/**
* Deliver a backup file.
* Originally had the option of "http" or "smtp", but for glFusion
* only "smtp" is needed. Files can be downloaded at any time via
* the backup admin interface.
*/
private function deliver_backup($filename = '')
{
global $_VARS, $_CONF;
if ($filename == '' || !filename) {
return false;
}
$diskfile = $this->backup_dir . $filename;
$recipient = $_VARS['_dbback_sendto'];
if (!file_exists($diskfile)) {
COM_errorLog("dbBackup: File {$diskfile} does not exist");
return false;
}
if (!COM_isEmail($recipient)) {
COM_errorLog("{$recipient} is not a valid email address");
return false;
}
$message = sprintf("Attached to this email is\n %s\n Size:%s kilobytes\n", $filename, round(filesize($diskfile) / 1024));
$status = $this->SendMail($recipient, $_CONF['site_name'] . ' ' . 'Database Backup', $message, '', false, 0, '', '', array($diskfile));
return $status;
}
function prj_sendEmail($user, $subject, $message)
{
global $_USER, $_CONF, $_TABLES, $_PRJCONF;
$target_uid = DB_getItem($_TABLES['users'], "uid", "username='******'");
$emailaddress = DB_getItem($_TABLES['users'], "email", "username = '******'");
$emailtest = COM_isEmail($emailaddress);
if ($_PRJCONF['notifications_enabled'] && $emailtest) {
COM_mail($emailaddress, $subject, $message, $_CONF['site_mail'], false);
// Log notification for admin viewing and tracking
$type = "projects";
$logentry = $type . "," . $user . "," . $subject;
prj_logNotification($logentry);
}
return true;
}
function createuser()
{
global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR;
$retval = '';
$retval = '';
$passwd = '';
$passwd_conf = '';
if ($_CONF['disable_new_user_registration']) {
COM_setMsg($LANG04[122], 'error');
echo COM_refresh($_CONF['site_url']);
}
$email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : '';
$email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : '';
$username = isset($_POST['username']) ? $_POST['username'] : '';
if (isset($_POST['passwd'])) {
$passwd = trim($_POST['passwd']);
}
if (isset($_POST['passwd_conf'])) {
$passwd_conf = trim($_POST['passwd_conf']);
}
$username = COM_truncate(trim($username), 48);
if (!USER_validateUsername($username)) {
$retval .= newuserform($LANG04[162]);
return $retval;
}
$email = COM_truncate(trim($email), 96);
$email_conf = trim($email_conf);
if ($_CONF['registration_type'] == 1) {
if (empty($passwd) || $passwd != $passwd_conf) {
$retval .= newuserform($MESSAGE[67]);
return $retval;
}
}
$fullname = '';
if (!empty($_POST['fullname'])) {
$fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
}
if (!isset($_CONF['disallow_domains'])) {
$_CONF['disallow_domains'] = '';
}
if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) {
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
if ($ucount == 0 and $ecount == 0) {
// For glFusion, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$msg = CUSTOM_userCheck($username, $email);
if (!empty($msg)) {
// no, it's not okay with the custom userform
$retval = CUSTOM_userForm($msg);
return $retval;
}
}
// Let plugins have a chance to decide what to do before creating the user, return errors.
$spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = PLG_itemPreSave('registration', $spamCheckData);
if (!empty($msg)) {
$retval .= newuserform($msg);
return $retval;
}
if ($_CONF['registration_type'] == 1 && !empty($passwd)) {
$encryptedPasswd = SEC_encryptPassword($passwd);
} else {
$encryptedPasswd = '';
}
$uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname);
if ($_CONF['usersubmission'] == 1) {
if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
} else {
$retval = emailpassword($username, $passwd, 1);
}
} else {
$retval = emailpassword($username, $passwd);
}
return $retval;
} else {
$retval .= newuserform($LANG04[19]);
}
} else {
if ($email !== $email_conf) {
$msg = $LANG04[125];
$retval .= newuserform($msg);
} else {
// invalid username or email address
if (empty($username) || strlen($username) > 48) {
$msg = $LANG01[32];
// invalid username
} else {
$msg = $LANG04[18];
// invalid email address
}
$retval .= newuserform($msg);
}
}
return $retval;
}
public function testIsEmailReturnFalseForInvalidEmails()
{
// Line 3075
// Commented emails should be invalid,
// but pass PEAR isValidInetAddress validation.
