/** * Validate the given answer against our stored one. * * This event is provided for other plugins and gets used internally * for other events we're hooking into. * * @param array Associative array of parameters. * @param string Form type ( comment|register|message ) * @return boolean|NULL */ function CaptchaValidated(&$params, $form_type) { global $DB, $localtimenow, $Session; if (!$this->does_apply($params, $form_type)) { return; } $posted_answer = evo_strtolower(param('captcha_qstn_' . $this->ID . '_answer', 'string', '')); if (empty($posted_answer)) { $this->debug_log('captcha_qstn_' . $this->ID . '_answer'); $params['validate_error'] = $this->T_('Please enter the captcha answer.'); return false; } $question = $this->CaptchaQuestion(); $posted_answer_is_correct = false; $answers = explode('|', evo_strtolower($question->cptq_answers)); foreach ($answers as $answer) { if ($posted_answer == $answer) { // Correct answer is found in DB $posted_answer_is_correct = true; break; } } if (!$posted_answer_is_correct) { $this->debug_log('Posted (' . $posted_answer . ') and saved (' . $question->cptq_answers . ') answer do not match!'); $params['validate_error'] = $this->T_('The entered answer is incorrect.'); return false; } // If answer is correct: // We should clean the question ID that was assigned for current session and IP address // It gives to assign new question on the next captcha event $this->CaptchaQuestionCleanup(); return true; }
/** * Handle our login cache. */ function remove_by_ID($req_ID) { if (isset($this->cache[$req_ID])) { $Obj =& $this->cache[$req_ID]; unset($this->cache_login[evo_strtolower($Obj->login)]); } parent::remove_by_ID($req_ID); }
/** * Render content of Item, Comment, Message * * @todo get rid of global $blog * * @param string Content * @param object Blog * @param boolean Allow empty Blog * return boolean */ function render_content(&$content, $item_Blog = NULL, $allow_null_blog = false) { global $ItemCache, $admin_url, $blog, $evo_charset; $regexp_modifier = ''; if ($evo_charset == 'utf-8') { // Add this modifier to work with UTF-8 strings correctly $regexp_modifier = 'u'; } // Regular links: $search = array('#\\[\\[((https?|mailto)://((?:[^<>{}\\s\\]]|,(?!\\s))+?))\\]\\]#i', '#\\[\\[((https?|mailto)://([^<>{}\\s\\]]+)) ([^\\n\\r]+?)\\]\\]#i', '#\\(\\(((https?|mailto)://((?:[^<>{}\\s\\]]|,(?!\\s))+?))\\)\\)#i', '#\\(\\(((https?|mailto)://([^<>{}\\s\\]]+)) ([^\\n\\r]+?)\\)\\)#i'); $replace = array('<a href="$1">$1</a>', '<a href="$1">$4</a>', '<a href="$1">$1</a>', '<a href="$1">$4</a>'); $content = replace_content_outcode($search, $replace, $content); /* QUESTION: fplanque, implementation of this planned? then use make_clickable() - or remove this comment $ret = preg_replace("#([\n ])aim:([^,< \n\r]+)#i", "\\1<a href=\"aim:goim?screenname=\\2\\3&message=Hello\">\\2\\3</a>", $ret); $ret = preg_replace("#([\n ])icq:([^,< \n\r]+)#i", "\\1<a href=\"http://wwp.icq.com/scripts/search.dll?to=\\2\\3\">\\2\\3</a>", $ret); $ret = preg_replace("#([\n ])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^,< \n\r]*)?)#i", "\\1<a href=\"http://www.\\2.\\3\\4\">www.\\2.\\3\\4</a>", $ret); $ret = preg_replace("#([\n ])([a-z0-9\-_.]+?)@([^,< \n\r]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret); */ // To use function replace_special_chars() load_funcs('locales/_charset.funcs.php'); // WIKIWORDS: $search_wikiwords = array(); $replace_links = array(); if ($this->get_coll_setting('link_without_brackets', $item_Blog, $allow_null_blog)) { // Create the links from standalone WikiWords // STANDALONE WIKIWORDS: $search = '/ (?<= \\s | ^ ) # Lookbehind for whitespace ([\\p{Lu}]+[\\p{Ll}0-9_]+([\\p{Lu}]+[\\p{L}0-9_]+)+) # WikiWord or WikiWordLong (?= [\\.,:;!\\?] \\s | \\s | $ ) # Lookahead for whitespace or punctuation /x' . $regexp_modifier; // x = extended (spaces + comments allowed) if (preg_match_all($search, $content, $matches, PREG_SET_ORDER)) { // Construct array of wikiwords to look up in post urltitles $wikiwords = array(); foreach ($matches as $match) { // Convert the WikiWord to an urltitle $WikiWord = $match[0]; $Wiki_Word = preg_replace('*([^\\p{Lu}_])([\\p{Lu}])*' . $regexp_modifier, '$1-$2', $WikiWord); $wiki_word = evo_strtolower($Wiki_Word); // echo '<br />Match: [', $WikiWord, '] -> [', $wiki_word, ']'; $wiki_word = replace_special_chars($wiki_word); $wikiwords[$WikiWord] = $wiki_word; } // Lookup all urltitles at once in DB and preload cache: $ItemCache =& get_ItemCache(); $ItemCache->load_urltitle_array($wikiwords); // Construct arrays for replacing wikiwords by links: foreach ($wikiwords as $WikiWord => $wiki_word) { // WikiWord $search_wikiwords[] = '/ (?<= \\s | ^ ) # Lookbehind for whitespace or start (?<! <span\\ class="NonExistentWikiWord"> ) ' . $WikiWord . ' # Specific WikiWord to replace (?= [\\.,:;!\\?] \\s | \\s | $ ) # Lookahead for whitespace or end of string /sx'; // s = dot matches newlines, x = extended (spaces + comments allowed) // Find matching Item: if (($Item =& $ItemCache->get_by_urltitle($wiki_word, false)) !== false) { // Item Found $permalink = $Item->get_permanent_url(); // WikiWord $replace_links[] = '<a href="' . $permalink . '">' . $Item->get('title') . '</a>'; } else { // Item not found $create_link = isset($blog) ? '<a href="' . $admin_url . '?ctrl=items&action=new&blog=' . $blog . '&post_title=' . preg_replace('*([^\\p{Lu}_])([\\p{Lu}])*' . $regexp_modifier, '$1%20$2', $WikiWord) . '&post_urltitle=' . $wiki_word . '" title="Create...">?</a>' : ''; // WikiWord $replace_links[] = '<span class="NonExistentWikiWord">' . $WikiWord . $create_link . '</span>'; } } } } // BRACKETED WIKIWORDS: $search = '/ (?<= \\(\\( | \\[\\[ ) # Lookbehind for (( or [[ ([\\p{L}0-9]+[\\p{L}0-9_\\-]*) # Anything from Wikiword to WikiWordLong (?= ( \\s .