public function updUser()
{
$id = $this->core->request->parameters["id"];
$login = $this->core->request->parameters["login"];
$name = $this->core->request->parameters["name"];
$pass = $this->core->request->parameters["pass"];
$conf_pass = $this->core->request->parameters["conf_pass"];
$mail = $this->core->request->parameters["mail"];
if (!empty($id)) {
$id++;
$id--;
if (!empty($name) && !empty($pass) && !empty($conf_pass) && check_email_address($mail) && $pass == $conf_pass) {
$pass = md5($pass);
$this->core->database->exec("\n\t \tupdate users set\n\t \t\tlogin='******'\n\t \t\t,password='******'\n\t \t\t,fullName='{$name}'\n\t \t\t,email='{$mail}'\n\t \t\t,code=null\n\t where id={$id}\n\t \t");
$this->core->database->exec("delete from acl where userId={$id}");
foreach ($this->core->request->parameters as $k => $v) {
if (substr($k, 0, 5) == 'role_' && $v == 'ON') {
$role = substr($k, 5, strlen($k) - 5);
$this->core->database->exec("insert into acl(userId,roleId) select {$id},{$role}");
}
}
header("Location: /admin/users/listUsers");
} else {
$data = $this->core->database->fetchAll("\n\t\t \t\tselect\n\t\t \t\t users.id\n\t\t \t\t\t,users.login\n\t\t \t\t\t,users.fullName\n\t\t \t\t\t,users.email\n\t\t \t\t\t,acl.roleId\n\t\t \t\tfrom users\n\t\t \t\tleft join acl on acl.userId=users.id\n\t\t \t\twhere id={$id}\n\t\t \t\t");
$roles = $this->core->database->fetchAll("select * from roles order by id");
$tpl = new DFTemplater();
$tpl->assign("data", $data);
$tpl->assign("roles", $roles);
$tpl->setPrefix("users");
return $tpl->fetch("userupd");
}
} else {
header("Location: /admin/users/listUsers");
}
}
function check_all($mail, $cn, $homephone, $mobile)
{
$error = 0;
if ($cn == '') {
$error = 1;
echo "Debe ingrear nombre y/o apellido como mínimo para el contacto con teléfono (si tiene) {$homephone} o correo (si tiene) {$mail} <br />";
} else {
if ($mail != '' && !check_email_address($mail)) {
$error = 1;
echo "El correo electrónico ({$mail}) no es válido<br />";
} else {
if (!check_name($cn)) {
$error = 1;
echo "El nombre ({$cn}) no es válido<br />";
} else {
if ($homephone != '' && !check_phone($homephone)) {
$error = 1;
echo "El primer teléfono ({$homephone}) no es válido<br />";
} else {
if ($mobile != '' && !check_phone($mobile)) {
$error = 1;
echo "El segundo teléfono ({$mobile}) no es válido<br />";
} else {
if ($mail == '' && $homephone == '') {
$error = 1;
echo "El contacto {$cn} debe tener teléfono o correo electrónico<br />";
}
}
}
}
}
}
return $error == 0;
}
function __construct1($email)
{
if (!is_string($email)) {
throw new Exception("A string is required here");
}
$this->e = $email;
if (!check_email_address($email)) {
throw new InvalidEmailException("Invalid email address:" . $email);
}
}
function _validate_fields($real_name, $username, $userpass, $userpass2, $email, $email2, $email_updates)
{
global $testing;
// Make sure that password and confirmed password are equal.
if ($userpass != $userpass2) {
return _("The passwords you entered were not equal.");
}
// Make sure that email and confirmed email are equal.
if ($email != $email2) {
return _("The e-mail addresses you entered were not equal.");
}
// Do some validity-checks on inputted username, password, e-mail and real name
$err = check_username($username, TRUE);
if ($err != '') {
return $err;
}
// In testing mode, a fake email address is constructed using
// 'localhost' as the domain. check_email_address() incorrectly
// thinks the domain should end in a 2-4 character top level
// domain, so disable the address check for testing.
if (!$testing) {
$err = check_email_address($email);
if ($err != '') {
return $err;
}
}
if (empty($userpass) || empty($real_name)) {
return _("You did not completely fill out the form.");
}
// Make sure that the requested username is not already taken.
// Use non-strict validation, which will return TRUE if the username
// is the same as an existing one, or differs only by case or trailing
// whitespace.
if (User::is_valid_user($username, FALSE)) {
return _("That user name already exists, please try another.");
}
// TODO: The above check only validates against users in the DP database.
// It's possible that there are usernames already registered with the
// underlying forum software (like 'Anonymous') or are disallowed in the
// forum software which, if used, will cause account creation to fail in
// activate.php.
