public function ShowMessage($message, $get_var = '')
{
// cache message for use in the template.
if ($get_var != '' && isset($_GET[$get_var]) && !empty($_GET[$get_var])) {
if (is_array($_GET[$get_var])) {
foreach ($_GET[$get_var] as $one) {
$this->_messages[] = lang(cleanValue($one));
}
} else {
$this->_messages[] = lang(cleanValue($_GET[$get_var]));
}
} else {
if (is_array($message)) {
foreach ($message as $one) {
$this->_messages[] = $one;
}
} else {
if (is_string($message)) {
$this->_messages[] = $message;
}
}
}
}
/**
* ShowMessage
* Outputs a page status message
*
* @param message - Message to be shown
* @param get_var - Name of the _GET variable that contains the
* name of the message lang string
*/
public function ShowMessage($message, $get_var = '')
{
$image_done = $this->DisplayImage('icons/system/accept.gif', lang('success'), '', '', 'systemicon');
$output = '<div class="pagemcontainer"';
if (FALSE == empty($get_var)) {
if (FALSE == empty($_GET[$get_var])) {
$message = lang(cleanValue($_GET[$get_var]));
} else {
$message = '';
$output .= ' style="display:none;"';
}
}
$output .= '><p class="pagemessage">' . $image_done . ' ' . $message . '</p></div>';
return $output;
}
}
$adminaccess = 1;
if (!isset($_POST["adminaccess"]) && isset($_POST["edituser"])) {
$adminaccess = 0;
}
$active = 1;
if (!isset($_POST["active"]) && isset($_POST["edituser"])) {
$active = 0;
}
$userid = get_userid();
$user_id = $userid;
if (isset($_POST["user_id"])) {
$user_id = cleanValue($_POST["user_id"]);
} else {
if (isset($_GET["user_id"])) {
$user_id = cleanValue($_GET["user_id"]);
}
}
$gCms = cmsms();
$userops = $gCms->GetUserOperations();
$groupops = $gCms->GetGroupOperations();
$group_list = $groupops->LoadGroups();
$db = $gCms->GetDb();
$thisuser = $userops->LoadUserByID($user_id);
if (strlen($thisuser->username) > 0) {
$CMS_ADMIN_SUBTITLE = $thisuser->username;
}
// this is now always true... but we may want to change how things work, so I'll leave it
$access_perm = check_permission($userid, 'Modify Users');
$access_user = $userid == $user_id;
$access_group = $userops->UserInGroup($userid, 1) || !$userops->UserInGroup($user_id, 1);
$success = false;
$page = 'index';
// Start Twitter Perch
$tp = new twitterPerch();
// Initialise Form Validators
if (empty($_POST)) {
SmartyValidate::connect($smarty, true);
SmartyValidate::register_validator('keyword', 'keyword', 'notEmpty');
SmartyValidate::register_validator('username', 'username', 'isWord', false, true);
SmartyValidate::register_validator('password', 'password:6', 'isLength', false, true);
SmartyValidate::register_validator('accValid', 'username:password', 'isValid');
} else {
SmartyValidate::connect($smarty);
SmartyValidate::register_object('tp', $tp);
SmartyValidate::register_criteria('isValid', 'tp->isValidTwitterCredentials');
if ($valid = SmartyValidate::is_valid($_POST)) {
SmartyValidate::disconnect();
// Clean Values
$formVars = array('keyword' => cleanValue($_POST['keyword']), 'username' => cleanValue($_POST['username']), 'password' => cleanValue($_POST['password']));
// Add To List
$success = $tp->add($formVars);
}
}
// Assign Variables
$smarty->assign('text', $lang[$page]);
$smarty->assign('success', $success);
$smarty->assign($_POST);
// Trim the Whitespace
$smarty->load_filter('output', 'trimwhitespace');
// Display in Template
$smarty->display($page . '.tpl');
}
$password = '';
if (isset($_POST["password"])) {
$password = $_POST["password"];
}
$passwordagain = '';
if (isset($_POST["passwordagain"])) {
$passwordagain = $_POST["passwordagain"];
}
$firstname = '';
if (isset($_POST["firstname"])) {
$firstname = cleanValue($_POST["firstname"]);
}
$lastname = '';
if (isset($_POST["lastname"])) {
$lastname = cleanValue($_POST["lastname"]);
}
$email = '';
if (isset($_POST["email"])) {
