/**
* An html form triggers an update via form submit (POST). The function updates data of a specific comment and
* displays a message in the result page.
*
* @param StdClass $args
* @param ReadOnlyObject $action
* @param ReadWriteObject $mem_redirect
* @param ReadWriteObject $mem_resend
* @return false (in case of a failure) or string pointing to a page that displays a single comment
*/
public function updateCallback(StdClass $args, ReadOnlyObject $action, ReadWriteObject $mem_redirect, ReadWriteObject $mem_resend)
{
$errors = $this->model->checkUpdate($args->post);
if (count($errors) > 0) {
$mem_redirect->post = $args->post;
$mem_redirect->errors = $errors;
return false;
}
$a = $this->model->getSingle($args->post['id']);
$c = $a[0];
$msg = "Updating comment #" . $args->post['id'] . " previous where=" . $c->TextWhere . " previous text=" . $c->TextFree . " previous Quality=" . $c->Quality;
MOD_log::get()->write($msg, 'AdminComments');
$update = $this->model->update($c, $args->post);
if ($args->post['subset'] == 'from') {
$mem_redirect->comments = $this->model->getFrom($this->route_vars['id']);
} else {
if ($args->post['subset'] == 'to') {
$mem_redirect->comments = $this->model->getTo($this->route_vars['id']);
} else {
$mem_redirect->comments = $this->model->getSubset($args->post['subset']);
}
}
$this->setFlashNotice("Updated comment of " . $args->post['nameFrom'] . " about " . $args->post['nameTo'] . ".");
return $this->router->url('admin_comments_list_single', array('id' => $args->post['id']), false);
}
public function index()
{
$vw = new ViewWrap($this->_view);
$P = PVars::getObj('page');
$request = PRequest::get()->request;
if (!isset($request[1])) {
$request[1] = '';
}
$TDonationArray = false;
$error = false;
$sub = '';
$sub = $request[1];
// static pages
switch ($request[1]) {
case 'done':
$error = $this->_model->returnFromPayPal();
$TDonationArray = $this->_model->getDonations();
break;
case 'cancel':
if (isset($_SESSION["PaypalBW_key"])) {
// Log to track wrong donation
MOD_log::get()->write("Donation cancelled [\$_SESSION[\"PaypalBW_key\"]=" . $_SESSION["PaypalBW_key"] . "]", "Donation");
break;
}
default:
$TDonationArray = $this->_model->getDonations();
break;
}
$P->content .= $vw->donate($sub, $TDonationArray, $error);
// teaser content
$P->teaserBar .= $vw->ShowSimpleTeaser('Donate', $TDonationArray);
// submenu
$P->subMenu .= $vw->submenu($sub);
// User bar on the left
$P->newBar .= $vw->donateBar($TDonationArray);
}
/**
* Returns true if member belongs to group volunteer
*
*/
public function returnFromPayPal()
{
/*
//The donation returns an url as the following
http://www.bewelcome.org/bw/donations2.php?action=done&tx=0ME24142PE152304A&st=Completed&amt=5.00&cc=EUR&cm=&item_number=&sig=hYUTlSOjBeJvNqfFqc%252fZbrBA4p6c%252fe6EErVp1w18eOBR96p6hzzenPysL%252bFVPZi8YEcONFovQmYn%252b6QF%252fBYoVhGMoaQJCxBQh%252bLAlC0TdgeScs1skk0%252bpY6SyoC%252fNCV1ou69zWRrhDrtsa4SUHibLD%252f1RwGg43iaZjPhB24I6lg%253d
*/
// save the first immediate return values
$tx = $tx_token = $_GET['tx'];
$payment_amount = $_GET['amt'];
$payment_currency = $_GET['cc'];
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-synch';
$auth_token = "token is not set";
if (isset($_SYSHCVOL['paypal_authtoken'])) {
$auth_token = $_SYSHCVOL['paypal_authtoken'];
}
$req .= "&tx={$tx_token}&at={$auth_token}";
/*
foreach ($_POST as $key => $value) {
$value = trim(urlencode(stripslashes($value)));
echo "_POST[", $key,"]=",$value,"<br />";
}
foreach ($_GET as $key => $value) {
$value = trim(urlencode(stripslashes($value)));
echo "_GET[", $key,"]=",$value,"<br />";
}
*/
// post back to PayPal system to validate
$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen('www.paypal.com', 80, $errno, $errstr, 30);
// If possible, securely post back to paypal using HTTPS
// Your PHP server will need to be SSL enabled
// $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
if (!$fp) {
MOD_log::get()->write("Failed to connect to paypal for return value while checking confirmation on paypal", "donation");
$error = "A problem occured while checking confirmation with paypal";
return $error;
} else {
fputs($fp, $header . $req);
// sending the query to paypal
// read the body data
$res = '';
$headerdone = false;
while (!feof($fp)) {
// while result not received
$line = fgets($fp, 1024);
// reading the result
if (strcmp($line, "\r\n") == 0) {
// read the header
$headerdone = true;
} else {
if ($headerdone) {
MOD_log::get()->write("Requesting paypal for confirmation (\$tx_token=" . $tx_token . ") [" . $line . "]", "donation");
// header has been read. now read the contents
$res .= $line;
}
}
}
// parse the data to read the return variables by paypal
$lines = explode("\n", $res);
$keyarray = array();
if (strcmp($lines[0], "SUCCESS") == 0) {
for ($i = 1; $i < count($lines); $i++) {
// Retrieve the parameters
if (strpos($lines[$i], "=")) {
list($key, $val) = explode("=", $lines[$i]);
}
$keyarray[urldecode($key)] = urldecode($val);
}
$ItsOK = true;
$txn_id = $keyarray['txn_id'];
if ($payment_amount != $keyarray['mc_gross']) {
// If amount differs we will not continue
$ItsOK = false;
MOD_log::get()->write("Problem for \$payment_amount expected=" . $payment_amount . " return par paypal confirmation=" . $keyarray['mc_gross'], "donation");
}
if ($payment_currency != $keyarray['mc_currency']) {
// If currency differs we will not continue
$ItsOK = false;
MOD_log::get()->write("Problem for \$payment_currency expected=" . $payment_currency . " return par paypal confirmation=" . $keyarray['mc_currency'], "donation");
}
if ($keyarray['txn_id'] != $tx) {
// If control code differs we will not continue
$ItsOK = false;
MOD_log::get()->write("Problem for txn_id expected=" . $tx . " return par paypal confirmation=" . $keyarray['txn_id'], "donation");
}
if (!$ItsOK) {
$error = "We detected a problem while checking the success of your donation on paypal";
return $error;
}
$IdMember = 0;
$IdCountry = 0;
// This values will remain if the user was not logged
if (isset($_SESSION["IdMember"])) {
$IdMember = $_SESSION["IdMember"];
$query = <<<SQL
SELECT geonames_cache.parentCountryId AS IdCountry
FROM members, addresses, geonames_cache
WHERE members.id={$IdMember}
AND geonames_cache.geonameid = addresses.IdCity
AND members.id = addresses.IdMember
AND addresses.rank = 0
SQL;
$result = $this->dao->query($query);
$m = $result->fetch(PDB::FETCH_OBJ);
$IdCountry = $m->IdCountry;
}
$referencepaypal = "ID #" . $keyarray['txn_id'] . " payment_status=" . $keyarray['payment_status'];
if ($keyarray['mc_currency'] == "USD") {
$payment_currency = "\$";
} else {
if ($keyarray['mc_currency'] == "EUR") {
$payment_currency = "€";
} else {
$payment_currency = $keyarray['mc_currency'];
}
}
$receiver_email = $keyarray['payer_email'];
// now test if this donation was allready registrated
$query = '
SELECT *
FROM donations
WHERE IdMember=' . $IdMember . '
AND referencepaypal LIKE "%' . $referencepaypal . '%"';
$result = $this->dao->query($query);
$rr = $result->fetch(PDB::FETCH_OBJ);
if (isset($rr->id)) {
// If a previous version was already existing, it means a double signup
MOD_log::get()->write("Same Donation Submited several times for " . $keyarray['mc_gross'] . $payment_currency . " by " . $keyarray['first_name'] . " " . $keyarray['last_name'] . "/" . $receiver_email . " status=" . $payment_status . " [expected" . $_SESSION["PaypalBW_key"] . " received=" . $tx . "]", "Donation");
$error = "Your donation is registrated only once , not need to submit twice ;-)";
return $error;
}
$memo = "";
if (isset($keyarray['memo'])) {
$memo = $keyarray['memo'];
}
$query = '
INSERT INTO `donations`
( `IdMember`,`Email`,`StatusPrivate`,`created`,`Amount`,`Money`,`IdCountry`,`namegiven`,`referencepaypal`,`membercomment`,`SystemComment` )
VALUES
(' . $IdMember . ',"' . $receiver_email . '","showamountonly",now(),' . $payment_amount . ',"' . $payment_currency . '",' . $IdCountry . ',"' . $keyarray["first_name"] . ' ' . $keyarray["last_name"] . '","' . $referencepaypal . '","","Via paypal' . ' ' . $keyarray["payment_status"] . ' ' . $memo . '")
';
$this->dao->exec($query);
MOD_log::get()->write("donation ID #" . $referencepaypal . " recorded", "donation");
fclose($fp);
return;
}
// end if verified
MOD_log::get()->write("can't find verified in paypal return information for ID #" . $tx . " recorded", "donation");
$error = "not verified";
return $error;
}
// enf if fp
}
public function index($args = false)
{
// First check if the feature is closed
if ($_SESSION["Param"]->RssFeedIsClosed != 'No') {
PPHP::PExit();
// To do find a better exit
break;
}
// end of test "if feature is closed"
$request = $args->request;
$model = new RssModel();
// $request[0] is 'rss', anyway. Don't need to do any ifs and switches for that.