*? )? ( \\)\\) | \\]\\] ) ) # Lookahead for )) or ]] /x' . $regexp_modifier; // x = extended (spaces + comments allowed) if (preg_match_all($search, $content, $matches, PREG_SET_ORDER)) { // Construct array of wikiwords to look up in post urltitles $wikiwords = array(); foreach ($matches as $match) { // Convert the WikiWord to an urltitle $WikiWord = $match[0]; if (preg_match('/^[\\p{Ll}0-9_\\-]+$/' . $regexp_modifier, $WikiWord)) { // This WikiWord already matches a slug format $Wiki_Word = $WikiWord; $wiki_word = $Wiki_Word; } else { // Convert WikiWord to slug format $Wiki_Word = preg_replace(array('*([^\\p{Lu}_])([\\p{Lu}])*' . $regexp_modifier, '*([^0-9])([0-9])*' . $regexp_modifier), '$1-$2', $WikiWord); $wiki_word = evo_strtolower($Wiki_Word); } // echo '<br />Match: [', $WikiWord, '] -> [', $wiki_word, ']'; $wiki_word = replace_special_chars($wiki_word); $wikiwords[$WikiWord] = $wiki_word; } // Lookup all urltitles at once in DB and preload cache: $ChapterCache =& get_ChapterCache(); $ChapterCache->load_urlname_array($wikiwords); $ItemCache =& get_ItemCache(); $ItemCache->load_urltitle_array($wikiwords); // Construct arrays for replacing wikiwords by links: foreach ($wikiwords as $WikiWord => $wiki_word) { // [[WikiWord text]] $search_wikiwords[] = '* \\[\\[ ' . $WikiWord . ' # Specific WikiWord to replace \\s (.+?) \\]\\] *sx'; // s = dot matches newlines, x = extended (spaces + comments allowed) // ((WikiWord text)) $search_wikiwords[] = '* \\(\\( ' . $WikiWord . ' # Specific WikiWord to replace \\s (.+?) \\)\\) *sx'; // s = dot matches newlines, x = extended (spaces + comments allowed) // [[Wikiword]] $search_wikiwords[] = '* \\[\\[ ' . $WikiWord . ' # Specific WikiWord to replace \\]\\] *sx'; // s = dot matches newlines, x = extended (spaces + comments allowed) // ((Wikiword)) $search_wikiwords[] = '* \\(\\( ' . $WikiWord . ' # Specific WikiWord to replace \\)\\) *sx'; // s = dot matches newlines, x = extended (spaces + comments allowed) // Find matching Chapter or Item: $permalink = ''; $link_text = preg_replace(array('*([^\\p{Lu}_])([\\p{Lu}])*' . $regexp_modifier, '*([^0-9])([0-9])*' . $regexp_modifier), '$1 $2', $WikiWord); $link_text = ucwords(str_replace('-', ' ', $link_text)); if (($Chapter =& $ChapterCache->get_by_urlname($wiki_word, false)) !== false) { // Chapter is found $permalink = $Chapter->get_permanent_url(); $existing_link_text = $Chapter->get('name'); } elseif (($Item =& $ItemCache->get_by_urltitle($wiki_word, false)) !== false) { // Item is found $permalink = $Item->get_permanent_url(); $existing_link_text = $Item->get('title'); } if (!empty($permalink)) { // Chapter or Item are found // [[WikiWord text]] $replace_links[] = '<a href="' . $permalink . '">$1</a>'; // ((WikiWord text)) $replace_links[] = '<a href="' . $permalink . '">$1</a>'; // [[Wikiword]] $replace_links[] = '<a href="' . $permalink . '">' . $existing_link_text . '</a>'; // ((Wikiword)) $replace_links[] = '<a href="' . $permalink . '">' . $link_text . '</a>'; } else { // Chapter and Item are not found $create_link = isset($blog) ? '<a href="' . $admin_url . '?ctrl=items&action=new&blog=' . $blog . '&post_title=' . preg_replace('*([^\\p{Lu}_])([\\p{Lu}])*' . $regexp_modifier, '$1%20$2', $WikiWord) . '&post_urltitle=' . $wiki_word . '" title="Create...">?</a>' : ''; // [[WikiWord text]] $replace_links[] = '<span class="NonExistentWikiWord">$1' . $create_link . '</span>'; // ((WikiWord text)) $replace_links[] = '<span class="NonExistentWikiWord">$1' . $create_link . '</span>'; // [[Wikiword]] $replace_links[] = '<span class="NonExistentWikiWord">' . $link_text . $create_link . '</span>'; // ((Wikiword)) $replace_links[] = '<span class="NonExistentWikiWord">' . $link_text . $create_link . '</span>'; } } } // echo '<br />---'; // pre_dump( $search_wikiwords ); $content = replace_content_outcode($search_wikiwords, $replace_links, $content); return true; }
// Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('globalsettings'); // Check permission: $current_User->check_perm('options', 'edit', true); switch ($tab) { case 'eblog': param('eblog_enabled', 'boolean', 0); $Settings->set('eblog_enabled', $eblog_enabled); param('eblog_method', 'string', true); $Settings->set('eblog_method', strtolower($eblog_method)); param('eblog_encrypt', 'string', true); $Settings->set('eblog_encrypt', $eblog_encrypt); param('eblog_novalidatecert', 'boolean', 0); $Settings->set('eblog_novalidatecert', $eblog_novalidatecert); param('eblog_server_host', 'string', true); $Settings->set('eblog_server_host', evo_strtolower($eblog_server_host)); param('eblog_server_port', 'integer', true); $Settings->set('eblog_server_port', $eblog_server_port); param('eblog_username', 'string', true); $Settings->set('eblog_username', $eblog_username); param('eblog_password', 'string', true); $Settings->set('eblog_password', $eblog_password); param('eblog_default_category', 'integer', true); $Settings->set('eblog_default_category', $eblog_default_category); param('eblog_default_title', 'string', true); $Settings->set('eblog_default_title', $eblog_default_title); param('eblog_subject_prefix', 'string', true); $Settings->set('eblog_subject_prefix', $eblog_subject_prefix); param('eblog_body_terminator', 'string', true); $Settings->set('eblog_body_terminator', $eblog_body_terminator); param('eblog_test_mode', 'boolean', 0);