return '';
}
private function submit()
{
global $db, $template, $config;
//Submit
$username_input = (isset($_POST['username_input_field'])) ? $_POST['username_input_field'] : ''; //Errorno 1
$email_input = (isset($_POST['email_input_field'])) ? $_POST['email_input_field'] : ''; //Errorno 2
$password_input = (isset($_POST['password_input_field'])) ? $_POST['password_input_field'] : ''; //Errorno 3
if(strlen($username_input) < 3)
{
return 1;
}
if(check_email_address($email_input) == false)
{
return 2;
}
if(strlen($password_input) < 8)
{
return 3;
}
if($config->user_name_exists($username_input))
{
return 4;
}
if($config->user_email_exists($email_input))
{
return 5;
}
$new_password = seed_password($username_input, $password_input);
$sql = "INSERT INTO users
(user_name, user_email, user_password, user_admin, user_approved)
VALUES ('" . $db->sql_escape($username_input) . "', '" . $db->sql_escape($email_input) . "', '" . $db->sql_escape($new_password) . "', 0, 0)";
$db->sql_query($sql);
return 0;
}
function rsvp_save($event)
{
$ret = 0;
if (!captcha_check(trim($_REQUEST['captcha']))) {
return 3;
}
if (!strtolower(trim($email)) != strtolower(trim($email2))) {
return 4;
}
if (!check_email_address($email)) {
return 5;
}
$regrets = $_REQUEST['regrets'];
$regrets = is_null($regrets) ? 'FALSE' : 'TRUE';
$conn = mysql_connect('localhost', $db_user, $db_pass);
if ($conn) {
mysql_select_db($db_name);
$sql = sprintf("select count(*) from rsvps where email='%s' and event_id=1", mysql_real_escape_string($_REQUEST['email']));
$rs = mysql_query($sql);
if (mysql_result($rs, 0) == 0) {
$sql = sprintf("insert into rsvps (" + "event_id,email,firstname,lastname,adults,children" + ") values (" + "1, '%s', '%s', '%s', '%s', %d, %d, '%s'" + ")", mysql_real_escape_string($_REQUEST['email']), mysql_real_escape_string($_REQUEST['firstname']), mysql_real_escape_string($_REQUEST['lastname']), $regrets, $_REQUEST['adults'], $_REQUEST['children'], $_REQUEST['phone']);
mysql_query($sql);
$last_id = mysql_insert_id();
if ($last_id <= 0) {
$ret = 2;
}
} else {
$sql = sprintf("update rsvps set " + " firstname='%s' " + " ,lastname='%s' " + " ,regrets='%s' " + " ,adults=%d " + " ,children=%d " + " ,phone='%s' " + " ,updated=CURRENT_TIMESTAMP " + " WHERE email='%s' and event_id=1 ", mysql_real_escape_string($_REQUEST['firstname']), mysql_real_escape_string($_REQUEST['lastname']), $regrets, $_REQUEST['adults'], $_REQUEST['children'], mysql_real_escape_string($_REQUEST['phone']));
mysql_query($sql);
}
mysql_close($conn);
} else {
$ret = 1;
}
return $ret;
}
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#\$%&'*+/=?^_`{|}~-][A-Za-z0-9!#\$%&\n.'*+/=?^_`{|}~\\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))\$", $local_array[$i])) {
return false;
}
}
// Check if domain is IP. If not,
// it should be valid domain name
if (!ereg("^\\[?[0-9\\.]+\\]?\$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false;
// Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|\n.([A-Za-z0-9]+))\$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
$res = check_email_address($_REQUEST['x']);
if ($res == FALSE) {
echo "false";
} else {
printf("%s\n", check_email_address($_REQUEST['x']));
}
$mail->MsgHTML('Hello! This is test email.');
if (!$mail->Send()) {
$msg = draw_important_message($mail->ErrorInfo, false);
} else {
$msg = draw_success_message(_EMAIL_SUCCESSFULLY_SENT, false);
}
}
}
}
} else {
if ($submition_type == 'email') {
if ($params_tab4['admin_email'] == '') {
$msg = draw_important_message(_ADMIN_EMAIL_IS_EMPTY, false);
$focus_on_field = 'admin_email';
} else {
if (!check_email_address($params_tab4['admin_email'])) {
$msg = draw_important_message(_ADMIN_EMAIL_WRONG, false);
$focus_on_field = 'admin_email';
}
}
if ($msg == '' && $params_tab4['mailer'] == 'smtp') {
if ($params_tab4['smtp_host'] != '' || $params_tab4['smtp_port'] != '' || $params_tab4['smtp_username'] != '' || $params_tab4['smtp_password'] != '') {
if ($params_tab4['smtp_host'] == '') {
$msg = draw_important_message(str_replace('_FIELD_', '<b>SMTP Host</b>', _FIELD_CANNOT_BE_EMPTY), false);
$focus_on_field = 'smtp_host';
} else {
if ($params_tab4['smtp_port'] == '') {
$msg = draw_important_message(str_replace('_FIELD_', '<b>SMTP Port</b>', _FIELD_CANNOT_BE_EMPTY), false);
$focus_on_field = 'smtp_port';
} else {
if ($params_tab4['smtp_username'] == '') {
$password1 = trim($_POST["Textpass1"]);
$address = trim($_POST["Textaddress"]);
$postcode = trim($_POST["Textpostcode"]);
if ($fullname == "" || $contact == "" || $email == "" || $password == "" || $password1 == "" || $address == "" || $postcode == "") {
header("Location: " . $host_url . "/register_migrants.php?error='Please fill all fields'");
die;
} else {
if ($password != $password1) {
header("Location: " . $host_url . "/register_migrants.php?error='Passwords are not same'");
die;
} else {
if (strlen($password) < 6) {
header("Location: " . $host_url . "/register_migrants.php?error='Password should be at least 6 characters long'");
die;
} else {
if (check_email_address($email) != true) {
header("Location: " . $host_url . "/register_migrants.php?error='Please provide valid email address'");
die;
}
}
}
}
$conn = new mysqli($servername, $db_username, $db_password, $db_name);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "select id from tbl_userinfo where (email='" . $email . "' AND usertype='migrant')";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$conn->close();
header("Location: " . $host_url . "/register_migrants.php?error='There is a migrant account exist for this email. Please log in!'");
if (strlen($input_username) >= $min_username_length and strlen($input_password) >= $min_password_length) {
//check to see if the username is already taken
$query_un = "SELECT username\r\n\t\t\t\t\tFROM users\r\n\t\t\t\t\tWHERE username = '******'\r\n\t\t\t\t\tLIMIT 1";
//run it
$result_un = mysql_query($query_un);
//if one row comes back in the result, username is taken.