if (isset($request[1])) {
$ss = "Querying RSS with ";
$ss = $ss . "[" . $request[1] . "]";
if (isset($request[2])) {
$ss = $ss . "[" . $request[2] . "]";
if (isset($request[3])) {
$ss = $ss . "[" . $request[3] . "]";
if (isset($request[4])) {
$ss = $ss . "[" . $request[4] . "]";
}
}
}
MOD_log::get()->write($ss, "rss");
}
switch (isset($request[1]) ? $request[1] : false) {
/**
* thread/tagid
* thread/tagname (TODO?)
*/
case 'thread':
case 'threads':
case 'forumthreads':
// request is ..bw.org/rss/thread, or ..bw.org/rss/thread/*
// check if $request[2] identifies a thread id.
if (!isset($request[2])) {
// can't show a thread rss, because the thread id is not given.
// show a global rss instead
$model->getForumFeed();
$page = new PageWithForumRSS();
} else {
if (!$model->getThreadFeed($request[2])) {
// an id (or name?) was given, but there is no thread with that id
$model->getForumFeed();
$page = new PageWithForumRSS();
} else {
//http://localhost/bw/htdocs/rss/thread/1
// cool, found one!!
//$model->getThreadFeed($request[2]);
$page = new PageWithThreadRSS();
}
}
break;
/**
* tag/tagid
* tag/tagname (TODO?)
*/
/**
* tag/tagid
* tag/tagname (TODO?)
*/
case 'tag':
case 'tags':
// request is ..bw.org/rss/tag, or ..bw.org/rss/tag/*
if (!isset($request[2])) {
// can't show a thread rss, because the thread id is not given.
// show a global rss instead
$model->getForumFeed();
$page = new PageWithForumRSS();
} else {
if (!$model->getTagFeed($request[2])) {
// no such tag found..
$model->getForumFeed();
$page = new PageWithForumRSS();
} else {
//$rss = $model->getTagFeed($request[2]);
$model->getTagFeed($request[2]);
$page = new PageWithTagRSS();
}
}
break;
/**
* blog
* blog/tag/tagid
* blog/tag/tagname
* blog/author/username
*/
/**
* blog
* blog/tag/tagid
* blog/tag/tagname
* blog/author/username
*/
case 'blog':
if (!isset($request[2])) {
$model->getBlogFeed();
} else {
switch ($request[2]) {
case 'tags':
if (!isset($request[3]) || !$model->getBlogFeedByTag($request[3])) {
// only happens when getBlogFeedByTag() doesn't come up with results
$model->getBlogFeed();
}
break;
default:
if (isset($request[3]) && $request[3] == 'cat') {
// in future: do nothing ;)
$model->getBlogFeed();
} else {
if (!$model->getBlogFeedByAuthor($request[2])) {
$model->getBlogFeed();
}
}
}
}
$page = new PageWithBlogRSS();
break;
case 'meeting':
case 'meetings':
if (!$model->getTagFeed($request[1])) {
$model->getForumFeed();
$page = new PageWithForumRSS();
} else {
$page = new PageWithTagRSS();
}
break;
default:
// request is ..bw.org/rss/*, but none of the above
$page = new RssOverviewPage();
}
//TODO: request[1] & request[2] exist = rss/thread/345, rss/tag/help or so
$page->setModel($model);
PVars::getObj('page')->output_done = true;
if (isset($args->get['debug']) && MOD_right::get()->hasRight('debug')) {
$page->debug = true;
}
return $page;
}
/**
*
* FIXME: IdCity is written both to the members and the address table!
* This is just imitating the strategy of bw/signup.php!
* JY Comment : wont fix, this redudancy is on purpose (this is so useful ...)
*
* This has NOT been executed:
* ALTER TABLE members
* MODIFY COLUMN `id` int( 11 ) NOT NULL COMMENT 'IdMember'
* As a result, we do NOT use
* '.$this->dao->nextId('members').',
*
*/
public function registerBWMember($vars)
{
// ********************************************************************
// members
// ********************************************************************
$query = '
INSERT INTO `members`
(
`Username`,
`IdCity`,
`Gender`,
`HideGender`,
`created`,
`BirthDate`,
`HideBirthDate`,
`Accomodation`
)
VALUES
(
\'' . $vars['username'] . '\',
' . $vars['geonameid'] . ',
\'' . $vars['gender'] . '\',
\'' . $vars['genderhidden'] . '\',
now(),
\'' . $vars['iso_date'] . '\',
\'' . $vars['agehidden'] . '\',
\'' . $vars['accommodation'] . '\'
)';
$members = $this->dao->query($query);
$memberID = $members->insertId();
$memberEntity = new Member($memberID);
$vars['password'] = $memberEntity->preparePassword($vars['password']);
$motherTongue = $this->createEntity('Language', $vars['mothertongue']);
$memberLanguageEntity = $this->createEntity('MemberLanguage');
$memberLanguageEntity->setSpokenLanguage($memberEntity, $motherTongue, 'MotherLanguage');
// Check if selected MotherTongue is in the list of translated languages and set it as preferred language
$model = new FlaglistModel();
$languages = $model->getLanguages();
$languageFilter = function ($lang) {
return function ($v) use($lang) {
return $v->id == $lang;
};
};
$filteredLanguages = array_filter($languages, $languageFilter($motherTongue->id));
if (!empty($filteredLanguages)) {
$update = "\r\n INSERT INTO\r\n memberspreferences\r\n SET\r\n IdMember = " . $memberEntity->id . ",\r\n IdPreference = 1,\r\n Value = " . $motherTongue->id;
$this->dao->query($update);
}
$memberEntity->update();
$memberEntity->setPassword($vars['password']);
// ********************************************************************
// e-mail, names/members
// ********************************************************************
$cryptedfieldsEmail = MOD_crypt::insertCrypted($vars['email'], "members.Email", $memberID, $memberID, "always");
$cryptedfieldsFirstname = MOD_crypt::insertCrypted($this->dao->escape(strip_tags($vars['firstname'])), "members.FirstName", $memberID, $memberID);
$cryptedfieldsSecondname = MOD_crypt::insertCrypted($this->dao->escape(strip_tags($vars['secondname'])), "members.SecondName", $memberID, $memberID);
$cryptedfieldsLastname = MOD_crypt::insertCrypted($this->dao->escape(strip_tags($vars['lastname'])), "members.LastName", $memberID, $memberID);
$query = '
UPDATE
`members`
SET
`Email`=' . $cryptedfieldsEmail . ',
`FirstName`=' . $cryptedfieldsFirstname . ',
