/**
* Send an mail to the mailing list. We also attempt to intercept any form injection
* attacks by slime ball spammers. Returns error message if send failure.
*
* @param string $subject The subject of the email.
* @param string $message The message contents of the email.
* @param array $email_list a list of email addresses to send to
* @param array $cc_addresses a list of addresses to send copies to.
* @param array $bcc_addresses a list of addresses to send blind copies to.
* @param string $replyTo reply-to address
*
* @return string
*
* @author Todd Papaioannou (lucky@luckyspin.org)
* @since 1.0.0
*/
function zp_mail($subject, $message, $email_list = NULL, $cc_addresses = NULL, $bcc_addresses = NULL, $replyTo = NULL)
{
global $_zp_authority, $_zp_gallery, $_zp_UTF8;
$result = '';
if ($replyTo) {
$t = $replyTo;
if (!is_valid_email_zp($m = array_shift($t))) {
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result .= sprintf(gettext('Invalid “reply-to” mail address %s.'), $m);
}
}
if (is_null($email_list)) {
$email_list = $_zp_authority->getAdminEmail();
} else {
foreach ($email_list as $key => $email) {
if (!is_valid_email_zp($email)) {
unset($email_list[$key]);
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result .= ' ' . sprintf(gettext('Invalid “to” mail address %s.'), $email);
}
}
}
if (is_null($cc_addresses)) {
$cc_addresses = array();
} else {
if (empty($email_list) && !empty($cc_addresses)) {
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result .= ' ' . gettext('“cc” list provided without “to” address list.');
return $result;
}
foreach ($cc_addresses as $key => $email) {
if (!is_valid_email_zp($email)) {
unset($cc_addresses[$key]);
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result = ' ' . sprintf(gettext('Invalid “cc” mail address %s.'), $email);
}
}
}
if (is_null($bcc_addresses)) {
$bcc_addresses = array();
} else {
foreach ($bcc_addresses as $key => $email) {
if (!is_valid_email_zp($email)) {
unset($bcc_addresses[$key]);
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result = ' ' . sprintf(gettext('Invalid “bcc” mail address %s.'), $email);
}
}
}
if (count($email_list) + count($bcc_addresses) > 0) {
if (zp_has_filter('sendmail')) {
$from_mail = getOption('site_email');
$from_name = get_language_string(getOption('site_email_name'));
// Convert to UTF-8
if (LOCAL_CHARSET != 'UTF-8') {
$subject = $_zp_UTF8->convert($subject, LOCAL_CHARSET);
$message = $_zp_UTF8->convert($message, LOCAL_CHARSET);
}
// we do not support rich text
$message = preg_replace('~<p[^>]*>~', "\n", $message);
// Replace the start <p> or <p attr="">
$message = preg_replace('~</p>~', "\n", $message);
// Replace the end
$message = preg_replace('~<br[^>]*>~', "\n", $message);
// Replace <br> or <br ...>
$message = preg_replace('~<ol[^>]*>~', "", $message);
// Replace the start <ol> or <ol attr="">
$message = preg_replace('~</ol>~', "", $message);
// Replace the end
$message = preg_replace('~<ul[^>]*>~', "", $message);
// Replace the start <ul> or <ul attr="">
$message = preg_replace('~</ul>~', "", $message);
// Replace the end
$message = preg_replace('~<li[^>]*>~', ".\t", $message);
// Replace the start <li> or <li attr="">
$message = preg_replace('~</li>~', "", $message);
// Replace the end
$message = getBare($message);
$message = preg_replace('~\\n\\n\\n+~', "\n\n", $message);
// Send the mail
if (count($email_list) > 0) {
$result = zp_apply_filter('sendmail', '', $email_list, $subject, $message, $from_mail, $from_name, $cc_addresses, $replyTo);
// will be true if all mailers succeeded
}
if (count($bcc_addresses) > 0) {
foreach ($bcc_addresses as $bcc) {
$result = zp_apply_filter('sendmail', '', array($bcc), $subject, $message, $from_mail, $from_name, array(), $replyTo);
// will be true if all mailers succeeded
}
}
} else {
$result = gettext('Mail send failed. There is no mail handler configured.');
}
} else {
if (empty($result)) {
$result = gettext('Mail send failed.');
}
$result .= ' ' . gettext('No “to” address list provided.');
}
return $result;
}
/**
* Check if an e-mail address has been provided
* @param $updated
* @param $userobj
* @param $i
* @param $alter
*/
static function save_custom($updated, $userobj, $i, $alter)
{
global $_notification_sent;
if ($userobj->getGroup() == 'federated_verify' && is_valid_email_zp($userobj->getEmail())) {
$userobj->save();
$admin_e = $userobj->getEmail();
$user = $userobj->getUser();
$key = bin2hex(serialize(array('user' => $user, 'email' => $admin_e, 'date' => time())));
$link = FULLWEBPATH . '/index.php?verify_federated_user='******'Visit %s to validate your federated logon credentials.'), $link);
zp_mail(get_language_string(gettext('Federated user confirmation')), $message, array($user => $admin_e));
}
return $updated;
}
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim($_POST['adminpass_2'])) {
if (empty($pass)) {
$pwd = null;
} else {
$pwd = passwordHash($_POST['adminuser'], $pass);
}
$notify = '';
$currentadmins = getAdministrators();
foreach ($currentadmins as $admin) {
if ($admin['user'] == $user) {
$notify = 'exists';
break;
}
}
if (!is_valid_email_zp($admin_e)) {
