function pCheckAddress($sAddress, $sMailserver) { if (!is_valid_email_address($sAddress)) { return CA_ERROR_ADDRESS_INVALID; } $fp = @fsockopen($sMailserver, 25, $errno, $errstr, $this->nConnectTimeout); if (!$fp) { return CA_ERROR_CONNECT; } $sResp = $this->send_command($fp, "HELO " . $this->sHostname); $sCode = $this->extract_return_code($sResp); if ($sCode != '220') { $this->close($fp); return CA_ERROR_UNKOWN; } $sResp = $this->send_command($fp, "MAIL FROM: <" . $this->sFrom . ">"); $sCode = $this->extract_return_code($sResp); if ($sCode != '250') { $this->close($fp); return CA_ERROR_UNKOWN; } $sResp = $this->send_command($fp, "RCPT TO: <" . $sAddress . ">"); $sCode = $this->extract_return_code($sResp); if (strlen($sCode) == 3 && substr($sCode, 0, 1) == '4') { $this->close($fp); return CA_ERROR_TEMPORARY; } else { if ($sCode == '553' && $sCode == '550') { $this->close($fp); return CA_ERROR_USER_UNKOWN; } else { if ($sCode == '250') { $this->close($fp); return CA_OK; } } } $this->close($fp); return CA_ERROR_UNKOWN; }
/** * Standard modular run function. * * @param array A map of parameters. * @return tempcode The result of execution. */ function run($map) { require_lang('newsletter'); require_lang('javascript'); $newsletter_id = array_key_exists('param', $map) ? intval($map['param']) : db_get_first_id(); $_newsletter_title = $GLOBALS['SITE_DB']->query_value_null_ok('newsletters', 'title', array('id' => $newsletter_id)); if (is_null($_newsletter_title)) { return paragraph(do_lang_tempcode('MISSING_RESOURCE')); } $newsletter_title = get_translated_text($_newsletter_title); $address = post_param('address' . strval($newsletter_id), ''); if ($address != '') { require_code('newsletter'); require_code('type_validation'); if (!is_valid_email_address($address)) { $msg = do_template('INLINE_WIP_MESSAGE', array('MESSAGE' => do_lang_tempcode('INVALID_EMAIL_ADDRESS'))); return do_template('BLOCK_MAIN_NEWSLETTER_SIGNUP', array('URL' => get_self_url(), 'MSG' => $msg)); } if (!array_key_exists('path', $map)) { $map['path'] = 'uploads/website_specific/signup.txt'; } require_code('character_sets'); $password = basic_newsletter_join($address, 4, NULL, !file_exists(get_custom_file_base() . '/' . $map['path']), $newsletter_id, post_param('firstname' . strval($newsletter_id), ''), post_param('lastname' . strval($newsletter_id), '')); if ($password == '') { return do_template('INLINE_WIP_MESSAGE', array('MESSAGE' => do_lang_tempcode('NEWSLETTER_THIS_ALSO'))); } if ($password == do_lang('NA')) { $manage_url = build_url(array('page' => 'newsletter', 'email' => $address), get_module_zone('newsletter')); return do_template('INLINE_WIP_MESSAGE', array('MESSAGE' => do_lang_tempcode('ALREADY_EMAIL_ADDRESS', escape_html($manage_url->evaluate())))); } require_code('mail'); if (file_exists(get_custom_file_base() . '/' . $map['path'])) { $url = (url_is_local($map['path']) ? get_custom_base_url() . '/' : '') . $map['path']; mail_wrap(array_key_exists('subject', $map) ? $map['subject'] : do_lang('WELCOME'), convert_to_internal_encoding(http_download_file($url)), array($address), array_key_exists('to', $map) ? $map['to'] : '', '', '', 3, NULL, false, NULL, true); } return do_template('BLOCK_MAIN_NEWSLETTER_SIGNUP_DONE', array('_GUID' => '9953c83685df4970de8f23fcd5dd15bb', 'NEWSLETTER_TITLE' => $newsletter_title, 'NID' => strval($newsletter_id), 'PASSWORD' => $password)); } else { return do_template('BLOCK_MAIN_NEWSLETTER_SIGNUP', array('NEWSLETTER_TITLE' => $newsletter_title, 'NID' => strval($newsletter_id), 'URL' => get_self_url())); } }
public function checkEmail($email) { if(!$email) { $this->errors = 'Email is required<br/>'; return false; } if(!is_valid_email_address($email)) { $this->errors = 'Incorrect email<br/>'; return false; } if($this->isEmailExists($email)) { $this->errors = 'This is email is already exists<br/>'; return false; } return true; }
//Preprocessing if ($error == false) { //set here the template to process $tplname = 'activation'; //load language specific variables require_once $stylepath . '/' . $tplname . '.inc.php'; $email = isset($_REQUEST['email']) ? $_REQUEST['email'] : ''; $code = isset($_REQUEST['code']) ? $_REQUEST['code'] : ''; tpl_set_var('email', htmlspecialchars($email, ENT_COMPAT, 'UTF-8')); tpl_set_var('code', htmlspecialchars($code, ENT_COMPAT, 'UTF-8')); tpl_set_var('message_start', '<!--'); tpl_set_var('message_end', '-->'); tpl_set_var('message', ''); tpl_set_var('email_message', ''); if (isset($_REQUEST['submit'])) { $email_not_ok = is_valid_email_address($email) ? false : true; if ($email_not_ok == true) { tpl_set_var('email_message', $message_email_notok); } else { $rs = sql("SELECT `user_id` `id`, `activation_code` `code` FROM `user` WHERE `email`='&1'", $email); if ($r = sql_fetch_array($rs)) { if ($r['code'] == $code && $code != '') { // ok, account aktivieren sql("UPDATE `user` SET `is_active_flag`=1, `activation_code`='' WHERE `user_id`='&1'", $r['id']); $tplname = 'activation_confirm'; } else { tpl_set_var('message_start', ''); tpl_set_var('message_end', ''); tpl_set_var('message', $message_no_success); } } else {
# # run the tests # $totals = array( 'all' => 0, 'public' => 0, 'strict' => 0, ); foreach ($tests as $k => $v){ $tests[$k]['expected'] = $v['valid'] ? 1 : 0; $tests[$k]['result_public'] = is_valid_email_address($v['address']) ? 1 : 0; $tests[$k]['result_strict'] = is_valid_email_address($v['address'], array('public_internet' => false)) ? 1 : 0; $totals['all']++; $totals['public'] += ($tests[$k]['result_public'] == $tests[$k]['expected']) ? 1 : 0; $totals['strict'] += ($tests[$k]['result_strict'] == $tests[$k]['expected']) ? 1 : 0; } function is_valid($x){ return $x ? 'Valid' : 'Invalid'; } function show_escapes($s){ return str_replace(array("\r","\n"," ","\0"), array("&#13;","&#10;"," ","&#0;"), $s); } ?>
/** * Type-check the specified parameter (giving an error if the type checking fails) [just value against type] * * @param ID_TEXT The parameter type * @param string The functions name (used in error message) * @param string The parameter name (used in error message) * @param mixed The parameters value (cannot be null) * @param boolean Whether we just echo errors instead of exiting */ function test_fail_php_type_check($type, $function_name, $name, $value, $echo = false) { $null_allowed = $type[0] == '?'; $false_allowed = $type[0] == '~'; $_type = $null_allowed || $false_allowed ? substr($type, 1) : $type; if ($value === false && !$false_allowed && !in_array($_type, array('mixed', 'boolean'))) { fatal_exit(do_lang_tempcode('UNALLOWED_NULL', escape_html($name), escape_html($function_name), array('false'))); } if (is_null($value) && !$null_allowed) { fatal_exit(do_lang_tempcode('UNALLOWED_NULL', escape_html($name), escape_html($function_name), array('NULL'))); } if ($_type == 'mixed') { return; } switch ($_type) { case 'integer': if (!is_integer($value) && (!is_float($value) || strval(intval(round($value))) != strval($value))) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'UINTEGER': if (!is_integer($value) && (!is_float($value) || strval(intval(round($value))) != strval($value)) || $value < 0) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'resource': if (!is_resource($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'object': if (!is_object($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'tempcode': if (!is_object($value) || !is_a($value, 'ocp_tempcode')) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'REAL': case 'float': if (!is_float($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'boolean': if (!is_bool($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'list': if (!is_array($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'map': if (!is_array($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'array': if (!is_array($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'string': if (!is_string($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'PATH': if (!is_string($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'MD5': if (!is_string($value) || strlen($value) > 33) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'EMAIL': if (!is_string($value) || is_valid_email_address($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'URLPATH': if (!is_string($value) || strlen($value) > 127) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'LONG_TEXT': if (!is_string($value)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'MINIID_TEXT': if (!is_string($value) || strlen($value) > 40) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'ID_TEXT': if (!is_string($value) || strlen($value) > 80) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'LANGUAGE_NAME': global $LANG_TD_MAP; if (is_null($LANG_TD_MAP)) { $LANG_TD_MAP = better_parse_ini_file(get_file_base() . '/lang/langs.ini'); } if (!is_string($value) || !array_key_exists($value, $LANG_TD_MAP)) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'IP': if (!is_string($value) || strlen($value) > 40 || strlen($value) < 7 && $value != '' || count(explode('.', $value)) != 4 && $value != '' && count(explode(':', $value)) < 3) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'SHORT_TEXT': if (!is_string($value) || strlen($value) > 255) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'SHORT_INTEGER': if (!is_integer($value) || $value > 255 || $value < 0) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'AUTO_LINK': if (!is_integer($value) || $value < -1) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } // -1 means something different to NULL break; case 'BINARY': if (!is_integer($value) || $value != 0 && $value != 1) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'MEMBER': if (!is_integer($value) || $value < $GLOBALS['FORUM_DRIVER']->get_guest_id()) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; case 'TIME': if (!is_integer($value) || $value > time() + 500000000 || $value < 1000) { _fail_php_type_check($type, $function_name, $name, $value, $echo); } break; } }
static function get_by_email($email) { $email = trim(strtolower($email)); if (!is_valid_email_address($email)) { return false; } $db = Get::db('songwork'); $db->query("SELECT * FROM persons WHERE LOWER(email)='" . $db->escape($email) . "' LIMIT 1"); return $db->num_rows() == 0 ? false : new Person($db->next_record()); }
/** * Test email based on RFC 822/2822/5322 Email Parser * @copyright Cal Henderson <*****@*****.**> * * @param string email address * @return bool */ function is_valid_email($email, $options = array()) { // IDN conversion $email = idn_encode($email); // wrapped by default function as used since long time in phpwcms return is_valid_email_address($email, $options); }
/** * Add a member. * * @param SHORT_TEXT The username. * @param SHORT_TEXT The password. * @param SHORT_TEXT The e-mail address. * @param ?array A list of usergroups (NULL: default/current usergroups). * @param ?integer Day of date of birth (NULL: unknown). * @param ?integer Month of date of birth (NULL: unknown). * @param ?integer Year of date of birth (NULL: unknown). * @param array A map of custom field values (field-id=>value). * @param ?ID_TEXT The member timezone (NULL: auto-detect). * @param ?GROUP The member's primary (NULL: default). * @param BINARY Whether the profile has been validated. * @param ?TIME When the member joined (NULL: now). * @param ?TIME When the member last visited (NULL: now). * @param ID_TEXT The member's default theme. * @param ?URLPATH The URL to the member's avatar (blank: none) (NULL: choose one automatically). * @param LONG_TEXT The member's signature (blank: none). * @param BINARY Whether the member is permanently banned. * @param BINARY Whether posts are previewed before they are made. * @param BINARY Whether the member's age may be shown. * @param SHORT_TEXT The member's title (blank: get from primary). * @param URLPATH The URL to the member's photo (blank: none). * @param URLPATH The URL to the member's photo thumbnail (blank: none). * @param BINARY Whether the member sees signatures in posts. * @param ?BINARY Whether the member automatically is enabled for notifications for content they contribute to (NULL: get default from config). * @param ?LANGUAGE_NAME The member's language (NULL: auto detect). * @param BINARY Whether the member allows e-mails via the site. * @param BINARY Whether the member allows e-mails from staff via the site. * @param LONG_TEXT Personal notes of the member. * @param ?IP The member's IP address (NULL: IP address of current user). * @param SHORT_TEXT The code required before the account becomes active (blank: already entered). * @param boolean Whether to check details for correctness. * @param ?ID_TEXT The compatibility scheme that the password operates in (blank: none) (NULL: none [meaning normal ocPortal salted style] or plain, depending on whether passwords are encrypted). * @param SHORT_TEXT The password salt (blank: password compatibility scheme does not use a salt / auto-generate). * @param BINARY Whether the member likes to view zones without menus, when a choice is available. * @param ?TIME The time the member last made a submission (NULL: set to now). * @param ?AUTO_LINK Force an ID (NULL: don't force an ID) * @param BINARY Whether the member username will be highlighted. * @param SHORT_TEXT Usergroups that may PT the member. * @param LONG_TEXT Rules that other members must agree to before they may start a PT with the member. * @return AUTO_LINK The ID of the new member. */ function ocf_make_member($username, $password, $email_address, $secondary_groups, $dob_day, $dob_month, $dob_year, $custom_fields, $timezone = NULL, $primary_group = NULL, $validated = 1, $join_time = NULL, $last_visit_time = NULL, $theme = '', $avatar_url = NULL, $signature = '', $is_perm_banned = 0, $preview_posts = 0, $reveal_age = 1, $title = '', $photo_url = '', $photo_thumb_url = '', $views_signatures = 1, $auto_monitor_contrib_content = NULL, $language = NULL, $allow_emails = 1, $allow_emails_from_staff = 1, $personal_notes = '', $ip_address = NULL, $validated_email_confirm_code = '', $check_correctness = true, $password_compatibility_scheme = NULL, $salt = '', $zone_wide = 1, $last_submit_time = NULL, $id = NULL, $highlighted_name = 0, $pt_allow = '*', $pt_rules_text = '') { if (is_null($auto_monitor_contrib_content)) { $auto_monitor_contrib_content = get_value('no_auto_notifications') === '1' ? 0 : 1; } if (is_null($password_compatibility_scheme)) { if (get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; } else { $password_compatibility_scheme = ''; } } if (is_null($language)) { $language = ''; } if (is_null($signature)) { $signature = ''; } if (is_null($title)) { $title = ''; } if (is_null($timezone)) { $timezone = get_site_timezone(); } if (is_null($allow_emails)) { $allow_emails = 1; } if (is_null($allow_emails_from_staff)) { $allow_emails_from_staff = 1; } if (is_null($personal_notes)) { $personal_notes = ''; } if (is_null($avatar_url)) { if ($GLOBALS['IN_MINIKERNEL_VERSION'] == 1 || !addon_installed('ocf_member_avatars')) { $avatar_url = ''; } else { if (get_option('random_avatars') == '1' && !running_script('stress_test_loader')) { require_code('themes2'); $codes = get_all_image_ids_type('ocf_default_avatars/default_set', false, $GLOBALS['FORUM_DB']); shuffle($codes); $results = array(); foreach ($codes as $code) { if (strpos($code, 'ocp_fanatic') !