-mail addresses at once.');
}
if ($mailDismiss) {
if (!checkMail($mailDismiss)) {
throw new FormException('Invalid e-mail address.');
}
$statement = $pdo->prepare("DELETE FROM {$tablesPrefix}tasks_notify WHERE task_id = ? AND email = ?");
$statement->execute(array($issueId, $mailDismiss));
$deleted = (bool) $pdo->query('SELECT ROW_COUNT()')->fetchColumn();
if (!$deleted) {
throw new FormException('No such e-mail address in database.');
}
$successMessage = 'E-mail address dismissed.';
} elseif ($mailAdd) {
if (!checkMail($mailAdd)) {
throw new FormException('Invalid e-mail address.');
}
$statement = $pdo->prepare("SELECT 1 FROM {$tablesPrefix}tasks_notify WHERE ipv4 = ? AND email = ?");
$statement->execute(array($ip, $mailAdd));
$alreadySubmitted = $statement->fetchColumn();
if (!$alreadySubmitted) {
$statement = $pdo->prepare("SELECT COUNT(DISTINCT email) FROM {$tablesPrefix}tasks_notify WHERE ipv4 = ?");
$statement->execute(array($ip));
$distinctEmails = $statement->fetchColumn();
if ($distinctEmails >= $maxEmailsSubmission) {
header(' ', null, 403);
echo 'You have submitted too many different e-mail addresses from your IP.';
exit;
}
}
function phpMail($to, $subject, $body, $values, $mailConf)
{
// recipients
$recipients = array();
if (is_array($to)) {
foreach ($to as $key => $value) {
if (checkMail($key) == true) {
$recipients[] = $value . ' <' . $key . '>';
} elseif (checkMail($value) == true) {
$recipients[] = $value;
}
}
} else {
$recipients[] = $to;
}
$to = implode(',', $recipients);
// define charset
if (isset($values['charset'])) {
$charset = $values['charset'];
} else {
$charset = $mailConf->mail_charset;
}
if (isset($values['html_charset'])) {
$charset = $values['html_charset'];
} else {
$charset = $mailConf->mail_charset_html;
}
// bulding extra headers
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=' . $charset . "\r\n";
// sender headers
$senders = array();
if (isset($values['sender'])) {
if (is_array($values['sender'])) {
foreach ($values['sender'] as $key => $value) {
if (checkMail($key) == true) {
$senders[] = $value . ' <' . $key . '>';
} elseif (checkMail($value) == true) {
$senders[] = $value;
}
}
} else {
$senders[] = $values['sender'];
}
} elseif ($mailConf->mail_sender_mail) {
if ($mailConf->mail_sender_name) {
$senders[] = $mailConf->mail_sender_name . ' <' . $mailConf->mail_sender_mail . ">";
} else {
$senders[] = $mailConf->mail_sender_mail;
}
}
if (sizeof($senders) > 0) {
$tmp = implode(',', $senders);
$headers .= "From: " . $tmp . "\r\n";
}
// copy headers
$cc = array();
if (isset($values['cc'])) {
if (is_array($values['cc'])) {
foreach ($values['cc'] as $key => $value) {
if (checkMail($key) == true) {
$cc[] = $value . ' <' . $key . '>';
} elseif (checkMail($value) == true) {
$cc[] = $value;
}
}
} else {
$cc[] = $values['cc'];
}
}
if (sizeof($cc) > 0) {
$tmp = implode(',', $cc);
$headers .= "Cc: " . $tmp . "\r\n";
}
// hidden copy headers
$cc = array();
if (isset($values['bcc'])) {
if (is_array($values['bcc'])) {
foreach ($values['bcc'] as $key => $value) {
if (checkMail($key) == true) {
$cc[] = $value . ' <' . $key . '>';
} elseif (checkMail($value) == true) {
$cc[] = $value;
}
}
} else {
$cc[] = $values['bcc'];
}
}
if (sizeof($cc) > 0) {
$tmp = implode(',', $cc);
$headers .= "Bcc: " . $tmp . "\r\n";
}
// send email
$result = mail($to, $subject, $body, $headers);
if ($result == null) {
return false;
} else {
return true;
}
}
/**
* @param $value
* @param $field_check
* @param $field_name
* @return string