$notify = 'invalidemail';
}
if (empty($notify)) {
saveAdmin($user, $pwd, $admin_n, $admin_e, 0, NULL);
$link = FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
$message = sprintf(gettext('You have received this email because you registered on the site. To complete your registration visit %s.'), $link);
$headers = "From: " . get_language_string(getOption('gallery_title'), getOption('locale')) . "<zenphoto@" . $_SERVER['SERVER_NAME'] . ">";
$_zp_UTF8->send_mail($admin_e, gettext('Registration confirmation'), $message, $headers);
$notify = 'accepted';
}
} else {
$notify = 'mismatch';
}
} else {
$notify = 'incomplete';
/**
* Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail address and website URL and also supports CAPTCHA.
* The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed.
*
* @param string $subject_override set to override the subject.
*/
function printContactForm($subject_override = '')
{
global $_zp_UTF8, $_zp_captcha, $_processing_post, $_zp_current_admin_obj;
$error = array();
if (isset($_POST['sendmail'])) {
$mailcontent = array();
$mailcontent['title'] = getField('title');
$mailcontent['name'] = getField('name');
$mailcontent['company'] = getField('company');
$mailcontent['street'] = getField('street');
$mailcontent['city'] = getField('city');
$mailcontent['state'] = getField('state');
$mailcontent['postal'] = getField('postal');
$mailcontent['country'] = getField('country');
$mailcontent['email'] = getField('email');
$mailcontent['website'] = getField('website');
$mailcontent['phone'] = getField('phone');
$mailcontent['subject'] = getField('subject');
$mailcontent['message'] = getField('message', 1);
// if you want other required fields or less add/modify their checks here
if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) {
$error[1] = gettext("a title");
}
if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) {
$error[2] = gettext("a name");
}
if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) {
$error[3] = gettext("a company");
}
if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) {
$error[4] = gettext("a street");
}
if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) {
$error[5] = gettext("a city");
}
if (getOption('contactform_state') == "required" && empty($mailcontent['state'])) {
$error[5] = gettext("a state");
}
if (getOption('contactform_postal') == "required" && empty($mailcontent['postal'])) {
$error[5] = gettext("a postal code");
}
if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) {
$error[6] = gettext("a country");
}
if (getOption('contactform_email') == "required" && (empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email']))) {
$error[7] = gettext("a valid email address");
}
if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) {
$error[8] = gettext('a website');
} else {
if (!empty($mailcontent['website'])) {
if (substr($mailcontent['website'], 0, 7) != "http://") {
$mailcontent['website'] = "http://" . $mailcontent['website'];
}
}
}
if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) {
$error[9] = gettext("a phone number");
}
if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) {
$error[10] = gettext("a subject");
}
if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) {
$error[11] = gettext("a message");
}
// CAPTCHA start
if (getOption("contactform_captcha")) {
$code_ok = trim(sanitize($_POST['code_h']));
$code = trim(sanitize($_POST['code']));
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$error[5] = gettext("the correct CAPTCHA verification code");
}
// no ticket
}
// CAPTCHA end
// If required fields are empty or not valide print note
if (count($error) != 0) {
?>
<div class="errorbox">
<h2>
<?php
$err = $error;
switch (count($err)) {
case 1:
printf(gettext('Please enter %s. Thanks.'), array_shift($err));
break;
case 2:
printf(gettext('Please enter %1$s and %2$s. Thanks.'), array_shift($err), array_shift($err));
break;
default:
$list = '<ul class="errorlist">';
foreach ($err as $item) {
$list .= '<li>' . $item . '</li>';
}
$list .= '</ul>';
printf(gettext('Please enter: %sThanks.'), $list);
break;
}
?>
</h2>
</div>
<?php
} else {
$mailaddress = $mailcontent['email'];
$name = $mailcontent['name'];
$subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")";
$message = $mailcontent['message'] . "\n\n";
if (!empty($mailcontent['title'])) {
$message .= $mailcontent['title'];
}
if (!empty($mailcontent['name'])) {
$message .= $mailcontent['name'] . "\n";
}
if (!empty($mailcontent['company'])) {
$message .= $mailcontent['company'] . "\n";
}
if (!empty($mailcontent['street'])) {
$message .= $mailcontent['street'] . "\n";
}
if (!empty($mailcontent['city'])) {
$message .= $mailcontent['city'] . "\n";
}
if (!empty($mailcontent['state'])) {
$message .= $mailcontent['state'] . "\n";
}
if (!empty($mailcontent['postal'])) {
$message .= $mailcontent['postal'] . "\n";
}
if (!empty($mailcontent['country'])) {
$message .= $mailcontent['country'] . "\n";
}
if (!empty($mailcontent['email'])) {
$message .= $mailcontent['email'] . "\n";
}
if (!empty($mailcontent['phone'])) {
$message .= $mailcontent['phone'] . "\n";
}
if (!empty($mailcontent['website'])) {
