/**
* Импортировать файл
*/
function brs_importFile($inputname, $oldvalue = '')
{
global $lang, $cot_translit, $brs_allowed_ext, $brs_files_dir, $cfg;
$import = !empty($_FILES[$inputname]) ? $_FILES[$inputname] : array();
$import['delete'] = cot_import('del_' . $inputname, 'P', 'BOL') ? 1 : 0;
// Если пришел файл или надо удалить существующий
if (is_array($import) && !$import['error'] && !empty($import['name'])) {
$fname = mb_substr($import['name'], 0, mb_strrpos($import['name'], '.'));
$ext = mb_strtolower(mb_substr($import['name'], mb_strrpos($import['name'], '.') + 1));
if (!file_exists($brs_files_dir)) {
mkdir($brs_files_dir);
}
//check extension
if (empty($brs_allowed_ext) || in_array($ext, $brs_allowed_ext)) {
if ($lang != 'en') {
require_once cot_langfile('translit', 'core');
$fname = is_array($cot_translit) ? strtr($fname, $cot_translit) : '';
}
$fname = str_replace(' ', '_', $fname);
$fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname);
$fname = str_replace('..', '.', $fname);
$fname = empty($fname) ? cot_unique() : $fname;
$fname .= file_exists("{$brs_files_dir}/{$fname}.{$ext}") && $oldvalue != $fname . '.' . $ext ? date("YmjGis") : '';
$fname .= '.' . $ext;
$file['old'] = !empty($oldvalue) && ($import['delete'] || $import['tmp_name']) ? $oldvalue : '';
$file['tmp'] = !$import['delete'] ? $import['tmp_name'] : '';
$file['new'] = !$import['delete'] ? $brs_files_dir . $fname : '';
if (!empty($file['old']) && file_exists($file['old'])) {
unlink($file['old']);
}
if (!empty($file['tmp']) && !empty($file['tmp'])) {
move_uploaded_file($file['tmp'], $file['new']);
}
return $file['new'];
} else {
cot_error(cot::$L['brs_err_inv_file_type'], $inputname);
return '';
}
}
}
}
if (!file_exists($file['config_sample'])) {
cot_error(cot_rc('install_error_missing_file', array('file' => $file['config_sample'])));
}
if (!cot_error_found()) {
$config_contents = file_get_contents($file['config']);
cot_install_config_replace($config_contents, 'defaultlang', $rlang);
cot_install_config_replace($config_contents, 'defaulttheme', $rtheme);
cot_install_config_replace($config_contents, 'defaultscheme', $rscheme);
cot_install_config_replace($config_contents, 'mainurl', $cfg['mainurl']);
$new_site_id = cot_unique(32);
cot_install_config_replace($config_contents, 'site_id', $new_site_id);
$new_secret_key = cot_unique(32);
cot_install_config_replace($config_contents, 'secret_key', $new_secret_key);
file_put_contents($file['config'], $config_contents);
$ruserpass['user_passsalt'] = cot_unique(16);
$ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
$ruserpass['user_password'] = cot_hash($user['pass'], $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
try {
$db->insert($db_x . 'users', array('user_name' => $user['name'], 'user_password' => $ruserpass['user_password'], 'user_passsalt' => $ruserpass['user_passsalt'], 'user_passfunc' => $ruserpass['user_passfunc'], 'user_maingrp' => COT_GROUP_SUPERADMINS, 'user_country' => (string) $user['country'], 'user_email' => $user['email'], 'user_theme' => $rtheme, 'user_scheme' => $rscheme, 'user_lang' => $rlang, 'user_regdate' => time(), 'user_lastip' => $_SERVER['REMOTE_ADDR']));
$user['id'] = $db->lastInsertId();
$db->insert($db_x . 'groups_users', array('gru_userid' => (int) $user['id'], 'gru_groupid' => COT_GROUP_SUPERADMINS));
