/**
* Sends a notification to user who added a question
*
* @param string $email Email address of the user
* @param string $userName Name of the user
* @param string $url URL of answered FAQ
*
* @return void
*/
public function sendOpenQuestionAnswered($email, $userName, $url)
{
$this->mail->addTo($email, $userName);
$this->mail->subject = $this->config->get('main.titleFAQ') . ' - ' . $this->pmfStr['msgQuestionAnswered'];
$this->mail->message = sprintf($this->pmfStr['msgMessageQuestionAnswered'], $this->config->get('main.titleFAQ')) . "\n\r" . $url;
$this->mail->send();
}
/**
* Constructor
*
* @param PMF_Configuration $config
*
* @return PMF_Sitemap
*/
public function __construct(PMF_Configuration $config)
{
$this->_config = $config;
if ($this->_config->get('security.permLevel') == 'medium') {
$this->groupSupport = true;
}
}
/**
* @static
* @param PMF_Configuration $faqConfig
*/
public static function init(PMF_Configuration $faqConfig)
{
$config = array();
if ($faqConfig->get('cache.varnishEnable')) {
$config[VARNISH_CONFIG_PORT] = $faqConfig->get('cache.varnishPort');
$config[VARNISH_CONFIG_SECRET] = $faqConfig->get('cache.varnishSecret');
$config[VARNISH_CONFIG_TIMEOUT] = $faqConfig->get('cache.varnishTimeout');
$config[VARNISH_CONFIG_HOST] = $faqConfig->get('cache.varnishHost');
self::$instance = new PMF_Cache_Varnish($config);
} else {
self::$instance = new PMF_Cache_Dummy($config);
}
}
/**
* This function checks the content against a bad word list if the banned
* word spam protection has been activated from the general phpMyFAQ
* configuration.
*
* @param string $content
*
* @return bool
*/
public function checkBannedWord($content)
{
// Sanity checks
$content = PMF_String::strtolower(trim($content));
if ('' === $content || !$this->_config->get('spam.checkBannedWords')) {
return true;
}
// Check if we check more than one word
$checkWords = explode(' ', $content);
if (1 === count($checkWords)) {
$checkWords = array($content);
}
$bannedWords = $this->getBannedWords();
// We just search a match of, at least, one banned word into $content
if (is_array($bannedWords)) {
foreach ($bannedWords as $bannedWord) {
foreach ($checkWords as $word) {
if (PMF_String::strtolower($word) === PMF_String::strtolower($bannedWord)) {
return false;
}
}
}
}
return true;
}
/**
* Prints the open questions as a XHTML table
*
* @return string
* @access public
* @since 2002-09-17
* @author Thorsten Rinne <*****@*****.**>
*/
function printOpenQuestions()
{
global $sids, $category;
$date = new PMF_Date($this->_config);
$mail = new PMF_Mail($this->_config);
$query = sprintf("\n SELECT\n COUNT(id) AS num\n FROM\n %sfaqquestions\n WHERE\n is_visible != 'Y'", PMF_Db::getTablePrefix());
$result = $this->_config->getDb()->query($query);
$row = $this->_config->getDb()->fetchObject($result);
$numOfInvisibles = $row->num;
if ($numOfInvisibles > 0) {
$extraout = sprintf('<tr><td colspan="3"><small>%s %s</small></td></tr>', $this->pmf_lang['msgQuestionsWaiting'], $numOfInvisibles);
} else {
$extraout = '';
}
$query = sprintf("\n SELECT\n *\n FROM\n %sfaqquestions\n WHERE\n is_visible = 'Y'\n ORDER BY\n created ASC", PMF_Db::getTablePrefix());
$result = $this->_config->getDb()->query($query);
$output = '';
if ($result && $this->_config->getDb()->numRows($result) > 0) {
while ($row = $this->_config->getDb()->fetchObject($result)) {
$output .= '<tr class="openquestions">';
$output .= sprintf('<td><small>%s</small><br /><a href="mailto:%s">%s</a></td>', $date->format(PMF_Date::createIsoDate($row->created)), $mail->safeEmail($row->email), $row->username);
$output .= sprintf('<td><strong>%s:</strong><br />%s</td>', isset($category->categoryName[$row->category_id]['name']) ? $category->categoryName[$row->category_id]['name'] : '', strip_tags($row->question));
if ($this->_config->get('records.enableCloseQuestion') && $row->answer_id) {
$output .= sprintf('<td><a id="PMF_openQuestionAnswered" href="?%saction=artikel&cat=%d&id=%d">%s</a></td>', $sids, $row->category_id, $row->answer_id, $this->pmf_lang['msg2answerFAQ']);
} else {
$output .= sprintf('<td><a class="btn btn-primary" href="?%saction=add&question=%d&cat=%d">%s</a></td>', $sids, $row->id, $row->category_id, $this->pmf_lang['msg2answer']);
}
$output .= '</tr>';
}
} else {
$output = sprintf('<tr><td colspan="3">%s</td></tr>', $this->pmf_lang['msgNoQuestionsAvailable']);
}
return $output . $extraout;
}
/**
* Returns the number of anonymous users and registered ones.
* These are the numbers of unique users who have perfomed
* some activities within the last five minutes
*
* @param integer $activityTimeWindow Optionally set the time window size in sec.