$email = trim($_POST["email"]);
}
// Do validations
$validinfo = true;
if ($username == "") {
$validinfo = false;
$error = lang('nofieldgiven', array(lang('username')));
} else {
if (!preg_match("/^[a-zA-Z0-9\\._ ]+\$/", $username)) {
$validinfo = false;
$error = lang('illegalcharacters', array(lang('username')));
} else {
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#$Id: editbookmark.php 9830 2015-02-19 18:30:06Z calguy1000 $
$CMS_ADMIN_PAGE = 1;
require_once "../include.php";
$urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY];
check_login();
$db = cmsms()->GetDb();
$error = "";
$title = "";
if (isset($_POST["title"])) {
$title = trim(cleanValue((string) $_POST["title"]));
}
$myurl = "";
if (isset($_POST["url"])) {
$myurl = trim(cleanValue((string) $_POST["url"]));
}
$bookmark_id = -1;
if (isset($_POST["bookmark_id"])) {
$bookmark_id = $_POST["bookmark_id"];
} else {
if (isset($_GET["bookmark_id"])) {
$bookmark_id = $_GET["bookmark_id"];
}
}
if (isset($_POST["cancel"])) {
redirect("listbookmarks.php" . $urlext);
return;
}
$userid = get_userid();
if (isset($_POST["editbookmark"])) {
public function extractDataFromUserId($userId = null)
{
$this->userId = cleanValue($userId);
// CHECK USER ID OR DIE
if (!isset($this->userId) || empty($this->userId)) {
//if($this->debug) {
die('this email require an userId to fill fields data. invalid $this->userId in extractDataFromUserId');
//}
//return false;
}
// GET USER DATA
$sql = "select * from respondents where resp_id = " . $this->userId;
$this->userData = a($sql);
// CHECK USER DATA OR DIE
if (!$this->userData) {
//if($this->debug) {
die('user not found. Query: ' . $sql);
//}
//return false;
}
}
$homepage = 'index.php';
}
$dest = $dest . '/' . $homepage;
$dest .= '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY];
redirect($dest);
}
}
}
if (isset($_POST["logincancel"])) {
debug_buffer("Login cancelled. Returning to content.");
redirect($config["root_url"] . '/index.php', true);
}
if (isset($_POST["username"]) && isset($_POST["password"])) {
$username = "";
if (isset($_POST["username"])) {
$username = cleanValue($_POST["username"]);
}
$password = "";
if (isset($_POST["password"])) {
$password = $_POST["password"];
}
global $gCms;
$userops =& $gCms->GetUserOperations();
$oneuser =& $userops->LoadUserByUsername($username, $password, true, true);
debug_buffer("Got user by username");
debug_buffer($oneuser);
if ($username != "" && $password != "" && isset($oneuser) && $oneuser == true && isset($_POST["loginsubmit"])) {
debug_buffer("Starting login procedure. Setting userid so that other pages will pick it up and set a cookie.");
generate_user_object($oneuser->id);
$_SESSION['login_user_id'] = $oneuser->id;
$_SESSION['login_user_username'] = $oneuser->username;
#along with this program; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#$Id: addbookmark.php 9829 2015-02-19 18:24:10Z calguy1000 $
$CMS_ADMIN_PAGE = 1;
require_once "../include.php";
$urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY];
check_login();
$error = "";
$title = "";
if (isset($_POST["title"])) {
$title = trim(cleanValue($_POST["title"]));
}
$url = "";
if (isset($_POST["url"])) {
$url = trim(cleanValue($_POST["url"]));
}
if (isset($_POST["cancel"])) {
redirect("listbookmarks.php" . $urlext);
return;
}
$userid = get_userid();
if (isset($_POST["addbookmark"])) {
$validinfo = true;
if ($title == "") {
$error .= lang('nofieldgiven', array('addbookmark'));
$validinfo = false;
}
if (stripos($title, 'script:') !== FALSE) {
$error .= lang('missingparams');
$validinfo = false;
function cleanValue($value)
{
if (is_array($value)) {
foreach ($value as $key => $val) {
$value[$key] = cleanValue($val);
}
} elseif (is_bool($value)) {
return $value;
} else {
// Nullbytes abfangen!
if (strpos("tmp" . $value, "") > 0) {
die;
}
$value = rawurldecode($value);
$value = stripslashes($value);
$value = str_replace(array("\r\n", "\r", "\n"), "-tmpbr_", $value);
$value = trim($value, "..");
if (basename($value) != $value) {
$value = str_replace(basename($value), trim(basename($value), ".."), $value);
}
$value = strip_tags($value);
$value = str_replace("-tmpbr_", "\n", $value);
$value = mo_rawurlencode($value);
}
return $value;
}
$errors = explode(' ', trim(strtolower($conn->error)));
if ($errors[0] == "duplicate") {
$arr = array('status' => 'duplicate', 'email' => $newEmail, 'message' => 'This email address is already in use', 'timestamp' => $date);
createJSON($arr, true);
} else {
print "FAILURE: " . $conn->error;
$arr = array('status' => 'failure', 'email' => $newEmail, 'message' => 'Internal server error', 'timestamp' => $date);
createJSON($arr, true);
}
}
}
// if signin form is submitted
if (isset($_POST['signin'])) {
// clean form data
$signinEmail = cleanValue($_POST['signinEmail']);
$signinPassword = cleanValue($_POST['signinPassword']);
// lookup database record
$signinAccountSQL = "SELECT `hash`,`email`,`id`,`permissions` FROM {$tbName} WHERE `email` = '{$signinEmail}'";
$result = $conn->query($signinAccountSQL);
// results from databse
if ($result->num_rows > 0) {
while ($user = $result->fetch_assoc()) {
if (password_verify($signinPassword, $user["hash"]) && $user["email"] == $signinEmail) {
$arr = array('status' => 'success', 'user_data' => array('id' => $user["id"], 'email' => $signinEmail, 'permissions' => $user["permissions"]), 'message' => 'You have successfully signed in', 'timestamp' => $date);
createJSON($arr);
} else {
$arr = array('status' => 'failure', 'user_data' => array('email' => $signinEmail), 'message' => 'There was an error', 'timestamp' => $date);
createJSON($arr, true);
}
}
} else {
/**
* Checks the validity of the supplied Twitter credentials.
*
* Will return false if the username/password combo fails to login.
*
* @param string $username - The supplied Twitter username
* @param boolean $empty - Optional flag, decides whether the email is optional or not
* @param array $params - The extra parameters provided by SmartyValidate
* @param array $formvars - The other form variables provided by the form
* @return boolean - True if email exists, false if not.
