function force_session_restart($id_author) { include_lcm('inc_session'); global $author_session, $lcm_session; zap_sessions($id_author, true); if ($author_session['id_author'] == $id_author) { lcm_debug("lcm_session = " . $lcm_session); delete_session($lcm_session); } else { lcm_debug("I am ID = " . $author_session['id_author']); } }
function send_email($email, $subject, $texte, $from = "", $headers = "") { global $hebergeur, $queue_mails, $flag_wordwrap, $os_serveur; include_lcm('inc_filters'); if (!$from) { $email_envoi = read_meta("email_sender"); $from = is_valid_email($email_envoi) ? $email_envoi : $email; } if (!is_valid_email($email)) { return false; } lcm_debug("mail ({$email}): {$subject}"); $charset = read_meta('charset'); $headers = "From: {$from}\n" . "MIME-Version: 1.0\n" . "Content-Type: text/plain; charset={$charset}\n" . "Content-Transfer-Encoding: 8bit\n{$headers}"; $texte = filtrer_entites($texte); $subject = filtrer_entites($subject); // fignoler ce qui peut l'etre... if ($charset != 'utf-8') { $texte = str_replace("’", "'", $texte); $subject = str_replace("’", "'", $subject); } // encoder le sujet si possible selon la RFC if ($GLOBALS['flag_multibyte'] and @mb_internal_encoding($charset)) { $subject = mb_encode_mimeheader($subject, $charset, 'Q'); } if ($flag_wordwrap) { $texte = wordwrap($texte); } if ($os_serveur == 'windows') { $texte = preg_replace("/\r*\n/", "\r\n", $texte); $headers = preg_replace("/\r*\n/", "\r\n", $headers); } switch ($hebergeur) { case 'lycos': $queue_mails[] = array('email' => $email, 'sujet' => $subject, 'texte' => $texte, 'headers' => $headers); return true; case 'free': return false; case 'online': if (!($ret = @email('webmaster', $email, $subject, $texte))) { lcm_log("ERROR mail: (online) returned false"); } return $ret; default: if (!($ret = @mail($email, $subject, $texte, $headers))) { lcm_log("ERROR mail: (default) returned false"); } return $ret; } }
function lcm_query_db($query, $accept_fail = false) { global $lcm_pgsql_link; global $lcm_pgsql_error; static $tt = 0; $my_debug = $GLOBALS['sql_debug']; $my_profile = $GLOBALS['sql_profile']; $lcm_pgsql_error = ""; $query = process_query($query); if ($my_profile) { $m1 = microtime(); } if ($GLOBALS['mysql_recall_link'] and $lcm_pgsql_link) { $result = pg_query($query, $lcm_pgsql_link); } else { $result = pg_query($query); } if ($my_debug and $my_profile) { $m2 = microtime(); list($usec, $sec) = explode(" ", $m1); list($usec2, $sec2) = explode(" ", $m2); $dt = $sec2 + $usec2 - $sec - $usec; $tt += $dt; echo "<small>" . htmlentities($query); echo " -> <font color='blue'>" . sprintf("%3f", $dt) . "</font> ({$tt})</small><p>\n"; } if ($my_debug) { lcm_debug("QUERY: {$query}\n", 1, 'sql'); } if (!$result) { $err = lcm_sql_error(); if (!$accept_fail) { $error = _T('warning_sql_query_failed') . "<br />\n" . htmlentities($query) . "<br />\n"; $error .= "« " . htmlentities($err) . " »<br />"; lcm_panic($error); } $lcm_pgsql_error = $err; lcm_log("sql failed: {$err}"); } return $result; }
function timeout($lock = false, $action = true, $connect_mysql = true) { static $ok = true; global $db_ok; // Has the hosting provided put a lock? (maximum age, 10 minutes) $timeoutfile = (isset($_SERVER['LcmDataDir']) ? $_SERVER['LcmDataDir'] : 'inc/data') . '/lock'; if (@file_exists($timeoutfile) and time() - @filemtime($timeoutfile) < 600) { lcm_debug("lock hebergeur {$timeoutfile}"); return $ok = false; } // Nothing to do? if (!$action || !$ok) { return $ok; } $ok = false; // Database connected? if ($connect_mysql) { include_ecrire('inc_connect.php'); if (!$db_ok) { return false; } // Lock requested? if ($lock) { lcm_debug("test lock mysql {$lock}"); if (!spip_get_lock($lock)) { lcm_debug("lock mysql {$lock}"); return false; } } } // Go ahead return true; }
