/**
* Checks a file to be sure it is valid
*
* @param string $path File path
* @param string $name File name
* @param string $ext File extension
* @return bool
*/
function cot_file_check($path, $name, $ext)
{
global $L, $cfg;
if ($cfg['pfs']['pfsfilecheck']) {
require './datas/mimetype.php';
$fcheck = FALSE;
if (in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) {
$img_size = @getimagesize($path);
switch ($ext) {
case 'gif':
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/gif';
break;
case 'png':
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/png';
break;
default:
$fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/jpeg';
break;
}
$fcheck = $fcheck !== FALSE;
} else {
if (!empty($mime_type[$ext])) {
foreach ($mime_type[$ext] as $mime) {
$content = file_get_contents($path, 0, NULL, $mime[3], $mime[4]);
$content = $mime[2] ? bin2hex($content) : $content;
$mime[1] = $mime[2] ? strtolower($mime[1]) : $mime[1];
$i++;
if ($content == $mime[1]) {
$fcheck = TRUE;
break;
}
}
} else {
$fcheck = $cfg['pfs']['pfsnomimepass'] ? 1 : 2;
cot_log(sprintf($L['pfs_filechecknomime'], $ext, $name), 'sec');
}
}
if (!$fcheck) {
cot_log(sprintf($L['pfs_filecheckfail'], $ext, $name), 'sec');
}
} else {
$fcheck = true;
}
return $fcheck;
}
/**
* Anti-hammer protection
*
* @param int $hammer Hammer rate
* @param string $action Action type
* @param int $lastseen User last seen timestamp
* @return int
*/
function cot_shield_hammer($hammer, $action, $lastseen)
{
global $cfg, $sys;
if ($action == 'Hammering') {
cot_shield_protect();
cot_shield_clearaction();
cot_plugin_active('hits') && cot_stat_inc('totalantihammer');
}
if ($sys['now'] - $lastseen < 4) {
$hammer++;
if ($hammer > $cfg['shieldzhammer']) {
cot_shield_update(180, 'Hammering');
cot_log('IP banned 3 mins, was hammering', 'sec');
$hammer = 0;
}
} else {
if ($hammer > 0) {
$hammer--;
}
}
return $hammer;
}
$notfoundet = '';
foreach ($s as $i => $k) {
if ($s[$i] == '1' || $s[$i] == 'on') {
/* === Hook === */
foreach (cot_getextplugins('page.admin.checked_delete') as $pl) {
include $pl;
}
/* ===== */
$sql_page = $db->query("SELECT * FROM {$db_pages} WHERE page_id=" . (int) $i . " LIMIT 1");
if ($row = $sql_page->fetch()) {
$id = $row['page_id'];
if ($row['page_state'] == 0) {
$sql_page = $db->query("UPDATE {$db_structure} SET structure_count=structure_count-1 WHERE structure_code=" . $db->quote($row['page_cat']));
}
$sql_page = $db->delete($db_pages, "page_id={$id}");
cot_log($L['Page'] . ' #' . $id . ' - ' . $L['Deleted'], 'adm');
if ($cache && $cfg['cache_page']) {
$cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$row['page_cat']]['path']));
}
/* === Hook === */
foreach (cot_getextplugins('page.admin.delete.done') as $pl) {
include $pl;
}
/* ===== */
$perelik .= '#' . $id . ', ';
} else {
$notfoundet .= '#' . $id . ' - ' . $L['Error'] . '<br />';
}
}
}
$cache && $cache->db->remove('structure', 'system');
cot_redirect(cot_url($url_area, $url_params, '#comments', true));
} elseif ($a == 'delete' && $usr['isadmin']) {
cot_check_xg();
$sql = $db->query("SELECT * FROM {$db_com} WHERE com_id={$id} AND com_area='{$area}' LIMIT 1");
if ($row = $sql->fetch()) {
$sql->closeCursor();
$sql = $db->delete($db_com, "com_id={$id}");
foreach ($cot_extrafields[$db_com] as $exfld) {
cot_extrafield_unlinkfiles($row['com_' . $exfld['field_name']], $exfld);
}
if ($cache && $row['com_area'] == 'page') {
if ($cfg['cache_page']) {
$cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$url_params['c']]['path']));
}
if ($cfg['cache_index']) {
$cache->page->clear('index');
}
}
/* == Hook == */
foreach (cot_getextplugins('comments.delete') as $pl) {
include $pl;
}
/* ===== */
cot_log('Deleted comment #' . $id . ' in "' . $item . '"', 'adm');
}
cot_redirect(cot_url($url_area, $url_params, '#comments', true));
} elseif ($a == 'enable' && $usr['isadmin']) {
$area = cot_import('area', 'P', 'ALP');
$state = cot_import('state', 'P', 'INT');
}
cot_display_messages($t);
$timeago = $sys['now'] - $cfg['plugin']['cleaner']['refprune'] * 86400;