== false) { continue; } $count = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT SUM(m_cache_num_posts) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_members WHERE ' . db_string_equal_to('m_avatar_url', find_theme_image($code, false, true))); if (is_null($count)) { $count = 0; } $results[$code] = $count; } @asort($results); // @'d as type checker fails for some odd reason $found_avatars = array_keys($results); $avatar_url = find_theme_image(array_shift($found_avatars), true, true); } if (is_null($avatar_url)) { $GLOBALS['SITE_DB']->query_delete('theme_images', array('id' => 'ocf_default_avatars/default', 'path' => '')); // In case failure cached, gets very confusing $avatar_url = find_theme_image('ocf_default_avatars/default', true, true); if (is_null($avatar_url)) { $avatar_url = ''; } } } } if ($check_correctness) { if (!in_array($password_compatibility_scheme, array('ldap', 'httpauth'))) { ocf_check_name_valid($username, NULL, $password_compatibility_scheme == '' ? $password : NULL); } if (!function_exists('has_actual_page_access') || !has_actual_page_access(get_member(), 'admin_ocf_join')) { require_code('type_validation'); if (!is_valid_email_address($email_address) && $email_address != '') { warn_exit(do_lang_tempcode('_INVALID_EMAIL_ADDRESS', escape_html($email_address))); } } } require_code('ocf_members'); require_code('ocf_groups'); if (is_null($last_submit_time)) { $last_submit_time = time(); } if (is_null($join_time)) { $join_time = time(); } if (is_null($last_visit_time)) { $last_visit_time = time(); } if (is_null($primary_group)) { $primary_group = get_first_default_group(); // This is members } if (is_null($secondary_groups)) { $secondary_groups = ocf_get_all_default_groups(false); } foreach ($secondary_groups as $_g_id => $g_id) { if ($g_id == $primary_group) { unset($secondary_groups[$_g_id]); } } if (is_null($ip_address)) { $ip_address = get_ip_address(); } if ($password_compatibility_scheme == '' && get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; $salt = ''; } if ($salt == '' && $password_compatibility_scheme == '') { $salt = produce_salt(); $password_salted = md5($salt . md5($password)); } else { $password_salted = $password; } // Supplement custom field values given with defaults, and check constraints $all_fields = list_to_map('id', ocf_get_all_custom_fields_match($secondary_groups)); require_code('fields'); foreach ($all_fields as $field) { $field_id = $field['id']; if (array_key_exists($field_id, $custom_fields)) { if ($check_correctness && $field[array_key_exists('cf_show_on_join_form', $field) ? 'cf_show_on_join_form' : 'cf_required'] == 0 && $field['cf_owner_set'] == 0 && !has_actual_page_access(get_member(), 'admin_ocf_join')) { access_denied('I_ERROR'); } } else { $custom_fields[$field_id] = ''; } } if (!addon_installed('unvalidated')) { $validated = 1; } $map = array('m_username' => $username, 'm_pass_hash_salted' => $password_salted, 'm_pass_salt' => $salt, 'm_theme' => $theme, 'm_avatar_url' => $avatar_url, 'm_validated' => $validated, 'm_validated_email_confirm_code' => $validated_email_confirm_code, 'm_cache_num_posts' => 0, 'm_cache_warnings' => 0, 'm_max_email_attach_size_mb' => 5, 'm_join_time' => $join_time, 'm_timezone_offset' => $timezone, 'm_primary_group' => $primary_group, 'm_last_visit_time' => $last_visit_time, 'm_last_submit_time' => $last_submit_time, 'm_signature' => insert_lang_comcode($signature, 4, $GLOBALS['FORUM_DB']), 'm_is_perm_banned' => $is_perm_banned, 'm_preview_posts' => $preview_posts, 'm_notes' => $personal_notes, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year, 'm_reveal_age' => $reveal_age, 'm_email_address' => $email_address, 'm_title' => $title, 'm_photo_url' => $photo_url, 'm_photo_thumb_url' => $photo_thumb_url, 'm_views_signatures' => $views_signatures, 'm_auto_monitor_contrib_content' => $auto_monitor_contrib_content, 'm_highlighted_name' => $highlighted_name, 'm_pt_allow' => $pt_allow, 'm_pt_rules_text' => insert_lang_comcode($pt_rules_text, 4, $GLOBALS['FORUM_DB']), 'm_language' => $language, 'm_ip_address' => $ip_address, 'm_zone_wide' => $zone_wide, 'm_allow_emails' => $allow_emails, 'm_allow_emails_from_staff' => $allow_emails_from_staff, 'm_password_change_code' => '', 'm_password_compat_scheme' => $password_compatibility_scheme, 'm_on_probation_until' => NULL); if (!is_null($id)) { $map['id'] = $id; } $member_id = $GLOBALS['FORUM_DB']->query_insert('f_members', $map, true); if ($check_correctness) { // If it was an invite/recommendation, award the referrer if (addon_installed('recommend')) { $inviter = $GLOBALS['FORUM_DB']->query_value_null_ok('f_invites', 'i_inviter', array('i_email_address' => $email_address), 'ORDER BY i_time'); if (!is_null($inviter)) { if (addon_installed('points')) { require_code('points2'); require_lang('recommend'); system_gift_transfer(do_lang('RECOMMEND_SITE_TO', $username, get_site_name()), intval(get_option('points_RECOMMEND_SITE')), $inviter); } if (addon_installed('chat')) { require_code('chat2'); buddy_add($inviter, $member_id); buddy_add($member_id, $inviter); } } } } $value = mixed(); // Store custom fields $row = array('mf_member_id' => $member_id); $all_fields_types = collapse_2d_complexity('id', 'cf_type', $all_fields); foreach ($custom_fields as $field_num => $value) { if (!array_key_exists($field_num, $all_fields_types)) { continue; } // Trying to set a field we're not allowed to (doesn't apply to our group) $ob = get_fields_hook($all_fields_types[$field_num]); list(, , $storage_type) = $ob->get_field_value_row_bits($all_fields[$field_num]); if (strpos($storage_type, '_trans') !== false) { $value = insert_lang($value, 3, $GLOBALS['FORUM_DB']); } $row['field_' . strval($field_num)] = $value; } // Set custom field row $all_fields_regardless = $GLOBALS['FORUM_DB']->query_select('f_custom_fields', array('id', 'cf_type')); foreach ($all_fields_regardless as $field) { if (!array_key_exists('field_' . strval($field['id']), $row)) { $ob = get_fields_hook($field['cf_type']); list(, , $storage_type) = $ob->get_field_value_row_bits($field); $value = ''; if (strpos($storage_type, '_trans') !== false) { $value = insert_lang($value, 3, $GLOBALS['FORUM_DB']); } $row['field_' . strval($field['id'])] = $value; } } $GLOBALS['FORUM_DB']->query_insert('f_member_custom_fields', $row); // Any secondary work foreach ($secondary_groups as $g) { if ($g != $primary_group) { $GLOBALS['FORUM_DB']->query_delete('f_group_members', array('gm_member_id' => $member_id, 'gm_group_id' => $g), '', 1); $GLOBALS['FORUM_DB']->query_insert('f_group_members', array('gm_group_id' => $g, 'gm_member_id' => $member_id, 'gm_validated' => 1)); } } if ($check_correctness) { if (function_exists('decache')) { decache('side_stats'); } } return $member_id; }
//form load setting $display_all_countries = $_POST['allcountries']; $username = $_POST['username']; $password = $_POST['password1']; $password2 = $_POST['password2']; $email = $_POST['email']; $country = $_POST['country']; $tos = isset($_POST['TOS']) ? $_POST['TOS'] == 'ON' : false; if (isset($_POST['submit'])) { //try to register //validate the entered data $email_not_ok = !is_valid_email_address($email); $username_not_ok = mb_ereg_match(regex_username, $username) ? false : true; if ($username_not_ok == false) { // username should not be formatted like an email-address $username_not_ok = is_valid_email_address($username); } $password_not_ok = mb_ereg_match(regex_password, $password) ? false : true; $password_diffs = $password != $password2; //check if email is in the database $rs = sql("SELECT `username` FROM `user` WHERE `email`='&1'", $email); if (mysql_num_rows($rs) > 0) { $email_exists = true; } else { $email_exists = false; } //check if username is in the database $rs = sql("SELECT `username` FROM `user` WHERE `username`='&1'", $username); if (mysql_num_rows($rs) > 0) { $username_exists = true; } else {
function setNewEMail($value) { if ($value !== null) { if (!is_valid_email_address($value)) { return false; } if (user::existEMail($value)) { return false; } } return $this->reUser->setValue('new_email', $value); }
//load language specific variables require_once $stylepath . '/' . $tplname . '.inc.php'; tpl_set_var('new_email', ''); tpl_set_var('message', ''); tpl_set_var('email_message', ''); tpl_set_var('code_message', ''); tpl_set_var('change_email', $change_email); tpl_set_var('reset', $reset); tpl_set_var('getcode', $get_code); if (isset($_POST['submit_getcode']) || isset($_POST['submit_changeemail'])) { $new_email = $_POST['newemail']; tpl_set_var('new_email', htmlspecialchars($new_email, ENT_COMPAT, 'UTF-8')); //validate the email $email_exists = false; $new_email_not_ok = false; if (!is_valid_email_address($new_email)) { $new_email_not_ok = true; tpl_set_var('email_message', $error_email_not_ok); } else { //prüfen, ob email schon in der Datenbank vorhanden $rs = sql("SELECT `username` FROM `user` WHERE `email`='&1'", $new_email); if (mysql_num_rows($rs) > 0) { $email_exists = true; tpl_set_var('email_message', $error_email_exists); } } if (!$email_exists && !$new_email_not_ok) { if (isset($_POST['submit_getcode'])) { //send the secure code via email and store the new email in the database $secure_code = uniqid(''); //code in DB eintragen
function test($email) { echo "<tr><td>" . HtmlEntities($email) . "</td>"; echo "<td>" . (is_valid_email_address($email) ? 'Yes' : 'No') . "</td></tr>"; }
/** * The actualiser for newsletter subscription maintenance (adding, updating, deleting). * * @return tempcode The UI */ function newsletter_maintenance() { require_code('type_validation'); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', get_option('newsletter_title')))); $title = get_page_title('_NEWSLETTER_JOIN', true, array(escape_html(get_option('newsletter_title')))); // Add $email = trim(post_param('email')); $password = trim(post_param('password')); $forename = trim(post_param('forename')); $surname = trim(post_param('surname')); if ($password != trim(post_param('password_confirm'))) { warn_exit(make_string_tempcode(escape_html(do_lang('PASSWORD_MISMATCH')))); } $lang = post_param('lang', user_lang()); if (!is_valid_email_address($email) || $password == '') { return warn_screen($title, do_lang_tempcode('IMPROPERLY_FILLED_IN')); } $message = do_lang_tempcode('NEWSLETTER_UPDATE'); $old_confirm = $GLOBALS['SITE_DB']->query_value_null_ok('newsletter', 'code_confirm', array('email' => $email)); if (is_null($old_confirm)) { $newsletters = $GLOBALS['SITE_DB']->query_select('newsletters', array('id')); $found_level = false; foreach ($newsletters as $newsletter) { if (get_option('interest_levels') == '1') { $level = post_param_integer('level' . strval($newsletter['id'])); } else { $level = post_param_integer('level' . strval($newsletter['id']), 0); if ($level == 1) { $level = 4; } } if ($level != 0) { $found_level = true; } } if (!$found_level) { warn_exit(do_lang_tempcode('NOT_NEWSLETTER_SUBSCRIBER')); } $code_confirm = mt_rand(1, 32000); $salt = produce_salt(); $GLOBALS['SITE_DB']->query_insert('newsletter', array('n_forename' => $forename, 'n_surname' => $surname, 'join_time' => time(), 'language' => $lang, 'email' => $email, 'code_confirm' => $code_confirm, 'pass_salt' => $salt, 'the_password' => md5($password . $salt))); $this->send_confirmation($email, $code_confirm, NULL, $forename, $surname); $message = do_lang_tempcode('NEWSLETTER_CONFIRM', escape_html($email)); } elseif ($old_confirm != 0) { $this->send_confirmation($email, $old_confirm, NULL, $forename, $surname); return inform_screen($title, do_lang_tempcode('NEWSLETTER_CONFIRM', escape_html($email))); } // Change/make settings $old_password = $GLOBALS['SITE_DB']->query_value('newsletter', 'the_password', array('email' => $email)); $old_salt = $GLOBALS['SITE_DB']->query_value('newsletter', 'pass_salt', array('email' => $email)); if (!has_specific_permission(get_member(), 'change_newsletter_subscriptions') && $old_password != '' && $old_password != md5($password . $old_salt)) { $_reset_url = build_url(array('page' => '_SELF', 'type' => 'reset', 'email' => $email), '_SELF'); $reset_url = $_reset_url->evaluate(); return warn_screen($title, do_lang_tempcode('NEWSLETTER_PASSWORD_RESET', escape_html($reset_url))); } else { $newsletters = $GLOBALS['SITE_DB']->query_select('newsletters', array('id')); foreach ($newsletters as $newsletter) { if (get_option('interest_levels') == '1') { $level = post_param_integer('level' . strval($newsletter['id'])); } else { $level = post_param_integer('level' . strval($newsletter['id']), 0); if ($level == 1) { $level = 4; } } // First we delete $GLOBALS['SITE_DB']->query_delete('newsletter_subscribe', array('newsletter_id' => $newsletter['id'], 'email' => $email), '', 1); if ($level != 0) { $GLOBALS['SITE_DB']->query_insert('newsletter_subscribe', array('newsletter_id' => $newsletter['id'], 'email' => $email, 'the_level' => $level)); } // Update name $GLOBALS['SITE_DB']->query_update('newsletter', array('n_forename' => $forename, 'n_surname' => $surname), array('email' => $email), '', 1); } } return inform_screen($title, $message); }
$longitude = -$longitude; } } else { $longitude = null; $lon_h_not_ok = false; $lon_min_not_ok = false; } $lon_not_ok = $lon_min_not_ok || $lon_h_not_ok; $lat_not_ok = $lat_min_not_ok || $lat_h_not_ok; //check if username is in the database $username_exists = false; $username_not_ok = mb_ereg_match(regex_username, $username) ? false : true; if ($username_not_ok == false) { // username should not be formatted like an email-address // exception: $username == $email $username_not_ok = is_valid_email_address($username) ? true : false; } if ($username_not_ok) { tpl_set_var('username_message', $error_username_not_ok); } else { if ($username != $usr['username']) { $sql = "SELECT `username` FROM `user` WHERE `username`=:1"; $db->multiVariableQuery($sql, $username); if ($db->rowCount() > 0) { $username_exists = true; tpl_set_var('username_message', $error_username_exists); } } } if ($radius != '') { $radius = $radius + 0;
* * Could have used FILTER_VALIDATE_EMAIL but that is only available on PHP 5.2+ */ function is_valid_email_address($email_address) { return preg_match("/^(?!.{255,})(?!.{65,}@)([!#-'*+\\/-9=?^-~-]+)(?>\\.(?1))*@(?!.*[^.]{64,})(?>[a-z\\d](?>[a-z\\d-]*[a-z\\d])?\\.){1,126}[a-z]{2,6}\$/iD", $email_address); } if (isset($_POST['recipient'])) { $recipient = $_POST['recipient']; $subject = "Test script for the PHP mail() function"; $message = "Congratulations, the mail() function is working!"; // Long addresses will mess up the layout so we'll put some line breaks in them $recipient_br = wordwrap($recipient, 65, "<br />\n", true); echo '<div class="results">'; if (mb_strlen($recipient, 'UTF-8') < 255) { if (is_valid_email_address($recipient)) { echo '<div class="good">The <span class="regular">' . $recipient_br . '</span> email address is considered valid for this test.</div>'; // $send_mail = mail($recipient, $subject, $message); // if($send_mail == true) if (1 == 1) { echo '<div class="good">The mail() function is active and the email was accepted for delivery.<br />Provided the server\'s outgoing email is also working an email has been sent to <span class="regular">' . $recipient_br . '</span></div>'; } else { echo '<div class="bad"><b>The function email() is inactive!</div>'; } } else { echo '<div class="bad">The <span class="regular">' . $recipient_br . '</span> email address is considered invalid for this test.</div>'; } } else { echo '<div class="bad">You numpty, <span class="regular">' . $recipient_br . '</span>, is too long for an email address</div>'; } echo '</div>';