`SecondName`=' . $cryptedfieldsSecondname . ',
`LastName`=' . $cryptedfieldsLastname . '
WHERE
`id` = ' . $memberID;
$this->dao->query($query);
// ********************************************************************
// address/addresses
// ********************************************************************
$query = '
INSERT INTO addresses
(
`IdMember`,
`IdCity`,
`HouseNumber`,
`StreetName`,
`Zip`,
`created`,
`Explanation`
)
VALUES
(
' . $memberID . ',
' . $vars['geonameid'] . ',
0,
0,
0,
now(),
0)';
$s = $this->dao->query($query);
if (!$s->insertId()) {
$vars['errors'] = array('inserror');
return false;
}
// ********************************************************************
// location (where Philipp would put it)
// ********************************************************************
$geomodel = new GeoModel();
if (!$geomodel->addGeonameId($vars['geonameid'], 'member_primary')) {
$vars['errors'] = array('geoinserterror');
return false;
}
// Only for bugtesting and backwards compatibility the geo-views in our DB
$CityName = "not found in cities view";
$geonameId = intval($vars['geonameid']);
$sqry = "\r\n SELECT\r\n name\r\n FROM\r\n geonames_cache\r\n WHERE\r\n geonameId = {$geonameId}\r\n ";
$qry = $this->dao->query($sqry);
if ($qry) {
$rr = $qry->fetch(PDB::FETCH_OBJ);
if (isset($rr->name)) {
$CityName = $rr->name;
} else {
MOD_log::get()->write("Signup bug [" . $sqry . "]" . " (With New Signup !)", "Signup");
}
}
MOD_log::get()->writeIdMember($memberID, "member <b>" . $vars['username'] . "</b> is signuping with success in city [" . $CityName . "] using language (" . $_SESSION["lang"] . " IdMember=#" . $memberID . " (With New Signup !)", "Signup");
return $memberID;
}
function setupBWSession($m)
{
$member_id = (int) $m->id;
// Set the session identifier
$_SESSION['IdMember'] = $m->id;
$_SESSION['Username'] = $m->Username;
$_SESSION['MemberStatus'] = $_SESSION['Status'] = $m->Status;
if ($_SESSION['IdMember'] != $m->id) {
// Check is session work of
$this->logout();
throw new PException('Login sanity check failed miserably!');
}
// end Check is session work of
$_SESSION['MemberCryptKey'] = crypt($m->PassWord, "rt");
// Set the key which will be used for member personal cryptation
$_SESSION['LogCheck'] = Crc32($_SESSION['MemberCryptKey'] . $m->id);
// Set the key for checking id and LohCheck (will be restricted in future)
if ($m->NbRemindWithoutLogingIn > 0) {
MOD_log::get()->write("This member was having a NbRemindWithoutLogingIn=" . $m->NbRemindWithoutLogingIn, "Login");
}
$this->dao->query("\r\nUPDATE\r\n members\r\nSET\r\n LogCount = LogCount+1,\r\n LastLogin = NOW(),\r\n NbRemindWithoutLogingIn = 0\r\n\r\nWHERE\r\n id = {$member_id}\r\n ");
// update the LastLogin date
// Load language prederence (IdPreference=1)
// todo: come up with interesting idea like ... using just ONE query to load preferences
if ($preference_language = $this->singleLookup("\r\nSELECT\r\n memberspreferences.Value AS language_id,\r\n ShortCode AS language_code\r\nFROM\r\n memberspreferences,\r\n languages,\r\n\tpreferences\r\nWHERE\r\n IdMember = {$member_id} AND\r\n memberspreferences.Value = languages.id AND\r\n IdPreference=preferences.id and preferences.CodeName='PreferenceLanguage'\r\n ")) {
$_SESSION['IdLanguage'] = $preference_language->language_id;
$_SESSION['lang'] = $preference_language->language_code;
}
if ($preference_PreferenceDayLight = $this->singleLookup("\r\nSELECT\r\n memberspreferences.Value\r\nFROM\r\n memberspreferences,\r\n\tpreferences\r\nWHERE\r\n IdMember = {$member_id} AND\r\n IdPreference=preferences.id and preferences.CodeName='PreferenceDayLight'\r\n ")) {
$_SESSION['PreferenceDayLight'] = $preference_PreferenceDayLight->Value;
}
if ($preference_PreferenceLocalTime = $this->singleLookup("\r\nSELECT\r\n memberspreferences.Value\r\nFROM\r\n memberspreferences,\r\n\tpreferences\r\nWHERE\r\n IdMember = {$member_id} AND\r\n IdPreference=preferences.id and preferences.CodeName='PreferenceLocalTime'\r\n ")) {
$_SESSION["TimeOffset"] = $preference_PreferenceLocalTime->Value;
}
// Process the login of the member according to his status
switch ($m->Status) {
case "Active":
case "ActiveHidden":
case "ChoiceInactive":
case "NeedMore":
case "Pending":
//if (HasRight("Words"))
// $_SESSION['switchtrans'] = "on"; // Activate switchtrans oprion if its a translator
break;
default:
throw new PException('SetupBWSession Weird Status!');
break;
}
}
/**
* index is called when http request = ./forums
* or during a new topic/edit of a group
*/
public function index($subforum = false)
{
if (PPostHandler::isHandling()) {
return;
}
// Determine the search callback and tell the view about it
$searchCallbackId = $this->searchProcess();
$view = $this->_view;
$view->searchCallbackId = $searchCallbackId;
$page = $view->page = new RoxGenericPage();
$request = $this->request;
if (isset($request[0]) && $request[0] != 'forums') {
// if this is a ./groups url get the group number if any
if ($request[0] == "groups" && isset($request[1])) {
$IdGroup = intval($request[1]);
}
$new_request = array();
$push = false;
foreach ($request as $r) {
if ($r == 'forums' or $r == 'forum') {
$push = true;
}
if ($push == true) {
array_push($new_request, $r);
}
}
$request = $new_request;
$page = $view->page = new PageWithHTMLpart();
}
// First check if the feature is closed
if ($_SESSION["Param"]->FeatureForumClosed != 'No' and !$this->BW_Right->HasRight("Admin")) {
$this->_view->showFeatureIsClosed();
PPHP::PExit();
}
// end of test "if feature is closed"
if (APP_User::isBWLoggedIn()) {
$User = APP_User::login();
} else {
$User = false;
}
$showSticky = true;
$this->parseRequest();
// set uri for correct links in group pages etc.