$db->delete($db_referers, "ref_date < {$timeago}");
if ($db->affectedRows > 0) {
cot_log('Cleaner plugin deleted ' . $db->affectedRows . ' referers entries older than ' . $cfg['plugin']['cleaner']['refprune'] . ' days', 'adm');
}
}
if (cot_module_active('pm')) {
require_once cot_incfile('pm', 'module');
if ($cfg['plugin']['cleaner']['pmnotread'] > 0) {
$timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmnotread'] * 86400;
$sqltmp = $db->delete($db_pm, "pm_date < {$timeago} AND pm_tostate=0");
if ($db->affectedRows > 0) {
cot_log("Cleaner plugin deleted " . $db->affectedRows . " PM not read since " . $cfg['plugin']['cleaner']['pmnotread'] . " days", 'adm');
}
}
if ($cfg['plugin']['cleaner']['pmnotarchived'] > 0) {
$timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmnotarchived'] * 86400;
$sqltmp = $db->delete($db_pm, "pm_date < {$timeago} AND pm_tostate=1");
if ($db->affectedRows > 0) {
cot_log("Cleaner plugin deleted " . $db->affectedRows . " PM not archived since " . $cfg['plugin']['cleaner']['pmnotarchived'] . " days", 'adm');
}
}
if ($cfg['plugin']['cleaner']['pmold'] > 0) {
$timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmold'] * 86400;
$sqltmp = $db->delete($db_pm, "pm_date < {$timeago}");
$deleted = $db->affectedRows;
if ($deleted > 0) {
cot_log("Cleaner plugin deleted " . $deleted . " PM older than " . $cfg['plugin']['cleaner']['pmold'] . " days", 'adm');
}
}
}
foreach (cot_getextplugins('folio.first') as $pl) {
include $pl;
}
/* ===== */
if ($id > 0 || !empty($al)) {
$where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id;
$sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1");
}
if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) {
cot_die_message(404, TRUE);
}
$item = $sql->fetch();
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA');
cot_block($usr['auth_read']);
if ($item['item_state'] != 0 && !$usr['isadmin'] && $usr['id'] != $item['item_userid']) {
cot_log("Attempt to directly access an un-validated", 'sec');
cot_redirect(cot_url('message', "msg=930", '', true));
exit;
}
if ($usr['id'] != $item['item_userid'] && (!$usr['isadmin'] || $cfg['folio']['count_admin'])) {
$item['item_count']++;
$db->update($db_folio, array('item_count' => $item['item_count']), "item_id=" . (int) $item['item_id']);
}
$title_params = array('TITLE' => empty($item['item_metatitle']) ? $item['item_title'] : $item['item_metatitle'], 'CATEGORY' => $structure['folio'][$item['item_cat']]['title']);
$out['subtitle'] = cot_title($cfg['folio']['title_folio'], $title_params);
$out['desc'] = !empty($item['item_metadesc']) ? $item['item_metadesc'] : cot_cutstring(strip_tags(cot_parse($item['item_text'], $cfg['folio']['markup'], $item['item_parser'])), 160);
$out['meta_keywords'] = !empty($item['item_keywords']) ? $item['item_keywords'] : $structure['folio'][$item['item_cat']]['keywords'];
// Building the canonical URL
$pageurl_params = array('c' => $item['item_cat']);
empty($al) ? $pageurl_params['id'] = $id : ($pageurl_params['al'] = $al);
$out['canonical_uri'] = cot_url('folio', $pageurl_params);
/**
* Removes a product from the CMS.
* @param int $id Product ID
* @param array $rpage Product data
* @return boolean TRUE on success, FALSE on error
*/
function cot_market_delete($id, $ritem = array())
{
global $db, $db_market, $db_structure, $cache, $cfg, $cot_extrafields, $structure, $L;
if (!is_numeric($id) || $id <= 0) {
return false;
}
$id = (int) $id;
if (count($ritem) == 0) {
$ritem = $db->query("SELECT * FROM {$db_market} WHERE item_id = ?", $id)->fetch();
if (!$ritem) {
return false;
}
}
foreach ($cot_extrafields[$db_market] as $exfld) {
cot_extrafield_unlinkfiles($ritem['item_' . $exfld['field_name']], $exfld);
}
$db->delete($db_market, "item_id = ?", $id);
cot_log("Deleted product #" . $id, 'adm');
cot_market_sync($ritem['item_cat']);
/* === Hook === */
foreach (cot_getextplugins('market.edit.delete.done') as $pl) {
include $pl;
}
/* ===== */
return true;
}
/**
* Removes a page from the CMS.
