} else {
$msg = '';
}
$recipient = new GeographUser($_REQUEST['to']);
$from_name = !empty($_REQUEST['from_name']) ? stripslashes($_REQUEST['from_name']) : die('ERROR: no name');
$from_email = !empty($_REQUEST['from_email']) ? stripslashes($_REQUEST['from_email']) : die('ERROR: no email');
$domain = !empty($_REQUEST['domain']) && preg_match('/^[\\w.]+$/', $_REQUEST['domain']) ? stripslashes($_REQUEST['domain']) : die('ERROR: no domain');
$msg = !empty($_REQUEST['message']) ? $msg . stripslashes($_REQUEST['message']) : die('ERROR: no message');
#$msg = preg_replace("/[^\r]\n/","\r\n",$msg);
$ok = true;
$errors = array();
if (!isValidEmailAddress($from_email)) {
$ok = false;
$errors['from_email'] = 'Please specify a valid email address';
}
if (!isValidRealName($from_name)) {
$ok = false;
$errors['from_name'] = 'Only letters A-Z, a-z, hyphens and apostrophes allowed';
}
if (strlen($msg) == 0) {
$ok = false;
$errors['msg'] = "Please enter a message to send";
}
if (isSpam($msg)) {
$ok = false;
$errors['msg'] = "Sorry, this looks like spam";
}
if (!$ok) {
die("ERROR: " . implode('. ', $errors));
}
$smarty->assign_by_ref('msg', $msg);
$ok = true;
$msg = htmlentities(trim(stripslashes($_POST['msg'])));
$errors = array();
if (!isValidEmailAddress($from_email)) {
$ok = false;
$errors['from_email'] = $MESSAGES['ecard']['email_invalid'];
}
if (!isValidRealName($from_name)) {
$ok = false;
$errors['from_name'] = $MESSAGES['ecard']['name_chars'];
}
if (!isValidEmailAddress($to_email)) {
$ok = false;
$errors['to_email'] = $MESSAGES['ecard']['email_invalid'];
}
if (!isValidRealName($to_name)) {
$ok = false;
$errors['to_name'] = $MESSAGES['ecard']['name_chars'];
}
if (strlen($msg) == 0) {
$ok = false;
$errors['msg'] = $MESSAGES['ecard']['empty_message'];
}
$smarty->assign_by_ref('errors', $errors);
$smarty->assign_by_ref('msg', html_entity_decode($msg));
//will be re-htmlentities'ed when output
$smarty->assign_by_ref('charset', $CONF['mail_charset']);
$smarty->assign_by_ref('contactmail', $CONF['abuse_email']);
$enc_from_name = mb_encode_mimeheader($from_name, $CONF['mail_charset'], $CONF['mail_transferencoding']);
$enc_to_name = mb_encode_mimeheader($to_name, $CONF['mail_charset'], $CONF['mail_transferencoding']);
//still ok?
/**
* force inline login if user isn't authenticated
* only return after successful login
*/
function login($inline = true)
{
global $MESSAGES;
$logged_in = false;
if (!$this->registered) {
$errors = array();
//lets see if we are processing a login?
if (isset($_POST['email'])) {
$email = stripslashes(trim($_POST['email']));
$password = stripslashes(trim($_POST['password']));
$remember_me = isset($_POST['remember_me']) ? 1 : 0;
$db = $this->_getDB();
$sql = "";
if (isValidEmailAddress($email)) {
$sql = 'select * from user where email=' . $db->Quote($email) . ' limit 1';
} elseif (isValidRealName($email)) {
$sql = 'select * from user where nickname=' . $db->Quote($email) . ' limit 1';
}
if (strlen($sql)) {
//user registered?