$db->update($db_x . 'config', array('config_value' => $user['email']), "config_owner = 'core' AND config_name = 'adminemail'");
} catch (PDOException $err) {
cot_error(cot_rc('install_error_sql_script', array('msg' => $err->getMessage())));
}
}
break;
case 4:
// Dependency check
$install = true;
/**
* Strips all unsafe characters from file base name and converts it to latin
*
* @param string $name File base name
* @param string $ext File extension
* @param string $savedirectory File path
* @param string $unique_name File path
* @return string
*/
function safename($name, $ext, $savedirectory = '', $unique_name = true)
{
global $lang, $cot_translit, $sys;
if (!$cot_translit && $lang != 'en' && file_exists(cot_langfile('translit', 'core'))) {
require_once cot_langfile('translit', 'core');
}
if ($lang != 'en' && is_array($cot_translit)) {
$name = strtr($name, $cot_translit);
}
$name = str_replace(' ', '_', $name);
$name = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $name);
$name = str_replace('..', '.', $name);
$name = mb_substr($name, 0, 200);
if (empty($name)) {
$name = cot_unique();
}
if ($unique_name && file_exists($this->file_path($savedirectory, $name, $ext))) {
$name .= "_" . cot_date('dmY_His', $sys['now']);
}
if ($unique_name && file_exists($this->file_path($savedirectory, $name, $ext))) {
$name .= "_" . rand(1, 999);
}
return $name;
}
$usr['auth'] = unserialize($row['user_auth']);
$usr['adminaccess'] = cot_auth('admin', 'any', 'R');
$usr['level'] = $cot_groups[$usr['maingrp']]['level'];
$usr['profile'] = $row;
$sys['xk'] = $row['user_token'];
if (!isset($_SESSION['cot_user_id'])) {
$_SESSION['cot_user_id'] = $usr['id'];
}
if ($usr['lastlog'] + $cfg['timedout'] < $sys['now']) {
$sys['comingback'] = TRUE;
if ($usr['lastlog'] > $usr['lastvisit']) {
$usr['lastvisit'] = $usr['lastlog'];
$user_log['user_lastvisit'] = $usr['lastvisit'];
}
// Generate new security token
$token = cot_unique(16);
$sys['xk_prev'] = $sys['xk'];
$sys['xk'] = $token;
$user_log['user_token'] = $token;
}
if (!$cfg['authcache'] || empty($row['user_auth'])) {
$usr['auth'] = cot_auth_build($usr['id'], $usr['maingrp']);
$cfg['authcache'] && ($user_log['user_auth'] = serialize($usr['auth']));
}
$user_log['user_lastlog'] = $sys['now'];
$db->update($db_users, $user_log, "user_id={$usr['id']}");
unset($u, $passhash, $oldhash, $hashsalt, $hashsaltprev, $user_log);
}
}
}
}
/**
* Adds new user
*
* @param array $ruser User data array
* @param string $email Email address
* @param string $name User name; defaults to $email if omitted
* @param string $password Password; randomly generated if omitted
* @param string $maingrp Custom main grp
* @param float $sendemail Send email if need activation
* @return int New user ID or false
* @global CotDB $db
*/
function cot_add_user($ruser, $email = null, $name = null, $password = null, $maingrp = null, $sendemail = true)
{
global $cfg, $cot_extrafields, $db, $db_users, $db_groups_users, $db_x, $L, $R, $sys, $uploadfiles, $usr;
$ruser['user_email'] = !empty($email) ? $email : $ruser['user_email'];
$ruser['user_name'] = !empty($name) ? $name : $ruser['user_name'];
$ruser['user_password'] = !empty($password) ? $password : $ruser['user_password'];
empty($ruser['user_password']) && ($ruser['user_password'] = cot_randomstring());
empty($ruser['user_name']) && ($ruser['user_name'] = $ruser['user_email']);
$password = $ruser['user_password'];
$user_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
