/**
* verify_email
*
* takes the posted email address and securely
* checks it against emails currently stored in the database
* returns true or false
*
* @param string $email
* @return bool 1/0
*/
function bouncer_verify_email($email)
{
global $pre;
if (empty($email)) {
return false;
}
$conn = author_connect();
// grab existing list of email addresses
$query = "SELECT " . constant($pre . 'EMAIL') . " as emails\n\t\t\t\tFROM " . constant($pre . 'USER_TBL');
$result = $conn->query($query);
$data = array();
// create array of existing email addresses
while ($row = $result->fetch_assoc()) {
$data[] = strtolower($row['emails']);
}
$result->close();
// check posted email address exists - if not bounce user immediately
$email = strtolower($email);
if (in_array($email, $data)) {
return true;
} else {
// reset cookies
setcookie($pre . '_c_user', '', time() - 1, "/");
setcookie($pre . '_c_key', '', time() - 1, "/");
// generate error message
return false;
}
}
function split_attachments()
{
$conn = author_connect();
$query = "SELECT articleID, map_attachments\n\t\t\t\t\tFROM ww_articles\n\t\t\t\t\tWHERE map_attachments > 0";
$result = $conn->query($query);
$attach_data = array();
while ($row = $result->fetch_assoc()) {
$attachments = explode(',', $row['map_attachments']);
$article = $row['articleID'];
foreach ($attachments as $attach) {
$newattach['article_id'] = $article;
$newattach['attachment_id'] = $attach;
$attach_data[] = $newattach;
}
}
// insert data
foreach ($attach_data as $attachment) {
$insert = "INSERT INTO attachments_map (attachment_id, article_id) \n\t\t\t\t\t\tVALUES (" . (int) $attachment['attachment_id'] . ", " . (int) $attachment['article_id'] . ")";
$result = $conn->query($insert);
}
return;
}
}
}
}
// edit custom tag
if (isset($_POST['update_custom_setting'])) {
$conn = author_connect();
$custom_update = "\n\t\t\tUPDATE settings SET \n\t\t\t\tproperty_name='" . $conn->real_escape_string($_POST['property_name']) . "', \n\t\t\t\tproperty_value='" . $conn->real_escape_string($_POST['property_value']) . "' \n\t\t\tWHERE id = " . (int) $_POST['id'];
$custom_result = $conn->query($custom_update);
if (!$custom_result) {
$messages = $conn->error;
}
}
// insert meta tag
if (isset($_POST['insert_meta']) || isset($_POST['insert_custom'])) {
if (!empty($_POST['property_name']) && !empty($_POST['property_value'])) {
$conn = author_connect();
$insert = "\n\t\t\t\tINSERT INTO settings \n\t\t\t\t\t(element_name, property_name, property_value, formtype, summary)\n\t\t\t\t\tVALUES\n\t\t\t\t\t(\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['element_name']) . "',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['property_name']) . "',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['property_value']) . "',\n\t\t\t\t\t'custom',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['summary']) . "'\n\t\t\t\t\t)";
$result = $conn->query($insert);
if (!$result) {
$messages = $conn->error;
}
}
}
// any functions
/**
* admin_get_settings
*
*
*
*/
function admin_get_settings()
/**
* drop_column
*
* drops the specified column from the table
*
*/
function drop_column($table, $column)
{
$check = check_table($table, $column);
if ($check === false) {
return 'Column ' . $column . ' NOT found in table ' . $table . '<br />';
}
$conn = author_connect();
$query = "ALTER TABLE " . $table . " DROP " . $column;
$conn->query($query);
if ($conn->error) {
return 'error: ' . $conn->error . '<br />';
}
if (!$conn->error) {
return 'Dropped column ' . $column . ' from table ' . $table . '<br />';
}
}
/**
* delete_link
*
*
*
*
*
*
*/
function delete_link($link_id)
{
if (empty($link_id)) {
return false;
}
$conn = author_connect();
$query = "DELETE FROM links WHERE id = " . (int) $link_id;
$result = $conn->query($query);
if (!$result) {
return $conn->error;
} else {
return true;
}
}
/**
* serve attachment()
*
* serves an attachment and updates counter
*
* @param int/string $url2 if only url2 is provided this should be the database id of the file
* @param string $url3 if provided this should be the filename
*
*/
function serve_attachment($id)
{
// database connection
$conn = author_connect();
// validate id
$id = (int) $id;
if (empty($id)) {
return;
}
// get attachment details
$file = get_attachment($id);
// update counter
$query = "UPDATE attachments \n\t\t\t\t\t\tSET downloads = downloads+1 \n\t\t\t\t\t\tWHERE id = " . $id;
$conn->query($query);
// serve attachment
$file_to_download = WW_ROOT . "/ww_files/attachments/" . $file['ext'] . "/" . $file['filename'];
header('Content-Type: ' . $file['mime'] . '');
header('Content-Disposition: attachment; filename=' . $file['filename'] . '');
// update download counter
readfile($file_to_download);
$result->close();
return;
}
/**
* change_password
*
*/
function change_password()
{
global $pre;
$error = array();
// check all fields are supplied
if (empty($_POST['auth']) || empty($_POST['key']) || empty($_POST['newpass']) || empty($_POST['confirmpass'])) {
$error[] = '<p>All fields need to be filled in</p>';
}
$auth = trim($_POST['auth']);
$key = trim($_POST['key']);
$newpass = trim($_POST['newpass']);
$confirmpass = trim($_POST['confirmpass']);
// check entered passwords match
$pass_len = strlen($newpass);
if ($pass_len < 8) {
$error[] = '<p>Password needs to be at least 8 characters long</p>';
}
if ($newpass != $confirmpass) {
$error[] = '<p>Passwords don\'t match</p>';
}
// return errors if any
if (!empty($error)) {
$errors = implode(',', $error);
return $errors;
}
// get database data for confirmation
$conn = author_connect();
$query = "\n\t\t\t\tSELECT \n\t\t\t\t\t" . WW_ID . ", " . WW_EMAIL . ", \n\t\t\t\t\t" . WW_PASS . ", " . WW_LAST_SESS . "\n\t\t\t\tFROM " . WW_USER_TBL . " \n\t\t\t\tWHERE " . WW_PASS . " = '" . $conn->real_escape_string($auth) . "'";
$result = $conn->query($query);
$user_data = $result->fetch_assoc();
// compare data - check auth code and time limit
$limit = 3600;
$passcheck = strcmp($auth, $user_data[WW_PASS]) == 0 ? 1 : 0;
if (empty($passcheck)) {
$error[] = 'The auth code is incorrect';
}
$sess = $user_data[WW_LAST_SESS];
$author_id = $user_data[WW_ID];
$author_email = $user_data[WW_EMAIL];
$time = $sess / $key;
$time_now = time();
if ($time_now - $time > $limit) {
$error[] = 'Time limit expired - password needs to be changed within one hour of reset';
}
// return errors if any
if (!empty($error)) {
$errors = implode(',', $error);
return $errors;
}
// finally we creat the new password
//$len = 2 * (strlen($newpass));
//$salt = substr(md5(uniqid(rand(), true)), 0, $len);
//$hash_pass = $salt.hash("sha256",$salt.$newpass);
$hash_pass = hash_password($newpass);
// update database with new password
$update = "UPDATE " . WW_USER_TBL . " SET \n\t\t\t\t\t" . WW_PASS . " = '" . $conn->real_escape_string($hash_pass) . "'\n\t\t\t\t\tWHERE " . WW_ID . " = '" . (int) $author_id . "'";
$update_result = $conn->query($update);
if (!$update_result) {
return $conn->error;
}
// email confirmation to user
$subject = WW_SITE_NAME . " - password changed";
$message = "Your password for the " . WW_SITE_NAME . " website (" . WW_WEB_ROOT . ") has been changed";
$headers = "From: " . WW_ADMIN_EMAIL . "\n" . "X-Mailer: PHP/" . phpversion() . "\n" . "Content-Type: text/html; charset=utf-8\n" . "Content-Transfer-Encoding: 8bit\n\n";
if (mail($author_email, $subject, $message, $headers, "-f" . WW_ADMIN_EMAIL . "")) {
$loginmessage = "Your password has been changed.";
} else {
// message your password has been changed
$loginmessage = "Your password has been changed. \n\t\t\tUnfortunately we were unable to send a confirmation email.";
}
unset($_SESSION[WW_SESS]['logged_in']);
return $loginmessage;
}