$invalidemails = array("abc@def@example.com", "abc\\\\@def@example.com", "abc\\@example.com", "@example.com", "doug@", "\"*****@*****.**", "ote\"@example.com", "\"Doug \"Ace\" L.\"@example.com", "Doug\\ \\\"Ace\\\"\\ L\\.@example.com", "hello world@example.com", "gatsby@f.sc.ot.t.f.i.tzg.era.l.d.");
foreach ($invalidemails as $k => $invalid) {
$this->assertFalse(COM_isEmail($invalid), 'Error asserting ' . $invalid . ' is an invalid email');
}
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
}
}
/**
* This function record in the hello queue the message to send to the specified group or to csv list
*
* @param array $vars Same as $_POST, holds all the email info
* @return string HTML with success or error message
*
*/
function send_messages($vars)
{
global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01;
require_once $_CONF['path_system'] . 'lib-user.php';
$retval = '';
if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) {
$retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG31[26];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= $display .= display_mailform($vars);
return $retval;
}
// Urgent message!
if (isset($vars['priority'])) {
$priority = 1;
} else {
$priority = 0;
}
if (!empty($vars['to_group'])) {
$groupList = implode(',', USER_getChildGroups($vars['to_group']));
//Group name
$group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " ");
$group_name = DB_fetchArray($group_name);
$email_group = $group_name[0];
if (isset($vars['overstyr'])) {
$sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
} else {
$sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
$sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
$sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
$sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
}
$result = DB_query($sql);
$nrows = DB_numRows($result);
$quantity = $nrows;
} else {
// OK, let's upload csv file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
//Debug with story debug function
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads(1);
$upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv'));
if (!$upload->setPath($_CONF['path_data'])) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$curfile = current($_FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filename = 'import_hello_' . COM_makesid() . '.' . $fextension;
}
if ($filename == '') {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= 'Upload error: csv file name is empty. Please try again...';
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
$upload->setFileNames($filename);
reset($_FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$msg = $upload->printErrors(false);
return $LANG24[30];
}
//email group
$email_group = $LANG_HELLO01['csv_file'];
$destinataires = array();
$separator = $vars['separator'];
if (!in_array($separator, array(',', 'tab', ';'))) {
$separator = ',';
}
if ($separator == 'tab') {
$separator = "\t";
}
if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
$quantity = 0;
while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) {
//todo check if email is valid
if ($data[0] != '' and COM_isEmail($data[0])) {
$quantity++;
$destinataires[] = $data[0];
}
}
fclose($handle);
}
}
$retval .= COM_startBlock($LANG31[1]);
// register hello
$creation = date('YmdHi', time());
$subject = addslashes($vars['subject']);
$content = addslashes($vars['content']);
$from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')";
DB_query($sql_ajout_hello);
$new_hello_id = DB_insertId();
// Loop through and send the messages in the DB!
$successes = 0;
$failures = 0;
if (!empty($vars['to_group'])) {
for ($i = 0; $i < $quantity; $i++) {
$A = DB_fetchArray($result);
$destinataire = $A['email'];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if ($destinataire != '') {
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
} else {
$failures = $failures + 1;
}
}
} else {
//csv file
for ($i = 0; $i < $quantity; $i++) {
$destinataire = $destinataires[$i];
$expediteur = $from;
$date = date('YmdHi', time());
$sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
if (DB_query($sql_ajout_hello)) {
$successes = $successes + 1;
} else {
$failures = $failures + 1;
}
}
}
if ($successes >= 0) {
$retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority'];
}
if ($failures > 0) {
$retval .= 'Oups... There was ' . $failures . ' failure(s)';
}
if (empty($vars['to_group'])) {
//list emails from csv
reset($destinataires);
$retval .= COM_makeList($destinataires);
}
$retval .= COM_endBlock();
return $retval;
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// verify password
if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
return $display;
}
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
SEC_updateUserPassword($A['passwd'], $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
/**
* Creates a user
* Creates a user with the give username and email address
*
* @param string $username username to create user for
* @param string $email email address to assign to user
* @param string $email_conf confirmation email address check
* @return string HTML for the form again if error occurs, otherwise nothing.
*/
function createuser($username, $email, $email_conf)
{
global $_CONF, $_TABLES, $LANG01, $LANG04;
$retval = '';
$username = trim($username);
$email = trim($email);
$email_conf = trim($email_conf);
if (!isset($_CONF['disallow_domains'])) {
$_CONF['disallow_domains'] = '';
}
if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) {
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email));
if ($ucount == 0 && $ecount == 0) {
// For Geeklog, it would be okay to create this user now. But check
// with a custom userform first, if one exists.
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// no, it's not okay with the custom userform
$retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string']));
return $retval;
}
}
// Let plugins have a chance to decide what to do before creating the user, return errors.