/** * Convert Comcode-Text to Comcode-XML. * * @param LONG_TEXT The comcode to convert * @param boolean Whether to not include a wrapper element (<comcode>) * @return LONG_TEXT The converted comcode */ function comcode_text__to__comcode_xml($comcode, $skip_wrapper = false) { require_code('comcode_xml'); require_code('comcode_text'); require_code('comcode_renderer'); if (substr($comcode, 0, 8) == '<comcode') { if ($skip_wrapper) { return str_replace('<comcode>', '', str_replace('</comcode>', '', $comcode)); } return $comcode; } $xml = ''; global $ALLOWED_ENTITIES, $CODE_TAGS, $DANGEROUS_TAGS, $VALID_COMCODE_TAGS, $BLOCK_TAGS, $POTENTIAL_JS_NAUGHTY_ARRAY, $TEXTUAL_TAGS, $LEET_FILTER, $IMPORTED_CUSTOM_COMCODE, $REPLACE_TARGETS; $len = strlen($comcode); require_lang('comcode'); require_code('type_validation'); if (function_exists('set_time_limit') && ini_get('max_execution_time') != '0') { @set_time_limit(300); } $comcode_dangerous = true; $comcode_dangerous_html = true; // Tag level $current_tag = ''; $attribute_map = array(); $continuation = ''; $close = mixed(); // Properties that come from our tag $white_space_area = true; $textual_area = true; $formatting_allowed = true; $in_html = false; $in_semihtml = false; $in_separate_parse_section = false; // Not escaped because it has to be passed to a secondary filter $in_code_tag = false; $lax = false; // Our state $status = CCP_NO_MANS_LAND; $tag_stack = array(); $pos = 0; $line_starting = true; $just_ended = false; $none_wrap_length = 0; $just_new_line = true; // So we can detect lists starting right away $just_title = false; global $NUM_LINES; $NUM_LINES = 0; $wrap_pos = 60; $preparse_mode = false; $is_all_semihtml = false; $smilies = $GLOBALS['FORUM_DRIVER']->find_emoticons(); // We'll be needing the smiley array $shortcuts = array('(c)' => '©', '(r)' => '®', '--' => '–', '---' => '—'); // Text syntax possibilities, that get maintained as our cursor moves through the text block $list_indent = 0; $list_type = 'ul'; while ($pos < $len) { $next = $comcode[$pos]; ++$pos; // State machine switch ($status) { case CCP_NO_MANS_LAND: if ($next == '[') { // Look ahead to make sure it's a valid tag. If it's not then it's considered normal user input, not a tag at all $dif = $pos < $len && $comcode[$pos] == '/' ? 1 : 0; $ahead = substr($comcode, $pos + $dif, 19); $equal_pos = strpos($ahead, '='); $space_pos = strpos($ahead, ' '); $end_pos = strpos($ahead, ']'); $cl_pos = strpos($ahead, chr(10)); if ($equal_pos === false) { $equal_pos = 22; } if ($space_pos === false) { $space_pos = 22; } if ($end_pos === false) { $end_pos = 22; } if ($cl_pos === false) { $cl_pos = 22; } $use_pos = min($equal_pos, $space_pos, $end_pos, $cl_pos); $potential_tag = strtolower(substr($ahead, 0, $use_pos)); if ($use_pos != 22 && (!$in_html || $potential_tag == 'html' || $potential_tag == 'semihtml') && (!$in_code_tag || isset($CODE_TAGS[$potential_tag]))) { if (!isset($VALID_COMCODE_TAGS[$potential_tag])) { if (!$IMPORTED_CUSTOM_COMCODE) { _custom_comcode_import($GLOBALS['SITE_DB']); } } if (isset($VALID_COMCODE_TAGS[$potential_tag]) && substr($ahead, 0, 2) != 'i ') { $close = false; $current_tag = ''; $xml .= $continuation; $continuation = ''; if ($potential_tag == 'html' || $potential_tag == 'semihtml') { list($close_list, $list_indent) = _convert_close_open_lists($list_indent); $xml .= $close_list; } $status = CCP_STARTING_TAG; continue; } } } if ($in_html || $in_semihtml && ($next == '<' || $next == '>')) { $ahead = substr($comcode, $pos - 1, 20); $ahead_lower = strtolower($ahead); if ($next == chr(10)) { ++$NUM_LINES; } $continuation .= $next; } else { // Text-format possibilities if ($just_new_line && $formatting_allowed) { $xml .= $continuation; $continuation = ''; // List $found_list = false; $old_list_indent = $list_indent; if ($pos + 1 < $len && is_numeric($next) && $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ') { if ($list_indent != 0 && $list_type == 'ul') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); $xml .= $temp_tpl; } $list_indent = 1; $found_list = true; $scan_pos = $pos; $list_type = '1'; } elseif ($pos + 1 < $len && ord($next) >= ord('a') && ord($next) <= ord('z') && $comcode[$pos] == ')' && $comcode[$pos + 1] == ' ') { if ($list_indent != 0 && $list_type == 'ul') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); $xml .= $temp_tpl; } $list_indent = 1; $found_list = true; $scan_pos = $pos; $list_type = 'a'; } elseif ($next == ' ') { if ($old_list_indent != 0 && $list_type != 'ul') { list($temp_tpl, $old_list_indent) = _close_open_lists($list_indent, $list_type); $xml .= $temp_tpl; } $scan_pos = $pos - 1; $list_indent = 0; while ($scan_pos < $len) { $scan_next = $comcode[$scan_pos]; if ($scan_next == '-' && $comcode[$scan_pos + 1] == ' ') { $found_list = true; break; } else { if ($scan_next == ' ') { ++$list_indent; } else { break; } } ++$scan_pos; } if (!$found_list) { $list_indent = 0; } } else { list($close_list, $list_indent) = _convert_close_open_lists($list_indent); $xml .= $close_list; if ($next == '-' && !$just_title) { $scan_pos = $pos; $found_rule = true; while ($scan_pos < $len) { $scan_next = $comcode[$scan_pos]; if ($scan_next != '-') { if ($scan_next == chr(10)) { ++$NUM_LINES; break; } else { $found_rule = false; } } ++$scan_pos; } if ($found_rule) { $xml .= '<rule />'; $pos = $scan_pos + 1; $just_ended = true; $none_wrap_length = 0; continue; } } } // List handling if ($list_indent == $old_list_indent && $old_list_indent != 0) { $xml .= '</listElement>'; } for ($i = $list_indent; $i < $old_list_indent; ++$i) { $xml .= '</listElement>'; $xml .= '</list>'; } if ($list_indent < $old_list_indent && $list_indent != 0) { $xml .= '</listElement>'; } if ($found_list) { if ($list_indent - $old_list_indent > 1 && !$lax) { $error = comcode_parse_error($preparse_mode, array('CCP_LIST_JUMPYNESS'), $pos, $comcode); return $error->evaluate(); } for ($i = $old_list_indent; $i < $list_indent; ++$i) { switch ($list_type) { case 'ul': $xml .= '<list>'; break; case '1': $xml .= '<list type="1">'; break; case 'a': $xml .= '<list type="a">'; break; } if ($i < $list_indent - 1) { $xml .= '<listElement>'; } } $xml .= '<listElement>'; $just_ended = true; $none_wrap_length = 0; $next = ''; $pos = $scan_pos + 2; } } if ($next == chr(10) && $white_space_area && !$just_ended) { ++$NUM_LINES; $line_starting = true; $xml .= $continuation; $continuation = ''; $just_new_line = true; $none_wrap_length = 0; if ($list_indent == 0) { $xml .= '<br />' . chr(10); } } else { $just_new_line = false; if ($next == ' ' && $white_space_area) { if ($line_starting || $pos != 0 && $comcode[$pos - 2] == ' ') { $next = ' '; ++$none_wrap_length; } else { $none_wrap_length = 0; } $continuation .= $next; } elseif ($next == "\t" && $white_space_area) { $xml .= $continuation; $continuation = ''; $tab_tpl = do_template('COMCODE_TEXTCODE_TAB'); // $_tab_tpl = $tab_tpl->evaluate(); $none_wrap_length += strlen($_tab_tpl); $xml .= $tab_tpl->evaluate(); } else { if ($next == ' ' || $next == "\t" || $just_ended) { $none_wrap_length = 0; } else { if (!is_null($wrap_pos) && $none_wrap_length >= $wrap_pos && $textual_area && !$in_semihtml) { $xml .= $continuation; $continuation = ''; $xml .= '<br />' . chr(10); $none_wrap_length = 0; } elseif ($textual_area) { ++$none_wrap_length; } } $line_starting = false; $just_ended = false; $differented = false; // If somehow via lookahead we've changed this to HTML and thus won't use it in raw form // Symbol lookahead if (!$in_code_tag) { if ($next == '{' && ($comcode[$pos] == '$' || $comcode[$pos] == '+' || $comcode[$pos] == '!') && $comcode_dangerous) { $xml .= $continuation; $continuation = ''; if ($comcode[$pos] == '+') { $p_end = $pos + 5; while ($p_end < $len) { $p_portion = substr($comcode, $pos - 1, $p_end - ($pos - 1) + 5); if (substr_count($p_portion, '{+START') == substr_count($p_portion, '{+END')) { break; } $p_end++; } $p_len = 1; while ($pos + $p_len < $len) { $p_portion = substr($comcode, $pos - 1, $p_len); if (substr_count($p_portion, '{') == substr_count($p_portion, '}')) { break; } $p_len++; } $p_len--; $p_portion = substr($comcode, $pos + $p_len, $p_end - ($pos + $p_len)); $_ret = template_to_tempcode_static(substr($comcode, $pos - 1, $p_len + 1) . '!' . substr($comcode, $p_end, 6)); $ret = '<directive type="' . escape_html($_ret->bits[0][2]) . '">'; foreach ($_ret->bits[0][3] as $val) { $ret .= '<directiveParam>' . escape_html($val->evaluate()) . '</directiveParam>'; } $ret .= comcode_text__to__comcode_xml($p_portion, true); $ret .= '</directive>'; $pos = $p_end + 6; } else { $_ret = new ocp_tempcode(); $_ret->bits = array(read_single_uncompiled_variable($comcode, $pos, $len)); if ($_ret->bits[0][1] == TC_SYMBOL) { $ret = '<symbol>'; if (isset($_ret->bits[0][3])) { foreach ($_ret->bits[0][3] as $val) { $ret .= '<symbolParam>' . escape_html($val) . '</symbolParam>'; } } $ret .= $_ret->bits[0][2] . '</symbol>'; } else { $ret = '<language>'; if (isset($_ret->bits[0][3])) { foreach ($_ret->bits[0][3] as $val) { $ret .= '<languageParam>' . escape_html($val) . '</languageParam>'; } } $ret .= $_ret->bits[0][2] . '</language>'; } } $differented = true; $xml .= $ret; } } // Escaping of comcode tag starts lookahead if ($next == '\\' && !$in_code_tag) { if ($pos != $len && $comcode[$pos] == '"') { $continuation .= '"'; ++$pos; $differented = true; } elseif ($pos != $len && $comcode[$pos] == '[') { $continuation .= '['; ++$pos; $differented = true; } elseif ($pos != $len && $comcode[$pos] == '{') { $continuation .= '{'; ++$pos; $differented = true; } elseif ($pos == $len || $comcode[$pos] == '\\') { $continuation .= '\\'; ++$pos; $differented = true; } } // Smiley lookahead if (!$differented) { if (($textual_area || $in_semihtml) && trim($next) != '') { foreach ($smilies as $smiley => $imgcode) { if ($in_semihtml) { $smiley = ' ' . $smiley . ' '; } if ($next == $smiley[0]) { if (substr($comcode, $pos - 1, strlen($smiley)) == $smiley) { $xml .= $continuation; $continuation = ''; $pos += strlen($smiley) - 1; $differented = true; $xml .= '<emoticon>' . escape_html($imgcode) . '</emoticon>'; break; } } } } } if ($textual_area && trim($next) != '' && !$differented && addon_installed('cedi')) { // CEDI pages if ($pos < $len && $next == '[') { $matches = array(); if (preg_match('#^\\[([^\\[\\]]*)\\]\\]#', substr($comcode, $pos, 40), $matches) != 0) { $cedi_page_name = $matches[1]; $xml .= $continuation; $continuation = ''; $hash_pos = strpos($cedi_page_name, '#'); if ($hash_pos !== false) { $jump_to = substr($cedi_page_name, $hash_pos + 1); $cedi_page_name = substr($cedi_page_name, 0, $hash_pos); $xml .= '<cedi anchor="' . escape_html($jump_to) . '">' . escape_html($cedi_page_name) . '</cedi>'; } else { $xml .= '<cedi>' . escape_html($cedi_page_name) . '</cedi>'; } $pos += strlen($matches[1]) + 3; $differented = true; } } // Usernames if ($pos < $len && $next == '{') { $matches = array(); if (preg_match('#^\\{([^"{}&\'\\$<>]*)\\}\\}#', substr($comcode, $pos, 40), $matches) != 0) { $xml .= $continuation; $continuation = ''; $username = $matches[1]; if ($username[0] == '?') { $username = substr($username, 1); $xml .= '<member boxed="1">' . escape_html($username) . '</member>'; } else { $xml .= '<member>' . escape_html($username) . '</member>'; } $pos += strlen($matches[1]) + 3; $differented = true; } } if (!$in_code_tag && trim($next) != '' && !$differented) { // Shortcut lookahead if (!$differented) { foreach ($shortcuts as $code => $replacement) { if ($next == $code[0] && substr($comcode, $pos - 1, strlen($code)) == $code) { $xml .= $continuation; $continuation = ''; $pos += strlen($code) - 1; $differented = true; $xml .= $replacement; break; } } } } // Table syntax if (!$differented) { if ($pos < $len && $comcode[$pos] == '|') { $end_tbl = strpos($comcode, chr(10) . '|}', $pos); if ($end_tbl !== false) { $end_fst_line_pos = strpos($comcode, chr(10), $pos); $caption = substr($comcode, $pos + 2, max($end_fst_line_pos - $pos - 2, 0)); $pos += strlen($caption) + 1; $rows = preg_split('#(\\|-|\\|\\})#Um', substr($comcode, $pos, $end_tbl - $pos)); if (count($rows) == 1 && $caption == 'floats') { $cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $rows[0], -1, PREG_SPLIT_DELIM_CAPTURE); array_shift($cells); // First one is non-existant empty $spec = true; // Find which to float $to_float = NULL; foreach ($cells as $i => $cell) { if (!$spec) { if (strpos($cell, '!') !== false || is_null($to_float)) { $to_float = $i; } } $spec = !$spec; } $xml .= '<float>'; // Do floated one $xml .= '<fh>'; $xml .= comcode_text__to__comcode_xml(rtrim($cells[$to_float]), true); $xml .= '</fh>'; // Do non-floated ones foreach ($cells as $i => $cell) { if ($i % 2 == 1 && $i != $to_float) { $xml .= '<fd>'; $xml .= comcode_text__to__comcode_xml(rtrim($cells[$to_float]), true); $xml .= '</fd>'; } } $xml .= '</float>'; } else { $xml .= '<table summary="' . escape_html($caption) . '">'; foreach ($rows as $table_row) { $xml .= '<tr>'; $cells = preg_split('/(\\n\\! | \\!\\! |\\n\\| | \\|\\| )/', $table_row, -1, PREG_SPLIT_DELIM_CAPTURE); array_shift($cells); // First one is non-existant empty $spec = true; $c_type = ''; foreach ($cells as $cell) { if ($spec) { $c_type = strpos($cell, '!') !== false ? 'th' : 'td'; } else { $xml .= '<' . $c_type . '>'; $xml .= comcode_text__to__comcode_xml(rtrim($cell), true); $xml .= '</' . $c_type . '>'; } $spec = !$spec; } $xml .= '</tr>'; } $xml .= '</table>'; } $pos = $end_tbl + 3; $differented = true; } } } // Link lookahead if (!$differented) { if (!$in_semihtml && $next == 'h' && (substr($comcode, $pos - 1, strlen('http://')) == 'http://' || substr($comcode, $pos - 1, strlen('https://')) == 'https://' || substr($comcode, $pos - 1, strlen('ftp://')) == 'ftp://')) { list($link_end_pos, $auto_link) = detect_link($comcode, $pos); $xml .= $continuation; $continuation = ''; $downloaded_at_link = http_download_file($auto_link, 3000, false); $link_captions_title = ''; if (is_string($downloaded_at_link)) { $matches = array(); if (preg_match('#<title>\\s*(.*)\\s*</title>#', $downloaded_at_link, $matches) != 0) { require_code('character_sets'); $link_captions_title = @html_entity_decode(convert_to_internal_encoding($matches[1]), ENT_QUOTES, get_charset()); } } $xml .= '<url param="' . escape_html($auto_link) . '">' . escape_html($link_captions_title) . '</url>'; $pos += $link_end_pos - $pos; $differented = true; break; } } } if (!$differented) { if (!$in_separate_parse_section && (!$in_semihtml || !$comcode_dangerous && !$is_all_semihtml)) { if ($next == '&') { $ahead = substr($comcode, $pos, 20); $ahead_lower = strtolower($ahead); $matches = array(); $entity = preg_match('#(\\#)?([\\w]*);#', $ahead_lower, $matches) != 0; // If it is a SAFE entity, use it if ($entity) { if ($matches[1] == '' && isset($ALLOWED_ENTITIES[$matches[2]])) { $pos += strlen($matches[2]) + 1; $continuation .= '&' . $matches[2] . ';'; } elseif (is_numeric($matches[2]) && $matches[1] == '#') { $matched_entity = intval(base_convert($matches[1], 16, 10)); if ($matched_entity < 127 && array_key_exists(chr($matched_entity), $POTENTIAL_JS_NAUGHTY_ARRAY)) { $continuation .= escape_html($next); } else { $pos += strlen($matches[2]) + 2; $continuation .= '&#' . $matches[2] . ';'; } } else { $continuation .= '&'; } } else { $continuation .= '&'; } } else { $continuation .= escape_html($next); } } else { $continuation .= $next; } } } } } break; case CCP_IN_TAG_NAME: if ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; $current_attribute_name = 'param'; } elseif (trim($next) == '') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; } elseif ($next == '[') { warn_exit(do_lang_tempcode('CCP_TAG_OPEN_ANOMALY')); } elseif ($next == ']') { if ($close) { if ($formatting_allowed) { list($close_list, $list_indent) = _convert_close_open_lists($list_indent); $xml .= $close_list; } if (count($tag_stack) == 0) { warn_exit(do_lang_tempcode('CCP_NO_CLOSE', escape_html($current_tag))); } $_last = array_pop($tag_stack); if ($_last[0] != $current_tag) { warn_exit(do_lang_tempcode('CCP_NO_CLOSE_MATCH', escape_html($current_tag), escape_html($_last))); } // Do the comcode for this tag if ($in_semihtml) { foreach ($_last[1] as $index => $conv) { $_last[1][$index] = @html_entity_decode(str_replace('<br />', chr(10), $conv), ENT_QUOTES, get_charset()); } } $attributes = $_last[1]; if ($current_tag == 'html') { $in_html = false; $_last[0] = 'htmlWrap'; } elseif ($current_tag == 'semihtml') { $in_semihtml = false; $_last[0] = 'htmlWrap'; } elseif ($current_tag == 'external_table' || $current_tag == 'internal_table') { $_last[0] = 'box'; } elseif ($current_tag == 'php') { $_last[0] = 'code'; $attributes['param'] = 'php'; } elseif ($current_tag == 'codebox') { $_last[0] = 'code'; $attributes['scroll'] = '1'; } elseif ($current_tag == 'sql') { $_last[0] = 'code'; $attributes['param'] = 'sql'; } elseif ($current_tag == 'snapback') { $_last[0] = 'post'; } elseif ($current_tag == 'thread') { $_last[0] = 'topic'; } elseif ($current_tag == 'list') { $sub_elements = explode('[*]', str_replace('[/*]', '', $xml)); $xml = ''; foreach ($sub_elements as $sub_element) { $xml .= '<listElement>' . $sub_element . '</listElement>'; } } if ($_last[0] == 'box' && isset($attributes['breadth']) && !isset($attributes['dimensions'])) { $attributes['dimensions'] = $attributes['breadth']; unset($attributes['breadth']); } if ($_last[0] == 'page' && array_keys($attributes) != array('param')) { $zone = isset($attributes['param']) ? $attributes['param'] : '_SEARCH'; $page = $xml; $xml = $attributes['caption']; unset($attributes['param']); unset($attributes['caption']); $pagelink = $zone . ':' . $page; foreach ($attributes as $key => $val) { $pagelink .= ':' . $key . '=' . $val; } $attributes = array('pageLink' => $pagelink); } if ($_last[0] == 'block') { foreach ($attributes as $key => $val) { $xml .