* Default: 300sec, 5 minutes
*
* @return array
*/
public function getUsersOnline($activityTimeWindow = 300)
{
$users = array(0, 0);
if ($this->config->get('main.enableUserTracking')) {
$timeNow = $_SERVER['REQUEST_TIME'] - $activityTimeWindow;
if (!$this->config->get('security.enableLoginOnly')) {
// Count all sids within the time window for public installations
// @todo add a new field in faqsessions in order to find out only sids of anonymous users
$query = sprintf("\n SELECT\n count(sid) AS anonymous_users\n FROM\n %sfaqsessions\n WHERE\n user_id = -1\n AND\n time > %d", PMF_Db::getTablePrefix(), $timeNow);
$result = $this->config->getDb()->query($query);
if (isset($result)) {
$row = $this->config->getDb()->fetchObject($result);
$users[0] = $row->anonymous_users;
}
}
// Count all faquser records within the time window
$query = sprintf("\n SELECT\n count(session_id) AS registered_users\n FROM\n %sfaquser\n WHERE\n session_timestamp > %d", PMF_Db::getTablePrefix(), $timeNow);
$result = $this->config->getDb()->query($query);
if (isset($result)) {
$row = $this->config->getDb()->fetchObject($result);
$users[1] = $row->registered_users;
}
}
return $users;
}
/**
* This function checks the provided captcha code
* if the captcha code spam protection has been activated from the general PMF configuration.
*
* @param string $code Captcha Code
* @return bool
*/
public function checkCaptchaCode($code)
{
if ($this->_config->get('spam.enableCaptchaCode')) {
return $this->validateCaptchaCode($code);
} else {
return true;
}
}
/**
* Adds a new adminlog entry
*
* @param PMF_User $user User object
* @param string $logText Logged string
*
* @return boolean
*/
public function logAdmin(PMF_User $user, $logText = '')
{
if ($this->_config->get('main.enableAdminLog')) {
$query = sprintf("\n INSERT INTO\n %sfaqadminlog\n (id, time, usr, text, ip)\n VALUES \n (%d, %d, %d, '%s', '%s')", PMF_Db::getTablePrefix(), $this->_config->getDb()->nextId(PMF_Db::getTablePrefix() . 'faqadminlog', 'id'), $_SERVER['REQUEST_TIME'], $user->userdata->get('user_id'), $this->_config->getDb()->escape(nl2br($logText)), $_SERVER['REMOTE_ADDR']);
return $this->_config->getDb()->query($query);
} else {
return false;
}
}
/**
* Return the latest news data
*
* @param boolean $showArchive Show archived news
* @param boolean $active Show active news
* @param boolean $forceConfLimit Force to limit in configuration
*
* @return array
*/
public function getLatestData($showArchive = false, $active = true, $forceConfLimit = false)
{
$news = [];
$counter = 0;
$now = date('YmdHis');
$query = sprintf("\n SELECT\n *\n FROM\n %sfaqnews\n WHERE\n date_start <= '%s'\n AND \n date_end >= '%s'\n %s\n AND\n lang = '%s'\n ORDER BY\n datum DESC", PMF_Db::getTablePrefix(), $now, $now, $active ? "AND active = 'y'" : '', $this->_config->getLanguage()->getLanguage());
$result = $this->_config->getDb()->query($query);
if ($this->_config->get('records.numberOfShownNewsEntries') > 0 && $this->_config->getDb()->numRows($result) > 0) {
while ($row = $this->_config->getDb()->fetchObject($result)) {
$counter++;
if ($showArchive && $counter > $this->_config->get('records.numberOfShownNewsEntries') || !$showArchive && !$forceConfLimit && $counter <= $this->_config->get('records.numberOfShownNewsEntries') || !$showArchive && $forceConfLimit) {
$item = array('id' => $row->id, 'lang' => $row->lang, 'date' => $row->datum, 'lang' => $row->lang, 'header' => $row->header, 'content' => $row->artikel, 'authorName' => $row->author_name, 'authorEmail' => $row->author_email, 'dateStart' => $row->date_start, 'dateEnd' => $row->date_end, 'active' => 'y' == $row->active, 'allowComments' => 'y' == $row->comment, 'link' => $row->link, 'linkTitle' => $row->linktitel, 'target' => $row->target);
$news[] = $item;
}
}
}
return $news;
}
/**
* Performs a check if an IPv4 or IPv6 address is banned
*
* @param string $ip IPv4 or IPv6 address
*
* @return boolean true, if not banned
*/
public function checkIp($ip)
{
$bannedIps = explode(' ', $this->_config->get('security.bannedIPs'));
foreach ($bannedIps as $ipAddress) {
if (0 == strlen($ipAddress)) {
continue;
}