$msg = PLG_itemPreSave('registration', $username);
if (!empty($msg)) {
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
return $retval;
}
$uid = USER_createAccount($username, $email);
if ($_CONF['usersubmission'] == 1) {
if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) {
COM_redirect($_CONF['site_url'] . '/index.php?msg=48');
} else {
$retval = emailpassword($username, 1);
}
} else {
$retval = emailpassword($username, 1);
}
return $retval;
} else {
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($LANG04[19]);
} else {
$retval .= newuserform($LANG04[19]);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
}
} elseif ($email !== $email_conf) {
$msg = $LANG04[125];
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
} else {
// invalid username or email address
if (empty($username) || strlen($username) > 16) {
$msg = $LANG01[32];
// invalid username
} else {
$msg = $LANG04[18];
// invalid email address
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) {
$retval .= CUSTOM_userForm($msg);
} else {
$retval .= newuserform($msg);
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22]));
}
return $retval;
}
} else {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter();
}
}
break;
case 'sendstory':
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
$html = 0;
if ($postmode == 'html') {
$html = 1;
}
$shortmessage = $_POST['shortmsg'];
if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail'])) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage, 52) . COM_siteFooter();
} else {
if (empty($_POST['to']) || empty($_POST['from']) || empty($shortmessage)) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage) . COM_siteFooter();
} else {
$msg = PLG_itemPreSave('emailstory', $shortmessage);
if (!empty($msg)) {
$display .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage) . COM_siteFooter();
} else {
$display .= mailstory($sid, $_POST['to'], $_POST['toemail'], $_POST['from'], $_POST['fromemail'], $shortmessage, $html);
}
}
}
}
break;
function COM_emailNotification($msgData = array())
{
global $_CONF;
// define the maximum number of emails allowed per bcc
$maxEmailsPerSend = 10;
// ensure we have something to send...
if (!isset($msgData['htmlmessage']) && !isset($msgData['textmessage'])) {
COM_errorLog("COM_emailNotification() - No message data provided");
return false;
// no message defined
}
if (empty($msgData['htmlmessage']) && empty($msgData['textmessage'])) {
COM_errorLog("COM_emailNotification() - Empty message data provided");
return false;
// no text in either...
}
if (!isset($msgData['subject']) || empty($msgData['subject'])) {
COM_errorLog("COM_emailNotification() - No subject provided");
return false;
// must have a subject
}
$queued = 0;
$subject = substr($msgData['subject'], 0, strcspn($msgData['subject'], "\r\n"));
$subject = COM_emailEscape($subject);
require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php';
$mail = new PHPMailer();
$mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/');
$mail->CharSet = COM_getCharset();
if ($_CONF['mail_backend'] == 'smtp') {
$mail->IsSMTP();
$mail->Host = $_CONF['mail_smtp_host'];
$mail->Port = $_CONF['mail_smtp_port'];
if ($_CONF['mail_smtp_secure'] != 'none') {
$mail->SMTPSecure = $_CONF['mail_smtp_secure'];
}
if ($_CONF['mail_smtp_auth']) {
$mail->SMTPAuth = true;
$mail->Username = $_CONF['mail_smtp_username'];
$mail->Password = $_CONF['mail_smtp_password'];
}
$mail->Mailer = "smtp";
} elseif ($_CONF['mail_backend'] == 'sendmail') {
$mail->Mailer = "sendmail";
$mail->Sendmail = $_CONF['mail_sendmail_path'];
} else {
$mail->Mailer = "mail";
}
$mail->WordWrap = 76;
if (isset($msgData['htmlmessage']) && !empty($msgData['htmlmessage'])) {
$mail->IsHTML(true);
$mail->Body = $msgData['htmlmessage'];
if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) {
$mail->AltBody = $msgData['textmessage'];
}
} else {
$mail->IsHTML(false);
if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) {
$mail->Body = $msgData['textmessage'];
}
}
$mail->Subject = $subject;
if (isset($msgData['embeddedImage']) && is_array($msgData['embeddedImage'])) {
foreach ($msgData['embeddedImage'] as $embeddedImage) {
$mail->AddEmbeddedImage($embeddedImage['file'], $embeddedImage['name'], $embeddedImage['filename'], $embeddedImage['encoding'], $embeddedImage['mime']);
}
}
if (is_array($msgData['from'])) {
$mail->From = $msgData['from']['email'];
$mail->FromName = $msgData['from']['name'];
} else {
$mail->From = $msgData['from'];
$mail->FromName = $_CONF['site_name'];
}
$queued = 0;
if (is_array($msgData['to'])) {
foreach ($msgData['to'] as $to) {
if (is_array($to)) {
$mail->AddBCC($to['email'], $to['name']);
} else {
if (COM_isEmail($to)) {
$mail->AddBCC($to);
}
}
$queued++;
if ($queued >= $maxEmailsPerSend) {
if (!$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
}
$queued = 0;
$mail->ClearBCCs();
}
}
}
if ($queued > 0) {
if (!@$mail->Send()) {
COM_errorLog("Email Error: " . $mail->ErrorInfo);
}
}
}
/**
* Saves the user's information back to the database
*
* @A array User's data
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']);
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (isset($_POST['merge'])) {
if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) {
echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit');
}
USER_mergeAccounts();
}
// If not set or possibly removed from template - initialize variable
if (!isset($A['cooktime'])) {
$A['cooktime'] = 0;
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}");
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret['number'] = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message hander - if not numeric use default message
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
}
// Let plugins have a chance to decide what to do before saving the user, return errors.