$email_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
if (!cot_check_email($ruser['user_email']) || $user_exists || !$cfg['useremailduplicate'] && $email_exists) {
return false;
}
$ruser['user_gender'] = in_array($ruser['user_gender'], array('M', 'F')) ? $ruser['user_gender'] : 'U';
$ruser['user_country'] = mb_strlen($ruser['user_country']) < 4 ? $ruser['user_country'] : '';
$ruser['user_timezone'] = !$ruser['user_timezone'] ? 'GMT' : $ruser['user_timezone'];
$ruser['user_maingrp'] = $db->countRows($db_users) == 0 ? 5 : $cfg['users']['regnoactivation'] ? 4 : 2;
$ruser['user_maingrp'] = (int) $maingrp > 0 ? $maingrp : $ruser['user_maingrp'];
$ruser['user_passsalt'] = cot_unique(16);
$ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
$ruser['user_password'] = cot_hash($ruser['user_password'], $ruser['user_passsalt'], $ruser['user_passfunc']);
$ruser['user_birthdate'] = is_null($ruser['user_birthdate']) || $ruser['user_birthdate'] > $sys['now'] ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']);
$ruser['user_lostpass'] = md5(microtime());
cot_shield_update(20, "Registration");
$ruser['user_hideemail'] = 1;
$ruser['user_theme'] = $cfg['defaulttheme'];
$ruser['user_scheme'] = $cfg['defaultscheme'];
$ruser['user_lang'] = empty($ruser['user_lang']) ? $cfg['defaultlang'] : $ruser['user_lang'];
$ruser['user_regdate'] = (int) $sys['now'];
$ruser['user_logcount'] = 0;
$ruser['user_lastip'] = empty($ruser['user_lastip']) ? $usr['ip'] : $ruser['user_lastip'];
$ruser['user_token'] = cot_unique(16);
if (!$db->insert($db_users, $ruser)) {
return;
}
$userid = $db->lastInsertId();
$db->insert($db_groups_users, array('gru_userid' => (int) $userid, 'gru_groupid' => (int) $ruser['user_maingrp']));
cot_extrafield_movefiles();
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.adduser.done') as $pl) {
include $pl;
}
/* ===== */
if ($ruser['user_maingrp'] == 2 && $sendemail) {
if ($cfg['users']['regrequireadmin']) {
$subject = $L['aut_regrequesttitle'];
$body = sprintf($L['aut_regrequest'], $ruser['user_name']);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
$subject = $L['aut_regreqnoticetitle'];
$inactive = $cfg['mainurl'] . '/' . cot_url('users', 'gm=2&s=regdate&w=desc', '', true);
$body = sprintf($L['aut_regreqnotice'], $ruser['user_name'], $inactive);
cot_mail($cfg['adminemail'], $subject, $body);
} else {
$subject = $L['Registration'];
$activate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=1', '', true);
$deactivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=0', '', true);
$body = sprintf($L['aut_emailreg'], $ruser['user_name'], $activate, $deactivate);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
}
}
return $userid;
}
/**
* Strips all unsafe characters from file base name and converts it to latin
*
* @param string $basename File base name
* @param bool $underscore Convert spaces to underscores
* @param string $postfix Postfix appended to filename
* @return string
*/
function cot_safename($basename, $underscore = true, $postfix = '')
{
global $lang, $cot_translit;
if (!$cot_translit && $lang != 'en' && file_exists(cot_langfile('translit', 'core'))) {
require_once cot_langfile('translit', 'core');
}
$fname = mb_substr($basename, 0, mb_strrpos($basename, '.'));
$ext = mb_substr($basename, mb_strrpos($basename, '.') + 1);
if ($lang != 'en' && is_array($cot_translit)) {
