/** * if detect a $_POST["fieldname"] it acquire the new value * this class override this method for "formatting" purposes * * @access private * @return void */ function _getNewValue() { parent::_getNewValue(); if (isset($this->request[$this->name])) { $this->newValue = entities_to_ascii($this->newValue); } }
public function test_entities_to_ascii() { $strs = array('“‘ “test”' => '“‘ “test”', '†¥¨ˆøåß∂ƒ©˙∆˚¬' => '†¥¨ˆøåß∂ƒ©˙∆˚¬'); foreach ($strs as $str => $expect) { $this->assertEquals($expect, entities_to_ascii($str)); } }
protected function _post_args($key, $type = ARGS_TYPE_STRING, $default = '', $params = array()) { $value = ''; $post_default = ''; $key_exist = array_key_exists($key, $_POST); $override = array_key_exists('override', $params) ? $params['override'] : FALSE; $entities_to_ascii = array_key_exists('entities_to_ascii', $params) ? $params['entities_to_ascii'] : FALSE; $gtzero = array_key_exists('gtzero', $params) ? $params['gtzero'] : TRUE; switch ($type) { case ARGS_TYPE_STRING: $post_default = $override ? $default : ''; $value = $key_exist ? $this->input->post($key, TRUE) ? $this->input->post($key, TRUE) : $post_default : $default; if ($entities_to_ascii) { $value = entities_to_ascii($value); } break; case ARGS_TYPE_INT: $default = validate_integer($default) ? to_int($default) : 0; $post_default = $override ? $default : 0; $value = $key_exist ? ($value = $this->input->post($key)) && gtzero_integer($value) ? to_int($value) : $post_default : $default; break; case ARGS_TYPE_TRUE_FALSE: $default = validate_integer($default) ? gtzero_integer($default) ? TRUE : FALSE : FALSE; $post_default = $override ? $default : FALSE; $value = $key_exist ? ($value = $this->input->post($key)) && ($gtzero && gtzero_integer($value) || !$gtzero && validate_integer($value)) ? TRUE : $post_default : $default; break; case ARGS_TYPE_ARRAY: $value = $key_exist ? ($value = $this->input->post($key)) && is_array($value) ? $value : array() : (is_array($default) ? $default : array()); break; case ARGS_TYPE_DECIMAL: $default = gtzero_decimal($default) ? to_float($default) : 0; $post_default = $override ? $default : 0; $value = $key_exist ? ($value = $this->input->post($key)) && gtzero_decimal($value) ? to_float($value) : $post_default : $default; break; case ARGS_TYPE_DATE: $default = validate_date($default) ? $default : ''; $post_default = $override ? $default : ''; $value = $key_exist ? ($value = $this->input->post($key)) && validate_date($value) ? $value : $post_default : $default; break; case ARGS_TYPE_DATETIME: $default = validate_datetime($default) ? $default : ''; $post_default = $override ? $default : ''; $value = $key_exist ? ($value = $this->input->post($key)) && validate_date($value) ? $value : $post_default : $default; break; default: $post_default = $override ? $default : ''; $value = $key_exist ? $this->input->post($key, TRUE) ? $this->input->post($key, TRUE) : $post_default : $default; break; } unset($post_default); return $value; }
/** ---------------------------------------- /** Perform Store Item Actions /** ----------------------------------------*/ function perform_actions($item_id, $qnty, $subtotal, $num_in_cart = '', $type = '') { $query = ee()->db->select('t.title as item_name, simple_commerce_items.*')->where('simple_commerce_items.entry_id = t.entry_id', NULL, FALSE)->where('simple_commerce_items.item_id', $item_id)->from('simple_commerce_items')->from('channel_titles t')->get(); if ($query->num_rows() != 1) { return; } $row = $query->row(); $this->post['item_name'] = $row->item_name; $this->post['item_number'] = $item_id; $this->post['quantity'] = $qnty; $this->post['mc_gross'] = $subtotal; $this->post['member_id'] = $this->post['custom']; $customer_email_template = $row->customer_email_template; $admin_email_template = $row->admin_email_template; $new_member_group = $row->new_member_group; // Type Specific Actions // we ignore subscr_cancel actions since they do not affect the current subscription if ($type == 'subscr_eot') { $new_member_group = $row->member_group_unsubscribe; $admin_email_template = $row->admin_email_template_unsubscribe; $customer_email_template = $row->customer_email_template_unsubscribe; if ($this->end_subscription() === FALSE) { return FALSE; } } elseif ($type == 'subscr_signup') { if (!is_numeric($this->post['mc_amount3']) or $this->post['mc_amount3'] <= 0) { return FALSE; } if ($this->start_subscription($row) === FALSE) { return FALSE; } // Until payment goes through? We do not complete and just put it in as pending return; } elseif ($type == 'subscr_payment') { //if ( ! is_numeric($this->post['mc_amount3']) OR $this->post['mc_amount3'] <= 0) //{ // return FALSE; //} if ($this->subscription_payment($row) === FALSE) { return FALSE; } } /* ------------------------------------- /* 'simple_commerce_perform_actions_start' hook. /* - After a purchase is recorded, do more processing before EE's processing /* - Added EE 1.5.1 */ if (ee()->extensions->active_hook('simple_commerce_perform_actions_start') === TRUE) { ee()->extensions->universal_call('simple_commerce_perform_actions_start', $this, $query->row()); if (ee()->extensions->end_script === TRUE) { return; } } /* /* -------------------------------------*/ if ($type == '') { /* -------------------------------- /* Check Price /* - There is a small chance the Admin changed the price between /* purchase and the receipt of the IP, so we give a small bit of /* wiggle room. About 10%... /* --------------------------------*/ $price = $row->item_use_sale == 'y' ? $row->item_sale_price : $row->item_regular_price; $cost = $subtotal / $qnty; if ($cost < $price * 0.9) { return; } $data = array('txn_id' => $this->post['txn_id'], 'member_id' => $this->post['custom'], 'item_id' => $row->item_id, 'purchase_date' => ee()->localize->now, 'item_cost' => $cost, 'paypal_details' => serialize($this->post)); if (!is_numeric($qnty) or $qnty == 1) { ee()->db->insert('simple_commerce_purchases', $data); ee()->db->where('item_id', $item_id); ee()->db->set('item_purchases', "item_purchases + 1", FALSE); ee()->db->update('simple_commerce_items'); } else { for ($i = 0; $i < $qnty; ++$i) { ee()->db->insert('simple_commerce_purchases', $data); } ee()->db->where('item_id', $item_id); ee()->db->set('item_purchases', "item_purchases + {$qnty}", FALSE); ee()->db->update('simple_commerce_items'); } } // end non-sub entry // New Member Group if ($new_member_group != '' && $new_member_group != 0) { ee()->db->where('member_id', $this->post['custom']); ee()->db->where('group_id !=', 1); ee()->db->update('members', array('group_id' => $new_member_group)); } // Send Emails! ee()->load->library('email'); if ($customer_email_template != '' && $customer_email_template != 0) { ee()->db->select('email'); $result = ee()->db->get_where('members', array('member_id' => $this->post['custom'])); $cust_row = $result->row(); $to = $cust_row->email; ee()->db->select('email_subject, email_body'); $result = ee()->db->get_where('simple_commerce_emails', array('email_id' => $customer_email_template)); if ($result->num_rows() > 0) { $email = $result->row(); $subject = $email->email_subject; $message = $email->email_body; foreach ($this->post as $key => $value) { $subject = str_replace(LD . $key . RD, $value, $subject); $message = str_replace(LD . $key . RD, $value, $message); } // Load the text helper ee()->load->helper('text'); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('site_name')); ee()->email->to($to); ee()->email->subject($subject); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); ee()->email->EE_initialize(); } } if ($row->admin_email_address != '' && $admin_email_template != '' && $admin_email_template != 0) { ee()->db->select('email_subject, email_body'); $result = ee()->db->get_where('simple_commerce_emails', array('email_id' => $admin_email_template)); if ($result->num_rows() > 0) { $email = $result->row(); $subject = $email->email_subject; $message = $email->email_body; foreach ($this->post as $key => $value) { $subject = str_replace(LD . $key . RD, $value, $subject); $message = str_replace(LD . $key . RD, $value, $message); } // Load the text helper ee()->load->helper('text'); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('site_name')); ee()->email->to($row->admin_email_address); ee()->email->subject($subject); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); ee()->email->EE_initialize(); } } /* ------------------------------------- /* 'simple_commerce_perform_actions_end' hook. /* - After a purchase is recorded, do more processing /* - Added EE 1.5.1 */ if (ee()->extensions->active_hook('simple_commerce_perform_actions_end') === TRUE) { ee()->extensions->universal_call('simple_commerce_perform_actions_end', $this, $query->row()); if (ee()->extensions->end_script === TRUE) { return; } } /* /* -------------------------------------*/ }
/** * Send checksum notification * * Sends a notification email to the webmaster if a bootstrap file * was changed. * * @access public * @param string * @param int * @param int */ function send_checksum_notification($changed) { // Send email ee()->load->library('email'); ee()->load->helper('text'); $subject = ee()->lang->line('checksum_email_subject'); $message = ee()->lang->line('checksum_email_message'); $message = str_replace(array('{url}', '{changed}'), array(ee()->config->item('base_url'), implode("\n", $changed)), $message); ee()->email->EE_initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to(ee()->config->item('webmaster_email')); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($subject); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); }
/** * Send Notification Emails * * @return void */ public function send_notification_emails($comments) { // Load subscription class ee()->load->library('subscription'); // Instantiate Typography class ee()->load->library('typography'); ee()->typography->initialize(array('parse_images' => FALSE, 'word_censor' => ee()->config->item('comment_word_censoring') == 'y' ? TRUE : FALSE)); // Grab the required comments ee()->db->select('comment, comment_id, author_id, name, email, comment_date, entry_id'); ee()->db->where_in('comment_id', $comments); $query = ee()->db->get('comments'); // Sort based on entry $entries = array(); foreach ($query->result() as $row) { if (!isset($entries[$row->entry_id])) { $entries[$row->entry_id] = array(); } $entries[$row->entry_id][] = $row; } // Go through the entries and send subscriptions foreach ($entries as $entry_id => $comments) { ee()->subscription->init('comment', array('entry_id' => $entry_id), TRUE); // Grab them all $subscriptions = ee()->subscription->get_subscriptions(); ee()->load->model('comment_model'); $recipients = ee()->comment_model->fetch_email_recipients($entry_id, $subscriptions); if (count($recipients)) { // Grab generic entry info $action_id = ee()->functions->fetch_action_id('Comment_mcp', 'delete_comment_notification'); ee()->db->select('channel_titles.title, channel_titles.entry_id, channel_titles.url_title, channels.channel_title, channels.comment_url, channels.channel_url, channels.channel_id'); ee()->db->join('channels', 'exp_channel_titles.channel_id = exp_channels.channel_id', 'left'); ee()->db->where('channel_titles.entry_id', $entry_id); $results = ee()->db->get('channel_titles'); $com_url = $results->row('comment_url') == '' ? $results->row('channel_url') : $results->row('comment_url'); // Create an array of comments to add to the email $comments_swap = array(); foreach ($comments as $c) { $comment_text = ee()->typography->parse_type($c->comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); $comments_swap[] = array('name_of_commenter' => $c->name, 'name' => $c->name, 'comment' => $comment_text, 'comment_id' => $c->comment_id); } $swap = array('channel_name' => $results->row('channel_title'), 'entry_title' => $results->row('title'), 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'comment_url' => reduce_double_slashes($com_url . '/' . $results->row('url_title') . '/'), 'channel_id' => $results->row('channel_id'), 'entry_id' => $results->row('entry_id'), 'url_title' => $results->row('url_title'), 'comment_url_title_auto_path' => reduce_double_slashes($com_url . '/' . $results->row('url_title')), 'comments' => $comments_swap); $template = ee()->functions->fetch_email_template('comments_opened_notification'); ee()->load->library('template'); $email_tit = ee()->template->parse_variables_row($template['title'], $swap); $email_msg = ee()->template->parse_variables_row($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; // Load the text helper ee()->load->helper('text'); $sent = array(); foreach ($recipients as $val) { if (!in_array($val['0'], $sent)) { $title = $email_tit; $message = $email_msg; $sub = $subscriptions[$val['1']]; $sub_qs = 'id=' . $sub['subscription_id'] . '&hash=' . $sub['hash']; // Deprecate the {name} variable at some point $title = str_replace('{name}', $val['2'], $title); $message = str_replace('{name}', $val['2'], $message); $title = str_replace('{name_of_recipient}', $val['2'], $title); $message = str_replace('{name_of_recipient}', $val['2'], $message); $title = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $title); $message = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $message); ee()->email->EE_initialize(); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($val['0']); ee()->email->subject($title); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); $sent[] = $val['0']; } } } } return; }
/** ----------------------------------- /** Send Message /** -----------------------------------*/ function send_message() { $submission_error = array(); /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if (ee()->session->userdata['is_banned'] === TRUE) { return $this->_error_page(); } /** ---------------------------------------- /** Is the IP or User Agent unavalable? /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_posting') == 'y') { if (ee()->input->ip_address() == '0.0.0.0' or ee()->session->userdata['user_agent'] == '') { return $this->_error_page(); } } /** ------------------------------------- /** Status Setting /** -------------------------------------*/ if (ee()->input->get_post('preview') or ee()->input->get_post('remove')) { $status = 'preview'; } elseif (ee()->input->get_post('draft')) { $status = 'draft'; } else { $status = 'sent'; } /** ------------------------------------- /** Already Sent? /** -------------------------------------*/ if (ee()->input->get_post('message_id') !== FALSE && is_numeric(ee()->input->get_post('message_id'))) { $query = ee()->db->query("SELECT message_status FROM exp_message_data WHERE message_id = '" . ee()->db->escape_str(ee()->input->get_post('message_id')) . "'"); if ($query->num_rows() > 0 && $query->row('message_status') == 'sent') { return $this->_error_page(ee()->lang->line('messsage_already_sent')); } } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_waiting_period => How many hours after becoming a member until they can PM? /* -------------------------------------------*/ $waiting_period = ee()->config->item('prv_msg_waiting_period') !== FALSE ? (int) ee()->config->item('prv_msg_waiting_period') : 1; if (ee()->session->userdata['group_id'] != 1 && ee()->session->userdata['join_date'] > ee()->localize->now - $waiting_period * 60 * 60) { return $this->_error_page(str_replace(array('%time%', '%email%', '%site%'), array($waiting_period, ee()->functions->encode_email(ee()->config->item('webmaster_email')), ee()->config->item('site_name')), ee()->lang->line('waiting_period_not_reached'))); } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_throttling_period => How many seconds between PMs? /* -------------------------------------------*/ if ($status == 'sent' && ee()->session->userdata['group_id'] != 1) { $period = ee()->config->item('prv_msg_throttling_period') !== FALSE ? (int) ee()->config->item('prv_msg_throttling_period') : 30; $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_message_data d\r\n\t\t\t\t\t\t\t\t WHERE d.sender_id = '" . ee()->db->escape_str($this->member_id) . "'\r\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\r\n\t\t\t\t\t\t\t\t AND d.message_date > " . ee()->db->escape_str(ee()->localize->now - $period)); if ($query->row('count') > 0) { return $this->_error_page(str_replace('%x', $period, ee()->lang->line('send_throttle'))); } } /** ------------------------------------------ /** Is there a recipient, subject, and body? /** ------------------------------------------*/ if (ee()->input->get_post('recipients') == '' && $status == 'sent') { $submission_error[] = ee()->lang->line('empty_recipients_field'); } elseif (ee()->input->get_post('subject') == '') { $submission_error[] = ee()->lang->line('empty_subject_field'); } elseif (ee()->input->get_post('body') == '') { $submission_error[] = ee()->lang->line('empty_body_field'); } /** ------------------------------------------- /** Deny Duplicate Data /** -------------------------------------------*/ if (ee()->config->item('deny_duplicate_data') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_message_data d\r\n\t\t\t\t\t\t\t\t WHERE d.sender_id = '" . ee()->db->escape_str($this->member_id) . "'\r\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\r\n\t\t\t\t\t\t\t\t AND d.message_body = '" . ee()->db->escape_str(ee()->security->xss_clean(ee()->input->get_post('body'))) . "'"); if ($query->row('count') > 0) { return $this->_error_page(ee()->lang->line('duplicate_message_sent')); } } /** ------------------------------------------ /** Valid Recipients? - Only Checked on Sent /** ------------------------------------------*/ $recipients = $this->convert_recipients(ee()->input->get_post('recipients'), 'array', 'member_id'); $cc = trim(ee()->input->get_post('cc')) == '' ? array() : $this->convert_recipients(ee()->input->get_post('cc'), 'array', 'member_id'); $recip_orig = count($recipients); $cc_orig = count($cc); // Make sure CC does not contain members in Recipients $cc = array_diff($cc, $recipients); if (count($recipients) == 0 && $status == 'sent') { $submission_error[] = ee()->lang->line('empty_recipients_field'); } if ($this->invalid_name === TRUE) { $submission_error[] = ee()->lang->line('invalid_username'); } /** ------------------------------------------ /** Too Big for Its Britches? /** ------------------------------------------*/ if ($this->max_chars != 0 && strlen(ee()->input->get_post('body')) > $this->max_chars) { $submission_error[] = str_replace('%max%', $this->max_chars, ee()->lang->line('message_too_large')); } /** ------------------------------------- /** Super Admins get a free pass /** -------------------------------------*/ if (ee()->session->userdata('group_id') != 1) { /** ------------------------------------------ /** Sender Allowed to Send More Messages? /** ------------------------------------------*/ $query = ee()->db->query("SELECT COUNT(c.copy_id) AS count\r\n\t\t\t\t\t\t\t\t FROM exp_message_copies c, exp_message_data d\r\n\t\t\t\t\t\t\t\t WHERE c.message_id = d.message_id\r\n\t\t\t\t\t\t\t\t AND c.sender_id = '" . ee()->db->escape_str($this->member_id) . "'\r\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\r\n\t\t\t\t\t\t\t\t AND d.message_date > " . (ee()->localize->now - 24 * 60 * 60)); if ($query->row('count') + count($recipients) + count($cc) > $this->send_limit) { $submission_error[] = ee()->lang->line('sending_limit_warning'); } /** ------------------------------------------ /** Sender Allowed to Store More Messages? /** ------------------------------------------*/ if ($this->storage_limit != '0' && (ee()->input->get_post('sent_copy') !== FALSE && ee()->input->get_post('sent_copy') == 'y')) { if ($this->total_messages == '') { $this->storage_usage(); } if ($this->total_messages + 1 > $this->storage_limit) { $submission_error[] = ee()->lang->line('storage_limit_warning'); } } } /** ------------------------------------- /** Upload Path Set? /** -------------------------------------*/ if ($this->upload_path == '' && (isset($_POST['remove']) or isset($_FILES['userfile']['name']) && $_FILES['userfile']['name'] != '')) { $submission_error[] = ee()->lang->line('unable_to_recieve_attach'); } /** ------------------------------------- /** Attachments? /** -------------------------------------*/ if (ee()->input->get_post('attach') !== FALSE && ee()->input->get_post('attach') != '') { $this->attachments = explode('|', $_POST['attach']); } /* ------------------------------------- /* Create Forward Attachments /* /* We have to copy the attachments for /* forwarded messages. We only do this /* when the compose messaage page is first /* submitted. We have a special variable /* called 'create_attach' to tell us when /* that is. /* -------------------------------------*/ if ($this->attach_allowed == 'y' && $this->upload_path != '' && count($this->attachments) > 0 && ee()->input->get_post('create_attach')) { if (($message = $this->_duplicate_files()) !== TRUE) { $submission_error[] = $message . BR; } } /** ------------------------------------- /** Is this a remove attachment request? /** -------------------------------------*/ if (isset($_POST['remove']) && $this->upload_path != '') { $id = key($_POST['remove']); if (is_numeric($id)) { $this->_remove_attachment($id); // Treat an attachment removal like a draft, where we do not // see the preview only the message. $this->hide_preview = TRUE; } } /** ------------------------------------- /** Do we have an attachment to deal with? /** -------------------------------------*/ if ($this->attach_allowed == 'y') { if ($this->upload_path != '' and isset($_FILES['userfile']['name']) and $_FILES['userfile']['name'] != '') { $preview = ee()->input->post('preview') !== FALSE ? TRUE : FALSE; if (($message = $this->_attach_file()) !== TRUE) { $submission_error[] = $message . BR; } } } /** ----------------------------------- /** Check Overflow /** -----------------------------------*/ $details = array(); $details['overflow_recipients'] = array(); $details['overflow_cc'] = array(); for ($i = 0, $size = count($recipients); $i < $size; $i++) { if ($this->_check_overflow($recipients[$i]) === FALSE) { $details['overflow_recipients'][] = $recipients[$i]; unset($recipients[$i]); } } for ($i = 0, $size = count($cc); $i < $size; $i++) { if ($this->_check_overflow($cc[$i]) === FALSE) { $details['overflow_cc'][] = $cc[$i]; unset($cc[$i]); } } /* ------------------------------------------------- /* If we have people unable to receive a message /* because of an overflow we make the message a /* preview and will send a message to the sender. /* -------------------------------------*/ if (count($details['overflow_recipients']) > 0 or count($details['overflow_cc']) > 0) { sort($recipients); sort($cc); $overflow_names = array(); /* ------------------------------------- /* Send email alert regarding a full /* inbox to these users, load names /* for error message /* -------------------------------------*/ $query = ee()->db->query("SELECT exp_members.screen_name, exp_members.email, exp_members.accept_messages, exp_member_groups.prv_msg_storage_limit\r\n\t\t\t\t\t\t\t\t FROM exp_members\r\n\t\t\t\t\t\t\t\t LEFT JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id\r\n\t\t\t\t\t\t\t\t WHERE exp_members.member_id IN ('" . implode("','", array_merge($details['overflow_recipients'], $details['overflow_cc'])) . "')\r\n\t\t\t\t\t\t\t\t AND exp_member_groups.site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "'"); if ($query->num_rows() > 0) { ee()->load->library('email'); ee()->email->wordwrap = true; $swap = array('sender_name' => ee()->session->userdata('screen_name'), 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('pm_inbox_full'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); foreach ($query->result_array() as $row) { $overflow_names[] = $row['screen_name']; if ($row['accept_messages'] != 'y') { continue; } ee()->email->EE_initialize(); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($row['email']); ee()->email->subject($email_tit); ee()->email->message(ee()->functions->var_swap($email_msg, array('recipient_name' => $row['screen_name'], 'pm_storage_limit' => $row['prv_msg_storage_limit']))); ee()->email->send(); } } $submission_error[] = str_replace('%overflow_names%', implode(', ', $overflow_names), ee()->lang->line('overflow_recipients')); } /** ---------------------------------------- /** Submission Errors Force a Preview /** ----------------------------------------*/ if (count($submission_error) > 0) { $status = 'preview'; $this->hide_preview = TRUE; $this->invalid_name = FALSE; } /* ------------------------------------- /* Check Blocked on Sent /* /* If a message is blocked, we will not notify /* the sender of this and simply proceed. /* -------------------------------------*/ if ($status == 'sent') { $sql = "SELECT member_id FROM exp_message_listed\r\n\t\t\t\t\tWHERE listed_type = 'blocked'\r\n\t\t\t\t\tAND listed_member = '{$this->member_id}'\r\n\t\t\t\t\tAND\r\n\t\t\t\t\t(\r\n\t\t\t\t\tmember_id IN ('" . implode("','", $recipients) . "')"; if (count($cc) > 0) { $sql .