$msg = PLG_itemPreSave('useredit', $A['username']);
if (!empty($msg)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($msg)) {
$msg = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}");
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = $A['new_username'];
if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']);
if (!empty($photo) && strstr($photo, $_USER['username']) !== false) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
@rename($imgpath . $photo, $imgpath . $newphoto);
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />';
}
$profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80);
$A['location'] = strip_tags($A['location']);
$A['sig'] = strip_tags($A['sig']);
$A['about'] = strip_tags($A['about']);
$A['pgpkey'] = strip_tags($A['pgpkey']);
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if ($service == '') {
if (!empty($A['newp'])) {
$A['newp'] = trim($A['newp']);
$A['newp_conf'] = trim($A['newp_conf']);
if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) {
$passwd = SEC_encryptPassword($A['newp']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
$token_ttl = $A['cooktime'];
} else {
$cooktime = 0;
$token_ttl = 14400;
}
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
} elseif (!SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['newp'] != $A['newp_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = 0;
}
$ltToken = SEC_createTokenGeneral('ltc', $cooktime);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cookie_timeout = 0;
$token_ttl = 14400;
} else {
$cookie_timeout = time() + $A['cooktime'];
$token_ttl = $A['cooktime'];
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'");
if ($cookie_timeout > 0) {
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
} else {
SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']);
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']);
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged((int) $_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
PLG_profileExtrasSave();
PLG_profileSave();
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
DB_query("INSERT INTO {$_TABLES['forum_watch']} (forum_id,topic_id,uid,date_added) VALUES ('{$forum}','{$pid}','{$_USER['uid']}',now() )");
}
if ($_USER['email'] != '' and COM_isEmail($_USER['email'])) {
$display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=2&showtopic={$id}");
} else {
// Invalid or no email address remind user to add one
$display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=12&showtopic={$id}");
}
} else {
$display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=3&showtopic={$id}");
}
} else {
DB_query("INSERT INTO {$_TABLES['forum_watch']} (forum_id,topic_id,uid,date_added) VALUES ('{$forum}','{$pid}','{$_USER['uid']}',now() )");
$nid = -$id;
DB_query("DELETE FROM {$_TABLES['forum_watch']} WHERE uid='{$_USER['uid']}' AND forum_id='{$forum}' AND topic_id = '{$nid}'");
if ($_USER['email'] != '' and COM_isEmail($_USER['email'])) {
$display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=2&showtopic={$id}");
} else {
// Invalid or no email address remind user to add one
$display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=12&showtopic={$id}");
}
}
COM_output($display);
exit;
} elseif ($_REQUEST['submit'] == 'delete' and $id != 0) {
DB_query("DELETE FROM {$_TABLES['forum_watch']} WHERE (id='{$id}')");
$display = COM_refresh($_CONF['site_url'] . "/forum/notify.php?msg=1&filter={$notifytype}");
COM_output($display);
exit;
} elseif ($_REQUEST['submit'] == 'delete2' and $id != '') {
// Check and see if subscribed to complete forum and if so - unsubscribe to just this topic
function gf_chknotifications($forumid, $topicid, $userid, $type = 'topic')
{
global $_TABLES, $LANG_GF01, $LANG_GF02, $_CONF, $CONF_FORUM;
$pid = DB_getItem($_TABLES['forum_topic'], 'pid', "id='{$topicid}'");
if ($pid == 0) {
$pid = $topicid;
}
$sql = "SELECT * FROM {$_TABLES['forum_watch']} WHERE ((topic_id='{$pid}') OR ((forum_id='{$forumid}') AND (topic_id='0') )) GROUP BY uid";
$sqlresult = DB_query($sql);
$postername = COM_getDisplayName($userid);
$nrows = DB_numRows($sqlresult);
$site_language = unserialize(DB_getItem($_TABLES['conf_values'], 'value', "group_name='Core' AND name='language'"));
// Retrieve original language of site
$mail_language = $_CONF['language'];
$last_mail_language = $mail_language;
$plugin_path = $_CONF['path'] . 'plugins/forum/';
for ($i = 1; $i <= $nrows; $i++) {
$N = DB_fetchArray($sqlresult);
// Don't need to send a notification to the user that posted this message and users with NOTIFY disabled
if ($N['uid'] > 1 and $N['uid'] != $userid and $CONF_FORUM['allow_notification'] == '1') {
// if the topic_id is 0 for this record - user has subscribed to complete forum. Check if they have opted out of this forum topic.