if (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
// Handle IPv4
if ($this->checkForAddrMatchIpv4($ip, $ipAddress)) {
return false;
}
} else {
// Handle IPv6
if ($this->checkForAddrMatchIpv6($ip, $ipAddress)) {
return false;
}
}
}
return true;
}
/**
* Check on user and group permissions and on duplicate FAQs
*
* @param array $resultset Array with search results
*
* @return void
*/
public function reviewResultset(array $resultset)
{
$this->setResultset($resultset);
$duplicateResults = [];
$currentUserId = $this->user->getUserId();
if ('medium' === $this->_config->get('security.permLevel')) {
$currentGroupIds = $this->user->perm->getUserGroups($currentUserId);
} else {
$currentGroupIds = array(-1);
}
foreach ($this->rawResultset as $result) {
$permission = false;
// check permissions for groups
if ('medium' === $this->_config->get('security.permLevel')) {
$groupPermission = $this->faq->getPermission('group', $result->id);
if (count($groupPermission) && in_array($groupPermission[0], $currentGroupIds)) {
$permission = true;
}
}
// check permission for user
if ($permission || 'basic' === $this->_config->get('security.permLevel')) {
$userPermission = $this->faq->getPermission('user', $result->id);
if (in_array(-1, $userPermission) || in_array($this->user->getUserId(), $userPermission)) {
$permission = true;
} else {
$permission = false;
}
}
// check on duplicates
if (!isset($duplicateResults[$result->id])) {
$duplicateResults[$result->id] = 1;
} else {
++$duplicateResults[$result->id];
continue;
}
if ($permission) {
$this->reviewedResultset[] = $result;
}
}
$this->setNumberOfResults($this->reviewedResultset);
}
/**
* Checks if the system URI is running with http or https
*
* @param PMF_Configuration $faqConfig
*
* @return mixed
*/
public function getSystemUri(PMF_Configuration $faqConfig)
{
$mainUrl = $faqConfig->get('main.referenceURL');
if (isset($_ENV['REQUEST_SCHEME']) && 'https' === $_ENV['REQUEST_SCHEME']) {
if (false === strpos($mainUrl, 'https')) {
$mainUrl = str_replace('http://', 'https://', $mainUrl);
}
}
if ('/' !== substr($mainUrl, -1)) {
$mainUrl .= '/';
}
return $mainUrl;
}
/**
* Starts the installation
*
* @param array $DB
*/
public function startInstall(array $DB = null)
{
$query = $uninst = $dbSetup = [];
// Check table prefix
$dbSetup['dbPrefix'] = $sqltblpre = PMF_Filter::filterInput(INPUT_POST, 'sqltblpre', FILTER_SANITIZE_STRING, '');
if ('' !== $dbSetup['dbPrefix']) {
PMF_Db::setTablePrefix($dbSetup['dbPrefix']);
}
// Check database entries
$dbSetup['dbType'] = PMF_Filter::filterInput(INPUT_POST, 'sql_type', FILTER_SANITIZE_STRING);
if (!is_null($dbSetup['dbType'])) {
$dbSetup['dbType'] = trim($dbSetup['dbType']);
if (!file_exists(PMF_ROOT_DIR . '/setup/assets/sql/' . $dbSetup['dbType'] . '.sql.php')) {
printf('<p class="alert alert-danger"><strong>Error:</strong> Invalid server type: %s</p>', $dbSetup['dbType']);
PMF_System::renderFooter(true);
}
} else {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please select a database type.</p>\n";
PMF_System::renderFooter(true);
}
$dbSetup['dbServer'] = PMF_Filter::filterInput(INPUT_POST, 'sql_server', FILTER_SANITIZE_STRING);
if (is_null($dbSetup['dbServer']) && !PMF_System::isSqlite($dbSetup['dbType'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a database server.</p>\n";
PMF_System::renderFooter(true);
}
$dbSetup['dbPort'] = PMF_Filter::filterInput(INPUT_POST, 'sql_port', FILTER_VALIDATE_INT);
if (is_null($dbSetup['dbPort']) && !PMF_System::isSqlite($dbSetup['dbType'])) {
echo "<p class=\"alert alert-error\"><strong>Error:</strong> Please add a valid database port.</p>\n";
PMF_System::renderFooter(true);
}
$dbSetup['dbUser'] = PMF_Filter::filterInput(INPUT_POST, 'sql_user', FILTER_SANITIZE_STRING);
if (is_null($dbSetup['dbUser']) && !PMF_System::isSqlite($dbSetup['dbType'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a database username.</p>\n";
PMF_System::renderFooter(true);
}
$dbSetup['dbPassword'] = PMF_Filter::filterInput(INPUT_POST, 'sql_passwort', FILTER_UNSAFE_RAW);
if (is_null($dbSetup['dbPassword']) && !PMF_System::isSqlite($dbSetup['dbType'])) {
// Password can be empty...