$view->uri = $this->uri;
$page->uri = $this->uri;
$view->BW_Right = $this->BW_Right;
$page->BW_Right = $this->BW_Right;
$this->_model->prepareForum($showSticky);
// first include the col2-stylesheet
$page->addStyles .= $view->customStyles();
$page->currentTab = 'forums';
// then the userBar
$page->newBar .= $view->getAsString('userBar');
// we can't replace this ob_start()
if ($this->action == self::ACTION_NOT_LOGGED_IN) {
$this->_redirectNotLoggedIn();
}
ob_start();
if ($this->action == self::ACTION_VOTE_POST) {
if (!isset($request[2])) {
die("Need to have a IdPost");
}
$IdPost = $request[2];
if (!isset($request[3])) {
die("Need to have a vote value");
}
$Value = $request[3];
$this->_model->VoteForPost($IdPost, $Value);
$this->_model->setThreadId($this->_model->GetIdThread($IdPost));
$this->isTopLevel = false;
$this->_model->prepareTopic(true);
$this->_view->showTopic();
} elseif ($this->action == self::ACTION_DELETEVOTE_POST) {
if (!isset($request[2])) {
die("Need to have a IdPost");
}
$IdPost = $request[2];
$this->_model->DeleteVoteForPost($IdPost);
$this->_model->setThreadId($this->_model->GetIdThread($IdPost));
$this->isTopLevel = false;
$this->_model->prepareTopic(true);
$this->_view->showTopic();
} elseif ($this->action == self::ACTION_MODERATOR_FULLEDITPOST) {
if (!isset($request[2])) {
die("Need to have a IdPost");
}
$IdPost = $request[2];
if (!$this->BW_Right->HasRight("ForumModerator", "Edit")) {
MOD_log::get()->write("Trying to edit post #" . $IdPost . " without proper right", "ForumModerator");
die("You miss right ForumModerator");
}
$callbackId = $this->ModeratorEditPostProcess();
$DataPost = $this->_model->prepareModeratorEditPost($IdPost);
$this->_view->showModeratorEditPost($callbackId, $DataPost);
PPostHandler::clearVars($callbackId);
} elseif ($this->action == self::ACTION_MODERATOR_EDITTAG) {
if (!isset($request[2])) {
die("Need to have a IdTag");
}
$IdTag = $request[2];
if (!$this->BW_Right->HasRight("ForumModerator", "Edit")) {
MOD_log::get()->write("Trying to edit Tag #" . $IdTag . " without proper right", "ForumModerator");
die("You miss right ForumModerator");
}
$callbackId = $this->ModeratorEditTagProcess();
$DataTag = $this->_model->prepareModeratorEditTag($IdTag);
$this->_view->showModeratorEditTag($callbackId, $DataTag);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_VIEW) {
if ($this->_model->isTopic()) {
$this->_model->prepareTopic(true);
$this->_view->showTopic();
} else {
if ($this->isTopLevel) {
$this->_model->setTopMode(Forums::CV_TOPMODE_LANDING);
$this->_model->prepareForum();
$onlymygroupscallbackId = $this->mygroupsonlyProcess();
$morelessthreadscallbackid = $this->morelessthreadsProcess();
$this->_view->showTopLevelLandingPage($onlymygroupscallbackId, $morelessthreadscallbackid);
PPostHandler::clearVars($onlymygroupscallbackId);
PPostHandler::clearVars($morelessthreadscallbackid);
} else {
$this->_model->prepareForum();
$this->_view->showForum();
}
}
} else {
if ($this->action == self::ACTION_VIEW_CATEGORY) {
$this->_view->showTopLevelCategories();
} else {
if ($this->action == self::ACTION_VIEW_LASTPOSTS) {
$callbackId = $this->mygroupsonlyProcess();
$this->_view->showTopLevelRecentPosts($callbackId);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_VIEW_LANDING) {
$callbackId = $this->mygroupsonlyProcess();
$this->_view->showTopLevelLandingPage($callbackId);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_VIEW_FORUM) {
$groupsCallback = false;
$member = $this->_model->getLoggedInMember();
if ($member && $member->Status != 'ChoiceInactive') {
$noForumNewTopicButton = false;
} else {
// Don't offer the new topic button to 'silent' members
$noForumNewTopicButton = true;
}
$this->_view->showTopLevelRecentPosts($groupsCallback, $noForumNewTopicButton);
} else {
if ($this->action == self::ACTION_VIEW_GROUPS) {
$callbackId = $this->mygroupsonlyProcess();
$this->_view->showTopLevelRecentPosts($callbackId, true);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_RULES) {
$this->_view->rules();
} else {
if ($this->action == self::ACTION_NEW) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if the user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User) {
PRequest::home();
}
if (isset($request[2]) and $request[2][0] == 'u') {
$IdGroup = substr($request[2], 1);
} else {
if (!isset($IdGroup)) {
$IdGroup = 0;
}
}
$this->_model->prepareForum();
$callbackId = $this->createProcess();
$this->_view->createTopic($callbackId, $IdGroup);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_REPORT_TO_MOD) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if the user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User) {
PRequest::home();
}
$callbackId = $this->reportpostProcess();
if (isset($request[2])) {
if ($request[2] == 'AllMyReport') {
$DataPost = $this->_model->prepareReportList($_SESSION["IdMember"], "");
// This retrieve all the reports for the current member
$this->_view->showReportList($callbackId, $DataPost);
} elseif ($request[2] == 'MyReportActive') {
$DataPost = $this->_model->prepareReportList($_SESSION["IdMember"], "('Open','OnDiscussion')");
// This retrieve the Active current pending report for the current member
$this->_view->showReportList($callbackId, $DataPost);
} elseif ($request[2] == 'AllActiveReports') {
if (!$this->BW_Right->HasRight("ForumModerator")) {
// if a non forum moderator tries to access this just pull the brakes
PPHP::PExit();
}
$DataPost = $this->_model->prepareReportList(0, "('Open','OnDiscussion')");
// This retrieve all the current Active pending report
$this->_view->showReportList($callbackId, $DataPost);
} else {
$IdPost = $request[2];
$IdWriter = $_SESSION["IdMember"];
if (!empty($request[3]) and $this->BW_Right->HasRight("ForumModerator")) {
$IdWriter = $request[3];
}
$DataPost = $this->_model->prepareModeratorEditPost($IdPost, $this->BW_Right->HasRight('ForumModerator'));
// We will use the same data as the one used for Moderator edit
if ($DataPost->Error == 'NoGroupMember') {
// if someone who isn't a member of the associated group
// tries to access this just pull the brakes
PPHP::PExit();
}
$DataPost->Report = $this->_model->prepareReportPost($IdPost, $IdWriter);
$this->_view->showReportPost($callbackId, $DataPost);
}
PPostHandler::clearVars($callbackId);
}
} else {
if ($this->action == self::ACTION_REPLY) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if teh user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User) {
PRequest::home();
}
$this->_model->prepareForum();
$this->_model->prepareTopic();
$this->_model->initLastPosts();
$callbackId = $this->replyProcess();
$this->_view->replyTopic($callbackId);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_SUGGEST) {
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($request[2])) {
PPHP::PExit();
}
$new_tags = $this->_model->suggestTags($request[2]);
echo $this->_view->generateClickableTagSuggestions($new_tags);
PPHP::PExit();
} else {
if ($this->action == self::ACTION_LOCATIONDROPDOWNS) {
// ignore current request, so we can use the last request
PRequest::ignoreCurrentRequest();
if (!isset($request[2])) {
PPHP::PExit();
}
echo $this->_view->getLocationDropdowns();
PPHP::PExit();
} else {
if ($this->action == self::ACTION_DELETE) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if the user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User || !$this->BW_Right->HasRight("ForumModerator", "Delete")) {
PRequest::home();
}
$this->delProcess();
} else {
if ($this->action == self::ACTION_EDIT) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if the user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User) {
PRequest::home();
}
$callbackId = $this->editProcess();