= "OR\r\n\t\t\t\t\t\t member_id IN ('" . implode("','", $cc) . "')"; } $sql .= ")"; $blocked = ee()->db->query($sql); if ($blocked->num_rows() > 0) { foreach ($blocked->result_array() as $row) { $details['blocked'][] = $row['member_id']; } $recipients = array_diff($recipients, $details['blocked']); $cc = count($cc) > 0 ? array_diff($cc, $details['blocked']) : array(); sort($recipients); sort($cc); } } /** ------------------------------------- /** Store Data /** -------------------------------------*/ $data = array('sender_id' => $this->member_id, 'message_date' => ee()->localize->now, 'message_subject' => ee()->input->get_post('subject', TRUE), 'message_body' => ee()->input->get_post('body', TRUE), 'message_tracking' => !ee()->input->get_post('tracking') ? 'n' : 'y', 'message_attachments' => count($this->attachments) > 0 ? 'y' : 'n', 'message_recipients' => implode('|', $recipients), 'message_cc' => implode('|', $cc), 'message_hide_cc' => !ee()->input->get_post('hide_cc') ? 'n' : 'y', 'message_sent_copy' => !ee()->input->get_post('sent_copy') ? 'n' : 'y', 'total_recipients' => count($recipients) + count($cc), 'message_status' => $status); if (ee()->input->get_post('message_id') && is_numeric(ee()->input->get_post('message_id'))) { /* ------------------------------------- /* Preview or Draft previously submitted. /* So, we're updating an already existing message /* -------------------------------------*/ $message_id = ee()->input->get_post('message_id'); unset($data['message_id']); ee()->db->query(ee()->db->update_string('exp_message_data', $data, "message_id = '" . ee()->db->escape_str($message_id) . "'")); } else { ee()->db->query(ee()->db->insert_string('exp_message_data', $data)); $message_id = ee()->db->insert_id(); } /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ if ($status == 'sent') { $copy_data = array('message_id' => $message_id, 'sender_id' => $this->member_id); /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ for ($i = 0, $size = count($recipients); $i < $size; $i++) { $copy_data['recipient_id'] = $recipients[$i]; $copy_data['message_authcode'] = ee()->functions->random('alnum', 10); ee()->db->query(ee()->db->insert_string('exp_message_copies', $copy_data)); } for ($i = 0, $size = count($cc); $i < $size; $i++) { $copy_data['recipient_id'] = $cc[$i]; $copy_data['message_authcode'] = ee()->functions->random('alnum', 10); ee()->db->query(ee()->db->insert_string('exp_message_copies', $copy_data)); } /** ---------------------------------- /** Increment exp_members.private_messages /** ----------------------------------*/ ee()->db->query("UPDATE exp_members SET private_messages = private_messages + 1\r\n\t\t\t\t\t\tWHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')"); /** ---------------------------------- /** Send Any and All Email Notifications /** ----------------------------------*/ $query = ee()->db->query("SELECT screen_name, email FROM exp_members\r\n\t\t\t\t\t\t\t\t WHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')\r\n\t\t\t\t\t\t\t\t AND notify_of_pm = 'y'\r\n\t\t\t\t\t\t\t\t AND member_id != {$this->member_id}"); if ($query->num_rows() > 0) { ee()->load->library('typography'); ee()->typography->initialize(array('parse_images' => FALSE, 'smileys' => FALSE, 'highlight_code' => TRUE)); if (ee()->config->item('enable_censoring') == 'y' and ee()->config->item('censored_words') != '') { $subject = ee()->typography->filter_censored_words(ee()->security->xss_clean(ee()->input->get_post('subject'))); } else { $subject = ee()->security->xss_clean(ee()->input->get_post('subject')); } $body = ee()->typography->parse_type(stripslashes(ee()->security->xss_clean(ee()->input->get_post('body'))), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); ee()->load->library('email'); ee()->email->wordwrap = true; $swap = array('sender_name' => ee()->session->userdata('screen_name'), 'message_subject' => $subject, 'message_content' => $body, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('private_message_notification'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Load the text helper ee()->load->helper('text'); foreach ($query->result_array() as $row) { ee()->email->EE_initialize(); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($row['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii(ee()->functions->var_swap($email_msg, array('recipient_name' => $row['screen_name'])))); ee()->email->send(); } } } /** ------------------------------------- /** Sent Copy? /** -------------------------------------*/ if ($status == 'sent' && $data['message_sent_copy'] == 'y') { $copy_data['recipient_id'] = $this->member_id; $copy_data['message_authcode'] = ee()->functions->random('alnum', 10); $copy_data['message_folder'] = '2'; // Sent Message Folder $copy_data['message_read'] = 'y'; // Already read automatically ee()->db->query(ee()->db->insert_string('exp_message_copies', $copy_data)); } /** ------------------------------------- /** Replying or Forwarding? /** -------------------------------------*/ if ($status == 'sent' && (ee()->input->get_post('replying') !== FALSE or ee()->input->get_post('forwarding') !== FALSE)) { $copy_id = ee()->input->get_post('replying') !== FALSE ? ee()->input->get_post('replying') : ee()->input->get_post('forwarding'); $status = ee()->input->get_post('replying') !== FALSE ? 'replied' : 'forwarded'; ee()->db->query("UPDATE exp_message_copies SET message_status = '{$status}' WHERE copy_id = '{$copy_id}'"); } /** ------------------------------------- /** Correct Member ID for Attachments /** -------------------------------------*/ if (count($this->attachments) > 0) { ee()->db->query("UPDATE exp_message_attachments SET message_id = '{$message_id}'\r\n\t\t\t\t\t\tWHERE attachment_id IN ('" . implode("','", $this->attachments) . "')"); } /** ------------------------------------- /** Remove Temp Status for Attachments /** -------------------------------------*/ if ($status == 'sent') { ee()->db->query("UPDATE exp_message_attachments SET is_temp = 'n' WHERE message_id = '{$message_id}'"); } /** ------------------------------------- /** Redirect Them /** -------------------------------------*/ if ($status == 'preview') { return $this->compose($message_id, $submission_error); } elseif ($status == 'draft') { $this->drafts(); } else { ee()->functions->redirect($this->_create_path('inbox')); } }
/** * Unserialize Cleanup */ function _unserialize_cleanup($vals) { if (is_array($vals)) { foreach ($vals as &$val) { $val = FF2EE2::_unserialize_cleanup($val); } } else { $vals = stripslashes($vals); if (get_instance()->config->item('auto_convert_high_ascii') == 'y') { get_instance()->load->helper('text'); $vals = entities_to_ascii($vals); } } return $vals; }
/** * insert new entry to db * * @access public * @return null */ function insert_new_entry() { $default = array('name', 'email'); $all_fields = ''; $fields = array(); $entry_id = ''; $msg = array(); foreach ($default as $val) { if ( ! isset($_POST[$val])) { $_POST[$val] = ''; } } // ---------------------------------------- // Fetch the freeform language pack // ---------------------------------------- ee()->lang->loadfile('freeform'); // ---------------------------------------- // Is the user banned? // ---------------------------------------- if (ee()->session->userdata['is_banned'] == TRUE) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // ---------------------------------------- // Is the IP address and User Agent required? // ---------------------------------------- if ( $this->check_yes($this->_param('require_ip')) ) { if (ee()->session->userdata['group_id'] != 1 AND ee()->input->ip_address() == '0.0.0.0') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } } // ---------------------------------------- // Is the nation of the user banned? // ---------------------------------------- ee()->session->nation_ban_check(); // ---------------------------------------- // Blacklist/Whitelist Check // ---------------------------------------- if ($this->check_yes(ee()->blacklist->blacklisted) && $this->check_no(ee()->blacklist->whitelisted)) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // ---------------------------------------- // Check duplicates // ---------------------------------------- if ( $this->_param('prevent_duplicate_on') AND $this->_param('prevent_duplicate_on') != '' AND ( ee()->session->userdata['group_id'] != 1 OR ee()->input->get_post('email') != '' ) ) { $sql = " SELECT COUNT(*) AS count FROM exp_freeform_entries WHERE status != 'closed'"; if ( $this->_param('form_name') ) { $sql .= " AND form_name = '".ee()->db->escape_str($this->_param('form_name'))."'"; } if ( $this->_param('prevent_duplicate_on') == 'member_id' AND ee()->session->userdata['member_id'] != '0' ) { $sql .= " AND author_id = '".ee()->db->escape_str(ee()->session->userdata['member_id'])."'"; } elseif ( $this->_param('prevent_duplicate_on') == 'ip_address' AND ee()->input->ip_address() != '0.0.0.0' AND ee()->session->userdata['group_id'] != 1) { $sql .= " AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."'"; } else { $sql .= " AND email = '".ee()->db->escape_str(ee()->input->get_post('email'))."'"; } $dup = ee()->db->query( $sql ); if ( $dup->row('count') > 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('no_duplicates'))); } } // ---------------------------------------- // Start error trapping on required fields // ---------------------------------------- $errors = array(); // Are there any required fields? if ( $this->_param('ee_required') != '' ) { $required_fields = preg_split("/,|\|/" ,$this->_param('ee_required')); // ---------------------------------------- // Let's get labels from the DB // ---------------------------------------- $query = ee()->db->query( "SELECT * FROM exp_freeform_fields" ); $labels = array(); if ( $query->num_rows() > 0 ) { foreach ($query->result_array() as $row) { $labels[$row['name']] = $row['label']; } // Check for empty fields foreach ( $required_fields as $val ) { if ( ! ee()->input->post($val) OR ee()->input->post($val) == '' ) { if (array_key_exists($val, $labels)) { $errors[] = ee()->lang->line('field_required') . ' ' . $labels[$val]; } else { $errors[] = ee()->lang->line('not_in_field_list') . ' ' . $val; } } } // End empty check } // End labels from DB // ---------------------------------------- // Do we require an email address? // ---------------------------------------- if ( isset( $labels['email'] ) AND ee()->input->get_post('email') ) { // ---------------------------------------- // Valid email address? // ---------------------------------------- //1.x if (APP_VER < 2.0) { if ( ! class_exists('Validate')) { require PATH_CORE.'core.validate'.EXT; } $VAL = new Validate( array( 'email' => ee()->input->get_post('email') ) ); } //2.x else { if ( ! class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate'.EXT; } $VAL = new EE_Validate( array( 'email' => ee()->input->get_post('email') ) ); } $VAL->validate_email(); // ---------------------------------------- // Display errors if there are any // ---------------------------------------- if (count($VAL->errors) > 0) { return ee()->output->show_user_error('general', $VAL->errors ); } } } // ---------------------------------------- // Are we trying to accept file uploads? // ---------------------------------------- if ( $this->_param('file_upload') != '' AND $this->upload_limit = $this->_param('upload_limit') ) { $this->_upload_files( TRUE ); } // ---------------------------------------- // 'freeform_module_validate_end' hook. // - This allows developers to do more form validation. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_validate_end') === TRUE) { $errors = ee()->extensions->universal_call('freeform_module_validate_end', $errors); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Do we have errors to display? // ---------------------------------------- if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // ---------------------------------------- // Do we require captcha? // ---------------------------------------- if ( $this->_param('require_captcha') AND $this->check_yes($this->_param('require_captcha')) ) { if ( $this->check_yes(ee()->config->item('captcha_require_members')) OR ( $this->check_no(ee()->config->item('captcha_require_members')) AND ee()->session->userdata('member_id') == 0) ) { if ( ! ee()->input->post('captcha') OR ee()->input->post('captcha') == '') { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_required')); } else { $res = ee()->db->query( "SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "' AND date > UNIX_TIMESTAMP()-7200" ); if ($res->row('count') == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_incorrect')); } // Moved because of file uploading errors /* ee()->db->query("DELETE FROM exp_captcha WHERE (word='".ee()->db->escape_str($_POST['captcha'])."' AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."') OR date < UNIX_TIMESTAMP()-7200"); */ } } } // ---------------------------------------- // Check Form Hash // ---------------------------------------- if ( $this->check_yes(ee()->config->item('secure_forms')) ) { $query = ee()->db->query( "SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address())."' AND date > UNIX_TIMESTAMP()-7200" ); //email_change if ($query->row('count') == 0) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } // Moved because of file uploading errors /* ee()->db->query("DELETE FROM exp_security_hashes WHERE (hash='".ee()->db->escape_str($_POST['XID'])."' AND ip_address = '".ee()->db->escape_str(ee()->input->ip_address())."') OR date < UNIX_TIMESTAMP()-7200"); */ } // ---------------------------------------- // Let's get all of the fields from the // database for testing purposes // ---------------------------------------- $fields['form_name'] = "Collection Name"; $query = ee()->db->query( "SELECT name, label FROM exp_freeform_fields ORDER BY field_order ASC" ); if ($query->num_rows() > 0) { foreach($query->result_array() as $row) { $fields[$row['name']] = $row['label']; } } else { return false; } // ---------------------------------------- // Build the data array // ---------------------------------------- $exclude = array('ACT', 'RET', 'URI', 'PRV', 'XID', 'return', 'ee_notify', 'ee_required', 'submit'); $include = array('status'); $data = array( 'author_id' => ee()->session->userdata['member_id'], 'group_id' => ee()->session->userdata['group_id'], 'ip_address' => ee()->input->ip_address(), 'entry_date' => ee()->localize->now, 'edit_date' => ee()->localize->now ); foreach ( $_POST as $key => $val ) { // ---------------------------------------- // If the given field is not a FreeForm // field or not in our include list, then // skip it. // ---------------------------------------- if ( ! array_key_exists( $key, $fields ) AND ! in_array( $key, $include ) ) continue; // ---------------------------------------- // If the given field is in our exclude // list, then skip it. // ---------------------------------------- if ( in_array( $key, $exclude ) ) continue; if ( $key == 'website' ) { ee()->security->xss_clean( prep_url( ee()->input->post('website') ) ); $data[$key] = ee()->input->post($key); } // If the field is a multi-select field, then handle it as such. if ( is_array( $val ) ) { $val = implode( "\n", $val ); $data[$key] = ee()->security->xss_clean($val); } else { $data[$key] = ee()->security->xss_clean($val); } } //backup for form name in case it isnt in the post data if ( ! isset($data['form_name']) AND $this->_param('form_name') !== FALSE) { $data['form_name'] = $this->_param('form_name'); } //check to see if there is any missing data that we have in the params: /*foreach($fields as $f_key => $f_value) { if ( ! isset($data[$f_key]) AND $this->_param($f_key) !== FALSE) { $data[$f_key] = $this->_param($f_key); } }*/ //i dont want to remove this because we might need it for some god awful reason, but it screws with stuff. $fields['subject'] = "Subject"; // ---------------------------------------- // 'freeform_module_insert_begin' hook. // - This allows developers to do one last thing before Freeform submit is ended. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_insert_begin') === TRUE) { $data = ee()->extensions->universal_call('freeform_module_insert_begin', $data); if (ee()->extensions->end_script === TRUE) return; } // ------------------------------------------------------------------------------------ // Discarded data email_change // ------------------------------------------------------------------------------------ // ---------------------------------------- // Are we discarding some field values and preventing data save on them? // ---------------------------------------- if ( $this->_param('discard_field') != '' ) { foreach ( explode( "|", $this->_param('discard_field') ) as $val ) { if ( ! empty( $data[ $val ] ) ) { $data[ $val ] = ee()->lang->line('discarded_field_data'); } } } // ------------------------------------------------------------------------------------ // end Discarded data email_change // ------------------------------------------------------------------------------------ // ---------------------------------------- // Submit data into DB // ---------------------------------------- $sql = ee()->db->insert_string( 'exp_freeform_entries', $data ); //email_change $query = ee()->db->query( $sql ); $this->entry_id = ee()->db->insert_id(); // ---------------------------------------- // Process file uploads // ---------------------------------------- if ( count( $this->upload ) > 0 ) { $this->_upload_files(); } //---------------------------------------- // Delete CAPTCHA and Form Hash - Moved here because of File Upload Error possibilities // ---------------------------------------- if ( $this->check_yes($this->_param('require_captcha')) && isset($_POST['captcha'])) { ee()->db->query( "DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str(ee()->input->post('captcha')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "') OR date < UNIX_TIMESTAMP()-7200" ); } if ( $this->check_yes(ee()->config->item('secure_forms')) && ee()->input->post('XID') ) { ee()->db->query( "DELETE FROM exp_security_hashes WHERE (hash='" . ee()->db->escape_str(ee()->input->post('XID')) . "' AND ip_address = '" . ee()->db->escape_str(ee()->input->ip_address()) . "') OR date < UNIX_TIMESTAMP()-7200" ); } // ---------------------------------------- // Send notifications // ---------------------------------------- if ( $this->_param('ee_notify') != '' ) { $recipients = preg_split("/,|\|/" , $this->_param('ee_notify') ); $template = ( $this->_param('template') AND $this->_param('template') != '' ) ? $this->_param('template'): 'default_template'; // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name'): ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email'): ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = $this->check_yes($query->row('wordwrap')); $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches) ) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); //i have no idea why this is being done instead of just using $data... $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_module_admin_notification' hook. // - This allows developers to alter the // $msg array before admin notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_admin_notification') === TRUE) { $msg = ee()->extensions->universal_call('freeform_module_admin_notification', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($recipients as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } ee()->email->clear(TRUE); $msg = array(); // ---------------------------------------- // Register the template used // ---------------------------------------- ee()->db->query( ee()->db->update_string( 'exp_freeform_entries', array( 'template' => $template), array( 'entry_id' => $this->entry_id ) ) ); } // ---------------------------------------- // Send user email email_change // ---------------------------------------- if ($this->check_yes($this->_param('recipients')) AND ( ee()->session->userdata['group_id'] == 1 OR ee()->input->ip_address() != '0.0.0.0' ) AND ee()->input->post('recipient_email') !