if (mysql_num_rows($result_un) == 1) {
$valid = false;
$error_msg .= 'Sorry, That username is already taken. Try again<br />';
}
} else {
$valid = false;
$error_msg .= "Username must be at least {$min_username_length} characters long. Password must be at least {$min_password_length} characters long.<br /> ";
}
//check for valid email format before looking up email in the db
if (check_email_address($input_email)) {
//look for existing email in DB
$query_email = "SELECT email\r\n\t\t\t\t\t\tFROM users\r\n\t\t\t\t\t\tWHERE email = '{$input_email}'\r\n\t\t\t\t\t\tLIMIT 1";
$result_email = mysql_query($query_email);
if (mysql_num_rows($result_email) == 1) {
$valid = false;
$error_msg .= 'That email address already exists. Try logging in.<br />';
}
} else {
//bad email format
$valid = false;
$error_msg .= 'Please provide a valid email address.<br />';
}
//if the form passed all the tests, SUCCESS. add the user to the DB
if ($valid == true) {
$query_insert = "INSERT INTO users\r\n\t\t\t\t\t\t(username, email, password, join_date, is_admin)\r\n\t\t\t\t\t\tVALUES\r\n\t\t\t\t('{$input_username}', '{$input_email}', '{$sha_password}', now(), 0)";
echo "<input type=hidden name='newsletter' value='{$id}'>";
echo "</table></form>";
return;
}
if ($operation == "subscribe_data") {
$validation1 = get_parameter("validation1");
$validation2 = get_parameter("validation2");
$newsletter = get_parameter("newsletter");
$name = get_parameter("name");
$email = get_parameter("email");
$now = date("Y-m-d H:i:s");
echo "<h3>" . __("Thanks for your subscription. You should receive an email to confirm you have been subscribed to this newsletter") . "</h3>";
if ($validation1 == md5($config["dbpass"] . $validation2)) {
// check if already subscribed
$count = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE email = '" . $email . "' AND id_newsletter = {$newsletter}");
if ($count == 0 && check_email_address(safe_output($email))) {
$sql = "INSERT INTO tnewsletter_address (id_newsletter, email, name, datetime, status) VALUES ({$newsletter}, '{$email}', '{$name}', '{$now}',0)";
$result = mysql_query($sql);
if ($result) {
$newsletter_name = get_db_sql("SELECT name FROM tnewsletter WHERE id = {$newsletter}");
$text .= __("Welcome to") . " " . $newsletter_name . " " . __("newsletter") . "\n\n";
$text .= __("Please use this URL to de-subscribe yourself from this newsletter:") . "\n\n";
$text .= $config["base_url"] . "/include/newsletter.php?operation=desubscribe&id={$newsletter}";
$text .= "\n\n" . __("Thank you");
integria_sendmail($email, "Newsletter subscription - {$newsletter_name}", $text);
}
}
}
return;
}
if ($operation == "desubscribe") {
/**
* Send Email, DOES NOT SANITIZE FOR YOU!
*
* @since 1.0
* @uses GSFROMEMAIL
* @uses $EMAIL
*
* @param string $to
* @param string $subject
* @param string $message
* @return string
*/
function sendmail($to, $subject, $message)
{
$message = email_template($message);
if (getDef('GSFROMEMAIL')) {
$fromemail = GSFROMEMAIL;
} else {
if (!empty($_SERVER['SERVER_ADMIN']) && check_email_address($_SERVER['SERVER_ADMIN'])) {
$fromemail = $_SERVER['SERVER_ADMIN'];
} else {
$fromemail = 'noreply@' . $_SERVER['SERVER_NAME'];
}
}
global $EMAIL;
$headers = '"MIME-Version: 1.0' . PHP_EOL;
$headers .= 'Content-Type: text/html; charset=UTF-8' . PHP_EOL;
$headers .= 'From: ' . $fromemail . PHP_EOL;
$headers .= 'Reply-To: ' . $fromemail . PHP_EOL;
$headers .= 'Return-Path: ' . $fromemail . PHP_EOL;
return @mail($to, '=?UTF-8?B?' . base64_encode($subject) . '?=', "{$message}", $headers);
}
define(PRODUCTION, "production");
require 'vendor/autoload.php';
use RedBean_Facade as R;
R::setup(DB_DNS, DB_UNAME, DB_PASS);
$app = new \Slim\Slim();
$app->config('templates.path', './template');
if (ENV != PRODUCTION) {
$app->config('debug', true);
}
$app->get('/', function () use($app) {
$app->render('index.php');
});
$app->post('/get', function () use($app) {
$email = $app->request->post('email');
$ip = $app->request()->getIp();
if ($email == NULL || $email == '' || !check_email_address($email)) {
echo json_encode(array('success' => FALSE, 'error' => 'INVALID'));
} else {
if (R::count('email', 'ip=:ip AND time>=:time', array(':ip' => $ip, ':time' => time() + 119 * 60)) >= 20) {
echo json_encode(array('success' => FALSE, 'error' => 'LIMITATION'));
} else {
$bean = R::findOne('email', 'forwardto=:email AND time >= :time', array(':email' => $email, ':time' => time()));
if ($bean) {
$bean->time = time() + 120 * 60;
R::store($bean);
echo json_encode(array('success' => TRUE, 'email' => $bean->email . '@tempmail.ir'));
} else {
$rndmail = '';
do {
$rndmail = generateRandomString(8);
} while (R::count('email', 'email=:email AND time>=:time', array(':email' => $rndmail, ':time' => time())) > 0);
if ($_POST['n_pass'] == $_POST['c_pass'] && $_POST['n_pass'] != '') {
// insert into / update tables