/** * process attachments by saving into media directory and optionally creating image tag in post * * @param string message content that is optionally manipulated by adding image tags (by reference) * @param array $mailAttachments array containing path to attachment files * @param string $mediadir path to media directory of blog as seen by file system * @param string $media_url url to media directory as seen by user * @param bool $add_img_tags should img tags be added to the post (instead of linking through the file manager) * @param string $type defines attachment type: 'attach' or 'related' */ function pbm_process_attachments(&$content, $mailAttachments, $mediadir, $media_url, $add_img_tags = true, $type = 'attach') { global $Settings, $pbm_item_files, $filename_max_length; pbm_msg('<h4>Processing attachments</h4>'); foreach ($mailAttachments as $attachment) { if (isset($attachment['FileName'])) { $filename = trim(evo_strtolower($attachment['FileName'])); } else { // Related attachments may not have file name, we'll generate one below $filename = ''; } if ($filename == '') { $filename = 'upload_' . uniqid() . '.' . $attachment['SubType']; pbm_msg(sprintf('Attachment without name. Using "%s".', htmlspecialchars($filename))); } // Check valid filename/extension: (includes check for locked filenames) if ($error_filename = process_filename($filename, true)) { pbm_msg('Invalid filename: ' . $error_filename); continue; } // If file exists count up a number $cnt = 0; $prename = substr($filename, 0, strrpos($filename, '.')) . '-'; $sufname = strrchr($filename, '.'); $error_in_filename = false; while (file_exists($mediadir . $filename)) { $filename = $prename . $cnt . $sufname; if (strlen($filename) > $filename_max_length) { // This is a special case, when the filename is longer then the maximum allowed // Cut as many characters as required before the counter on the file name $filename = fix_filename_length($filename, strlen($prename) - 1); if ($error_in_filename = process_filename($filename, true)) { // The file name is not valid, this is an unexpected situation, because the file name was already validated before pbm_msg('Invalid filename: ' . $error_filename); break; } } ++$cnt; } if ($error_in_filename) { // Don't create file with invalid file name continue; } pbm_msg(sprintf('New file name is <b>%s</b>', $filename)); $imginfo = NULL; if (!$Settings->get('eblog_test_mode')) { pbm_msg('Saving file to: ' . htmlspecialchars($mediadir . $filename)); if (!copy($attachment['DataFile'], $mediadir . $filename)) { pbm_msg('Unable to copy uploaded file to ' . htmlspecialchars($mediadir . $filename)); continue; } // chmod uploaded file: $chmod = $Settings->get('fm_default_chmod_file'); @chmod($mediadir . $filename, octdec($chmod)); $imginfo = @getimagesize($mediadir . $filename); pbm_msg('Is this an image?: ' . (is_array($imginfo) ? 'yes' : 'no')); } if ($type == 'attach') { $content .= "\n"; if (is_array($imginfo) && $add_img_tags) { $content .= '<img src="' . $media_url . $filename . '" ' . $imginfo[3] . ' />'; } else { pbm_msg(sprintf('The file <b>%s</b> will be attached to the post later, after we save the post in the database.', $filename)); $pbm_item_files[] = $filename; } $content .= "\n"; } elseif (!empty($attachment['ContentID'])) { // Replace relative "cid:xxxxx" URIs with absolute URLs to media files $content = str_replace('cid:' . $attachment['ContentID'], $media_url . $filename, $content); } } }
/** * Get # of posts for a given tag */ function get_tag_post_count($tag) { global $DB; $sql = 'SELECT COUNT(DISTINCT itag_itm_ID) FROM T_items__tag INNER JOIN T_items__itemtag ON itag_tag_ID = tag_ID INNER JOIN T_postcats ON itag_itm_ID = postcat_post_ID INNER JOIN T_categories ON postcat_cat_ID = cat_ID WHERE cat_blog_ID = ' . $this->ID . ' AND tag_name = ' . $DB->quote(evo_strtolower($tag)); return $DB->get_var($sql); }
/** * Process filename: * - convert to lower case * - replace consecutive dots with one dot * - if force_validation is true, then replace every not valid character to '_' * - check if file name is valid * * @param string file name (by reference) - this file name will be processed * @param boolean force validation ( replace not valid characters to '_' without warning ) * @return error message if the file name is not valid, false otherwise */ function process_filename(&$filename, $force_validation = false) { global $filename_max_length; if (empty($filename)) { return T_('Empty file name is not valid.'); } if ($force_validation) { // replace every not valid characters $filename = preg_replace('/[^a-z0-9\\-_.]+/i', '_', $filename); // Make sure the filename length doesn't exceed the maximum allowed. Remove characters from the end of the filename ( before the extension ) if required. $extension_pos = strrpos($filename, '.'); $filename = fix_filename_length($filename, strrpos($filename, '.', $extension_pos ? $extension_pos : strlen($filename))); } // check if the file name contains consecutive dots, and replace them with one dot without warning ( keep only one dot '.' instead of '...' ) $filename = preg_replace('/\\.(\\.)+/', '.', evo_strtolower($filename)); if ($error_filename = validate_filename($filename)) { // invalid file name return $error_filename; } // on success return false; }
/** * This is the 2nd level of callback!! * * @param array The matches of regexp: * 1 => punctuation signs before word * 2 => a clear word without punctuation signs * 3 => punctuation signs after word */ function replace_callback($matches) { global $Blog; $link_attrs = ''; if (!empty($Blog) && $this->get_coll_setting($this->setting_nofollow_auto, $Blog)) { // Add attribute rel="nofollow" for auto-links $link_attrs .= ' rel="nofollow"'; } $before_word = $matches[1]; $word = $matches[2]; $after_word = $matches[3]; if (substr($word, -1) == '.') { // If word has a dot in the end $word = substr($word, 0, -1); $after_word = '.' . $after_word; } $lword = evo_strtolower($word); $r = $before_word . $word . $after_word; if (isset($this->replacement_link_array[$lword])) { // There is an autolink definition with the current word // An optional previous required word (allows to create groups of 2 words) $previous = $this->replacement_link_array[$lword][0]; // Url for current word $url = 'http://' . $this->replacement_link_array[$lword][1]; if (in_array($url, $this->already_linked_array) || in_array($lword, $this->already_linked_usernames)) { // Do not repeat link to same destination: // pre_dump( 'already linked:'. $url ); // save previous word in original and lower case format with the after word signs $this->previous_word = $word . $after_word; $this->previous_lword = $lword . $after_word; $this->previous_used = false; return $r; } if (!empty($previous)) { // This definitions is a group of two word separated with space if ($this->previous_used || $this->previous_lword != $previous) { // We do not have the required previous word or it was already used to another autolink definition // pre_dump( 'previous word does not match', $this->previous_lword, $previous ); // save previous word in original and lower case format with the after word signs $this->previous_word = $word . $after_word; $this->previous_lword = $lword . $after_word; $this->previous_used = false; return $r; } $r = '==!