$message .= $mailcontent['website'] . "\n";
}
$message .= "\n\n";
if (getOption('contactform_confirm')) {
echo get_language_string(getOption("contactform_confirmtext"));
if (getOption('contactform_sendcopy')) {
echo get_language_string(getOption("contactform_sendcopy_text"));
}
?>
<div>
<?php
$_processing_post = true;
include getPlugin('contact_form/form.php', true);
?>
<form id="confirm" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8" style="float: left">
<input type="hidden" id="confirm" name="confirm" value="confirm" />
<input type="hidden" id="name" name="name" value="<?php
echo html_encode($name);
?>
" />
<input type="hidden" id="subject" name="subject" value="<?php
echo html_encode($subject);
?>
" />
<input type="hidden" id="message" name="message" value="<?php
echo html_encode($message);
?>
" />
<input type="hidden" id="mailaddress" name="mailaddress" value="<?php
echo html_encode($mailaddress);
?>
" />
<input type="submit" value="<?php
echo gettext("Confirm");
?>
" />
</form>
<form id="discard" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8">
<input type="hidden" id="discard" name="discard" value="discard" />
<input type="submit" value="<?php
echo gettext("Discard");
?>
" />
</form>
</div>
<?php
return;
} else {
// simulate confirmation action
$_POST['confirm'] = true;
$_POST['subject'] = $subject;
$_POST['message'] = $message;
$_POST['mailaddress'] = $mailaddress;
$_POST['name'] = $name;
}
}
}
if (isset($_POST['confirm'])) {
$subject = sanitize($_POST['subject']);
$message = sanitize($_POST['message'], 1);
$mailaddress = sanitize($_POST['mailaddress']);
$name = sanitize($_POST['name']);
$contactform_mailinglist = getOption("contactform_mailaddress");
$mailinglist = explode(';', $contactform_mailinglist);
if (getOption('contactform_sendcopy')) {
$sendcopy = array($name => $mailaddress);
} else {
$sendcopy = NULL;
}
$err_msg = zp_mail($subject, $message, $mailinglist, $sendcopy);
if ($err_msg) {
$msgs = explode('.', $err_msg);
unset($msgs[0]);
// the "mail send failed" text
unset($msgs[count($msgs)]);
// a trailing empty one
?>
<div class="errorbox">
<strong><?php
echo ngettext('Error sending mail:', 'Errors sending mail:', count($msgs));
?>
</strong>
<ul class="errorlist">
<?php
foreach ($msgs as $line) {
echo '<li>' . trim($line) . '</li>';
}
?>
</ul>
</div>
<?php
} else {
echo get_language_string(getOption("contactform_thankstext"));
}
echo '<p><a href="?again">' . get_language_string(getOption('contactform_newmessagelink')) . '</a></p>';
} else {
if (count($error) <= 0) {
if (zp_loggedin()) {
$mailcontent = array('title' => '', 'name' => $_zp_current_admin_obj->getName(), 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'email' => $_zp_current_admin_obj->getEmail(), 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
if (getOption('zp_plugin_comment_form')) {
$raw = $_zp_current_admin_obj->getCustomData();
if (preg_match('/^a:[0-9]+:{/', $raw)) {
$address = unserialize($raw);
foreach ($address as $key => $field) {
$mailcontent[$key] = $field;
}
}
}
} else {
$mailcontent = array('title' => '', 'name' => '', 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'postal' => '', 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
}
}
echo get_language_string(getOption("contactform_introtext"));
if (getOption('contactform_sendcopy')) {
echo get_language_string(getOption("contactform_sendcopy_text"));
}
$_processing_post = false;
include getPlugin('contact_form/form.php', true);
}
}
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}
/**
* Returns the email addresses of the Admin with ADMIN_USERS rights
*
* @param bit $rights what kind of admins to retrieve
* @return array
*/
function getAdminEmail($rights = NULL)
{
if (is_null($rights)) {
$rights = ADMIN_RIGHTS;
}
$emails = array();
$admins = $this->getAdministrators();
foreach ($admins as $user) {
if ($user['rights'] & $rights && is_valid_email_zp($user['email'])) {
$name = $user['name'];
if (empty($name)) {
$name = $user['user'];
}
$emails[$name] = $user['email'];
}
}
return $emails;
}
static function post_processor()
{
global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
//Handle registration
if (isset($_POST['username']) && !empty($_POST['username'])) {
$_notify = 'honeypot';
// honey pot check
}
if (getOption('register_user_captcha')) {
if (isset($_POST['code'])) {
$code = sanitize($_POST['code'], 3);
$code_ok = sanitize($_POST['code_h'], 3);
} else {
$code = '';
$code_ok = '';
}
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$_notify = 'invalidcaptcha';
}
}
$admin_n = trim(sanitize($_POST['admin_name']));
if (empty($admin_n)) {
$_notify = 'incomplete';
}
if (isset($_POST['admin_email'])) {
$admin_e = trim(sanitize($_POST['admin_email']));
} else {
$admin_e = trim(sanitize($_POST['user'], 0));
}
if (!is_valid_email_zp($admin_e)) {
$_notify = 'invalidemail';
}
$pass = trim(sanitize($_POST['pass'], 0));
$user = trim(sanitize($_POST['user'], 0));
if (empty($pass)) {
$_notify = 'empty';
} else {
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
$currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
if (is_object($currentadmin)) {
$_notify = 'exists';