*/
protected function checkValue($value, $field_check, $field_name)
{
$callback = $this->getMessageCallback();
$e = "";
if ($e == "" && preg_match("/e/", $field_check)) {
if (isset($value) == false || $value == "") {
$e = $callback("empty", $field_name, $value);
}
}
if ($e == "" && preg_match("/i/", $field_check)) {
if ($value != "" && is_numeric($value) == false) {
$e = $callback("int", $field_name, $value);
}
}
if ($e == "" && preg_match("/a/", $field_check)) {
if ($value != "" && preg_match("/^([0-9a-zA-Z\\.]+)\$/", $value) == false) {
$e = $callback("alphabet", $field_name, $value);
}
}
if ($e == "" && preg_match("/m/", $field_check)) {
if ($value != "" && checkMail($value) == false) {
$e = $callback("mail", $field_name, $value);
}
}
if ($e == "" && preg_match("/u/", $field_check)) {
if ($value != "" && checkURL($value) == false) {
$e = $callback("url", $field_name, $value);
}
}
return $e;
}
require_once 'Connections/tecno.php';
mysql_select_db($database_tecno, $tecno);
//Obtenemos la cédula
$ced = $_POST['cedula'];
$mail = $_POST['email'];
if ($ced != "") {
$opc = 1;
} elseif ($mail != "") {
$opc = 2;
}
switch ($opc) {
case 1:
checkCedula($ced);
break;
case 2:
checkMail($mail);
break;
}
/* echo checkCedula($ced); */
function checkCedula($ced)
{
//Hacemos una consulta a la BD para verificar la cédula
$result = mysql_query("SELECT * FROM datospersonales WHERE datospersonales.cedula= '{$ced}'");
//Si el número de filas es mayor a 0 la cédula ya está en el sistema
if (mysql_num_rows($result) > 0) {
//Enviamos 0 como respuesta de que no está disponible
echo 0;
} else {
$result = mysql_query("SELECT * FROM usuarios WHERE usuarios.usuario= '{$ced}'");
$row_result = mysql_fetch_assoc($result);
if (mysql_num_rows($result) > 0) {
$disable_nickname = $config->get('login', 'disable-nickname') == '1';
$smarty->assign('disable_nickname', $disable_nickname);
$disable_birthday = $config->get('login', 'disable-birthday') == '1';
$smarty->assign('disable_birthday', $disable_birthday);
if ($disable_register) {
$notify->add($lang->get('login'), $lang->get('register_disabled'));
} else {
$disable_second_email = $config->get('login', 'disable-second-email') == '1';
$smarty->assign('disable_second_email', $disable_second_email);
// Register button has been pressed
if (isset($_POST['create'])) {
// check for bot
if ($_POST['mail'] == '' & time() > $_POST['ts'] + 5) {
// check if everything is valid ------------------------ //
$everything_valid = true;
if (!checkMail($_POST['email'])) {
$smarty->assign('email_notify', $lang->get('email_invalid'));
$everything_valid = false;
}
// email repeat
if (!$disable_second_email) {
if ($_POST['email'] != $_POST['email_repeat']) {
$smarty->assign('email_repeat_notify', $lang->get('email_repeat_invalid'));
$everything_valid = false;
}
}
// nickname
if (!$disable_nickname) {
if (trim($_POST['nickname']) == '') {
$smarty->assign('nickname_notify', $lang->get('nickname_invalid'));
$everything_valid = false;
$errors[] = "Nachricht";
// Keine Pflichtfelder
$anrede = trim($_POST['anrede']);
$ort = stripslashes(trim($_POST['ort']));
$strasse = stripslashes(trim($_POST['strasse']));
$fax = stripslashes(trim($_POST['fax']));
$betreff = isset($_POST['betreff']) ? stripslashes(trim($_POST['betreff'])) : "";
if (!empty($email))
{
$validEmail = checkMail($email);
}
// Fehler vorhanden
if (count($errors))
$errorText = "Die mit * markierten Felder sind Pflicht: " . implode(", ", $errors);
// Check der MailAdresse erfolgreich?