if (DB_count($_TABLES['forum_watch'], array('uid', 'forum_id', 'topic_id'), array($N['uid'], $forumid, -$topicid)) == 0) {
// Check if user does not want to receive multiple notifications for same topic and already has been notified
$userNotifyOnceOption = DB_getItem($_TABLES['forum_userprefs'], 'notify_once', "uid='{$N['uid']}'");
// Retrieve the log record for this user if it exists then check if user has viewed this topic yet
// The logtime value may be 0 which indicates the user has not yet viewed the topic
$lsql = DB_query("SELECT time FROM {$_TABLES['forum_log']} WHERE uid='{$N['uid']}' AND forum='{$forumid}' AND topic='{$topicid}'");
if (DB_numRows($lsql) == 1) {
$nologRecord = false;
list($logtime) = DB_fetchArray($lsql);
} else {
$nologRecord = true;
$logtime = 0;
}
if ($userNotifyOnceOption == 0 or $userNotifyOnceOption == 1 and ($nologRecord or $logtime != 0)) {
$topicrec = DB_query("SELECT subject,name,forum FROM {$_TABLES['forum_topic']} WHERE id='{$pid}'");
$A = DB_fetchArray($topicrec);
$userrec = DB_query("SELECT username,email,language,status FROM {$_TABLES['users']} WHERE uid='{$N['uid']}'");
$B = DB_fetchArray($userrec);
if ($B['status'] == USER_ACCOUNT_ACTIVE) {
// Need to send email in user own language if set, else site default
// Should not use current user language if does not match
if (empty($B['language'])) {
$mail_language = $site_language;
} else {
$mail_language = $B['language'];
}
if ($mail_language != $last_mail_language) {
$langfile = $plugin_path . 'language/' . $mail_language . '.php';
if (file_exists($langfile)) {
require $langfile;
$last_mail_language = $mail_language;
} else {
// Use site default language as backup
$langfile = $plugin_path . 'language/' . $site_language . '.php';
if (file_exists($langfile)) {
require $langfile;
$last_mail_language = $site_language;
} else {
require $plugin_path . 'language/english.php';
$last_mail_language = 'english';
}
}
}
$subjectline = "{$_CONF['site_name']} {$LANG_GF02['msg22']}";
$message = "{$LANG_GF01['HELLO']} {$B['username']},\n\n";
if ($type == 'forum') {
$forum_name = DB_getItem($_TABLES['forum_forums'], forum_name, "forum_id='{$forumid}'");
$message .= sprintf($LANG_GF02['msg23b'], $A['subject'], $A['name'], $forum_name, $_CONF['site_name'], $_CONF['site_url'], $pid);
} else {
$message .= sprintf($LANG_GF02['msg23a'], $A['subject'], $postername, $A['name'], $_CONF['site_name']);
$message .= sprintf($LANG_GF02['msg23c'], $_CONF['site_url'], $pid);
}
$message .= $LANG_GF02['msg26'];
$message .= sprintf($LANG_GF02['msg27'], "{$_CONF['site_url']}/forum/notify.php");
$message .= "{$LANG_GF02['msg25']}{$_CONF['site_name']} {$LANG_GF01['ADMIN']}\n";
// Check and see if Site admin has enabled email notifications
if ($CONF_FORUM['allow_notification']) {
if ($nologRecord and $userNotifyOnceOption == 1) {
DB_query("INSERT INTO {$_TABLES['forum_log']} (uid,forum,topic,time) VALUES ('{$N['uid']}', '{$forumid}', '{$topicid}','0') ");
}
if ($B['email'] != '' and COM_isEmail($B['email'])) {
COM_mail($B['email'], $subjectline, $message);
}
}
}
}
}
}
}
}
function fncSave($mode)
{
global $_CONF;
global $LANG_ASSIST_ADMIN;
global $_TABLES;
$retval = '';
//------------------
$fary = array();
$fary[] = array('name' => 'fromname', 'reserv' => 'fn');
//@@
$fary[] = array('name' => 'replyto', 'reserv' => 'rt');
$fary[] = array('name' => 'sprefix', 'reserv' => 'sp');
$fary[] = array('name' => 'sid', 'reserv' => 'si');
$fary[] = array('name' => 'testto');
$fary[] = array('name' => 'uidfrom', 'reserv' => 'uf');
$fary[] = array('name' => 'uidto', 'reserv' => 'ut');
///@@@@@ 20111220 delete $fary[]=array('name' =>'last_schedule' );
$fary[] = array('name' => 'introbody', 'reserv' => 'ib');
//@@
$fary[] = array('name' => 'overstyr', 'reserv' => 'os');
//@@
$fary[] = array('name' => 'toenv', 'reserv' => 'te');
//@@
$fary[] = array('name' => 'selectgroup', 'reserv' => 'sg');
//@@
$fary[] = array('name' => 'bulkmm', 'reserv' => 'bm');
//@@
$fary[] = array('name' => 'bulkcnt', 'reserv' => 'bc');
//@@
//------------------
// clean 'em up
$fromname = COM_applyFilter($_POST['fromname']);
$fromname = addslashes(COM_checkHTML(COM_checkWords($fromname)));
$replyto = COM_applyFilter($_POST['replyto']);