#DEL#!==<a href="' . $url . '"' . $link_attrs . '>' . $this->previous_word . ' ' . $word . '</a>' . $after_word; } else { // Single word $r = $before_word . '<a href="' . $url . '"' . $link_attrs . '>' . $word . '</a>' . $after_word; } // Make sure we don't link to same destination twice in the same text/post: $this->already_linked_array[] = $url; // Mark that the previous word was already converted to a link $this->previous_used = true; } else { // Mark that the previous word was NOT converted to a link $this->previous_used = false; } // save previous word in original and lower case format with the after word signs // Note: after_word signs are important to be saved because in case of autlink definitions with two words the first word must have exact matching at the end! $this->previous_word = $word . $after_word; $this->previous_lword = $lword . $after_word; return $r; }
case 'ignore': $message .= '<li style="color:blue">User ignored!</li>'; echo $message . '</ul>'; continue; // next post // next post case 'b2evo': $item_Author =& $UserCache->get_by_login($usersmapped[$post_author][1]); break; case 'createnew': // check if the user already exists $UserCache =& get_UserCache(); $item_Author =& $UserCache->get_by_login($usersmapped[$post_author][1]); if (!$item_Author) { $item_Author = new User(); $item_Author->set('login', evo_strtolower($usersmapped[$post_author][1])); $item_Author->set('nickname', $usersmapped[$post_author][1]); $item_Author->set('pass', md5($default_password)); $item_Author->set('level', $default_userlevel); $item_Author->set('email', ''); $GroupCache =& get_GroupCache(); $item_Author_Group =& $GroupCache->get_by_ID($default_usergroup); $item_Author->set_Group($item_Author_Group); if (!$simulate) { $item_Author->dbinsert(); } // This is a bad hack, because add() would need an ID (which we don't have when simulating) $UserCache->cache_login[$item_Author->login] =& $item_Author; $message .= '<li style="color:orange">user ' . $item_Author->login . ' created</li>'; $count_userscreated++; }
/** * Extracts a keyword from a raw not encoded URL. * Will only extract keyword if a known search engine has been detected. * Returns the keyword: * - in UTF8: automatically converted from other charsets when applicable * - strtolowered: "QUErY test!" will return "query test!" * - trimmed: extra spaces before and after are removed * * A list of supported search engines can be found in /inc/sessions/model/_search_engines.php * The function returns false when a keyword couldn't be found. * eg. if the url is "http://www.google.com/partners.html" this will return false, * as the google keyword parameter couldn't be found. * * @param string URL referer * @return array|false false if a keyword couldn't be extracted, * or array( * 'engine_name' => 'Google', * 'keywords' => 'my searched keywords', * 'serprank' => 4) */ function extract_params_from_referer($ref) { global $Debuglog, $search_engine_params, $evo_charset, $current_charset; // Make sure we don't try params extraction twice $this->_search_params_tried = true; @(list($ref_host, $ref_path, $query, $fragment) = $this->is_search_referer($ref, true)); if (empty($ref_host)) { // Not a search referer return false; } $search_engine_name = $search_engine_params[$ref_host][0]; $keyword_param = NULL; if (!empty($search_engine_params[$ref_host][1])) { $keyword_param = $search_engine_params[$ref_host][1]; } if (is_null($keyword_param)) { // Get settings from first item in group $search_engine_names = $this->get_search_engine_names(); $url = $search_engine_names[$search_engine_name]; $keyword_param = $search_engine_params[$url][1]; } if (!is_array($keyword_param)) { $keyword_param = array($keyword_param); } if ($search_engine_name == 'Google Images' || $search_engine_name == 'Google' && strpos($ref, '/imgres') !== false) { // Google image search $search_engine_name = 'Google Images'; $query = urldecode(trim($this->get_param_from_string($query, 'prev'))); $query = str_replace('&', '&', strstr($query, '?')); } elseif ($search_engine_name == 'Google' && (strpos($query, '&as_') !== false || strpos($query, 'as_') === 0)) { $keys = array(); if ($key = $this->get_param_from_string($query, 'as_q')) { array_push($keys, $key); } if ($key = $this->get_param_from_string($query, 'as_oq')) { array_push($keys, str_replace('+', ' OR ', $key)); } if ($key = $this->get_param_from_string($query, 'as_epq')) { array_push($keys, "\"{$key}\""); } if ($key = $this->get_param_from_string($query, 'as_eq')) { array_push($keys, "-{$key}"); } $key = trim(urldecode(implode(' ', $keys))); } if (empty($key)) { foreach ($keyword_param as $param) { if ($param[0] == '/') { // regular expression match if (@preg_match($param, $ref, $matches)) { $key = trim(urldecode($matches[1])); break; } } else { // search for keywords now &vname=keyword if ($key = $this->get_param_from_string($query, $param)) { $key = trim(urldecode($key)); if (!empty($key)) { break; } } } } } if (empty($key)) { // Not a search referer if ($this->referer_type == 'search') { // If the referer was detected as 'search' we need to change it back to 'referer' // to keep search stats clean. $this->referer_type = 'referer'; $Debuglog->add('Hit: extract_params_from_referer() overrides referer type set by