$this->_model->prepareForum();
$this->_model->getEditData($callbackId);
$this->_view->editPost($callbackId, false);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_TRANSLATE) {
if ($this->BW_Flag->hasFlag("NotAllowedToPostInForum")) {
// Test if the user has right for this, if not rough exit
MOD_log::get()->write("Forums.ctrl : Forbid to do action [" . $this->action . "] because of Flag " . "NotAllowedToPostInForum", "FlagEvent");
$words = new MOD_Words();
die($words->get('NotAllowedToPostInForum'));
}
if (!$User) {
PRequest::home();
}
$callbackId = $this->editProcess();
$this->_model->prepareForum();
$this->_model->getEditData($callbackId);
$this->_view->editPost($callbackId, true);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_MODEDIT) {
if (!$User) {
PRequest::home();
}
$callbackId = $this->editProcess();
$this->_model->prepareForum();
$this->_model->getEditData($callbackId);
$this->_view->ModeditPost($callbackId);
PPostHandler::clearVars($callbackId);
} else {
if ($this->action == self::ACTION_SEARCH_FORUMS) {
$this->_view->keyword = $request[2];
$this->_view->showSearchResultPage($request[2]);
PPostHandler::clearVars($searchCallbackId);
} else {
if ($this->action == self::ACTION_SEARCH_USERPOSTS) {
if (!isset($request[2])) {
PPHP::PExit();
}
$this->searchUserposts($request[2]);
} else {
if ($this->action == self::ACTION_SUBSCRIBE) {
if (!isset($request[2])) {
PPHP::PExit();
}
if ($request[2] == "thread") {
$this->SubscribeThread($request[3]);
}
if ($request[2] == "tag") {
$this->SubscribeTag($request[3]);
}
} else {
if ($this->action == self::ACTION_SEARCH_SUBSCRIPTION) {
/*
* Here the following syntax can be used :
* forums/subscriptions : allow current user to see his subscribtions
* forums/subscriptions/unsubscribe/thread/xxx/yyy : allow current user to unsubscribe from members_threads_subscribed.id xxx with key yyy
* forums/subscriptions/member/xxx : allow a forum moderator to see all subscribtions of member xxx
* forums/subscriptions/thread/xxx : allow a forum moderator to see all subscribers and subscribtions for thread xxx
* forums/subscribe/thread/xxx : subscribe to thread xxx
*/
$operation = "";
if (isset($request[2])) {
$operation = $request[2];
}
switch ($operation) {
case "enable":
if (isset($request[3])) {
switch ($request[3]) {
case 'thread':
$this->EnableThread($request[4]);
break;
case 'tag':
$this->EnableTag($request[4]);
break;
case 'group':
$this->EnableGroup($request[4]);
break;
}
} else {
$this->enableSubscriptions();
}
break;
case "disable":
if (isset($request[3])) {
switch ($request[3]) {
case 'tag':
$this->DisableTag($request[4]);
break;
case 'thread':
$this->DisableThread($request[4]);
break;
case 'group':
$this->DisableGroup($request[4]);
break;
}
} else {
$this->disableSubscriptions();
}
break;
case "subscribe":
if (isset($request[3]) and $request[3] == 'group') {
$this->SubscribeGroup($request[4]);
}
break;
case "unsubscribe":
switch ($request[3]) {
case 'thread':
$this->UnsubscribeThread($request[4], $request[5]);
break;
case 'tag':
$this->UnsubscribeTag($request[4], $request[5]);
break;
case 'group':
$this->UnsubscribeGroup($request[4]);
break;
}
break;
default:
$this->searchSubscriptions();
}
} else {
if (PVars::get()->debug) {
throw new PException('unexpected forum action!');
} else {
PRequest::home();
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
$page->content .= ob_get_contents();
ob_end_clean();
$page->newBar .= $view->getAsString('showCategoriesContinentsTagcloud');
$page->teaserBar .= $view->getAsString('teaser');
$page->render();
}
public function signupFormCallback($args, $action, $mem_redirect, $mem_resend)
{
//$mem_redirect->post = $vars;
foreach ($args->post as $key => $value) {
$_SESSION['SignupBWVars'][$key] = $value;
}
$StrLog = "Entering signupFormCallback ";
if (!empty($args->post["Username"])) {
$StrLog = $StrLog . " Username=[" . $args->post["Username"] . "]";
}
if (!empty($args->post["geonameid"])) {
$StrLog = $StrLog . " geonameid=[" . $args->post["geonameid"] . "]";
}
if (!empty($args->post["iso_date"])) {
$StrLog = $StrLog . " iso_date=[" . $args->post["iso_date"] . "]";
}
MOD_log::get()->write($StrLog, "Signup");
$vars = $_SESSION['SignupBWVars'];
$request = $args->request;
if (isset($request[1]) && $request[1] == '4') {
$model = new SignupModel();
$errors = $model->checkRegistrationForm($vars);
if (count($errors) > 0) {
// show form again
$_SESSION['SignupBWVars']['errors'] = $errors;
$mem_redirect->post = $vars;
return false;
}
$model->polishFormValues($vars);
if (!($idTB = $model->registerTBMember($vars))) {
// MyTB registration didn't work
} else {
// signup on MyTB successful, yeah.
$id = $model->registerBWMember($vars);
$_SESSION['IdMember'] = $id;
$vars['feedback'] .= $model->takeCareForNonUniqueEmailAddress($vars['email']);
$vars['feedback'] .= $model->takeCareForComputerUsedByBWMember();
$model->writeFeedback($vars['feedback']);
$View = new SignupView($model);
// TODO: BW 2007-08-19: $_SYSHCVOL['EmailDomainName']
// look at that ... a two years plus old todo :) ... and now four years plus :P
// finally 6 years and counting...
define('DOMAIN_MESSAGE_ID', 'bewelcome.org');
// TODO: config
$View->registerMail($vars, $id, $idTB);
$View->signupTeamMail($vars);
unset($_SESSION['IdMember']);
return 'signup/finish';
}
}
return false;
}
/**
* FIXME: more or less a copy from method GetStrParam($param, $defaultvalue)
* clean it up!
*
* FIXME: move to dedicated module or other place
*
* POST params are to be handled by platform PT library!
*
* @see /htdocs/bw/lib/FunctionsTools.php
*/
private function _getParam($param, $defaultValue = '')
{
if (isset($_GET[$param])) {
$m = $_GET[$param];
}
if (!isset($m)) {
return $defaultValue;
}
$m = mysql_real_escape_string($m);
$m = str_replace("\\n", "\n", $m);
$m = str_replace("\\r", "\r", $m);
if (stripos($m, " or ") !== false or stripos($m, " | ") !== false) {
$L = MOD_log::get();
$L->write("Warning! GetStrParam trying to use a <b>" . addslashes($m) . "</b> in a param {$param} for " . $_SERVER["PHP_SELF"], "alarm");
}
if (empty($m) and $m != "0") {
// a "0" string must return 0 for the House Number for exemple
return $defaultValue;
// Return defaultvalue if none
} else {
return $m;
// Return translated value
}
}
function logout()
{
if (isset($_SESSION['IdMember'])) {
MOD_log::get()->write("Logout in bwauth.lib.php", "Login");
// todo optimize periodically online table because it will be a gruyere
// remove from online list
$query = "delete from online where IdMember=" . $_SESSION['IdMember'];
$this->dao->query($query);
}
unset($_SESSION['IdMember']);
unset($_SESSION['IsVol']);
unset($_SESSION['Username']);
unset($_SESSION['MemberStatus']);
unset($_SESSION['Status']);
unset($_SESSION["stylesheet"]);
if (isset($_SESSION['Param'])) {
unset($_SESSION["Param"]);
}
if (isset($_SESSION['TimeOffset'])) {
unset($_SESSION["TimeOffset"]);
}
if (isset($_SESSION['PreferenceDayLight'])) {
unset($_SESSION["PreferenceDayLight"]);
}
if (isset($_SESSION['MemberCryptKey'])) {
unset($_SESSION['MemberCryptKey']);
}
if (isset($_SESSION['LogCheck'])) {
unset($_SESSION['LogCheck']);
}
foreach ($_SESSION as $key => $name) {
if (strpos($key, "RightLevel") !== false) {
unset($_SESSION[$key]);
}
if (strpos($key, "RightScope") !== false) {
unset($_SESSION[$key]);
}
if (strpos($key, "FlagLevel") !== false) {
unset($_SESSION[$key]);
}
// if (isset($_SESSION[$key])) print_r( $key ); echo " "; print_r( $name ); echo "<br />\n" ;
}
// die(0) ;
//$_SESSION = array() ; // Raz the session properly , beware not compatible with signup
parent::logout();
}
/**
* Sends a confirmation e-mail
*
* @param string $userId
*/
