$sender_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</div>'; } if (!$valid_recipient_email && $superCage->post->keyExists('sender_name')) { $recipient_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</div>'; } $gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/'); pageheader($lang_ecard_php['title']); if ($superCage->post->keyExists('submit')) { //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } // Create and send the e-card if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) { if ($CONFIG['ecard_captcha'] == 1 || $CONFIG['ecard_captcha'] == 2 && !USER_ID) { if (!captcha_plugin_enabled('ecard')) { require "include/captcha.inc.php"; $matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/'); if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) { if ($CONFIG['log_mode'] != 0) { log_write('Captcha authentication for ecard failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG); } cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__); } } else { CPGPluginAPI::action('captcha_ecard_validate', null); } } require 'include/mailer.inc.php'; if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) { $n_picname = get_pic_url($row, 'normal');
function reply() { include BASE_DIR . 'include' . DS . 'smilies.inc.php'; include BASE_DIR . 'include' . DS . 'mailer.inc.php'; $vars = array(); $errors = array(); $authorizer = check_model::getInstance(); $vars['topic_id'] = $this->validate->get->getInt('id'); if (!$authorizer->is_topic_id($vars['topic_id'])) { cpg_die(ERROR, Lang::item('error.wrong_topic_id'), __FILE__, __LINE__); } if (!$authorizer->can_reply($vars['topic_id'])) { cpg_die(ERROR, Lang::item('error.perm_denied'), __FILE__, __LINE__); } $vars['nagavitor'] = $this->forum->get_nagavitor(); $vars['icons'] = $this->forum->get_icons(); $topic = $this->forum->get_topic_data($vars['topic_id'], 'board_id'); $messages = $this->forum->get_message($vars['topic_id'], 'subject', 'msg_id asc', '1'); $data = array('icon' => 'icon1', 'subject' => Lang::item('topic.re') . $messages[0]['subject']); if ($this->validate->post->keyExists('submit')) { $data = array('topic_id' => $vars['topic_id'], 'icon' => $this->validate->post->getRaw('icon'), 'subject' => $this->validate->post->getEscaped('subject'), 'body' => $this->validate->post->getRaw('body'), 'board_id' => $topic['board_id'], 'poster_time' => time(), 'poster_id' => USER_ID, 'poster_name' => USER_NAME, 'poster_ip' => Config::item('hdr_ip'), 'smileys_enabled' => 1); if (Config::item('fr_msg_icons') == 0 && $data['icon'] == '') { $data['icon'] = 'icon1'; } if ($data['subject'] == '') { $errors[] = Lang::item('error.empty_subject'); } if ($data['icon'] == '') { $errors[] = Lang::item('error.no_msg_icon'); } if ($data['body'] == '') { $errors[] = Lang::item('error.empty_body'); } if (strlen($data['body']) > Config::item('fr_msg_max_size') && Config::item('fr_msg_max_size')) { $data['body'] = substr($data['body'], 0, Config::item('fr_msg_max_size')); } global $CONFIG; if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) { if (!captcha_plugin_enabled('comment')) { global $lang_errors; $superCage = Inspekt::makeSuperCage(); require "include/captcha.inc.php"; $matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/'); if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) { $errors[] = $lang_errors['captcha_error']; } } else { CPGPluginAPI::action('captcha_comment_validate', null); } } if (count($errors) == 0) { if ($authorizer->double_post()) { cpg_die(ERROR, Lang::item('error.already_post'), __FILE__, __LINE__); } else { $msg_id = $this->forum->insert_message($data); // to-do: send notify email $users = $this->forum->get_notify_user('', $vars['topic_id']); foreach ($users as $user) { if ($user['user_id'] == USER_ID) { continue; } $user = $this->forum->get_user_data($user['user_id'], 'user_email'); // prepare email $email_subject = Lang::item('topic.topic_reply') . $data['subject']; $email_body = sprintf(Lang::item('topic.notify_email'), Config::item('fr_prefix_url') . 'profile.php?uid=' . USER_ID, USER_NAME, Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_title')); // send mail cpg_mail($user['user_email'], $email_subject, $email_body, 'text/html', Config::item('fr_title'), Config::item('gallery_admin_email')); // set send = 0 $this->forum->set_topic_notify($vars['topic_id'], 0, $user['user_id']); } if ($this->validate->post->getInt('notify') === 1) { $this->forum->set_topic_notify($vars['topic_id'], $this->validate->post->getInt('notify')); } if ($this->validate->post->getInt('notify') === 0) { $this->forum->unnotify_topic($vars['topic_id']); } forum::message(Lang::item('common.message'), sprintf(Lang::item('message.new_msg_success'), $data['subject']), 'forum.php?c=message&id=' . $msg_id); } } } $vars['errors'] = $errors; $vars['form'] = $data; $this->view->render('topic/reply', $vars); }
} else { $comment_data = mysql_fetch_assoc($result); mysql_free_result($result); $redirect = "displayimage.php?pid=" . $comment_data['pid']; cpgRedirectPage($redirect, $lang_common['information'], $lang_db_input_php['com_updated'], 1); } break; case 'comment': if (!USER_CAN_POST_COMMENTS) { if ($CONFIG['log_mode'] != 0) { log_write('Denied privileged access to db_input.php (attempt to post a comment) for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG); } cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) { if (!captcha_plugin_enabled('comment')) { require "include/captcha.inc.php"; $matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/'); if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) { if ($CONFIG['log_mode'] != 0) { log_write('Captcha authentication for comment failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG); } cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__); } } else { CPGPluginAPI::action('captcha_comment_validate', null); } } $spam = 'NO'; $msg_author = $superCage->post->getEscaped('msg_author'); $msg_body = $superCage->post->getEscaped('msg_body');
if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } // perform validity checks $error = 0; $user_name = $superCage->post->getEscaped('sender_name'); $email_address = $superCage->post->getEscaped('sender_email'); $subject = $superCage->post->getEscaped('subject'); $message = addslashes(htmlspecialchars($superCage->post->getRaw('message'))); $captcha = ($matches = $superCage->post->getMatched('captcha', '/^[a-zA-Z0-9]+$/')) ? $matches[0] : ''; // sanitize user-input $html_message = str_replace('<', '<', $message); $expand_array = array(); // check captcha if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) { if (!captcha_plugin_enabled('contact')) { require_once "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha)) { $captcha_remark = $lang_errors['captcha_error']; $expand_array[] = 'captcha_remark'; $error++; } } else { CPGPluginAPI::action('captcha_contact_validate', null); } } // check email address if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) { if (!Inspekt::isEmail($email_address)) { $expand_array[] = 'email_remark'; $error++;
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } mysql_free_result($result); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } mysql_free_result($result); // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } mysql_free_result($result); } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } $encpassword = md5($password); $user_language = $CONFIG['lang']; $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = mysql_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = mysql_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = mysql_fetch_assoc($result)) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }