$page = $this->GetPreference('pageid_login');
    if (isset($params['returnto'])) {
        $page = $params['returnto'];
    }
    // replace {$groupname} with the first groupname we can find that matches
    $groups = $this->GetMemberGroupsArray($this->LoggedinId());
    $groupname = $this->GetGroupName($groups[0]['groupid']);
    $smarty->assign('username', $params['feu_input_username']);
    $smarty->assign('group', $groupname);
    $page = $this->ProcessTemplateFromData($page);
}
// send the event
$parms = array();
$parms['id'] = $this->LoggedInId();
$parms['username'] = $params['feu_input_username'];
$parms['ip'] = cge_utils::get_real_ip();
$this->SendEvent('OnLogin', $parms);
$this->_SendNotificationEmail('OnLogin', $parms);
if ($return_url != '') {
    redirect($return_url);
} else {
    if ($page) {
        $id = ContentManager::GetPageIDFromAlias($page);
        if ($id) {
            $this->RedirectContent($id);
            return;
        }
        die("couldn't get pageid for {$page}");
    } else {
        $this->RedirectContent($returnid);
    }
 /**
  * Compare text against auto moderation rules
  * 
  * @param string text
  * @return boolean TRUE if text needs moderation, FALSE otherwise.
  */
 public static function text_needs_moderation($text)
 {
     $mod = cms_utils::get_module('CGFeedback');
     $t1 = $mod->GetPreference('moderate_comments');
     if ($t1 == 0) {
         return FALSE;
     }
     if ($t1 > 0) {
         return TRUE;
     }
     $tmp = $mod->GetPreference('moderation_patterns');
     if (!$tmp) {
         return FALSE;
     }
     // no patterns, = auto pass.
     $rules = explode("\n", $tmp);
     if (!is_array($rules) || count($rules) == 0) {
         return FALSE;
     }
     // no patterns = auto pass.
     for ($i = 0; $i < count($rules); $i++) {
         $rules[$i] = trim($rules[$i]);
         if ($rules[$i] == '') {
             continue;
         }
         if ($rules[$i] == '__EMAIL__') {
             // check if text contains an email
             $pattern = '/([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)/i';
             if (preg_match($pattern, $text)) {
                 return TRUE;
             }
         } else {
             if ($rules[$i] == '__IP_ADDRESS__') {
                 // check if text contains an ip address
                 $pattern = '/((1?\\d{1,2}|2[0-4]\\d|25[0-5])\\.){3}(1?\\d{1,2}|2[0-4]\\d|25[0-5]){1}/';
                 if (preg_match($pattern, $text)) {
                     return TRUE;
                 }
             } else {
                 if ($rules[$i] == '__URL__') {
                     // check if text contains a URL
                     $pattern = '#\\b(([\\w-]+://?|www[.])[^\\s()<>]+(?:\\([\\w\\d]+\\)|([^[:punct:]\\s]|/)))#';
                     //$pattern  = '/(http|https|ftp|ftps)\:\/\/[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(\/\S*)?/';
                     if (preg_match($pattern, $text)) {
                         return TRUE;
                     }
                 } else {
                     if (startswith('PATTERN:', $rules[$i])) {
                         // check if text matches a pattern
                         $pattern = substr($rules[$i], strlen('PATTERN:'));
                         $pattern = trim($pattern);
                         if ($pattern) {
                             $pattern = '|' . $pattern . '|';
                             if (preg_match($pattern, $text)) {
                                 return TRUE;
                             }
                         }
                     } else {
                         // check for individual words/phrases
                         $pattern = '|' . $rules[$i] . '|i';
                         if (preg_match($pattern, $text)) {
                             return TRUE;
                         }
                     }
                 }
             }
         }
     }
     $tmp = $mod->GetPreference('moderation_iplist');
     $tmp = trim($tmp);
     if (!$tmp) {
         return FALSE;
     }
     $iprules = explode("\n", $tmp);
     if (!is_array($iprules) || count($iprules) == 0) {
         return FALSE;
     }
     $ipaddr = cge_utils::get_real_ip();
     if (!$ipaddr) {
         return FALSE;
     }
     // no ip address?