function traduire_nom_langue($lang) { lcm_debug("Use of deprecated function traduire_nom_langue(), use translate_language_name() instead"); return translate_language_name($lang); }
// ... $ok = false; reset($auths); foreach ($auths as $nom_auth) { include_lcm('inc_auth_' . $nom_auth); $classe_auth = 'Auth_' . $nom_auth; $auth = new $classe_auth(); if ($auth->init()) { $session_password_md5 = $_REQUEST['session_password_md5']; // Try with the md5 password (made by Javascript in the form) // [ML] TODO: session_password_md5 + next_session_password_md5 // should probably be refered to via _REQUEST... (test after!) $ok = $auth->validate_md5_challenge($login, $session_password_md5, $next_session_password_md5); // If failed, try as cleartext if (!$ok && $session_password) { lcm_debug("md5 login failed, trying with plaintext"); $ok = $auth->validate_pass_cleartext($login, $session_password); } } if ($ok) { break; } } if ($ok) { $ok = $auth->lire(); } if ($ok) { $auth->activate(); // Force cookies for admins if ($auth->username and $auth->status == 'admin') { $cookie_admin = "@" . $auth->username;
function getCaseIterator() { global $prefs; if ($this->getCaseDone()) { lcm_panic("LcmClient::getCaseIterator called but getCaseDone() returned true"); } $ret = array_shift($this->cases); $this->case_start_from++; if ($this->getCaseDone()) { lcm_debug('not done, reloading: ' . count($this->cases)); $this->loadCases($this->case_start_from + $prefs['page_rows']); } lcm_debug("getCaseIterator " . count($this->cases)); return $ret; }
function get_fu_description($item, $make_short = true) { if (!is_array($item)) { lcm_debug("get_fu_description: parameter is not an array."); return ''; } global $prefs; global $fu_desc_len; // configure via my_options.php with $GLOBALS['fu_desc_len'] = NNN; $short_description = ''; // Set the length of short followup title (was: wide = 48, narrow = 115) $title_length = isset($fu_desc_len) && $fu_desc_len > 0 ? $fu_desc_len : 256; if ($item['type'] == 'assignment' && is_numeric($item['description'])) { $res1 = lcm_query("SELECT * FROM lcm_author WHERE id_author = " . $item['description']); $author1 = lcm_fetch_array($res1); $short_description = _T('case_info_author_assigned', array('name' => get_person_name($author1))); } elseif ($item['type'] == 'unassignment' && is_numeric($item['description'])) { $res1 = lcm_query("SELECT * FROM lcm_author WHERE id_author = " . $item['description']); $author1 = lcm_fetch_array($res1); $short_description = _T('case_info_author_unassigned', array('name' => get_person_name($author1))); } elseif ($item['type'] == 'stage_change' || is_status_change($item['type'])) { $tmp = lcm_unserialize($item['description']); // for backward compatibility, make it optional if ($item['case_stage']) { $short_description = _Tkw('stage', $item['case_stage']); } if ($tmp['description']) { $short_description .= " / " . $tmp['description']; } if ($tmp['result'] || $tmp['conclusion']) { $short_description .= "\n" . _Ti('fu_input_conclusion'); } if ($tmp['result']) { $short_description .= _Tkw('_crimresults', $tmp['result']) . "/"; } if ($tmp['conclusion']) { $short_description .= _Tkw('conclusion', $tmp['conclusion']); } if ($tmp['sentence']) { $short_description .= "\n" . _Ti('fu_input_sentence') . _Tkw('sentence', $tmp['sentence'], array('currency' => read_meta('currency'))); } if ($tmp['sentence_val']) { $short_description .