$arr = $db->GetRow($sql);
if (count($arr)) {
$md5password = hash_hmac('md5', $password, $arr['salt']);
//passwords match?
if ($arr['password'] == $md5password) {
//final test = if they have no rights, they haven't confirmed
//their registration
if (strlen($arr['rights'])) {
//copy user fields into this object
foreach ($arr as $name => $value) {
if (!is_numeric($name)) {
$this->{$name} = $value;
}
}
//temporary nickname fix for beta accounts
if (strlen($this->nickname) == 0) {
$this->nickname = str_replace(" ", "", $this->realname);
}
//give user a remember me cookie?
if ($remember_me) {
$token = md5(uniqid(rand(), 1));
$db->query("insert into autologin(user_id,token) values ('{$this->user_id}', '{$token}')");
setcookie('autologin', $this->user_id . '_' . $token, time() + 3600 * 24 * 365, '/');
}
//we're changing privilege state, so we should
//generate a new session id to avoid fixation attacks
session_regenerate_id();
$this->registered = true;
$logged_in = true;
//log into forum too
$this->_forumLogin();
if (isset($_SESSION['maptt'])) {
unset($_SESSION['maptt']);
}
} else {
$errors['general'] = sprintf($MESSAGES['class_user']['must_confirm'], $email);
}
} else {
//speak friend and enter
$errors['password'] = $MESSAGES['class_user']['invalid_password'];
}
} else {
//sorry son, your name's not on the list
$errors['email'] = $MESSAGES['class_user']['user_unknown'];
}
} else {
$errors['email'] = $MESSAGES['class_user']['user_invalid'];
}
}
//failure to login means we never return - we show a login page
//instead...
if (!$logged_in) {
$smarty = new GeoGraphPage();
$smarty->assign('remember_me', isset($_COOKIE['autologin']) ? 1 : 0);
$smarty->assign('inline', $inline);
$smarty->assign('email', $email);
$smarty->assign('password', $password);
$smarty->assign('errors', $errors);
$smarty->assign_by_ref('_post', $_POST);
$smarty->display('login.tpl');
exit;
}
} else {
$logged_in = true;
}
//we're logged in
return $logged_in;
}
# }
#
# $smarty->assign_by_ref("notification",$n);
#
# }
#
#}
if ($template == 'profile.tpl') {
//assume viewing logged in user
$uid = $USER->user_id;
//see if we were passed a param
if (isset($_GET['u']) && preg_match('/^[0-9]+$/', $_GET['u'])) {
$uid = $_GET['u'];
} elseif (isset($_GET['id']) && preg_match('/^[0-9]+$/', $_GET['id'])) {
$uid = $_GET['id'];
} elseif (isset($_GET['user']) && isValidRealName($_GET['user'])) {
if ($_GET['user'] == $USER->nickname) {
$uid = $USER->user_id;
} else {
$profile = new GeographUser();
$profile->loadByNickname($_GET['user']);
$uid = $profile->user_id;
}
if ($uid == 0) {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
$smarty->display('static_404.tpl');
exit;
}
}
if ($uid == 0 || $uid == $USER->user_id) {
if (isset($_SESSION['gameToken'])) {
$game->setToken($_SESSION['gameToken']);
} elseif (isset($_REQUEST['token'])) {
$game->setToken($_REQUEST['token']);
}
if (isset($_REQUEST['debug']) && $USER->hasPerm('admin')) {
print_r($game);
}
if (!empty($game->image)) {
unset($game->image);
}
if (!empty($game->rastermap)) {
unset($game->rastermap);
}
if (!empty($_REQUEST['save']) && ($USER->registered || !empty($_REQUEST['username']))) {
if (!empty($_REQUEST['username']) && !isValidRealName($_REQUEST['username'])) {
$smarty->assign('errormsg', "Please only use only letters and numbers in your name, in particular you should not enter an email address");
} else {
$app = $game->saveScore($_REQUEST['save'], !empty($_REQUEST['username']) ? $_REQUEST['username'] : '');
if (isset($_SESSION['gameToken'])) {
unset($_SESSION['gameToken']);
}
if (!empty($_REQUEST['username'])) {
$_SESSION['username'] = $_REQUEST['username'];
}
if ($app) {
header("Location: /games/moversboard.php?g={$game->game_id}&more");
} else {
header("Location: /games/");
}
exit;