detect_referer(): "search" -> "referer"', 'request'); } return false; } // Convert encoding if (!empty($search_engine_params[$ref_host][3])) { $ie = $search_engine_params[$ref_host][3]; } elseif (isset($url) && !empty($search_engine_params[$url][3])) { $ie = $search_engine_params[$url][3]; } else { // Fallback to default encoding $ie = array('utf-8', 'iso-8859-15'); } if (is_array($ie)) { if (can_check_encoding()) { foreach ($ie as $test_encoding) { if (check_encoding($key, $test_encoding)) { $ie = $test_encoding; break; } } } else { $ie = $ie[0]; } } $key = convert_charset($key, $evo_charset, $ie); // convert to lower string but keep in evo_charset $saved_charset = $current_charset; $current_charset = $evo_charset; $key = evo_strtolower($key); $current_charset = $saved_charset; // Extract the "serp rank" // Typically http://google.com?s=keyphraz&start=18 returns 18 if (!empty($search_engine_params[$ref_host][4])) { $serp_param = $search_engine_params[$ref_host][4]; } elseif (isset($url) && !empty($search_engine_params[$url][4])) { $serp_param = $search_engine_params[$url][4]; } else { // Fallback to default params $serp_param = array('offset', 'page', 'start'); } if (!is_array($serp_param)) { $serp_param = array($serp_param); } if (strpos($search_engine_name, 'Google') !== false) { // Append fragment which Google uses in instant search $query .= '&' . $fragment; } foreach ($serp_param as $param) { if ($var = $this->get_param_from_string($query, $param)) { if (ctype_digit($var)) { $serprank = $var; break; } } } $this->_search_engine = $search_engine_name; $this->_keyphrase = $key; $this->_serprank = isset($serprank) ? $serprank : NULL; return array('engine_name' => $this->_search_engine, 'keyphrase' => $this->_keyphrase, 'serprank' => $this->_serprank); }
/** * Check if recipients available in database * * @param string Input name * @param string Recipients logins separated with comma (Used for browsers without JavaScript) * @param string Recipients logins in array format (Used with jQuery plugin fbautocomplete) * @return boolean true if all recipients allow the current User to contact them, false otherwise */ function param_check__recipients($var, $recipients, $recipients_array) { global $DB, $current_User, $UserSettings, $Messages; if (!empty($recipients_array)) { // These data is created by jQuery plugin fbautocomplete $recipients_list = $recipients_array['title']; } else { // For browsers without JavaScript // split recipients into array using comma separator $recipients_list = array(); $recipients = trim(str_replace(',', ' ', $recipients)); foreach (explode(' ', $recipients) as $recipient) { $login = trim($recipient); if (!empty($login)) { $recipients_list[] = evo_strtolower($login); } } } $recipients_list = array_unique($recipients_list); $error_msg = ''; // check has recipients list login of current user if (in_array($current_User->login, $recipients_list)) { $error_msg = sprintf(T_('You cannot send threads to yourself: %s'), $current_User->login); } // load recipient User objects $UserCache =& get_UserCache(); $UserCache->load_where('user_login IN ( "' . implode('","', $recipients_list) . '" )'); // check are recipients available in database $this->recipients_list = array(); $unavailable_recipients_list = array(); $closed_recipients_list = array(); $status_restricted_recipients = array(); $recipients_without_perm = array(); $recipients_restricted_pm = array(); // check if recipient user enable private messages only if sender user doesn't have 'delete' messaging permission $check_enable_pm = !$current_User->check_perm('perm_messaging', 'delete'); foreach ($recipients_list as $recipient) { $recipient_User = $UserCache->get_by_login($recipient, false); if ($recipient_User === false) { // user doesn't exists $unavailable_recipients_list[] = $recipient; continue; } if (!$recipient_User->check_status('can_receive_pm')) { // user status restrict to receive private messages if ($recipient_User->check_status('is_closed')) { // user account was closed $closed_recipients_list[] = $recipient; continue; } $status_restricted_recipients[] = $recipient; continue; } if (!$recipient_User->check_perm('perm_messaging', 'reply')) { // user doesn't have permission to read private messages $recipients_without_perm[] = $recipient; continue; } if (!$UserSettings->get('enable_PM', $recipient_User->ID)) { // recipient doesn't want to receive private messages $recipients_restricted_pm[] = $recipient; if ($check_enable_pm) { // sender is not a user with delete ( "admin" ) messaging permission, so this user can't be in the recipients list continue; } } // recipient is correct, add to recipient list $this->recipients_list[] = $recipient_User->ID; } if (count($unavailable_recipients_list) > 0) { if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf('The following users were not found: %s', implode(', ', $unavailable_recipients_list)); } if (count($closed_recipients_list) > 0) { if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf('The following users no longer exist: %s', implode(', ', $closed_recipients_list)); } if (count($status_restricted_recipients) > 0) { if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf('The following users status currently does not permit to receive private messages: %s', implode(', ', $status_restricted_recipients)); } if (count($recipients_without_perm) > 0) { if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf('The following users have no permission to read private messages: %s', implode(', ', $recipients_without_perm)); } $restricted_pm_count = count($recipients_restricted_pm); if ($restricted_pm_count > 0) { // there is at least one recipient who doesn't want to receive private messages if ($check_enable_pm) { // sender is not a user with delete ( "admin" ) messaging permission, so this user can't be in the recipients list if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf('The following users don\'t