/**
* returns true if all addresses are valid
*/
function validAddresses()
{
foreach ($this->addresses as $address) {
if (!isValidMailAddress(trim($address))) {
return 0;
}
}
return 1;
}
/**
* Adds a new member
*
* @static
*/
function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes)
{
if (!isValidMailAddress($email)) {
return _ERROR_BADMAILADDRESS;
}
if (!isValidDisplayName($name)) {
return _ERROR_BADNAME;
}
if (MEMBER::exists($name)) {
return _ERROR_NICKNAMEINUSE;
}
if (!$realname) {
return _ERROR_REALNAMEMISSING;
}
if (!$password) {
return _ERROR_PASSWORDMISSING;
}
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi: !eregi("^https?://", $url)
// begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
if (!preg_match('#^https?://#', $url)) {
$url = 'http://' . $url;
}
// end if
$name = sql_real_escape_string($name);
$realname = sql_real_escape_string($realname);
$password = sql_real_escape_string(md5($password));
$email = sql_real_escape_string($email);
$url = sql_real_escape_string($url);
$admin = intval($admin);
$canlogin = intval($canlogin);
$notes = sql_real_escape_string($notes);
if ($admin && !$canlogin) {
return _ERROR;
}
$query = 'INSERT INTO ' . sql_table('member') . " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) " . "VALUES ('{$name}','{$realname}','{$password}','{$email}','{$url}',{$admin}, {$canlogin}, '{$notes}')";
sql_query($query);
ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name);
return 1;
}
/**
* @todo document this
*/
function action_settingsupdate()
{
global $member, $CONF;
$member->isAdmin() or $this->disallow();
// check if email address for admin is valid
if (!isValidMailAddress(postVar('AdminEmail'))) {
$this->error(_ERROR_BADMAILADDRESS);
}
// save settings
$this->updateConfig('DefaultBlog', postVar('DefaultBlog'));
$this->updateConfig('BaseSkin', postVar('BaseSkin'));
$this->updateConfig('IndexURL', postVar('IndexURL'));
$this->updateConfig('AdminURL', postVar('AdminURL'));
$this->updateConfig('PluginURL', postVar('PluginURL'));
$this->updateConfig('SkinsURL', postVar('SkinsURL'));
$this->updateConfig('ActionURL', postVar('ActionURL'));
$this->updateConfig('Language', postVar('Language'));
$this->updateConfig('AdminEmail', postVar('AdminEmail'));
$this->updateConfig('SessionCookie', postVar('SessionCookie'));
$this->updateConfig('AllowMemberCreate', postVar('AllowMemberCreate'));
$this->updateConfig('AllowMemberMail', postVar('AllowMemberMail'));
$this->updateConfig('NonmemberMail', postVar('NonmemberMail'));
$this->updateConfig('ProtectMemNames', postVar('ProtectMemNames'));
$this->updateConfig('SiteName', postVar('SiteName'));
$this->updateConfig('NewMemberCanLogon', postVar('NewMemberCanLogon'));
$this->updateConfig('DisableSite', postVar('DisableSite'));
$this->updateConfig('DisableSiteURL', postVar('DisableSiteURL'));
$this->updateConfig('LastVisit', postVar('LastVisit'));
$this->updateConfig('MediaURL', postVar('MediaURL'));
$this->updateConfig('AllowedTypes', postVar('AllowedTypes'));
$this->updateConfig('AllowUpload', postVar('AllowUpload'));
$this->updateConfig('MaxUploadSize', postVar('MaxUploadSize'));
$this->updateConfig('MediaPrefix', postVar('MediaPrefix'));
$this->updateConfig('AllowLoginEdit', postVar('AllowLoginEdit'));
$this->updateConfig('DisableJsTools', postVar('DisableJsTools'));
$this->updateConfig('CookieDomain', postVar('CookieDomain'));
$this->updateConfig('CookiePath', postVar('CookiePath'));
$this->updateConfig('CookieSecure', postVar('CookieSecure'));
$this->updateConfig('URLMode', postVar('URLMode'));
$this->updateConfig('CookiePrefix', postVar('CookiePrefix'));
$this->updateConfig('DebugVars', postVar('DebugVars'));
$this->updateConfig('DefaultListSize', postVar('DefaultListSize'));
$this->updateConfig('AdminCSS', postVar('AdminCSS'));
// load new config and redirect (this way, the new language will be used is necessary)
// note that when changing cookie settings, this redirect might cause the user
// to have to log in again.
getConfig();
redirect($CONF['AdminURL'] . '?action=manage');
exit;
}
/**
* Checks if a comment is valid and call plugins
* that can check if the comment is a spam comment
*/
function isValidComment(&$comment, &$spamcheck)
{
global $member, $manager;
// check if there exists a item for this date
$item =& $manager->getItem($this->itemid, 0, 0);
if (!$item) {
return _ERROR_NOSUCHITEM;
}
if ($item['closed']) {
return _ERROR_ITEMCLOSED;
}
# replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
# original eregi comparison: eregi('[a-zA-Z0-9|\.,;:!\?=\/\\]{90,90}', $comment['body']) != FALSE
// don't allow words that are too long
if (preg_match('/[a-zA-Z0-9|\\.,;:!\\?=\\/\\\\]{90,90}/', $comment['body']) != 0) {
return _ERROR_COMMENT_LONGWORD;
}
// check lengths of comment
if (strlen($comment['body']) < 3) {
return _ERROR_COMMENT_NOCOMMENT;
}
if (strlen($comment['body']) > 5000) {
return _ERROR_COMMENT_TOOLONG;
}
// only check username if no member logged in
if (!$member->isLoggedIn()) {
if (strlen($comment['user']) < 2) {
return _ERROR_COMMENT_NOUSERNAME;
}
}
if (strlen($comment['email']) != 0 && !isValidMailAddress(trim($comment['email']))) {
return _ERROR_BADMAILADDRESS;
}
// let plugins do verification (any plugin which thinks the comment is invalid
// can change 'error' to something other than '1')
$result = 1;
$manager->notify('ValidateForm', array('type' => 'comment', 'comment' => &$comment, 'error' => &$result, 'spamcheck' => &$spamcheck));
return $result;
}
/**
* Checks if a mail to a member is allowed
* Returns a string with the error message if the mail is disallowed
*/
function validateMessage()
{
global $CONF, $member, $manager;
if (!$CONF['AllowMemberMail']) {
return _ERROR_MEMBERMAILDISABLED;
}
if (!$member->isLoggedIn() && !$CONF['NonmemberMail']) {
return _ERROR_DISALLOWED;
}
if (!$member->isLoggedIn() && !isValidMailAddress(postVar('frommail'))) {
return _ERROR_BADMAILADDRESS;
}
// let plugins do verification (any plugin which thinks the comment is invalid
// can change 'error' to something other than '')
$result = '';
$manager->notify('ValidateForm', array('type' => 'membermail', 'error' => &$result));
return $result;
}
/**
* Parse templatevar useremail
*/
function parse_useremail()
{
global $manager;
if ($this->currentComment['memberid'] > 0) {
$member =& $manager->getMember($this->currentComment['memberid']);
if ($member->email != '') {
echo $member->email;
}
} else {
if (isValidMailAddress($this->currentComment['email'])) {
echo $this->currentComment['email'];
} elseif (isValidMailAddress($this->currentComment['userid'])) {
echo $this->currentComment['userid'];
}
// if (!(strpos($this->currentComment['userlinkraw'], 'mailto:') === false))
// echo str_replace('mailto:', '', $this->currentComment['userlinkraw']);
}
}