} else {
if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) {
$_notify = 'dup_email';
}
}
if (empty($_notify)) {
$userobj = $_zp_authority->newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$userobj->setPass($pass);
$userobj->setName($admin_n);
$userobj->setEmail($admin_e);
$userobj->setRights(0);
$userobj->setObjects(NULL);
$userobj->setGroup('');
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
if (extensionEnabled('userAddressFields')) {
$addresses = getOption('register_user_address_info');
$userinfo = register_user::getUserInfo(0);
$_comment_form_save_post = serialize($userinfo);
if ($addresses == 'required') {
if (!isset($userinfo['street']) || empty($userinfo['street'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the street field.');
}
if (!isset($userinfo['city']) || empty($userinfo['city'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the city field.');
}
if (!isset($userinfo['state']) || empty($userinfo['state'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the state field.');
}
if (!isset($userinfo['country']) || empty($userinfo['country'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the country field.');
}
if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the postal code field.');
}
}
zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
userAddressFields::setCustomData($userobj, $userinfo);
}
zp_apply_filter('register_user_registered', $userobj);
if ($userobj->transient) {
if (empty($_notify)) {
$_notify = 'filter';
}
} else {
$userobj->save();
if (MOD_REWRITE) {
$verify = '?verify=';
} else {
$verify = '&verify=';
}
$_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
$_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
$_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
if (empty($_notify)) {
$_notify = 'accepted';
}
}
}
} else {
$_notify = 'mismatch';
}
} else {
$_notify = 'incomplete';
}
}
}
/**
* Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail adress and website url and also supports Captcha.
* The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed.
*
*/
function printContactForm()
{
global $_zp_UTF8, $_zp_captcha;
$error = array();
if (isset($_POST['sendmail'])) {
$mailcontent = array();
$mailcontent['title'] = getField('title');
$mailcontent['name'] = getField('name');
$mailcontent['company'] = getField('company');
$mailcontent['street'] = getField('street');
$mailcontent['city'] = getField('city');
$mailcontent['country'] = getField('country');
$mailcontent['email'] = getField('email');
$mailcontent['website'] = getField('website');
$mailcontent['phone'] = getField('phone');
$mailcontent['subject'] = getField('subject');
$mailcontent['message'] = getField('message', 1);
// if you want other required fiels or less add/modify their checks here
if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) {
$error[1] = gettext("a <strong>title</strong>");
}
if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) {
$error[2] = gettext("a <strong>name</strong>");
}
if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) {
$error[3] = gettext("a <strong>company</strong>");
}
if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) {
$error[4] = gettext("a <strong>street</strong>");
}
if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) {
$error[5] = gettext("a <strong>city</strong>");
}
if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) {
$error[6] = gettext("a <strong>country</strong>");
}
if (getOption('contactform_email') == "required" && empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email'])) {
$error[7] = gettext("a <strong>valid email adress</strong>");
}
if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) {
$error[8] = gettext('a <strong>website</strong>');
} else {
if (!empty($mailcontent['website'])) {
if (substr($mailcontent['website'], 0, 7) != "http://") {
$mailcontent['website'] = "http://" . $mailcontent['website'];
}
}
}
if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) {
$error[9] = gettext("a <strong>phone number</strong>");
}
if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) {
$error[10] = gettext("a <strong>subject</strong>");
}
if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) {
$error[11] = gettext("a <strong>message</strong>");
}
// captcha start
if (getOption("contactform_captcha")) {
$code_ok = trim($_POST['code_h']);
$code = trim($_POST['code']);
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$error[5] = gettext("<strong>the correct captcha verification code</strong>");
}
// no ticket
}
// captcha end
// If required fields are empty or not valide print note
if (count($error) != 0) {
echo gettext("<p style='color:red'>Please enter ");
$count = 0;
foreach ($error as $err) {
$count++;
if (count($error) > 1) {
$separator = ", ";
}
echo $err;
if ($count != count($error)) {
if ($count === count($error) - 1) {
$separator = gettext(" and ");
}
echo $separator;
}
}
echo gettext(". Thanks.</p>");
} else {
$mailaddress = $mailcontent['email'];
$name = $mailcontent['name'];
$headers = 'From: ' . $mailaddress . '' . "\r\n";
//$headers .= 'Cc: '.$mailaddress.''."\r\n"; // somehow does not work on all servers!
$subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")";
$message = $mailcontent['message'] . "\n";
if (!empty($mailcontent['title'])) {
$message .= $mailcontent['title'];
}
if (!empty($mailcontent['name'])) {
$message .= $mailcontent['name'] . "\n";
}
if (!empty($mailcontent['company'])) {
$message .= $mailcontent['company'] . "\n";
}
if (!empty($mailcontent['street'])) {
$message .= $mailcontent['street'] . "\n";
}
if (!empty($mailcontent['city'])) {
$message .= $mailcontent['city'] . "\n";
}
if (!empty($mailcontent['country'])) {
$message .= $mailcontent['country'] . "\n";
}
if (!empty($mailcontent['email'])) {
$message .= $mailcontent['email'] . "\n";
}
if (!empty($mailcontent['phone'])) {
$message .= $mailcontent['phone'] . "\n";
}
if (!empty($mailcontent['website'])) {
$message .= $mailcontent['website'] . "\n";
}
$message .= "\n\n";
echo getOption("contactform_confirmtext");
?>
<div>
<form id="confirm" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8" style="float: left">
<input type="hidden" id="confirm" name="confirm" value="confirm" />
<input type="hidden" id="subject" name="subject" value="<?php
echo $subject;
?>
" />
<input type="hidden" id="message" name="message" value="<?php
echo $message;
?>
" />
<input type="hidden" id="headers" name="headers" value="<?php
echo $headers;
?>
" />
<input type="hidden" id="mailaddress" name="mailaddress" value="<?php
echo $mailaddress;
?>
" />
<input type="submit" value="<?php
echo gettext("Confirm");
?>
" />
</form>
<form id="discard" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8">
<input type="hidden" id="discard" name="discard" value="discard" />
<input type="submit" value="<?php
echo gettext("Discard");
?>
" />
</form>
</div>
<?php
}
}
if (isset($_POST['confirm'])) {
$subject = sanitize($_POST['subject']);
$message = sanitize($_POST['message'], 1);
$headers = sanitize($_POST['headers']);
$mailaddress = sanitize($_POST['mailaddress']);
$_zp_UTF8->send_mail(getOption("contactform_mailaddress") . "," . $mailaddress, $subject, $message, $headers);
echo getOption("contactform_thankstext");
}
if (count($error) <= 0) {
$mailcontent = array();
$mailcontent['title'] = '';
$mailcontent['name'] = '';
$mailcontent['company'] = '';
$mailcontent['street'] = '';
$mailcontent['city'] = '';
$mailcontent['country'] = '';
$mailcontent['email'] = '';
$mailcontent['website'] = '';
$mailcontent['phone'] = '';
$mailcontent['subject'] = '';
$mailcontent['message'] = '';
}
if (count($error) > 0 || !isset($_POST['sendmail'])) {
echo getOption("contactform_introtext");
include SERVERPATH . "/" . ZENFOLDER . "/plugins/contact_form/form.php";
}
}
/**
* Parses the verification and registration if they have occurred
* places the user registration form
*
* @param string $thanks the message shown on successful registration
*/
function printRegistrationForm($thanks = NULL)
{
global $notify, $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery_page, $_zp_gallery;
require_once dirname(dirname(__FILE__)) . '/admin-functions.php';
$userobj = NULL;
// handle any postings
if (isset($_GET['verify'])) {
$currentadmins = $_zp_authority->getAdministrators();
$params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.')));
$userobj = $_zp_authority->getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1));
if ($userobj->getEmail() == $params['email']) {
if (!$userobj->getRights()) {
$userobj->setCredentials(array('registered', 'user', 'email'));
$rights = getOption('register_user_user_rights');
$group = NULL;
if (!is_numeric($rights)) {
// a group or template
$admin = $_zp_authority->getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0));
if ($admin) {
$userobj->setObjects($admin->getObjects());
if ($admin->getName() != 'template') {
$group = $rights;
}
$rights = $admin->getRights();
} else {
$rights = NO_RIGHTS;
}
}
$userobj->setRights($rights | NO_RIGHTS);
$userobj->setGroup($group);
zp_apply_filter('register_user_verified', $userobj);
$notify = false;
if (getOption('register_user_notify')) {
$notify = zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
}
if (empty($notify)) {
if (getOption('register_user_create_album')) {
$userobj->createPrimealbum();
}
$notify = 'verified';
$_POST['user'] = $userobj->getUser();
}
$userobj->save();
} else {
$notify = 'verified';
}
} else {
$notify = 'not_verified';
// User ID no longer exists
}
}
if (isset($_POST['register_user'])) {
if (getOption('register_user_captcha')) {