$dbSetup['dbPassword'] = '';
}
$dbSetup['dbDatabaseName'] = PMF_Filter::filterInput(INPUT_POST, 'sql_db', FILTER_SANITIZE_STRING);
if (is_null($dbSetup['dbDatabaseName']) && !PMF_System::isSqlite($dbSetup['dbType'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a database name.</p>\n";
PMF_System::renderFooter(true);
}
if (PMF_System::isSqlite($dbSetup['dbType'])) {
$dbSetup['dbServer'] = PMF_Filter::filterInput(INPUT_POST, 'sql_sqlitefile', FILTER_SANITIZE_STRING);
if (is_null($dbSetup['dbServer'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a SQLite database filename.</p>\n";
PMF_System::renderFooter(true);
}
}
// check database connection
PMF_Db::setTablePrefix($dbSetup['dbPrefix']);
$db = PMF_Db::factory($dbSetup['dbType']);
$db->connect($dbSetup['dbServer'], $dbSetup['dbUser'], $dbSetup['dbPassword'], $dbSetup['dbDatabaseName']);
if (!$db) {
printf("<p class=\"alert alert-danger\"><strong>DB Error:</strong> %s</p>\n", $db->error());
PMF_System::renderFooter(true);
}
$configuration = new PMF_Configuration($db);
// check LDAP if available
$ldapEnabled = PMF_Filter::filterInput(INPUT_POST, 'ldap_enabled', FILTER_SANITIZE_STRING);
if (extension_loaded('ldap') && !is_null($ldapEnabled)) {
$ldapSetup = [];
// check LDAP entries
$ldapSetup['ldapServer'] = PMF_Filter::filterInput(INPUT_POST, 'ldap_server', FILTER_SANITIZE_STRING);
if (is_null($ldapSetup['ldapServer'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a LDAP server.</p>\n";
PMF_System::renderFooter(true);
}
$ldapSetup['ldapPort'] = PMF_Filter::filterInput(INPUT_POST, 'ldap_port', FILTER_VALIDATE_INT);
if (is_null($ldapSetup['ldapPort'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a LDAP port.</p>\n";
PMF_System::renderFooter(true);
}
$ldapSetup['ldapBase'] = PMF_Filter::filterInput(INPUT_POST, 'ldap_base', FILTER_SANITIZE_STRING);
if (is_null($ldapSetup['ldapBase'])) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Please add a LDAP base search DN.</p>\n";
PMF_System::renderFooter(true);
}
// LDAP User and LDAP password are optional
$ldapSetup['ldapUser'] = PMF_Filter::filterInput(INPUT_POST, 'ldap_user', FILTER_SANITIZE_STRING, '');
$ldapSetup['ldapPassword'] = PMF_Filter::filterInput(INPUT_POST, 'ldap_password', FILTER_SANITIZE_STRING, '');
// check LDAP connection
require PMF_ROOT_DIR . "/inc/PMF/Ldap.php";
$ldap = new PMF_Ldap($configuration);
$ldap->connect($ldapSetup['ldapServer'], $ldapSetup['ldapPort'], $ldapSetup['ldapBase'], $ldapSetup['ldapUser'], $ldapSetup['ldapPassword']);
if (!$ldap) {
echo "<p class=\"alert alert-danger\"><strong>LDAP Error:</strong> " . $ldap->error() . "</p>\n";
PMF_System::renderFooter(true);
}
}
// check loginname
$loginname = PMF_Filter::filterInput(INPUT_POST, 'loginname', FILTER_SANITIZE_STRING);
if (is_null($loginname)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a loginname for your account.</p>';
PMF_System::renderFooter(true);
}
// check user entries
$password = PMF_Filter::filterInput(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
if (is_null($password)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a password for the your account.</p>';
PMF_System::renderFooter(true);
}
$password_retyped = PMF_Filter::filterInput(INPUT_POST, 'password_retyped', FILTER_SANITIZE_STRING);
if (is_null($password_retyped)) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please add a retyped password.</p>';
PMF_System::renderFooter(true);
}
if (strlen($password) <= 5 || strlen($password_retyped) <= 5) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are too short.' . ' Please set your password and your retyped password with a minimum of 6 characters.</p>';
PMF_System::renderFooter(true);
}
if ($password != $password_retyped) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Your password and retyped password are not equal.' . ' Please check your password and your retyped password.</p>';
PMF_System::renderFooter(true);
}
$language = PMF_Filter::filterInput(INPUT_POST, 'language', FILTER_SANITIZE_STRING, 'en');
$realname = PMF_Filter::filterInput(INPUT_POST, 'realname', FILTER_SANITIZE_STRING, '');
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL, '');
$permLevel = PMF_Filter::filterInput(INPUT_POST, 'permLevel', FILTER_SANITIZE_STRING, 'basic');
$instanceSetup = new PMF_Instance_Setup();
$instanceSetup->setRootDir(PMF_ROOT_DIR);
// Write the DB variables in database.php
if (!$instanceSetup->createDatabaseFile($dbSetup)) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Setup cannot write to ./config/database.php.</p>";
$this->_system->cleanInstallation();
PMF_System::renderFooter(true);
}
// check LDAP if available
if (extension_loaded('ldap') && !is_null($ldapEnabled)) {
if (!$instanceSetup->createLdapFile($ldapSetup, '')) {
echo "<p class=\"alert alert-danger\"><strong>Error:</strong> Setup cannot write to ./config/ldap.php.</p>";
$this->_system->cleanInstallation();
PMF_System::renderFooter(true);
}
}
// connect to the database using config/database.php
require PMF_ROOT_DIR . '/config/database.php';
$db = PMF_Db::factory($dbSetup['dbType']);