want to receive private messages: %s', implode(', ', $recipients_restricted_pm)); } else { // send is an admin $manual_link = get_manual_link('messaging', T_('See manual') . '.'); if ($restricted_pm_count > 1) { // more then one recipient don't want to receive private messages $note = sprintf(T_('Users «%s» do not allow receiving private messages. Message has been sent anyway because you are an administrator.'), implode(', ', $recipients_restricted_pm)); } else { // one recipient doesn't want to receive private messages $note = sprintf(T_('User «%s» does not allow receiving private messages. Message has been sent anyway because you are an administrator.'), $recipients_restricted_pm[0]); } // add note $Messages->add($note . $manual_link, 'note'); } } // Here we select those recipients who has blocked the sender. Note that users with 'delete' messaging permission can't be blocked! $blocked_contacts = check_blocked_contacts($this->recipients_list); if (!empty($blocked_contacts)) { // There is at least one blocked recipient if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= T_('The following users don\'t want you to contact them at this time: ') . ' ' . implode(', ', $blocked_contacts); } if (empty($error_msg)) { // no errors yet $recipients_count = count($recipients_list); if ($recipients_count > 1 && param('thrdtype', 'string', 'discussion') != 'discussion') { // user want's to send more then one individual messages, check if is allowed list($max_new_threads, $new_threads_count) = get_todays_thread_settings(); if (!empty($max_new_threads) && $max_new_threads - $new_threads_count < $recipients_count) { // user has a create thread limit, and recipients number exceed that limit $error_msg .= '<br />'; $error_msg .= sprintf(T_('You are unable to send %d individual messages, because it exceeds your remaining daily limit of %d.'), $recipients_count, $max_new_threads - $new_threads_count); } } } if (!empty($error_msg)) { // show error param_error($var, $error_msg); return false; } return true; }
} // Set params: $paramsList = array('login' => $login, 'pass1' => $pass1, 'pass2' => $pass2, 'email' => $email, 'pass_required' => true); if ($registration_require_country) { $paramsList['country'] = $country; } if ($registration_require_firstname) { $paramsList['firstname'] = $firstname; } if ($registration_require_gender == 'required') { $paramsList['gender'] = $gender; } // Check profile params: profile_check_params($paramsList); // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes: $login = evo_strtolower($login); $UserCache =& get_UserCache(); if ($UserCache->get_by_login($login)) { // The login is already registered param_error($dummy_fields['login'], sprintf(T_('The login «%s» is already registered, please choose another one.'), $login)); } if ($Messages->has_errors()) { break; } $DB->begin(); $new_User = new User(); $new_User->set('login', $login); $new_User->set('pass', md5($pass1)); // encrypted $new_User->set('ctry_ID', $country); $new_User->set('firstname', $firstname);
if (!empty($login_action) || !empty($login) && !empty($pass)) { // User is trying to login right now // Stop a request from the blocked IP addresses antispam_block_ip(); global $action; // Set $action so it can be recorded in the hitlog: $action = 'login'; $Debuglog->add('Login: User is trying to log in.', '_init_login'); header_nocache(); // Don't take risks here :p // Check that this login request is not a CSRF hacked request: $Session->assert_received_crumb('loginform'); // fp> NOTE: TODO: now that we require goign through the login form, all the login logic that is here can probably be moved to login.php ? // Note: login and password cannot include ' or " or > or < // Note: login cannot include @ $login = evo_strtolower(strip_tags(remove_magic_quotes($login))); $pass = strip_tags(remove_magic_quotes($pass)); $pass_md5 = md5($pass); /* * Handle javascript-hashed password: * If possible, the login form will hash the entered password with a salt that changes everytime. */ param('pwd_salt', 'string', ''); // just for comparison with the one from Session $pwd_salt_sess = $Session->get('core.pwd_salt'); // $Debuglog->add( 'Login: salt: '.var_export($pwd_salt, true).', session salt: '.var_export($pwd_salt_sess, true), '_init_login' ); $transmit_hashed_password = (bool) $Settings->get('js_passwd_hashing') && !(bool) $Plugins->trigger_event_first_true('LoginAttemptNeedsRawPassword'); if ($transmit_hashed_password) { param('pwd_hashed', 'string', ''); } else { // at least one plugin requests the password un-hashed:
$Session->delete('core.preview_Comment'); } else { // New comment: if (($Comment = get_comment_from_session()) == NULL) { // there is no saved Comment in Session $Comment = new Comment(); if (!empty($PageCache) && $PageCache->is_collecting) { // This page is going into the cache, we don't want personal data cached!!! // fp> These fields should be filled out locally with Javascript tapping directly into the cookies. Anyone JS savvy enough to do that? $comment_author = ''; $comment_author_email = ''; $comment_author_url = ''; } else { // Get params from $_COOKIE $comment_author = param_cookie($cookie_name, 'string', ''); $comment_author_email = evo_strtolower(param_cookie($cookie_email, 'string', '')); $comment_author_url = param_cookie($cookie_url, 'string', ''); } if (empty($comment_author_url)) { // Even if we have a blank cookie, let's reset this to remind the bozos what it's for $comment_author_url = 'http://'; } $comment_content = $params['default_text']; } else { // set saved Comment attributes from Session $comment_content = $Comment->content; $comment_author = $Comment->author; $comment_author_email = $Comment->author_email; $comment_author_url = $Comment->author_url; // comment_attachments contains all file IDs that have been attached $comment_attachments = $Comment->preview_attachments;
