/** * gets (or creates) the captcha encryption key * * @return string */ function getCaptchaKey() { $key = getOption('zenphoto_captcha_key'); if (empty($key)) { $admins = getAdministrators(); if (count($admins) > 0) { $admin = array_shift($admins); $key = $admin['pass']; } else { $key = 'No admin set'; } $key = md5('zenphoto' . $key . 'captcha key'); setOption('zenphoto_captcha_key', $key); } return $key; }
function contactformOptions() { setOptionDefault('contactform_introtext', '<p>Fields with <strong>*</strong> are required. HTML or any other code is not allowed. A copy of your e-mail will automatically be sent to the address you provided for your own records.</p>'); setOptionDefault('contactform_confirmtext', '<p>Please confirm that you really want to send this email. Thanks.</p>'); setOptionDefault('contactform_thankstext', '<p>Thanks for your message. A copy has been sent to your provided e-mail adress for your own records.</p>'); setOptionDefault('contactform_title', "show"); setOptionDefault('contactform_name', "required"); setOptionDefault('contactform_company', "show"); setOptionDefault('contactform_street', "show"); setOptionDefault('contactform_city', "show"); setOptionDefault('contactform_country', "show"); setOptionDefault('contactform_email', "required"); setOptionDefault('contactform_website', "show"); setOptionDefault('contactform_phone', "show"); setOptionDefault('contactform_captcha', 0); setOptionDefault('contactform_subject', "required"); setOptionDefault('contactform_message', "required"); $admins = getAdministrators(); $admin = array_shift($admins); $adminname = $admin['user']; $adminemail = $admin['email']; setOptionDefault('contactform_mailaddress', $adminemail); }
} } if (isset($_POST['register_user'])) { $pass = trim($_POST['adminpass']); $user = trim($_POST['adminuser']); $admin_n = trim($_POST['admin_name']); $admin_e = trim($_POST['admin_email']); if (!empty($user) && !empty($admin_n) && !empty($admin_e)) { if ($pass == trim($_POST['adminpass_2'])) { if (empty($pass)) { $pwd = null; } else { $pwd = passwordHash($_POST['adminuser'], $pass); } $notify = ''; $currentadmins = getAdministrators(); foreach ($currentadmins as $admin) { if ($admin['user'] == $user) { $notify = 'exists'; break; } } if (!is_valid_email_zp($admin_e)) { $notify = 'invalidemail'; } if (empty($notify)) { saveAdmin($user, $pwd, $admin_n, $admin_e, 0, NULL); $link = FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))); $message = sprintf(gettext('You have received this email because you registered on the site. To complete your registration visit %s.'), $link); $headers = "From: " . get_language_string(getOption('gallery_title'), getOption('locale')) . "<zenphoto@" . $_SERVER['SERVER_NAME'] . ">"; $_zp_UTF8->send_mail($admin_e, gettext('Registration confirmation'), $message, $headers);
/** * Generic comment adding routine. Called by album objects or image objects * to add comments. * * Returns a code for the success of the comment add: * 0: Bad entry * 1: Marked for moderation * 2: Successfully posted * * @param string $name Comment author name * @param string $email Comment author email * @param string $website Comment author website * @param string $comment body of the comment * @param string $code Captcha code entered * @param string $code_ok Captcha md5 expected * @param string $type 'albums' if it is an album or 'images' if it is an image comment * @param object $receiver the object (image or album) to which to post the comment * @param string $ip the IP address of the comment poster * @param bool $private set to true if the comment is for the admin only * @param bool $anon set to true if the poster wishes to remain anonymous * @return int */ function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon) { global $_zp_captcha; $result = commentObjectClass($receiver); list($type, $class) = $result; $receiver->getComments(); $name = trim($name); $email = trim($email); $website = trim($website); $admins = getAdministrators(); $admin = array_shift($admins); $key = $admin['pass']; // Let the comment have trailing line breaks and space? Nah... // Also (in)validate HTML here, and in $name. $comment = trim($comment); if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) { return -2; } if (getOption('comment_name_required') && empty($name)) { return -3; } if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) { return -4; } if (getOption('Use_Captcha')) { if (!$_zp_captcha->checkCaptcha($code, $code_ok)) { return -5; } } if (empty($comment)) { return -6; } if (!empty($website) && substr($website, 0, 7) != "http://") { $website = "http://" . $website; } $goodMessage = 2; $gallery = new gallery(); if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) { require_once $requirePath; $spamfilter = new SpamFilter(); $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip); } if ($goodMessage) { if ($goodMessage == 1) { $moderate = 1; } else { $moderate = 0; } if ($private) { $private = 1; } else { $private = 0; } if ($anon) { $anon = 1; } else { $anon = 0; } $receiverid = $receiver->id; // Update the database entry with the new comment query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")'); if ($moderate) { $action = "placed in moderation"; } else { // add to comments array and notify the admin user $newcomment = array(); $newcomment['name'] = $name; $newcomment['email'] = $email; $newcomment['website'] = $website; $newcomment['comment'] = $comment; $newcomment['date'] = time(); $receiver->comments[] = $newcomment; $action = "posted"; } // switch added for zenpage support $class = get_class($receiver); switch ($class) { case "Albums": $on = $receiver->name; $url = "album=" . urlencode($receiver->name); $ur_album = getUrAlbum($receiver); break; case "ZenpageNews": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink()); break; case "ZenpagePage": $on = $receiver->getTitlelink(); $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink()); break; default: // all image types $on = $receiver->getAlbumName() . " about " . $receiver->getTitle(); $url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename); $album = $receiver->getAlbum(); $ur_album = getUrAlbum($album); break; } if (getOption('email_new_comments')) { $last_comment = fetchComments(1); $last_comment = $last_comment[0]['id']; $message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n"; $emails = array(); $admin_users = getAdministrators(); foreach ($admin_users as $admin) { // mail anyone else with full rights if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) { $emails[] = $admin['email']; unset($admin_users[$admin['id']]); } } // take out for zenpage comments since there are no album admins if ($type === "images" or $type === "albums") { $id = $ur_album->getAlbumID(); $sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}"; $result = query_full_array($sql); foreach ($result as $anadmin) { $admin = $admin_users[$anadmin['adminid']]; if (!empty($admin['email'])) { $emails[] = $admin['email']; } } } zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails); } } return $goodMessage; }
//är den closed kan man inte välja ASSIGNED echo "<option value=\"" . $i . "\">" . $todo_item_status[$i]; } } } } echo "</select> <input type=\"submit\" value=\"Change\">"; echo "</td></form></tr>"; echo "<tr><td>Assigned to: </td>"; echo "<form name=\"assignto\" method=\"post\" action=\"" . $_SERVER["PHP_SELF"] . "?id=" . $itemId . "\">"; echo "<td>"; if (!$item["assignedTo"]) { if ($item["itemStatus"] != TODO_ITEM_CLOSED) { echo "Nobody, assign to "; echo "<select name=\"assignto\">"; $adminlist = getAdministrators($db); for ($i = 0; $i < count($adminlist); $i++) { echo "<option value=\"" . $adminlist[$i]["userId"] . "\">" . $adminlist[$i]["userName"]; } echo "</select> <input type=\"submit\" value=\"Assign\">"; } else { echo "Nobody"; } } else { echo "<a href=\"show_user.php?id=" . $item["assignedTo"] . "\">" . getUserName($db, $item["assignedTo"]) . "</a>"; if ($item["assignedTo"] == $_SESSION["userId"]) { echo ", <a href=\"" . $_SERVER["PHP_SELF"] . "?id=" . $itemId . "&unassign=1\">unassign</a>"; } else { echo ", only he can unassign himself."; } }
?> <div id="container"> <?php if (isset($_GET['saved'])) { echo '<div class="messagebox" id="fade-message">'; echo "<h2>" . gettext("Saved") . "</h2>"; echo '</div>'; } printSubtabs($tabs); if ($subtab == 'admin') { ?> <div id="tab_admin" class="box" style="padding: 15px;"> <?php if ($_zp_loggedin & ADMIN_RIGHTS) { $alterrights = ''; $admins = getAdministrators(); if (!$_zp_null_account || count($admins) == 0) { $admins[''] = array('id' => -1, 'user' => '', 'pass' => '', 'name' => '', 'email' => '', 'rights' => ALL_RIGHTS ^ ALL_ALBUMS_RIGHTS); } } else { $alterrights = ' DISABLED'; global $_zp_current_admin; $admins = array($_zp_current_admin['user'] => $_zp_current_admin); echo "<input type=\"hidden\" name=\"alter_enabled\" value=\"no\" />"; } if (isset($_GET['mismatch'])) { if ($_GET['mismatch'] == 'mismatch') { $msg = gettext('You must supply a password'); } else { $msg = gettext('Your passwords did not match'); }
$v = sanitize($conf[$option], 2); } if (!isset($v) || empty($v)) { $v = $default; } setOptionDefault($option, $v); } require dirname(__FILE__) . '/zp-config.php'; setOption('zenphoto_release', ZENPHOTO_RELEASE); //clear out old admin user and cleartext password unset($_zp_conf_vars['adminuser']); unset($_zp_conf_vars['adminpass']); $admin = getOption('adminuser'); if (!empty($admin)) { // transfer the old credentials and then remove them if (count(getAdministrators()) == 0) { // don't revert anything! $pass = getOption('adminpass'); $string = preg_replace("/[^a-f0-9]/", "", $pass); if (strlen($pass) == 32 && $pass == $string) { // best guess it that it is a md5 pasword, not cleartext saveAdmin($admin, $pass, getOption('admin_name'), getOption('admin_email'), ALL_RIGHTS, array()); } } $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="adminuser"'; query($sql); $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="adminpass"'; query($sql); $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="admin_name"'; query($sql); $sql = 'DELETE FROM ' . prefix('options') . ' WHERE `name`="admin_email"';
/** * Returns the email addresses of the Admin with ADMIN_USERS rights * * @param bit $rights what kind of admins to retrieve * @return array */ function getAdminEmail($rights = ADMIN_RIGHTS) { $emails = array(); $admins = getAdministrators(); $user = array_shift($admins); if (!empty($user['email'])) { $emails[] = $user['email']; } foreach ($admins as $user) { if ($user['rights'] & $rights && !empty($user['email'])) { $emails[] = $user['email']; } } return $emails; }