/** * returns true if all addresses are valid */ function validAddresses() { foreach ($this->addresses as $address) { if (!isValidMailAddress(trim($address))) { return 0; } } return 1; }
/** * Adds a new member * * @static */ function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes) { if (!isValidMailAddress($email)) { return _ERROR_BADMAILADDRESS; } if (!isValidDisplayName($name)) { return _ERROR_BADNAME; } if (MEMBER::exists($name)) { return _ERROR_NICKNAMEINUSE; } if (!$realname) { return _ERROR_REALNAMEMISSING; } if (!$password) { return _ERROR_PASSWORDMISSING; } # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: !eregi("^https?://", $url) // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. if (!preg_match('#^https?://#', $url)) { $url = 'http://' . $url; } // end if $name = sql_real_escape_string($name); $realname = sql_real_escape_string($realname); $password = sql_real_escape_string(md5($password)); $email = sql_real_escape_string($email); $url = sql_real_escape_string($url); $admin = intval($admin); $canlogin = intval($canlogin); $notes = sql_real_escape_string($notes); if ($admin && !$canlogin) { return _ERROR; } $query = 'INSERT INTO ' . sql_table('member') . " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) " . "VALUES ('{$name}','{$realname}','{$password}','{$email}','{$url}',{$admin}, {$canlogin}, '{$notes}')"; sql_query($query); ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name); return 1; }
/** * @todo document this */ function action_settingsupdate() { global $member, $CONF; $member->isAdmin() or $this->disallow(); // check if email address for admin is valid if (!isValidMailAddress(postVar('AdminEmail'))) { $this->error(_ERROR_BADMAILADDRESS); } // save settings $this->updateConfig('DefaultBlog', postVar('DefaultBlog')); $this->updateConfig('BaseSkin', postVar('BaseSkin')); $this->updateConfig('IndexURL', postVar('IndexURL')); $this->updateConfig('AdminURL', postVar('AdminURL')); $this->updateConfig('PluginURL', postVar('PluginURL')); $this->updateConfig('SkinsURL', postVar('SkinsURL')); $this->updateConfig('ActionURL', postVar('ActionURL')); $this->updateConfig('Language', postVar('Language')); $this->updateConfig('AdminEmail', postVar('AdminEmail')); $this->updateConfig('SessionCookie', postVar('SessionCookie')); $this->updateConfig('AllowMemberCreate', postVar('AllowMemberCreate')); $this->updateConfig('AllowMemberMail', postVar('AllowMemberMail')); $this->updateConfig('NonmemberMail', postVar('NonmemberMail')); $this->updateConfig('ProtectMemNames', postVar('ProtectMemNames')); $this->updateConfig('SiteName', postVar('SiteName')); $this->updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon')); $this->updateConfig('DisableSite', postVar('DisableSite')); $this->updateConfig('DisableSiteURL', postVar('DisableSiteURL')); $this->updateConfig('LastVisit', postVar('LastVisit')); $this->updateConfig('MediaURL', postVar('MediaURL')); $this->updateConfig('AllowedTypes', postVar('AllowedTypes')); $this->updateConfig('AllowUpload', postVar('AllowUpload')); $this->updateConfig('MaxUploadSize', postVar('MaxUploadSize')); $this->updateConfig('MediaPrefix', postVar('MediaPrefix')); $this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit')); $this->updateConfig('DisableJsTools', postVar('DisableJsTools')); $this->updateConfig('CookieDomain', postVar('CookieDomain')); $this->updateConfig('CookiePath', postVar('CookiePath')); $this->updateConfig('CookieSecure', postVar('CookieSecure')); $this->updateConfig('URLMode', postVar('URLMode')); $this->updateConfig('CookiePrefix', postVar('CookiePrefix')); $this->updateConfig('DebugVars', postVar('DebugVars')); $this->updateConfig('DefaultListSize', postVar('DefaultListSize')); $this->updateConfig('AdminCSS', postVar('AdminCSS')); // load new config and redirect (this way, the new language will be used is necessary) // note that when changing cookie settings, this redirect might cause the user // to have to log in again. getConfig(); redirect($CONF['AdminURL'] . '?action=manage'); exit; }
/** * Checks if a comment is valid and call plugins * that can check if the comment is a spam comment */ function isValidComment(&$comment, &$spamcheck) { global $member, $manager; // check if there exists a item for this date $item =& $manager->getItem($this->itemid, 0, 0); if (!$item) { return _ERROR_NOSUCHITEM; } if ($item['closed']) { return _ERROR_ITEMCLOSED; } # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi comparison: eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}', $comment['body']) != FALSE // don't allow words that are too long if (preg_match('/[a-zA-Z0-9|\\.,;:!\\?=\\/\\\\]{90,90}/', $comment['body']) != 0) { return _ERROR_COMMENT_LONGWORD; } // check lengths of comment if (strlen($comment['body']) < 3) { return _ERROR_COMMENT_NOCOMMENT; } if (strlen($comment['body']) > 5000) { return _ERROR_COMMENT_TOOLONG; } // only check username if no member logged in if (!$member->isLoggedIn()) { if (strlen($comment['user']) < 2) { return _ERROR_COMMENT_NOUSERNAME; } } if (strlen($comment['email']) != 0 && !isValidMailAddress(trim($comment['email']))) { return _ERROR_BADMAILADDRESS; } // let plugins do verification (any plugin which thinks the comment is invalid // can change 'error' to something other than '1') $result = 1; $manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck)); return $result; }
/** * Checks if a mail to a member is allowed * Returns a string with the error message if the mail is disallowed */ function validateMessage() { global $CONF, $member, $manager; if (!$CONF['AllowMemberMail']) { return _ERROR_MEMBERMAILDISABLED; } if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) { return _ERROR_DISALLOWED; } if (!$member->isLoggedIn() && !isValidMailAddress(postVar('frommail'))) { return _ERROR_BADMAILADDRESS; } // let plugins do verification (any plugin which thinks the comment is invalid // can change 'error' to something other than '') $result = ''; $manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result)); return $result; }
/** * Parse templatevar useremail */ function parse_useremail() { global $manager; if ($this->currentComment['memberid'] > 0) { $member =& $manager->getMember($this->currentComment['memberid']); if ($member->email != '') { echo $member->email; } } else { if (isValidMailAddress($this->currentComment['email'])) { echo $this->currentComment['email']; } elseif (isValidMailAddress($this->currentComment['userid'])) { echo $this->currentComment['userid']; } // if (!(strpos($this->currentComment['userlinkraw'], 'mailto:') === false)) // echo str_replace('mailto:', '', $this->currentComment['userlinkraw']); } }