$db->connect($DB['server'], $DB['user'], $DB['password'], $DB['db']);
if (!$db) {
echo "<p class=\"alert alert-danger\"><strong>DB Error:</strong> " . $db->error() . "</p>\n";
$this->_system->cleanInstallation();
PMF_System::renderFooter(true);
}
require PMF_ROOT_DIR . '/setup/assets/sql/' . $dbSetup['dbType'] . '.sql.php';
// CREATE TABLES
require PMF_ROOT_DIR . '/setup/assets/sql/stopwords.sql.php';
// INSERTs for stopwords
$this->_system->setDatabase($db);
echo '<p>';
// Erase any table before starting creating the required ones
if (!PMF_System::isSqlite($dbSetup['dbType'])) {
$this->_system->dropTables($uninst);
}
// Start creating the required tables
$count = 0;
foreach ($query as $executeQuery) {
$result = @$db->query($executeQuery);
if (!$result) {
echo '<p class="alert alert-danger"><strong>Error:</strong> Please install your version of phpMyFAQ once again or send
us a <a href=\\"http://www.phpmyfaq.de\\" target=\\"_blank\\">bug report</a>.</p>';
printf('<p class="alert alert-danger"><strong>DB error:</strong> %s</p>', $db->error());
printf('<code>%s</code>', htmlentities($executeQuery));
$this->_system->dropTables($uninst);
$this->_system->cleanInstallation();
PMF_System::renderFooter(true);
}
usleep(2500);
$count++;
if (!($count % 10)) {
echo '| ';
}
}
$link = new PMF_Link(null, $configuration);
// add main configuration, add personal settings
$this->_mainConfig['main.metaPublisher'] = $realname;
$this->_mainConfig['main.administrationMail'] = $email;
$this->_mainConfig['main.language'] = $language;
$this->_mainConfig['security.permLevel'] = $permLevel;
foreach ($this->_mainConfig as $name => $value) {
$configuration->add($name, $value);
}
$configuration->update(array('main.referenceURL' => $link->getSystemUri('/setup/index.php')));
$configuration->add('security.salt', md5($configuration->get('main.referenceURL')));
// add admin account and rights
$admin = new PMF_User($configuration);
if (!$admin->createUser($loginname, $password, 1)) {
printf("<p class=\"alert alert-danger\"><strong>Fatal installation error:</strong><br>" . "Couldn't create the admin user: %s</p>\n", $admin->error());
$this->_system->cleanInstallation();
PMF_System::renderFooter(true);
}
$admin->setStatus('protected');
$adminData = array('display_name' => $realname, 'email' => $email);
$admin->setUserData($adminData);
// add default rights
foreach ($this->_mainRights as $right) {
$admin->perm->grantUserRight(1, $admin->perm->addRight($right));
}
// Add anonymous user account
$instanceSetup->createAnonymousUser($configuration);
// Add master instance
$instanceData = array('url' => $link->getSystemUri($_SERVER['SCRIPT_NAME']), 'instance' => $link->getSystemRelativeUri('setup/index.php'), 'comment' => 'phpMyFAQ ' . PMF_System::getVersion());
$faqInstance = new PMF_Instance($configuration);
$faqInstance->addInstance($instanceData);
$faqInstanceMaster = new PMF_Instance_Master($configuration);
$faqInstanceMaster->createMaster($faqInstance);
echo '</p>';
}
/**
* This static method returns a valid CurrentUser object if there is one
* in the session that is not timed out. The session-ID is updated if
* necessary. The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the session or the
* session is timed out, null will be returned. If the session data is
* correct, but there is no user found in the user table, false will be
* returned. On success, a valid CurrentUser object is returned.
*
* @static
*
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromSession(PMF_Configuration $config)
{
// there is no valid user object in session
if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
// user object is timed out
if ($user->sessionIsTimedOut()) {
$user->deleteFromSession();
$user->errors[] = 'Session timed out.';
return null;
}
// session-id not found in user table
$session_info = $user->getSessionInfo();
$session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
if ($session_id == '' || $session_id != session_id()) {
return false;
}
// check ip
if ($config->get('security.ipCheck') && $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
return false;
}
// session-id needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
}
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
/**
* Adds a table of content for exports of the complete FAQ
*
* @return void
*/
public function addFaqToc()
{
global $PMF_LANG;
$this->addTOCPage();
// Title
$this->SetFont($this->currentFont, 'B', 24);
$this->MultiCell(0, 0, $this->_config->get('main.titleFAQ'), 0, 'C', 0, 1, '', '', true, 0);
$this->Ln();
// TOC
$this->SetFont($this->currentFont, 'B', 16);
$this->MultiCell(0, 0, $PMF_LANG['msgTableOfContent'], 0, 'C', 0, 1, '', '', true, 0);
$this->Ln();
$this->SetFont($this->currentFont, '', 12);
// Render TOC
$this->addTOC(1, $this->currentFont, '.', $PMF_LANG['msgTableOfContent'], 'B', array(128, 0, 0));
$this->endTOCPage();
}
/**
* If the email spam protection has been activated from the general
* phpMyFAQ configuration this method converts an email address e.g.
* from "*****@*****.**" to "user_AT_example_DOT_org". Otherwise
* it will return the plain email address.