$fname = strtr($fname, $cot_translit);
}
if ($underscore) {
$fname = str_replace(' ', '_', $fname);
}
$fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname);
$fname = str_replace('..', '.', $fname);
if (empty($fname)) {
$fname = cot_unique();
}
return $fname . $postfix . '.' . mb_strtolower($ext);
}
$disp_errors = '';
$u_tmp_name = $_FILES['userfile']['tmp_name'][$ii];
$u_type = $_FILES['userfile']['type'][$ii];
$u_name = $_FILES['userfile']['name'][$ii];
$u_size = $_FILES['userfile']['size'][$ii];
$u_name = str_replace("\\'", '', $u_name);
$u_name = trim(str_replace("\"", '', $u_name));
if (!empty($u_name)) {
$disp_errors .= $u_name . ' : ';
$u_name = mb_strtolower($u_name);
$dotpos = mb_strrpos($u_name, ".") + 1;
$f_extension = mb_substr($u_name, $dotpos);
$f_extension_ok = 0;
$desc = $ndesc[$ii];
if ($cfg['pfs']['pfstimename']) {
$u_newname = time() . '_' . cot_unique(6) . '_' . $userid . '.' . $f_extension;
} else {
$u_newname = cot_safename($u_name, true, '_' . $userid);
}
$u_sqlname = $db->prep($u_newname);
if ($f_extension != 'php' && $f_extension != 'php3' && $f_extension != 'php4' && $f_extension != 'php5') {
foreach ($cot_extensions as $k => $line) {
if (mb_strtolower($f_extension) == $line[0]) {
$f_extension_ok = 1;
}
}
}
if (is_uploaded_file($u_tmp_name) && $u_size > 0 && $u_size < $maxfile && $f_extension_ok && $pfs_totalsize + $u_size < $maxtotal) {
$fcheck = cot_file_check($u_tmp_name, $u_name, $f_extension);
if ($fcheck == 1) {
if (!file_exists($pfs_dir_user . $u_newname)) {
}
$t = new XTemplate($mskin);
// Check for new config options
if (is_writable($file['config']) && file_exists($file['config_sample'])) {
list($old_cfg, $old_db) = cot_get_config($file['config']);
list($new_cfg, $new_db) = cot_get_config($file['config_sample']);
if (count(array_diff($new_cfg, $old_cfg)) > 0 || count(array_diff($new_db, $old_db)) > 0) {
// Add new config options
$delta = '';
if (count(array_diff($new_cfg, $old_cfg)) > 0) {
foreach ($new_cfg as $key => $val) {
if (!isset($old_cfg[$key])) {
if ($key == 'new_install') {
$val = false;
} elseif ($key == 'site_id' || $key == 'secret_key') {
$val = cot_unique(32);
}
if (is_bool($val)) {
$val = $val ? 'TRUE' : 'FALSE';
} elseif (is_int($val) || is_float($val)) {
$val = (string) $val;
} else {
$val = "'{$val}'";
}
$delta .= "\$cfg['{$key}'] = {$val};\n";
}
}
}
if (count(array_diff($new_db, $old_db)) > 0) {
foreach ($new_db as $key => $val) {
if (!isset($old_db[$key])) {
/**
* Imports Extra fields data
*
* @param string $inputname Variable name (or value for source=D)
* @param array $extrafields Extra fields data
* @param string $source Source type: G (GET), P (POST), C (COOKIE) or D (variable filtering)
* @param string $oldvalue Old value of extrafield
* @return string
*/
function cot_import_extrafields($inputname, $extrafield, $source = 'P', $oldvalue = '')
{
global $L;
switch ($extrafield['field_type']) {
case 'input':
$import = $extrafield['field_parse'] == 'Text' ? cot_import($inputname, $source, 'TXT') : cot_import($inputname, $source, 'HTM');
if (!empty($extrafield['field_params']) && !is_null($import) && !preg_match($extrafield['field_params'], $import)) {
$L['field_pregmatch_' . $extrafield['field_name']] = isset($L['field_pregmatch_' . $extrafield['field_name']]) ? $L['field_pregmatch_' . $extrafield['field_name']] : $L['field_pregmatch'];