     for ($i = 0; $i < count($iprules); $i++) {
         $rule = trim($iprules[$i]);
         if (empty($rule)) {
             continue;
         }
         if (self::_testip($rule, $ipaddr)) {
             return TRUE;
         }
     }
     // everything passes
     return FALSE;
 }
 function Login($username, $password, $groups = '', $md5pw = false, $force_logout = false)
 {
     $error = '';
     $uid = -1;
     $gCms = cmsms();
     $db = $this->GetDb();
     $mod = $this->GetModule();
     $config = $gCms->GetConfig();
     if (!$this->CheckPassword($username, $password, $groups, $md5pw)) {
         $uid = $this->GetUserID($username);
         if (!$uid) {
             $uid = -1;
         }
         $error = $mod->Lang('error_loginfailed');
     } else {
         $uid = $this->GetUserID($username);
         if ($force_logout) {
             $this->Logout($uid);
         }
         if ($this->IsAccountExpired($uid)) {
             $error = $mod->Lang('error_accountexpired');
         } else {
             if ($mod->GetPreference('allow_repeated_logins') == 0) {
                 // make sure this user isn't already logged in
                 $q = "SELECT * FROM " . cms_db_prefix() . "module_feusers_loggedin WHERE \n              USERID = ?";
                 $dbresult = $db->Execute($q, array($uid));
                 if ($dbresult && $dbresult->RecordCount()) {
                     $error = $mod->Lang('error_norepeatedlogins');
                 }
             }
         }
     }
     $ip = cge_utils::get_real_ip();
     if (!$error) {
         $q = "INSERT INTO " . cms_db_prefix() . "module_feusers_loggedin (sessionid,lastused,userid)\n               VALUES (?,?,?)";
         /* we may need to start a session now */
         if (session_id() == "") {
             @session_start();
         }
         // log the user in
         $dbresult = $db->Execute($q, array(session_id(), time(), $uid));
         if (!$dbresult) {
             return array(FALSE, $db->ErrorMsg());
         }
         // set the cookie
         $module = $this->GetModule();
         if ($module->GetPreference('cookie_keepalive', 0)) {
             $expirytime = $module->GetPreference('user_session_expires');
             @setcookie('feu_sessionid', session_id(), time() + $expirytime, "/");
             @setcookie('feu_uid', $uid, time() + $expirytime, "/");
         }
         // and add history info
         $this->add_history($uid, 'login');
         return array($uid);
     }
     // log an invalid login
     $this->add_history($uid, 'fail');
     return array(FALSE, $error);
 }
}
//
// Get custom field definitions
//
$tfields = cgfb_comment_ops::get_fielddefs();
foreach ($tfields as $fid => &$tfield) {
    $tfield['attrib'] = $tfield['attribs'];
}
//
// Process form data
//
if (isset($params['submit'])) {
    // Get data from the form
    $comment->from_array($params);
    $disable_html = $this->GetPreference('allow_comment_html', 0) == 0;
    $comment->author_ip = cge_utils::get_real_ip();
    if (isset($params['comment'])) {
        $comment->data = trim($params['comment']);
        $comment->data = $disable_html ? strip_tags($comment->data) : $comment->data;
    }
    foreach ($params as $key => $value) {
        if (startswith($key, 'field_')) {
            $fid = (int) substr($key, 6);
            if (is_array($value)) {
                $value = implode(',', $value);
            }
            $value = $disable_html ? strip_tags($value) : $value;
            $comment->set_field_by_id($fid, $value);
        }
    }
    if (isset($params['feedback_origurl'])) {
 public function handle_file()
 {
     $uploads = cms_utils::get_module('Uploads');
     // validate the data.
     if (!isset($this->_data['src'])) {
         throw UploadsException('Invalid attributes... no source file set');
     }
     if (!$this->_category) {
         throw UploadsException('Invalid/Null upload category speciried');
     }
     if (!isset($this->_data['summary'])) {
         $sumamry = basename($this->_data['src']);
         $this->set_summary($summary);
     }
     if (!isset($this->_data['description'])) {
         $this->_data['description'] = '';
     }
     if (!isset($this->_data['key'])) {
         $this->_data['key'] = '';
     }
     if (!isset($this->_data['author'])) {
         // author hasn't been previously set.
         // try to find something we can use.
         global $CMS_ADMIN_PAGE;
         $author = 'Anonymous';
         if (isset($CMS_ADMIN_PAGE)) {
             // it's an admin action... get the currently logged in username
             $uid = get_userid(FALSE);
             if ($uid) {
                 $userops = cmsms()->GetUserOperations();
                 $user = $userops->LoadUserById($uid);
                 if ($user) {
                     $author = $user->username;
                 }
             }
         } else {
             $feu = cms_utils::get_module('FrontEndUsers');
             if ($feu) {
                 $tmp = $feu->LoggedInName();
                 if ($tmp) {
                     $author = $tmp;
                 }
             }
         }
         $this->_data['author'] = $author;
     }
     $db = cmsms()->GetDb();
     $destfile = $this->get_destfile();
     $existing_fileid = null;
     if (file_exists($destfile) && !isset($this->_data['allow_overwrite'])) {
         // not allowing overwrite
         throw new UploadsException('Destination File Exists: ' . $destfile);
     } else {
         if (file_exists($destfile)) {
             // allowing overwrite... try to find a file id.