* @param int $id Page ID
* @param array $rpage Page data
* @return boolean TRUE on success, FALSE on error
*/
function cot_page_delete($id, $rpage = array())
{
global $db, $db_pages, $db_structure, $cache, $cfg, $cot_extrafields, $structure, $L;
if (!is_numeric($id) || $id <= 0) {
return false;
}
$id = (int) $id;
if (count($rpage) == 0) {
$rpage = $db->query("SELECT * FROM {$db_pages} WHERE page_id = ?", $id)->fetch();
if (!$rpage) {
return false;
}
}
if ($rpage['page_state'] == 0) {
$db->query("UPDATE {$db_structure} SET structure_count=structure_count-1 WHERE structure_area='page' AND structure_code = ?", $rpage['page_cat']);
}
foreach ($cot_extrafields[$db_pages] as $exfld) {
cot_extrafield_unlinkfiles($rpage['page_' . $exfld['field_name']], $exfld);
}
$db->delete($db_pages, "page_id = ?", $id);
cot_log("Deleted page #" . $id, 'adm');
/* === Hook === */
foreach (cot_getextplugins('page.edit.delete.done') as $pl) {
include $pl;
}
/* ===== */
if ($cache) {
if ($cfg['cache_page']) {
$cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$rpage['page_cat']]['path']));
}
if ($cfg['cache_index']) {
$cache->page->clear('index');
}
}
return true;
}
$cfg['cache_index'] && $cache->page->clear('index');
}
if ($db->query("SELECT COUNT(*) FROM {$db_forum_posts} WHERE fp_topicid= {$q}")->fetchColumn() == 0) {
$sql_forums = $db->query("SELECT * FROM {$db_forum_topics} WHERE ft_id = {$q}");
if ($row = $sql_forums->fetch()) {
$sql_forums = $db->delete($db_forum_topics, "ft_movedto = {$q}");
$sql_forums = $db->delete($db_forum_topics, "ft_id = {$q}");
foreach ($cot_extrafields[$db_forum_topics] as $exfld) {
cot_extrafield_unlinkfiles($row['ft_' . $exfld['field_name']], $exfld);
}
/* === Hook === */
foreach (cot_getextplugins('forums.posts.emptytopicdel') as $pl) {
include $pl;
}
/* ===== */
cot_log('Delete topic #' . $q . " (no post left)", 'for');
cot_forums_sectionsetlast($s, 'fs_postcount-1', 'fs_topiccount-1');
}
cot_redirect(cot_url('forums', 'm=topics&s=' . $s, '', true));
} else {
// There's at least 1 post left, let's resync
$sql_forums = $db->query("SELECT fp_id, fp_posterid, fp_postername, fp_updated, fp_topicid FROM {$db_forum_posts}\n\t\t\tWHERE fp_topicid = ? AND fp_cat = ? ORDER BY fp_id DESC LIMIT 1", array($q, $s));
if ($row = $sql_forums->fetch()) {
$sql_forums = $db->query("UPDATE {$db_forum_topics} SET\n\t\t\t\tft_postcount=ft_postcount-1, ft_lastposterid=" . (int) $row['fp_posterid'] . ",\n\t\t\t\tft_lastpostername=" . $db->quote($row['fp_postername']) . ", ft_updated=" . (int) $row['fp_updated'] . "\n\t\t\t\tWHERE ft_id = {$q}");
cot_forums_sectionsetlast($s, 'fs_postcount-1');
cot_redirect(cot_url('forums', 'm=posts&q=' . $row['fp_topicid'] . '&d=' . $durl, '#' . $row['fp_id'], true));
}
}
}
$sql_forums = $db->query("SELECT * FROM {$db_forum_topics} WHERE ft_id= {$q}");
if ($rowt = $sql_forums->fetch()) {
/**
* Просмотр одного объявления
*/
public function adView()
{
global $structure, $Ls;
list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', 'any');
cot_block(cot::$usr['auth_read']);
$id = cot_import('id', 'G', 'INT');
$al = cot_import('al', 'G', 'TXT');
$c = cot_import('c', 'G', 'TXT');
/* === Hook === */
foreach (cot_getextplugins('advboard.first') as $pl) {
include $pl;
}
/* ===== */
if (empty($id) && empty($al)) {
cot_die_message(404, TRUE);
}
if (!empty($al)) {
$advert = advboard_model_Advert::fetchOne(array(array('alias', $al)));
} else {
$advert = advboard_model_Advert::getById($id);
}
if (!$advert) {
cot_die_message(404, TRUE);
}
list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin'], cot::$usr['auth_upload']) = cot_auth('advboard', $advert->rawValue('category'), 'RWA1');
cot_block(cot::$usr['auth_read']);
$al = empty($advert->alias) ? '' : $advert->alias;
$id = (int) $advert->id;