cot_error('field_pregmatch_' . $extrafield['field_name'], $inputname);
}
break;
case 'inputint':
case 'range':
$extrafield['field_params'] = str_replace(array(' , ', ', ', ' ,'), ',', $extrafield['field_params']);
$import = cot_import($inputname, $source, 'INT');
if (!is_null($import) && !empty($extrafield['field_params'])) {
list($min, $max) = explode(",", $extrafield['field_params'], 2);
$min = (int) $min;
$max = (int) $max;
if ($import < $min || $import > $max) {
cot_error('field_range_' . $extrafield['field_name'], $inputname);
}
}
break;
case 'currency':
case 'double':
$extrafield['field_params'] = str_replace(array(' , ', ', ', ' ,'), ',', $extrafield['field_params']);
$import = cot_import($inputname, $source, 'NUM');
if (!is_null($import)) {
$import = floatval($import);
}
if (!is_null($import) && !empty($extrafield['field_params'])) {
list($min, $max) = explode(",", $extrafield['field_params'], 2);
$min = (int) $min;
$max = (int) $max;
if ($import < $min || $import > $max) {
cot_error('field_range_' . $extrafield['field_name'], $inputname);
}
}
break;
case 'textarea':
$import = cot_import($inputname, $source, 'HTM');
break;
case 'select':
case 'radio':
$extrafield['field_variants'] = str_replace(array(' , ', ', ', ' ,'), ',', $extrafield['field_variants']);
$opt_array = explode(",", trim($extrafield['field_variants']));
$import = cot_import($inputname, $source, 'HTM');
if (!is_null($import) && !in_array(trim($import), $opt_array)) {
$L['field_notinarray_' . $extrafield['field_name']] = isset($L['field_notinarray_' . $extrafield['field_name']]) ? $L['field_notinarray_' . $extrafield['field_name']] : $L['field_notinarray'];
cot_error('field_notinarray_' . $extrafield['field_name'], $inputname);
}
break;
case 'checkbox':
$import = cot_import($inputname, $source, 'BOL');
break;
case 'datetime':
$extrafield['field_params'] = str_replace(array(' , ', ', ', ' ,'), ',', $extrafield['field_params']);
list($min, $max) = explode(",", $extrafield['field_params'], 2);
$import = cot_import_date($inputname, true, false, $source);
if (!is_null($import) && ((int) $min > 0 || (int) $max > 0)) {
list($s_year, $s_month, $s_day, $s_hour, $s_minute) = explode('-', @date('Y-m-d-H-i', $import));
if ($min > $s_year) {
$import = mktime($s_hour, $s_minute, 0, $s_month, $s_day, $min);
}
if ($max < $s_year) {
$import = mktime($s_hour, $s_minute, 0, $s_month, $s_day, $max);
}
}
break;
case 'country':
$import = cot_import($inputname, $source, 'ALP');
break;
case 'checklistbox':
$import = cot_import($inputname, $source, 'ARR');
$extrafield['field_variants'] = str_replace(array(' , ', ', ', ' ,'), ',', $extrafield['field_variants']);
$opt_array = explode(',', trim($extrafield['field_variants']));
if (count($import) < 1) {
$import = null;
} elseif (count($import) == 1 && isset($import['nullval'])) {
$import = array();
} else {
unset($import['nullval']);
foreach ($import as $k => $v) {
$import[$k] = cot_import($v, 'D', 'HTM');
if (!is_null($import[$k]) && !in_array($import[$k], $opt_array)) {
$L['field_notinarray_' . $extrafield['field_name']] = isset($L['field_notinarray_' . $extrafield['field_name']]) ? $L['field_notinarray_' . $extrafield['field_name']] : $L['field_notinarray'];
cot_error('field_notinarray_' . $extrafield['field_name'], $inputname);
}
}
}
if (is_array($import)) {
$import = implode(',', $import);
}
break;
case 'file':