= ": " . $tmp['sentence_val']; } } else { if ($item['description']) { if (!$make_short || strlen(lcm_utf8_decode($item['description'])) < $title_length) { $short_description = $item['description']; } else { $short_description = substr($item['description'], 0, $title_length) . '...'; } $short_description = clean_output($short_description); } else { $short_description = _T('fu_info_emptydesc'); } } $short_description = nl2br($short_description); if (empty($short_description)) { $short_description = _T('info_not_available'); } return $short_description; }
function update_contacts_request($type_person, $id_of_person) { // This will be useful later, to check mandatory/optional contacts $all_contact_kwg = get_kwg_all('contact'); // // Update existing contacts // if (isset($_REQUEST['contact_value'])) { $contacts = $_REQUEST['contact_value']; $c_ids = $_REQUEST['contact_id']; $c_types = $_REQUEST['contact_type']; // // Check if the contacts provided are really attached to the person // or else the user can provide a form with false contacts. // $all_contacts = get_contacts($type_person, $id_of_person); for ($cpt = 0; isset($c_ids[$cpt]) && $c_ids[$cpt]; $cpt++) { $valid = false; foreach ($all_contacts as $c) { if ($c['id_contact'] == $c_ids[$cpt]) { $valid = true; } } if (!$valid) { lcm_panic("Invalid modification of existing contact detected."); } } for ($cpt = 0; isset($c_ids[$cpt]); $cpt++) { // Check first to see if the contact is mandatory $kwg = get_kwg_from_id($c_types[$cpt]); $delete_allowed = true; if ($kwg['policy'] == 'mandatory') { // XXX Having policy == 'mandatory' but quantity = many // really makes a mess, and is not handled. $delete_allowed = false; } if (_request('del_contact_' . $c_ids[$cpt])) { if ($delete_allowed) { lcm_debug("Contact DEL: {$type_person}, {$id_of_person}, " . $c_ids[$cpt], 1); delete_contact($c_ids[$cpt]); } else { $_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory'); } } else { if (!$delete_allowed && !$contacts[$cpt]) { $_SESSION['errors']['upd_contact_' . $cpt] = _T('warning_field_mandatory'); } else { lcm_debug("Contact UPD: {$type_person}, {$id_of_person}, " . $c_ids[$cpt] . ' = ' . $contacts[$cpt], 1); $err = update_contact($c_ids[$cpt], $contacts[$cpt]); if ($err) { $_SESSION['errors']['upd_contact_' . $cpt] = $err; } } } } } // // New contacts // if (isset($_REQUEST['new_contact_value'])) { $cpt = 0; $new_contacts = $_REQUEST['new_contact_value']; $c_type_names = $_REQUEST['new_contact_type_name']; while (isset($new_contacts[$cpt])) { // Process only new contacts which have a value if ($new_contacts[$cpt]) { // And make sure that they have a "type of contact" if ($c_type_names[$cpt]) { lcm_debug("Contact NEW: {$type_person}, {$id_of_person}, Name = " . $c_type_names[$cpt] . ', ' . $new_contacts[$cpt], 1); $err = add_contact($type_person, $id_of_person, $c_type_names[$cpt], $new_contacts[$cpt]); if ($err) { $_SESSION['errors']['new_contact_' . $cpt] = $err; } } else { $_SESSION['errors']['new_contact_' . $cpt] = "Please specify the type of contact."; // TRAD } } $cpt++; } } // // Check if all mandatory contacts were provided // $all_contacts = get_contacts($type_person, $id_of_person); foreach ($all_contact_kwg as $c) { if ($c['policy'] == 'mandatory') { $found = false; foreach ($all_contacts as $a) { if ($a['name'] == $c['name'] && trim($a['value'])) { $found = true; } } if (!$found) { $_SESSION['errors']['contact_' . $c['name']] = _Ti($c['title']) . _T('warning_field_mandatory'); } } } }
function lcm_query_db($query, $accept_fail = false) { global $lcm_mysql_link; static $tt = 0; $my_debug = $GLOBALS['sql_debug']; $my_profile = $GLOBALS['sql_profile']; /* [ML] I have no idea whether this is overkill, but without it, we get strange problems with Cyrillic and other non-latin charsets. We need to check whether tables were installed correctly, or else it will not show non-latin utf8 characters correctly. (i.e. for people who upgraded LCM, but didn't import/export their data to fix the tables.) */ if (read_meta('db_utf8') == 'yes') { lcm_mysql_set_utf8(); } elseif (!read_meta('db_utf8') == 'no' && !read_meta('lcm_db_version')) { // We are not yet installed, so check MySQL version on every request // Note: checking is is_file('inc/data/inc_meta_cache.php') is not // enough, because the keywords cache may have been generated, but not // the meta. if (!preg_match("/^(4\\.0|3\\.)/", mysql_get_server_info())) { lcm_mysql_set_utf8(); } } $query = process_query($query); if ($my_profile) { $m1 = microtime(); } if ($GLOBALS['mysql_recall_link'] and $lcm_mysql_link) { $result = mysql_query($query, $lcm_mysql_link); } else { $result = mysql_query($query); } if ($my_debug and $my_profile) { $m2 = microtime(); list($usec, $sec) = explode(" ", $m1); list($usec2, $sec2) = explode(" ", $m2); $dt = $sec2 + $usec2 - $sec - $usec; $tt += $dt; echo "<small>" . htmlentities($query); echo " -> <font color='blue'>" . sprintf("%3f", $dt) . "</font> ({$tt})</small><p>\n"; } if ($my_debug) { lcm_debug("QUERY: {$query}\n", 1, 'sql'); } if (lcm_sql_errno() && !$accept_fail) { $s = lcm_sql_error(); $error = _T('warning_sql_query_failed') . "<br />\n" . htmlentities($query) . "<br />\n"; $error .= "« " . htmlentities($s) . " »<br />"; lcm_panic($error); } return $result; }
function upload_backup_file() { // File name and extention $fname = ""; $fext = ""; // Clear all previous errors $_SESSION['errors'] = array(); if (!is_uploaded_file($_FILES['filename']['tmp_name'])) { // FIXME: error message $_SESSION['errors']['upload_file'] = '1 - not a valid file'; // TRAD return; } if (!($_FILES['filename']['size'] > 0)) { // FIXME: error message $_SESSION['errors']['upload_file'] = 'size is zero'; // TRAD return; } // File should be: name.tar or name.tar.gz or name.tgz // name can be pretty much anything, since it will be rawurlencoded() // if it is prefixed with "db-", it will be removed and later added again if (preg_match("/^(db-)?(.+)\\.(tar(\\.gz)?|tgz)\$/", $_FILES['filename']['name'], $regs)) { $fname = rawurlencode($regs[2]); $fext = $regs[3]; } else { // FIXME: error $_SESSION['errors']['upload_file'] = 'name not accepted'; // TRAD return; } $cpt = 0; while (file_exists(DIR_BACKUPS_PREFIX . $fname . ($cpt ? "-" . $cpt : '') . "." . $fext)) { $cpt++; } $fname_full = DIR_BACKUPS_PREFIX . $fname . ($cpt ? "-" . $cpt : '') . "." . $fext; if (!move_uploaded_file($_FILES['filename']['tmp_name'], $fname_full)) { // FIXME: error message $_SESSION['errors']['upload_file'] = 'move_uploaded_file freaked out'; // TRAD return; } if (is_file($fname_full)) { // unpackage @(include "Archive/Tar.php"); $tar_worked = false; if (class_exists("Archive_Tar")) { $tar_worked = true; $old_dir = getcwd(); chdir(DIR_BACKUPS); $tar_object = new Archive_Tar($fname_full); $tar_object->setErrorHandling(PEAR_ERROR_PRINT); // XXX is this safe to do this here? What if file exists? // FIXME: check extractList() to modify dest path $tar_object->extract(); chdir($old_dir); lcm_debug("untar should be OK"); } else { $_SESSION['errors']['upload_file'] = "Archive::Tar not installed"; // TRAD lcm_log("Archive::Tar not installed"); return; } } else { lcm_panic("This should not happen..."); } }