== FALSE) { $all_fields = ''; //don't we already do this...? $template = ( $this->_param('recipient_template') AND $this->_param('recipient_template') != '' ) ? $this->_param('recipient_template') : 'default_template'; // ---------------------------------------- // Array of recipients? // ---------------------------------------- if ( is_array( ee()->input->post('recipient_email') ) === TRUE AND count( ee()->input->post('recipient_email') ) > 0 ) { $recipient_email = ee()->input->post('recipient_email'); } else { $recipient_email = array( ee()->input->post('recipient_email') ); } // if we are using 'static recipients'. e.g., recipient1='bob|bob@email.com' // parse out the uniqids and replace them with the real stored emails if ( $this->_param('static_recipients') == TRUE ) { //prevents injection and only uses hashed emails from the form $temp_email = $recipient_email; $recipient_email = array(); //parse email $stored_recipients = $this->_param('static_recipients_list'); //have to check each email against the entire list. foreach ( $temp_email as $key => $value ) { foreach ( $stored_recipients as $recipient_data ) { if ( $value == $recipient_data['key'] ) { $recipient_email[] = $recipient_data['email']; } } } } // ---------------------------------------- // Validate recipients? // ---------------------------------------- $array = $this->_validate_recipients( implode( ",", $recipient_email ) ); $error = $array['error']; $approved_tos = $array['approved']; // ---------------------------------------- // Over our spam limit? // ---------------------------------------- if ( $this->_param('static_recipients') != TRUE AND count( $approved_tos ) > $this->_param( 'recipient_limit' ) ) { $error[] = ee()->lang->line( 'recipient_limit_exceeded' ); } // ---------------------------------------- // Errors? // ---------------------------------------- if ( count( $error ) > 0 ) { return ee()->output->show_user_error( 'general', $error ); } // ---------------------------------------- // Check for spamming or hacking // ---------------------------------------- $query = ee()->db->query( "SELECT SUM(exp_freeform_user_email.email_count) AS count FROM exp_freeform_entries, exp_freeform_user_email WHERE exp_freeform_entries.entry_id = exp_freeform_user_email.entry_id AND exp_freeform_entries.ip_address = '" . ee()->db->escape_str( ee()->input->ip_address() )."' AND exp_freeform_entries.entry_date > '" . ee()->db->escape_str( ee()->localize->now - ( 60 * ( (int) $this->prefs['spam_interval'] ) ) ) . "'" ); if ( $query->row('count') > $this->prefs['spam_count'] ) { return ee()->email->output->show_user_error( 'general', array(ee()->lang->line('em_limit_exceeded'))); } // ---------------------------------------- // Log the number of emails sent // ---------------------------------------- ee()->db->query( ee()->db->insert_string( "exp_freeform_user_email", array( 'email_count' => count( $approved_tos ) , 'entry_id' => $this->entry_id ) ) ); // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name'): ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email'): ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = $this->check_yes($query->row('wordwrap')); $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches) ) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace($dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_recipient_email' hook. // - This allows developers to alter the // $msg array before admin notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_recipient_email') === TRUE) { $msg = ee()->extensions->universal_call('freeform_recipient_email', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($approved_tos as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } ee()->email->clear(TRUE); $msg = array(); // ---------------------------------------- // Register the template used // ---------------------------------------- ee()->db->query( ee()->db->update_string( 'exp_freeform_entries', array( 'template' => $template), array( 'entry_id' => $this->entry_id ) ) ); } // End send user recipients // ---------------------------------------- // Send user email // ---------------------------------------- //$msg = array(); email_change if ( $this->check_yes($this->_param('send_user_email')) AND ee()->input->get_post('email') ) { $all_fields = ''; $recipients = array(); $recipients[] = ee()->input->get_post('email'); $template = ( $this->_param('user_email_template') AND $this->_param('user_email_template') != '' ) ? $this->_param('user_email_template'): 'default_template'; // ---------------------------------------- // Generate message // ---------------------------------------- $msg = array(); $query = ee()->db->query( "SELECT * FROM exp_freeform_templates WHERE template_name = '" . ee()->db->escape_str($template) . "' AND enable_template = 'y' LIMIT 1" ); if ( $query->num_rows() == 0 ) { return ee()->output->show_user_error('general', array(ee()->lang->line('template_not_available'))); } $msg['from_name'] = ( $query->row('data_from_name') != '' ) ? $query->row('data_from_name') : ee()->config->item('webmaster_name'); $msg['from_email'] = ( $query->row('data_from_email') != '' ) ? $query->row('data_from_email') : ee()->config->item('webmaster_email'); $msg['subject'] = $query->row('data_title'); $msg['msg'] = $query->row('template_data'); $wordwrap = ( $this->check_yes($query->row('wordwrap')) ) ? TRUE: FALSE; $msg['subject'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['subject'] ); $msg['msg'] = str_replace( LD.'entry_date'.RD, ee()->localize->set_human_time(ee()->localize->now), $msg['msg'] ); $msg['subject'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['subject'] ); $msg['msg'] = str_replace( LD.'freeform_entry_id'.RD, $this->entry_id, $msg['msg'] ); /* email_change*/ if (preg_match_all("/".LD."(entry_date)\s+format=([\"'])(.*?)\\2".RD."/is", $msg['subject'].$msg['msg'], $matches)) { for ($j = 0; $j < count($matches[0]); $j++) { $val = $matches[3][$j]; foreach (ee()->localize->fetch_date_params($matches[3][$j]) AS $dvar) { $val = str_replace( $dvar, ee()->localize->convert_timestamp($dvar, ee()->localize->now, TRUE), $val); } $msg['subject'] = str_replace( $matches[0][$j], $val, $msg['subject'] ); $msg['msg'] = str_replace( $matches[0][$j], $val, $msg['msg'] ); } } // ---------------------------------------- // Parse conditionals // ---------------------------------------- //template isn't defined yet, so we have to fetch it //1.x if(APP_VER < 2.0) { if ( ! class_exists('Template')) { require PATH_CORE.'core.template'.EXT; } $local_TMPL = new Template(); } //2.x else { ee()->load->library('template'); $local_TMPL =& ee()->template; } $data['attachment_count'] = count( $this->attachments ); $cond = $data; foreach( $msg as $key => $val ) { $msg[$key] = $local_TMPL->advanced_conditionals( ee()->functions->prep_conditionals( $msg[$key], $cond ) ); } unset( $cond ); // ---------------------------------------- // Parse individual fields // ---------------------------------------- $exclude = array('submit'); foreach ( $msg as $key => $val ) { // ---------------------------------------- // Handle attachments // ---------------------------------------- $msg[$key] = str_replace( LD."attachment_count".RD, $data['attachment_count'], $msg[$key] ); if ( $key == 'msg' ) { $all_fields .= "Attachments: ".$data['attachment_count']."\n"; $n = 0; foreach ( $this->attachments as $file ) { $n++; $all_fields .= "Attachment $n: ".$file['filename']." ".$this->upload['url'].$file['filename']."\n"; } } if ( preg_match( "/".LD."attachments".RD."(.*?)".LD."\/attachments".RD."/s", $msg[$key], $match ) ) { if ( count( $this->attachments ) > 0 ) { $str = ''; foreach ( $this->attachments as $file ) { $tagdata = $match['1']; $tagdata = str_replace( LD."fileurl".RD, $this->upload['url'].$file['filename'], $tagdata ); $tagdata = str_replace( LD."filename".RD, $file['filename'], $tagdata ); $str .= $tagdata; } $msg[$key] = str_replace( $match['0'], $str, $msg[$key] ); } else { $msg[$key] = str_replace( $match['0'], "", $msg[$key] ); } } // ---------------------------------------- // Loop // ---------------------------------------- foreach ( $fields as $name => $label ) { if ( isset( $data[$name] ) AND ! in_array( $name, $exclude ) ) { $msg[$key] = str_replace( LD.$name.RD, $data[$name], $msg[$key] ); // ---------------------------------------- // We don't want to concatenate for every // time through the main loop. // ---------------------------------------- if ( $key == 'msg' ) { $all_fields .= $label.": ".$data[$name]."\n"; } } else { $msg[$key] = str_replace( LD.$name.RD, '', $msg[$key] ); } } } // ---------------------------------------- // Parse all fields variable // ---------------------------------------- if ( stristr( $msg['msg'], LD.'all_custom_fields'.RD ) ) { $msg['msg'] = str_replace( LD.'all_custom_fields'.RD, $all_fields, $msg['msg'] ); } // ---------------------------------------- // 'freeform_module_user_notification' hook. // - This allows developers to alter the $msg array before user notification is sent. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_user_notification') === TRUE) { $msg = ee()->extensions->universal_call('freeform_module_user_notification', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Send email // ---------------------------------------- //ee()->load->library('email'); ee()->email->wordwrap = $wordwrap; ee()->email->mailtype = ( $this->check_yes($query->row('html')) ) ? 'html': 'text'; if ( count( $this->attachments ) > 0 AND $this->check_yes($this->_param('send_user_attachment')) ) { foreach ( $this->attachments as $file_name ) { ee()->email->attach( $file_name['filepath'] ); } ee()->db->query( ee()->db->update_string( 'exp_freeform_attachments', array( 'emailed' => 'y' ), array( 'entry_id' => $this->entry_id ) ) ); } foreach ($recipients as $val) { ee()->email->initialize(); ee()->email->from($msg['from_email'], $msg['from_name']); ee()->email->to($val); ee()->email->subject($msg['subject']); ee()->email->message(entities_to_ascii($msg['msg'])); ee()->email->send(); } $msg = array(); ee()->email->clear(TRUE); } // End send user email // ---------------------------------------- // Subscribe to mailing lists // ---------------------------------------- if ( ee()->input->get_post('mailinglist') ) { if ( ee()->db->table_exists('exp_mailing_lists') ) { // ---------------------------------------- // Do we have an email? // ---------------------------------------- if ( $email = ee()->input->get_post('email') ) { // ---------------------------------------- // Explode mailinglist parameter // ---------------------------------------- if ( is_array( ee()->input->post('mailinglist') ) ) { $lists = implode( "','", ee()->db->escape_str(ee()->input->post('mailinglist'))); } else { $lists = ee()->db->escape_str(ee()->input->post('mailinglist')); } // ---------------------------------------- // Get lists // ---------------------------------------- $subscribed = ''; $sub = ee()->db->query( "SELECT list_id FROM exp_mailing_list WHERE email = '" . ee()->db->escape_str($email) . "' GROUP BY list_id" ); if ( $sub->num_rows() > 0 ) { foreach( $sub->result_array() as $row ) { $subscribed[] = $row['list_id']; } $subscribed = " AND list_id NOT IN (".implode(',', $subscribed).") "; } $query = ee()->db->query( "SELECT DISTINCT list_id, list_title FROM exp_mailing_lists WHERE ( list_id IN ('" . $lists . "') OR list_name IN ('" . $lists . "') ) " . $subscribed ); if ( $query->num_rows() > 0 AND $query->num_rows() < 50 ) { // Kill duplicate emails from authorization queue. This prevents an error if a user // signs up but never activates their email, then signs up again. ee()->db->query( "DELETE FROM exp_mailing_list_queue WHERE email = '" . ee()->db->escape_str($email) . "'" ); foreach ( $query->result_array() as $row ) { // ---------------------------------------- // Insert email // ---------------------------------------- $code = ee()->functions->random('alpha', 10); if ( $this->check_no(ee()->input->get_post('mailinglist_opt_in')) ) { ee()->db->query( ee()->db->insert_string( 'exp_mailing_list', array( 'user_id' => '', 'list_id' => $row['list_id'], 'authcode' => $code, 'email' => $email, 'ip_address' => ee()->input->ip_address() ) ) ); // ---------------------------------------- // Is there an admin notification to send? // ---------------------------------------- if ($this->check_yes(ee()->config->item('mailinglist_notify')) AND ee()->config->item('mailinglist_notify_emails') != '') { $query = ee()->db->query( "SELECT list_title FROM exp_mailing_lists WHERE list_id = '" . ee()->db->escape_str($row['list_id']) . "'" ); $swap = array( 'email' => $email, 'mailing_list' => $query->row('list_title') ); $template = ee()->functions->fetch_email_template('admin_notify_mailinglist'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // ---------------------------- // Send email // ---------------------------- $notify_address = $this->remove_extra_commas( ee()->config->item('mailinglist_notify_emails') ); if ($notify_address != '') { // ---------------------------- // Send email // ---------------------------- //ee()->load->library('email'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = true; ee()->email->from( ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name') ); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } ee()->email->clear(TRUE); } } } else { ee()->db->query( "INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('" . ee()->db->escape_str($email) . "', '" . ee()->db->escape_str($row['list_id']) ."', '" . ee()->db->escape_str($code) . "', '" . time() . "')" ); $this->send_email_confirmation($email, $row, $code); } } } } } } // End subscribe to mailinglists // ---------------------------------------- // 'freeform_module_insert_end' hook. // - This allows developers to do one last thing before Freeform submit is ended. // ---------------------------------------- if (ee()->extensions->active_hook('freeform_module_insert_end') === TRUE) { $edata = ee()->extensions->universal_call('freeform_module_insert_end', $fields, $this->entry_id, $msg); if (ee()->extensions->end_script === TRUE) return; } // ---------------------------------------- // ---------------------------------------- // Set return // ---------------------------------------- if ( ! $return = ee()->input->get_post('return') ) { $return = ee()->input->get_post('RET'); } if ( preg_match( "/".LD."\s*path=(.*?)".RD."/", $return, $match ) > 0 ) { $return = ee()->functions->create_url( $match['1'] ); } elseif ( stristr( $return, "http://" ) === FALSE && stristr( $return, "https://" ) === FALSE ) { $return = ee()->functions->create_url( $return ); } $return = str_replace( "%%entry_id%%", $this->entry_id, $return ); $return = $this->_chars_decode( $return ); // ---------------------------------------- // Return the user // ---------------------------------------- if ( $return != '' ) { ee()->functions->redirect( $return ); } else { ee()->functions->redirect( ee()->functions->fetch_site_index() ); } exit; }
static function fulltext($string) { global $ci; $ci->load->helper('text'); $string = str_replace(array("\r\n", "\r", "\n"), ' ', strip_tags(nl2br($string))); $string = convert_accented_characters(entities_to_ascii($string)); return trim(preg_replace('/\\s(?=\\s)/', '', $string)); }
/** * Register Member */ public function register_member() { // Do we allow new member registrations? if (ee()->config->item('allow_member_registration') == 'n') { return FALSE; } // Is user banned? if (ee()->session->userdata('is_banned') === TRUE) { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } // Blacklist/Whitelist Check if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(lang('not_authorized'))); } ee()->load->helper('url'); // ------------------------------------------- // 'member_member_register_start' hook. // - Take control of member registration routine // - Added EE 1.4.2 // ee()->extensions->call('member_member_register_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Set the default globals $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } // Instantiate validation class if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate.php'; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => trim_nbs($_POST['username']), 'cur_username' => '', 'screen_name' => trim_nbs($_POST['screen_name']), 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => trim($_POST['email']), 'cur_email' => '')); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); // Do we have any custom fields? $query = ee()->db->select('m_field_id, m_field_name, m_field_label, m_field_type, m_field_list_items, m_field_required')->where('m_field_reg', 'y')->get('member_fields'); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $field_name = 'm_field_id_' . $row['m_field_id']; // Assume we're going to save this data, unless it's empty to begin with $valid = isset($_POST[$field_name]) && $_POST[$field_name] != ''; // Basic validations if ($row['m_field_required'] == 'y' && !$valid) { $cust_errors[] = lang('mbr_field_required') . ' ' . $row['m_field_label']; } elseif ($row['m_field_type'] == 'select' && $valid) { // Ensure their selection is actually a valid choice $options = explode("\n", $row['m_field_list_items']); if (!in_array(htmlentities($_POST[$field_name]), $options)) { $valid = FALSE; $cust_errors[] = lang('mbr_field_invalid') . ' ' . $row['m_field_label']; } } if ($valid) { $cust_fields[$field_name] = ee()->security->xss_clean($_POST[$field_name]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = lang('mbr_emails_not_match'); } if (ee()->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = lang('captcha_required'); } } if (ee()->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = lang('mbr_terms_of_service_required'); } } // ------------------------------------------- // 'member_member_register_errors' hook. // - Additional error checking prior to submission // - Added EE 2.5.0 // ee()->extensions->call('member_member_register_errors', $this); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- $errors = array_merge($VAL->errors, $cust_errors, $this->errors); // Display error is there are any if (count($errors) > 0) { return ee()->output->show_user_error('submission', $errors); } // Do we require captcha? if (ee()->config->item('use_membership_captcha') == 'y') { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return ee()->output->show_user_error('submission', array(lang('captcha_incorrect'))); } ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } ee()->load->helper('security'); // Assign the base query data $data = array('username' => trim_nbs(ee()->input->post('username')), 'password' => sha1($_POST['password']), 'ip_address' => ee()->input->ip_address(), 'unique_id' => ee()->functions->random('encrypt'), 'join_date' => ee()->localize->now, 'email' => trim_nbs(ee()->input->post('email')), 'screen_name' => trim_nbs(ee()->input->post('screen_name')), 'url' => prep_url(ee()->input->post('url')), 'location' => ee()->input->post('location'), 'language' => ee()->config->item('deft_lang') ? ee()->config->item('deft_lang') : 'english', 'date_format' => ee()->config->item('date_format') ? ee()->config->item('date_format') : '%n/%j/%y', 'time_format' => ee()->config->item('time_format') ? ee()->config->item('time_format') : '12', 'include_seconds' => ee()->config->item('include_seconds') ? ee()->config->item('include_seconds') : 'n', 'timezone' => ee()->config->item('default_site_timezone')); // Set member group if (ee()->config->item('req_mbr_activation') == 'manual' or ee()->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if (ee()->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = ee()->config->item('default_member_group'); } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'date_format' => 'date_format', 'time_format' => 'time_format', 'include_seconds' => 'include_seconds'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } // We generate an authorization code if the member needs to self-activate if (ee()->config->item('req_mbr_activation') == 'email') { $data['authcode'] = ee()->functions->random('alnum', 10); } // Insert basic member data ee()->db->query(ee()->db->insert_string('exp_members', $data)); $member_id = ee()->db->insert_id(); // Insert custom fields $cust_fields['member_id'] = $member_id; ee()->db->query(ee()->db->insert_string('exp_member_data', $cust_fields)); // Create a record in the member homepage table // This is only necessary if the user gains CP access, // but we'll add the record anyway. ee()->db->query(ee()->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); // Mailinglist Subscribe $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. ee()->db->where('email', $_POST['email'])->delete('mailing_list_queue'); // Validate Mailing List ID $query = ee()->db->select('COUNT(*) as count')->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_lists'); // Email Not Already in Mailing List $results = ee()->db->select('COUNT(*) as count')->where('email', $_POST['email'])->where('list_id', $_POST['mailinglist_subscribe'])->get('mailing_list'); // INSERT Email if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = ee()->functions->random('alnum', 10); if (ee()->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email ee()->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\r\n\t\t\t\t\t\t\t\tVALUES ('" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); ee()->lang->loadfile('mailinglist'); $action_id = ee()->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url')); $template = ee()->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // Send email ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->mailtype = 'plain'; ee()->email->priority = '3'; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($_POST['email']); ee()->email->subject($email_tit); ee()->email->message($email_msg); ee()->email->send(); } else { // Automatically Accepted ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . ee()->db->escape_str($_POST['email']) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); } } } // Update if (ee()->config->item('req_mbr_activation') == 'none') { ee()->stats->update_member_stats(); } // Send admin notifications if (ee()->config->item('new_member_notification') == 'y' && ee()->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes(ee()->config->item('site_name')), 'control_panel_url' => ee()->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mbr_notification_emails'), ',', TRUE); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($notify_address); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // ee()->extensions->call('member_member_register', $data, $member_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- // Send user notifications if (ee()->config->item('req_mbr_activation') == 'email') { $action_id = ee()->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = ee()->input->get_post('board_id') !== FALSE && is_numeric(ee()->input->get_post('board_id')) ? ee()->input->get_post('board_id') : 1; $forum_id = ee()->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = ee()->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Send email ee()->load->helper('text'); ee()->load->library('email'); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($data['email']); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); $message = lang('mbr_membership_instructions_email'); } elseif (ee()->config->item('req_mbr_activation') == 'manual') { $message = lang('mbr_admin_will_activate'); } else { // Log user in (the extra query is a little annoying) ee()->load->library('auth'); $member_data_q = ee()->db->get_where('members', array('member_id' => $member_id)); $incoming = new Auth_result($member_data_q->row()); $incoming->remember_me(); $incoming->start_session(); $message = lang('mbr_your_are_logged_in'); } // Build the message if (ee()->input->get_post('FROM') == 'forum') { $query = $this->_do_form_query(); $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); $return = ee()->config->item('site_url'); } $data = array('title' => lang('mbr_registration_complete'), 'heading' => lang('thank_you'), 'content' => lang('mbr_registration_completed') . "\n\n" . $message, 'redirect' => '', 'link' => array($return, $site_name)); ee()->output->show_message($data); }