$Settings->set('notification_sender_name', $sender_name); // Site short name $short_name = param('notification_short_name', 'string', ''); param_check_not_empty('notification_short_name'); $Settings->set('notification_short_name', $short_name); // Site long name $Settings->set('notification_long_name', param('notification_long_name', 'string', '')); // Site logo url $Settings->set('notification_logo', param('notification_logo', 'string', '')); /** Settings to decode the returned emails **/ param('repath_enabled', 'boolean', 0); $Settings->set('repath_enabled', $repath_enabled); param('repath_method', 'string', true); $Settings->set('repath_method', strtolower($repath_method)); param('repath_server_host', 'string', true); $Settings->set('repath_server_host', evo_strtolower($repath_server_host)); param('repath_server_port', 'integer', true); $Settings->set('repath_server_port', $repath_server_port); param('repath_encrypt', 'string', true); $Settings->set('repath_encrypt', $repath_encrypt); param('repath_novalidatecert', 'boolean', 0); $Settings->set('repath_novalidatecert', $repath_novalidatecert); param('repath_username', 'string', true); $Settings->set('repath_username', $repath_username); param('repath_password', 'string', true); $Settings->set('repath_password', $repath_password); param('repath_delete_emails', 'boolean', 0); $Settings->set('repath_delete_emails', $repath_delete_emails); param('repath_subject', 'text', true); $Settings->set('repath_subject', $repath_subject); param('repath_body_terminator', 'text', true);
/** * Import users from phpbb into b2evo */ function phpbb_import_users() { global $DB, $phpbb_DB, $tableprefix; if (!phpbb_check_step('users')) { // Check current step return; // Exit here if we cannot process this step } phpbb_unset_var('users_count_imported'); phpbb_unset_var('users_count_updated'); phpbb_log(T_('Importing users...')); /** * @var array IDs of the Users; * Key is ID from phpBB * Value is new inserted ID from b2evo */ $users_IDs = array(); // Get ranks that will be imported ( array( phpbb_rank_ID => b2evo_group_ID ) ) $phpbb_ranks = phpbb_get_var('ranks'); // Remove ranks that will not be imported if (count($phpbb_ranks) > 0) { foreach ($phpbb_ranks as $rank_ID => $b2evo_group_ID) { if (empty($b2evo_group_ID)) { // Unset this rank, because it selected as no import unset($phpbb_ranks[$rank_ID]); } } } $phpbb_users_sql_where_ranks = ''; if (count($phpbb_ranks) > 0) { // Limit users by the selected ranks $phpbb_users_sql_where_ranks = ' OR u.user_rank IN ( ' . $phpbb_DB->quote(array_keys($phpbb_ranks)) . ' )'; } $DB->begin(); // Init SQL to get the users data and the count of the users $phpbb_users_SQL = new SQL(); $phpbb_users_SQL->FROM('BB_users u'); $phpbb_users_SQL->FROM_add('INNER JOIN BB_posts p ON p.poster_id = u.user_id'); // Get users which have at least one post $phpbb_users_SQL->WHERE('( u.user_rank IS NULL OR u.user_rank = 0' . $phpbb_users_sql_where_ranks . ' )'); $phpbb_users_SQL->ORDER_BY('u.user_id'); // Get the count of the topics $count_SQL = $phpbb_users_SQL; $count_SQL->SELECT('COUNT( DISTINCT u.user_id )'); $phpbb_users_count = $phpbb_DB->get_var($count_SQL->get()); if ($phpbb_users_count > 0) { phpbb_log(sprintf(T_('%s users have been found in the phpBB database'), $phpbb_users_count)); } else { // No users phpbb_log(T_('No users found in the phpBB database.'), 'error'); $DB->commit(); return; // Exit here } // Get the duplicated emails $emails_SQL = new SQL(); $emails_SQL->SELECT('user_email, ""'); $emails_SQL->FROM('BB_users'); $emails_SQL->GROUP_BY('user_email'); $emails_SQL->HAVING('COUNT( user_id ) > 1'); $phpbb_emails_duplicated = $phpbb_DB->get_assoc($emails_SQL->get()); phpbb_log(T_('Start importing <b>users</b> into the b2evolution database...'), 'message', ''); // Init SQL to get the users $users_SQL = $phpbb_users_SQL; $users_SQL->SELECT('u.user_id, u.user_active, u.username, u.user_password, u.user_email, u.user_lang, u.user_level, u.user_regdate, u.user_icq, u.user_website, u.user_aim, u.user_yim, u.user_msnm, u.user_interests, u.user_rank, u.user_allow_viewonline, u.user_notify_pm, u.user_avatar'); $users_SQL->GROUP_BY('u.user_id'); // Get all users IPs in one sql query $users_ips_SQL = new SQL(); $users_ips_SQL->SELECT('user_id, last_ip'); $users_ips_SQL->FROM('BB_sessions_keys'); $users_ips_SQL->ORDER_BY('last_login DESC'); $users_ips = $phpbb_DB->get_assoc($users_ips_SQL->get()); // Prepare to import avatars $do_import_avatars = false; $path_avatars = phpbb_get_var('path_avatars'); if (!empty($path_avatars)) { $path_avatars = preg_replace('/(\\/|\\\\)$/i', '', $path_avatars) . '/'; if (!empty($path_avatars) && file_exists($path_avatars) && is_dir($path_avatars)) { // Folder with avatars is correct, we can import avatars $do_import_avatars = true; } } $page = 0; $page_size = 1000; $phpbb_users_count_imported = 0; $phpbb_users_count_updated = 0; do { // Split by page to optimize process // It gives to save the memory rather than if we get all users by one query without LIMIT clause // Get the users $users_SQL->LIMIT($page * $page_size . ', ' . $page_size); $phpbb_users = $phpbb_DB->get_results($users_SQL->get()); $phpbb_users_count = count($phpbb_users); // Insert the new users foreach ($phpbb_users as $p => $phpbb_user) { if ($p % 100 == 0) { // Display the processing dots after 100 users phpbb_log(' .', 'message', ''); } if ($phpbb_user->user_id < 1) { // Skip the users with invalid ID phpbb_log(sprintf(T_('User "%s" with ID %s ignored'), $phpbb_user->username, $phpbb_user->user_id), 'error', ' ', '<br />'); continue; } if ($phpbb_user->username == '₯είίε') { // Special rule for this username $user_login = '******'; } else { // Replace unauthorized chars from username $user_login = preg_replace('/([^a-z0-9_])/i', '_', $phpbb_user->username); $user_login = evo_substr(evo_strtolower($user_login), 0, 20); } $user_has_duplicated_email = false; if (isset($phpbb_emails_duplicated[$phpbb_user->user_email])) { // The