public function sendActivationMail(Member $member)
{
if (!$member) {
return false;
}
$words = new MOD_words();
$body = $words->get("SignupBodyActivationMail", $member->Firstname, $member->Secondname, $member->Lastname, PVars::getObj('env')->sitename, $member->Username);
// set the sender & receiver
$from = PVars::getObj('mailAddresses')->registration;
$to = $member->getEmailWithoutPermissionChecks();
// set the subject
$subject = $words->get('SignupSubjectActivationMail', PVars::getObj('env')->sitename);
// Use MOD_mail to create and send a message
$result = MOD_mail::sendEmail($subject, $from, $to, '', $body);
//Now check if Swift actually sends it
if (!$result) {
MOD_log::get()->write(" in signup view " . __FUNCTION__ . ": Failed to send a mail to [" . $to . "]", "signup");
}
return $result;
}
/**
* Check ip and cache the result in a session variable
*
* @access public
* @param string $ip
* @return int On how many DNS Blocklists does $ip figure
*/
public function checkIp($ip)
{
if (isset($_SESSION['dnsblock_' . $ip])) {
return intval($_SESSION['dnsblock_' . $ip]);
} elseif ($ip == "127.0.0.1") {
// never check localhost
return 0;
}
$ip_exploded = explode('.', $ip);
if (count($ip_exploded) != 4) {
// this was no ipv4 - ip, abort for now
return 0;
} else {
$ip_reverse = implode('.', array_reverse($ip_exploded));
$no_blocked = 0;
if (!isset($this->_dns_list) or empty($this->_dns_list)) {
MOD_log::get()->write("DNSBlock List is not set or empty. Not checking ...", "DNSBlock");
} else {
foreach ($this->_dns_list as $dns) {
if (checkdnsrr($ip_reverse . '.' . $dns, "A")) {
$no_blocked++;
}
}
MOD_log::get()->write("Ip {$ip} returns as blocked by {$no_blocked} servers", "DNSBlock");
}
$_SESSION['dnsblock_' . $ip] = $no_blocked;
return $no_blocked;
}
}
/**
* wrapper function for MOD_log::get()
*
* @access protected
* @return object
*/
protected function getLog()
{
return MOD_log::get();
}
/**
* Get list of Poppulated places matching $search
**/
public function getGeonamesHierarchy($search, $style, $lang = 'en')
{
if (strlen($search) <= 1) {
// Ignore too small queries
return '';
}
$google_conf = PVars::getObj('config_google');
if (!$google_conf || !$google_conf->geonames_webservice) {
throw new PException('Google config error!');
}
require_once SCRIPT_BASE . 'lib/misc/SPAF_Maps.class.php';
$spaf = new SPAF_Maps($search);
$spaf->setConfig('geonames_url', $google_conf->geonames_webservice_custom);
$spaf->setConfig('style', $style);
$spaf->setConfig('service', 'hierarchy?geonameId=');
$spaf->setConfig('lang', $lang);
//Try to get results - FIRST TIME
$count = 0;
$results = @$spaf->getResults();
while (!$results && ++$count <= 3) {
//Try to get results - ANOTHER TIME
if ($count == 1) {
// still didn't work, so use the commercial geonames webservice
$spaf->setConfig('geonames_url', $google_conf->geonames_webservice_fallback);
}
$spaf->results = false;
$results = @$spaf->getResults();
if ($count == 3 && !$results) {
// giving up
MOD_log::get()->write("Connection to geonames webservice failed! (free & commercial)", "Geo");
}
}
return $results;
}
/**
* Delete several selfuploaded pictures as loggedin owner or with gallery rights
*
* @access public
* @param Object $image Image to be deleted
* @return boolean
*/
public function deleteMultiple($images)
{
if (!($member = $this->getLoggedInMember())) {
return false;
}
$R = MOD_right::get();
$GalleryRight = $R->hasRight('Gallery');
foreach ($images as $image) {
if (!$image) {
return false;
}
if ($member->get_userid() == $this->imageGalleryOwner('image', $image) || $GalleryRight > 1) {
$image = $this->imageData($image);
// Log the deletion to prevent admin abuse
MOD_log::get()->write("Deleting multiple gallery items #" . $image->id . " filename: " . $image->file . " belonging to user: "******"Gallery");
$this->deleteThisImage($image);
} else {
return false;
}
}
}
/**
* this function cancels the vote for a given member
* @IdPoll is the id of the poll
* @$Email is the mandatory Email which must be provided for a not logged user (optional)
* @$IdMember id of the member (optional)
* returns true if the vote is cancelled
**/
function CancelVote($IdPoll, $Email = "", $IdMember = 0)
{
$rPoll = $this->singleLookup("select * from polls where id=" . $IdPoll);
if ($rPoll->Status == "Closed") {
MOD_log::get()->write("Cannot cancel vote from poll #" . $IdPoll . " which is closed", "polls");
return false;
}
if ($rPoll->CanChangeVote == "No") {
MOD_log::get()->write("Cannot cancel vote from poll #" . $IdPoll . " which doesn't allow to change vote", "polls");
return false;
}
$rContrib = array();
$wherefordelete = " (false==true) ";
// very important to avoid to delete all votes
if (!empty($IdMember)) {
$rr = $this->singleLookup("select * from polls_contributions where IdPoll=" . $IdPoll);
if (!isset($rr->id)) {
return false;
}
$wherefordelete = "IdMember='" . $IdMember . "'";
} elseif (!empty($Email)) {
$rr = $this->singleLookup("select * from polls_contributions where Email='" . $Email . "'");
if (!isset($rr->id)) {
return false;
}
$wherefordelete = "Email='" . $Email . "'";
}
$rContrib = $this->bulkLookup("select * from polls_record_of_choices where IdPoll=" . $IdPoll . " and " . $wherefordelete);
if ($rPoll->TypeOfChoice == 'Exclusive') {
for ($ii = 0; $ii < count($rContrib); $ii++) {
// In fact we should have just one record here
$ss = "update polls_choices set Counter=Counter-1 where id=" . $rContrib[$ii]->IdPollChoice;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote ');
}
}
$ss = "delete from polls_contributions where IdPoll=" . $IdPoll . " and " . $wherefordelete;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote (contribution)');
}
$ss = "delete from polls_record_of_choices where IdPollChoice=" . $IdPoll . " and " . $wherefordelete;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote (polls_record_of_choices)');
}
MOD_log::get()->write("Cancelling Exclusive vote from poll #" . $IdPoll . " for IdMember=#" . $IdMember . " " . $Email, "polls");
}
if ($rPoll->TypeOfChoice == 'Inclusive') {
for ($ii = 0; $ii < count($rContrib); $ii++) {
$ss = "update polls_choices set Counter=Counter-1 where id=" . $rContrib[$ii]->IdPollChoice;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote ');
}
}
$ss = "delete from polls_contributions where IdPoll=" . $IdPoll . " and " . $wherefordelete;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote (contribution)');
}
$ss = "delete from polls_record_of_choices where IdPollChoice=" . $IdPoll . " and " . $wherefordelete;
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to delete a vote (polls_record_of_choices)');
}
MOD_log::get()->write("Cancelling Inclusive vote from poll #" . $IdPoll . " for IdMember=#" . $IdMember . " " . $Email, "polls");
}
if ($rPoll->TypeOfChoice == 'Ordered') {
die("Delete of ordered votes not implemented");
}
return true;
}
private function CheckForCaptcha($fields)
{
if ($this->CaptchaNeeded($fields['sender_id'])) {
// if (($m->NbTrust<=0)or(HasFlag("RequireCaptchaForContact"))) {
if ($fields["c_verification"] != $_SESSION['ExpectedCaptchaValue']) {
MOD_log::get()->write("Captcha failed " . $fields["c_verification"] . " entered for " . $_SESSION['ExpectedCaptchaValue'] . " expected (MessagesModel::CheckForCaptcha)", "contactmember");
return false;
}
}
if (!empty($fields["c_verification"])) {
// In case the member has filled a captcha with success, log it
MOD_log::get()->write("Captcha success " . $fields["c_verification"] . " entered (MessagesModel::CheckForCaptcha)", "contactmember");
}
return true;
}
/**
* This functions is called daily by a cron job to ensure that data of members that asked to leave a year ago
* are removed from the database.