if (isset($_POST['code'])) {
$code = sanitize($_POST['code'], 3);
$code_ok = sanitize($_POST['code_h'], 3);
} else {
$code = '';
$code_ok = '';
}
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$notify = 'invalidcaptcha';
}
}
$admin_n = trim(sanitize($_POST['admin_name']));
if (empty($admin_n)) {
$notify = 'incomplete';
}
if (isset($_POST['admin_email'])) {
$admin_e = trim(sanitize($_POST['admin_email']));
} else {
$admin_e = trim(sanitize($_POST['adminuser']));
}
if (!is_valid_email_zp($admin_e)) {
$notify = 'invalidemail';
}
$pass = trim(sanitize($_POST['adminpass']));
$user = trim(sanitize($_POST['adminuser']));
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim(sanitize($_POST['adminpass_2']))) {
$currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
if (is_object($currentadmin)) {
$notify = 'exists';
}
if (empty($notify)) {
$notify = $_zp_authority->validatePassword($pass);
// test for valid password
if (empty($notify)) {
$userobj = $_zp_authority->newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$userobj->setPass($pass);
$userobj->setName($admin_n);
$userobj->setEmail($admin_e);
$userobj->setRights(0);
$userobj->setObjects(NULL);
$userobj->setGroup('');
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
zp_apply_filter('register_user_registered', $userobj);
if ($userobj->transient) {
if (empty($notify)) {
$notify = 'filter';
}
} else {
$userobj->save();
$link = rewrite_path(FULLWEBPATH . '/page/' . substr($_zp_gallery_page, 0, -4) . '?verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), false);
$message = sprintf(get_language_string(getOption('register_user_text')), $link);
$notify = zp_mail(get_language_string(gettext('Registration confirmation')), $message, array($user => $admin_e));
if (empty($notify)) {
$notify = 'accepted';
}
}
}
}
} else {
$notify = 'mismatch';
}
} else {
$notify = 'incomplete';
}
}
if (zp_loggedin()) {
if (isset($_GET['userlog']) && $_GET['userlog'] == 1) {
echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">';
} else {
echo '<div class="errorbox fade-message">';
echo '<h2>' . gettext("you are already logged in.") . '</h2>';
echo '</div>';
}
return;
}
if (!empty($notify)) {
if ($notify == 'verified' || $notify == 'accepted') {
?>
<div class="Messagebox fade-message">
<p>
<?php
if ($notify == 'verified') {
if (is_null($thanks)) {
$thanks = gettext("Thank you for registering.");
}
echo $thanks;
} else {
echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.');
}
?>
</p>
</div>
<?php
if ($notify == 'verified') {
require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php';
?>
<p><?php
echo gettext('You may now log onto the site.');
?>
</p>
<?php
printPasswordForm('', false, true, WEBPATH . '/' . ZENFOLDER . '/admin.php');
}
$notify = 'success';
} else {
echo '<div class="errorbox fade-message">';
echo '<h2>' . gettext("Registration failed.") . '</h2>';
echo '<p>';
switch ($notify) {
case 'exists':
printf(gettext('The user ID <em>%s</em> is already in use.'), $admin_e);
break;
case 'mismatch':
echo gettext('Your passwords did not match.');
break;
case 'incomplete':
echo gettext('You have not filled in all the fields.');
break;
case 'notverified':
echo gettext('Invalid verification link.');
break;
case 'invalidemail':
echo gettext('Enter a valid email address.');
break;
case 'invalidcaptcha':
echo gettext('The CAPTCHA you entered was not correct.');
break;
case 'not_verified':
echo gettext('Your registration request could not be completed.');
break;
case 'filter':
if (is_object($userobj) && !empty($userobj->msg)) {
echo $userobj->msg;
} else {
echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.');
}
break;
default:
echo $notify;
break;
}
echo '</p>';
echo '</div>';
}
}
if ($notify != 'success') {
$form = getPlugin('register_user/register_user_form.php', true);
require_once $form;
}
}
/**
*
* Handles the POSTing of a comment
* @return NULL|boolean
*/
function comment_form_handle_comment()
{
global $_zp_current_image, $_zp_current_album, $_zp_comment_stored, $_zp_current_article, $_zp_current_page, $_zp_HTML_cache;
$comment_error = 0;
$cookie = zp_getCookie('zenphoto_comment');
if (isset($_POST['comment']) && (!isset($_POST['username']) || empty($_POST['username']))) {
// 'username' is a honey-pot trap
/*
* do not save the post page in the cache
* Also the cache should be cleared so that a new page is saved at the first non-comment posting viewing.