function register_member($ext, $doRegister = TRUE, $error_handling = '') { $this->EE->load->helper('security'); $inline_errors = array(); //$this->EE->load->language("member"); /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($this->EE->config->item('allow_member_registration') == 'n') { return array('general', array($this->EE->lang->line('member_registrations_not_allowed'))); } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return array('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->load->helper('url'); /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $this->EE->extensions->call('member_member_register_start'); if ($this->EE->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } if ($_POST['screen_name'] == '') { $_POST['screen_name'] = $_POST['username']; } /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if (!class_exists('EE_Validate')) { require APPPATH . 'libraries/Validate' . EXT; } $VAL = new EE_Validate(array('member_id' => '', 'val_type' => 'new', 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '')); // load the language file $this->EE->lang->loadfile('zoo_visitor'); $VAL->validate_email(); $inline_errors["email"] = $VAL->errors; $offset = count($VAL->errors); /** ------------------------------------- /** Zoo Visitor conditional checking /** -------------------------------------*/ if ($this->zoo_settings['email_is_username'] != 'yes') { $VAL->validate_username(); $inline_errors["username"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } if ($this->zoo_settings['use_screen_name'] != "no") { $VAL->validate_screen_name(); $inline_errors["screen_name"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); } $VAL->validate_password(); $inline_errors["password"] = array_slice($VAL->errors, $offset); $offset = count($VAL->errors); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $this->EE->db->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { if ($row['m_field_required'] == 'y' && (!isset($_POST['m_field_id_' . $row['m_field_id']]) or $_POST['m_field_id_' . $row['m_field_id']] == '')) { $cust_errors[] = $this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']; $inline_errors[$row['m_field_name']] = array($this->EE->lang->line('mbr_field_required') . ' ' . $row['m_field_label']); } elseif (isset($_POST['m_field_id_' . $row['m_field_id']])) { $cust_fields['m_field_id_' . $row['m_field_id']] = $this->EE->security->xss_clean($_POST['m_field_id_' . $row['m_field_id']]); } } } if (isset($_POST['email_confirm']) && $_POST['email'] != $_POST['email_confirm']) { $cust_errors[] = $this->EE->lang->line('mbr_emails_not_match'); $inline_errors["email_confirm"] = array($this->EE->lang->line('mbr_emails_not_match')); } if ($this->EE->config->item('use_membership_captcha') == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { $cust_errors[] = $this->EE->lang->line('captcha_required'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_required')); } } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($this->EE->config->item('use_membership_captcha') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { $cust_errors[] = $this->EE->lang->line('captcha_incorrect'); $inline_errors["captcha"] = array($this->EE->lang->line('captcha_incorrect')); } //$this->EE->db->query("DELETE FROM exp_captcha WHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } if ($this->EE->config->item('require_terms_of_service') == 'y') { if (!isset($_POST['accept_terms'])) { $cust_errors[] = $this->EE->lang->line('mbr_terms_of_service_required'); $inline_errors["accept_terms"] = array($this->EE->lang->line('mbr_terms_of_service_required')); } } $errors = array_merge($VAL->errors, $cust_errors); // =========================== // = Set default membergroup = // =========================== if ($this->EE->config->item('req_mbr_activation') == 'manual' or $this->EE->config->item('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($this->EE->config->item('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $this->EE->config->item('default_member_group'); } } // ============================================ // = Check if there is a membergroup selected = // ============================================ $selected_group_id = $this->check_membergroup_change($data); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return array('submission', $inline_errors); //return array('submission', $errors); } if (!$doRegister) { return TRUE; } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { if (version_compare(APP_VER, '2.5.4', '>=')) { // Secure Mode Forms? if ($this->EE->config->item('secure_forms') == 'y' and !$this->EE->security->secure_forms_check($this->EE->input->post('XID'))) { return $this->EE->output->show_user_error('general', array(lang('not_authorized'))); } } else { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return array('general', array($this->EE->lang->line('not_authorized'))); } $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ $data['username'] = $_POST['username']; $data['password'] = version_compare(APP_VER, '2.6.0', '<') ? $this->EE->functions->hash(stripslashes($_POST['password'])) : do_hash(stripslashes($_POST['password'])); $data['ip_address'] = $this->EE->input->ip_address(); $data['unique_id'] = $this->EE->functions->random('encrypt'); $data['join_date'] = $this->EE->localize->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = prep_url($_POST['url']); $data['location'] = $_POST['location']; // overridden below if used as optional fields $data['language'] = $this->EE->config->item('deft_lang') ? $this->EE->config->item('deft_lang') : 'english'; $data['time_format'] = $this->EE->config->item('time_format') ? $this->EE->config->item('time_format') : 'us'; $data['timezone'] = $this->EE->config->item('default_site_timezone') && $this->EE->config->item('default_site_timezone') != '' ? $this->EE->config->item('default_site_timezone') : $this->EE->config->item('server_timezone'); if (APP_VER < '2.6.0') { $data['daylight_savings'] = $this->EE->config->item('default_site_dst') && $this->EE->config->item('default_site_dst') != '' ? $this->EE->config->item('default_site_dst') : $this->EE->config->item('daylight_savings'); } // ========================== // = Standard member fields = // ========================== $fields = array('bday_y', 'bday_m', 'bday_d', 'url', 'location', 'occupation', 'interests', 'aol_im', 'icq', 'yahoo_im', 'msn_im', 'bio'); foreach ($fields as $val) { if ($this->EE->input->post($val)) { $data[$val] = isset($_POST[$val]) ? $this->EE->security->xss_clean($_POST[$val]) : ''; unset($_POST[$val]); } } if (isset($data['bday_d']) && is_numeric($data['bday_d']) && is_numeric($data['bday_m'])) { $year = $data['bday_y'] != '' ? $data['bday_y'] : date('Y'); $mdays = $this->EE->localize->fetch_days_in_month($data['bday_m'], $year); if ($data['bday_d'] > $mdays) { $data['bday_d'] = $mdays; } } // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach ($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } /* if ($this->EE->input->post('daylight_savings') == 'y') { $data['daylight_savings'] = 'y'; } elseif ($this->EE->input->post('daylight_savings') == 'n') { $data['daylight_savings'] = 'n'; } */ // We generate an authorization code if the member needs to self-activate if ($this->EE->config->item('req_mbr_activation') == 'email') { $data['authcode'] = $this->EE->functions->random('alnum', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $this->EE->db->query($this->EE->db->insert_string('exp_members', $data)); $member_id = $this->EE->db->insert_id(); // ============================================= // = Override the screenname for use in emails = // ============================================= $screen_name_overriden = $this->get_override_screen_name(); $data['screen_name'] = $screen_name_overriden !== FALSE ? $screen_name_overriden : $data['screen_name']; // ========================================================================================= // = Store the selected membergroup if it is defined in the form AND activation is required = // ========================================================================================== if (isset($selected_group_id) and is_numeric($selected_group_id) and $selected_group_id != '1') { if ($this->EE->config->item('req_mbr_activation') == 'email' || $this->EE->config->item('req_mbr_activation') == 'manual') { $activation_data = array(); $activation_data['member_id'] = $member_id; $activation_data['group_id'] = $selected_group_id; $this->EE->db->insert('zoo_visitor_activation_membergroup', $activation_data); } } // ===================== // = HASH THE PASSWORD = // ===================== $this->EE->load->library('auth'); $hashed_pair = $this->EE->auth->hash_password($_POST['password']); if ($hashed_pair === FALSE) { } else { $this->EE->db->where('member_id', (int) $member_id); $this->EE->db->update('members', $hashed_pair); } /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $this->EE->db->query($this->EE->db->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $this->EE->db->query($this->EE->db->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $this->EE->db->query("DELETE FROM exp_mailing_list_queue WHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'"); // Validate Mailing List ID $query = $this->EE->db->query("SELECT COUNT(*) AS count\n\t\t\t\t\t\t\t\t FROM exp_mailing_lists\n\t\t\t\t\t\t\t\t WHERE list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); // Email Not Already in Mailing List $results = $this->EE->db->query("SELECT count(*) AS count\n\t\t\t\t\t\t\t\t\tFROM exp_mailing_list\n\t\t\t\t\t\t\t\t\tWHERE email = '" . $this->EE->db->escape_str($_POST['email']) . "'\n\t\t\t\t\t\t\t\t\tAND list_id = '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row('count') > 0 && $results->row('count') == 0) { $mailinglist_subscribe = TRUE; $code = $this->EE->functions->random('alnum', 10); if ($this->EE->config->item('req_mbr_activation') == 'email') { // Activated When Membership Activated $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $this->EE->db->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date)\n\t\t\t\t\t\t\t\tVALUES ('" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . time() . "')"); $this->EE->lang->loadfile('mailinglist'); $action_id = $this->EE->functions->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array('activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $code, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url')); $template = $this->EE->functions->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $this->EE->functions->var_swap($template['title'], $swap); $email_msg = $this->EE->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'plain'; $this->EE->email->priority = '3'; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($_POST['email']); $this->EE->email->subject($email_tit); $this->EE->email->message($email_msg); $this->EE->email->send(); } else { // Automatically Accepted $this->EE->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\n\t\t\t\t\t\t\t\t\t\t VALUES ('" . $this->EE->db->escape_str($_POST['mailinglist_subscribe']) . "', '" . $code . "', '" . $this->EE->db->escape_str($_POST['email']) . "', '" . $this->EE->db->escape_str($this->EE->input->ip_address()) . "')"); } } } /** ------------------------------------- /** Update /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'none') { $this->EE->stats->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($this->EE->config->item('new_member_notification') == 'y' and $this->EE->config->item('mbr_notification_emails') != '') { $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $swap = array('name' => $name, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'control_panel_url' => $this->EE->config->item('cp_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $this->EE->load->helper('string'); // Remove multiple commas $notify_address = reduce_multiples($this->EE->config->item('mbr_notification_emails'), ',', TRUE); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notify_address); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // - $member_id added in 2.0.1 // $edata = $this->EE->extensions->call('member_member_register', $data, $member_id); if ($this->EE->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------- /** Zoo Visitor assignment /** -------------------------------------*/ $member_data = $data; $member_data["member_id"] = $member_id; /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($this->EE->config->item('req_mbr_activation') == 'email') { $action_id = $this->EE->functions->fetch_action_id('Member', 'activate_member'); $name = $data['screen_name'] != '' ? $data['screen_name'] : $data['username']; $board_id = $this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id')) ? $this->EE->input->get_post('board_id') : 1; $forum_id = $this->EE->input->get_post('FROM') == 'forum' ? '&r=f&board_id=' . $board_id : ''; $add = $mailinglist_subscribe !== TRUE ? '' : '&mailinglist=' . $_POST['mailinglist_subscribe']; $swap = array('name' => $name, 'activation_url' => $this->EE->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&id=' . $data['authcode'] . $forum_id . $add, 'site_name' => stripslashes($this->EE->config->item('site_name')), 'site_url' => $this->EE->config->item('site_url'), 'username' => $data['username'], 'email' => $data['email']); $template = $this->EE->functions->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Load the text helper $this->EE->load->helper('text'); $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($data['email']); $this->EE->email->subject($email_tit); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); $message = $this->EE->lang->line('mbr_membership_instructions_email'); } elseif ($this->EE->config->item('req_mbr_activation') == 'manual') { $message = $this->EE->lang->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user is handled at the end of the extension /** ----------------------------------------*/ } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($this->EE->input->get_post('FROM') == 'forum') { if ($this->EE->input->get_post('board_id') !== FALSE && is_numeric($this->EE->input->get_post('board_id'))) { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '" . $this->EE->db->escape_str($this->EE->input->get_post('board_id')) . "'"); } else { $query = $this->EE->db->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row('board_label'); $return = $query->row('board_forum_url'); } else { $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return = $this->EE->config->item('site_url'); } $data = array('title' => $this->EE->lang->line('mbr_registration_complete'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('mbr_registration_completed'), 'redirect' => '', 'link' => array($return, $site_name), 'result' => 'registration_complete', 'member_data' => $member_data); //$this->EE->output->show_message($data); return $data; }
function cp_welcome_email_send($member_id) { $this->EE =& get_instance(); $this->EE->load->library('email'); $this->EE->load->helper('text'); $password_string = "abcdefghijklmnopqrstuvwxyz1234567890"; $password = ""; for($i=0; $i<8; $i++) { $password .= $password_string[ rand(0, strlen($password_string)-1) ]; } $message = $this->settings["welcome_email_body"]; $from = $this->settings["welcome_email_from"]; $subject = $this->settings["welcome_email_subject"]; $subject = str_replace("{site_name}", $this->EE->config->item('site_name'), $subject); $query = $this->EE->db->query("SELECT username, screen_name, email from exp_members WHERE member_id = " . $member_id); $message = str_replace("{password}", $password, $message); $message = str_replace("{username}", $query->row("username"), $message); $message = str_replace("{name}", $query->row("screen_name"), $message); $message = str_replace("{site_name}", $this->EE->config->item('site_name'), $message); $message = str_replace("{site_url}", $this->EE->config->item('site_url'), $message); $this->EE->db->query("UPDATE exp_members SET password = SHA('". $password . "') WHERE member_id = " . $member_id); $to = $query->row("email"); $this->EE->email->wordwrap = false; $this->EE->email->mailtype = 'text'; $this->EE->email->from( $from ); $this->EE->email->to( $to ); if ($this->settings["welcome_email_bcc"]=="yes") { $this->EE->email->bcc( $this->EE->config->item('webmaster_email') ); } $this->EE->email->subject( $subject ); $this->EE->email->message(entities_to_ascii( $message )); $this->EE->email->Send(); }
/** * Delete Member Account Processing * * @access public * @return string */ public function delete_account() { /** ---------------------------------------- /** Authorization Check /** ----------------------------------------*/ if ($this->_param('member_id') == FALSE or !ctype_digit($this->_param('member_id')) or !isset($_POST['ACT'])) { return $this->_output_error('general', array(ee()->lang->line('not_authorized'))); } if (ee()->session->userdata['member_id'] == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } // If not deleting yourself, you must be a SuperAdmin or have Delete Member permissions // If deleting yourself, you must have permission to do so. if ($this->_param('member_id') != ee()->session->userdata['member_id']) { if (ee()->session->userdata['group_id'] != 1 and ee()->session->userdata['can_delete_members'] != 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } } elseif (ee()->session->userdata['can_delete_self'] !== 'y') { return $this->_output_error('general', ee()->lang->line('not_authorized')); } $admin = ee()->session->userdata['member_id'] != $this->_param('member_id') ? TRUE : FALSE; /** -------------------------------------------- /** Member Data /** --------------------------------------------*/ $query = ee()->db->query("SELECT m.*,\n\t\t\t\t\tmg.mbr_delete_notify_emails\n\t\t\t FROM \texp_members AS m, \n\t\t\t\t\texp_member_groups AS mg\n\t\t\t WHERE \tm.member_id = '" . ee()->db->escape_str($this->_param('member_id')) . "'\n\t\t\t AND \tm.group_id = mg.group_id"); if ($query->num_rows() == 0) { return $this->_output_error('general', ee()->lang->line('not_authorized')); } /** ------------------------------------- /** One cannot delete a SuperAdmin from the User side. Sorry... /** -------------------------------------*/ if ($query->row('group_id') == 1) { return $this->_output_error('general', ee()->lang->line('cannot_delete_super_admin')); } /** -------------------------------------------- /** Variables! /** --------------------------------------------*/ $id = $query->row('member_id'); $check_password = $query->row('password'); $mbr_delete_notify_emails = $query->row('mbr_delete_notify_emails'); $screen_name = $query->row('screen_name'); $email = $query->row('email'); /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata['ip_address'] == '' or ee()->session->userdata['user_agent'] == '') { return $this->_output_error('general', ee()->lang->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if (ee()->session->check_password_lockout() === TRUE) { return $this->_output_error('general', str_replace("%x", ee()->config->item('password_lockout_interval'), ee()->lang->line('password_lockout_in_effect'))); } /* ------------------------------------- /* If deleting self, you must submit your password. /* If SuperAdmin deleting another, must submit your password /* -------------------------------------*/ if (APP_VER >= '2.2.0') { $check_salt = $query->row('salt'); } // Fetch the SAs password instead as they are the one doing the deleting if (ee()->session->userdata['member_id'] != $this->_param('member_id')) { $squery = ee()->db->query("SELECT password" . (APP_VER < '2.2.0' ? '' : ', salt') . " \n\t\t\t\t FROM \texp_members \n\t\t\t\t WHERE \tmember_id = '" . ee()->db->escape_str(ee()->session->userdata['member_id']) . "'"); $check_password = $squery->row('password'); if (APP_VER >= '2.2.0') { $check_salt = $squery->row('salt'); } unset($squery); } if (APP_VER < '2.2.0') { $password = ee()->functions->hash(stripslashes(ee()->input->post('password'))); if ($check_password != $password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } else { ee()->load->library('auth'); $passwd = ee()->auth->hash_password(stripslashes(ee()->input->post('password')), $check_salt); if (!isset($passwd['salt']) or $passwd['password'] != $check_password) { ee()->session->save_password_lockout(); return $this->_output_error('general', ee()->lang->line('invalid_pw')); } } // -------------------------------------------- // EE 2.4 Added a Member Model for Deleting That Works Rather Well // -------------------------------------------- if (APP_VER >= '2.4.0') { ee()->load->model('member_model'); ee()->member_model->delete_member($id); } else { /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = ee()->db->query("SELECT DISTINCT \trecipient_id \n\t\t\t\t FROM \t\t\t\texp_message_copies \n\t\t\t\t WHERE \t\t\t\tsender_id = '{$id}' \n\t\t\t\t AND \t\t\t\tmessage_read = 'n'"); ee()->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = ee()->db->query("SELECT COUNT(*) AS count \n\t\t\t\t\t\t FROM \texp_message_copies \n\t\t\t\t\t\t WHERE \trecipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); ee()->db->query(ee()->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), array('member_id' => $row['recipient_id']))); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if (ee()->config->item('forum_is_installed') == "y") { ee()->db->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = ee()->db->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows() > 0) { $topic_ids = array(); foreach ($query->result_array() as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } ee()->db->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = ee()->db->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if (!class_exists('Forum')) { require PATH_MOD . 'forum/mod.forum' . EXT; require PATH_MOD . 'forum/mod.forum_core' . EXT; } $FRM = new Forum_Core(); foreach ($query->result_array() as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $channel_ids = array(); $recount_ids = array(); // Find Entry IDs and Channel IDs, then DELETE! DELETE, WHA HA HA HA!! if (APP_VER < 2.0) { $query = ee()->db->query("SELECT entry_id, weblog_id AS channel_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT entry_id, channel_id FROM exp_channel_titles WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $entry_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } if (APP_VER < 2.0) { ee()->db->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } else { ee()->db->query("DELETE FROM exp_channel_titles WHERE author_id = '{$id}'"); ee()->db->query("DELETE FROM exp_channel_data WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } ee()->db->query("DELETE FROM exp_comments WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); ee()->db->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('" . implode("','", $entry_ids) . "')"); } // Find the affected entries AND channel ids for author's comments if (APP_VER < 2.0) { $query = ee()->db->query("SELECT DISTINCT(entry_id), weblog_id AS channel_id FROM exp_comments WHERE author_id = '{$id}'"); } else { $query = ee()->db->query("SELECT DISTINCT(entry_id), channel_id FROM exp_comments WHERE author_id = '{$id}'"); } if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $recount_ids[] = $row['entry_id']; $channel_ids[] = $row['channel_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member ee()->db->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); $this->EE->stats->update_member_stats(); // Update stats on channel entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = ee()->db->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . ee()->db->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows() == 0 or !is_numeric($query->row('max_date'))) ? 0 : $query->row('max_date'); $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); if (APP_VER < 2.0) { ee()->db->query("UPDATE exp_weblog_titles SET\tcomment_total = '" . ee()->db->escape_str($query->row('count')) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } else { ee()->db->query("UPDATE exp_channel_titles SET comment_total = '" . ee()->db->escape_str($query->row('count')) . "',\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trecent_comment_date = '{$comment_date}' WHERE entry_id = '{$entry_id}'"); } } } foreach (array_unique($channel_ids) as $channel_id) { if (APP_VER < 2.0) { ee()->stats->update_weblog_stats($channel_id); } else { ee()->stats->update_channel_stats($channel_id); } ee()->stats->update_comment_stats($channel_id); } } // END conditional for EE versions below EE 2.4.0 /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($mbr_delete_notify_emails != '') { $notify_address = $mbr_delete_notify_emails; $swap = array('name' => $screen_name, 'email' => $email, 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_tit = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (stristr($notify_address, $email)) { $notify_address = str_replace($email, "", $notify_address); } ee()->load->helper('string'); $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ ee()->db->query("DELETE FROM exp_online_users \n\t\t\t\t\t\t WHERE site_id = '" . ee()->db->escape_str(ee()->config->item('site_id')) . "' \n\t\t\t\t\t\t AND ip_address = '{ee()->input->ip_address()}' \n\t\t\t\t\t\t AND member_id = '{$id}'"); ee()->db->query("DELETE FROM exp_sessions WHERE member_id = '" . $id . "'"); if ($admin === FALSE) { if (APP_VER < '2.2.0') { ee()->functions->set_cookie(ee()->session->c_password); } ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); } if (ee()->extensions->active_hook('user_delete_account_end') === TRUE) { $edata = ee()->extensions->universal_call('user_delete_account_end', $this); if (ee()->extensions->end_script === TRUE) { return; } } /** ---------------------------------------- /** Override Return /** ----------------------------------------*/ if ($this->_param('override_return') !== FALSE and $this->_param('override_return') != '' && $this->is_ajax_request() === FALSE) { ee()->functions->redirect($this->_param('override_return')); exit; } /** ---------------------------------------- /** Set return /** ----------------------------------------*/ if (ee()->input->get_post('return') !== FALSE and ee()->input->get_post('return') != '') { $return = ee()->input->get_post('return'); } elseif (ee()->input->get_post('RET') !== FALSE and ee()->input->get_post('RET') != '') { $return = ee()->input->get_post('RET'); } else { $return = ee()->config->item('site_url'); } if (preg_match("/" . LD . "\\s*path=(.*?)" . RD . "/", $return, $match)) { $return = ee()->functions->create_url($match['1']); } /** ---------------------------------------- /** Return /** ----------------------------------------*/ $return = $this->_chars_decode($return); // -------------------------------------------- // AJAX Response // -------------------------------------------- if ($this->is_ajax_request()) { $this->send_ajax_response(array('success' => TRUE, 'heading' => lang('user_successful_submission'), 'message' => lang('mbr_account_deleted'), 'content' => lang('mbr_account_deleted'))); } /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => $return); ee()->output->show_message($data); }