*
* @param string $email E-mail address
* @static
*
* @return string
*/
public function safeEmail($email)
{
if ($this->_config->get('spam.enableSafeEmail')) {
return str_replace(array('@', '.'), array('_AT_', '_DOT_'), $email);
} else {
return $email;
}
}
/**
* Verifies specified article content and update links_state database entry
*
* @param string $contents
* @param integer $id
* @param string $artlang
* @param boolean $cron
*
* @return string HTML text, if $cron is false (default)
*/
public function verifyArticleURL($contents = '', $id = 0, $artlang = '', $cron = false)
{
global $PMF_LANG;
if ($this->_config->get('main.referenceURL') == '') {
$output = $PMF_LANG['ad_linkcheck_noReferenceURL'];
return $cron ? '' : '<br /><br />' . $output;
}
if (trim('' == $this->_config->get('main.referenceURL'))) {
$output = $PMF_LANG['ad_linkcheck_noReferenceURL'];
return $cron ? '' : '<br /><br />' . $output;
}
if ($this->isReady() === false) {
$output = $PMF_LANG['ad_linkcheck_noAllowUrlOpen'];
return $cron ? '' : '<br /><br />' . $output;
}
// Parse contents and verify URLs
$this->parse_string($contents);
$result = $this->VerifyURLs($this->_config->get('main.referenceURL'));
$this->markEntry($id, $artlang);
// If no URLs found
if ($result == false) {
$output = sprintf('<h2>%s</h2><br />%s', $PMF_LANG['ad_linkcheck_checkResult'], $PMF_LANG['ad_linkcheck_noLinksFound']);
return $cron ? '' : $output;
}
$failreasons = $inforeasons = [];
$output = " <h2>" . $PMF_LANG['ad_linkcheck_checkResult'] . "</h2>\n";
$output .= ' <table class="verifyArticleURL">' . "\n";
foreach ($result as $type => $_value) {
$output .= " <tr><td><strong>" . PMF_String::htmlspecialchars($type) . "</strong></td></tr>\n";
foreach ($_value as $value) {
$_output = ' <td />';
$_output .= ' <td><a href="' . $value['absurl'] . '" target="_blank">' . PMF_String::htmlspecialchars($value['absurl']) . "</a></td>\n";
$_output .= ' <td>';
if (isset($value['redirects']) && $value['redirects'] > 0) {
$_redirects = "(" . $value['redirects'] . ")";
} else {
$_redirects = "";
}
if ($value['valid'] === true) {
$_classname = "urlsuccess";
$_output .= '<td class="' . $_classname . '">' . $PMF_LANG['ad_linkcheck_checkSuccess'] . $_redirects . '</td>';
if ($value['reason'] != "") {
$inforeasons[] = sprintf($PMF_LANG['ad_linkcheck_openurl_infoprefix'], PMF_String::htmlspecialchars($value['absurl'])) . $value['reason'];
}
} else {
$_classname = "urlfail";
$_output .= '<td class="' . $_classname . '">' . $PMF_LANG['ad_linkcheck_checkFailed'] . '</td>';
if ($value['reason'] != "") {
$failreasons[] = $value['reason'];
}
}
$_output .= '</td>';
$output .= ' <tr class="' . $_classname . '">' . "\n" . $_output . "\n";
$output .= " </tr>\n";
}
}
$output .= " </table>\n";
if (count($failreasons) > 0) {
$output .= " <br />\n <strong>" . $PMF_LANG['ad_linkcheck_failReason'] . "</strong>\n <ul>\n";
foreach ($failreasons as $reason) {
$output .= " <li>" . $reason . "</li>\n";
}
$output .= " </ul>\n";
}
if (count($inforeasons) > 0) {
$output .= " <br />\n <strong>" . $PMF_LANG['ad_linkcheck_infoReason'] . "</strong>\n <ul>\n";
foreach ($inforeasons as $reason) {
$output .= " <li>" . $reason . "</li>\n";
}
$output .= " </ul>\n";
}
if ($cron) {
return '';
} else {
return $output;
}
}
/**
* Setter for salt
*
* @param string $login
*
* @return PMF_Enc
*/
public function setSalt($login)
{
$this->salt = $this->_config->get('security.salt') . $login;
return $this;
}
//
ini_set('session.use_only_cookies', 1);
// Avoid any PHP version to move sessions on URLs
ini_set('session.auto_start', 0);
// Prevent error to use session_start() if it's active in php.ini
ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', '');
//
// Start the PHP session
//
PMF_Init::cleanRequest();
session_start();
//
// Connect to LDAP server, when LDAP support is enabled
//
if ($faqConfig->get('security.ldapSupport') && file_exists(PMF_CONFIG_DIR . '/ldap.php') && extension_loaded('ldap')) {
require PMF_CONFIG_DIR . '/constants_ldap.php';
require PMF_CONFIG_DIR . '/ldap.php';
$faqConfig->setLdapConfig($PMF_LDAP);
} else {
$ldap = null;
}
//
// Build attachments path
//
$confAttachmentsPath = trim($faqConfig->get('records.attachmentsPath'));
if ('/' == $confAttachmentsPath[0] || preg_match('%^[a-z]:(\\\\|/)%i', $confAttachmentsPath)) {
// If we're here, some windows or unix style absolute path was detected.
define('PMF_ATTACHMENTS_DIR', $confAttachmentsPath);
} else {
// otherwise build the absolute path
/**
* Returns the "Send 2 Friends" URL
*
* @return string
*/
public function getSuggestLink()
{
return sprintf('%s?action=send2friend&cat=%d&id=%d&artlang=%s', $this->_config->get('main.referenceURL'), $this->getCategoryId(), $this->getFaqId(), $this->getLanguage());
}
/**
* Resolves the PMF markers like e.g. %sitename%.
