function cmtx_add_subscriber($name, $email, $page_id) { //adds new subscriber global $cmtx_mysql_table_prefix, $cmtx_path; //globalise variables $ip_address = cmtx_get_ip_address(); $is_unique = false; //initialise flag as false while (!$is_unique) { //while the token is not unique $token = cmtx_get_random_key(20); //create new token if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'")) == 0) { //if the token does not already exist $is_unique = true; //the created token is unique } } //insert subscriber into 'subscribers' database table cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "subscribers` (`name`, `email`, `page_id`, `token`, `to_all`, `to_admin`, `to_reply`, `is_confirmed`, `ip_address`, `dated`) VALUES ('{$name}', '{$email}', '{$page_id}', '{$token}', '1', '1', '1', '0', '{$ip_address}', NOW())"); $name = cmtx_prepare_name_for_email($name); //prepare name for email $email = cmtx_prepare_email_for_email($email); //prepare email address for email if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_confirmation.txt')) { $subscriber_confirmation_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_confirmation.txt'; //build path to custom subscriber confirmation email file } else { $subscriber_confirmation_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/user/subscriber_confirmation.txt'; //build path to subscriber confirmation email file } $body = file_get_contents($subscriber_confirmation_email_file); //get the file's contents $confirmation_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url')) . "subscribers.php" . "?id=" . $token . "&confirm=1"; //build confirmation link $page_reference = cmtx_decode(cmtx_get_page_reference()); //get the reference of the current page $page_url = cmtx_decode(cmtx_get_page_url()); //get the URL of the current page //convert email variables with actual variables $body = str_ireplace('[name]', $name, $body); $body = str_ireplace('[page reference]', $page_reference, $body); $body = str_ireplace('[page url]', $page_url, $body); $body = str_ireplace('[confirmation link]', $confirmation_link, $body); $body = str_ireplace('[signature]', cmtx_setting('signature'), $body); //send email cmtx_email($email, $name, cmtx_setting('subscriber_confirmation_subject'), $body, cmtx_setting('subscriber_confirmation_from_email'), cmtx_setting('subscriber_confirmation_from_name'), cmtx_setting('subscriber_confirmation_reply_to')); }
?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $username = $_POST['username']; $password = md5($_POST['password_1']); $email = $_POST['email']; $is_unique = false; while (!$is_unique) { $cookie_key = cmtx_get_random_key(20); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_key}'")) == 0) { $is_unique = true; } } $username = cmtx_sanitize($username); $password = cmtx_sanitize($password); $email = cmtx_sanitize($email); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username}'"))) { ?> <div class="error"><?php echo CMTX_MSG_ADMIN_EXISTS; ?> </div> <div style="clear: left;"></div> <?php
if (isset($_POST['email'])) { if (cmtx_setting('is_demo')) { echo '<span class="negative">' . CMTX_RESET_DEMO . '</span><p />'; } else { $email = cmtx_sanitize($_POST['email']); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'"))) { $admin_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'"); $admin_result = cmtx_db_fetch_assoc($admin_query); $resets = $admin_result['resets']; if ($resets >= 5) { echo '<span class="negative">' . CMTX_RESET_LIMIT . '</span><p />'; } else { $resets++; cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '{$resets}' WHERE `email` = '{$email}'"); $username = $admin_result['username']; $password = cmtx_get_random_key(10); if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt')) { $reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt'; //build path to custom reset password email file } else { $reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt'; //build path to reset password email file } $body = file_get_contents($reset_password_email_file); //get the file's contents $admin_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url') . cmtx_setting('admin_folder')) . '/'; //build admin panel link //convert email variables with actual variables $body = str_ireplace('[username]', $username, $body); $body = str_ireplace('[password]', $password, $body); $body = str_ireplace('[admin link]', $admin_link, $body);
} ?> <?php //get the security key and add to form as hidden input ?> <input type="hidden" name="cmtx_security_key" value="<?php echo cmtx_setting('security_key'); ?> "/> <?php //add a random token to help prevent refresh and back-button submission ?> <input type="hidden" name="cmtx_resubmit_key" value="<?php echo cmtx_get_random_key(20); ?> "/> <?php if (cmtx_setting('check_honeypot')) { //a normal input, hidden by CSS, which should never contain a value ?> <input type="text" name="cmtx_honeypot" value="" style="display:none;" autocomplete="off"/> <?php } ?> <?php if (cmtx_setting('check_time')) { //get the time and add to form as hidden input
?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $name = $_POST['name']; $email = $_POST['email']; $page_id = $_POST['page_id']; $is_unique = FALSE; while (!$is_unique) { $token = cmtx_get_random_key(20); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'")) == 0) { $is_unique = TRUE; } } $name = cmtx_sanitize($name); $email = cmtx_sanitize($email); $page_id = cmtx_sanitize($page_id); cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "subscribers` (`name`, `email`, `page_id`, `token`, `to_all`, `to_admin`, `to_reply`, `is_confirmed`, `dated`) VALUES ('{$name}', '{$email}', '{$page_id}', '{$token}', '1', '1', '1', '1', NOW());"); ?> <div class="success"><?php echo CMTX_MSG_SUB_ADDED; ?> </div> <div style="clear: left;"></div> <?php
if (function_exists('system') && is_callable('system')) { ?> <?php if (isset($_POST['submit']) && cmtx_setting('is_demo')) { ?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $backup_file = "backups/" . cmtx_get_random_key(20) . ".sql"; if (!empty($cmtx_mysql_port)) { $cmtx_mysql_host .= ":" . $cmtx_mysql_port; } $command = cmtx_setting('mysqldump_path') . "mysqldump --host={$cmtx_mysql_host} --user={$cmtx_mysql_username} --password={$cmtx_mysql_password} {$cmtx_mysql_database} > {$backup_file}"; system($command); ?> <div class="success"><?php echo CMTX_MSG_BACKUP_CREATED; ?> </div> <div style="clear: left;"></div> <?php } } ?>