$sql = "UPDATE users set passwd=md5('" . $_POST['n_pass'] . "') where user_id=" . $_POST['u_id'];
$result = $db->query($sql);
$_SESSION[$_CONF['sess_name'] . '_password'] = md5($_POST['n_pass']);
$t = "Message...";
$b = "Your password has been updated.<br />\n\t\t\t\t<form action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=POST>\n\t\t\t\t<input type=submit class=submit name=finish value=Continue>\n\t\t\t\t</FORM>";
$main .= make_box($t, $b, "yellow");
} else {
$t = "ERROR...";
$b = "Your passwords did not match. Press your Browser's BACK\n\t\t\t\t\tbutton and please fix. <br />\n\t\t\t\t\tBlank Passwords are not allowed.";
$main .= make_box($t, $b, "red");
}
}
if (isset($_POST['modify_ui'])) {
$email_error = check_email_address($_POST['u_email']);
if (check_uname($_POST['u_name'], $_POST['u_id']) && !$email_error['error_value']) {
$query = "UPDATE users set email='" . $_POST['u_email'] . "', address1='" . $_POST['u_address1'] . "', address2='" . $_POST['u_address2'] . "', city='" . $_POST['u_city'] . "',state='" . strtoupper($_POST['u_state']) . "', zip='" . $_POST['u_zip'] . "', phone='" . $_POST['u_phone'] . "', send_attend_email='" . $_POST['send_attend_email'] . "', weekly_progress='" . $_POST['weekly_progress'] . "'\n\t\t\t\t\tWHERE user_id=" . $_POST['u_id'];
$result = $db->query($query);
$_SESSION[$_CONF['sess_name'] . '_username'] = $_POST['u_name'];
$t = "Message...";
$b = "User Information updated.</FONT><br />\n\t\t\t\t<form action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=POST>\n\t\t\t\t<input type=submit class=submit name=finish value=Continue>\n\t\t\t\t</FORM>";
$main .= make_box($t, $b);
} else {
if ($email_error['error_value']) {
$t = "ERROR...";
$results[result] = false;
$b .= $email_error['error_message'];
$main .= make_box($t, $b, "red");
} else {
$t = "ERROR...";
<?php
include 'library/config.php';
include 'library/opendb.php';
// Retrieve data from Query String
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$email = $_GET['email'];
// Escape User Input to help prevent SQL Injection
$first_name = mysql_real_escape_string(trim($first_name));
$last_name = mysql_real_escape_string(trim($last_name));
$email = mysql_real_escape_string(trim($email));
//build query
if ($email != '') {
if (check_email_address($email)) {
##check if already subscribed;
$query = mysql_query("select * from subscribers where email_address = '{$email}' ");
if (mysql_num_rows($query) > 0) {
echo "<div style='background:#ACF0AE; font-weight:bold; color:#FFFFFF;' > ... Oops, are already subscribed </div>";
} else {
$query = "INSERT INTO subscribers (first_name, last_name, email_address) VALUES ('{$first_name}', '{$last_name}', '{$email}')";
$qry_result = mysql_query($query) or die(mysql_error());
if ($qry_result) {
echo "<div style='background:#ACF0AE; font-weight:bold; color:#FFFFFF;' > Successfuly Subsribed to EJHS. </div>";
}
}
} else {
echo "<div style='background:#FF9191; font-weight:bold; color:#FFFFFF;' > Email must be valid one</div>";
}
} else {
echo "<div style='background:#FF9191; font-weight:bold; color:#FFFFFF;' > Subscription was not successful, Email is required to subscribe </div>";
if ($_POST['pass'] != $_POST['pass_confirm']) {
$register_error['pass_confirm'] = true;
}
} else {
$register_error['pass'] = true;
}
if (isset($_POST['username']) && !empty($_POST['username'])) {
if ($db->num_rows("SELECT * FROM user WHERE user_name = '" . $_POST['username'] . "'") == 1) {
$register_error['username_exists'] = true;
}
} else {
$register_error['username'] = true;
}
if (!isset($_POST['mail']) || empty($_POST['mail'])) {
$register_error["mail"] = true;
} elseif (!check_email_address($_POST['mail'])) {
$register_error["mail_invalid"] = true;
}
// Output
if (count($register_error) != 0) {
$smarty->assign("register_error", $register_error);
$smarty->assign("register_data", $_POST);
} else {
$pass_encrypted = md5($_POST['pass']);
// Use the user_id fetched earlier on to enter user info
$db->query("\tUPDATE user\n\t\t\t\t\tSET user_name = '" . $_POST['username'] . "',\n\t\t\t\t\tuser_pass = '******',\n\t\t\t\t\tuser_level = 1,\n\t\t\t\t\tuser_mail = '" . $_POST['mail'] . "',\n\t\t\t\t\tuser_reg_key = '',\n\t\t\t\t\tuser_last_login = 0\n\t\t\t\t\tWHERE user_id = '" . $user_info[0]['user_id'] . "'\n\t\t\t\t");
$smarty->assign("success", true);
redirect('./?login', 2);
}
}
} else {
// CREATE
if ($create) {
$data = get_parameter("data");
$id_newsletter = get_parameter("id_newsletter");
$datetime = date("Y-m-d H:i:s");
$id_group = get_db_sql("SELECT id_group FROM tnewsletter WHERE id = {$id_newsletter}");
// Parse chunk data from the textarea
$data = safe_output($data);
$data_array = preg_split("/\n/", $data);
$total = 0;
$invalid = 0;
foreach ($data_array as $data_item) {
$data2 = preg_split("/,/", $data_item);
$data2[0] = trim($data2[0]);
// We have parsed data, ok, lets go
if (check_email_address($data2[0])) {
// It's duped ?