$category = array('config' => array());
if (isset($structure['advboard'][$advert->rawValue('category')])) {
$category = $structure['advboard'][$advert->rawValue('category')];
$category['config'] = cot::$cfg['advboard']['cat_' . $advert->rawValue('category')];
}
$category['code'] = $advert->rawValue('category');
cot::$sys['sublocation'] = $advert->title;
if (($advert->state == advboard_model_Advert::AWAITING_MODERATION || $advert->state == advboard_model_Advert::DRAFT || $advert->begin > cot::$sys['now'] || $advert->expire > 0 && cot::$sys['now'] > $advert->expire) && !$advert->canEdit()) {
cot_log("Attempt to directly access an un-validated or future/expired advboard", 'sec');
cot_die_message(403, TRUE);
}
if (!cot::$usr['isadmin'] || cot::$cfg['advboard']['count_admin']) {
$advert->inc('views');
}
$title_params = array('TITLE' => $advert->title, 'CATEGORY' => $category['title']);
cot::$out['subtitle'] = cot_title(cot::$cfg['page']['title_page'], $title_params);
cot::$out['desc'] = $advert->description;
cot::$out['keywords'] = strip_tags($category['config']['keywords']);
// Building the canonical URL
cot::$out['canonical_uri'] = $advert->url;
$template = array('advboard', 'advert', $category['tpl']);
if (!empty($advert->updated)) {
cot::$env['last_modified'] = strtotime($advert->updated);
}
$allowComments = cot_plugin_active('comments');
if ($allowComments) {
if (!isset(cot::$cfg['advboard']['cat_' . $advert->category])) {
$allowComments = false;
}
$allowComments = cot::$cfg['advboard']['cat_' . $advert->category]['enable_comments'];
}
/* === Hook === */
foreach (cot_getextplugins('advboard.main') as $pl) {
include $pl;
}
/* ===== */
// Сообщение об истечении срока публикации
$expDays = null;
if ($advert->expire > 0 && $advert->state == advboard_model_Advert::PUBLISHED) {
$diff = $advert->expire - cot::$sys['now'];
$expDays = floor($diff / 86400);
if ($advert->canEdit()) {
if (cot::$cfg['advboard']['expNotifyPeriod'] > 0) {
if ($diff < 86400 * cot::$cfg['advboard']['expNotifyPeriod'] && $diff > 0) {
if ($expDays >= 1) {
cot_message(sprintf(cot::$L['advboard_expire_soon'], cot_declension($expDays, $Ls['Days'], false, true)), 'warning');
} else {
cot_message(cot::$L['advboard_expire_today'], 'warning');
}
} elseif ($diff <= 0) {
cot_message(cot::$L['advboard_expired'], 'warning');
}
}
}
}
// Если незарег может редактировать объявление, не кешировать эту страницу
if (cot::$usr['id'] == 0 && !empty($_SESSION['advboard']) && in_array($advert->id, $_SESSION['advboard'])) {
cot::$cfg['cache_advert'] = cot::$cfg['cache_index'] = false;
}
$crumbs = cot_structure_buildpath('advboard', $advert->category);
if (cot::$cfg['advboard']['firstCrumb']) {
array_unshift($crumbs, array(cot_url('advboard'), cot::$L['advboard_ads']));
}
$crumbs[] = !empty($advert->title) ? $advert->title : cot::$L['advboard_advert'] . " #" . $advert->id;
$urlParams = array('c' => $advert->category);
if ($advert->alias != '') {
$urlParams['al'] = $advert->alias;
} else {
$urlParams['id'] = $advert->id;
}
$view = new View();
$view->breadcrumbs = cot_breadcrumbs($crumbs, cot::$cfg['homebreadcrumb'], true);
$view->page_title = $advert->title;
$view->advert = $advert;
$view->category = $category;
$view->allowComments = $allowComments;
$view->daysLeft = $expDays;
$view->urlParams = $urlParams;
/* === Hook === */
foreach (cot_getextplugins('advboard.view') as $pl) {
include $pl;
}
/* ===== */
return $view->render($template);
}
case 'announcement':
$db->update($db_forum_topics, array("ft_state" => 1, "ft_sticky" => 1), "ft_id={$q}");
cot_log("Announcement topic #" . $q, 'for');
break;
case 'bump':
cot_check_xg();
$db->update($db_forum_topics, array("ft_updated" => $sys['now']), "ft_id={$q}");
cot_forums_sectionsetlast($s);
cot_log("Bumped topic #" . $q, 'for');
break;