user has the duplicate email if (!empty($phpbb_emails_duplicated[$phpbb_user->user_email])) { // The other user already was imported with such email phpbb_log('<br />' . sprintf(T_('The phbBB users "%s" and "%s" have the same email address "%s" and will be merged in b2evolution as just "%s"'), $phpbb_emails_duplicated[$phpbb_user->user_email]['username'], $user_login, $phpbb_user->user_email, $phpbb_emails_duplicated[$phpbb_user->user_email]['username']), 'error', ' '); // Set link between current phpBB user ID and b2evo user ID of first user with this duplicated email address // This link will be used to merge the topics, comments and messages from all phpBB users with the same email address for ONE b2evo user $users_IDs[$phpbb_user->user_id] = $users_IDs[$phpbb_emails_duplicated[$phpbb_user->user_email]['user_ID']]; // Don't import this user unset($phpbb_users[$p]); continue; } $phpbb_emails_duplicated[$phpbb_user->user_email] = array('username' => $user_login, 'user_ID' => $phpbb_user->user_id); $user_has_duplicated_email = true; } // Check if this user already exists with same email address in b2evo DB $SQL = new SQL(); $SQL->SELECT('user_ID, user_login'); $SQL->FROM('T_users'); $SQL->WHERE('user_email = ' . $DB->quote($phpbb_user->user_email)); $b2evo_user = $DB->get_row($SQL->get()); if (!empty($b2evo_user)) { // User already exists in DB of b2evo // Don't insert this user // Update the link between IDs of this user from two databases $users_IDs[$phpbb_user->user_id] = $b2evo_user->user_ID; unset($phpbb_users[$p]); // Unset already existing user from this array to exclude the updating of the fields and settings $phpbb_users_count_updated++; if ($do_import_avatars) { // Import user's avatar phpbb_import_avatar($b2evo_user->user_ID, $path_avatars, $phpbb_user->user_avatar); } phpbb_log(sprintf(T_('The user #%s already exists with E-mail address "%s" in the b2evolution database -- Merging User "%s" with user "%s".'), $phpbb_user->user_id, $phpbb_user->user_email, $user_login, $b2evo_user->user_login), 'warning', ' ', '<br />'); continue; } // Check if this user already exists with same login in b2evo DB $user_login_number = 0; $next_login = $user_login; do { $SQL = new SQL(); $SQL->SELECT('user_ID'); $SQL->FROM('T_users'); $SQL->WHERE('user_login = '******'The login "%s" already exists with a different email address. The user "%s" will be imported as "%s"'), $user_login, $user_login, $next_login), 'warning', ' ', '<br />'); $user_login = $next_login; } if (!empty($users_ips[$phpbb_user->user_id])) { // Decode user ip from hex format $phpbb_user->user_ip = phpbb_decode_ip($users_ips[$phpbb_user->user_id]); } $user_data = array('user_login' => $user_login, 'user_pass' => $phpbb_user->user_password, 'user_email' => $phpbb_user->user_email, 'user_level' => $phpbb_user->user_level, 'user_status' => $phpbb_user->user_active == '1' ? 'autoactivated' : 'closed', 'user_created_datetime' => date('Y-m-d H:i:s', $phpbb_user->user_regdate), 'user_profileupdate_date' => date('Y-m-d', $phpbb_user->user_regdate), 'user_locale' => 'en-US'); if (!empty($phpbb_user->user_rank) && !empty($phpbb_ranks[$phpbb_user->user_rank])) { // Define the user's group $user_data['user_grp_ID'] = $phpbb_ranks[$phpbb_user->user_rank]; } if (!isset($user_data['user_grp_ID'])) { // Set default group $user_data['user_grp_ID'] = phpbb_get_var('group_default'); } // Add the DB quotes for the user fields $import_data = array(); foreach ($user_data as $field_value) { $import_data[] = $phpbb_DB->quote($field_value); } // *** EXECUTE QUERY TO INSERT NEW USER *** // $user_insert_result = mysql_query('INSERT INTO ' . $tableprefix . 'users ( ' . implode(', ', array_keys($user_data)) . ' ) VALUES ( ' . implode(', ', $import_data) . ' )', $DB->dbhandle); if (!$user_insert_result) { // User was not inserted phpbb_log(sprintf(T_('User "%s" with ID %s cannot be imported. MySQL error: %s.'), $phpbb_user->username, $phpbb_user->user_id, mysql_error($DB->dbhandle)), 'error', ' ', '<br />'); continue; } $user_ID = mysql_insert_id($DB->dbhandle); if ($do_import_avatars) { // Import user's avatar phpbb_import_avatar($user_ID, $path_avatars, $phpbb_user->user_avatar); } // Save new inserted ID of the user $users_IDs[$phpbb_user->user_id] = $user_ID; if ($user_has_duplicated_email) { $phpbb_emails_duplicated[$phpbb_user->user_email]['user_ID'] = $phpbb_user->user_id; } // Import the user's fields phpbb_import_user_fields($phpbb_user, $user_ID); // Import user's settings phpbb_import_user_settings($phpbb_user, $user_ID); $phpbb_users_count_imported++; } $page++; } while ($phpbb_users_count > 0); // Add temporary table to store the links between user's IDs from phpbb and b2evo tables phpbb_table_add('users'); phpbb_table_insert_links('users', $users_IDs); $DB->commit(); phpbb_set_var('users_count_imported', $phpbb_users_count_imported); phpbb_set_var('users_count_updated', $phpbb_users_count_updated); }
} $row2 = mysql_fetch_array($res2, MYSQL_ASSOC); // if it is a category only then import. ignore tags and link categories switch ($row2['taxonomy']) { case 'category': echo 'Reading cat: ' . $row['name'] . '<br>'; $cats[$i]['name'] = $row['name']; $cats[$i]['slug'] = $row['slug']; $cats[$i]['description'] = $row2['description']; $cats[$i]['cat_id'] = $row2['term_taxonomy_id']; $i++; break; case 'post_tag': echo 'Reading tag: ' . $row['name'] . '<br>'; $tag_id = $row2['term_taxonomy_id']; $tags[$tag_id]['name'] = evo_strtolower($row['name']); $tags[$tag_id]['slug'] = $row['slug']; $tags[$tag_id]['description'] = $row2['description']; break; } mysql_free_result($res2); } mysql_free_result($res); if (empty($cats)) { die('There must be at least one category!'); } // Use the first category as the default category in case we find uncategorized posts later on. $default_category_ID = $cats[0]['cat_id']; // select the evolution database $db = mysql_select_db($evo_db, $con); if (!$db) {