$duped = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = {$id_newsletter} AND email = '" . $data2[0] . "'");
// OK, good data !
if ($duped == 0) {
$total++;
$sql = sprintf('INSERT INTO tnewsletter_address (id_newsletter, email, status, name, datetime) VALUES (%d, "%s", "%s", "%s", "%s")', $id_newsletter, $data2[0], 0, $data2[1], $datetime);
$id = process_sql($sql, 'insert_id');
} else {
$invalid++;
}
} else {
$invalid++;
}
}
echo "<h3 class='suc'>" . __('Successfully added') . " {$total}/{$invalid} " . __("addresses (valid/invalid)") . "</h3>";
<?php
if (isset($_POST['f_username'])) {
$sql = "SELECT user_id,first_name, last_name, u_name, secret_question1, secret_answer1, secret_question2, secret_answer2, email\n\t\t\tfrom users where u_name='" . $_POST['f_username'] . "'";
$result = $db->query($sql);
if ($result->num_rows == 0) {
$t = "Warning...";
$b = "That username does not exist. Please check the spelling and punctuation and try again.\n\t\t\t\t<CENTER>\n\t\t\t\t<FORM action=index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'] . " method=post>\n\t\t\t\t<input type=submit class=submit name=submit value=OK>\n\t\t\t\t</FORM>\n\t\t\t\t</CENTER>";
$main .= make_box($t, $b, "yellow");
} else {
$row = $result->fetch_assoc();
$email_error = check_email_address($row['email']);
if ($row['secret_question1'] > 0 && $row['secret_question2'] > 0 && !$mail_error['error_value']) {
if (isset($_POST['reset_pass'])) {
if ($_POST['secret_answer1'] == $row['secret_answer1'] && $_POST['secret_answer2'] == $row['secret_answer2']) {
$random_code = $user_code = '';
srand((double) microtime() * 10000000);
$random_code = md5(rand());
$user_code = md5($row['u_name']);
$verification_code = $user_code . "::" . $random_code;
/**
Change this section to use a verification code to email account before chaning the passwd...
generate a code that includes their username as well as some random string. Use 2 md5 hashes
separated by a :: first being md5 of username and second being random verification code
1) ask for secret questions/answers *** ALREADY DONE BY NOW...
2) if correct, send verification email
add verification code to user table
3) create page to receive verification email
4) if selected and verification code matches on file,
ask for a new password and enter into db
$ip_regex = '/^(?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)(?:[.](?:25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]\\d|\\d)){3}$/';
$url_regex = @"((https?|ftp|gopher|telnet|file|notes|ms-help):((//)|(\\\\))+[\\w\\d:#@%/;\$()~_?\\+-=\\\\.&]*)";
//check if its an url address
if (do_reg($d, $url_regex)) {
$d = '<a href="' . $d . '" target="_blank" >' . $d . '</a>';
}
//check if its an ip address
if (do_reg($d, $ip_regex)) {
if ($d == $_SERVER['REMOTE_ADDR']) {
$d = i18n_r('THIS_COMPUTER') . ' (<a href="' . $whois_url . $d . '" target="_blank" >' . $d . '</a>)';
} else {
$d = '<a href="' . $whois_url . $d . '" target="_blank" >' . $d . '</a>';
}
}
//check if its an email address
if (check_email_address($d)) {
$d = '<a href="mailto:' . $d . '">' . $d . '</a>';
}
//check if its a date
if ($n === 'date') {
$d = lngDate($d);
}
echo stripslashes($d);
echo ' <br />';
}
echo "</p></li>";
$count++;
}
}
?>
</ol>
function changeAccountInfo($email, $passhint, $style, $donor = 0, $realname = "", $displayemail = 0, $website = "", $information = "")
{
$resultArr = array();
$resultArr['success'] = false;
$resultArr['message'] = "";
$resultArr['optmessage'] = "";
require_once 'includes/protection.php';
if ($email != null && $style != null) {
if (check_email_address($email)) {
include 'conn.php';
if ($donor && IS_GETBOO) {
$donorQuery = ", realname='" . $realname . "', displayemail='" . $displayemail . "', website='" . $website . "', information='" . $information . "'";
}
$Query = "update " . TABLE_PREFIX . "session set email='" . $email . "', passhint='" . $passhint . "', style='" . $style . "'{$donorQuery} where name='" . $this->usernameSession . "'";
//echo($Query . "<br>\n");
$AffectedRows = $dblink->exec($Query);
if ($AffectedRows >= 0) {
$resultArr['success'] = true;
$resultArr['message'] = T_("You have successfully updated your account");
$resultArr['optmessage'] = "";
if ($style == "Auto") {
$resultArr['optmessage'] = T_("Note: If you just changed the style to Auto, it will take effect the next time you will login.");
} else {
$_SESSION['styleInSession'] = $style;
}
}
} else {
$resultArr['message'] = T_("The email address is invalid.");
}
} else {
$resultArr['message'] = T_("The form is incomplete");
}
return $resultArr;
}
/**
* This Function will return check multiple aspects of a users information and return true or errors.
* It will replace the uname_OK Function.