function upload_asset() { $settings = $this->_fetch_settings(); $this->EE->load->library('form_validation'); $this->EE->form_validation->set_error_delimiters('<p class="notice">', '</p>'); $this->EE->form_validation->set_rules('title', 'Title', 'required'); if ($this->EE->input->post("id") !== FALSE) { // Update an existing asset if ($this->EE->form_validation->run() === FALSE) { return $this->asset($this->EE->input->post("id")); } // todo: check whether we are replacing the asset with a new one $data = array("title" => $this->EE->input->post("title"), "keywords" => $this->EE->input->post("keywords"), "description" => $this->EE->input->post("description")); $this->EE->db->where('id', $this->EE->input->post("id")); $this->EE->db->update('exp_ajw_client_downloads_asset', $data); $asset_id = $this->EE->input->post("id"); // Get existing folders $this->EE->db->select("folder_id"); $this->EE->db->where("asset_id", $this->EE->input->post("id")); $query = $this->EE->db->get("exp_ajw_client_downloads_folder_assets"); $existing = array(); foreach ($query->result_array() as $row) { $existing[] = $row["folder_id"]; } if ($this->EE->input->post('folders') !== FALSE) { $folders = $this->EE->input->post('folders'); } else { $folders = array(); } $delete = array_diff($existing, $folders); $insert = array_diff($folders, $existing); $update = array_intersect($folders, $existing); // Add new folders foreach ($insert as $folder_id) { $data = array("site_id" => $this->EE->config->item('site_id'), "folder_id" => $folder_id, "asset_id" => $asset_id, "created" => $this->EE->localize->now); $this->EE->db->insert('exp_ajw_client_downloads_folder_assets', $data); } // Remove old folders if (count($delete)) { $this->EE->db->where("site_id", $this->EE->config->item('site_id')); $this->EE->db->where("asset_id", $asset_id); $this->EE->db->where_in("folder_id", $delete); $this->EE->db->delete("exp_ajw_client_downloads_folder_assets"); } $this->EE->functions->redirect($this->base . AMP . "method=assets"); } else { // Add a new asset // $this->EE->form_validation->set_rules('file_upload', 'File', 'callback__file_uploaded'); if ($this->EE->form_validation->run() === FALSE) { return $this->asset($this->EE->input->post("id")); } // Fetch the file if (isset($_FILES["file_upload"]) && $_FILES["file_upload"]["name"] != "") { // Do file upload $config['upload_path'] = $settings["basepath"]; $config['allowed_types'] = '*'; $this->EE->load->library('upload', $config); if (!$this->EE->upload->do_upload("file_upload")) { // todo: handle this error properly print_r($this->EE->upload->display_errors()); exit; } else { $upload = $this->EE->upload->data(); $data = array("site_id" => $this->EE->config->item('site_id'), "title" => $this->EE->input->post("title"), "keywords" => $this->EE->input->post("keywords"), "description" => $this->EE->input->post("description"), "path" => $upload["file_name"], "created" => $this->EE->localize->now); } } elseif ($this->EE->input->post("file") !== FALSE) { // Move file from temporary folder $target_path = $this->settings["basepath"] . $this->EE->input->post("file"); rename($this->settings["temp_path"] . $this->EE->input->post("file"), $target_path); $data = array("site_id" => $this->EE->config->item('site_id'), "title" => $this->EE->input->post("title"), "keywords" => $this->EE->input->post("keywords"), "description" => $this->EE->input->post("description"), "path" => $this->EE->input->post("file"), "created" => $this->EE->localize->now); } $this->EE->db->insert('exp_ajw_client_downloads_asset', $data); $asset_id = $this->EE->db->insert_id(); if ($this->EE->input->post('folders') !== FALSE) { foreach ($this->EE->input->post('folders') as $folder_id) { $data = array("site_id" => $this->EE->config->item('site_id'), "folder_id" => $folder_id, "asset_id" => $asset_id, "created" => $this->EE->localize->now); $this->EE->db->insert('exp_ajw_client_downloads_folder_assets', $data); } } // Send email notification to all members assigned to this folder if ($this->EE->input->post("notify_upload") == "y" && $this->settings["new_asset_email_body"] != "") { $this->EE->db->distinct(); $this->EE->db->select("email"); $this->EE->db->from("exp_ajw_client_downloads_asset"); $this->EE->db->join("exp_ajw_client_downloads_folder_assets", "exp_ajw_client_downloads_asset.id = exp_ajw_client_downloads_folder_assets.asset_id"); $this->EE->db->join("exp_ajw_client_downloads_users", " exp_ajw_client_downloads_folder_assets.folder_id = exp_ajw_client_downloads_users.folder_id"); $this->EE->db->join("exp_members", "exp_ajw_client_downloads_users.member_id = exp_members.member_id"); $this->EE->db->where("exp_ajw_client_downloads_asset.id", $asset_id); $query = $this->EE->db->get(); $this->EE->load->library('email'); $this->EE->load->helper('text'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'text'; $message = $this->settings["new_asset_email_body"]; // todo: any more variables? $message = str_replace('{title}', $this->EE->input->post("title"), $message); foreach ($query->result_array() as $row) { $recipient = $row["email"]; $this->EE->email->initialize(); if (preg_match('/(.*)\\<(.*)\\>/', $this->settings["new_asset_email_from"], $match)) { $this->EE->email->from(trim($match[2]), trim($match[1])); } else { $this->EE->email->from($this->settings["new_asset_email_from"]); } $this->EE->email->to($recipient); $this->EE->email->subject($this->settings["new_asset_email_subject"]); $this->EE->email->message(entities_to_ascii($message)); $this->EE->email->Send(); } } $this->EE->functions->redirect($this->base . AMP . "method=assets"); } }
/** * send notification * * @access public * @param array options for the notifications * @return bool user is flagged */ public function send_notification($options = array()) { // ------------------------------------- // defaults // ------------------------------------- $defaults = array('form_id' => 0, 'entry_id' => 0, 'notification_type' => FALSE, 'template' => 0, 'recipients' => array(), 'form_input_data' => array(), 'extra_message' => '', 'from_name' => ee()->config->item('webmaster_name'), 'from_email' => ee()->config->item('webmaster_email'), 'reply_to_name' => '', 'reply_to_email' => '', 'cc_recipients' => array(), 'bcc_recipients' => array(), 'include_attachments' => '', 'enable_spam_log' => TRUE); $options = array_merge($defaults, $options); //make local keys, but only from defaults //no funny business foreach ($defaults as $key => $value) { ${$key} = isset($options[$key]) ? $options[$key] : $value; } $form_data = $this->data->get_form_info($form_id); //checkity check if (!$form_data or !$this->is_positive_intlike($entry_id) or !$notification_type or !is_array($form_input_data) or empty($form_input_data) or !valid_email($from_email)) { return FALSE; } // ------------------------------------- // validate recipients // ------------------------------------- if (is_string($recipients)) { $recipients = str_replace('|', ' , ', $recipients); } $recipients = $this->validate_emails($recipients); $recipients = $recipients['good']; if ($notification_type == 'admin' and empty($recipients)) { $recipients = array(ee()->config->item('webmaster_email')); } if (empty($recipients)) { return FALSE; } // ------------------------------------- // validate cc/bcc (non-critical) // ------------------------------------- if ($cc_recipients) { $cc_recipients = $this->validate_emails(str_replace('|', ' , ', (string) $cc_recipients)); $cc_recipients = $cc_recipients['good']; } if ($bcc_recipients) { $bcc_recipients = $this->validate_emails(str_replace('|', ' , ', (string) $bcc_recipients)); $bcc_recipients = $bcc_recipients['good']; } // ------------------------------------- // prep libs (don't want to load these // before validation in case we bail) // ------------------------------------- //just in case someone else didn't clean up their mess ee()->email->clear(TRUE); // ------------------------------------- // get notification template // ------------------------------------- $template_id = $template; if (empty($template_id)) { if ($notification_type == 'admin') { $template_id = $form_data['admin_notification_id']; } else { if ($notification_type == 'user') { $template_id = $form_data['user_notification_id']; } } } $template_data = ''; if (empty($template_id)) { $template_data = $this->default_notification_template(); } else { //if its not an int, check it as name $on_column = $this->is_positive_intlike($template_id) ? 'notification_id' : 'notification_name'; ee()->load->model('freeform_notification_model'); $t_query = ee()->freeform_notification_model->get_row(array($on_column => $template_id)); if ($t_query !== FALSE) { $template_data = $t_query; } else { $template_data = $this->default_notification_template(); } } if (!valid_email($reply_to_email)) { if (!empty($template_data['reply_to_email'])) { $reply_to_email = $template_data['reply_to_email']; } else { $reply_to_email = ''; } } if (empty($reply_to_name)) { $reply_to_name = $reply_to_email; } // ------------------------------------- // attachments? // ------------------------------------- if (!isset($include_attachments) or $include_attachments == '') { $include_attachments = ($template_data['include_attachments'] and $this->check_yes($template_data['include_attachments'])); } // ------------------------------------- // validate $from_name // ------------------------------------- $from_name = $template_data['from_name'] ? $template_data['from_name'] : $from_name; $from_email = $template_data['from_email'] ? $template_data['from_email'] : $from_email; //---------------------------------------- // prep variables for field parsing //---------------------------------------- $this->subject = $template_data['email_subject']; $this->message = $template_data['template_data']; $this->email =& ee()->email; $this->all_form_fields = array(); $this->all_form_fields_string = array(); $this->fields = array(); $this->wordwrap = $this->check_yes($template_data['wordwrap']); $this->mailtype = $this->check_yes($template_data['allow_html']) ? 'html' : 'text'; //we need some custom vars from form data and all of the fields $this->variables = array_merge(array('form_name' => $form_data['form_name'], 'form_label' => $form_data['form_label'], 'form_id' => $form_data['form_id'], 'freeform_entry_id' => $entry_id, 'entry_date' => time(), 'attachments' => array(), 'attachment_count' => 0)); $this->field_inputs = $form_input_data; $this->field_outputs = array(); // ------------------------------------- // get instance of field and parse // ------------------------------------- foreach ($form_data['fields'] as $field_id => $field_data) { //if this is a composer form, and the field is not a //member of the form, continue out if (!empty($form_data['composer_field_ids']) and !in_array($field_id, $form_data['composer_field_ids'])) { continue; } //get class instance of field $instance =& ee()->freeform_fields->get_fieldtype_instance($field_data['field_type']); $instance->form_id = $form_id; $instance->entry_id = $entry_id; $instance->field_id = $field_id; $instance->field_name = $field_data['field_name']; $i_settings = json_decode($field_data['settings'], TRUE); $instance->settings = array_merge(is_array($i_settings) ? $i_settings : array(), array('entry_id' => $entry_id)); $output_data = $instance->display_email_data(isset($this->field_inputs[$field_data['field_name']]) ? $this->field_inputs[$field_data['field_name']] : '', $this); if (!is_string($output_data)) { if (is_array($output_data)) { $output_data = implode("\n", $output_data); } else { $output_data = (string) $output_data; } } if ($this->mailtype == 'html') { $output_data = str_replace("\n", '<br/>', $output_data); } //fully builds out all fields for auto setup $this->all_form_fields_string[] = $field_data['field_label'] . ': ' . $output_data; $this->all_form_fields[] = array('field_label' => $field_data['field_label'], 'field_type' => $field_data['field_type'], 'field_data' => $output_data); $this->field_outputs[$field_data['field_name']] = $output_data; //for legacy hooks $this->fields[$field_data['field_name']] = $field_data['field_label']; } //END foreach ($form_data['fields']... // ------------------------------------- // include attachments? // some addons might have inlcluded attachments // ------------------------------------- if (!$include_attachments) { //this is going to clear any attachments //that any of these fields have had privy to add ee()->email->clear(TRUE); $this->variables['attachment_count'] = 0; } else { if ($this->variables['attachment_count'] > 0) { //add final attachment count to all form fields array_unshift($this->all_form_fields_string, lang('attachments') . ': ' . $this->variables['attachment_count']); array_unshift($this->all_form_fields, array('field_label' => lang('attachments'), 'field_type' => '', 'field_data' => $this->variables['attachment_count'])); } } // ------------------------------------- // conditionals, date formats, replacements, etc. FUN! // ------------------------------------- $this->subject = ee()->template->parse_variables($this->subject, array(array_merge($this->variables, $this->field_outputs))); $from_email = ee()->template->parse_variables($from_email, array(array_merge($this->variables, $this->field_outputs))); $from_name = ee()->template->parse_variables($from_name, array(array_merge($this->variables, $this->field_outputs))); $reply_to_email = ee()->template->parse_variables($reply_to_email, array(array_merge($this->variables, $this->field_outputs))); $reply_to_name = ee()->template->parse_variables($reply_to_name, array(array_merge($this->variables, $this->field_outputs))); //we don't want all form fields going into the subject //that would be silly $this->variables['all_form_fields_string'] = implode($this->check_yes($template_data['allow_html']) ? "<br/>" : "\n", $this->all_form_fields_string); $this->variables['all_form_fields'] = $this->all_form_fields; $this->message = ee()->template->parse_variables($this->message, array(array_merge($this->variables, $this->field_outputs))); // ------------------------------------- // parse standard template data // ------------------------------------- $this->message = $this->actions()->template()->process_string_as_template($this->message); // ------------------------------------- // hook prep // ------------------------------------- //this will allow adding or removing of emails through the hook $this->variables['recipients'] = $recipients; $this->variables['cc_recipients'] = $cc_recipients; $this->variables['bcc_recipients'] = $bcc_recipients; $this->variables['reply_to_email'] = $reply_to_email; $this->variables['reply_to_name'] = $reply_to_name; $this->variables['message'] = $this->variables['msg'] = $this->message; $this->variables['subject'] = $this->subject; $this->variables['from_name'] = $from_name; $this->variables['from_email'] = $from_name; $this->variables['field_inputs'] =& $this->field_inputs; $this->variables['field_outputs'] =& $this->field_outputs; // ------------------------------------- // freeform_recipient_email' hook. // This allows developers to alter the // $this->variables array before admin notification is sent. // ------------------------------------- $hook_name = 'freeform_recipient_email'; if ($notification_type == 'admin') { $hook_name = 'freeform_module_admin_notification'; } else { if ($notification_type == 'user') { $hook_name = 'freeform_module_user_notification'; } } if (ee()->extensions->active_hook($hook_name) === TRUE) { $this->variables = ee()->extensions->universal_call($hook_name, $this->fields, $entry_id, $this->variables, $form_id, $this); if (ee()->extensions->end_script === TRUE) { return; } } // ------------------------------------- // post hook var prep // ------------------------------------- $recipients = $this->variables['recipients']; $cc_recipients = $this->variables['cc_recipients']; $bcc_recipients = $this->variables['bcc_recipients']; $reply_to_email = $this->variables['reply_to_email']; $reply_to_name = $this->variables['reply_to_name']; //if the message has changed, copy back if ($this->variables['message'] !== $this->message) { $this->message = $this->variables['message']; } else { if ($this->variables['msg'] !== $this->message) { $this->message = $this->variables['msg']; } } $this->subject = $this->variables['subject']; // ---------------------------------------- // Send email // ---------------------------------------- ee()->email->wordwrap = $this->wordwrap; ee()->email->mailtype = $this->mailtype; $ascii_message = entities_to_ascii($this->message, !$template_data['allow_html']); // ------------------------------------- // cc/bcc? // these will only run once // ------------------------------------- if (is_array($cc_recipients) and !empty($cc_recipients)) { ee()->email->cc($cc_recipients); } if (is_array($bcc_recipients) and !empty($bcc_recipients)) { ee()->email->bcc($bcc_recipients); } //all recipients foreach ($recipients as $email_address) { if ($reply_to_email and valid_email($reply_to_email)) { ee()->email->reply_to($reply_to_email, $reply_to_name); } ee()->email->from($from_email, $from_name); ee()->email->to($email_address); ee()->email->subject(entities_to_ascii($this->subject, TRUE)); ee()->email->message($ascii_message); ee()->email->send(); //clear out but keep attachments //clear last so the first email can get the CC and BCC //on the first item sent ee()->email->clear(FALSE); } //needs a cleanout so the next notification can go ee()->email->clear(TRUE); // ------------------------------------- // clear local vars // ------------------------------------- unset($this->message, $this->subject, $this->variables, $this->all_form_fields, $this->email, $this->field_inputs, $this->field_outputs); // ---------------------------------------- // Register the template used // ---------------------------------------- if ($notification_type != 'admin' and $enable_spam_log) { $this->save_spam_interval($form_id, $entry_id, $recipients); } return TRUE; }
/** ------------------------------------- /** Edit Article /** -------------------------------------*/ function edit_article() { if (ee()->input->post('editing') === FALSE or ee()->input->get_post('title') === FALSE or ee()->input->get_post('title') == '' or ee()->input->get_post('article_content') === FALSE) { return ee()->output->show_user_error('general', array(lang('invalid_permissions'))); } if (!in_array(ee()->session->userdata['group_id'], $this->users) && !in_array(ee()->session->userdata['group_id'], $this->admins)) { return ee()->output->show_user_error('general', array(lang('invalid_permissions'))); } /** ------------------------------------- /** Edit Limit /** -------------------------------------*/ $this->edit_limit(); /** ------------------------------------- /** Process Edit Form /** -------------------------------------*/ $query = $this->topic_request($this->valid_title(ee()->input->get_post('title'))); if ($query->num_rows() == 0) { $current_name = strtolower($this->current_namespace); $key = ''; foreach ($this->namespaces as $name => $label) { if ($current_name == strtolower($label['1'])) { $key = $label['0']; break; } } $data = array('page_name' => $this->topic, 'page_namespace' => $key, 'last_updated' => ee()->localize->now, 'wiki_id' => $this->wiki_id); if (in_array(ee()->session->userdata['group_id'], $this->admins)) { if (ee()->input->get_post('delete_article') == 'y' && $this->current_namespace == $this->category_ns) { $cat_data = $this->determine_category($this->topic); if ($cat_data['cat_id'] != 0) { $results = ee()->db->query("SELECT page_id FROM exp_wiki_category_articles WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); if ($results->num_rows() > 0) { foreach ($results->result_array() as $row) { $count = ee()->db->query("SELECT (COUNT(*) - 1) AS count FROM exp_wiki_category_articles WHERE page_id = '" . ee()->db->escape_str($row['page_id']) . "'"); if ($count->row('count') == 0) { ee()->db->query("UPDATE exp_wiki_page SET has_categories = 'n' WHERE page_id = '" . ee()->db->escape_str($row['page_id']) . "'"); } } } ee()->db->query("DELETE FROM exp_wiki_category_articles WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); ee()->db->query("DELETE FROM exp_wiki_categories WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); ee()->db->query("UPDATE exp_wiki_categories SET parent_id = '0' WHERE parent_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); } } elseif (ee()->input->get_post('delete_article') == 'y') { $this->redirect('', $this->title); } if (ee()->input->get_post('lock_article') == 'y') { $data['page_locked'] = 'y'; } if (ee()->input->get_post('moderate_article') == 'y') { $data['page_moderated'] = 'y'; } } if (ee()->input->get_post('redirect') !