if (!$validEmail)
{
$errorText .= (strlen($errorText)) ? "<br /><br />" : "";
$errorText .= "E-Mail Adresse ungültig";
}
// Wenn jetzt kein Fehlertext vorhanden ist, kann die Mail raus,
if (!strlen ($errorText))
function xy_invite_verify()
{
global $m;
if (option::get('enable_reg') != '1') {
msg('注册失败:该站点已关闭注册');
}
$name = isset($_POST['user']) ? sqladds($_POST['user']) : '';
$mail = isset($_POST['mail']) ? sqladds($_POST['mail']) : '';
$pw = isset($_POST['pw']) ? sqladds($_POST['pw']) : '';
$yr = isset($_POST['yr']) ? sqladds($_POST['yr']) : '';
if (empty($name) || empty($mail) || empty($pw)) {
msg('注册失败:请正确填写账户、密码或邮箱');
}
if ($_POST['pw'] != $_POST['rpw']) {
msg('注册失败:两次输入的密码不一致,请重新输入');
}
if (!checkMail($mail)) {
msg('注册失败:邮箱格式不正确');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$name}' OR `email` = '{$mail}' LIMIT 1");
if ($x['total'] > 0) {
msg('注册失败:用户名或邮箱已经被注册');
}
$yr_reg = option::get('yr_reg');
if (!empty($yr_reg)) {
if (empty($yr)) {
msg('注册失败:请输入邀请码');
} else {
$z = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite`");
if ($z['total'] <= 0) {
msg('系统错误:邀请码不足,请联系管理员添加!');
} else {
$s = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `code`='{$yr}'");
if ($s->num_rows <= 0) {
msg('注册失败:邀请码错误!');
} else {
$r = $s->fetch_array();
$r_num = (int) $r['num'];
if ($r_num == 1) {
$m->query("DELETE FROM `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` WHERE `id` = " . $r['id']);
} else {
if ($r_num > 1) {
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "xy_invite` SET `num`=num-1 WHERE `id`='" . $r['id'] . "';");
}
}
}
}
}
}
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$role = 'user';
}
doAction('admin_reg_2');
$m->query('INSERT INTO `' . DB_NAME . '`.`' . DB_PREFIX . 'users` (`id`, `name`, `pw`, `email`, `role`, `t`) VALUES (NULL, \'' . $name . '\', \'' . EncodePwd($pw) . '\', \'' . $mail . '\', \'' . $role . '\', \'' . getfreetable() . '\');');
doAction('admin_reg_3');
ReDirect('index.php?mod=login&msg=' . urlencode('成功注册,请输入账号信息登录本站 [ 账号为用户名或邮箱地址 ]'));
die;
}
$name = isset($_POST['user']) ? sqladds($_POST['user']) : '';
$mail = isset($_POST['mail']) ? sqladds($_POST['mail']) : '';
$pw = isset($_POST['pw']) ? sqladds($_POST['pw']) : '';
$yr = isset($_POST['yr']) ? sqladds($_POST['yr']) : '';
if (empty($name) || empty($mail) || empty($pw)) {
msg('注册失败:请正确填写账户、密码或邮箱');
}
if ($_POST['pw'] != $_POST['rpw']) {
msg('注册失败:两次输入的密码不一致,请重新输入');
}
$x = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE `name` = '{$name}' OR `email` = '{$mail}' LIMIT 1");
$y = $m->once_fetch_array("SELECT COUNT(*) AS total FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users`");
if ($x['total'] > 0) {
msg('注册失败:用户名或邮箱已经被注册');
}
if (!checkMail($mail)) {
msg('注册失败:邮箱格式不正确');
}
$yr_reg = option::get('yr_reg');
if (!empty($yr_reg)) {
if (empty($yr)) {
msg('注册失败:请输入邀请码');
} else {
if ($yr_reg != $yr) {
msg('注册失败:邀请码错误');
}
}
}
if ($y['total'] <= 0) {
$role = 'admin';
} else {
$requireResArray = requireCheck($require);
//必須チェック実行し返り値を受け取る
$errm = $requireResArray['errm'];
$empty_flag = $requireResArray['empty_flag'];
}
//メールアドレスチェック
if (empty($errm)) {
foreach ($_POST as $key => $val) {
if ($val == "confirm_submit") {
$sendmail = 1;
}
if ($key == $Email) {
$post_mail = h($val);
}
if ($key == $Email && $mail_check == 1 && !empty($val)) {
if (!checkMail($val)) {
$errm .= "<p class=\"error_messe\">【" . $key . "】はメールアドレスの形式が正しくありません。</p>\n";
$empty_flag = 1;
}
}
}
}
//差出人に届くメールをセット
if ($remail == 1) {
$userBody = mailToUser($_POST, $dsp_name, $remail_text, $mailFooterDsp, $mailSignature, $encode);