= '<blockParam key="' . escape_html($key) . '" value="' . escape_html($val) . '" />'; } $attributes = array(); } if ($_last[0] == 'random') { foreach ($attributes as $key => $val) { $xml .= '<randomTarget pickIfAbove="' . escape_html($key) . '">' . comcode_text__to__comcode_xml($val, true) . '</randomTarget>'; } $attributes = array(); } if ($_last[0] == 'jumping') { foreach ($attributes as $key => $val) { $xml .= '<jumpingTarget>' . comcode_text__to__comcode_xml($val, true) . '</jumpingTarget>'; } $attributes = array(); } if ($_last[0] == 'concepts') { foreach ($attributes as $_key => $_value) { if (substr($_key, -4) == '_key') { $key = $_value; $cid = substr($_key, 0, strlen($_key) - 4); $value = $attributes[$cid . '_value']; $xml .= '<showConcept key="' . escape_html($key) . '" value="' . escape_html($value) . '" />'; } } $attributes = array(); } if (($_last[0] == 'attachment' || $_last[0] == 'attachment_safe') && isset($attributes['description'])) { $xml .= '<attachmentDescription>' . comcode_text__to__comcode_xml($attributes['description'], true) . '</attachmentDescription>'; unset($attributes['description']); } if ($_last[0] == 'hide' && isset($attributes['param'])) { $xml .= '<hideTitle>' . comcode_text__to__comcode_xml($attributes['param'], true) . '</hideTitle>'; unset($attributes['param']); } if ($_last[0] == 'tooltip' && isset($attributes['param'])) { $xml .= '<tooltipMessage>' . comcode_text__to__comcode_xml($attributes['param'], true) . '</tooltipMessage>'; unset($attributes['param']); } global $COMCODE_XML_PARAM_RENAMING, $COMCODE_XML_SWITCH_AROUND; if (isset($attributes['param']) && isset($COMCODE_XML_PARAM_RENAMING[$_last[0]])) { $attributes[$COMCODE_XML_PARAM_RENAMING[$_last[0]]] = $attributes['param']; unset($attributes['param']); } $comcode_xml_switch_around = $COMCODE_XML_SWITCH_AROUND; if ($_last[0] == 'email' && (!isset($attributes['param']) || !is_valid_email_address($attributes['param'])) && is_valid_email_address($xml)) { $comcode_xml_switch_around[] = 'email'; } if ($_last[0] == 'url' && (!isset($attributes['param']) || !looks_like_url($attributes['param'])) && looks_like_url($xml)) { $comcode_xml_switch_around[] = 'url'; } if (in_array($_last[0], $comcode_xml_switch_around)) { $x = 'param'; if ($_last[0] == 'reference') { $x = 'title'; } if (isset($attributes[$x])) { $temp = $attributes[$x]; $attributes[$x] = $xml; $xml = comcode_text__to__comcode_xml($temp, true); } else { $attributes[$x] = $xml; } } $in_code_tag = false; $white_space_area = $_last[3]; $in_separate_parse_section = $_last[4]; $formatting_allowed = $_last[5]; $textual_area = $_last[6]; if ($_last[0] == 'htmlWrap') { $embed_output = '<htmlWrap xmlns="http://www.w3.org/1999/xhtml">'; } else { $embed_output = '<' . to_camelCase($_last[0]); foreach ($attributes as $key => $val) { $embed_output .= ' ' . to_camelCase($key) . '="' . escape_html($val) . '"'; } $embed_output .= '>'; } $embed_output .= $xml . '</' . to_camelCase($_last[0]) . '>'; $just_ended = isset($BLOCK_TAGS[$current_tag]); $xml = $_last[2] . $embed_output; if ($current_tag == 'title') { if (strlen($comcode) > $pos + 1 && $comcode[$pos] == chr(10) && $comcode[$pos + 1] == chr(10)) { $NUM_LINES += 2; $pos += 2; $just_new_line = true; list($close_list, $list_indent) = _convert_close_open_lists($list_indent); $xml .= $close_list; } } $status = CCP_NO_MANS_LAND; } else { array_push($tag_stack, array($current_tag, $attribute_map, $xml, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area)); list(, , , $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag(false, false, get_member(), $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); $xml = ''; } } else { $current_tag .= strtolower($next); } break; case CCP_STARTING_TAG: if ($next == '[') { warn_exit(do_lang_tempcode('CCP_TAG_OPEN_ANOMALY')); } elseif ($next == ']') { warn_exit(do_lang_tempcode('CCP_TAG_CLOSE_ANOMALY')); } elseif ($next == '/') { $close = true; } else { $current_tag .= strtolower($next); $status = CCP_IN_TAG_NAME; } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTES: if ($next == ']') { array_push($tag_stack, array($current_tag, $attribute_map, $xml, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area)); list(, , , $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag(false, false, get_member(), $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); $xml = ''; } elseif ($next == '[') { warn_exit(do_lang_tempcode('CCP_TAG_OPEN_ANOMALY')); } elseif (trim($next) != '') { $status = CCP_IN_TAG_ATTRIBUTE_NAME; $current_attribute_name = $next; } break; case CCP_IN_TAG_ATTRIBUTE_NAME: if ($next == '[') { warn_exit(do_lang_tempcode('CCP_TAG_OPEN_ANOMALY')); } elseif ($next == ']') { $at_map_keys = array_keys($attribute_map); $old_attribute_name = $at_map_keys[count($at_map_keys) - 1]; $attribute_map[$old_attribute_name] .= ' ' . $current_attribute_name; array_push($tag_stack, array($current_tag, $attribute_map, $xml, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area)); list(, , , $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag(false, false, get_member(), $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); $xml = ''; } elseif ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; } elseif ($next != ' ') { $current_attribute_name .= strtolower($next); } else { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT; } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_LEFT: if ($next == '=') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT; } elseif (trim($next) != '') { warn_exit(do_lang_tempcode('CCP_ATTRIBUTE_ERROR', escape_html($current_attribute_name), escape_html($current_tag))); } break; case CCP_IN_TAG_BETWEEN_ATTRIBUTE_NAME_VALUE_RIGHT: if ($next == '[') { warn_exit(do_lang_tempcode('CCP_TAG_OPEN_ANOMALY')); } elseif ($next == ']') { warn_exit(do_lang_tempcode('CCP_TAG_CLOSE_ANOMALY')); } elseif ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') { if ($next != '"') { $pos += 5; } $status = CCP_IN_TAG_ATTRIBUTE_VALUE; $current_attribute_value = ''; } elseif ($next != '') { $status = CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE; $current_attribute_value = $next; } break; case CCP_IN_TAG_ATTRIBUTE_VALUE_NO_QUOTE: if ($next == ' ') { $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; if (isset($attribute_map[$current_attribute_name])) { warn_exit(do_lang_tempcode('CCP_DUPLICATE_ATTRIBUTES', escape_html($current_attribute_name), escape_html($current_tag))); } $attribute_map[$current_attribute_name] = $current_attribute_value; } elseif ($next == ']') { if (isset($attribute_map[$current_attribute_name])) { warn_exit(do_lang_tempcode('CCP_DUPLICATE_ATTRIBUTES', escape_html($current_attribute_name), escape_html($current_tag))); } $attribute_map[$current_attribute_name] = $current_attribute_value; array_push($tag_stack, array($current_tag, $attribute_map, $xml, $white_space_area, $in_separate_parse_section, $formatting_allowed, $textual_area)); list(, , , $white_space_area, $formatting_allowed, $in_separate_parse_section, $textual_area, $attribute_map, $status, $in_html, $in_semihtml, $pos, $in_code_tag) = _opened_tag(false, false, get_member(), $attribute_map, $current_tag, $pos, $comcode_dangerous, $comcode_dangerous_html, $in_separate_parse_section, $in_html, $in_semihtml, $close, $len, $comcode); $xml = ''; } else { $current_attribute_value .= $next; } break; case CCP_IN_TAG_ATTRIBUTE_VALUE: if ($next == '"' || $in_semihtml && substr($comcode, $pos - 1, 6) == '"') { if ($next != '"') { $pos += 5; } $status = CCP_IN_TAG_BETWEEN_ATTRIBUTES; if (isset($attribute_map[$current_attribute_name])) { warn_exit(do_lang_tempcode('CCP_DUPLICATE_ATTRIBUTES', escape_html($current_attribute_name), escape_html($current_tag))); } $attribute_map[$current_attribute_name] = $current_attribute_value; } else { if ($next == '\\') { if ($comcode[$pos] == '"') { $current_attribute_value .= '"'; ++$pos; } elseif ($comcode[$pos] == '\\') { $current_attribute_value .= '\\'; ++$pos; } else { $current_attribute_value .= $next; } } else { $current_attribute_value .= $next; } } break; } } $xml .= $continuation; $continuation = ''; list($close_list, $list_indent) = _convert_close_open_lists($list_indent); $xml .= $close_list; if ($status != CCP_NO_MANS_LAND || count($tag_stack) != 0) { $stack_top = array_pop($tag_stack); warn_exit(do_lang_tempcode('CCP_BROKEN_END', escape_html($stack_top[0]))); } if (!$skip_wrapper) { $xml = '<comcode>' . $xml . '</comcode>'; } return $xml; }
function validate($form_name) { global $site_settings; // contains form name and a list of fields that need to be validated. All fields mentioned in this array will be returned sanitized in the $result['x'] array $forms = array('update_user_info' => array('first_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst', 'starred' => TRUE), 'last_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst', 'starred' => TRUE), 'middle_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst'), 'city' => array('type' => 'enum', 'values' => $site_settings['locations']), 'group' => array('type' => 'enum', 'values' => $site_settings['user_groups']), 'email_addr' => array('type' => 'email', 'format' => 'email1', 'starred' => TRUE), 'password' => array('type' => 'alnum', 'minlen' => 6, 'maxlen' => 16), 'phone_a' => array('type' => 'phone', 'format' => 'phone1')), 'user_add' => array('first_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst', 'starred' => TRUE), 'last_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst', 'starred' => TRUE), 'middle_name' => array('type' => 'alpha', 'maxlen' => 64, 'format' => 'ucfirst'), 'city' => array('type' => 'enum', 'values' => $site_settings['locations']), 'group' => array('type' => 'enum', 'values' => $site_settings['user_groups']), 'email_addr' => array('type' => 'email', 'format' => 'email1', 'starred' => TRUE), 'password' => array('type' => 'alnum', 'minlen' => 6, 'maxlen' => 16, 'starred' => TRUE), 'phone_a' => array('type' => 'phone', 'format' => 'phone1'))); $errors = array(); // output array with errors. Returns NULL if no errors. $x = array(); // holds sanitized form fields. // array of standard error messages $err_msg = array(0 => 'Use letter characters only', 1 => 'Enter only up to %s characters', 2 => 'Enter minimum %s characters', 3 => 'Use letters and numbers only', 4 => 'Required field', 5 => 'Supplied value outside of specified list', 6 => 'Use phone number format XXX-AAA-BBBB, 1-XXX-AAA-BBBB, or 1-XXX-AAA-BBBB ext CCC', 7 => 'Invalid format for email address'); if (!array_key_exists($form_name, $forms)) { return FALSE; } foreach ($forms[$form_name] as $field => $data) { // check if field exists and is compulsory (starred) if (!isset($_POST[$field]) || empty($_POST[$field])) { if (isset($data['starred']) && $data['starred']) { $errors[$field] = $err_msg[4]; } //$x[$field] = htmlentities( $_POST[$field] ); $x[$field] = NULL; } else { // data types switch ($data['type']) { case 'alpha': if (!ctype_alpha($_POST[$field])) { $errors[$field] = $err_msg[0]; } $x[$field] = htmlentities($_POST[$field]); break; case 'alnum': if (!ctype_alnum($_POST[$field])) { $errors[$field] = $err_msg[3]; } $x[$field] = htmlentities($_POST[$field]); break; case 'enum': if (!in_array($_POST[$field], $data['values'])) { $errors[$field] = $err_msg[5]; } $x[$field] = $_POST[$field]; break; case 'email': //if ( !preg_match( '/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}/', $_POST[$field] ) ) $errors[$field] = $err_msg[7]; if (!is_valid_email_address($_POST[$field])) { $errors[$field] = $err_msg[7]; } $x[$field] = htmlentities($_POST[$field]); break; case 'phone': // grep -n -E "^\+?1?[-|\s]?\(?[0-9]{3}\)?[[:punct:]][0-9]{3}[-|\.][0-9]{4}" preg_match.txt if (!preg_match('/^(?:1(?:[. -])?)?(?:\\((?=\\d{3}\\)))?([2-9]\\d{2})(?:(?<=\\(\\d{3})\\))? ?(?:(?<=\\d{3})[.-])?([2-9]\\d{2})[. -]?(\\d{4})(?: (?i:ext)\\.? ?(\\d{1,5}))?$/', $_POST[$field])) { $errors[$field] = $err_msg[6]; } $x[$field] = htmlentities($_POST[$field]); break; } // length of field if (isset($data['maxlen'])) { if (strlen($_POST[$field]) > $data['maxlen']) { $errors[$field] = sprintf($err_msg[1], $data['maxlen']); } $x[$field] = substr($_POST[$field], 0, $data['maxlen']); } if (isset($data['minlen'])) { if (strlen($_POST[$field]) < $data['minlen']) { $errors[$field] = sprintf($err_msg[2], $data['minlen']); } $x[$field] = $_POST[$field]; } // format field if (isset($data['format'])) { switch ($data['format']) { case 'ucfirst': $x[$field] = ucfirst($x[$field]); break; case 'lowercase': $x[$field] = strtolower($x[$field]); break; case 'allcaps': $x[$field] = strtoupper($x[$field]); break; case 'phone1': if (preg_match('/^(?:1(?:[. -])?)?(?:\\((?=\\d{3}\\)))?([2-9]\\d{2})(?:(?<=\\(\\d{3})\\))? ?(?:(?<=\\d{3})[.-])?([2-9]\\d{2})[. -]?(\\d{4})(?: (?i:ext)\\.? ?(\\d{1,5}))?$/', $_POST[$field], $match)) { if (isset($match[4])) { $x[$field] = sprintf('%s-%s-%s x%s', $match[1], $match[2], $match[3], $match[4]); } else { $x[$field] = sprintf('%s-%s-%s', $match[1], $match[2], $match[3]); } } break; case 'email1': if (!isset($errors[$field])) { $x[$field] = strtolower($_POST[$field]); } break; } } } } if (empty($errors)) { $errors = NULL; } $result = array('errors' => $errors, 'x' => $x); return $result; }
/** * Get tempcode for a Comcode tag. This function should always return (errors should be placed in the Comcode output stream), for stability reasons (i.e. if you're submitting something, you can't have the whole submit process die half way through in an unstructured fashion). * * @param string The tag being converted * @param array A map of the attributes (name=>val) for the tag. Val is usually a string, although in select places, the XML parser may pass tempcode. * @param mixed Tempcode of the inside of the tag ([between]THIS[/between]); the XML parser may pass in special stuff here, which is interpreted only for select tags * @param boolean Whether we are allowed to proceed even if this tag is marked as 'dangerous' * @param string A special identifier to mark where the resultant tempcode is going to end up (e.g. the ID of a post) * @param integer The position this tag occurred at in the Comcode * @param MEMBER The member who is responsible for this Comcode * @param boolean Whether to check as arbitrary admin * @param object The database connection to use * @param string The whole chunk of comcode * @param boolean Whether this is for WML output * @param boolean Whether this is only a structure sweep * @param boolean Whether we are in semi-parse-mode (some tags might convert differently) * @param ?array A list of words to highlight (NULL: none) * @param ?MEMBER The member we are running on behalf of, with respect to how attachments are handled; we may use this members attachments that are already within this post, and our new attachments will be handed to this member (NULL: member evaluating) * @param boolean Whether what we have came from inside a semihtml tag * @param boolean Whether what we have came from semihtml mode * @return tempcode The tempcode for the Comcode */ function _do_tags_comcode($tag, $attributes, $embed, $comcode_dangerous, $pass_id, $marker, $source_member, $as_admin, $connection, &$comcode, $wml, $structure_sweep, $semiparse_mode, $highlight_bits = NULL, $on_behalf_of_member = NULL, $in_semihtml = false, $is_all_semihtml = false) { if ($structure_sweep && $tag != 'title') { return new ocp_tempcode(); } $param_given = isset($attributes['param']); if (!isset($attributes['param']) && $tag != 'block') { $attributes['param'] = ''; } global $DANGEROUS_TAGS, $STRUCTURE_LIST, $COMCODE_PARSE_TITLE; if (isset($DANGEROUS_TAGS[$tag]) && !$comcode_dangerous) { $username = $GLOBALS['FORUM_DRIVER']->get_username($source_member); if (is_null($username)) { $username = do_lang('UNKNOWN'); } if ($semiparse_mode) { $params = ''; foreach ($attributes as $key => $val) { $params .