== FALSE) { $data['page_redirect'] = $this->valid_title(ee()->input->get_post('redirect')); } $data['last_updated'] = ee()->localize->now; ee()->db->query(ee()->db->insert_string('exp_wiki_page', $data)); $page_id = ee()->db->insert_id(); } else { $page_id = $query->row('page_id'); if (ee()->input->get_post('delete_article') == 'y' && in_array(ee()->session->userdata['group_id'], $this->admins)) { if ($this->current_namespace == $this->category_ns) { $cat_data = $this->determine_category($this->topic); if ($cat_data['cat_id'] != 0) { $results = ee()->db->query("SELECT page_id FROM exp_wiki_category_articles WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); if ($results->num_rows() > 0) { foreach ($results->result_array() as $row) { $count = ee()->db->query("SELECT (COUNT(*) - 1) AS count FROM exp_wiki_category_articles WHERE page_id = '" . ee()->db->escape_str($row['page_id']) . "'"); if ($count->row('count') == 0) { ee()->db->query("UPDATE exp_wiki_page SET has_categories = 'n' WHERE page_id = '" . ee()->db->escape_str($row['page_id']) . "'"); } } } ee()->db->query("DELETE FROM exp_wiki_category_articles WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); ee()->db->query("DELETE FROM exp_wiki_categories WHERE cat_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); ee()->db->query("UPDATE exp_wiki_categories SET parent_id = '0' WHERE parent_id = '" . ee()->db->escape_str($cat_data['cat_id']) . "'"); } } ee()->db->query("DELETE FROM exp_wiki_page WHERE page_id = '" . ee()->db->escape_str($page_id) . "'"); ee()->db->query("DELETE FROM exp_wiki_revisions WHERE page_id = '" . ee()->db->escape_str($page_id) . "'"); ee()->db->query("DELETE FROM exp_wiki_category_articles WHERE page_id = '" . ee()->db->escape_str($page_id) . "'"); $this->redirect('', $this->title); } if ($query->row('page_locked') == 'y' && !in_array(ee()->session->userdata['group_id'], $this->admins)) { return ee()->output->show_user_error('general', array(lang('invalid_permissions'))); } if ($query->row('page_moderated') == 'y' && !in_array(ee()->session->userdata['group_id'], $this->admins)) { $data = array('last_updated' => $query->row('last_updated')); } else { $data = array('last_updated' => ee()->localize->now); } if (ee()->input->get_post('redirect') !== FALSE) { $data['page_redirect'] = $this->valid_title(ee()->input->get_post('redirect')); } if (in_array(ee()->session->userdata['group_id'], $this->admins)) { $data['page_locked'] = ee()->input->get_post('lock_article') == 'y' ? 'y' : 'n'; $data['page_moderated'] = ee()->input->get_post('moderate_article') == 'y' ? 'y' : 'n'; if (ee()->input->get_post('rename') !== FALSE && ee()->input->get_post('rename') != '') { // Default $this->topic = $this->valid_title(ee()->input->get_post('rename')); $this->title = $this->topic; $this->current_namespace = ''; $data['page_name'] = $this->topic; $data['page_namespace'] = ''; if (stristr(ee()->input->get_post('rename'), ':') && count($this->namespaces) > 0) { $parts = explode(':', ee()->input->get_post('rename'), 2); foreach ($this->namespaces as $name => $label) { if ($label['1'] == $parts['0']) { $data['page_namespace'] = $name; $data['page_name'] = $this->valid_title(substr(ee()->input->get_post('rename'), strlen($label['1'] . ':'))); $this->title = $label['1'] . ':' . $data['page_name']; $this->topic = $data['page_name']; $this->current_namespace = $label['1']; break; } } } $t_query = ee()->db->where('page_name', $data['page_name'])->where('LOWER(page_namespace)', $data['page_namespace'])->where('wiki_id', $this->wiki_id)->count_all_results('wiki_page'); if ($t_query > 0) { return ee()->output->show_user_error('general', array(lang('duplicate_article'))); } } } ee()->db->query(ee()->db->update_string('exp_wiki_page', $data, "page_id = '" . ee()->db->escape_str($page_id) . "'")); } /** ------------------------------------- /** Process Revision a Bit and Insert /** -------------------------------------*/ if (isset($data['page_redirect']) && preg_match("|\\#REDIRECT \\[\\[.*?\\]\\]|s", ee()->input->get_post('article_content'), $match)) { $content = str_replace($match['0'], '', ee()->input->get_post('article_content')); } else { $content = ee()->input->get_post('article_content'); } $revision = array('page_id' => $page_id, 'wiki_id' => $this->wiki_id, 'revision_date' => ee()->localize->now, 'revision_author' => ee()->session->userdata['member_id'], 'revision_notes' => ee()->input->get_post('revision_notes') !== FALSE ? ee()->input->get_post('revision_notes') : '', 'page_content' => ee()->security->xss_clean($content)); if ($query->num_rows() > 0 && $query->row('page_moderated') == 'y' && !in_array(ee()->session->userdata['group_id'], $this->admins)) { $revision['revision_status'] = 'closed'; } else { $revision['revision_status'] = 'open'; } ee()->db->query(ee()->db->insert_string('exp_wiki_revisions', $revision)); $revision['revision_id'] = ee()->db->insert_id(); /** ------------------------------------- /** Check and Add Categories - But Not For Categories Namespace /** -------------------------------------*/ if ($revision['revision_status'] == 'open') { $cats = $this->check_categories($page_id, $revision['page_content'], $this->current_namespace); } /** --------------------------------------- /** Update last_revision_id /** ---------------------------------------*/ ee()->db->query(ee()->db->update_string('exp_wiki_page', array('last_revision_id' => $revision['revision_id']), array('page_id' => $page_id))); /** ------------------------------------- /** Moderator Notifications? /** -------------------------------------*/ if ($revision['revision_status'] == 'closed' && trim($this->moderation_emails) != '') { /** ---------------------------- /** Send Emails to Moderators /** ----------------------------*/ $replyto = ee()->session->userdata['email'] == '' ? ee()->config->item('webmaster_email') : ee()->session->userdata['email']; $link = $this->create_url($this->current_namespace, $this->topic); $revision['author'] = ee()->session->userdata['screen_name']; $revision['email'] = ee()->session->userdata['email']; $revision['title'] = $this->title; $revision['content'] = ee()->security->xss_clean($content); $revision['path:view_article'] = $link; $revision['path:view_revision'] = $link . '/revision/' . $revision['revision_id']; $revision['path:open_revision'] = $link . '/revision/' . $revision['revision_id'] . '/open'; $revision['path:close_revision'] = $link . '/revision/' . $revision['revision_id'] . '/close'; ee()->load->library('typography'); ee()->typography->initialize(array('parse_images' => FALSE, 'parse_smileys' => FALSE)); $revision['article'] = $this->convert_curly_brackets(ee()->typography->parse_type($this->wiki_syntax(ee()->security->xss_clean($content)), array('text_format' => $this->text_format, 'html_format' => $this->html_format, 'auto_links' => $this->auto_links, 'allow_img_url' => 'y'))); $subject = ee()->functions->var_swap($this->_fetch_template('wiki_email_moderation_subject.html'), $revision); $message = ee()->functions->var_swap($this->_fetch_template('wiki_email_moderation_message.html'), $revision); ee()->load->library('email'); // Load the text helper ee()->load->helper('text'); $sent = array(); foreach (explode(',', $this->moderation_emails) as $addy) { if (in_array($addy, $sent)) { continue; } ee()->email->EE_initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to($replyto); ee()->email->subject($subject); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); $sent[] = $addy; } } /* ------------------------------------- /* 'edit_wiki_article_end' hook. /* - Add more things to do for wiki articles /* - Added 1.6.0 */ ee()->extensions->universal_call('edit_wiki_article_end', $this, $query); if (ee()->extensions->end_script === TRUE) { return; } /* /* -------------------------------------*/ $query = ee()->db->query("SELECT COUNT(revision_id) AS count FROM exp_wiki_revisions\n\t\t\t\t\t\t\t WHERE page_id = '" . ee()->db->escape_str($page_id) . "'\n\t\t\t\t\t\t\t AND wiki_id = '" . ee()->db->escape_str($this->wiki_id) . "'"); if ($query->row('count') > $this->revision_limit) { $query = ee()->db->query("SELECT revision_id FROM exp_wiki_revisions\n\t\t\t\t\t\t\t\t WHERE page_id = '" . ee()->db->escape_str($page_id) . "'\n\t\t\t\t\t\t\t\t AND wiki_id = '" . ee()->db->escape_str($this->wiki_id) . "'\n\t\t\t\t\t\t\t\t LIMIT {$this->revision_limit}, 1"); if ($query->num_rows() > 0) { ee()->db->query("DELETE FROM exp_wiki_revisions\n\t\t\t\t\t\t\tWHERE page_id = '" . ee()->db->escape_str($page_id) . "'\n\t\t\t\t\t\t\tAND wiki_id = '" . ee()->db->escape_str($this->wiki_id) . "'\n\t\t\t\t\t\t\tAND revision_id < '" . $query->row('revision_id') . "'"); } } // Clear wiki cache ee()->functions->clear_caching('db'); $this->redirect($this->current_namespace, $this->topic); }
/** ---------------------------------------- /** Send Email /** ----------------------------------------*/ function send_email() { $error = array(); /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($this->EE->blacklist->blacklisted == 'y' && $this->EE->blacklist->whitelisted == 'n') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Is the nation of the user banend? /** ----------------------------------------*/ $this->EE->session->nation_ban_check(); /** ---------------------------------------- /** Check and Set /** ----------------------------------------*/ $default = array('subject', 'message', 'from', 'user_recipients', 'to', 'recipients', 'name', 'required'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } else { if (is_array($_POST[$val]) && ($val == 'message' or $val == 'required')) { $temp = ''; foreach ($_POST[$val] as $post_value) { $temp .= $this->EE->input->_clean_input_data($post_value) . "\n"; } $_POST[$val] = $temp; } if ($val == 'recipients') { if (function_exists('mcrypt_encrypt')) { $init_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); $decoded_recipients = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->EE->session->sess_crypt_key), base64_decode($_POST[$val]), MCRYPT_MODE_ECB, $init_vect), ""); } else { $raw = base64_decode($_POST[$val]); $hash = substr($raw, -32); $decoded_recipients = substr($raw, 0, -32); if ($hash != md5($this->EE->session->sess_crypt_key . $decoded_recipients)) { $decoded_recipients = ''; } } $_POST[$val] = $decoded_recipients; } $_POST[$val] = $this->EE->security->xss_clean(trim(stripslashes($_POST[$val]))); } } /** ---------------------------------------- /** Clean incoming /** ----------------------------------------*/ $clean = array('subject', 'from', 'user_recipients', 'to', 'recipients', 'name'); foreach ($clean as $val) { $_POST[$val] = strip_tags($_POST[$val]); } /** ---------------------------------------- /** Fetch the email module language pack /** ----------------------------------------*/ $this->EE->lang->loadfile('email'); /** ---------------------------------------- /** Basic Security Check /** ----------------------------------------*/ if ($this->EE->session->userdata['ip_address'] == '' or $this->EE->session->userdata['user_agent'] == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('em_unauthorized_request'))); } /** ---------------------------------------- /** Return Variables /** ----------------------------------------*/ $x = explode('|', $_POST['RET']); unset($_POST['RET']); if (is_numeric($x['0'])) { $return_link = $this->EE->functions->form_backtrack($x['0']); } else { $return_link = ($x['0'] == '' or !stristr($x['0'], 'http://')) ? $this->EE->functions->form_backtrack(2) : $x['0']; } $site_name = $this->EE->config->item('site_name') == '' ? $this->EE->lang->line('back') : stripslashes($this->EE->config->item('site_name')); $return_name = (!isset($x['1']) or $x['1'] == '') ? $site_name : $x['1']; /** ---------------------------------------- /** ERROR Checking /** ----------------------------------------*/ // If the message is empty, bounce them back if ($_POST['message'] == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('message_required'))); } // If the from field is empty, error $this->EE->load->helper('email'); if ($_POST['from'] == '' or !valid_email($_POST['from'])) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('em_sender_required'))); } // If no recipients, bounce them back if ($_POST['recipients'] == '' && $_POST['to'] == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('em_no_valid_recipients'))); } /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if ($this->EE->session->userdata['is_banned'] == TRUE) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } /** ---------------------------------------- /** Check Form Hash /** ----------------------------------------*/ if ($this->EE->config->item('secure_forms') == 'y') { $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('not_authorized'))); } } /** ---------------------------- /** Check Tracking Class /** ----------------------------*/ $day_ago = $this->EE->localize->now - 60 * 60 * 24; $query = $this->EE->db->query("DELETE FROM exp_email_tracker WHERE email_date < '{$day_ago}'"); if ($this->EE->session->userdata['username'] === false or $this->EE->session->userdata['username'] == '') { $query = $this->EE->db->query("SELECT *\n\t\t\t\t\t\t\t\tFROM exp_email_tracker\n\t\t\t\t\t\t\t\tWHERE sender_ip = '" . $this->EE->input->ip_address() . "'\n\t\t\t\t\t\t\t\tORDER BY email_date DESC"); } else { $query = $this->EE->db->query("SELECT *\n\t\t\t\t\t\t\t\tFROM exp_email_tracker\n\t\t\t\t\t\t\t\tWHERE sender_username = '******'username']) . "'\n\t\t\t\t\t\t\t\tOR sender_ip = '" . $this->EE->input->ip_address() . "'\n\t\t\t\t\t\t\t\tORDER BY email_date DESC"); } if ($query->num_rows() > 0) { // Max Emails - Quick check if ($query->num_rows() >= $this->email_max_emails) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('em_limit_exceeded'))); } // Max Emails - Indepth check $total_sent = 0; foreach ($query->result_array() as $row) { $total_sent = $total_sent + $row['number_recipients']; } if ($total_sent >= $this->email_max_emails) { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('em_limit_exceeded'))); } // Interval check if ($query->row('email_date') > $this->EE->localize->now - $this->email_time_interval) { $error[] = str_replace("%s", $this->email_time_interval, $this->EE->lang->line('em_interval_warning')); return $this->EE->output->show_user_error('general', $error); } } /** ---------------------------------------- /** Review Recipients /** ----------------------------------------*/ $_POST['user_recipients'] = $_POST['user_recipients'] == md5($this->EE->db->username . $this->EE->db->password . 'y') ? 'y' : 'n'; if ($_POST['user_recipients'] == 'y' && trim($_POST['to']) != '') { $array = $this->validate_recipients($_POST['to']); $error = array_merge($error, $array['error']); $approved_tos = $array['approved']; } else { $approved_tos = array(); } if (trim($_POST['recipients']) != '') { $array = $this->validate_recipients($_POST['recipients']); $approved_recipients = $array['approved']; } else { $approved_recipients = array(); } /** ---------------------------------------------------- /** If we have no valid emails to send, back they go. /** ----------------------------------------------------*/ if ($_POST['user_recipients'] == 'y' && count($approved_tos) == 0) { $error[] = $this->EE->lang->line('em_no_valid_recipients'); } elseif (count($approved_recipients) == 0 && count($approved_tos) == 0) { $error[] = $this->EE->lang->line('em_no_valid_recipients'); } /** ------------------------------------- /** Is from email banned? /** -------------------------------------*/ if ($this->EE->session->ban_check('email', $_POST['from'])) { $error[] = $this->EE->lang->line('em_banned_from_email'); } /** ---------------------------------------- /** Do we have errors to display? /** ----------------------------------------*/ if (count($error) > 0) { return $this->EE->output->show_user_error('submission', $error); } /** ---------------------------------------- /** Check CAPTCHA /** ----------------------------------------*/ if ($this->use_captchas == 'y') { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { return $this->EE->output->show_user_error('general', array($this->EE->lang->line('captcha_required'))); } $query = $this->EE->db->query("SELECT COUNT(*) AS count FROM exp_captcha\n\t\t\t\t\t\t\t\t WHERE word='" . $this->EE->db->escape_str($_POST['captcha']) . "'\n\t\t\t\t\t\t\t\t AND ip_address = '" . $this->EE->input->ip_address() . "'\n\t\t\t\t\t\t\t\t AND date > UNIX_TIMESTAMP()-7200"); if ($query->row('count') == 0) { return $this->EE->output->show_user_error('submission', array($this->EE->lang->line('captcha_incorrect'))); } $this->EE->db->query("DELETE FROM exp_captcha\n\t\t\t\t\t\tWHERE (word='" . $this->EE->db->escape_str($_POST['captcha']) . "'\n\t\t\t\t\t\tAND ip_address = '" . $this->EE->input->ip_address() . "')\n\t\t\t\t\t\tOR date < UNIX_TIMESTAMP()-7200"); } /** ---------------------------------------- /** Censored Word Checking /** ----------------------------------------*/ $this->EE->load->library('typography'); $this->EE->typography->initialize(); // Load the text helper $this->EE->load->helper('text'); $subject = entities_to_ascii($_POST['subject']); $subject = $this->EE->typography->filter_censored_words($subject); $message = $_POST['required'] != '' ? $_POST['required'] . "\n" . $_POST['message'] : $_POST['message']; $message = $this->EE->security->xss_clean($message); if (isset($_POST['allow_html']) && $_POST['allow_html'] == 'y' && strlen(strip_tags($message)) != strlen($message)) { $mail_type = 'html'; } else { $mail_type = 'plain'; } $message = entities_to_ascii($message); $message = $this->EE->typography->filter_censored_words($message); /** ---------------------------- /** Send email /** ----------------------------*/ $this->EE->load->library('email'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = $mail_type; $this->EE->email->priority = '3'; if (isset($_POST['charset']) && $_POST['charset'] != '') { $this->EE->email->charset = $_POST['charset']; } if (count($approved_recipients) == 0 && count($approved_tos) > 0) { foreach ($approved_tos as $val) { $this->EE->email->EE_initialize(); $this->EE->email->to($val); if (isset($_POST['replyto']) && $_POST['replyto'] == 'yes') { $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->reply_to($_POST['from'], $_POST['name']); } else { $this->EE->email->from($_POST['from'], $_POST['name']); } $this->EE->email->subject($subject); $this->EE->email->message($message); $this->EE->email->send(); } } elseif (count($approved_recipients) > 0 && count($approved_tos) == 0) { foreach ($approved_recipients as $val) { $this->EE->email->EE_initialize(); $this->EE->email->to($val); if (isset($_POST['replyto']) && $_POST['replyto'] == 'yes') { $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->reply_to($_POST['from'], $_POST['name']); } else { $this->EE->email->from($_POST['from'], $_POST['name']); } $this->EE->email->subject($subject); $this->EE->email->message($message); $this->EE->email->send(); } } else { foreach ($approved_tos as $val) { $this->EE->email->EE_initialize(); $this->EE->email->to($val); $this->EE->email->bcc(implode(',', $approved_recipients)); if (isset($_POST['replyto']) && $_POST['replyto'] == 'yes') { $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->reply_to($_POST['from'], $_POST['name']); } else { $this->EE->email->from($_POST['from'], $_POST['name']); } $this->EE->email->subject($subject); $this->EE->email->message($message); $this->EE->email->send(); } } /** ---------------------------- /** Store in tracking class /** ----------------------------*/ $data = array('email_date' => $this->EE->localize->now, 'sender_ip' => $this->EE->input->ip_address(), 'sender_email' => $_POST['from'], 'sender_username' => $this->EE->session->userdata['username'], 'number_recipients' => count($approved_tos) + count($approved_recipients)); $this->EE->db->query($this->EE->db->insert_string('exp_email_tracker', $data)); /** ------------------------------------------- /** Delete spam hashes /** -------------------------------------------*/ if (isset($_POST['XID'])) { $this->EE->db->query("DELETE FROM exp_security_hashes WHERE (hash='" . $this->EE->db->escape_str($_POST['XID']) . "' AND ip_address = '" . $this->EE->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } /* ------------------------------------- /* 'email_module_send_email_end' hook. /* - After emails are sent, do some additional processing /* - Added EE 1.5.1 */ if ($this->EE->extensions->active_hook('email_module_send_email_end') === TRUE) { $edata = $this->EE->extensions->call('email_module_send_email_end', $subject, $message, $approved_tos, $approved_recipients); if ($this->EE->extensions->end_script === TRUE) { return; } } /* /* -------------------------------------*/ /** ------------------------------------------- /** Thank you message /** -------------------------------------------*/ $data = array('title' => $this->EE->lang->line('email_module_name'), 'heading' => $this->EE->lang->line('thank_you'), 'content' => $this->EE->lang->line('em_email_sent'), 'redirect' => $return_link, 'link' => array($return_link, $return_name)); if ($this->EE->input->get_post('redirect') !== FALSE) { if (is_numeric($this->EE->input->get_post('redirect'))) { $data['rate'] = $this->EE->input->get_post('redirect'); } elseif ($this->EE->input->get_post('redirect') == 'none') { $data['redirect'] = ''; } } $this->EE->output->show_message($data); }
/** * display_email_data * * formats data for email notifications * * @access public * @param string data from table for email output * @param object instance of the notification object * @return string output data */ public function display_email_data($data, $notification_obj) { ee()->load->helper('text'); return ee()->functions->encode_ee_tags(str_replace('<br/>', "\n", entities_to_ascii($this->replace_tag($data))), TRUE); }
/** * display_email_data * * formats data for email notifications * * @access public * @param string data from table for email output * @param object instance of the notification object * @return string output data */ public function display_email_data($data, $notification_obj = null) { if (is_array($data)) { $data = implode("\n", $data); } return $this->encode_ee(entities_to_ascii($data)); }
/** * Validate Members * * Validate/Delete Selected Members * * @return mixed */ public function validate_members() { if (!$this->cp->allowed_group('can_access_members') or !$this->cp->allowed_group('can_admin_members')) { show_error(lang('unauthorized_access')); } if (!$this->cp->allowed_group('can_delete_members') && $this->input->post('action') != 'activate') { show_error(lang('unauthorized_access')); } if (!$this->input->post('toggle')) { return $this->member_validation(); } $send_email = isset($_POST['send_notification']) ? TRUE : FALSE; if ($send_email == TRUE) { if ($this->input->post('action') == 'activate') { $template = $this->functions->fetch_email_template('validated_member_notify'); } else { $template = $this->functions->fetch_email_template('decline_member_validation'); } $this->load->library('email'); $this->email->wordwrap = true; } $group_id = $this->config->item('default_member_group'); // Load the text helper $this->load->helper('text'); foreach ($_POST['toggle'] as $key => $val) { if ($send_email == TRUE) { $this->db->select('username, screen_name, email'); $this->db->from('members'); $this->db->where('member_id', $val); $this->db->where('email != ""'); $query = $this->db->get(); if ($query->num_rows() == 1) { $swap = array('name' => $query->row('screen_name') != '' ? $query->row('screen_name') : $query->row('username'), 'site_name' => stripslashes($this->config->item('site_name')), 'site_url' => $this->config->item('site_url')); $email_tit = $this->functions->var_swap($template['title'], $swap); $email_msg = $this->functions->var_swap($template['data'], $swap); $this->email->EE_initialize(); $this->email->from($this->config->item('webmaster_email'), $this->config->item('webmaster_name')); $this->email->to($query->row('email')); $this->email->subject($email_tit); $this->email->message(entities_to_ascii($email_msg)); $this->email->send(); } } if ($this->input->post('action') == 'activate') { $this->db->set('group_id', $group_id); $this->db->where('member_id', $val); $this->db->update('members'); } else { $this->db->query("DELETE FROM exp_members WHERE member_id = '{$val}'"); $this->db->query("DELETE FROM exp_member_data WHERE member_id = '{$val}'"); $this->db->query("DELETE FROM exp_member_homepage WHERE member_id = '{$val}'"); $message_query = $this->db->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $this->db->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $this->db->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows() > 0) { foreach ($message_query->result_array() as $row) { $count_query = $this->db->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $this->db->query($this->db->update_string('exp_members', array('private_messages' => $count_query->row('count')), "member_id = '" . $row['recipient_id'] . "'")); } } } } $this->stats->update_member_stats(); /* ------------------------------------------- /* 'cp_members_validate_members' hook. /* - Additional processing when member(s) are validated in the CP /* - Added 1.5.2, 2006-12-28 */ $this->extensions->call('cp_members_validate_members'); if ($this->extensions->end_script === TRUE) { return; } /* /* -------------------------------------------*/ $vars['message'] = $this->input->post('action') == 'activate' ? lang('members_are_validated') : lang('members_are_deleted'); $this->view->cp_page_title = $vars['message']; $this->cp->render("members/message", $vars); }