*/
public function isValidTwitterCredentials($username, $empty, &$params, &$formvars)
{
// Test Parameters
if (!isset($username) || !isset($formvars[$params['field2']])) {
return $empty;
}
$username = cleanValue($username);
$password = $formvars[$params['field2']];
$req = new HTTP_Request('http://twitter.com/account/verify_credentials.xml');
$req->setMethod(HTTP_REQUEST_METHOD_POST);
$req->setBasicAuth($username, $password);
$response = $req->sendRequest();
$responseCode = $req->getResponseCode();
$responseBody = $req->getResponseBody();
if ($responseCode == '200') {
return true;
}
return false;
}
/**
* Processes submitted forms, redirects to previous page if needed
* @return mixed Returns a ADOdb Connection object (for re-use) if created
*/
function processSubmit($process = 'install')
{
if ($process == 'install') {
switch ($this->currentPage) {
case 2:
if (isset($_POST['recheck'])) {
$this->currentPage = 1;
}
break;
case 3:
if (isset($_POST['recheck'])) {
$this->currentPage = 2;
}
break;
case 4:
if (isset($_POST['umask']) && trim($_POST['umask']) == '') {
$this->errors[] = ilang('test_umask_not_given');
$this->currentPage = 3;
}
if (isset($_POST['recheck'])) {
$this->currentPage = 3;
}
break;
case 5:
$_POST['adminusername'] = cleanValue(trim($_POST['adminusername']));
if ($_POST['adminusername'] == '') {
$this->errors[] = ilang('test_username_not_given');
} elseif (!preg_match("/^[a-zA-Z0-9\\._ ]+\$/", $_POST['adminusername'])) {
$this->errors[] = ilang('test_username_illegal');
}
if (trim($_POST['adminpassword']) == '' || trim($_POST['adminpasswordagain']) == '') {
$this->errors[] = ilang('test_not_both_passwd');
} elseif ($_POST['adminpassword'] != $_POST['adminpasswordagain']) {
$this->errors[] = ilang('test_passwd_not_match');
}
$_POST['adminemail'] = trim($_POST['adminemail']);
if (!empty($_POST['adminemail']) && !is_email($_POST['adminemail'])) {
$this->errors[] = ilang('invalidemail');
}
if (isset($_POST['email_accountinfo']) && empty($_POST['adminemail'])) {
$this->errors[] = ilang('test_email_accountinfo');
}
if (count($this->errors) > 0) {
$this->currentPage = 4;
}
break;
case 6:
if (isset($_POST['prefix']) && $_POST['prefix'] != '' && !preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST['prefix']))) {
$this->errors[] = ilang('test_database_prefix');
$this->currentPage = 5;
return;
}
if (trim($_POST['dbms']) == '') {
$this->errors[] = ilang('test_no_dbms');
$this->currentPage = 5;
return;
}
$db =& ADONewConnection($_POST['dbms'], 'pear:date:extend:transaction');
if (!empty($_POST['db_port'])) {
$db->port = $_POST['db_port'];
}
if (!empty($_POST['db_socket']) && $_POST['dbms'] == 'mysqli') {
$db->socket = $_POST['db_socket'];
}
$result = $db->Connect($_POST['host'], $_POST['username'], $_POST['password'], $_POST['database']);
if (!$result) {
$this->errors[] = ilang('test_could_not_connect_db');
$this->currentPage = 5;
return;
}
//Try to create and drop a dummy table (with appropriate prefix)
$db_prefix = $_POST['prefix'];
@$db->Execute('DROP TABLE ' . $db_prefix . 'dummyinstall');
$result = $db->Execute('CREATE TABLE ' . $db_prefix . 'dummyinstall (i int)');
if ($result) {
$result = $db->Execute('DROP TABLE ' . $db_prefix . 'dummyinstall');
if (!$result) {
//could not drop table
$this->errors[] = ilang('test_could_not_drop_table');
$this->currentPage = 5;
return;
}
} else {
//could not create table
$this->errors[] = ilang('test_could_not_create_table');
$this->currentPage = 5;
return;
}
return $db;
break;
}
} elseif ($process == 'upgrade') {
switch ($this->currentPage) {
case 2:
if (isset($_POST['recheck'])) {
$this->currentPage = 1;
}
break;
case 3:
if (isset($_POST['recheck'])) {
$this->currentPage = 2;
}
break;
case 4:
if (isset($_POST['recheck'])) {
$this->currentPage = 3;
}
break;
case 5:
if (isset($_POST['recheck'])) {
$this->currentPage = 4;
return;
}
$gCms = cmsms();
$db =& $gCms->GetDB();
return $db;
break;
case 6:
if (isset($_POST['recheck'])) {
$this->currentPage = 5;
return;
}
$gCms = cmsms();
$db =& $gCms->GetDB();
return $db;
break;
case 7:
if (isset($_POST['recheck'])) {
$this->currentPage = 6;
}
break;
}
}
return NULL;
}