$reheader = userHeader($refrom_name, $to, $encode);
$re_subject = "=?iso-2022-jp?B?" . base64_encode(mb_convert_encoding($re_subject, "JIS", $encode)) . "?=";
}
//管理者宛に届くメールをセット
$adminBody = mailToAdmin($_POST, $subject, $mailFooterDsp, $mailSignature, $encode, $confirmDsp);
$header = adminHeader($userMail, $post_mail, $BccMail, $to);
if (!empty($formName) && !empty($formEmail) && !empty($formText)) {
//--- początek funkcji weryfikującej adres e-mail ---
function checkMail($checkmail)
{
if (filter_var($checkmail, FILTER_VALIDATE_EMAIL)) {
if (checkdnsrr(array_pop(explode("@", $checkmail)), "MX")) {
return true;
} else {
return false;
}
} else {
return false;
}
}
//--- koniec funkcji ---
if (checkMail($formEmail)) {
//dodatkowe informacje: ip i host użytkownika
$ip = $_SERVER['REMOTE_ADDR'];
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$protocol = strpos(strtolower($_SERVER['SERVER_PROTOCOL']), 'https') === FALSE ? 'http' : 'https';
$host = $_SERVER['HTTP_HOST'];
$script = $_SERVER['SCRIPT_NAME'];
$params = $_SERVER['QUERY_STRING'];
$currentUrl = $protocol . '://' . $host . $script . '?' . $params;
//tworzymy szkielet wiadomości
//treść wiadomości
$mailText = "Message:\n{$formText}\n\nOd: {$formName}, {$formEmail} ({$ip}, {$host})\n\nLink: {$currentUrl}";
//adres zwrotny
$mailHeader = "From: {$formName} <{$formEmail}>";
//funkcja odpowiedzialna za wysłanie e-maila
@mail($email, '[Mail ListTwist]', $mailText, $mailHeader) or die('Error: message was not sent');
public function __construct($id)
{
$xml_doc = 'cars.xml';
$asd = simplexml_load_file($xml_doc);
if ($asd) {
$cars = $asd->carlist->car;
foreach ($cars as $car) {
$brand = $car->brand;
$model = $car->model;
$cost = $car->cost;
$id2 = $car->id;
if ($id == $id2) {
break;
} else {
}
}
}
//--- początek formularza ---
if (empty($_POST['submit'])) {
echo "Wybrałeś samochód {$brand} {$model}. W celu dokonania zakupu podaj swój adres mailowy oraz liczbę dni na które chcesz wypożyczyć samochód. Cena za jeden dzień wynosi {$cost} złotych.<table><form action='' method='post'><tr><td>E-Mail:</td><td><input type='text' name='formEmail'/></td></tr><tr><td>Wybierz ilość dni:</td><td><select name='howLong'><option>1</option><option>2</option><option>3</option><option>4</option><option>5</option><option>6</option><option>7</option><option>8</option><option>9</option><option>10</option><option>11</option><option>12</option><option>13</option><option>14</option><option>15</option><option>16</option><option>17</option><option>18</option><option>19</option><option>20</option><option>21</option><option>22</option><option>23</option><option>24</option><option>25</option><option>26</option><option>27</option><option>28</option><option>29</option><option>30</option></select></td></tr><tr><td> </td><td><input type='submit' name='submit' value='Wypożycz'/></td></tr></form></table>";
} else {
$time = date('d-m-Y H:i');
$minut = 3;
$nowa = strtotime("+ " . $minut . " minutes", strtotime($time));
$id2 = $id2 - 1;
$nowa = date('d-m-Y H:i', $nowa);
$xml_doc = 'cars.xml';
$asd = simplexml_load_file($xml_doc);
$asd->carlist->car[$id2]->date = $nowa;
$asd->asXML("cars.xml");
//dane z formularza
$formEmail = $_POST['formEmail'];
$howLong = $_POST['howLong'];
if (!empty($formEmail)) {
//--- poczÄ…tek funkcji weryfikującej adres e-mail ---
function checkMail($checkmail)
{
if (filter_var($checkmail, FILTER_VALIDATE_EMAIL)) {
$mailParts = explode('@', $checkmail);
if (checkdnsrr(array_pop($mailParts), "MX")) {