= ' ' . $key . '="' . comcode_escape($val) . '"'; } return make_string_tempcode('<input class="ocp_keep_ui_controlled" size="45" title="[' . $tag . '' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? escape_html($embed->evaluate()) : escape_html($embed->evaluate())) . '[/' . $tag . ']" type="text" value="' . ($tag == 'block' ? do_lang('COMCODE_EDITABLE_BLOCK', escape_html($embed->evaluate())) : do_lang('COMCODE_EDITABLE_TAG', escape_html($tag))) . '" />'); } return do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:NO_ACCESS_FOR_TAG', escape_html($tag), escape_html($username)))); //return new ocp_tempcode(); } // These are just bbcode compatibility tags.. we will remap to our proper comcode if ($tag == 'php') { $attributes['param'] = 'php'; $tag = 'code'; } elseif ($tag == 'sql') { $attributes['param'] = 'sql'; $tag = 'code'; } elseif ($tag == 'codebox') { $attributes['scroll'] = '1'; $tag = 'code'; } elseif ($tag == 'left') { $attributes['param'] = 'left'; $tag = 'align'; } elseif ($tag == 'center') { $attributes['param'] = 'center'; $tag = 'align'; } elseif ($tag == 'right') { $attributes['param'] = 'right'; $tag = 'align'; } elseif ($tag == 'thread') { $tag = 'topic'; } elseif ($tag == 'internal_table' || $tag == 'external_table') { $tag = 'box'; if (array_key_exists('class', $attributes)) { $attributes['type'] = $attributes['class']; } } if ($semiparse_mode) { $non_text_tags = array('attachment', 'section_controller', 'big_tab_controller', 'currency', 'block', 'contents', 'concepts', 'flash', 'menu', 'email', 'reference', 'upload', 'page', 'exp_thumb', 'exp_ref', 'thumb', 'snapback', 'post', 'thread', 'topic', 'include', 'random', 'jumping', 'shocker'); // Also in JAVASCRIPT_EDITING.tpl if ($tag == 'attachment_safe') { if (preg_match('#^new\\_\\d+$#', $embed->evaluate()) != 0) { $non_text_tags[] = 'attachment_safe'; } } if (in_array($tag, $non_text_tags)) { $params = ''; foreach ($attributes as $key => $val) { $params .= ' ' . $key . '="' . str_replace('"', '\\"', $val) . '"'; } if ($tag != 'block' || !is_file(get_file_base() . '/sources_custom/miniblocks/' . $embed->evaluate() . '.php')) { return make_string_tempcode('<input class="ocp_keep_ui_controlled" size="45" title="[' . $tag . '' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? escape_html($embed->evaluate()) : escape_html($embed->evaluate())) . '[/' . $tag . ']" type="text" value="' . ($tag == 'block' ? do_lang('comcode:COMCODE_EDITABLE_BLOCK', escape_html($embed->evaluate())) : do_lang('comcode:COMCODE_EDITABLE_TAG', escape_html($tag))) . '" />'); } else { return make_string_tempcode('[block' . escape_html($params) . ']' . ($in_semihtml || $is_all_semihtml ? $embed->evaluate() : escape_html($embed->evaluate())) . '[/block]'); } } } $temp_tpl = new ocp_tempcode(); switch ($tag) { case 'no_parse': $temp_tpl->attach($embed); break; case 'currency': if (addon_installed('ecommerce')) { $bracket = array_key_exists('bracket', $attributes) && $attributes['bracket'] == '1'; if ($attributes['param'] == '') { $attributes['param'] = get_option('currency'); } $temp_tpl = do_template('COMCODE_CURRENCY', array('_GUID' => 'ee1fcdae082af6397ff3bad89006e012', 'AMOUNT' => $embed, 'FROM_CURRENCY' => $attributes['param'], 'BRACKET' => $bracket)); } break; case 'overlay': $x = strval(array_key_exists('x', $attributes) ? intval($attributes['x']) : 100); $y = strval(array_key_exists('y', $attributes) ? intval($attributes['y']) : 100); $width = strval(array_key_exists('width', $attributes) ? intval($attributes['width']) : 300); $height = strval(array_key_exists('height', $attributes) ? intval($attributes['height']) : 300); $timein = strval(array_key_exists('timein', $attributes) ? intval($attributes['timein']) : 0); $timeout = strval(array_key_exists('timeout', $attributes) ? intval($attributes['timeout']) : -1); $temp_tpl = do_template('COMCODE_OVERLAY', array('_GUID' => 'dfd0f7a72cc2bf6b613b28f8165a0034', 'UNIQ_ID' => 'a' . uniqid('', true), 'EMBED' => $embed, 'ID' => $attributes['param'] != '' ? $attributes['param'] : 'rand' . uniqid('', true), 'X' => $x, 'Y' => $y, 'WIDTH' => $width, 'HEIGHT' => $height, 'TIMEIN' => $timein, 'TIMEOUT' => $timeout)); break; case 'code': if ($wml) { $temp_tpl->attach('<b>'); $temp_tpl->attach($embed); $temp_tpl->attach('</b>'); break; } list($_embed, $title) = do_code_box($attributes['param'], $embed, array_key_exists('numbers', $attributes) && $attributes['numbers'] == '1', $in_semihtml, $is_all_semihtml); if (!is_null($_embed)) { $tpl = array_key_exists('scroll', $attributes) && $attributes['scroll'] == '1' ? 'COMCODE_CODE_SCROLL' : 'COMCODE_CODE'; if ($tpl == 'COMCODE_CODE_SCROLL' && substr_count($_embed, chr(10)) < 10) { $style = 'height: auto'; } else { $style = ''; } $temp_tpl = do_template($tpl, array('_GUID' => 'c5d46d0927272fcacbbabcfab0ef6b0c', 'STYLE' => $style, 'TYPE' => $attributes['param'], 'CONTENT' => $_embed, 'TITLE' => $title)); } else { $_embed = ''; } if ($temp_tpl->is_empty()) { if ($in_semihtml || $is_all_semihtml) { require_code('comcode_from_html'); $back_to_comcode = semihtml_to_comcode($embed->evaluate()); // Undo what's happened already //$back_to_comcode=html_entity_decode($back_to_comcode,ENT_QUOTES,get_charset()); // Remove the escaping entities that were inside the code tag $embed = comcode_to_tempcode($back_to_comcode, $source_member, $as_admin, 80, $pass_id, $connection); // Re-parse (with full security) } $_embed = $embed->evaluate(); if (!array_key_exists('scroll', $attributes) && strlen($_embed) > 1000) { $attributes['scroll'] = '1'; } $tpl = array_key_exists('scroll', $attributes) && $attributes['scroll'] == '1' ? 'COMCODE_CODE_SCROLL' : 'COMCODE_CODE'; $title = do_lang_tempcode('CODE'); if ($tpl == 'COMCODE_CODE_SCROLL' && substr_count($_embed, chr(10)) < 10) { $style = 'height: auto'; } else { $style = ''; } $temp_tpl = do_template($tpl, array('CONTENT' => $_embed, 'TITLE' => $title, 'STYLE' => $style, 'TYPE' => $attributes['param'])); } break; case 'list': if (is_array($embed)) { $parts = $embed; } else { $_embed = trim($embed->evaluate()); $_embed = str_replace('[/*]', '', $_embed); $parts = explode('[*]', $_embed); } if (isset($temp_tpl->preprocessable_bits)) { $temp_tpl->preprocessable_bits = array_merge($temp_tpl->preprocessable_bits, $embed->preprocessable_bits); } if ($wml) { foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<br />* '); $temp_tpl->attach($part); } $temp_tpl->attach('<br />* '); break; } $type = $attributes['param']; if ($type != '') { if ($type == '1') { $type = 'decimal'; } elseif ($type == 'a') { $type = 'lower-alpha'; } elseif ($type == 'i') { $type = 'lower-roman'; } elseif ($type == 'x') { $type = 'none'; } elseif (!in_array($type, array('circle', 'disc', 'square', 'armenian', 'decimal', 'decimal-leading-zero', 'georgian', 'lower-alpha', 'lower-greek', 'lower-latin', 'lower-roman', 'upper-alpha', 'upper-latin', 'upper-roman'))) { $type = 'disc'; } $tag = in_array($type, array('circle', 'disc', 'square')) ? 'ul' : 'ol'; $temp_tpl->attach('<' . $tag . ' style="list-style-type: ' . $type . '">'); foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<li>' . preg_replace('#\\<br /\\>(\\ |\\s)*$#D', '', preg_replace('#^\\<br /\\>(\\ |\\s)*#D', '', $part)) . '</li>'); } $temp_tpl->attach('</' . $tag . '>'); } else { $temp_tpl->attach('<ul>'); foreach ($parts as $i => $part) { if ($i == 0 && str_replace(array(' ', '<br />', ' '), array('', '', ''), trim($part)) == '') { continue; } $temp_tpl->attach('<li>' . preg_replace('#\\<br /\\>(\\ |\\s)*$#D', '', preg_replace('#^\\<br /\\>(\\ |\\s)*#D', '', $part)) . '</li>'); } $temp_tpl->attach('</ul>'); } break; case 'snapback': require_lang('ocf'); $post_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_POST_NUMBERED', integer_format($post_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl = do_template('COMCODE_SNAPBACK', array('URL' => $GLOBALS['FORUM_DRIVER']->post_url($post_id, $forum), 'TITLE' => $s_title)); break; case 'post': require_lang('ocf'); $post_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_POST_NUMBERED', integer_format($post_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl->attach(hyperlink($GLOBALS['FORUM_DRIVER']->post_url($post_id, $forum), $s_title)); break; case 'topic': require_lang('ocf'); $topic_id = intval($embed->evaluate()); $s_title = $attributes['param'] == '' ? do_lang_tempcode('FORUM_TOPIC_NUMBERED', integer_format($topic_id)) : make_string_tempcode($attributes['param']); $forum = array_key_exists('forum', $attributes) ? $attributes['forum'] : ''; $temp_tpl->attach(hyperlink($GLOBALS['FORUM_DRIVER']->topic_url($topic_id, $forum), $s_title)); break; case 'staff_note': $temp_tpl = new ocp_tempcode(); return $temp_tpl; case 'section': if ($wml) { $temp_tpl = $embed; break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'section' . strval(mt_rand(0, 100)); $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_SECTION', array('_GUID' => 'a902962ccdc80046c999d6fed907d105', 'PASS_ID' => 'x' . $pass_id, 'DEFAULT' => $default == '1', 'NAME' => $name, 'CONTENT' => $embed)); break; case 'section_controller': if ($wml) { break; } $sections = explode(',', $embed->evaluate()); $temp_tpl = do_template('COMCODE_SECTION_CONTROLLER', array('_GUID' => '133bf24892e9e3ec2a01146d6ec418fe', 'SECTIONS' => $sections, 'PASS_ID' => 'x' . $pass_id)); break; case 'big_tab': if ($wml) { $temp_tpl = $embed; break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'big_tab' . strval(mt_rand(0, 100)); $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_BIG_TABS_TAB', array('PASS_ID' => 'x' . $pass_id, 'DEFAULT' => $default == '1', 'NAME' => $name, 'CONTENT' => $embed)); break; case 'big_tab_controller': if ($wml) { break; } $tabs = explode(',', $embed->evaluate()); if (!array_key_exists('switch_time', $attributes)) { $attributes['switch_time'] = '6000'; } $temp_tpl = do_template('COMCODE_BIG_TABS_CONTROLLER', array('SWITCH_TIME' => $attributes['switch_time'], 'TABS' => $tabs, 'PASS_ID' => 'x' . $pass_id)); break; case 'tab': if ($wml) { $temp_tpl = $embed; break; } $default = array_key_exists('default', $attributes) ? $attributes['default'] : '0'; $temp_tpl = do_template('COMCODE_TAB_BODY', array('DEFAULT' => $default == '1', 'TITLE' => trim($attributes['param']), 'CONTENT' => $embed)); break; case 'tabs': if ($wml) { break; } $heads = new ocp_tempcode(); $tabs = explode(',', $attributes['param']); foreach ($tabs as $i => $tab) { $heads->attach(do_template('COMCODE_TAB_HEAD', array('TITLE' => trim($tab), 'FIRST' => $i == 0, 'LAST' => !array_key_exists($i + 1, $tabs)))); } $temp_tpl = do_template('COMCODE_TAB_CONTROLLER', array('HEADS' => $heads, 'CONTENT' => $embed)); break; case 'carousel': if ($attributes['param'] == '') { $attributes['param'] = '40'; } $temp_tpl = do_template('COMCODE_CAROUSEL', array('CONTENT' => $embed, 'SCROLL_AMOUNT' => $attributes['param'])); break; case 'menu': if ($wml) { break; } $name = array_key_exists('param', $attributes) ? $attributes['param'] : 'mnu' . strval(mt_rand(0, 100)); $type = array_key_exists('type', $attributes) ? $attributes['type'] : 'tree'; require_code('menus'); require_code('menus_comcode'); $temp_tpl = build_comcode_menu($embed->evaluate(), $name, $source_member, $type); break; case 'if_in_group': $groups = ''; $_groups = explode(',', $attributes['param']); $all_groups = $GLOBALS['FORUM_DRIVER']->get_usergroup_list(); foreach ($_groups as $group) { $find = array_search($group, $all_groups); if ($find === false) { if ($groups != '') { $groups .= ','; } $groups .= $group; } else { if ($groups != '') { $groups .= ','; } $groups .= strval($find); } } $temp_tpl = do_template('COMCODE_IF_IN_GROUP', array('_GUID' => '761a7cc07f7b4b68508d68ce19b87d2c', 'TYPE' => array_key_exists('type', $attributes) ? $attributes['type'] : '', 'CONTENT' => $embed, 'GROUPS' => $groups)); break; case 'acronym': case 'abbr': $temp_tpl = do_template('COMCODE_ABBR', array('_GUID' => 'acbc4f991dsf03f81b61919b74ac24c91', 'CONTENT' => $embed, 'TITLE' => $attributes['param'])); break; case 'address': $temp_tpl = do_template('COMCODE_ADDRESS', array('_GUID' => 'acbcsdf9910703f81b61919b74ac24c91', 'CONTENT' => $embed)); break; case 'dfn': $temp_tpl = do_template('COMCODE_DFN', array('_GUID' => 'acbc4f9910703f81b61sf19b74ac24c91', 'CONTENT' => $embed)); break; case 'pulse': $min_color = array_key_exists('min', $attributes) ? $attributes['min'] : '0000FF'; $max_color = array_key_exists('max', $attributes) ? $attributes['max'] : 'FF0044'; if (substr($min_color, 0, 1) == '#') { $min_color = substr($min_color, 1); } if (substr($max_color, 0, 1) == '#') { $max_color = substr($max_color, 1); } $speed = $attributes['param'] == '' ? 100 : intval($attributes['param']); $temp_tpl = do_template('COMCODE_PULSE', array('_GUID' => 'adsd4f9910sfd03f81b61919b74ac24c91', 'RAND_ID' => uniqid('', true), 'CONTENT' => $embed, 'MIN_COLOR' => $min_color, 'MAX_COLOR' => $max_color, 'SPEED' => strval($speed))); break; case 'del': $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'del', $cite, $source_member); } $datetime = array_key_exists('datetime', $attributes) ? $attributes['datetime'] : NULL; $temp_tpl->attach(do_template('COMCODE_DEL', array('_GUID' => 'acsd4f9910sfd03f81b61919b74ac24c91', 'CONTENT' => $embed, 'CITE' => $cite, 'DATETIME' => $datetime))); break; case 'ins': $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'ins', $cite, $source_member); if (!$temp_tpl->is_empty()) { break; } } $datetime = array_key_exists('datetime', $attributes) ? $attributes['datetime'] : NULL; $temp_tpl->attach(do_template('COMCODE_INS', array('_GUID' => 'asss4f9910703f81b61919bsfc24c91', 'CONTENT' => $embed, 'CITE' => $cite, 'DATETIME' => $datetime))); break; case 'cite': $temp_tpl = do_template('COMCODE_CITE', array('_GUID' => 'acbcsf910703f81b61919b74ac24c91', 'CONTENT' => $embed)); break; case 'b': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<b>' . $embed->evaluate() . '</b>'); break; } $temp_tpl = do_template('COMCODE_BOLD', array('_GUID' => 'acbc4fds910703f81b619sf74ac24c91', 'CONTENT' => $embed)); break; case 'align': if ($wml) { $temp_tpl = $embed; break; } $align = array_key_exists('param', $attributes) ? $attributes['param'] : 'left'; $temp_tpl = do_template('COMCODE_ALIGN', array('_GUID' => '950b4d9db12cac6bf536860bedd96a36', 'ALIGN' => $align, 'CONTENT' => $embed)); break; case 'indent': if ($wml) { $temp_tpl = $embed; break; } $indent = array_key_exists('param', $attributes) ? $attributes['param'] : '10'; if (!is_numeric($indent)) { $indent = '10'; } $temp_tpl = do_template('COMCODE_INDENT', array('_GUID' => 'd8e69fa17eebd5312e3ad5788e3a1343', 'INDENT' => $indent, 'CONTENT' => $embed)); break; case 'surround': if ($wml) { $temp_tpl = $embed; break; } if ($semiparse_mode && $embed->evaluate() == '') { $temp_tpl = make_string_tempcode('<kbd class="ocp_keep" title="no_parse">[surround="' . comcode_escape(array_key_exists('param', $attributes) ? $attributes['param'] : 'float_surrounder') . '"]' . $embed->evaluate() . '[/surround]</kbd>'); break; } $class = array_key_exists('param', $attributes) && $attributes['param'] != '' ? $attributes['param'] : 'float_surrounder'; $temp_tpl = do_template('COMCODE_SURROUND', array('_GUID' => 'e8e69fa17eebd5312e3ad5788e3a1343', 'CLASS' => $class, 'CONTENT' => $embed)); break; case 'i': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<i>' . $embed->evaluate() . '</i>'); break; } $temp_tpl = do_template('COMCODE_ITALICS', array('_GUID' => '4321a1fe3825418e57a29410183c0c60', 'CONTENT' => $embed)); break; case 'u': if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<u>' . $embed->evaluate() . '</u>'); break; } $temp_tpl = do_template('COMCODE_UNDERLINE', array('_GUID' => '69cc8e73b17f9e6a35eb1af2bd1dc6ab', 'CONTENT' => $embed)); break; case 's': if ($wml) { $temp_tpl = $embed; break; } if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<strike>' . $embed->evaluate() . '</strike>'); break; } $temp_tpl = do_template('COMCODE_STRIKE', array('_GUID' => 'ed242591cefd365497cc0c63abbb11a9', 'CONTENT' => $embed)); break; case 'tooltip': $param = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); if ($wml) { $temp_tpl->attach($embed); $temp_tpl->attach('[ '); $temp_tpl->attach($param); $temp_tpl->attach(' ]'); break; } $temp_tpl = do_template('COMCODE_TOOLTIP', array('_GUID' => 'c9f4793dc0c1a92cd7d08ae1b87c2308', 'URL' => array_key_exists('url', $attributes) ? $attributes['url'] : '', 'TOOLTIP' => $param, 'CONTENT' => $embed)); break; case 'sup': if ($wml) { $temp_tpl->attach('^'); $temp_tpl->attach($embed); break; } $temp_tpl = do_template('COMCODE_SUP', array('_GUID' => '74d2ecfe193dacb6d922bc288828196a', 'CONTENT' => $embed)); break; case 'sub': if ($wml) { $temp_tpl->attach('{'); $temp_tpl->attach($embed); $temp_tpl->attach('}'); break; } $temp_tpl = do_template('COMCODE_SUB', array('_GUID' => '515e310e00a6d7c30f7dca0a5956ebcf', 'CONTENT' => $embed)); break; case 'title': if ($semiparse_mode && strpos($comcode, '[contents') !