*
* @param string $text Text contains PMF markers
* @param PMF_Configuration $config
*
* @return string
*/
public static function resolveMarkers($text, PMF_Configuration $config)
{
// Available markers: key and resolving value
$markers = array('%sitename%' => $config->get('main.titleFAQ'));
// Resolve any known pattern
return str_replace(array_keys($markers), array_values($markers), $text);
}
/**
* Constructor
*
* @param PMF_Configuration $config
*
* @return PMF_User
*/
public function __construct(PMF_Configuration $config)
{
$this->config = $config;
$perm = PMF_Perm::selectPerm($this->config->get('security.permLevel'), $this->config);
if (!$this->addPerm($perm)) {
return;
}
// authentication objects
// always make a 'local' $auth object (see: $authData)
$this->authContainer = [];
$auth = new PMF_Auth($this->config);
$authLocal = $auth->selectAuth($this->getAuthSource('name'));
$authLocal->selectEncType($this->getAuthData('encType'));
$authLocal->setReadOnly($this->getAuthData('readOnly'));
if (!$this->addAuth($authLocal, $this->getAuthSource('type'))) {
return;
}
// additionally, set given $auth objects
if (count($auth) > 0) {
foreach ($auth as $name => $authObject) {
if (!$authObject instanceof PMF_Auth_Driver && !$this->addAuth($authObject, $name)) {
break;
}
}
}
// user data object
$this->userdata = new PMF_User_UserData($this->config);
}
/**
* print the static tree with the number of records
*
* @return string
*/
public function viewTree()
{
global $sids, $plr;
$totFaqRecords = 0;
$number = [];
$query = sprintf("\n SELECT\n fcr.category_id AS category_id,\n count(fcr.category_id) AS number\n FROM\n %sfaqcategoryrelations fcr,\n %sfaqdata fd\n WHERE\n fcr.record_id = fd.id\n AND\n fcr.record_lang = fd.lang", PMF_Db::getTablePrefix(), PMF_Db::getTablePrefix());
if (strlen($this->language) > 0) {
$query .= sprintf(" AND fd.lang = '%s'", $this->language);
}
$query .= sprintf("\n AND\n fd.active = 'yes'\n GROUP BY\n fcr.category_id", PMF_Db::getTablePrefix(), PMF_Db::getTablePrefix());
$result = $this->_config->getDb()->query($query);
if ($this->_config->getDb()->numRows($result) > 0) {
while ($row = $this->_config->getDb()->fetchObject($result)) {
$number[$row->category_id] = $row->number;
}
}
$output = "<ul>\n";
$open = 0;
$this->expandAll();
for ($y = 0; $y < $this->height(); $y = $this->getNextLineTree($y)) {
list($hasChild, $categoryName, $parent, $description) = $this->getLineDisplay($y);
$level = $this->treeTab[$y]['level'];
$leveldiff = $open - $level;
if (!isset($number[$parent])) {
$number[$parent] = 0;
}
if ($this->_config->get('records.hideEmptyCategories') && 0 === $number[$parent] && '-' === $hasChild) {
continue;
}
if ($leveldiff > 1) {
$output .= '</li>';
for ($i = $leveldiff; $i > 1; $i--) {
$output .= sprintf("\n%s</ul>\n%s</li>\n", str_repeat("\t", $level + $i + 1), str_repeat("\t", $level + $i));
}
}
if ($level < $open) {
if ($level - $open == -1) {
$output .= '</li>';
}
$output .= sprintf("\n%s</ul>\n%s</li>\n", str_repeat("\t", $level + 2), str_repeat("\t", $level + 1));
} elseif ($level == $open && $y != 0) {
$output .= "</li>\n";
}
if ($level > $open) {
$output .= sprintf("\n%s<ul>\n%s<li>", str_repeat("\t", $level + 1), str_repeat("\t", $level + 1));
} else {
$output .= str_repeat("\t", $level + 1) . "<li>";
}
if (0 === $number[$parent] && 0 === $level) {
$numFaqs = '';
} else {
$totFaqRecords += $number[$parent];
$numFaqs = '<span class="rssCategoryLink"> (' . $plr->GetMsg('plmsgEntries', $number[$parent]);
if ($this->_config->get('main.enableRssFeeds')) {
$numFaqs .= sprintf(' <a href="feed/category/rss.php?category_id=%d&category_lang=%s" target="_blank"><i class="fa fa-rss"></i></a>', $parent, $this->language, $parent);
}
$numFaqs .= ')</span>';
}
$url = sprintf('%s?%saction=show&cat=%d', PMF_Link::getSystemRelativeUri(), $sids, $parent);
$oLink = new PMF_Link($url, $this->_config);
$oLink->itemTitle = $categoryName;
$oLink->text = $categoryName;
$oLink->tooltip = $description;
$output .= $oLink->toHtmlAnchor() . $numFaqs;
$open = $level;
}
if (isset($level) && $level > 0) {
$output .= str_repeat("</li>\n\t</ul>\n\t", $level);
}
$output .= "\t</li>\n";
$output .= "\t</ul>\n";
$output .= '<span id="totFaqRecords" style="display: none;">' . $totFaqRecords . "</span>\n";
return $output;
}
/**
* Returns date formatted according to user defined format
*
* @param string $date
* @return string
*/
public function format($unformattedDate)
{
$date = new DateTime($unformattedDate);