*
* @param string $u_name
* @param int $u_id
* @param string $address
* @return Array result{bool} and meessgae{string}
*/
function check_user_info($u_name, $u_id, $address)
{
$results = array('result' => true, 'message' => "");
/** check the u_name **/
if (!check_uname($u_name, $u_id)) {
$results['result'] = false;
$results['message'] .= "The username {" . $u_name . "} is already in use. Please try another.<BR>";
}
/** check the email is OK and not blank **/
$email_error = check_email_address($address);
if ($email_error['error_value']) {
$results['result'] = false;
$results['result'] .= $email_error['error_message'];
}
//displayArray($results);
return $results;
}
if (isset($PERMALINK)) {
echo $PERMALINK;
}
?>
" /></p>
</div>
<div class="rightsec">
<p><label for="email" ><?php
i18n('LABEL_EMAIL');
?>
:</label><input class="text" id="email" name="email" type="email" value="<?php
echo $SITEEMAIL;
?>
" /></p>
<?php
if (!check_email_address($SITEEMAIL)) {
echo '<p style="margin:-15px 0 20px 0;color:#D94136;font-size:11px;" >' . i18n_r('WARN_EMAILINVALID') . '</p>';
}
?>
</div>
<div class="clear"></div>
<?php
exec_action('settings-website-extras');
?>
<p id="submit_line" >
<span><input class="submit" type="submit" name="submitted" value="<?php
i18n('BTN_SAVESETTINGS');
?>
" /></span> <?php
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$to = "*****@*****.**";
$yoursubject = $_POST['yoursubject'];
$fromName = $_POST['yourname'];
$subject = "Inquiry from $fromName Re:$yoursubject";
$message = $_POST['yourmessage'];
if (ereg("/\w+/", $message)) {
$send = false;
$messageValid = false;
}
$fromEmail = $_POST['youremail'];
if (check_email_address($fromEmail)) {
$headers = "From: $fromEmail";
}
else {
$send = false;
$fromEmailValid = false;
}
if ($send) {
//All checked valid
$sent = mail($to,$subject,$message,$headers);
?>
<p class="success">Thank you for your message! I'll be in touch soon!</p>
<?
}
/*else { //For Debugging
# check that length > 5
$error = strlen($_GET['value']) < 6;
$err_msg = $error ? min_6_chars : '';
break;
case 'id_num':
$error = !valida_dni($_GET['value']) && $_GET['value'] != '';
$err_msg = $error ? id_instructions : '';
break;
case 'phone_1':
case 'phone_2':
# lenght > 6 or is empty
$error = strlen($_GET['value']) < 7 && $_GET['value'] != '';
$err_msg = $error ? min_6_chars : '';
break;
case 'mail':
$error = !check_email_address($_GET['value']);
$err_msg = $error ? email_not_valid : '';
break;
case 'pass':
case 'username':
$error = strlen($_GET['value']) < 6 || strlen($_GET['value']) > 32;
$err_msg = $error ? between_6_and_32 : '';
break;
case 'captcha':
$error = $_GET['value'] != $_SESSION['misc']['captcha'];
$err_msg = $error ? captcha_in_number : '';
break;
}
$_SESSION['registration'][$_GET['element']] = $err_msg;
$img = $error ? 'ko.png' : 'ok.png';
echo '<img src="' . $conf_images_path . $img . '" title="' . ucfirst($err_msg) . '" alt="">';
?>
value="<?php
echo $userid;
?>
" /></p>
</div>
<div class="rightsec">
<p><label for="email" ><?php
i18n('LABEL_EMAIL');
?>
:</label><input class="text" id="email" name="email" type="email" value="<?php
echo $data->EMAIL;
?>
" /></p>
<?php
if (!check_email_address($data->EMAIL)) {
echo '<p style="margin:-15px 0 20px 0;color:#D94136;font-size:11px;" >' . i18n_r('WARN_EMAILINVALID') . '</p>';
}
?>
</div>
<div class="clear"></div>
<div class="leftsec">
<p><label for="name" ><?php
i18n('LABEL_DISPNAME');
?>
:</label>
<span style="margin:0px 0 5px 0;font-size:12px;color:#999;" ><?php
i18n('DISPLAY_NAME');
?>
</span>
<input class="text" id="name" name="name" type="text" value="<?php
" /></p>
</div>
<div class="rightsec">
<p><label for="email" ><?php
i18n('LABEL_EMAIL');
?>
:</label><input class="text" id="email" name="email" type="email" value="<?php
if (isset($EMAIL1)) {
echo $EMAIL1;
} else {
echo var_out($EMAIL, 'email');
}
?>
" /></p>
<?php
if (!check_email_address($EMAIL)) {
echo '<p style="margin:-15px 0 20px 0;color:#D94136;font-size:11px;" >' . i18n_r('WARN_EMAILINVALID') . '</p>';
}
?>
</div>
<div class="clear"></div>
<div class="leftsec">
<p><label for="name" ><?php
i18n('LABEL_DISPNAME');
?>
:</label>
<span style="margin:0px 0 5px 0;font-size:12px;color:#999;" ><?php
i18n('DISPLAY_NAME');
?>
</span>
<input class="text" id="name" name="name" type="text" value="<?php
/**
* check_config
* This checks the script configuration... Like upload limit, thumbs, etc.