*
* The following is done for each member:
* - Collect all member trad IDs and delete the rows from the member trads table
* - set all ids to 0
* - delete row for this member from address
* - delete row for this member from user
* - delete all personal information
* - Set username to retired_xyz
*/
public function removeMembers()
{
$cryptedTable = PVars::getObj('syshcvol')->Crypted . "cryptedfields";
$entity = new Member();
$tableDescription = $entity->getTableDescription();
$columns = $entity->getColumns();
$tradIdFields = $entity->get_trads_fields();
$cryptedFields = $entity->get_crypted_fields();
$remainingColumns = array_diff($columns, $tradIdFields, $cryptedFields, array('id', 'Status', 'Username', 'password', 'Accomodation'));
$rawMembers = $this->pdoBulkLookup("\n SELECT\n id\n FROM\n members\n WHERE\n status = 'AskToLeave'\n AND Username NOT LIKE 'retired\\_%'\n AND LastLogin < CURDATE() - INTERVAL 1 YEAR\n ");
if (count($rawMembers) != 0) {
MOD_log::get()->write("Removing private data for " . count($rawMembers) . " members.", "Data Retention");
foreach ($rawMembers as $rawMember) {
$member = new Member($rawMember->id);
$username = $member->Username;
$newUsername = '******' . $member->id;
$member = $this->_removeCryptedInfo($member, $cryptedTable);
$member = $this->_removeProfileInfo($member, $tradIdFields);
$member = $this->_cleanupMembersTable($member, $remainingColumns, $tableDescription);
$member = $this->_cleanupMemberLanguages($member);
$member = $this->_updateUserTable($member, $newUsername);
$this->_removeProfilePictures($member);
$member->update();
MOD_log::get()->write("Removed private data for " . $username, "Data Retention");
}
MOD_log::get()->write("Removed private data for " . count($rawMembers) . " members.", "Data Retention");
}
return count($rawMembers);
}
/**
* This function allow to subscribe to a Tag
*
* @$IdTag : The Tag we want the user to subscribe to
* @$ParamIdMember optional IdMember, by default set to 0 in this case current logged member will be used
* It also check that member is not yet subscribing to Tag
*/
public function SubscribeTag($IdTag, $ParamIdMember = 0)
{
$IdMember = $ParamIdMember;
if (!empty($_SESSION["IdMember"]) and $IdMember == 0) {
$IdMember = $_SESSION["IdMember"];
}
// Check if there is a previous Subscription
if ($this->IsTagSubscribed($IdTag, $IdMember)) {
MOD_log::get()->write("Allready subscribed to IdTag=#" . $IdTag, "Forum");
return false;
}
$key = MD5(rand(100000, 900000));
$query = "insert into members_tags_subscribed(IdTag,IdSubscriber,UnSubscribeKey) values(" . $IdTag . "," . $IdMember . ",'" . $this->dao->escape($key) . "')";
$s = $this->dao->query($query);
if (!$s) {
throw new PException('Forum->SubscribeTag to IdTag=#' . $IdTag . ' failed !');
}
$IdSubscribe = mysql_insert_id();
MOD_log::get()->write("Subscribing to IdTag=#" . $IdTag . " IdSubscribe=#" . $IdSubscribe, "Forum");
}
public function passwordProcess()
{
$callbackId = PFunctions::hex2base64(sha1(__METHOD__));
if (PPostHandler::isHandling()) {
if (!($User = APP_User::login())) {
return false;
}
$vars =& PPostHandler::getVars();
$errors = array();
$messages = array();
$query = "select id from members where id=" . $_SESSION["IdMember"] . " and PassWord=PASSWORD('" . trim($vars['OldPassword']) . "')";
$qry = $this->dao->query($query);
$rr = $qry->fetch(PDB::FETCH_OBJ);
if (!$rr || !array_key_exists('id', $rr)) {
$errors[] = 'ChangePasswordInvalidPasswordError';
}
if (isset($vars['NewPassword']) && strlen($vars['NewPassword']) > 0) {
if (strlen($vars['NewPassword']) < 8) {
$errors[] = 'ChangePasswordPasswordLengthError';
}
if (isset($vars['ConfirmPassword'])) {
if (strlen(trim($vars['ConfirmPassword'])) == 0) {
$errors[] = 'ChangePasswordConfirmPasswordError';
} elseif (trim($vars['NewPassword']) != trim($vars['ConfirmPassword'])) {
$errors[] = 'ChangePasswordMatchError';
}
}
}
if (count($errors) > 0) {
$vars['errors'] = $errors;
return false;
}
if (isset($vars['NewPassword']) && strlen($vars['NewPassword']) > 0) {
// $pwenc = MOD_user::passwordEncrypt($vars['NewPassword']);
// $query = 'UPDATE `user` SET `pw` = \''.$pwenc.'\' WHERE `id` = '.(int)$User->getId();
$query = 'UPDATE `members` SET `PassWord` = PASSWORD(\'' . trim($vars['NewPassword']) . '\') WHERE `id` = ' . $_SESSION['IdMember'];
if ($this->dao->exec($query)) {
$messages[] = 'ChangePasswordUpdated';
$L = MOD_log::get();
$L->write("Password changed", "change password");
} else {
$errors[] = 'ChangePasswordNotUpdated';
}
}
$vars['errors'] = $errors;
$vars['messages'] = $messages;
return false;
} else {
PPostHandler::setCallback($callbackId, __CLASS__, __FUNCTION__);
return $callbackId;
}
}
/**
* this function inserts 2 new verified members (or replace the record if one from the same verifier exist for this member)
* @post is the post from the previous form
* nota a member cannot verified himself
**/
public function AddNewVerified($input)
{
$vars_all = $this->prepareVerificationData($input);
$result = array();
foreach ($vars_all as $vars) {
// accept both
if ($m = $this->singleLookup("SELECT id,Username from members where Status='Active' and id=" . $vars["IdMemberToVerify"])) {
$IdVerifiedMember = $m->id;
} else {
return false;
}
// return false if verification failed
$VerifierLevel = $this->sVerifierLevel($vars['IdVerifier']);
// echo "\$post=" ;print_r($post) ;
$AddressConfirmed = 'False';
$NameConfirmed = 'False';
if (isset($vars['NameConfirmed']) and $vars['NameConfirmed'] = 'on') {
$NameConfirmed = 'True';
}
if (isset($vars['AddressConfirmed']) and $vars['AddressConfirmed'] = 'on') {
$AddressConfirmed = 'True';
}
// Check if the current member has allready verified this one, if so it will be an update
$AllreadyVerified = $this->singleLookup("SELECT * from verifiedmembers where IdVerifier=" . $vars['IdVerifier'] . " and IdVerified=" . $IdVerifiedMember);
if (isset($AllreadyVerified->id)) {
// If the member was already verified : do an update
$ss = "update verifiedmembers set IdVerifier=" . $vars['IdVerifier'] . ",IdVerified=" . $IdVerifiedMember . ",AddressVerified='" . $AddressConfirmed . "',NameVerified='" . $NameConfirmed . "',Comment='" . mysql_real_escape_string(addslashes($vars["comment"])) . "',Type='" . $VerifierLevel . "' where id=" . $AllreadyVerified->id;
MOD_log::get()->write("Update Verify members " . $m->Username . " previous value comment[" . $AllreadyVerified->Comment . "] AddressVerified=" . $AllreadyVerified->AddressVerified . ",NameVerified=" . $AllreadyVerified->NameVerified, "VerifyMember");
} else {
$ss = "insert into verifiedmembers(created,IdVerifier,IdVerified,AddressVerified,NameVerified,Comment,Type) values(now()," . $vars['IdVerifier'] . "," . $IdVerifiedMember . ",'" . $AddressConfirmed . "','" . $NameConfirmed . "','" . mysql_real_escape_string(addslashes($vars["comment"])) . "','" . $VerifierLevel . "')";
MOD_log::get()->write("Has verify member " . $m->Username, "VerifyMember");
}
$s = $this->dao->query($ss);
if (!$s) {
throw new PException('Failed to verify member ' . $m->Username);
}
$result[] = $s;
}
if (!$result[0] || !$result[1]) {
return false;
} else {
return true;
}
}
/**
* decide which page to show.
* This method is called automatically
*/
public function index($args = false)
{
$User = APP_User::login();
// The user must be logged in
$request = $args->request;
$model = new PollsModel();
if (!isset($_SESSION['IdMember'])) {
$page = new MessagesMustloginPage();
$page->setRedirectURL(implode('/', $request));
return $page;
}
// print_r($args->post);
// look at the request.
switch (isset($request[1]) ? $request[1] : false) {
case 'listall':
$page = new PollsPage("", "listall", $model->LoadList(""));
break;
case 'create':
$page = new PollsPage("", "create");
break;
case 'listClose':
$page = new PollsPage("", "listClose", $model->LoadList("Close"));
break;
case 'listOpen':
$page = new PollsPage("", "listOpen", $model->LoadList("Open"));
break;
case 'listProject':
$page = new PollsPage("", "listProject", $model->LoadList("Project"));
break;
case 'cancelvote':
$IdPoll = isset($request[2]) ? $request[2] : false;
MOD_log::get()->write("Prepare to contribute cancel vote #" . $IdPoll, "polls");
if ($model->CancelVote($IdPoll, "", $_SESSION["IdMember"])) {
$page = new PollsPage("", "cancelvote");
} else {
$page = new PollsPage("", "votenotcancelable");
}
break;
case 'seeresults':
$IdPoll = isset($request[2]) ? $request[2] : false;
if ($Data = $model->GetPollResults($IdPoll)) {
$page = new PollsPage("", "seeresults", $Data);
} else {
$page = new PollsPage("", "resultsnotyetavailable");
}
break;
case 'contribute':
$IdPoll = isset($request[2]) ? $request[2] : false;
MOD_log::get()->write("Prepare to contribute to poll #" . $IdPoll, "polls");
if ($model->CanUserContribute($IdPoll)) {
$Data = $model->PrepareContribute($IdPoll);
$page = new PollsPage("", "contribute", $Data);
} else {
$page = new PollsPage("", "sorryyoucannotcontribute");
}
break;
case 'vote':
// a nice trick to get all the post args as local variables...