/** * Category Form Tree * * @param string * @param mixed * @param boolean */ public function category_form_tree($nested = 'y', $categories = FALSE, $sites = FALSE) { $order = $nested == 'y' ? 'group_id, parent_id, cat_name' : 'cat_name'; ee()->db->select('categories.group_id, categories.parent_id, categories.cat_id, categories.cat_name'); ee()->db->from('categories'); if ($sites == FALSE) { ee()->db->where('site_id', ee()->config->item('site_id')); } elseif ($sites != 'all') { if (is_array($sites)) { $sites = implode('|', $sites); } ee()->functions->ar_andor_string($sites, 'site_id'); } if ($categories !== FALSE) { if (is_array($categories)) { $categories = implode('|', $categories); } ee()->functions->ar_andor_string($categories, 'cat_id', 'exp_categories'); } ee()->db->order_by($order); $query = ee()->db->get(); // Load the text helper ee()->load->helper('text'); if ($query->num_rows() > 0) { $categories = array(); foreach ($query->result_array() as $row) { $categories[] = array($row['group_id'], $row['cat_id'], entities_to_ascii($row['cat_name']), $row['parent_id']); } if ($nested == 'y') { foreach ($categories as $key => $val) { if (0 == $val['3']) { $this->cat_array[] = array($val['0'], $val['1'], $val['2']); $this->category_form_subtree($val['1'], $categories, $depth = 1); } } } else { $this->cat_array = $categories; } } return $this->cat_array; }
/** * Member self-delete */ public function member_delete() { // Make sure they got here via a form if (!ee()->input->post('ACT')) { // No output for you, Mr. URL Hax0r return FALSE; } ee()->lang->loadfile('login'); // No sneakiness - we'll do this in case the site administrator // has foolishly turned off secure forms and some monkey is // trying to delete their account from an off-site form or // after logging out. if (ee()->session->userdata('member_id') == 0 or ee()->session->userdata('can_delete_self') !== 'y') { return ee()->output->show_user_error('general', ee()->lang->line('not_authorized')); } // If the user is a SuperAdmin, then no deletion if (ee()->session->userdata('group_id') == 1) { return ee()->output->show_user_error('general', ee()->lang->line('cannot_delete_super_admin')); } // Is IP and User Agent required for login? Then, same here. if (ee()->config->item('require_ip_for_login') == 'y') { if (ee()->session->userdata('ip_address') == '' or ee()->session->userdata('user_agent') == '') { return ee()->output->show_user_error('general', ee()->lang->line('unauthorized_request')); } } // Check password lockout status if (ee()->session->check_password_lockout(ee()->session->userdata('username')) === TRUE) { ee()->lang->loadfile('login'); return ee()->output->show_user_error('general', sprintf(lang('password_lockout_in_effect'), ee()->config->item('password_lockout_interval'))); } // Are you who you say you are, or someone sitting at someone // else's computer being mean?! ee()->load->library('auth'); if (!ee()->auth->authenticate_id(ee()->session->userdata('member_id'), ee()->input->post('password'))) { ee()->session->save_password_lockout(ee()->session->userdata('username')); return ee()->output->show_user_error('general', ee()->lang->line('invalid_pw')); } // No turning back, get to deletin'! ee()->load->model('member_model'); ee()->member_model->delete_member(ee()->session->userdata('member_id')); // Email notification recipients if (ee()->session->userdata('mbr_delete_notify_emails') != '') { $notify_address = ee()->session->userdata('mbr_delete_notify_emails'); $swap = array('name' => ee()->session->userdata('screen_name'), 'email' => ee()->session->userdata('email'), 'site_name' => stripslashes(ee()->config->item('site_name'))); $email_subject = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_title'), $swap); $email_msg = ee()->functions->var_swap(ee()->lang->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, ee()->session->userdata('email')) !== FALSE) { $notify_address = str_replace(ee()->session->userdata('email'), "", $notify_address); } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { // Send email ee()->load->library('email'); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = FALSE; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_subject); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); } } } ee()->db->where('session_id', ee()->session->userdata('session_id'))->delete('sessions'); ee()->functions->set_cookie(ee()->session->c_session); ee()->functions->set_cookie(ee()->session->c_expire); ee()->functions->set_cookie(ee()->session->c_anon); ee()->functions->set_cookie('read_topics'); ee()->functions->set_cookie('tracker'); // Build Success Message $url = ee()->config->item('site_url'); $name = stripslashes(ee()->config->item('site_name')); $data = array('title' => ee()->lang->line('mbr_delete'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name)); ee()->output->show_message($data); }
/** * Notifies the site administrator (via email) of the supplied OmniLog Entry. * * @access public * @param Omnilog_entry $entry The log entry. * @return void */ public function notify_site_admin_of_log_entry(Omnilog_entry $entry) { $this->_ee->load->helper('text'); $this->_ee->load->library('email'); $email = $this->_ee->email; $lang = $this->_ee->lang; if (!$entry->is_populated()) { throw new Exception($lang->line('exception__notify_admin__missing_data')); } $webmaster_email = $this->_ee->config->item('webmaster_email'); if ($email->valid_email($webmaster_email) !== TRUE) { throw new Exception($lang->line('exception__notify_admin__invalid_webmaster_email')); } $webmaster_name = ($webmaster_name = $this->_ee->config->item('webmaster_name')) ? $webmaster_name : ''; switch ($entry->get_type()) { case Omnilog_entry::NOTICE: $lang_entry_type = $lang->line('email_entry_type_notice'); break; case Omnilog_entry::WARNING: $lang_entry_type = $lang->line('email_entry_type_warning'); break; case Omnilog_entry::ERROR: $lang_entry_type = $lang->line('email_entry_type_error'); break; default: $lang_entry_type = $lang->line('email_entry_type_unknown'); break; } $subject = ($site_name = $this->_ee->config->item('site_name')) ? $lang->line('email_subject') . ' (' . $site_name . ')' : $lang->line('email_subject'); $message = $lang->line('email_preamble') . NL . NL; $message .= $lang->line('email_addon_name') . NL . $entry->get_addon_name() . NL . NL; $message .= $lang->line('email_log_date') . NL . date('r', $entry->get_date()) . NL . NL; $message .= $lang->line('email_entry_type') . NL . $lang_entry_type . NL . NL; $message .= $lang->line('email_log_message') . NL . $entry->get_message() . NL . NL; $message .= $lang->line('email_cp_url') . NL . $this->_ee->config->item('cp_url') . NL . NL; $message .= $lang->line('email_postscript'); $message = entities_to_ascii($message); $email->from($webmaster_email, $webmaster_name); $email->to($webmaster_email); $email->subject($subject); $email->message($message); if ($email->send() !== TRUE) { throw new Exception($lang->line('exception__notify_admin__email_not_sent')); } }
/** * Send email notifications to email addresses for the respective member * group of the users being deleted * * @param Array $member_ids Array of member_ids being deleted * @return void */ private function _member_delete_notifications($member_ids) { // Email notification recipients $group_query = ee()->db->distinct('member_id')->select('screen_name, email, mbr_delete_notify_emails')->join('member_groups', 'members.group_id = member_groups.group_id', 'left')->where('mbr_delete_notify_emails !=', '')->where_in('member_id', $member_ids)->get('members'); foreach ($group_query->result() as $member) { $notify_address = $member->mbr_delete_notify_emails; $swap = array('name' => $member->screen_name, 'email' => $member->email, 'site_name' => stripslashes(ee()->config->item('site_name'))); ee()->lang->loadfile('member'); $email_title = ee()->functions->var_swap(lang('mbr_delete_notify_title'), $swap); $email_message = ee()->functions->var_swap(lang('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (strpos($notify_address, $member->email) !== FALSE) { $notify_address = str_replace($member->email, "", $notify_address); } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { ee()->load->library('email'); ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = FALSE; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_title); ee()->email->message(entities_to_ascii($email_message)); ee()->email->send(); } } } }
function _send_notification($item_type = '', $item_id = 0, $create_edit = 0, $item_title = '', $channel_id = 0) { $results = $this->EE->db->query("SELECT * FROM exp_audit_notifications WHERE item_type = ?", array($item_type)); if ($results->num_rows() == 0) { return false; } $this->EE->load->library('email'); $this->EE->load->helper('text'); $this->EE->email->wordwrap = true; $this->EE->email->mailtype = 'text'; $from = ''; $recipient = ''; $email_subject = ''; $email_msg = ''; //var_dump($results); foreach ($results->result_array() as $notification) { // If stored item type does not match this item type, exit if ($notification['item_type'] != $item_type) { return false; } // If stored member ID is to be checked (not 0) and does not match this user, exit if ($notification['member_id'] != $this->member_id && $notification['member_id'] != 0) { return false; } if ($notification['group_id'] != $this->group_id && $notification['group_id'] != 0) { return false; } // If stored item ID is to be checked (not 0) and does not match this item ID, exit if ($notification['item_id'] != 0 && $notification['item_id'] != $item_id) { return false; } // If stored Channel ID is to be checked (not 0) and does not match this channel ID, exit if ($notification['channel_id'] != 0 && $notification['channel_id'] != $channel_id) { return false; } // Now we have something to work with! $this->EE->email->initialize(); $this->EE->email->from($this->EE->config->item('webmaster_email'), $this->EE->config->item('webmaster_name')); $this->EE->email->to($notification['email_address']); switch ($item_type) { case 'cp_login': // Assume member matches, Just send the email $email_msg = "A user has logged in via the Control Panel."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"A user has logged out via the Control Panel."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"A user has logged in via the Front-end."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"A user has logged out via the Front-end."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"A user has deleted an entry."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nEntry ID: " . $item_id; $email_msg .= "\n\nEntry Title: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Entry Deleted'); break; case 'entry_update': // Assume entry ID matches, does channel match? $results = $this->EE->db->query("SELECT * FROM exp_channels c\n WHERE c.channel_id = ?", array($channel_id)); $channel_name = $results->row('channel_name'); $channel_title = $results->row('channel_title'); $email_msg = "A user has updated an entry."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nChannel: " . $channel_title; $email_msg .= "\n\nEntry ID: " . $item_id; $email_msg .= "\n\nEntry Title: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Entry Updated'); break; case 'new_entry': // Don't worry about entry ID, does channel match? $results = $this->EE->db->query("SELECT * FROM exp_channels c\n WHERE c.channel_id = ?", array($channel_id)); $channel_name = $results->row('channel_name'); $channel_title = $results->row('channel_title'); $email_msg = "A user has published an entry."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nChannel: " . $channel_title; $email_msg .= "\n\nEntry ID: " . $item_id; $email_msg .= "\n\nEntry Title: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Entry Created'); break; case 'template_edit': // Assume entry ID matches, Just send the email $email_msg = "A user has edited a template."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nTemplate ID: " . $item_id; $email_msg .= "\n\nTemplate Name: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Template Edited'); break; case 'member_create': // Just send the email $email_msg = "A user has created a new member."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nNew Member ID: " . $item_id; $email_msg .= "\n\nNew Member Name: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Member Created'); break; case 'member_delete': // Just send the email $email_msg = "A user has deleted a member."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nDeleted Member ID: " . $item_id; $email_msg .= "\n\nDeleted Member Name: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Member Deleted'); break; case 'member_edit': // Just send the email $email_msg = "A user has edited a member."; if ($notification['is_sms'] == 1) { $this->EE->email->subject($this->site_label . ": " . $email_msg); $email_msg = ''; break; } $email_msg .= "\n\nUsername: "******"\n\nEdited Member ID: " . $item_id; $email_msg .= "\n\nEdited Member Name: " . $item_title; $this->EE->email->subject($this->site_label . ': Audit Pro Notification: Member Edited'); break; } $email_msg .= "\n\n" . $this->EE->localize->human_time($this->timestamp); $this->EE->email->message(entities_to_ascii($email_msg)); $this->EE->email->Send(); } }
/** * Authorize email submission */ function authorize_email() { /** ---------------------------------------- /** Fetch the mailinglist language pack /** ----------------------------------------*/ ee()->lang->loadfile('mailinglist'); // Is the mailing list turned on? if (ee()->config->item('mailinglist_enabled') == 'n') { return ee()->output->show_user_error('general', lang('mailinglist_disabled')); } /** ---------------------------------------- /** Fetch the name of the site /** ----------------------------------------*/ $site_name = ee()->config->item('site_name') == '' ? lang('back') : stripslashes(ee()->config->item('site_name')); /** ---------------------------------------- /** No ID? Tisk tisk... /** ----------------------------------------*/ $id = ee()->input->get_post('id'); if ($id == FALSE) { $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('error'), 'content' => lang('invalid_url'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); ee()->output->show_message($data); } /** ---------------------------------------- /** Fetch email associated with auth-code /** ----------------------------------------*/ $expire = time() - 60 * 60 * 48; ee()->db->query("DELETE FROM exp_mailing_list_queue WHERE date < '{$expire}' "); $query = ee()->db->query("SELECT email, list_id FROM exp_mailing_list_queue WHERE authcode = '" . ee()->db->escape_str($id) . "'"); if ($query->num_rows() == 0) { $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('error'), 'content' => lang('ml_expired_date'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); echo ee()->output->show_message($data); exit; } /** ---------------------------------------- /** Transfer email to the mailing list /** ----------------------------------------*/ $email = $query->row('email'); $list_id = $query->row('list_id'); if ($list_id == 0) { $query = ee()->db->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = 1"); if ($query->row('count') != 1) { return ee()->output->show_user_error('general', lang('ml_no_list_id')); } else { $list_id = 1; } } ee()->db->query("INSERT INTO exp_mailing_list (list_id, authcode, email, ip_address)\r\n\t\t\t\t\t\t\t VALUES ('" . ee()->db->escape_str($list_id) . "', '{$id}', '" . ee()->db->escape_str($email) . "', '" . ee()->db->escape_str(ee()->input->ip_address()) . "')"); ee()->db->query("DELETE FROM exp_mailing_list_queue WHERE authcode = '" . ee()->db->escape_str($id) . "'"); /** ---------------------------------------- /** Is there an admin notification to send? /** ----------------------------------------*/ if (ee()->config->item('mailinglist_notify') == 'y' and ee()->config->item('mailinglist_notify_emails') != '') { $query = ee()->db->select('list_title')->get_where('mailing_lists', array('list_id' => $list_id)); $swap = array('email' => $email, 'mailing_list' => $query->row('list_title')); $template = ee()->functions->fetch_email_template('admin_notify_mailinglist'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ // Remove multiple commas $notify_address = reduce_multiples(ee()->config->item('mailinglist_notify_emails'), ',', TRUE); if ($notify_address != '') { // Send email ee()->load->library('email'); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { ee()->email->EE_initialize(); ee()->email->wordwrap = true; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to(ee()->config->item('webmaster_email')); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); } } } /** ------------------------------ /** Success Message /** ------------------------------*/ $data = array('title' => lang('ml_mailinglist'), 'heading' => lang('thank_you'), 'content' => lang('ml_account_confirmed'), 'link' => array(ee()->functions->fetch_site_index(), $site_name)); ee()->output->show_message($data); }
/** * display_email_data * * formats data for email notifications * * @access public * @param string data from table for email output * @param object instance of the notification object * @return string output data */ public function display_email_data($data, $notification_obj = null) { return $this->encode_ee(str_replace('<br/>', "\n", entities_to_ascii($this->replace_tag($data)))); }
function filtering_menus() { // In order to build our filtering options we need to gather // all the channels, categories and custom statuses $channel_array = array(); $status_array = array(); ee()->api->instantiate('channel_categories'); $allowed_channels = ee()->functions->fetch_assigned_channels(TRUE); if (count($allowed_channels) > 0) { // Fetch channel titles ee()->db->select('channel_title, channel_id, cat_group, status_group, field_group'); ee()->db->where_in('channel_id', $allowed_channels); ee()->db->where('site_id', ee()->config->item('site_id')); ee()->db->order_by('channel_title'); $query = ee()->db->get('channels'); foreach ($query->result_array() as $row) { $channel_array[$row['channel_id']] = array(str_replace('"', '', $row['channel_title']), $row['cat_group'], $row['status_group'], $row['field_group']); } } /** ----------------------------- /** Category Tree /** -----------------------------*/ $order = $this->nest_categories == 'y' ? 'group_id, parent_id, cat_name' : 'cat_name'; ee()->db->select('categories.group_id, categories.parent_id, categories.cat_id, categories.cat_name'); ee()->db->from('categories'); ee()->db->where('site_id', ee()->config->item('site_id')); ee()->db->order_by($order); $query = ee()->db->get(); // Load the text helper ee()->load->helper('text'); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $categories[] = array($row['group_id'], $row['cat_id'], entities_to_ascii($row['cat_name']), $row['parent_id']); } if ($this->nest_categories == 'y') { foreach ($categories as $key => $val) { if (0 == $val['3']) { ee()->api_channel_categories->cat_array[] = array($val['0'], $val['1'], $val['2']); ee()->api_channel_categories->category_form_subtree($val['1'], $categories, $depth = 1); } } } else { ee()->api_channel_categories->cat_array = $categories; } } /** ----------------------------- /** Entry Statuses /** -----------------------------*/ ee()->db->select('group_id, status'); ee()->db->where('site_id', ee()->config->item('site_id')); ee()->db->order_by('status_order'); $query = ee()->db->get('statuses'); if ($query->num_rows() > 0) { foreach ($query->result_array() as $row) { $status_array[] = array($row['group_id'], $row['status']); } } $default_cats[] = array('', lang('filter_by_category')); $default_cats[] = array('all', lang('all')); $default_cats[] = array('none', lang('none')); $dstatuses[] = array('', lang('filter_by_status')); $dstatuses[] = array('open', lang('open')); $dstatuses[] = array('closed', lang('closed')); $channel_info['0']['categories'] = $default_cats; $channel_info['0']['statuses'] = $dstatuses; foreach ($channel_array as $key => $val) { $any = 0; $cats = $default_cats; if (count(ee()->api_channel_categories->cat_array) > 0) { $last_group = 0; foreach (ee()->api_channel_categories->cat_array as $k => $v) { if (in_array($v['0'], explode('|', $val['1']))) { if ($last_group == 0 or $last_group != $v['0']) { $cats[] = array('', '-------'); $last_group = $v['0']; } $cats[] = array($v['1'], $v['2']); } } } $channel_info[$key]['categories'] = $cats; $statuses = array(); $statuses[] = array('', lang('filter_by_status')); if (count($status_array) > 0) { foreach ($status_array as $k => $v) { if ($v['0'] == $val['2']) { $status_name = ($v['1'] == 'closed' or $v['1'] == 'open') ? lang($v['1']) : $v['1']; $statuses[] = array($v['1'], $status_name); } } } else { $statuses[] = array($v['1'], lang('open')); $statuses[] = array($v['1'], lang('closed')); } $channel_info[$key]['statuses'] = $statuses; } $channel_info = json_encode($channel_info); $javascript = <<<MAGIC // The oracle knows everything. var channel_oracle = {$channel_info}; var spaceString = new RegExp('!-!', "g"); // We prep our magic arrays as soons as we can, basically // converting everything into option elements (function() { \tjQuery.each(channel_oracle, function(key, details) { \t\t// Go through each of the individual settings and build a proper dom element \t\tjQuery.each(details, function(group, values) { \t\t\tvar newval = new Array(); \t\t\t// Add the new option fields \t\t\tjQuery.each(values, function(a, b) { \t\t\t\tnewval.push(new Option(b[1].replace(spaceString, String.fromCharCode(160)), b[0])); \t\t\t}); \t\t\t// Set the new values \t\t\tchannel_oracle[key][group] = \$(newval); \t\t}); \t}); })(); // Change the submenus // Gets passed the channel id function changemenu(index) { \tvar channels = 'null'; \tif (channel_oracle[index] === undefined) { \t\tindex = 0; \t} \tjQuery.each(channel_oracle[index], function(key, val) { \t\tswitch(key) { \t\t\tcase 'categories':\t\$('select[name=cat_id]').empty().append(val); \t\t\t\tbreak; \t\t\tcase 'statuses':\t\$('select[name=status]').empty().append(val); \t\t\t\tbreak; \t\t} \t}); } \$('select[name=channel_id]').change(function() { \tchangemenu(this.value); }); MAGIC; ee()->javascript->output($javascript); }