case 'private':
cot_log("Made topic #" . $q . " private", 'for');
$db->update($db_forum_topics, array("ft_mode" => 1), "ft_id={$q}");
break;
case 'clear':
cot_log("Resetted topic #" . $q, 'for');
$db->update($db_forum_topics, array("ft_state" => 0, "ft_sticky" => 0, "ft_mode" => 0), "ft_id={$q}");
break;
}
cot_redirect(cot_url('forums', "m=topics&s=" . $s, '', true));
}
/* === Hook === */
foreach (cot_getextplugins('forums.topics.first') as $pl) {
include $pl;
}
/* ===== */
require_once cot_incfile('forms');
$structure['forums'][$s]['desc'] = cot_parse_autourls($structure['forums'][$s]['desc']);
$title_params = array('FORUM' => $L['Forums'], 'SECTION' => $structure['forums'][$s]['title']);
$out['subtitle'] = cot_title($cfg['forums']['title_topics'], $title_params);
$out['desc'] = htmlspecialchars(strip_tags($structure['forums'][$s]['desc']));
}
if (!$id && empty($al) || !$sql_page || $sql_page->rowCount() == 0) {
cot_die_message(404, TRUE);
}
$pag = $sql_page->fetch();
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin'], $usr['auth_download']) = cot_auth('page', $pag['page_cat'], 'RWA1');
cot_block($usr['auth_read']);
$al = empty($pag['page_alias']) ? '' : $pag['page_alias'];
$id = (int) $pag['page_id'];
$cat = $structure['page'][$pag['page_cat']];
$sys['sublocation'] = $pag['page_title'];
$pag['page_begin_noformat'] = $pag['page_begin'];
$pag['page_tab'] = empty($pg) ? 0 : $pg;
$pag['page_pageurl'] = empty($al) ? cot_url('page', array('c' => $pag['page_cat'], 'id' => $id)) : cot_url('page', array('c' => $pag['page_cat'], 'al' => $al));
if (($pag['page_state'] == 1 || $pag['page_state'] == 2 || $pag['page_begin'] > $sys['now'] || $pag['page_expire'] > 0 && $sys['now'] > $pag['page_expire']) && (!$usr['isadmin'] && $usr['id'] != $pag['page_ownerid'])) {
cot_log("Attempt to directly access an un-validated or future/expired page", 'sec');
cot_die_message(403, TRUE);
}
if (mb_substr($pag['page_text'], 0, 6) == 'redir:') {
$env['status'] = '303 See Other';
$redir = trim(str_replace('redir:', '', $pag['page_text']));
$sql_page_update = $db->query("UPDATE {$db_pages} SET page_filecount=page_filecount+1 WHERE page_id={$id}");
header('Location: ' . (preg_match('#^(http|ftp)s?://#', $redir) ? '' : COT_ABSOLUTE_URL) . $redir);
exit;
} elseif (mb_substr($pag['page_text'], 0, 8) == 'include:') {
$pag['page_text'] = cot_readraw('datas/html/' . trim(mb_substr($pag['page_text'], 8, 255)));
}
if ($pag['page_file'] && $a == 'dl' && ($pag['page_file'] == 2 && $usr['auth_download'] || $pag['page_file'] == 1)) {
/* === Hook === */
foreach (cot_getextplugins('page.download.first') as $pl) {
include $pl;
protected function afterUpdate()
{
global $structure;
cot_log("Edited banner # {$this->_data['id']} - {$this->_data['title']}", 'adm');
// Обновить структуру, если она изменилась
if (!empty($this->_oldData['category'])) {
$count = brs_model_Banner::count(array(array('category', $this->_data['category'])));
static::$_db->update(cot::$db->structure, array('structure_count' => $count), "structure_area='brs' AND structure_code=?", $this->_data['category']);
if (!empty($structure['brs'][$this->_oldData['category']])) {
$count = brs_model_Banner::count(array(array('category', $this->_oldData['category'])));
static::$_db->update(cot::$db->structure, array('structure_count' => $count), "structure_area='brs' AND structure_code = ?", $this->_oldData['category']);
}
cot::$cache && cot::$cache->db->remove('structure', 'system');
}
return parent::afterUpdate();
}
cot_setcookie($sys['site_id'], $u, time() + $cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true);
unset($_SESSION[$sys['site_id']]);
} else {
$_SESSION[$sys['site_id']] = $u;
}
/* === Hook === */
foreach (cot_getextplugins('users.auth.check.done') as $pl) {
include $pl;
}
/* ===== */