$replyto = addslashes(COM_checkHTML(COM_checkWords($replyto)));
//--
$sprefix = COM_applyFilter($_POST['sprefix']);
$sprefix = addslashes(COM_checkHTML(COM_checkWords($sprefix)));
$sid = COM_applyFilter($_POST['sid']);
$sid = addslashes(COM_checkHTML(COM_checkWords($sid)));
$testto = COM_applyFilter($_POST['testto']);
$testto = addslashes(COM_checkHTML(COM_checkWords($testto)));
$uidfrom = COM_applyFilter($_POST['uidfrom'], true);
$uidfrom = addslashes(COM_checkHTML(COM_checkWords($uidfrom)));
$uidto = COM_applyFilter($_POST['uidto'], true);
$uidto = addslashes(COM_checkHTML(COM_checkWords($uidto)));
// hiroron start 2010/07/13
$dt_year = COM_applyFilter($_POST['datetime_year'], true);
$dt_month = COM_applyFilter($_POST['datetime_month'], true);
$dt_day = COM_applyFilter($_POST['datetime_day'], true);
$dt_hour = COM_applyFilter($_POST['datetime_hour'], true);
$dt_minute = COM_applyFilter($_POST['datetime_minute'], true);
// hiroron end 2010/07/13
$dt = COM_convertDate2Timestamp($dt_year . '-' . $dt_month . '-' . $dt_day, $dt_hour . ':' . $dt_minute . ':00');
$uidto = COM_applyFilter($_POST['uidto'], true);
$uidto = addslashes(COM_checkHTML(COM_checkWords($uidto)));
// 冒頭文 本文 introbody
$introbody = COM_applyFilter($_POST['introbody'], true);
$introbody = addslashes(COM_checkHTML(COM_checkWords($introbody)));
// ユーザの受信許可設定を無視して送る
$overstyr = COM_applyFilter($_POST['overstyr'], true);
$overstyr = addslashes(COM_checkHTML(COM_checkWords($overstyr)));
//送信先環境
$toenv = COM_applyFilter($_POST['toenv'], true);
$toenv = addslashes(COM_checkHTML(COM_checkWords($toenv)));
//送信先グループ
$selectgroup = COM_applyFilter($_POST['selectgroup'], true);
$selectgroup = addslashes(COM_checkHTML(COM_checkWords($selectgroup)));
//一括予約
$bulkmm = COM_applyFilter($_POST['bulkmm'], true);
$bulkmm = addslashes(COM_checkHTML(COM_checkWords($bulkmm)));
$bulkcnt = COM_applyFilter($_POST['bulkcnt'], true);
$bulkcnt = addslashes(COM_checkHTML(COM_checkWords($bulkcnt)));
// CHECK はじめ
$err = "";
//差出人必須
if (empty($fromname)) {
$err .= $LANG_ASSIST_ADMIN['err_fromname'] . "<br/>" . LB;
}
if (COM_isEmail($replyto) == false) {
$err .= $LANG_ASSIST_ADMIN['err_replyto'] . "<br/>" . LB;
}
//差出人必須
// hiroron start 2010/07/13
// if ($mode==="test" OR $mode==="send"){
if ($mode === "test" or $mode === "send" or $mode === "reserv") {
// hiroron end 2010/07/13
if ($sid == "") {
$err .= $LANG_ASSIST_ADMIN['err_sid'] . "<br/>" . LB;
}
}
//test 送信先
if ($mode === "test") {
if ($test === "") {
$err .= $LANG_ASSIST_ADMIN['err_testto'] . "<br/>" . LB;
}
}
if ($testto != "") {
if (COM_isEmail($testto) == false) {
$err .= $LANG_ASSIST_ADMIN['err_testto'] . "<br/>" . LB;
}
}
// hiroron start 2010/07/13
// 予約送信
if ($mode === 'reserv') {
if ($dt_year === "" or $dt_month === "" or $dt_day === "" or $dt_hour === "" or $dt_minute === "") {
$err .= $LANG_ASSIST_ADMIN['err_reserv'] . "<br/>" . LB;
}
}
// hiroron end 2010/07/13
//errorのあるとき
if ($err != "") {
return $err;
}
// CHECK おわり
$fields = "name";
$fields .= ",value";
//
for ($i = 0; $i < count($fary); $i++) {
$fname = $fary[$i]['name'];
$values = "'assist_{$fname}'";
$values .= ",'{${$fname}}'";
DB_save($_TABLES['vars'], $fields, $values);
}
//assist_re_datetime
$values = "'assist_re_datetime'";
$values .= ",'{$dt}'";
DB_save($_TABLES['vars'], $fields, $values);
// hiroron start 2010/07/13
if ($mode === "reserv") {
$ts = $dt;
//assist_fn_1234567890
for ($i = 0; $i < count($fary); $i++) {
$reserv = $fary[$i]['reserv'];
if ($reserv != "") {
$fname = $fary[$i]['name'];
$values = "'assist_{$reserv}_{$ts}'";
$values .= ",'{${$fname}}'";
DB_save($_TABLES['vars'], $fields, $values);
}
}
$values = "'assist_li_{$ts}'";
$values .= ",'0'";
DB_save($_TABLES['vars'], $fields, $values);
touch($_CONF['path_data'] . "assist_reserv_{$ts}");
}
// hiroron end 2010/07/13
$rt = $LANG_ASSIST_ADMIN['mail_save_ok'];
return $rt;
}
/**
* This function allows the administrator to import batches of users
*
* TODO: This function should first display the users that are to be imported,
* together with the invalid users and the reason of invalidity. Each valid line
* should have a checkbox that allows selection of final to be imported users.