/** * Insert New Comment * * @access public * @return string */ function insert_new_comment() { $default = array('name', 'email', 'url', 'comment', 'location', 'entry_id'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } // No entry ID? What the heck are they doing? if (!is_numeric($_POST['entry_id'])) { return FALSE; } /** ---------------------------------------- /** Fetch the comment language pack /** ----------------------------------------*/ ee()->lang->loadfile('comment'); // No comment- let's end it here if (trim($_POST['comment']) == '') { $error = ee()->lang->line('cmt_missing_comment'); return ee()->output->show_user_error('submission', $error); } /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if (ee()->session->userdata['is_banned'] == TRUE) { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ---------------------------------------- /** Is the IP address and User Agent required? /** ----------------------------------------*/ if (ee()->config->item('require_ip_for_posting') == 'y') { if (ee()->input->ip_address() == '0.0.0.0' or ee()->session->userdata['user_agent'] == "") { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } } /** ---------------------------------------- /** Is the nation of the user banend? /** ----------------------------------------*/ ee()->session->nation_ban_check(); /** ---------------------------------------- /** Can the user post comments? /** ----------------------------------------*/ if (ee()->session->userdata['can_post_comments'] == 'n') { $error[] = ee()->lang->line('cmt_no_authorized_for_comments'); return ee()->output->show_user_error('general', $error); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if (ee()->blacklist->blacklisted == 'y' && ee()->blacklist->whitelisted == 'n') { return ee()->output->show_user_error('general', array(ee()->lang->line('not_authorized'))); } /** ---------------------------------------- /** Is this a preview request? /** ----------------------------------------*/ if (isset($_POST['preview'])) { return $this->preview_handler(); } // ------------------------------------------- // 'insert_comment_start' hook. // - Allows complete rewrite of comment submission routine. // - Or could be used to modify the POST data before processing // ee()->extensions->call('insert_comment_start'); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ---------------------------------------- /** Fetch channel preferences /** ----------------------------------------*/ // Bummer, saw the hook after converting the query /* ee()->db->select('channel_titles.title, channel_titles.url_title, channel_titles.channel_id, channel_titles.author_id, channel_titles.comment_total, channel_titles.allow_comments, channel_titles.entry_date, channel_titles.comment_expiration_date, channels.channel_title, channels.comment_system_enabled, channels.comment_max_chars, channels.comment_use_captcha, channels.comment_timelock, channels.comment_require_membership, channels.comment_moderate, channels.comment_require_email, channels.comment_notify, channels.comment_notify_authors, channels.comment_notify_emails, channels.comment_expiration' ); ee()->db->from(array('channel_titles', 'channels')); ee()->db->where('channel_titles.channel_id = channels.channel_id'); ee()->db->where('channel_titles.entry_id', $_POST['entry_id']); ee()->db->where('channel_titles.status', 'closed'); */ $sql = "SELECT exp_channel_titles.title,\n\t\t\t\texp_channel_titles.url_title,\n\t\t\t\texp_channel_titles.entry_id,\n\t\t\t\texp_channel_titles.channel_id,\n\t\t\t\texp_channel_titles.author_id,\n\t\t\t\texp_channel_titles.allow_comments,\n\t\t\t\texp_channel_titles.entry_date,\n\t\t\t\texp_channel_titles.comment_expiration_date,\n\t\t\t\texp_channels.channel_title,\n\t\t\t\texp_channels.comment_system_enabled,\n\t\t\t\texp_channels.comment_max_chars,\n\t\t\t\texp_channels.comment_use_captcha,\n\t\t\t\texp_channels.comment_timelock,\n\t\t\t\texp_channels.comment_require_membership,\n\t\t\t\texp_channels.comment_moderate,\n\t\t\t\texp_channels.comment_require_email,\n\t\t\t\texp_channels.comment_notify,\n\t\t\t\texp_channels.comment_notify_authors,\n\t\t\t\texp_channels.comment_notify_emails,\n\t\t\t\texp_channels.comment_expiration,\n\t\t\t\texp_channels.channel_url,\n\t\t\t\texp_channels.comment_url,\n\t\t\t\texp_channels.site_id\n\t\t\tFROM\texp_channel_titles, exp_channels\n\t\t\tWHERE\texp_channel_titles.channel_id = exp_channels.channel_id\n\t\t\tAND\texp_channel_titles.entry_id = '" . ee()->db->escape_str($_POST['entry_id']) . "'"; // Added entry_status param, so it is possible to post to closed title //AND exp_channel_titles.status != 'closed' "; // ------------------------------------------- // 'insert_comment_preferences_sql' hook. // - Rewrite or add to the comment preference sql query // - Could be handy for comment/channel restrictions // if (ee()->extensions->active_hook('insert_comment_preferences_sql') === TRUE) { $sql = ee()->extensions->call('insert_comment_preferences_sql', $sql); if (ee()->extensions->end_script === TRUE) { return; } } // // ------------------------------------------- $query = ee()->db->query($sql); unset($sql); if ($query->num_rows() == 0) { return FALSE; } /** ---------------------------------------- /** Are comments allowed? /** ----------------------------------------*/ if ($query->row('allow_comments') == 'n' or $query->row('comment_system_enabled') == 'n') { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_comments_not_allowed')); } /** ---------------------------------------- /** Has commenting expired? /** ----------------------------------------*/ $force_moderation = $query->row('comment_moderate'); if ($this->comment_expiration_mode == 0) { if ($query->row('comment_expiration_date') > 0) { if (ee()->localize->now > $query->row('comment_expiration_date')) { if (ee()->config->item('comment_moderation_override') == 'y') { $force_moderation = 'y'; } else { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_commenting_has_expired')); } } } } else { if ($query->row('comment_expiration') > 0) { $days = $query->row('entry_date') + $query->row('comment_expiration') * 86400; if (ee()->localize->now > $days) { if (ee()->config->item('comment_moderation_override') == 'y') { $force_moderation = 'y'; } else { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_commenting_has_expired')); } } } } /** ---------------------------------------- /** Is there a comment timelock? /** ----------------------------------------*/ if ($query->row('comment_timelock') != '' and $query->row('comment_timelock') > 0) { if (ee()->session->userdata['group_id'] != 1) { $time = ee()->localize->now - $query->row('comment_timelock'); ee()->db->where('comment_date >', $time); ee()->db->where('ip_address', ee()->input->ip_address()); $result = ee()->db->count_all_results('comments'); if ($result > 0) { return ee()->output->show_user_error('submission', str_replace("%s", $query->row('comment_timelock'), ee()->lang->line('cmt_comments_timelock'))); } } } /** ---------------------------------------- /** Do we allow duplicate data? /** ----------------------------------------*/ if (ee()->config->item('deny_duplicate_data') == 'y') { if (ee()->session->userdata['group_id'] != 1) { ee()->db->where('comment', $_POST['comment']); $result = ee()->db->count_all_results('comments'); if ($result > 0) { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_duplicate_comment_warning')); } } } /** ---------------------------------------- /** Assign data /** ----------------------------------------*/ $author_id = $query->row('author_id'); $entry_title = $query->row('title'); $url_title = $query->row('url_title'); $channel_title = $query->row('channel_title'); $channel_id = $query->row('channel_id'); $require_membership = $query->row('comment_require_membership'); $comment_moderate = (ee()->session->userdata['group_id'] == 1 or ee()->session->userdata['exclude_from_moderation'] == 'y') ? 'n' : $force_moderation; $author_notify = $query->row('comment_notify_authors'); $comment_url = $query->row('comment_url'); $channel_url = $query->row('channel_url'); $entry_id = $query->row('entry_id'); $comment_site_id = $query->row('site_id'); $notify_address = ($query->row('comment_notify') == 'y' and $query->row('comment_notify_emails') != '') ? $query->row('comment_notify_emails') : ''; /** ---------------------------------------- /** Start error trapping /** ----------------------------------------*/ $error = array(); if (ee()->session->userdata('member_id') != 0) { // If the user is logged in we'll reassign the POST variables with the user data $_POST['name'] = ee()->session->userdata['screen_name'] != '' ? ee()->session->userdata['screen_name'] : ee()->session->userdata['username']; $_POST['email'] = ee()->session->userdata['email']; $_POST['url'] = is_null(ee()->session->userdata['url']) ? '' : ee()->session->userdata['url']; $_POST['location'] = is_null(ee()->session->userdata['location']) ? '' : ee()->session->userdata['location']; } /** ---------------------------------------- /** Is membership is required to post... /** ----------------------------------------*/ if ($require_membership == 'y') { // Not logged in if (ee()->session->userdata('member_id') == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('cmt_must_be_member')); } // Membership is pending if (ee()->session->userdata['group_id'] == 4) { return ee()->output->show_user_error('general', ee()->lang->line('cmt_account_not_active')); } } else { /** ---------------------------------------- /** Missing name? /** ----------------------------------------*/ if (trim($_POST['name']) == '') { $error[] = ee()->lang->line('cmt_missing_name'); } /** ------------------------------------- /** Is name banned? /** -------------------------------------*/ if (ee()->session->ban_check('screen_name', $_POST['name'])) { $error[] = ee()->lang->line('cmt_name_not_allowed'); } // Let's make sure they aren't putting in funky html to bork our screens $_POST['name'] = str_replace(array('<', '>'), array('<', '>'), $_POST['name']); /** ---------------------------------------- /** Missing or invalid email address /** ----------------------------------------*/ if ($query->row('comment_require_email') == 'y') { ee()->load->helper('email'); if ($_POST['email'] == '') { $error[] = ee()->lang->line('cmt_missing_email'); } elseif (!valid_email($_POST['email'])) { $error[] = ee()->lang->line('cmt_invalid_email'); } } } /** ------------------------------------- /** Is email banned? /** -------------------------------------*/ if ($_POST['email'] != '') { if (ee()->session->ban_check('email', $_POST['email'])) { $error[] = ee()->lang->line('cmt_banned_email'); } } /** ---------------------------------------- /** Is comment too big? /** ----------------------------------------*/ if ($query->row('comment_max_chars') != '' and $query->row('comment_max_chars') != 0) { if (strlen($_POST['comment']) > $query->row('comment_max_chars')) { $str = str_replace("%n", strlen($_POST['comment']), ee()->lang->line('cmt_too_large')); $str = str_replace("%x", $query->row('comment_max_chars'), $str); $error[] = $str; } } /** ---------------------------------------- /** Do we have errors to display? /** ----------------------------------------*/ if (count($error) > 0) { return ee()->output->show_user_error('submission', $error); } /** ---------------------------------------- /** Do we require CAPTCHA? /** ----------------------------------------*/ if ($query->row('comment_use_captcha') == 'y') { if (ee()->config->item('captcha_require_members') == 'y' or ee()->config->item('captcha_require_members') == 'n' and ee()->session->userdata('member_id') == 0) { if (!isset($_POST['captcha']) or $_POST['captcha'] == '') { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_required')); } else { ee()->db->where('word', $_POST['captcha']); ee()->db->where('ip_address', ee()->input->ip_address()); ee()->db->where('date > UNIX_TIMESTAMP()-7200', NULL, FALSE); $result = ee()->db->count_all_results('captcha'); if ($result == 0) { return ee()->output->show_user_error('submission', ee()->lang->line('captcha_incorrect')); } // @TODO: AR ee()->db->query("DELETE FROM exp_captcha WHERE (word='" . ee()->db->escape_str($_POST['captcha']) . "' AND ip_address = '" . ee()->input->ip_address() . "') OR date < UNIX_TIMESTAMP()-7200"); } } } /** ---------------------------------------- /** Build the data array /** ----------------------------------------*/ ee()->load->helper('url'); $notify = ee()->input->post('notify_me') ? 'y' : 'n'; $cmtr_name = ee()->input->post('name', TRUE); $cmtr_email = ee()->input->post('email'); $cmtr_loc = ee()->input->post('location', TRUE); $cmtr_url = ee()->input->post('url', TRUE); $cmtr_url = prep_url($cmtr_url); $data = array('channel_id' => $channel_id, 'entry_id' => $_POST['entry_id'], 'author_id' => ee()->session->userdata('member_id'), 'name' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'comment' => ee()->security->xss_clean($_POST['comment']), 'comment_date' => ee()->localize->now, 'ip_address' => ee()->input->ip_address(), 'status' => $comment_moderate == 'y' ? 'p' : 'o', 'site_id' => $comment_site_id); // ------------------------------------------- // 'insert_comment_insert_array' hook. // - Modify any of the soon to be inserted values // if (ee()->extensions->active_hook('insert_comment_insert_array') === TRUE) { $data = ee()->extensions->call('insert_comment_insert_array', $data); if (ee()->extensions->end_script === TRUE) { return; } } // // ------------------------------------------- $return_link = !stristr($_POST['RET'], 'http://') && !stristr($_POST['RET'], 'https://') ? ee()->functions->create_url($_POST['RET']) : $_POST['RET']; // Secure Forms check if (ee()->security->secure_forms_check(ee()->input->post('XID')) == FALSE) { ee()->functions->redirect(stripslashes($return_link)); } // Insert data $sql = ee()->db->insert_string('exp_comments', $data); ee()->db->query($sql); $comment_id = ee()->db->insert_id(); if ($notify == 'y') { ee()->load->library('subscription'); ee()->subscription->init('comment', array('entry_id' => $entry_id), TRUE); if ($cmtr_id = ee()->session->userdata('member_id')) { ee()->subscription->subscribe($cmtr_id); } else { ee()->subscription->subscribe($cmtr_email); } } if ($comment_moderate == 'n') { /** ------------------------------------------------ /** Update comment total and "recent comment" date /** ------------------------------------------------*/ ee()->db->set('recent_comment_date', ee()->localize->now); ee()->db->where('entry_id', $_POST['entry_id']); ee()->db->update('channel_titles'); /** ---------------------------------------- /** Update member comment total and date /** ----------------------------------------*/ if (ee()->session->userdata('member_id') != 0) { ee()->db->select('total_comments'); ee()->db->where('member_id', ee()->session->userdata('member_id')); $query = ee()->db->get('members'); ee()->db->set('total_comments', $query->row('total_comments') + 1); ee()->db->set('last_comment_date', ee()->localize->now); ee()->db->where('member_id', ee()->session->userdata('member_id')); ee()->db->update('members'); } /** ---------------------------------------- /** Update comment stats /** ----------------------------------------*/ ee()->stats->update_comment_stats($channel_id, ee()->localize->now); /** ---------------------------------------- /** Fetch email notification addresses /** ----------------------------------------*/ ee()->load->library('subscription'); ee()->subscription->init('comment', array('entry_id' => $entry_id), TRUE); // Remove the current user $ignore = ee()->session->userdata('member_id') != 0 ? ee()->session->userdata('member_id') : ee()->input->post('email'); // Grab them all $subscriptions = ee()->subscription->get_subscriptions($ignore); ee()->load->model('comment_model'); ee()->comment_model->recount_entry_comments(array($entry_id)); $recipients = ee()->comment_model->fetch_email_recipients($_POST['entry_id'], $subscriptions); } /** ---------------------------------------- /** Fetch Author Notification /** ----------------------------------------*/ if ($author_notify == 'y') { ee()->db->select('email'); ee()->db->where('member_id', $author_id); $result = ee()->db->get('members'); $notify_address .= ',' . $result->row('email'); } /** ---------------------------------------- /** Instantiate Typography class /** ----------------------------------------*/ ee()->load->library('typography'); ee()->typography->initialize(array('parse_images' => FALSE, 'allow_headings' => FALSE, 'smileys' => FALSE, 'word_censor' => ee()->config->item('comment_word_censoring') == 'y' ? TRUE : FALSE)); $comment = ee()->security->xss_clean($_POST['comment']); $comment = ee()->typography->parse_type($comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); $path = $comment_url == '' ? $channel_url : $comment_url; $comment_url_title_auto_path = reduce_double_slashes($path . '/' . $url_title); /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $cp_url = ee()->config->item('cp_url') . '?S=0&D=cp&C=addons_modules&M=show_module_cp&module=comment'; $swap = array('name' => $cmtr_name, 'name_of_commenter' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'channel_name' => $channel_title, 'entry_title' => $entry_title, 'comment_id' => $comment_id, 'comment' => $comment, 'comment_url' => reduce_double_slashes(ee()->input->remove_session_id(ee()->functions->fetch_site_index() . '/' . $_POST['URI'])), 'delete_link' => $cp_url . '&method=delete_comment_confirm&comment_id=' . $comment_id, 'approve_link' => $cp_url . '&method=change_comment_status&comment_id=' . $comment_id . '&status=o', 'close_link' => $cp_url . '&method=change_comment_status&comment_id=' . $comment_id . '&status=c', 'channel_id' => $channel_id, 'entry_id' => $entry_id, 'url_title' => $url_title, 'comment_url_title_auto_path' => $comment_url_title_auto_path); $template = ee()->functions->fetch_email_template('admin_notify_comment'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); // We don't want to send an admin notification if the person // leaving the comment is an admin in the notification list // For added security, we only trust the post email if the // commenter is logged in. if (ee()->session->userdata('member_id') != 0 && $_POST['email'] != '') { if (strpos($notify_address, $_POST['email']) !== FALSE) { $notify_address = str_replace($_POST['email'], '', $notify_address); } } // Remove multiple commas $notify_address = reduce_multiples($notify_address, ',', TRUE); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); $replyto = $data['email'] == '' ? ee()->config->item('webmaster_email') : $data['email']; $sent = array(); // Load the text helper ee()->load->helper('text'); foreach (explode(',', $notify_address) as $addy) { if (in_array($addy, $sent)) { continue; } ee()->email->EE_initialize(); ee()->email->wordwrap = false; ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($addy); ee()->email->reply_to($replyto); ee()->email->subject($email_tit); ee()->email->message(entities_to_ascii($email_msg)); ee()->email->send(); $sent[] = $addy; } } } /** ---------------------------------------- /** Send user notifications /** ----------------------------------------*/ if ($comment_moderate == 'n') { $email_msg = ''; if (count($recipients) > 0) { $action_id = ee()->functions->fetch_action_id('Comment_mcp', 'delete_comment_notification'); $swap = array('name_of_commenter' => $cmtr_name, 'channel_name' => $channel_title, 'entry_title' => $entry_title, 'site_name' => stripslashes(ee()->config->item('site_name')), 'site_url' => ee()->config->item('site_url'), 'comment_url' => reduce_double_slashes(ee()->input->remove_session_id(ee()->functions->fetch_site_index() . '/' . $_POST['URI'])), 'comment_id' => $comment_id, 'comment' => $comment, 'channel_id' => $channel_id, 'entry_id' => $entry_id, 'url_title' => $url_title, 'comment_url_title_auto_path' => $comment_url_title_auto_path); $template = ee()->functions->fetch_email_template('comment_notification'); $email_tit = ee()->functions->var_swap($template['title'], $swap); $email_msg = ee()->functions->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ ee()->load->library('email'); ee()->email->wordwrap = true; $cur_email = $_POST['email'] == '' ? FALSE : $_POST['email']; if (!isset($sent)) { $sent = array(); } // Load the text helper ee()->load->helper('text'); foreach ($recipients as $val) { // We don't notify the person currently commenting. That would be silly. if (!in_array($val['0'], $sent)) { $title = $email_tit; $message = $email_msg; $sub = $subscriptions[$val['1']]; $sub_qs = 'id=' . $sub['subscription_id'] . '&hash=' . $sub['hash']; // Deprecate the {name} variable at some point $title = str_replace('{name}', $val['2'], $title); $message = str_replace('{name}', $val['2'], $message); $title = str_replace('{name_of_recipient}', $val['2'], $title); $message = str_replace('{name_of_recipient}', $val['2'], $message); $title = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $title); $message = str_replace('{notification_removal_url}', ee()->functions->fetch_site_index(0, 0) . QUERY_MARKER . 'ACT=' . $action_id . '&' . $sub_qs, $message); ee()->email->EE_initialize(); ee()->email->from(ee()->config->item('webmaster_email'), ee()->config->item('webmaster_name')); ee()->email->to($val['0']); ee()->email->subject($title); ee()->email->message(entities_to_ascii($message)); ee()->email->send(); $sent[] = $val['0']; } } } /** ---------------------------------------- /** Clear cache files /** ----------------------------------------*/ ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . $_POST['URI']); // clear out the entry_id version if the url_title is in the URI, and vice versa if (preg_match("#\\/" . preg_quote($url_title) . "\\/#", $_POST['URI'], $matches)) { ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . preg_replace("#" . preg_quote($matches['0']) . "#", "/{$data['entry_id']}/", $_POST['URI'])); } else { ee()->functions->clear_caching('all', ee()->functions->fetch_site_index() . preg_replace("#{$data['entry_id']}#", $url_title, $_POST['URI'])); } } /** ---------------------------------------- /** Set cookies /** ----------------------------------------*/ if ($notify == 'y') { ee()->functions->set_cookie('notify_me', 'yes', 60 * 60 * 24 * 365); } else { ee()->functions->set_cookie('notify_me', 'no', 60 * 60 * 24 * 365); } if (ee()->input->post('save_info')) { ee()->functions->set_cookie('save_info', 'yes', 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_name', $_POST['name'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_email', $_POST['email'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_url', $_POST['url'], 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_location', $_POST['location'], 60 * 60 * 24 * 365); } else { ee()->functions->set_cookie('save_info', 'no', 60 * 60 * 24 * 365); ee()->functions->set_cookie('my_name', ''); ee()->functions->set_cookie('my_email', ''); ee()->functions->set_cookie('my_url', ''); ee()->functions->set_cookie('my_location', ''); } // ------------------------------------------- // 'insert_comment_end' hook. // - More emails, more processing, different redirect // - $comment_id added in 1.6.1 // ee()->extensions->call('insert_comment_end', $data, $comment_moderate, $comment_id); if (ee()->extensions->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------------- /** Bounce user back to the comment page /** -------------------------------------------*/ if ($comment_moderate == 'y') { $data = array('title' => ee()->lang->line('cmt_comment_accepted'), 'heading' => ee()->lang->line('thank_you'), 'content' => ee()->lang->line('cmt_will_be_reviewed'), 'redirect' => $return_link, 'link' => array($return_link, ee()->lang->line('cmt_return_to_comments')), 'rate' => 3); ee()->output->show_message($data); } else { ee()->functions->redirect($return_link); } }