return true;
} else {
return false;
}
} else {
return false;
}
}
//--- koniec funkcji ---
if (checkMail($formEmail)) {
//tu jest data i obliczenie daty minus 30 dni
$time = date("Y-m-d");
$time_minus_30_cache = mktime(date('H'), date('i'), 0, date('m'), date('d') - 30, date('Y'));
$time_minus_30 = date("Y-m-d", $time_minus_30_cache);
//sprawdzanie czy już istnieje taki mail i czy nie jest starszy niż 30 dni
$xml_doc = 'Maile.xml';
$abc = simplexml_load_file($xml_doc);
$a = 0;
if ($abc) {
$poczta = $abc->lista;
foreach ($poczta->adres as $adres) {
$jeden = $adres->value;
$dwa = $adres->data;
if ($formEmail == $jeden && $dwa > $time_minus_30) {
//tu jest ten warunek
$a++;
} else {
}
}
//TU WYŚWIETLA CZY JEST RABAT CZY NIE MA
if ($a > 1) {
$a++;
$cena;
echo "Ponieważ to twoje {$a} zamówienie w przeciągu miesiąca otrzymujesz rabat w wysokości 20%<BR>";
$cena = $howLong * $cost;
$rabat = 20 * $cena / 100;
$cena = $cena - $rabat;
$potwierdzenie = 'http://v-ie.uek.krakow.pl/~s181008/app_dev.php/platnosc/?cost=' . $cena . '&description=' . $brand . '+' . $model . '&id=' . $id . 'A' . $howLong;
echo "Całkowity koszt wynosi {$cena} złotych <a href='{$potwierdzenie}'>- zapłać</a>";
} else {
$cena = $howLong * $cost;
if ($howLong > 7) {
echo "Ponieważ wypożyczyłeś samochód na więcej niż tydzień dostajesz rabat 10%<BR>";
$rabat = 10 * $cena / 100;
$cena = $cena - $rabat;
}
$potwierdzenie = 'http://v-ie.uek.krakow.pl/~s181008/app_dev.php/platnosc/?cost=' . $cena . '&description=' . $brand . '+' . $model . '&id=' . $id;
echo "Całkowity koszt wynosi {$cena} złotych <a href='{$potwierdzenie}'>- zapłać</a>";
}
}
if (checkMail($formEmail)) {
//--- dodawanie rekordu do XMLA ---
$xml = simplexml_load_file("Maile.xml");
$nowy = $xml->lista->addChild("adres");
$nowy->addChild("value", $_POST["formEmail"]);
$nowy->addChild("data", $time);
$xml->asXML("Maile.xml");
}
} else {
echo 'Adres e-mail jest niepoprawny';
}
} else {
//komunikat w przypadku nie powodzenia
echo 'Wypełnij wszystkie pola formularza';
}
// --- koniec formularza ---
}
}
if ($p == "") {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:未能在本站找到持有该邮箱的用户!'));
}
$pw = sha1(md5(EncodePwd($p['pw'] . date('Ymd') . SYSTEM_NAME . SYSTEM_VER . SYSTEM_URL)));
if ($pw != $key) {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:该链接失效或者不归您所拥有,修改密码失败!'));
die;
} else {
$m->query("UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users` SET `pw` = '" . $newpw . "' WHERE email = '{$email}'");
ReDirect(SYSTEM_URL . 'index.php?mod=login&error_msg=' . urlencode('由于你的密码已修改,无法再使用旧密码登录,请重新登录'));
}
}
global $m;
if (isset($_REQUEST['page']) && $_REQUEST['page'] == 'yjqr') {
$emailcc = !empty($_REQUEST['email']) ? base64_decode($_REQUEST['email']) : msg('警告:邮件地址无效');
$email = checkMail($emailcc) ? sqladds($emailcc) : msg('警告:非法操作');
$key = $_REQUEST['key'];
$cx = $m->query("SELECT * FROM `" . DB_NAME . "`.`" . DB_PREFIX . "users` WHERE email = '{$email}' LIMIT 1");
$p = $m->fetch_array($cx);
if ($p == "") {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:未能在本站找到持有该邮箱的用户!'));
}
$pw = sha1(md5(EncodePwd($p['pw'] . date('Ymd') . SYSTEM_NAME . SYSTEM_VER . SYSTEM_URL)));
if ($pw != $key) {
ReDirect(SYSTEM_URL . 'index.php?pub_plugin=dl_zhmm&error_msg=' . urlencode('错误:该链接失效或者不归您所拥有,修改密码失败!'));
} else {
echo '<div class="panel panel-success" style="margin:5% 15% 5% 15%;">
<div class="panel-heading">
<h3 class="panel-title">设置新密码</h3>
</div>
<div style="margin:0% 5% 5% 5%;">
public function checkMail($value)
{
return checkMail($value);
}