cot_uriredir_apply($cfg['redirbkonlogin']);
cot_uriredir_redirect(empty($redirect) ? cot_url('index') : base64_decode($redirect));
} else {
$env['status'] = '401 Unauthorized';
cot_shield_update(7, "Log in");
cot_log("Log in failed, user : " . $rusername, 'usr');
/* === Hook === */
foreach (cot_getextplugins('users.auth.check.fail') as $pl) {
include $pl;
}
/* ===== */
cot_redirect(cot_url('message', 'msg=151', '', true));
}
}
/* === Hook === */
foreach (cot_getextplugins('users.auth.main') as $pl) {
include $pl;
}
/* ===== */
$out['subtitle'] = $L['aut_logintitle'];
$out['head'] .= $R['code_noindex'];
$validationkey = md5(microtime());
$newpass = cot_randomstring();
$ruserpass = array();
$ruserpass['user_passsalt'] = cot_unique(16);
$ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
$ruserpass['user_password'] = cot_hash($newpass, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
$ruserpass['user_lostpass'] = $validationkey;
$sql = $db->update($db_users, $ruserpass, "user_id={$ruserid}");
$rsubject = $L['pasrec_title'];
$rbody = $L['Hi'] . " " . $rusername . ",\n\n" . $L['pasrec_email2'] . "\n\n" . $newpass . "\n\n" . $L['aut_contactadmin'];
cot_mail($rusermail, $rsubject, $rbody);
$msg = 'auth';
} else {
$env['status'] = '403 Forbidden';
cot_shield_update(7, "Log in");
cot_log("Pass recovery failed, user : " . $rusername);
cot_redirect(cot_url('message', 'msg=151', '', true));
}
}
$out['subtitle'] = $L['pasrec_title'];
$out['head'] .= $R['code_noindex'];
$title[] = $L['pasrec_title'];
$mskin = cot_tplfile('users.passrecover', 'module');
/* === Hook === */
foreach (cot_getextplugins('users.passrecover.main') as $pl) {
include $pl;
}
/* ===== */
require_once $cfg['system_dir'] . '/header.php';
$t = new XTemplate($mskin);
$t->assign(array('PASSRECOVER_TITLE' => cot_breadcrumbs($title, $cfg['homebreadcrumb']), 'PASSRECOVER_URL_FORM' => cot_url('users', 'm=passrecover&a=request')));
<?php
/* ====================
[BEGIN_COT_EXT]
Hooks=admin.home
[END_COT_EXT]
==================== */
/**
* Trashcan delete old
*
* @package TrashCan
* @copyright (c) Cotonti Team
* @license https://github.com/Cotonti/Cotonti/blob/master/License.txt
*/
defined('COT_CODE') or die('Wrong URL');
require_once cot_incfile('trashcan', 'plug');
if ($cfg['plugin']['trashcan']['trash_prunedelay'] > 0) {
$timeago = $sys['now'] - $cfg['plugin']['trashcan']['trash_prunedelay'] * 86400;
$sqltmp = $db->delete($db_trash, "tr_date < {$timeago}");
$deleted = $db->affectedRows;
if ($deleted > 0) {
cot_log($deleted . ' old item(s) removed from the trashcan, older than ' . $cfg['plugin']['trashcan']['trash_prunedelay'] . ' days', 'adm');
}
}
/**
* Removes a project from the CMS.
* @param int $id Project ID
* @param array $rpage Project data
* @return boolean TRUE on success, FALSE on error
*/
function cot_projects_delete($id, $ritem = array())
{
global $db, $db_projects, $db_projects_offers, $db_projects_posts, $cot_extrafields;
if (!is_numeric($id) || $id <= 0) {
return false;
}
$id = (int) $id;
if (count($ritem) == 0) {
$ritem = $db->query("SELECT * FROM {$db_projects} WHERE item_id = ?", $id)->fetch();
if (!$ritem) {
return false;
}
}
foreach ($cot_extrafields[$db_projects] as $exfld) {
cot_extrafield_unlinkfiles($ritem['item_' . $exfld['field_name']], $exfld);
}
$db->delete($db_projects, "item_id = ?", $id);
$db->delete($db_projects_offers, "offer_pid = ?", $id);
$db->delete($db_projects_posts, "post_pid = ?", $id);
cot_log("Deleted project #" . $id, 'adm');
cot_projects_sync($ritem['item_cat']);
/* === Hook === */
foreach (cot_getextplugins('projects.edit.delete.done') as $pl) {
include $pl;
}
/* ===== */
return true;
}
include $pl;
}
/* ===== */
cot_blockguests();
cot_check_xg();
isset($structure['forums'][$s]) || cot_die();