* But this has to wait until processing is finished to avoid race conditions.
*/
$_zp_HTML_cache->disable();
if (in_context(ZP_IMAGE)) {
$commentobject = $_zp_current_image;
$redirectTo = $_zp_current_image->getLink();
} else {
if (in_context(ZP_ALBUM)) {
$commentobject = $_zp_current_album;
$redirectTo = $_zp_current_album->getLink();
} else {
if (in_context(ZP_ZENPAGE_NEWS_ARTICLE)) {
$commentobject = $_zp_current_article;
$redirectTo = FULLWEBPATH . '/index.php?p=news&title=' . $_zp_current_article->getTitlelink();
} else {
if (in_context(ZP_ZENPAGE_PAGE)) {
$commentobject = $_zp_current_page;
$redirectTo = FULLWEBPATH . '/index.php?p=pages&title=' . $_zp_current_page->getTitlelink();
} else {
$commentobject = NULL;
$error = gettext('Comment posted on unknown page!');
}
}
}
}
if (is_object($commentobject)) {
if (isset($_POST['name'])) {
$p_name = sanitize($_POST['name'], 3);
} else {
$p_name = NULL;
}
if (isset($_POST['email'])) {
$p_email = sanitize($_POST['email'], 3);
if (!is_valid_email_zp($p_email)) {
$p_email = NULL;
}
} else {
$p_email = NULL;
}
if (isset($_POST['website'])) {
$p_website = sanitize($_POST['website'], 3);
if ($p_website && strpos($p_website, 'http') !== 0) {
$p_website = 'http://' . $p_website;
}
if (!isValidURL($p_website)) {
$p_website = NULL;
}
} else {
$p_website = NULL;
}
if (isset($_POST['comment'])) {
$p_comment = sanitize($_POST['comment'], 1);
} else {
$p_comment = '';
}
$p_server = getUserIP();
if (isset($_POST['code'])) {
$code1 = sanitize($_POST['code'], 3);
$code2 = sanitize($_POST['code_h'], 3);
} else {
$code1 = '';
$code2 = '';
}
$p_private = isset($_POST['private']);
$p_anon = isset($_POST['anon']);
$commentadded = $commentobject->addComment($p_name, $p_email, $p_website, $p_comment, $code1, $code2, $p_server, $p_private, $p_anon, serialize(getCommentAddress(0)));
$comment_error = $commentadded->getInModeration();
$_zp_comment_stored = array('name' => $commentadded->getName(), 'email' => $commentadded->getEmail(), 'website' => $commentadded->getWebsite(), 'comment' => $commentadded->getComment(), 'saved' => isset($_POST['remember']), 'private' => $commentadded->getPrivate(), 'anon' => $commentadded->getAnon(), 'custom' => $commentadded->getCustomData());
if ($comment_error) {
$error = $commentadded->comment_error_text;
$comment_error++;
} else {
$_zp_HTML_cache->clearHtmlCache();
$error = NULL;
if (isset($_POST['remember'])) {
// Should always re-cookie to update info in case it's changed...