*/
function check_config()
{
global $config, $install_errors;
if (!defined('HTTP_HOST')) {
$install_errors[] = 'Can\'t resolve <code>HTTP_HOST</code>. Please check at the bottom of <code>config.php</code>';
}
// Upload limit vs php.ini value -> http://php.net/manual/ini.php
$ini_upload_bytes = return_bytes(trim(ini_get('upload_max_filesize')) . 'B');
$max_size_bytes = return_bytes($config['max_filesize']);
if (!is_numeric($max_size_bytes)) {
$install_errors[] = 'Invalid numeric value in <code>$config[\'max_filesize\']</code>';
} else {
if ($ini_upload_bytes < $max_size_bytes) {
$install_errors[] = 'Max. image size (' . $config['max_filesize'] . ') is greater than the value in <code>php.ini</code> (' . format_bytes($ini_upload_bytes) . ')';
}
}
if (!is_int($config['thumb_width'])) {
$install_errors[] = 'Invalid thumb size width in <code>$config[\'thumb_width\']</code>';
}
if (!is_int($config['thumb_height'])) {
$install_errors[] = 'Invalid thumb size height in <code>$config[\'thumb_height\']</code>';
}
if (!is_int($config['min_resize_size']) || $config['min_resize_size'] < 0) {
$install_errors[] = 'Invalid minimum resize size in <code>$config[\'min_resize_size\']</code>';
}
if (!is_int($config['max_resize_size']) || $config['max_resize_size'] < 0) {
$install_errors[] = 'Invalid maximum resize size in <code>$config[\'max_resize_size\']</code>';
}
if (is_int($config['min_resize_size']) && is_int($config['max_resize_size']) && $config['min_resize_size'] > $config['max_resize_size']) {
$install_errors[] = 'Minimum resize size can\'t be larger than maximum resize size. Please check <code>$config[\'min_resize_size\']</code> and <code>$config[\'max_resize_size\']</code>';
}
if (!conditional_config('multiupload')) {
$config['multiupload_limit'] = 1;
} else {
if ($config['multiupload_limit'] <= 0 || $config['multiupload_limit'] == '') {
$config['multiupload_limit'] = 0;
}
}
if (!check_value(chevereto_config('file_naming')) || !in_array(chevereto_config('file_naming'), array('original', 'random', 'mixed'))) {
$config['file_naming'] = 'original';
}
if (!is_numeric($config['multiupload_limit']) && !is_bool($config['multiupload_limit'])) {
$install_errors[] = 'Invalid multiupload limit value in <code>$config[\'multiupload_limit\']</code>';
}
if ($config['multiupload_limit'] > 100) {
$install_errors[] = 'Multiupload limit value can\'t be higher than 100 in <code>$config[\'multiupload_limit\']</code>';
}
if ($config['short_url_service'] == 'bitly') {
$bitly_status = fetch_url('http://api.bit.ly/v3/validate?x_login='******'short_url_user'] . '&x_apiKey=' . $config['short_url_keypass'] . '&apiKey=' . $config['short_url_keypass'] . '&login='******'short_url_user'] . '&format=json');
$bitly_json = json_decode($bitly_status);
if ($bitly_json->data->valid !== 1) {
$install_errors[] = 'The <a href="http://bit.ly/" target="_blank">bit.ly</a> user/api is invalid. bitly server says <code>' . $bitly_json->status_txt . '</code>. Please double check your data.';
}
}
// Facebook comments
if (use_facebook_comments() && !check_value($config['facebook_app_id'])) {
$install_errors[] = 'You are are trying to use Facebook comments but <code>$config[\'facebook_app_id\']</code> is not setted.';
}
// Virtual folders
foreach (array('virtual_folder_image', 'virtual_folder_uploaded') as $value) {
if (!check_value($config[$value])) {
$install_errors[] = '<code>$config[\'' . $value . '\']</code> is not setted.';
}
}
// Passwords
if ($config['user_password'] == $config['admin_password']) {
$install_errors[] = 'Admin and user passwords must be different. Please check <code>$config[\'admin_password\']</code> and <code>$config[\'user_password\']</code>';
}
// Flood report email?
if (check_value($config['flood_report_email']) && !check_email_address($config['flood_report_email'])) {
$install_errors[] = 'It appears that <code>$config[\'flood_report_email\']</code> has a invalid email address';
}
// Watermark
if (conditional_config('watermark_enable')) {
define('__CHV_WATERMARK_FILE__', __CHV_ROOT_DIR__ . ltrim($config['watermark_image'], '/'));
if (!is_int($config['watermark_margin'])) {
$install_errors[] = 'Watermark margin must be integer in <code>$config[\'watermark_margin\']</code>';
}
if (!is_int($config['watermark_opacity'])) {
$install_errors[] = 'Watermark opacity must be integer in <code>$config[\'watermark_opacity\']</code>';
}
if ($config['watermark_opacity'] > 100 or $config['watermark_opacity'] < 0) {
$install_errors[] = 'Watermark opacity value out of limis (' . $config['watermark_opacity'] . '). <code>$config[\'watermark_opacity\']</code> must be in the range 0 to 100';
}
// Watermark position
if (!check_value($config['watermark_position'])) {
$config['watermark_position'] = 'center center';
}
$watermark_position = explode(' ', strtolower($config['watermark_position']));
if (!isset($watermark_position[1])) {
$watermark_position[1] = 'center';
}
if (preg_match('/^left|center|right$/', $watermark_position[0])) {
$config['watermark_x_position'] = $watermark_position[0];
} else {
$install_errors[] = 'Invalid watermark horizontal position in <code>$config[\'watermark_position\']</code>';
}
if (preg_match('/^top|center|bottom$/', $watermark_position[1])) {
$config['watermark_y_position'] = $watermark_position[1];
} else {
$install_errors[] = 'Invalid watermark vertical position in <code>$config[\'watermark_position\']</code>';
}
if (!file_exists(__CHV_WATERMARK_FILE__)) {
$install_errors[] = 'Watermark image file doesn\'t exists. Please check the path in <code>$config[\'watermark_image\']</code>';
} else {
$watermark_image_info = get_info(__CHV_WATERMARK_FILE__);