return $date->format($this->_config->get('main.dateFormat'));
}
/**
* Rewrites a URL string
*
* @param boolean $forceNoModrewriteSupport Force no rewrite support
*
* @return string
*/
public function toString($forceNoModrewriteSupport = false)
{
$url = $this->toUri();
// Check mod_rewrite support and 'rewrite' the passed (system) uri
// according to the rewrite rules written in .htaccess
if (!$forceNoModrewriteSupport && $this->_config->get('main.enableRewriteRules')) {
if ($this->isHomeIndex()) {
$getParams = $this->getHttpGetParameters();
if (isset($getParams[self::PMF_LINK_GET_ACTION])) {
// Get the part of the url 'till the '/' just before the pattern
$url = substr($url, 0, strpos($url, self::PMF_LINK_INDEX_HOME) + 1);
// Build the Url according to .htaccess rules
switch ($getParams[self::PMF_LINK_GET_ACTION]) {
case self::PMF_LINK_GET_ACTION_ADD:
$url .= self::PMF_LINK_HTML_ADDCONTENT;
break;
case self::PMF_LINK_GET_ACTION_ARTIKEL:
$url .= self::PMF_LINK_CONTENT . $getParams[self::PMF_LINK_GET_CATEGORY] . self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_ID] . self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_ARTLANG] . self::PMF_LINK_SLASH . $this->getSEOItemTitle() . self::PMF_LINK_HTML_EXTENSION;
if (isset($getParams[self::PMF_LINK_GET_HIGHLIGHT])) {
$url .= self::PMF_LINK_SEARCHPART_SEPARATOR . self::PMF_LINK_GET_HIGHLIGHT . '=' . $getParams[self::PMF_LINK_GET_HIGHLIGHT];
}
if (isset($getParams[self::PMF_LINK_FRAGMENT_SEPARATOR])) {
$url .= self::PMF_LINK_FRAGMENT_SEPARATOR . $getParams[self::PMF_LINK_FRAGMENT_SEPARATOR];
}
break;
case self::PMF_LINK_GET_ACTION_ASK:
$url .= self::PMF_LINK_HTML_ASK;
break;
case self::PMF_LINK_GET_ACTION_CONTACT:
$url .= self::PMF_LINK_HTML_CONTACT;
break;
case self::PMF_LINK_GET_ACTION_GLOSSARY:
$url .= self::PMF_LINK_HTML_GLOSSARY;
break;
case self::PMF_LINK_GET_ACTION_HELP:
$url .= self::PMF_LINK_HTML_HELP;
break;
case self::PMF_LINK_GET_ACTION_OPEN:
$url .= self::PMF_LINK_HTML_OPEN;
break;
case self::PMF_LINK_GET_ACTION_SEARCH:
if (!isset($getParams[self::PMF_LINK_GET_ACTION_SEARCH]) && isset($getParams[self::PMF_LINK_GET_TAGGING_ID])) {
$url .= self::PMF_LINK_TAGS . $getParams[self::PMF_LINK_GET_TAGGING_ID];
if (isset($getParams[self::PMF_LINK_GET_PAGE])) {
$url .= self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_PAGE];
}
$url .= self::PMF_LINK_SLASH . $this->getSEOItemTitle() . self::PMF_LINK_HTML_EXTENSION;
} elseif (isset($getParams[self::PMF_LINK_GET_ACTION_SEARCH])) {
$url .= self::PMF_LINK_HTML_SEARCH;
$url .= self::PMF_LINK_SEARCHPART_SEPARATOR . self::PMF_LINK_GET_ACTION_SEARCH . '=' . $getParams[self::PMF_LINK_GET_ACTION_SEARCH];
if (isset($getParams[self::PMF_LINK_GET_PAGE])) {
$url .= self::PMF_LINK_AMPERSAND . self::PMF_LINK_GET_PAGE . '=' . $getParams[self::PMF_LINK_GET_PAGE];
}
}
if (isset($getParams[self::PMF_LINK_GET_LANGS])) {
$url .= self::PMF_LINK_AMPERSAND . self::PMF_LINK_GET_LANGS . '=' . $getParams[self::PMF_LINK_GET_LANGS];
}
break;
case self::PMF_LINK_GET_ACTION_SITEMAP:
if (isset($getParams[self::PMF_LINK_GET_LETTER])) {
$url .= self::PMF_LINK_SITEMAP . $getParams[self::PMF_LINK_GET_LETTER] . self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_LANG] . self::PMF_LINK_HTML_EXTENSION;
} else {
$url .= self::PMF_LINK_SITEMAP . 'A' . self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_LANG] . self::PMF_LINK_HTML_EXTENSION;
}
break;
case self::PMF_LINK_GET_ACTION_SHOW:
if (!isset($getParams[self::PMF_LINK_GET_CATEGORY]) || isset($getParams[self::PMF_LINK_GET_CATEGORY]) && 0 == $getParams[self::PMF_LINK_GET_CATEGORY]) {
$url .= self::PMF_LINK_HTML_SHOWCAT;
} else {
$url .= self::PMF_LINK_CATEGORY . $getParams[self::PMF_LINK_GET_CATEGORY];
if (isset($getParams[self::PMF_LINK_GET_PAGE])) {
$url .= self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_PAGE];
}
$url .= self::PMF_LINK_HTML_SLASH . $this->getSEOItemTitle() . self::PMF_LINK_HTML_EXTENSION;
}
break;
case self::PMF_LINK_GET_ACTION_NEWS:
$url .= self::PMF_LINK_NEWS . $getParams[self::PMF_LINK_GET_NEWS_ID] . self::PMF_LINK_HTML_SLASH . $getParams[self::PMF_LINK_GET_NEWS_LANG] . self::PMF_LINK_SLASH . $this->getSEOItemTitle() . self::PMF_LINK_HTML_EXTENSION;
break;
}
if (isset($getParams[self::PMF_LINK_GET_SIDS])) {
$url = $this->appendSids($url, $getParams[self::PMF_LINK_GET_SIDS]);
}
if (isset($getParams['fragment'])) {
$url .= self::PMF_LINK_FRAGMENT_SEPARATOR . $getParams['fragment'];
}
}
}
}
return $url;
}