// they will all be prefixed by 'post_'
extract($args->post, EXTR_PREFIX_ALL, 'post');
$IdPoll = $post_IdPoll;
if ($model->CanUserContribute($IdPoll)) {
MOD_log::get()->write("Tryin to vote for poll #" . $IdPoll, "polls");
$Data = $model->AddVote($args->post, "", $_SESSION["IdMember"]);
$page = new PollsPage("", "votedone", $Data);
} else {
MOD_log::get()->write("Refusing vote for poll #" . $IdPoll, "polls");
$page = new PollsPage("", "probablyallreadyvote");
}
break;
case 'update':
$IdPoll = isset($request[2]) ? $request[2] : false;
$page = new PollsPage("", "showpoll", $model->LoadPoll($IdPoll));
break;
case 'doupdatepoll':
$IdPoll = $args->post["IdPoll"];
$model->UpdatePoll($args->post);
$page = new PollsPage("", "showpoll", $model->LoadPoll($IdPoll));
break;
case 'addchoice':
$IdPoll = $args->post["IdPoll"];
$model->AddChoice($args->post);
$page = new PollsPage("", "showpoll", $model->LoadPoll($IdPoll));
break;
case 'updatechoice':
$IdPoll = $args->post["IdPoll"];
$model->UpdateChoice($args->post);
$page = new PollsPage("", "showpoll", $model->LoadPoll($IdPoll));
break;
case 'createpoll':
MOD_log::get()->write("Creating a poll ", "polls");
$model->UpdatePoll($args->post);
$page = new PollsPage("", "listall", $model->LoadList("Project"));
break;
case false:
default:
case '':
// no request[1] was specified
$page = new PollsPage("", "", $model->LoadList("Open"));
// Without error
break;
}
// return the $page object,
// so the framework can call the "$page->render()" function.
return $page;
}
/**
* InsertInFTrad function
*
* This InsertInFTrad create a new translatable text in MemberTrad
* @$ss is for the content of the text
* @$TableColumn refers to the table and coilumn the trad is associated to
* @$IdRecord is the num of the record in this table
* @$_IdMember ; is the id of the member who own the record
* @$_IdLanguage
* @$IdTrad is probably useless (I don't remmber why I defined it)
*
*
* Warning : as default language this function will use by priority :
* 1) the content of $_IdLanguage if it is set to something else than -1
* 2) the content of an optional $_POST[IdLanguage] if it is set
* 3) the content of the current $_SESSION['IdLanguage'] of the current membr if it set
* 4) The default language (0)
*
* returns the id of the created trad
*
* Improvment: if the value is empty then nothing is inserted but 0 is returned
*
*
*
*/
function InsertInMTrad($ss, $TableColumn, $IdRecord, $_IdMember = 0, $_IdLanguage = -1, $IdTrad = -1)
{
if ($ss == "") {
// No need to insert an empty record in memberstrads
return 0;
}
if ($_IdMember == 0) {
// by default it is current member
$IdMember = $_SESSION['IdMember'];
} else {
$IdMember = $_IdMember;
}
if ($_IdLanguage == -1) {
$IdLanguage = $this->_langWrite;
} else {
$IdLanguage = $_IdLanguage;
}
$IdOwner = $IdMember;
$IdTranslator = $_SESSION['IdMember'];
// the recorded translator will always be the current logged member
if (strpos($ss, "\\'") !== false) {
$Sentence = $ss;
$page = "";
if (isset($_SERVER["PHP_SELF"])) {
$page = $_SERVER["PHP_SELF"];
}
MOD_log::get()->write("in module word->InsertInMTrad, for IdTrad=" . $IdTrad . " The sentence is already escaped with a quote page [" . $page . "]", "Bug");
} elseif (strpos($ss, '\\"') !== false) {
$Sentence = $ss;
$page = "";
if (isset($_SERVER["PHP_SELF"])) {
$page = $_SERVER["PHP_SELF"];
}
MOD_log::get()->write("in module word->InsertInMTrad, for IdTrad=" . $IdTrad . " The sentence is already escaped with a double quote page [" . $page . "]", "Bug");
} else {
$Sentence = $this->_dao->escape($ss);
}
$str = "LOCK TABLES memberstrads WRITE";
$s = $this->_dao->query($str);
// \todo: Check result?
if ($IdTrad <= 0) {
// Compute a new IdTrad
$s = $this->_dao->query("Select max(IdTrad) as maxi, min(IdTrad) as mini from memberstrads");
if (!$s) {
// Unlock table before throwing exception!
$this->_dao > query("UNLOCK TABLES");
throw new PException('Failed in InsertInMTrad searching Next max IdTrad');
}
$rr = $s->fetch(PDB::FETCH_OBJ);
if (isset($rr->maxi)) {
// get
$IdTrad = max(abs($rr->mini), $rr->maxi) + 1;
} else {
$IdTrad = 1;
}
}
$str = "insert into memberstrads(TableColumn,IdRecord,IdLanguage,IdOwner,IdTrad,IdTranslator,Sentence,created) ";
$str .= "Values('" . $TableColumn . "'," . $IdRecord . "," . $IdLanguage . "," . $IdOwner . "," . $IdTrad . "," . $IdTranslator . ",\"" . $Sentence . "\",now())";
$s = $this->_dao->query($str);
if (!$s) {
// Unlock table before throwing exception!
$this->_dao > query("UNLOCK TABLES");
throw new PException('Failed in InsertInMTrad inserting in membertrads');
}
// unlock membertrads table, the other table can be updated without lock.
$this->_dao->query("UNLOCK TABLES");
// update the IdTrad in the original table (if the TableColumn was given properly and the IdRecord too)
if (!empty($TableColumn) and !empty($Idrecord)) {
$table = explode(".", $TableColumn);
$str = "update " . $table[0] . " set " . $TableColumn . "=" . $IdTrad . " where " . $table[0] . ".id=" . $IdRecord;
$s = $this->_dao->query($str);
if (!$s) {
throw new PException('Failed in InsertInMTrad updating table column [%s]');
}
}
return $IdTrad;
}
/**
* sets a new password for this member
*
* @param string $pw - new password as string
* @param boolean $noisy used during data retention to avoid password changed logs
*
* @access public
* @return bool
*/
public function setPassword($pw, $noisy = true)
{
if (!$this->isLoaded()) {
return false;
}
$pw = $this->preparePassword($pw);
$query = "UPDATE `members` SET `PassWord` = PASSWORD('" . $pw . "') WHERE `id` = " . $this->id;
if ($this->dao->exec($query)) {
if ($noisy) {
$L = MOD_log::get();
$L->write("Password changed", "change password");
}
return true;
} else {
return false;
}
}
private function _checkIfMoreMembersThanEverAreOnline()
{
// TODO: does the table params and its idea really make sense???
// TODO: is this an appropriate place to do the check?
// Check, if a record (more members than ever before) is established
if (!($result = $this->dao->query("\r\nSELECT recordonline\r\nFROM params\r\n "))) {
// eek, something wrong with query..
} else {
if (!($row = $result->fetch(PDB::FETCH_OBJ))) {
// ok, nothing found.. what to do?
} else {
// check if this is a new record!
if ($this->howManyMembersOnline() > $row->recordonline) {
// more members than ever before are online!!
MOD_log::get()->write('New record established, ' . $_SESSION['WhoIsOnlineCount'] . ' members online!', 'Record');
$recordonline = $_SESSION['WhoIsOnlineCount'];
$this->dao->query("\r\nUPDATE params\r\nSET recordonline = {$recordonline}\r\n ");
}
}
}
}