if ($watermark_image_info['mime'] !== 'image/png') {
$install_errors[] = 'Watermark image file must be a PNG image in <code>$config[\'watermark_image\']</code>';
}
}
}
// Flood limits
$flood_limits = array('minute', 'hour', 'day', 'week', 'month');
$flood_value_error = false;
foreach ($flood_limits as $value) {
if (!check_value($config['max_uploads_per_' . $value]) || !is_numeric($config['max_uploads_per_' . $value])) {
$install_errors[] = 'Invalid config value in <code>$config[\'' . $value . '\']</code>';
$flood_value_error = true;
}
}
if ($flood_value_error == false) {
$flood_lower_than = array('minute' => array('hour', 'day', 'week', 'month'), 'hour' => array('day', 'week', 'month'), 'day' => array('week', 'month'), 'week' => array('month'));
foreach ($flood_lower_than as $period => $lower_than) {
foreach ($lower_than as $value) {
if ($config['max_uploads_per_' . $period] >= $config['max_uploads_per_' . $value]) {
$install_errors[] = '<code>max_uploads_per_' . $period . '</code> must be lower than <code>max_uploads_per_' . $value . '</code>';
}
}
}
}
// dB settings
foreach (array('db_host', 'db_name', 'db_user') as $value) {
if (!check_value($config[$value])) {
$install_errors[] = '<code>$config[\'' . $value . '\']</code>';
}
}
if (count($install_errors) == 0) {
require_once __CHV_PATH_CLASSES__ . 'class.db.php';
$dB = new dB();
if ($dB->dead) {
chevereto_die('<code>' . $dB->error . '</code>', 'Database error', array('The system has encountered a error when it try to connect to the database server.', 'Please note this error and if you need help go to <a href="http://chevereto.com/support/">Chevereto support</a>.'));
} else {
// Check maintenance mode
if ($dB->get_option('maintenance') && !defined('SKIP_MAINTENANCE')) {
$config['maintenance'] = true;
}
}
}
return count($install_errors) == 0 ? true : false;
}
for ($x = 0; $x < $hideChars; $x++) {
$hiddenPart .= '*';
}
if ($html['user_api_key']) {
$html['user_api_key'] = $hiddenPart . substr($html['user_api_key'], $hideChars, 99);
}
if ($html['user_stats202_app_key']) {
$html['user_stats202_app_key'] = $hiddenPart . substr($html['user_stats202_app_key'], $hideChars, 99);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['update_profile'] == '1') {
if ($_POST['token'] != $_SESSION['token']) {
$error['token'] = '<div class="error">You must use our forms to submit data.</div';
}
//check user_email
if (check_email_address($_POST['user_email']) == false) {
$error['user_email'] = '<div class="error">Please enter a valid email address</div>';
}
if (!$error['user_email_invalid']) {
$mysql['user_email'] = mysql_real_escape_string($_POST['user_email']);
$mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']);
$count_sql = "\tSELECT \tCOUNT(*) \n\t\t\t\t\t\t \tFROM \t\t`202_users` \n\t\t\t\t\t\t \tWHERE \t`user_email` = '" . $mysql['user_email'] . "' \n\t\t\t\t\t\t \tAND \t\t`user_id`!='" . $mysql['user_id'] . "'";
$count_result = _mysql_query($count_sql);
if (mysql_result($count_result, 0, 0) > 0) {
$error['user_email'] .= '<div class="error">That email address is already being used.<br/>Forget your account information? <a href="/202-login">Click here</a> to retrieve it.</div>';
}
}
switch ($_POST['user_keyword_searched_or_bidded']) {
case "searched":
case "bidded":
break;
$SITENAME = htmlentities($_POST['sitename'], ENT_QUOTES, 'UTF-8');
} else {
$err .= i18n_r('WEBSITENAME_ERROR') . '<br />';
}
$urls = $_POST['siteurl'];
if (preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $urls)) {
$SITEURL = tsl($_POST['siteurl']);
} else {
$err .= i18n_r('WEBSITEURL_ERROR') . '<br />';
}
if ($_POST['user'] != '') {
$USR = strtolower($_POST['user']);
} else {
$err .= i18n_r('USERNAME_ERROR') . '<br />';
}
if (!check_email_address($_POST['email'])) {
$err .= i18n_r('EMAIL_ERROR') . '<br />';
} else {
$EMAIL = $_POST['email'];
}
# if there were no errors, continue setting up the site
if ($err == '') {
# create new password
$random = createRandomPassword();
$PASSWD = passhash($random);
# create user xml file
$file = _id($USR) . '.xml';
createBak($file, GSUSERSPATH, GSBACKUSERSPATH);
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('USR', $USR);
$xml->addChild('PWD', $PASSWD);
die;
}
$requestID = isset($_POST['original_id']) && is_numeric($_POST['original_id']) ? $_POST['original_id'] : 0;
if ($requestID > 0) {
$id = $requestID;
$link = new Link();
$link->id = $requestID;
$link->read();
$link_url = my_base_url . getmyurl("story", $link->id);
$headers = 'From: ' . Send_From_Email . "\r\n";
$to = "";
$cansend = 0;
$addresses = explode(", ", sanitize($_POST['email_address'], 3));
for ($i = 0; $i < count($addresses); $i++) {
if ($addresses[$i] != "") {
if (!check_email_address($addresses[$i])) {
$cansend = -100;
echo '<br>Error: ' . $addresses[$i] . ' is not a valid email address.<br>';
} else {
$cansend = $cansend + 10;
$headers .= "Bcc: " . $addresses[$i] . "\n";
}
}
}
$headers .= "Content-Type: text/plain; charset=utf-8\n";
$subject = isset($_POST['email_subject']) && sanitize($_POST['email_subject'], 3) != '' ? sanitize($_POST['email_subject'], 3) : $link->title;
$message = isset($_POST['email_message']) && sanitize($_POST['email_message'], 3) != '' ? sanitize($_POST['email_message'], 3) : Default_Message;
if ($current_user->user_login) {
$body = $message . "\r\n\r\n" . $current_user->user_login . ",share:\r\n\r\n" . $link->title . " - " . strip_tags($link->content) . "\r\n\r\n" . "Link: " . $link_url;
} else {
$body = $message . "\r\n\r\n" . Included_Text_Part1 . " Anonymous," . Included_Text_Part2 . "\r\n\r\n" . $link->title . " - " . strip_tags($link->content) . "\r\n\r\n" . "Link: " . $link_url;