$sql_forums = $db->query("SELECT * FROM {$db_forum_posts} WHERE fp_id = ? and fp_topicid = ? and fp_cat = ?", array($p, $q, $s));
if ($rowpost = $sql_forums->fetch()) {
list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('forums', $s);
/* === Hook === */
foreach (cot_getextplugins('forums.editpost.rights') as $pl) {
include $pl;
}
/* ===== */
if (!$usr['isadmin'] && ($rowpost['fp_posterid'] != $usr['id'] || $cfg['forums']['edittimeout'] != '0' && $sys['now'] - $rowpost['fp_creation'] > $cfg['forums']['edittimeout'] * 3600)) {
cot_log('Attempt to edit a post without rights', 'sec');
cot_die();
}
cot_block($usr['auth_read']);
} else {
cot_die();
}
$is_first_post = $p == $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = ? ORDER BY fp_id ASC LIMIT 1", array($q))->fetchColumn();
$sql_forums = $db->query("SELECT ft_state, ft_mode, ft_title, ft_desc FROM {$db_forum_topics} WHERE ft_id = {$q} LIMIT 1");
if ($rowt = $sql_forums->fetch()) {
if ($rowt['ft_state'] && !$usr['isadmin']) {
cot_die_message(603, true);
}
} else {
cot_die(true, true);
}
}
}
if ($ruser['user_maingrp'] == COT_GROUP_MEMBERS && $urr['user_maingrp'] == COT_GROUP_INACTIVE) {
$rsubject = $L['useed_accountactivated'];
$rbody = $L['Hi'] . " " . $urr['user_name'] . ",\n\n";
$rbody .= $L['useed_email'];
$rbody .= $L['auth_contactadmin'];
cot_mail($urr['user_email'], $rsubject, $rbody);
}
/* === Hook === */
foreach (cot_getextplugins('users.edit.update.done') as $pl) {
include $pl;
}
/* ===== */
cot_auth_clear($id);
cot_log("Edited user #" . $id, 'adm');
cot_message('User_data_updated');
cot_redirect(cot_url('users', "m=edit&id=" . $id, '', true));
} else {
cot_redirect(cot_url('users', "m=edit&id={$id}", '', true));
}
}
$sql = $db->query("SELECT * FROM {$db_users} WHERE user_id={$id} LIMIT 1");
$urr = $sql->fetch();
$title_params = array('EDIT' => $L['Edit'], 'NAME' => $urr['user_name']);
$out['subtitle'] = cot_title('{EDIT} - {NAME}', $title_params);
$out['head'] .= $R['code_noindex'];
$mskin = cot_tplfile(array('users', 'edit', $usr['maingrp']), 'module');
/* === Hook === */
foreach (cot_getextplugins('users.edit.main') as $pl) {
include $pl;
$sql = $db->delete($db_groups_users, "gru_userid='" . $row['user_id'] . "'");
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.register.validate.rejected') as $pl) {
include $pl;
}
/* ===== */
cot_redirect(cot_url('message', 'msg=109', '', true));
}
} elseif ($row['user_maingrp'] == -1) {
$sql = $db->update($db_users, array('user_maingrp' => $row['user_sid']), "user_id='" . $row['user_id'] . "' AND user_lostpass='******'");
cot_redirect(cot_url('message', 'msg=106', '', true));
}
} else {
$env['status'] = '403 Forbidden';
cot_shield_update(7, "Account validation");
cot_log("Wrong validation URL", 'sec');
cot_redirect(cot_url('message', 'msg=157', '', true));
}
}
$mskin = cot_tplfile('users.register', 'module');
/* === Hook === */
foreach (cot_getextplugins('users.register.main') as $pl) {
include $pl;
}
/* ===== */
$out['subtitle'] = $L['aut_registertitle'];
$out['head'] .= $R['code_noindex'];
require_once $cfg['system_dir'] . '/header.php';
$t = new XTemplate($mskin);
require_once cot_incfile('forms');
$t->assign(array('USERS_REGISTER_TITLE' => $L['aut_registertitle'], 'USERS_REGISTER_SUBTITLE' => $L['aut_registersubtitle'], 'USERS_REGISTER_ADMINEMAIL' => $cot_adminemail, 'USERS_REGISTER_SEND' => cot_url('users', 'm=register&a=add'), 'USERS_REGISTER_USER' => cot_inputbox('text', 'rusername', $ruser['user_name'], array('size' => 24, 'maxlength' => 100)), 'USERS_REGISTER_EMAIL' => cot_inputbox('text', 'ruseremail', $ruser['user_email'], array('size' => 24, 'maxlength' => 64)), 'USERS_REGISTER_PASSWORD' => cot_inputbox('password', 'rpassword1', '', array('size' => 12, 'maxlength' => 32)), 'USERS_REGISTER_PASSWORDREPEAT' => cot_inputbox('password', 'rpassword2', '', array('size' => 12, 'maxlength' => 32)), 'USERS_REGISTER_COUNTRY' => cot_selectbox_countries($ruser['user_country'], 'rcountry'), 'USERS_REGISTER_TIMEZONE' => cot_selectbox_timezone($ruser['user_timezone'], 'rusertimezone'), 'USERS_REGISTER_GENDER' => cot_selectbox_gender($ruser['user_gender'], 'rusergender'), 'USERS_REGISTER_BIRTHDATE' => cot_selectbox_date(0, 'short', 'ruserbirthdate', cot_date('Y', $sys['now']), cot_date('Y', $sys['now']) - 100, false)));