== false) { $temp_tpl = make_string_tempcode('[title' . reinsert_parameters($attributes) . ']' . $embed->evaluate() . '[/title]'); break; } $level = $attributes['param'] != '' ? intval($attributes['param']) : 1; if ($level == 0) { $level = 1; } // Stop crazy Comcode causing stack errors with the toc $uniq_id = strval(count($STRUCTURE_LIST)); $STRUCTURE_LIST[] = array($level, $embed, $uniq_id); if ($level == 1) { $template = 'SCREEN_TITLE'; } elseif ($level == 2) { $template = 'COMCODE_SECTION_TITLE'; } elseif ($level == 3) { $template = 'COMCODE_MINOR_TITLE'; } elseif ($level == 4) { $template = 'COMCODE_VERY_MINOR_TITLE'; } else { $template = 'COMCODE_VERY_MINOR_TITLE'; } if ($level == 1) { if (is_null($COMCODE_PARSE_TITLE)) { $COMCODE_PARSE_TITLE = $embed->evaluate(); if (is_object($COMCODE_PARSE_TITLE)) { $COMCODE_PARSE_TITLE = $COMCODE_PARSE_TITLE->evaluate(); } } } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 2; if (array_key_exists('number', $attributes) && $level >= $base) { $list_types = $attributes['number'] == '' ? array() : explode(',', $attributes['number']); $list_types = array_merge($list_types, array('decimal', 'lower-alpha', 'lower-roman', 'upper-alpha', 'upper-roman', 'disc')); $numerals = array('i', 'ii', 'iii', 'iv', 'v', 'vi', 'viii', 'ix', 'x', 'xi', 'xii', 'xiii', 'xiv', 'xv', 'xvi', 'xvii', 'xviii', 'xix', 'xx'); $symbol_lookup = array('decimal' => range(1, 100), 'lower-alpha' => range('a', 'z'), 'lower-roman' => $numerals, 'upper-alpha' => range('A', 'Z'), 'upper-roman' => str_replace('i', 'I', str_replace('v', 'V', str_replace('x', 'X', $numerals)))); $level_text = ''; $list_pos = count($STRUCTURE_LIST) - 2; for ($j = $level; $j >= $base; $j--) { $num_before = 0; for ($i = $list_pos; $i >= 0; $i--) { $list_pos--; if ($STRUCTURE_LIST[$i][0] == $j - 1) { break; } if ($STRUCTURE_LIST[$i][0] == $j) { $num_before++; } } $level_number = @strval($symbol_lookup[$list_types[$j - $base]][$num_before]); $level_text = $level_number . ($level_text != '' ? '.' : '') . $level_text; } $old_embed = $embed; $embed = make_string_tempcode($level_text . ' – '); $embed->attach($old_embed); } if ($wml) { if ($level == 1) { $temp_tpl->attach('<br /><p><big><u><b>'); $temp_tpl->attach($embed); $temp_tpl->attach('</b></u></big></p><br />'); } elseif ($level == 2) { $temp_tpl->attach('<br /><p><big><u>'); $temp_tpl->attach($embed); $temp_tpl->attach('</u></big></p><br />'); } elseif ($level == 3) { $temp_tpl->attach('<br /><p><big>'); $temp_tpl->attach($embed); $temp_tpl->attach('</big></p><br />'); } elseif ($level == 4) { $temp_tpl->attach('<br /><p>'); $temp_tpl->attach($embed); $temp_tpl->attach('</p><br />'); } break; } if ($semiparse_mode) { $temp_tpl = make_string_tempcode('<h' . strval($level) . ($level == 1 ? ' class="main_page_title"' : '') . '><span class="inner">' . $embed->evaluate() . '</span></h' . strval($level) . '>'); break; } $tpl_map = array('ID' => substr($pass_id, 0, 5) == 'panel' ? NULL : $uniq_id, 'TITLE' => $embed, 'HELP_URL' => '', 'HELP_TERM' => ''); if (array_key_exists('sub', $attributes)) { $tpl_map['SUB'] = protect_from_escaping(comcode_to_tempcode($attributes['sub'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member)); } $temp_tpl = do_template($template, $tpl_map); break; case 'attachment': case 'attachment2': // legacy // legacy case 'attachment_safe': if ($wml) { break; } require_code('attachments'); if (is_null($on_behalf_of_member)) { $on_behalf_of_member = $source_member; } $id = $embed->evaluate(); global $COMCODE_ATTACHMENTS; if (!is_numeric($id) && !$as_admin && !has_specific_permission($source_member, 'exceed_filesize_limit')) { // We work all this out before we do any downloads, to make sure orphaned files aren't dumped on the file system (possible hack method) if (get_forum_type() == 'ocf') { require_lang('ocf'); require_code('ocf_groups'); $daily_quota = ocf_get_member_best_group_property($source_member, 'max_daily_upload_mb'); } else { $daily_quota = 5; // 5 is a hard coded default for non-OCF forums } if (!is_null($daily_quota)) { $_size_uploaded_today = $connection->query('SELECT SUM(a_file_size) AS the_answer FROM ' . $connection->get_table_prefix() . 'attachments WHERE a_member_id=' . strval((int) $source_member) . ' AND a_add_time>' . strval(time() - 60 * 60 * 24)); if (is_null($_size_uploaded_today[0]['the_answer'])) { $_size_uploaded_today[0]['the_answer'] = 0; } $size_uploaded_today = ceil((double) $_size_uploaded_today[0]['the_answer'] / 1024.0 / 1024.0); $attach_size = 0; require_code('uploads'); is_swf_upload(true); foreach ($_FILES as $_file) { $attach_size += floatval($_file['size']) / 1024.0 / 1024.0; } if ($size_uploaded_today + $attach_size > floatval($daily_quota)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('OVER_DAILY_QUOTA', integer_format($daily_quota), float_format($size_uploaded_today)))); break; } } } $thumb_url = array_key_exists('thumb_url', $attributes) ? $attributes['thumb_url'] : ''; // Embedded attachments if (!is_numeric($id) && substr($id, 0, 4) != 'new_' && substr($id, 0, 4) != 'url_') { $file = base64_decode(str_replace(chr(10), '', $id)); if ($file === false) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:CORRUPT_ATTACHMENT'))); break; } $md5 = md5(substr($file, 0, 30)); $original_filename = array_key_exists('filename', $attributes) ? $attributes['filename'] : $md5 . '.dat'; if (get_file_extension($original_filename) != 'dat') { require_code('files2'); check_extension($original_filename, true); $new_filename = $md5 . '.' . get_file_extension($original_filename) . '.dat'; } else { $new_filename = $md5 . '.' . get_file_extension($original_filename); } $path = get_custom_file_base() . '/uploads/attachments/' . $new_filename; $myfile = @fopen($path, 'wb'); if ($myfile === false) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => intelligent_write_error_inline($path))); break; } if (fwrite($myfile, $file) < strlen($file)) { warn_exit(do_lang_tempcode('COULD_NOT_SAVE_FILE')); } fclose($myfile); fix_permissions($path); sync_file($path); $_size = strlen($file); $url = 'uploads/attachments/' . $new_filename; if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $url = get_custom_base_url() . '/' . $url; } // Thumbnail if ($thumb_url == '') { require_code('images'); if (is_image($original_filename)) { $gd = get_option('is_on_gd') == '1' && function_exists('imagetypes'); if ($gd) { require_code('images'); if (!is_saveable_image($url)) { $ext = '.png'; } else { $ext = '.' . get_file_extension($original_filename); } $thumb_url = 'uploads/attachments_thumbs/' . $md5 . $ext; convert_image(get_custom_base_url() . '/' . $url, get_custom_file_base() . '/' . $thumb_url, -1, -1, intval(get_option('thumb_width')), true, NULL, false, true); if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $thumb_url = get_custom_base_url() . '/' . $thumb_url; } } else { $thumb_url = $url; } } } if (addon_installed('galleries')) { require_code('images'); if (is_video($url) && $connection->connection_read == $GLOBALS['SITE_DB']->connection_read) { require_code('transcoding'); $url = transcode_video($url, 'attachments', 'a_url', 'a_original_filename', NULL, NULL); } } $attachment = array('a_member_id' => $on_behalf_of_member, 'a_file_size' => $_size, 'a_url' => $url, 'a_thumb_url' => $thumb_url, 'a_original_filename' => $original_filename, 'a_num_downloads' => 0, 'a_last_downloaded_time' => NULL, 'a_add_time' => time()); $attachment['a_description'] = array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : ''; $attach_id = $connection->query_insert('attachments', $attachment, true); $attachment['id'] = $attach_id; // Create and document attachment if (!array_key_exists('type', $attributes)) { $attributes['type'] = 'auto'; } $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'type' => 'new', 'attachmenttype' => $attributes['type'], 'description' => $attachment['a_description'], 'id' => intval($attach_id), 'marker' => $marker, 'comcode' => $comcode); // Marker will allow us to search back and replace this with the added id } elseif (!is_numeric($id)) { require_code('uploads'); if (substr($id, 0, 4) == 'new_') { $_id = substr($id, 4); if (!is_numeric($_id)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:INVALID_ATTACHMENT'))); break; } $attributes['type'] = post_param('attachmenttype' . $_id, array_key_exists('type', $attributes) ? $attributes['type'] : 'auto'); if (substr($attributes['type'], -8) == '_extract') { $attributes['type'] = substr($attributes['type'], 0, strlen($attributes['type']) - 8); } $urls = get_url('', 'file' . $_id, 'uploads/attachments', 2, OCP_UPLOAD_ANYTHING, (!array_key_exists('thumb', $attributes) || $attributes['thumb'] != '0') && $thumb_url == '', '', '', true, true, true); if ($urls[0] == '') { return new ocp_tempcode(); } //warn_exit(do_lang_tempcode('ERROR_UPLOADING')); Can't do this, because this might not be post-calculated if something went wrong once is_swf_upload(true); $_size = $_FILES['file' . $_id]['size']; $original_filename = $_FILES['file' . $_id]['name']; if (get_magic_quotes_gpc()) { $original_filename = stripslashes($original_filename); } } elseif (substr($id, 0, 4) == 'url_') { if (!has_specific_permission($source_member, 'draw_to_server') && !$as_admin) { break; } $_id = '!'; $attributes['type'] = post_param('attachmenttype' . $_id, array_key_exists('type', $attributes) ? $attributes['type'] : 'auto'); $url = remove_url_mistakes(substr($id, 4)); $_POST['_specify_url'] = $url; // Little hack, as we need to read it from a POST if (get_magic_quotes_gpc()) { $_POST['_specify_url'] = addslashes($_POST['_specify_url']); } $urls = get_url('_specify_url', '', 'uploads/filedump', 1, OCP_UPLOAD_ANYTHING, (!array_key_exists('thumb', $attributes) || $attributes['thumb'] != '0') && $thumb_url == '', '', '', true, true); if ($urls[0] == '') { return new ocp_tempcode(); } $original_filename = rawurldecode(substr($url, strrpos($url, '/') + 1)); if (url_is_local($urls[0])) { $_size = @filesize(get_custom_file_base() . '/' . rawurldecode($urls[0])); if ($_size === false) { $_size = filesize(get_file_base() . '/' . rawurldecode($urls[0])); } } else { $_size = 0; } } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('comcode:INVALID_ATTACHMENT'))); break; } if ($urls[0] == '') { require_code('images'); require_code('files2'); $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('ATTACHMENT_WOULD_NOT_UPLOAD', float_format(get_max_file_size() / 1024 / 1024), float_format(get_max_image_size() / 1024 / 1024)))); break; } $url = $urls[0]; if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { $url = get_custom_base_url() . '/' . $url; } if ($thumb_url == '') { $thumb_url = array_key_exists(1, $urls) ? $urls[1] : ''; } if ($thumb_url != '' && $connection != $GLOBALS['SITE_DB']) { $thumb_url = get_custom_base_url() . '/' . $thumb_url; } $num_downloads = 0; $last_downloaded_time = NULL; $add_time = time(); $member_id = $on_behalf_of_member; if (addon_installed('galleries')) { require_code('images'); if (is_video($url) && $connection->connection_read == $GLOBALS['SITE_DB']->connection_read) { require_code('transcoding'); $url = transcode_video($url, 'attachments', 'a_url', 'a_original_filename', NULL, NULL); } } $attachment = array('a_member_id' => $member_id, 'a_file_size' => $_size, 'a_url' => $url, 'a_thumb_url' => $thumb_url, 'a_original_filename' => $original_filename, 'a_num_downloads' => $num_downloads, 'a_last_downloaded_time' => $last_downloaded_time, 'a_add_time' => $add_time); $attachment['a_description'] = post_param('caption' . $_id, array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : ''); $attach_id = $connection->query_insert('attachments', $attachment, true); $attachment['id'] = $attach_id; if ($tag == 'attachment2' || $tag == 'attachment_safe' || substr($id, 0, 4) == 'url_') { $connection->query_delete('attachment_refs', array('r_referer_type' => 'null', 'r_referer_id' => '', 'a_id' => $attachment['id']), '', 1); $connection->query_insert('attachment_refs', array('r_referer_type' => 'null', 'r_referer_id' => '', 'a_id' => $attachment['id'])); } // Create and document attachment $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'time' => time(), 'type' => substr($id, 0, 4) == 'new_' ? 'new' : 'url', 'attachmenttype' => $attributes['type'], 'description' => $attachment['a_description'], 'id' => intval($attach_id), 'marker' => $marker, 'comcode' => $comcode); // Marker will allow us to search back and replace this with the added id // Existing attachments } else { $__id = intval($id); // Check we have permission to re-use this $owner = $connection->query_value_null_ok('attachments', 'a_member_id', array('id' => $__id)); if (is_null($owner)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'attachment', escape_html(strval($__id))))); if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'attachment', strval($__id)), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } $_attachment = $connection->query_select('attachments', array('*'), array('id' => $__id), '', 1); $attachment = $_attachment[0]; $already_referenced = array_key_exists($__id, $GLOBALS['ATTACHMENTS_ALREADY_REFERENCED']); if ($already_referenced || $as_admin || $source_member === $owner || (has_specific_permission($source_member, 'reuse_others_attachments') || $owner == $source_member) && has_attachment_access($source_member, $__id)) { if (!array_key_exists('type', $attributes)) { $attributes['type'] = 'auto'; } $COMCODE_ATTACHMENTS[$pass_id][] = array('tag_type' => $tag, 'time' => $attachment['a_add_time'], 'type' => 'existing', 'id' => $__id, 'attachmenttype' => $attributes['type'], 'marker' => $marker, 'comcode' => $comcode); } else { require_lang('permissions'); $username = $GLOBALS['FORUM_DRIVER']->get_username($source_member); if (is_null($username)) { $username = do_lang('DELETED'); } $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('permissions:ACCESS_DENIED__REUSE_ATTACHMENT', $username))); break; //access_denied('REUSE_ATTACHMENT'); } if ($connection->connection_write != $GLOBALS['SITE_DB']->connection_write) { if (url_is_local($attachment['a_url'])) { $attachment['a_url'] = get_custom_base_url() . '/' . $attachment['a_url']; } if (url_is_local($attachment['a_url'])) { $attachment['a_thumb_url'] = get_custom_base_url() . '/' . $attachment['a_thumb_url']; } } $attachment['a_description'] = array_key_exists('description', $attributes) ? is_object($attributes['description']) ? '[html]' . $attributes['description']->evaluate() . '[/html]' : $attributes['description'] : $attachment['a_description']; } // Now, render it // ============== $temp_tpl = render_attachment($tag, $attributes, $attachment, $pass_id, $source_member, $as_admin, $connection, $highlight_bits, $on_behalf_of_member, $semiparse_mode); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '802fe29019be80993296de7cc8b5cc5e', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'include': $codename = $embed->evaluate(); $zone = $attributes['param']; if ($zone == '_SEARCH') { $zone = get_comcode_zone($codename); } if ($zone == '_SELF') { $zone = get_zone_name(); } $temp_comcode_parse_title = $COMCODE_PARSE_TITLE; $temp = request_page($codename, false, $zone, NULL, true); $COMCODE_PARSE_TITLE = $temp_comcode_parse_title; if ($temp->is_empty()) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'include', hyperlink(build_url(array('page' => 'cms_comcode_pages', 'type' => '_ed', 'page_link' => $zone . ':' . $codename), get_module_zone('cms_comcode_pages')), $zone . ':' . $codename, false, true)))); if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'include', $zone . ':' . $codename), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } } else { $temp_tpl = symbol_tempcode('LOAD_PAGE', array($codename, $zone)); } break; case 'random': unset($attributes['param']); if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $max = $embed->evaluate() == '' ? intval($embed->evaluate()) : 0; foreach ($attributes as $num => $val) { $_temp = is_object($val) ? $val : comcode_to_tempcode($val, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $attributes[$num] = $_temp->evaluate(); if (intval($num) > $max) { $max = intval($num); } } $_parts = new ocp_tempcode(); krsort($attributes); foreach ($attributes as $num => $val) { $_parts->attach(do_template('COMCODE_RANDOM_PART', array('_GUID' => '5fa49a916304f9caa0ddedeb01531142', 'NUM' => strval($num), 'VAL' => $val))); } $temp_tpl = do_template('COMCODE_RANDOM', array('_GUID' => '9b77aaf593b12c763fb0c367fab415b6', 'UNIQID' => uniqid('', true), 'FULL' => $embed, 'MAX' => strval($max), 'PARTS' => $_parts)); break; case 'jumping': unset($attributes['param']); if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $_parts = new ocp_tempcode(); foreach ($attributes as $val) { $_temp = is_object($val) ? $val : comcode_to_tempcode($val, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $_parts->attach(do_template('COMCODE_JUMPING_PART', array('_GUID' => 'd163bd11920f39f0cb8ff2f6ba48bc80', 'PART' => $_temp->evaluate()))); } $embed = $embed->evaluate(); $temp_tpl = do_template('COMCODE_JUMPING', array('_GUID' => '85e9f83ed134868436a7db7692f56047', 'UNIQID' => uniqid('', true), 'FULL' => implode(', ', $attributes), 'TIME' => strval((int) $embed), 'PARTS' => $_parts)); break; case 'shocker': if ($wml) { $top_attribute = array_pop($attributes); $temp_tpl = is_object($top_attribute) ? $top_attribute : comcode_to_tempcode($top_attribute, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); break; } $_parts = new ocp_tempcode(); foreach ($attributes as $key => $val) { if (substr($key, 0, 5) == 'left_') { $left = $val; $right = array_key_exists('right_' . substr($key, 5), $attributes) ? $attributes['right_' . substr($key, 5)] : ''; $left = is_object($left) ? $left : comcode_to_tempcode($left, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $right = is_object($right) ? $right : comcode_to_tempcode($right, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $_parts->attach(do_template('COMCODE_SHOCKER_PART', array('LEFT' => $left, 'RIGHT' => $right))); } } $min_color = array_key_exists('min', $attributes) ? $attributes['min'] : '0000FF'; $max_color = array_key_exists('max', $attributes) ? $attributes['max'] : 'FF0044'; if (substr($min_color, 0, 1) == '#') { $min_color = substr($min_color, 1); } if (substr($max_color, 0, 1) == '#') { $max_color = substr($max_color, 1); } $embed = $embed->evaluate(); $temp_tpl = do_template('COMCODE_SHOCKER', array('UNIQID' => uniqid('', true), 'MIN_COLOR' => $min_color, 'MAX_COLOR' => $max_color, 'FULL' => implode(', ', $attributes), 'TIME' => strval(intval($embed)), 'PARTS' => $_parts)); break; case 'ticker': if ($wml) { $temp_tpl = $embed; break; } $width = $attributes['param']; if (!is_numeric($width)) { $width = '300'; } $fspeed = array_key_exists('speed', $attributes) ? float_to_raw_string(floatval($attributes['speed'])) : '1'; $temp_tpl = do_template('COMCODE_TICKER', array('_GUID' => 'e48893cda61995261577f0556443c537', 'UNIQID' => uniqid('', true), 'SPEED' => $fspeed, 'WIDTH' => $width, 'TEXT' => $embed)); break; case 'highlight': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_HIGHLIGHT', array('_GUID' => '695d041b6605f06ec2aeee1e82f87185', 'CONTENT' => $embed)); break; case 'size': $size = array_key_exists('param', $attributes) ? $attributes['param'] : '1'; if ($wml) { if (floatval($size) >= 1.5) { $temp_tpl->attach('<big>'); $temp_tpl->attach($embed); $temp_tpl->attach('</big>'); } elseif (floatval($size) < 0.8) { $temp_tpl->attach('<small>'); $temp_tpl->attach($embed); $temp_tpl->attach('</small>'); } else { $temp_tpl->attach($embed); } break; } if (is_numeric($size)) { $size = 'font-size: ' . $size . 'em;'; } elseif (substr($size, 0, 1) == '+') { $size = 'font-size: ' . substr($size, 1) . 'em'; } elseif (substr($size, -1) == '%') { $size = 'font-size: ' . float_to_raw_string(floatval(substr($size, 0, strlen($size) - 1)) / 100.0) . 'em'; } elseif (substr($size, -2) == 'of') { $new_size = '1em'; switch ($size) { case '1of': $new_size = '8pt'; break; case '2of': $new_size = '10pt'; break; case '3of': $new_size = '12pt'; break; case '4of': $new_size = '14pt'; break; case '5of': $new_size = '18pt'; break; case '6of': $new_size = '24pt'; break; case '7of': $new_size = '36pt'; break; } $size = 'font-size: ' . $new_size; } else { $size = 'font-size: ' . $size; } $size_len = strlen($size); filter_html($as_admin, $source_member, 0, $size_len, $size, false, false); $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'fb23fdcb45aabdfeca9f37ed8098948e', 'CONTENT' => $embed, 'SIZE' => $size, 'COLOR' => '', 'FACE' => '')); break; case 'color': if ($wml) { $temp_tpl = $embed; break; } $color = array_key_exists('param', $attributes) ? 'color: ' . $attributes['param'] . ';' : ''; $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'bd146414c9239ba2076f4b683df437d7', 'CONTENT' => $embed, 'SIZE' => '', 'COLOR' => $color, 'FACE' => '')); $color_len = strlen($color); filter_html($as_admin, $source_member, 0, $color_len, $color, false, false); break; case 'tt': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_TELETYPE', array('CONTENT' => $embed)); break; case 'samp': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_SAMP', array('CONTENT' => $embed)); break; case 'q': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_Q', array('CONTENT' => $embed)); break; case 'var': if ($wml) { $temp_tpl->attach('<i>'); $temp_tpl->attach($embed); $temp_tpl->attach('</i>'); break; } $temp_tpl = do_template('COMCODE_VAR', array('CONTENT' => $embed)); break; case 'font': $face = $attributes['param']; if ($face == '' && array_key_exists('face', $attributes)) { $face = $attributes['face']; } $color = array_key_exists('color', $attributes) ? $attributes['color'] : ''; $size = array_key_exists('size', $attributes) ? $attributes['size'] : ''; if ($face == '/') { $face = ''; } if ($color == '/') { $color = ''; } if ($size == '/') { $size = ''; } if ($wml) { $before = ''; $after = ''; if ($size != '') { if (floatval($size) >= 1.5) { $before = '<big>'; $after = '</big>'; } elseif (floatval($size) < 0.8) { $before = '<small>'; $after = '</small>'; } } $temp_tpl->attach($before); $temp_tpl->attach($embed); $temp_tpl->attach($after); break; } if ($color != '') { $color = 'color: ' . $color . ';'; } if ($size != '') { if (is_numeric($size)) { $size = 'font-size: ' . $size . 'em;'; } elseif (substr($size, 0, 1) == '+') { $size = 'font-size: ' . substr($size, 1) . 'em'; } elseif (substr($size, -1) == '%') { $size = 'font-size: ' . float_to_raw_string(floatval(substr($size, 0, strlen($size) - 1)) / 100.0) . 'em'; } elseif (substr($size, -2) == 'of') { $new_size = '1em'; switch ($size) { case '1of': $new_size = '8pt'; break; case '2of': $new_size = '10pt'; break; case '3of': $new_size = '12pt'; break; case '4of': $new_size = '14pt'; break; case '5of': $new_size = '18pt'; break; case '6of': $new_size = '24pt'; break; case '7of': $new_size = '36pt'; break; } $size = 'font-size: ' . $new_size; } else { $size = 'font-size: ' . $size; } } if ($face != '') { $face = 'font-family: ' . str_replace('\'', '', $face) . ';'; } $size_len = strlen($size); filter_html($as_admin, $source_member, 0, $size_len, $size, false, false); $color_len = strlen($color); filter_html($as_admin, $source_member, 0, $color_len, $color, false, false); $face_len = strlen($face); filter_html($as_admin, $source_member, 0, $face_len, $face, false, false); $temp_tpl = do_template('COMCODE_FONT', array('_GUID' => 'f5fcafe737b8fdf466a6a51773e09c9b', 'CONTENT' => $embed, 'SIZE' => $size, 'COLOR' => $color, 'FACE' => $face)); break; case 'box': if ($wml) { $temp_tpl->attach('<br /><p>'); if ($attributes['param'] != '') { $temp_tpl->attach('<big>'); $temp_tpl->attach($attributes['param']); $temp_tpl->attach('</big><br /><br />'); } $temp_tpl->attach($embed); $temp_tpl->attach('</p></br />'); break; } // Legacy parameter. There used to be 'place' and 'nowrap' and 'class', but these are now gone. $breadth = array_key_exists('breadth', $attributes) ? $attributes['breadth'] : '100%'; if ($breadth == 'WIDE') { $breadth = '100%'; } if ($breadth == 'WIDE_HIGH') { $breadth = '100%'; } if ($breadth == 'THIN') { $breadth = 'auto'; } // The new versions $dimensions = array_key_exists('dimensions', $attributes) ? comcode_to_tempcode($attributes['dimensions'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member) : make_string_tempcode($breadth); $type = array_key_exists('type', $attributes) ? $attributes['type'] : ''; $options = array_key_exists('options', $attributes) ? $attributes['options'] : ''; $meta = $comcode_dangerous && array_key_exists('meta', $attributes) ? $attributes['meta'] : ''; //Insecure, unneeded here $links = $comcode_dangerous && array_key_exists('links', $attributes) ? $attributes['links'] : ''; //Insecure, unneeded here $converted = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $temp_tpl = directive_tempcode('BOX', $embed, array($converted, $dimensions, make_string_tempcode($type), make_string_tempcode($options), make_string_tempcode($meta), make_string_tempcode($links))); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '54e8fc9ec1e16cfc5c8824e22f1e8745', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'concept': if ($wml) { $temp_tpl = $embed; break; } if (!array_key_exists('param', $attributes) || $attributes['param'] == '') { $key = $embed->evaluate(); $temp_tpl = symbol_tempcode('DISPLAY_CONCEPT', array($key)); } else { $temp_tpl = do_template('COMCODE_CONCEPT_INLINE', array('_GUID' => '381a59de4d6f8967446c12bf4641a9ce', 'TEXT' => $embed, 'FULL' => $attributes['param'])); } break; case 'concepts': if ($wml) { break; } $title = $embed->evaluate(); $concepts = new ocp_tempcode(); foreach ($attributes as $_key => $_value) { if (substr($_key, -4) == '_key') { $key = $_value; $cid = substr($_key, 0, strlen($_key) - 4); $to_parse = array_key_exists($cid . '_value', $attributes) ? $attributes[$cid . '_value'] : new ocp_tempcode(); $value = is_object($to_parse) ? $to_parse : comcode_to_tempcode($to_parse, $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $concepts->attach(do_template('COMCODE_CONCEPTS_CONCEPT', array('_GUID' => '4baf6dabc32146c594c7fd922791b6b2', 'A' => 'concept___' . preg_replace('#[^\\w]#', '_', $key), 'KEY' => $key, 'VALUE' => $value))); } } $temp_tpl = do_template('COMCODE_CONCEPTS', array('_GUID' => '4c7a1d70753dc1d209b9951aa10f361a', 'TITLE' => $title, 'CONCEPTS' => $concepts)); break; case 'exp_ref': if ($wml) { break; } $_embed = $embed->evaluate(); if (strpos($_embed, '.') !== false) { break; } $stub = get_file_base() . '/data_custom/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data_custom/images/' . get_zone_name() . '/'; if (!file_exists($stub)) { $stub = get_file_base() . '/data/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data/images/' . get_zone_name() . '/'; } if (!file_exists($stub)) { $stub = get_file_base() . '/data_custom/images/'; $stub2 = get_base_url() . '/data_custom/images/'; } if (!file_exists($stub)) { $stub = get_file_base() . '/data/images/'; $stub2 = get_base_url() . '/data/images/'; } if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url = $stub2 . $_embed . '.jpeg'; } else { $stub = get_file_base() . '/data/images/docs/'; $stub2 = get_base_url() . '/data/images/docs/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url = $stub2 . $_embed . '.jpeg'; } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'exp_ref', escape_html($_embed)))); if (array_key_exists('COMCODE_BROKEN_URLS', $GLOBALS)) { $GLOBALS['COMCODE_BROKEN_URLS'][] = array($_embed, NULL); } elseif (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'exp_ref', $_embed), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } } $text = make_string_tempcode($attributes['param']); if ($text->is_empty()) { $text = do_lang_tempcode('EXAMPLE'); } $temp_tpl = do_template('COMCODE_EXP_REF', array('_GUID' => '89e7f528e72096e3458d6acb70734d0b', 'TEXT' => $text, 'URL' => $url)); break; case 'exp_thumb': if ($wml) { break; } $_embed = $embed->evaluate(); if (strpos($_embed, '.') !== false) { break; } $stub = get_file_base() . '/data/images/' . get_zone_name() . '/'; $stub2 = get_base_url() . '/data/images/' . get_zone_name() . '/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url_full = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url_full = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url_full = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url_full = $stub2 . $_embed . '.jpeg'; } else { $stub = get_file_base() . '/data/images/docs/'; $stub2 = get_base_url() . '/data/images/docs/'; if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (file_exists($stub . $_embed . '.png')) { $url_full = $stub2 . $_embed . '.png'; } elseif (file_exists($stub . $_embed . '.gif')) { $url_full = $stub2 . $_embed . '.gif'; } elseif (file_exists($stub . $_embed . '.jpg')) { $url_full = $stub2 . $_embed . '.jpg'; } elseif (file_exists($stub . $_embed . '.jpeg')) { $url_full = $stub2 . $_embed . '.jpeg'; } else { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('MISSING_RESOURCE_COMCODE', 'exp_thumb', escape_html($_embed)))); if (array_key_exists('COMCODE_BROKEN_URLS', $GLOBALS)) { $GLOBALS['COMCODE_BROKEN_URLS'][] = $_embed; } elseif (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'exp_thumb', $_embed), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } break; } } $float = array_key_exists('float', $attributes) ? $attributes['float'] : 'right'; $text = $attributes['param']; if (get_option('is_on_gd') == '0' || !function_exists('imagetypes')) { $url_thumb = $url_full; } else { $new_name = $_embed . '_thumb.png'; $file_thumb = $stub . $new_name; if (file_exists($file_thumb)) { $url_thumb = $stub2 . rawurlencode($new_name); } else { $new_name = $_embed . '.png'; $file_thumb = get_custom_file_base() . '/uploads/auto_thumbs/' . $new_name; if (!file_exists($file_thumb)) { require_code('images'); convert_image($url_full, $file_thumb, -1, -1, 150, false); } $url_thumb = get_custom_base_url() . '/uploads/auto_thumbs/' . rawurlencode($new_name); } } if (get_param_integer('wide_print', 0) == 1) { $temp_tpl = do_template('COMCODE_EXP_THUMB_PRINT', array('_GUID' => 'de7f8a7fa29c2335f381a0beb3da9406', 'FLOAT' => $float, 'TEXT' => $text, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); } else { $temp_tpl = do_template('COMCODE_EXP_THUMB', array('_GUID' => 'ce7f8a7fa29c2335f381a0beb3da9406', 'FLOAT' => $float, 'TEXT' => $text, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); } break; case 'thumb': if ($wml) { break; } $_embed = $embed->evaluate(); $_embed = remove_url_mistakes($_embed); $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } if (url_is_local($_embed)) { if (file_exists(get_file_base() . '/' . $_embed) && !file_exists(get_custom_file_base() . '/' . $_embed)) { $url_full = get_base_url() . '/' . $_embed; } else { $url_full = get_custom_base_url() . '/' . $_embed; } } else { $url_full = $_embed; } $align = array_key_exists('align', $attributes) ? $attributes['align'] : 'bottom'; if (get_option('is_on_gd') == '0' || !function_exists('imagetypes') || !has_specific_permission($source_member, 'draw_to_server') && !$as_admin) { $url_thumb = $url_full; } else { if ($attributes['param'] != '') { $url_thumb = url_is_local($attributes['param']) ? get_custom_base_url() . '/' . $attributes['param'] : $attributes['param']; } if ($attributes['param'] == '' || url_is_local($attributes['param']) && !file_exists(get_custom_file_base() . '/' . rawurldecode($attributes['param']))) { $new_name = url_to_filename($url_full); require_code('images'); if (!is_saveable_image($new_name)) { $new_name .