$_zp_comment_stored['comment'] = '';
// clear the comment itself
zp_setCookie('zenphoto_comment', serialize($_zp_comment_stored));
} else {
zp_clearCookie('zenphoto_comment');
}
//use $redirectTo to send users back to where they came from instead of booting them back to the gallery index. (default behaviour)
if (!isset($_SERVER['SERVER_SOFTWARE']) || strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft-iis') === false) {
// but not for Microsoft IIS because that server fails if we redirect!
header('Location: ' . $redirectTo . '#zp_comment_id_' . $commentadded->getId());
exitZP();
}
}
}
return $error;
} else {
if (!empty($cookie)) {
$cookiedata = getSerializedArray($cookie);
if (count($cookiedata) > 1) {
$_zp_comment_stored = $cookiedata;
}
}
}
return false;
}
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a comment object
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code CAPTCHA code entered
* @param string $code_ok CAPTCHA hash expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @param bit $check bitmask of which fields must be checked. If set overrides the options
* @return object
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $check = false)
{
global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold;
if ($check === false) {
$whattocheck = 0;
if (getOption('comment_email_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED;
}
if (getOption('comment_name_required')) {
$whattocheck = $whattocheck | COMMENT_NAME_REQUIRED;
}
if (getOption('comment_web_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_WEB_REQUIRED;
}
if (getOption('Use_Captcha')) {
$whattocheck = $whattocheck | USE_CAPTCHA;
}
if (getOption('comment_body_requiired')) {
$whattocheck = $whattocheck | COMMENT_BODY_REQUIRED;
}
if (getOption('email_new_comments')) {
$whattocheck = $whattocheck | COMMENT_SEND_EMAIL;
}
} else {
$whattocheck = $check;
}
$type = $receiver->table;
$class = get_class($receiver);
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
$receiverid = $receiver->id;
$goodMessage = 2;
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$commentobj = new Comment();
$commentobj->transient = false;
// otherwise we won't be able to save it....
$commentobj->setOwnerID($receiverid);
$commentobj->setName($name);
$commentobj->setEmail($email);
$commentobj->setWebsite($website);
$commentobj->setComment($comment);
$commentobj->setType($type);
$commentobj->setIP($ip);
$commentobj->setPrivate($private);
$commentobj->setAnon($anon);
$commentobj->setInModeration(0);
if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) {
$commentobj->setInModeration(-2);
$commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) {
$commentobj->setInModeration(-3);
$commentobj->comment_error_text .= ' ' . gettext("You must enter your name.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) {
$commentobj->setInModeration(-4);
$commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL.");
$goodMessage = false;
}
if ($whattocheck & USE_CAPTCHA) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$commentobj->setInModeration(-5);
$commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed.");
$goodMessage = false;
}
}
if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) {
$commentobj->setInModeration(-6);
$commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text.");
$goodMessage = false;
}
$moderate = 0;
if ($goodMessage && !(false === ($requirePath = getPlugin('spamfilters/' . internalToFilesystem(getOption('spam_filter')) . ".php")))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, $receiver, $ip);
switch ($goodMessage) {
case 0:
$commentobj->setInModeration(2);
$commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$goodMessage = false;
break;
case 1:
$_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), getOption('spam_filter'));
$commentobj->comment_error_text .= $_zp_comment_on_hold;
$commentobj->setInModeration(1);
$moderate = 1;
break;
case 2:
$commentobj->setInModeration(0);
break;
}
}
$localerrors = $commentobj->getInModeration();
zp_apply_filter('comment_post', $commentobj, $receiver);
if ($check === false) {
// ignore filter provided errors if caller is supplying the fields to check
$localerrors = $commentobj->getInModeration();
}
if ($goodMessage && $localerrors >= 0) {
// Update the database entry with the new comment
$commentobj->save();
// add to comments array and notify the admin user
if (!$moderate) {
$receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData());
}
$class = strtolower(get_class($receiver));
switch ($class) {
case "album":
$url = "album=" . pathurlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your album "%1$s".'), $receiver->name);
} else {
$action = sprintf(gettext('A comment has been posted on your album "%1$s".'), $receiver->name);
}
break;
case "zenpagenews":
$url = "p=news&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your article "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your article "%1$s".'), $receiver->getTitlelink());
}
break;
case "zenpagepage":
$url = "p=pages&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your page "%1$s".'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your page "%1$s".'), $receiver->getTitlelink());
}
break;
default:
// all image types
$url = "album=" . pathurlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
} else {
$action = sprintf(gettext('A comment has been posted on your image "%1$s" in the album "%2$s".'), $receiver->getTitle(), $receiver->getAlbumName());
}
break;
}
if ($whattocheck & COMMENT_SEND_EMAIL) {
$message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/admin-comments.php?page=editcomment&id=' . $commentobj->id);
$emails = array();
$admin_users = $_zp_authority->getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone with full rights
if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
if ($type === "images" or $type === "albums") {
// mail to album admins
$id = $ur_album->getAlbumID();
$sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type`="album"';
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$id = $anadmin['adminid'];
if (array_key_exists($id, $admin_users)) {
$admin = $admin_users[$id];
if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
}
$on = gettext('Comment posted');
$gallery = new Gallery();
$result = zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails);
if ($result) {
$commentobj->setInModeration(-12);
$commentobj->comment_error_text = $result;
}
}
}
return $commentobj;
}