global $lang, $cot_translit, $exfldfiles, $exfldsize, $cfg, $uploadfiles, $pl;
if ($source == 'P' || $source == 'POST') {
$import = $_FILES[$inputname];
$import['delete'] = cot_import('rdel_' . $inputname, 'P', 'BOL') ? 1 : 0;
} elseif ($source == 'D') {
$import = $inputname;
}
/* === Hook === */
foreach (cot_getextplugins('extrafields.import.file.first') as $pl) {
include $pl;
}
/* ===== */
if (is_array($import) && !$import['error'] && !empty($import['name'])) {
$fname = mb_substr($import['name'], 0, mb_strrpos($import['name'], '.'));
$ext = mb_strtolower(mb_substr($import['name'], mb_strrpos($import['name'], '.') + 1));
//check extension
$extrafield['field_variants'] = str_replace(array(' , ', ', ', ' ,'), ',', mb_strtolower($extrafield['field_variants']));
$ext_array = explode(",", trim($extrafield['field_variants']));
if (empty($extrafield['field_variants']) || in_array($ext, $ext_array)) {
if ($lang != 'en' && file_exists(cot_langfile('translit', 'core'))) {
require_once cot_langfile('translit', 'core');
$fname = is_array($cot_translit) ? strtr($fname, $cot_translit) : '';
}
$fname = str_replace(array(' ', ' ', '__'), '_', $fname);
$fname = preg_replace('#[^a-zA-Z0-9\\-_\\.\\ \\+]#', '', $fname);
$fname = str_replace('..', '.', $fname);
$fname = str_replace('__', '_', $fname);
$fname = empty($fname) ? cot_unique() : $fname;
// Generate unique file name. Old file - must be removed any way
$extrafield['field_params'] = !empty($extrafield['field_params']) ? $extrafield['field_params'] : $cfg['extrafield_files_dir'];
$extrafield['field_params'] .= mb_substr($extrafield['field_params'], -1) == '/' ? '' : '/';
if (file_exists("{$extrafield['field_params']}{$fname}.{$ext}")) {
$fname = $inputname . '_' . date("YmjGis") . '_' . $fname;
}
$fname .= '.' . $ext;
$file['old'] = !empty($oldvalue) && ($import['delete'] || $import['tmp_name']) ? $extrafield['field_params'] . $oldvalue : '';
$file['field'] = $extrafield['field_name'];
$file['tmp'] = !$import['delete'] ? $import['tmp_name'] : '';
$file['new'] = !$import['delete'] ? $extrafield['field_params'] . $fname : '';
/* === Hook === */
foreach (cot_getextplugins('extrafields.import.file.done') as $pl) {
include $pl;
}
/* ===== */
$exfldsize[$extrafield['field_name']] = $import['size'];
$uploadfiles[] = $file;
$import = $fname;
} else {
cot_error('field_extension_' . $extrafield['field_name'], $inputname);
$exfldsize[$extrafield['field_name']] = null;
$import = null;
}
} elseif (is_array($import) && $import['delete']) {
$exfldsize[$extrafield['field_name']] = 0;
$import = '';
$extrafield['field_params'] = !empty($extrafield['field_params']) ? $extrafield['field_params'] : $cfg['extrafield_files_dir'];
$file['old'] = !empty($oldvalue) ? "{$extrafield['field_params']}/{$oldvalue}" : '';
$file['field'] = $extrafield['field_name'];
$uploadfiles[] = $file;
} else {
$exfldsize[$extrafield['field_name']] = null;
$import = null;
}
break;
case 'filesize':
global $exfldsize;
$import = $exfldsize[$extrafield['field_variants']];
break;
}
if ((is_null($import) || $import === '') && $extrafield['field_required']) {
$fname = !empty($extrafield['field_description']) ? $extrafield['field_description'] : $extrafield['field_name'];
$msg = isset($L['field_required_' . $extrafield['field_name']]) ? 'field_required_' . $extrafield['field_name'] : $L['field_required'] . ': ' . $fname;
cot_error($msg, $inputname);
}
return $import;
}