* After clicking an extra button, the actual import should take place. This will
* prevent problems in case the list formatting is incorrect.
*
* @return string HTML with success or error message
*
*/
function importusers()
{
global $_CONF, $_TABLES, $LANG04, $LANG28;
// Setting this to true will cause import to print processing status to
// webpage and to the error.log file
$verbose_import = true;
$retval = '';
// Bulk import implies admin authorisation:
$_CONF['usersubmission'] = 0;
// First, upload the file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
$upload->setPath($_CONF['path_data']);
$upload->setAllowedMimeTypes(array('text/plain' => '.txt'));
$upload->setFileNames('user_import_file.txt');
if ($upload->uploadFiles()) {
// Good, file got uploaded, now install everything
$thefile = current($_FILES);
$filename = $_CONF['path_data'] . 'user_import_file.txt';
if (!file_exists($filename)) {
// empty upload form
$retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform');
return $retval;
}
} else {
// A problem occurred, print debug information
$retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
return $retval;
}
$users = file($filename);
$retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header'));
// Following variables track import processing statistics
$successes = 0;
$failures = 0;
foreach ($users as $line) {
$line = rtrim($line);
if (empty($line)) {
continue;
}
list($full_name, $u_name, $email) = explode("\t", $line);
$full_name = strip_tags($full_name);
$u_name = COM_applyFilter($u_name);
$email = COM_applyFilter($email);
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n";
COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1);
}
// prepare for database
$userName = trim($u_name);
$fullName = trim($full_name);
$emailAddr = trim($email);
if (COM_isEmail($email)) {
// email is valid form
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr));
if ($ucount == 0 && $ecount == 0) {
// user doesn't already exist - pass in optional true for $batchimport parm
$uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true);
$result = USER_createAndSendPassword($userName, $emailAddr, $uid);
if ($result) {
$successes++;
if ($verbose_import) {
$retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n";
COM_errorLog("Account for {$u_name} created successfully", 1);
}
} else {
// user creation failed
$retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n";
COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1);
}
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n";
// user already exists
COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1);
}
$failures++;
}
// end if $ucount == 0 && ecount == 0
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n";
// malformed email
COM_errorLog("{$email} is not a valid email address, account not created", 1);
}
$failures++;
}
// end if COM_isEmail($email)
}
// end foreach
unlink($filename);
$retval .= '<p>' . sprintf($LANG28[32], $successes, $failures);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24]));
return $retval;
}
function MG_sendPostCard()
{
global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
global $LANG_DIRECTION, $LANG_CHARSET;
$mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
$toname = COM_applyFilter($_POST['toname']);
$toemail = COM_applyFilter($_POST['toemail']);
$fromname = COM_applyFilter($_POST['fromname']);
$fromemail = COM_applyFilter($_POST['fromemail']);
$subject = strip_tags(COM_checkWords($_POST['subject']));
$message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
$ccself = isset($_POST['ccself']) ? 1 : 0;
$errCount = 0;
$msg = '';
if (!COM_isEmail($toemail)) {
$errCount++;
}
if (!COM_isEmail($fromemail)) {
$errCount++;
}
if (empty($subject)) {
$errCount++;
}
if (empty($message)) {
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
if ($_CONF['hideemailicon'] == 1) {
$display = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid));
} else {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter();
}
}
break;
case 'sendstory':
$sid = COM_applyFilter($_POST['sid']);
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail']) || strpos($_POST['to'], '@') !== false || strpos($_POST['from'], '@') !== false) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg'], 52) . COM_siteFooter();
} else {
if (empty($_POST['to']) || empty($_POST['from']) || empty($_POST['shortmsg'])) {