             $query = 'SELECT upload_id FROM ' . cms_db_prefix() . 'module_uploads 
               WHERE upload_name = ? AND upload_category_id = ?';
             $existing_fileid = $db->GetOne($query, basename($destname), $this->_category['uploads_category_id']);
         }
     }
     // see if we're gonna watermark
     $_created = array();
     $can_unlink = FALSE;
     $srcfile = $this->_data['src'];
     if (isset($this->_data['do_watermark'])) {
         $dn = dirname($destfile);
         $fn = basename($destfile);
         $wmname = cms_join_path($dn, 'wm_', $fn);
         $wmobj = cge_setup::get_watermarker();
         $res = $wmobj->create_watermarked_image($srcfile, $wmname);
         if ($res !== FALSE) {
             $can_unlink = TRUE;
             $srcfile = $wmname;
             $_created[] = $srcfile;
         }
     }
     // see if we're gonna thumbnail.
     $thumb_name = '';
     if (isset($this->_data['do_thumbnail'])) {
         $thumb_name = basename($destname);
         $dn = dirname($destname);
         $thumbfile = cms_join_path($dn, 'thumb_' . $thumb_name);
         $uploads->imageTransform($srcfile, $thumbfile);
         $_created[] = $thumbfile;
     } else {
         if (isset($this->_data['thumbnail'])) {
             $thumb_name = basename($destname);
             $dn = dirname($destname);
             $thumbfile = cms_join_path($dn, 'thumb_' . $thumb_name);
             @copy($this->_data['thumbnail'], $thumbfile);
             $_created[] = $thumbfile;
         }
     }
     // do the copy.
     @unlink($destfile);
     @copy($srcfile, $destfile);
     $_created[] = $destfile;
     // do the insert or update
     $dbr = '';
     if (!$existing_fileid) {
         $existing_fileid = $db->GenId(cms_db_prefix() . 'module_uploads_seq');
         // insert
         $query = 'INSERT INTO ' . cms_db_prefix() . 'module_uploads
               (upload_id,upload_category_id,upload_name,upload_author,
                upload_summary,upload_description,upload_ip,upload_size,
                upload_date, upload_key, upload_thumbnail)
               VALUES (?,?,?,?,?,?,?,?,NOW(),?,?)';
         $dbr = $db->Execute($query, array($existing_fileid, $this->_category['upload_category_id'], basename($destfile), $this->_data['author'], $this->_data['summary'], $this->_data['desciption'], cge_utils::get_real_ip(), filesize($this->_data['src']), $this->_data['key'], $thumb_name));
     } else {
         // update... delete custom fields.
         $query = 'DELETE FROM ' . cms_db_prefix() . 'module_uploads_fieldvals WHERE upload_id = ?';
         $dbr = $db->Execute($query, array($existing_fileid));
         $query = 'UPDATE ' . cms_db_prefix() . 'module_uploads
               SET upload_name = ?, upload_author = ?,
                   upload_summary = ?, upload_description = ?,
                   upload_ip = ?, upload_size = ?, upload_date = NOW(),
                   upload_key = ?, upload_thumbnail = ?
              WHERE upload_id = ?';
         $dbr = $db->Execute($query, array(basename($destfile), $this->_data['author'], $this->_data['summary'], $this->_data['desc'], cge_array::get_real_ip(), filesize($destfile), $this->_data['key'], $thumb_name, $existing_fileid));
     }
     if (!$dbr) {
         foreach ($_created as $one) {
             @unlink($one);
         }
         throw new UploadsException('Database operation failed: ' . $db->sql . ' -- ' . $db->ErrorMsg());
     }
     $fields = '';
     $query = 'SELECT id,name FROM ' . cms_db_prefix() . 'module_uploads_fielddefs ORDER BY iorder';
     $tmp = $db->GetArray($query);
     if (!is_array($tmp)) {
         $fields = cge_array::to_hash($tmp, 'name');
     }
     if (is_array($fields) && isset($this->_data['fields'])) {
         // do the custom fields.
         $iquery = 'INSERT INTO ' . cms_db_prefix() . 'module_uploads_fieldvals 
              (upload_id, fld_id, value) VALUES (?,?,?)';
         foreach ($this->_data['fields'] as $key => $value) {
             if (!isset($fields[$key])) {
                 continue;
             }
             $field_id = $fields[$key]['id'];
             $db->Execute($iquery, array($existing_fileid, $ield_id, $value));
         }
     }
     // add something to the audit log.
     audit($existing_fileid, $uploads->GetName(), 'Uploaded file ' . basename($destfile));
     // and we're done...
     return $existing_fileid;
 }