/**
* Restores a trash item
*
* @param int $id Trash item ID
* @return bool Operation success or failure
*/
function cot_trash_restore($id)
{
global $db, $db_trash, $trash_types;
/* === Hook === */
foreach (cot_getextplugins('trash.restore.first') as $pl) {
include $pl;
}
/* ===== */
$id = (int) $id;
$tsql = $db->query("SELECT * FROM {$db_trash} WHERE tr_id={$id} LIMIT 1");
if ($res = $tsql->fetch()) {
$data = unserialize($res['tr_datas']);
$type = $res['tr_type'];
$restore = true;
$databasename = isset($trash_types[$type]) ? $trash_types[$type] : $type;
if (isset($trash_types[$type]) && function_exists('cot_trash_' . $type . '_check')) {
$check = 'cot_trash_' . $type . '_check';
$restore = $check($data);
}
$rsql = $db->query("SELECT * FROM {$databasename} WHERE 1 LIMIT 1");
if ($rrow = $rsql->fetch()) {
$arraydiff = array_diff_key($data, $rrow);
foreach ($arraydiff as $key => $val) {
unset($data[$key]);
}
if (count($data) == 0 && $restore) {
$restore = false;
}
}
if ($restore) {
$sql = $db->insert($databasename, $data);
cot_log("{$type} #" . $res['tr_itemid'] . " restored from the trash can.", 'adm');
if (isset($trash_types[$type]) && function_exists('cot_trash_' . $type . '_sync')) {
$resync = 'cot_trash_' . $type . '_sync';
$resync($data);
}
if ($sql > 0) {
$db->delete($db_trash, "tr_id='" . $res['tr_id'] . "'");
$sql2 = $db->query("SELECT tr_id FROM {$db_trash} WHERE tr_parentid='" . (int) $res['tr_id'] . "'");
while ($row2 = $sql2->fetch()) {
cot_trash_restore($row2['tr_id']);
}
$sql2->closeCursor();
}
}
/* === Hook === */
foreach (cot_getextplugins('trash.restore.done') as $pl) {
include $pl;
}
/* ===== */
return $sql;
}
return false;
}
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=users.auth.check.done
* [END_COT_EXT]
*/
defined('COT_CODE') or die('Wrong URL.');
if ($cfg['plugin']['regpay']['summ'] > 0) {
require_once cot_langfile('regpay', 'plug');
$urr = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $ruserid)->fetch();
if ($urr['user_logcount'] == 1) {
$payinfo['pay_userid'] = $urr['user_id'];
$payinfo['pay_area'] = 'balance';
$payinfo['pay_code'] = 'register';
$payinfo['pay_summ'] = $cfg['plugin']['regpay']['summ'];
$payinfo['pay_cdate'] = $sys['now'];
$payinfo['pay_pdate'] = $sys['now'];
$payinfo['pay_adate'] = $sys['now'];
$payinfo['pay_status'] = 'done';
$payinfo['pay_desc'] = $L['regpay_payments_desc'];
if ($db->insert($db_payments, $payinfo)) {
cot_mail($urr['user_email'], $L['regpay_mail_subject'], sprintf($L['regpay_mail_body'], $urr['user_name']));
cot_log("Payment for register");
}
}
}
<?php
/**
* [BEGIN_COT_EXT]
* Hooks=users.auth.check.done
* [END_COT_EXT]
*/
defined('COT_CODE') or die('Wrong URL.');
if ($cfg['plugin']['regpro']['protime'] > 0) {
require_once cot_langfile('regpro', 'plug');
$urr = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $ruserid)->fetch();
if ($urr['user_logcount'] == 1) {
$upro = cot_getuserpro($ruserid);
$initialtime = $upro > $sys['now'] ? $upro : $sys['now'];
$rproexpire = $initialtime + $cfg['plugin']['regpro']['protime'] * 24 * 60 * 60;
if ($db->update($db_users, array('user_pro' => (int) $rproexpire), "user_id=" . (int) $ruserid)) {
cot_mail($urr['user_email'], $L['regpro_mail_subject'], sprintf($L['regpro_mail_body'], $urr['user_name']));
cot_log("Pro for register");
}
}
}