$display .= COM_siteHeader('menu', $LANG08[17]) . COM_showMessageText($LANG08[22]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter();
} else {
$msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
if (!empty($msg)) {
$display .= COM_siteHeader('menu', $LANG08[17]) . COM_errorLog($msg, 2) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter();
} else {
$display .= mailstory($sid, $_POST['to'], $_POST['toemail'], $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
}
}
}
}
break;
function fncimportexec()
{
global $_CONF;
global $_TABLES;
global $LANG_ASSIST_ADMIN;
// true:画面にもOKNG経過表示,ログファイルへ出力
// false:ログファイルへ出力のみ
$verbose_import = true;
$retval = '';
// Bulk import implies admin authorisation:
$_CONF['usersubmission'] = 0;
// First, upload the file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
$upload->setPath($_CONF['path_data']);
$upload->setAllowedMimeTypes(array('text/plain' => '.txt'));
$upload->setFileNames('user_import_file.txt');
if ($upload->uploadFiles()) {
// Good, file got uploaded, now install everything
$thefile = current($_FILES);
$filename = $_CONF['path_data'] . 'user_import_file.txt';
if (!file_exists($filename)) {
// empty upload form
$retval = COM_refresh($_CONF['site_admin_url'] . "/plugins/" . THIS_PLUGIN . "/" . THIS_SCRIPT . "?msg=err_empty");
return $retval;
}
} else {
//echo "かくにんのこと"."<br>";
$retval = COM_siteHeader('menu', $LANG28[22]);
$retval .= COM_startBlock($LANG28[24], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $upload->printErrors(false);
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $retval;
}
//file 処理
$users = file($filename);
$retval .= COM_startBlock($LANG_ASSIST_ADMIN['import'], '', COM_getBlockTemplate('_admin_block', 'header'));
$successes = 0;
$failures = 0;
foreach ($users as $line) {
$line = rtrim($line);
if (empty($line)) {
continue;
}
//echo "line2=".$line."<br>";
list($u_id, $full_name, $u_name, $email) = explode("\t", $line);
$u_id = COM_applyFilter($u_id, true);
$full_name = strip_tags($full_name);
$u_name = COM_applyFilter($u_name);
$email = COM_applyFilter($email);
if ($verbose_import) {
$w = "<br" . XHTML . ">";
$w .= "<b>Working on ";
$w .= "uid={$u_id}";
$w .= ", username={$u_name}";
$w .= ", fullname={$full_name}";
$w .= ", email={$email}";
$w .= "</b>";
$w .= "<br" . XHTML . ">\n";
$retval .= $w;
COM_errorLog($w, 1);
}
// 読み込みデータ
$uid = trim($u_id);
//ユーザID
$userName = trim($u_name);
//ユーザ名
$fullName = trim($full_name);
//氏名
$emailAddr = trim($email);
// メールアドレス
// CHECK はじめ
$err = 0;
// E_mailAdress が正しい
if (COM_isEmail($email)) {
$ucount = DB_count($_TABLES['users'], 'username', addslashes($userName));
$ecount = DB_count($_TABLES['users'], 'email', addslashes($emailAddr));
$icount = DB_count($_TABLES['users'], 'uid', $uid);
if ($ucount == 0 && $ecount == 0 && $icount == 0) {
// ユーザ名 メールアドレス ユーザID いずれかが登録済
} else {
$err = -1;
$w = "<br" . XHTML . ">";
$w .= "<b>{$u_name}</b> or <b>{$email}</b> or <b>uid={$uid}</b> already exists";
$w .= ", account not created.<br" . XHTML . ">\n";
COM_errorLog($w, 1);
if ($verbose_import) {
$retval .= $w;
}
}
// E_mailAdress が正しくない
} else {
$err = -1;
$w = "<br" . XHTML . ">";
$w .= "<b>{$email}</b> is not a valid email address";
$w .= ", account not created<br" . XHTML . ">\n";
COM_errorLog($w, 1);
if ($verbose_import) {
$retval .= $w;
}
}
// ユーザ名 が未設定
if ($u_name == "") {
$err = -1;
$w = "<br" . XHTML . ">";
$w .= "<b>{$uname}</b> is not a valid user name";
$w .= ", account not created<br" . XHTML . ">\n";
COM_errorLog($w, 1);
if ($verbose_import) {
$retval .= $w;
}
}
//-----エラーがなければ、アカウントを作成する
if ($err == 0) {
$passwd = "";
$homepage = '';
//アカウントの作成
$result = fnccreateAccount($userName, $emailAddr, $passwd, $fullName, $homepage, $uid);
// アカウントの作成OK
if ($result) {
$successes++;
$w = "<br" . XHTML . "> ";
$w .= "Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n";
COM_errorLog($w, 1);
if ($verbose_import) {
$retval .= $w;
}
// アカウントの作成NG
} else {
$failures++;
// user creation failed
$w = "<br" . XHTML . ">ERROR: There was a problem creating the account for ";
$w .= "<b>{$u_name}</b>.<br" . XHTML . ">\n";
$retval .= $w;
COM_errorLog($w, 1);
$failures++;
}
} else {
$failures++;
}
}
// end foreach
unlink($filename);
$retval .= '<p>' . sprintf($LANG28[32], $successes, $failures);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