= '.png'; } if (is_null($new_name)) { $temp_tpl = do_template('WARNING_TABLE', array('WARNING' => do_lang_tempcode('URL_THUMB_TOO_LONG'))); break; } $file_thumb = get_custom_file_base() . '/uploads/auto_thumbs/' . $new_name; if (!file_exists($file_thumb) && strpos($file_thumb, '{$') === false) { convert_image($url_full, $file_thumb, -1, -1, intval(get_option('thumb_width')), false); } $url_thumb = get_custom_base_url() . '/uploads/auto_thumbs/' . rawurlencode($new_name); } } $caption = array_key_exists('caption', $attributes) ? $attributes['caption'] : ''; $temp_tpl = do_template('COMCODE_THUMB', array('_GUID' => '1b0d25f72ef5f816091269e29c586d60', 'CAPTION' => $caption, 'RAND' => strval(mt_rand(0, 32000)), 'ALIGN' => $align, 'PASS_ID' => intval($pass_id) < 0 ? strval(mt_rand(0, 10000)) : $pass_id, 'URL_THUMB' => $url_thumb, 'URL_FULL' => $url_full)); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => 'cbc56770714a44f56676f43da282cc7a', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'img': if ($wml) { break; } if ($semiparse_mode && array_key_exists('rollover', $attributes)) { $temp_tpl = make_string_tempcode('[img' . reinsert_parameters($attributes) . ']' . $embed->evaluate() . '[/img]'); break; } $_embed = $embed->evaluate(); $given_url = $_embed; $_embed = remove_url_mistakes($_embed); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (url_is_local($_embed)) { if (file_exists(get_file_base() . '/' . $_embed) && !file_exists(get_custom_file_base() . '/' . $_embed)) { $url_full = get_base_url() . '/' . $_embed; } else { $url_full = get_custom_base_url() . '/' . $_embed; } } else { $url_full = $_embed; } $temp_tpl = test_url($url_full, 'img', @html_entity_decode($given_url, ENT_QUOTES, get_charset()), $source_member); $align = array_key_exists('align', $attributes) ? $attributes['align'] : ''; $caption = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); if (array_key_exists('title', $attributes)) { $tooltip = is_object($attributes['title']) ? $attributes['title'] : comcode_to_tempcode($attributes['title'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); } else { $tooltip = $caption; } $rollover = array_key_exists('rollover', $attributes) ? $attributes['rollover'] : NULL; if (!is_null($rollover) && url_is_local($rollover)) { if (file_exists(get_file_base() . '/' . $rollover) && !file_exists(get_custom_file_base() . '/' . $rollover)) { $rollover = get_base_url() . '/' . $rollover; } else { $rollover = get_custom_base_url() . '/' . $rollover; } } $refresh_time = array_key_exists('refresh_time', $attributes) ? strval(intval($attributes['refresh_time'])) : '0'; $temp_tpl->attach(do_template('COMCODE_IMG', array('_GUID' => '70166d8dbb0aff064b99c0dd30ed77a8', 'RAND' => uniqid('', true), 'REFRESH_TIME' => $refresh_time, 'ROLLOVER' => $rollover, 'ALIGN' => $align, 'URL' => $url_full, 'TOOLTIP' => $tooltip, 'CAPTION' => $caption))); if (array_key_exists('float', $attributes)) { $temp_tpl = do_template('FLOATER', array('_GUID' => '918162250c80e10212efd9a051545b9b', 'FLOAT' => $attributes['float'], 'CONTENT' => $temp_tpl)); } break; case 'flash': if ($wml) { break; } $_embed = $embed->evaluate(); $given_url = $_embed; $_embed = remove_url_mistakes($_embed); if (substr($_embed, 0, 1) == '/') { $_embed = substr($_embed, 1); } $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); $url_full = url_is_local($_embed) ? get_custom_base_url() . '/' . $_embed : $_embed; $temp_tpl = test_url($url_full, 'flash', @html_entity_decode($given_url, ENT_QUOTES, get_charset()), $source_member); if ($attributes['param'] == '' || strpos($attributes['param'], 'x') === false) { if (!array_key_exists('width', $attributes)) { $attributes['width'] = '300'; } if (!array_key_exists('height', $attributes)) { $attributes['height'] = '300'; } $attributes['param'] = $attributes['width'] . 'x' . $attributes['height']; } list($width, $height) = explode('x', $attributes['param'], 2); if (addon_installed('jwplayer') && (substr($url_full, -4) == '.flv' || substr($url_full, -4) == '.mp4' || substr($url_full, -4) == '.mp3' || substr($url_full, -4) == '.webm')) { $temp_tpl->attach(do_template('COMCODE_FLV', array('_GUID' => '4746684d9e098709cc6671e1b00ce47e', 'URL' => $url_full, 'WIDTH' => $width, 'HEIGHT' => $height))); } else { $temp_tpl->attach(do_template('COMCODE_SWF', array('_GUID' => '8bc61ad75977a5a85eff96454af31fe8', 'URL' => $url_full, 'WIDTH' => $width, 'HEIGHT' => $height))); } break; case 'url': // Make them both HTML strings $url = $embed->evaluate(); if (is_object($attributes['param'])) { $switch_over = true; // We know if must be Comcode XML $attributes['param'] = $attributes['param']->evaluate(); } else { $switch_over = !looks_like_url($url) && looks_like_url($attributes['param'], true); if (strpos($attributes['param'], '[') !== false || strpos($attributes['param'], '{') !== false) { $param_temp = comcode_to_tempcode(escape_html($attributes['param']), $source_member, $as_admin, 60, NULL, $connection, false, false, true, false, false, $highlight_bits, $on_behalf_of_member); global $ADVERTISING_BANNERS; $temp_ab = $ADVERTISING_BANNERS; $ADVERTISING_BANNERS = array(); $caption = $param_temp; $ADVERTISING_BANNERS = $temp_ab; } else { $caption = make_string_tempcode(escape_html($attributes['param'])); // Consistency of escaping } } // Do we need to switch around? if ($switch_over) { $url = $attributes['param']; $caption = $embed; } // If we weren't given a caption, use the URL, but crop if necessary if ($caption->evaluate() == '') { $_caption = $url; // Shorten the URL if it is too long $max_link_length = 50; if (strlen($_caption) > $max_link_length) { $_caption = escape_html(substr(@html_entity_decode($_caption, ENT_QUOTES, get_charset()), 0, intval($max_link_length / 2 - 3))) . '…' . escape_html(substr(@html_entity_decode($_caption, ENT_QUOTES, get_charset()), intval(-$max_link_length / 2))); } $caption = make_string_tempcode($_caption); } // Tidy up the URL now $url = @html_entity_decode($url, ENT_QUOTES, get_charset()); $url = fixup_protocolless_urls($url); // Integrity and security $url = check_naughty_javascript_url($source_member, $url, $as_admin); // More URL tidying $local = url_is_local($url) || strpos($url, get_domain()) !== false; $given_url = $url; if ($url != '' && $url[0] != '#') { if (substr($url, 0, 1) == '/') { $url = substr($url, 1); } $url_full = url_is_local($url) ? get_base_url() . '/' . $url : $url; if ($GLOBALS['XSS_DETECT']) { ocp_mark_as_escaped($url_full); } } else { $url_full = $url; } $striped_base_url = str_replace('www.', '', str_replace('http://', '', get_base_url())); if ($striped_base_url != '' && substr($url, 0, 1) != '%' && strpos($url_full, $striped_base_url) === false) { $temp_tpl = test_url($url_full, 'url', $given_url, $source_member); } // Render if (!array_key_exists('target', $attributes)) { $attributes['target'] = $local ? '_top' : '_blank'; } if ($attributes['target'] == 'blank') { $attributes['target'] = '_blank'; } $rel = $as_admin || has_specific_permission($source_member, 'search_engine_links') ? '' : 'nofollow'; if ($attributes['target'] == '_blank') { $title = (is_object($caption) ? static_evaluate_tempcode($caption) : $caption) . ' ' . do_lang('LINK_NEW_WINDOW'); } else { $title = ''; } $temp_tpl->attach(do_template('COMCODE_URL', array('_GUID' => 'd1657530e6d3d57e6a4791fb3bfa0dd7', 'TITLE' => $title, 'REL' => $rel, 'TARGET' => $attributes['target'], 'URL' => $url_full, 'CAPTION' => $caption))); break; case 'email': $_embed = $embed->evaluate(); require_code('type_validation'); require_code('obfuscate'); // If we need to switch if (is_object($attributes['param']) || !is_valid_email_address($_embed) && is_valid_email_address($attributes['param'])) { $temp = $embed; // Is tempcode $_embed = $attributes['param']; $attributes['param'] = $temp; } else { $attributes['param'] = comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); // Becomes tempcode } if ($attributes['param']->is_empty()) { $attributes['param'] = obfuscate_email_address($_embed); } $subject = array_key_exists('subject', $attributes) ? $attributes['subject'] : ''; $body = array_key_exists('body', $attributes) ? $attributes['body'] : ''; $title = ''; if (array_key_exists('title', $attributes)) { $title = $attributes['title']; } $temp_tpl = do_template('COMCODE_EMAIL', array('_GUID' => '5f6ade8fe07701b6858575153d78f4e9', 'TITLE' => $title, 'ADDRESS' => obfuscate_email_address($_embed), 'SUBJECT' => $subject, 'BODY' => $body, 'CAPTION' => $attributes['param'])); break; case 'reference': if ($wml) { break; } if (array_key_exists('type', $attributes) && $attributes['type'] == 'url') { $_embed = $embed->evaluate(); $_embed = check_naughty_javascript_url($source_member, $_embed, $as_admin); if (!array_key_exists('title', $attributes)) { $attributes['title'] = $attributes['param']; } if (is_object($attributes['title']) || $attributes['title'] != '') { $_title = is_object($attributes['title']) ? make_string_tempcode(escape_html($attributes['title'])) : comcode_to_tempcode($attributes['title'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $title = $_title->evaluate(); } else { $title = $_embed; } $embed = hyperlink($_embed, $title, true); } $temp_tpl = do_template('COMCODE_REFERENCE', array_merge($attributes, array('SOURCE' => $embed))); break; case 'upload': // This points to a file path, not a URL $_embed = $embed->evaluate(); $type = array_key_exists('type', $attributes) ? $attributes['type'] : 'downloads'; if (is_object($attributes['param']) || $attributes['param'] != '') { $_caption = is_object($attributes['param']) ? make_string_tempcode(escape_html($attributes['param'])) : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); $__caption = $_caption->evaluate(); } else { $__caption = $_embed; } $url = get_custom_base_url() . '/' . $type . '/' . rawurlencode($_embed); $url = check_naughty_javascript_url($source_member, $url, $as_admin); $temp_tpl = test_url($url, 'upload', $_embed, $source_member); $temp_tpl->attach(hyperlink($url, $__caption)); break; case 'page': $ignore_if_hidden = array_key_exists('ignore_if_hidden', $attributes) && $attributes['ignore_if_hidden'] == '1'; unset($attributes['ignore_if_hidden']); // Two sets of parameters: simple style and complex style; both are completely incompatible $hash = ''; if ($attributes == array('param' => '')) { $zone = '_SEARCH'; $caption = $embed; $attributes = array('page' => $caption->evaluate()); } elseif (array_keys($attributes) == array('param')) { $caption = $embed; if ($wml) { $temp_tpl = $embed; break; } else { if (strpos($attributes['param'], ':') !== false) { global $OVERRIDE_SELF_ZONE; $page_link = $attributes['param']; list($zone, $attributes, $hash) = page_link_decode($page_link); if (!array_key_exists('page', $attributes)) { $attributes['page'] = ''; } if ($zone == '_SELF' && !is_null($OVERRIDE_SELF_ZONE)) { $zone = $OVERRIDE_SELF_ZONE; } } else { $zone = '_SEARCH'; // Changed in v3 from '_SELF', to allow context-sensitivity $attributes = array_merge(array('page' => $attributes['param']), $attributes); } } } else { $caption = array_key_exists('caption', $attributes) ? comcode_to_tempcode($attributes['caption'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member) : $embed; if ($wml) { $temp_tpl = $caption; break; } else { $zone = $param_given ? $attributes['param'] : '_SEARCH'; // Changed in v3 from '_SELF', to allow context-sensitivity unset($attributes['caption']); if (!array_key_exists('page', $attributes)) { $attributes = array_merge(array('page' => $embed->evaluate()), $attributes); } } } unset($attributes['param']); foreach ($attributes as $key => $val) { if (is_object($val)) { $attributes[$key] = $val->evaluate(); } } if ($zone == '_SEARCH') { $zone = get_page_zone($attributes['page'], false); if (is_null($zone)) { $zone = ''; } } $pl_url = build_url($attributes, $zone, NULL, false, false, false, $hash); $temp_tpl = hyperlink($pl_url, $caption); $page = $attributes['page']; if ($page != '') { if ($zone == '_SELF') { $zone = get_zone_name(); } if ($zone == '_SEARCH') { $zone = get_page_zone($page, false); if (is_null($zone)) { $zone = ''; } // Oh dear, well it will be correctly identified as not found anyway } $ptest = _request_page($page, $zone); if ($ptest !== false) { if ($page == 'topicview' && array_key_exists('id', $attributes)) { if (!is_numeric($attributes['id'])) { $attributes['id'] = $GLOBALS['SITE_DB']->query_value_null_ok('url_id_monikers', 'm_resource_id', array('m_resource_page' => $page, 'm_moniker' => $attributes['id'])); } if (!is_null($attributes['id'])) { $test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_topics', 'id', array('id' => $attributes['id'])); if (is_null($test)) { $ptest = false; } } else { $ptest = false; } } } if ($ptest === false) { //$temp_tpl->attach(' ['.do_lang('MISSING_RESOURCE').']'); // Don't want this as we might be making the page immediately if (!in_array(get_page_name(), $GLOBALS['DONT_CARE_MISSING_PAGES']) && !in_array($page, $GLOBALS['DONT_CARE_MISSING_PAGES']) && !running_script('iframe')) { if ($ignore_if_hidden) { $temp_tpl = do_template('COMCODE_DEL', array('CONTENT' => $caption)); } else { require_code('failure'); relay_error_notification(do_lang('MISSING_RESOURCE_COMCODE', 'page_link', $page_link), false, $GLOBALS['FORUM_DRIVER']->is_staff($source_member) ? 'error_occurred_missing_reference_important' : 'error_occurred_missing_reference'); } } } } break; case 'hide': if ($wml) { $temp_tpl = $embed; break; } if (array_key_exists('param', $attributes)) { $text = is_object($attributes['param']) ? $attributes['param'] : comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member); } else { $text = do_lang_tempcode('EXPAND'); } $temp_tpl = do_template('COMCODE_HIDE', array('_GUID' => 'a591a0d1e6bb3dde0f22cebb9c7ab93e', 'TEXT' => $text, 'CONTENT' => $embed)); break; case 'quote': if ($wml) { $temp_tpl->attach('<br /><br />' . $attributes['param'] . ':'); $temp_tpl->attach($embed); break; } $cite = array_key_exists('cite', $attributes) ? $attributes['cite'] : NULL; if (!is_null($cite)) { $temp_tpl = test_url($cite, 'quote', $cite, $source_member); } if ($attributes['param'] == '' && isset($attributes['author'])) { $attributes['param'] = $attributes['author']; } // Compatibility with SMF if ($attributes['param'] != '') { if (is_numeric($attributes['param'])) { $attributes['param'] = $GLOBALS['FORUM_DRIVER']->get_username($attributes['param']); if (is_null($attributes['param'])) { $attributes['param'] = do_lang('UNKNOWN'); } } else { $attributes['param'] = protect_from_escaping(comcode_to_tempcode($attributes['param'], $source_member, $as_admin, 60, NULL, $connection, false, false, false, false, false, $highlight_bits, $on_behalf_of_member)); } $temp_tpl->attach(do_template('COMCODE_QUOTE_BY', array('_GUID' => '18f55a548892ad08b0b50b3b586b5b95', 'CITE' => $cite, 'CONTENT' => $embed, 'BY' => $attributes['param'], 'SAIDLESS' => array_key_exists('saidless', $attributes) ? $attributes['saidless'] : '0'))); } else { $temp_tpl->attach(do_template('COMCODE_QUOTE', array('_GUID' => 'fa275de59433c17da19b22814c17fdc5', 'CITE' => $cite, 'CONTENT' => $embed))); } break; case 'html': if ($wml) { break; } $temp_tpl = $embed; // Plain HTML. But it's been filtered already break; case 'semihtml': $temp_tpl = $embed; // Hybrid HTML. But it's been filtered already break; case 'block': if ($wml) { break; } $attributes['block'] = trim($embed->evaluate()); if (preg_match('#^[\\w\\-]*$#', $attributes['block']) == 0) { $temp_tpl = paragraph(do_lang_tempcode('MISSING_BLOCK_FILE', escape_html($attributes['block'])), '90dfdlksds8d7dyddssddxs', 'error_marker'); break; // Avoids a suspected hack attempt by just filtering early } $_attributes = array(); foreach ($attributes as $key => $val) { $_attributes[] = $key . '=' . $val; } $temp_tpl = symbol_tempcode('BLOCK', $_attributes); break; case 'contents': if ($wml) { break; } // Do structure sweep $urls_for = array(); $old_structure_list = $STRUCTURE_LIST; $STRUCTURE_LIST = array(); // reset for e.g. comcode_text_to_tempcode calls (which don't itself reset it, although _comcode_to_tempcode does for top level parses) if (array_key_exists('files', $attributes) && $comcode_dangerous) { $s_zone = array_key_exists('zone', $attributes) ? $attributes['zone'] : get_zone_name(); $pages = find_all_pages($s_zone, 'comcode_custom/' . get_site_default_lang(), 'txt') + find_all_pages($s_zone, 'comcode/' . get_site_default_lang(), 'txt'); $prefix = $attributes['files']; foreach ($pages as $pg_name => $pg_type) { if (substr($pg_name, 0, strlen($prefix)) == $prefix) { $i = count($STRUCTURE_LIST); comcode_to_tempcode(file_get_contents(zone_black_magic_filterer(get_file_base() . '/' . $s_zone . '/pages/' . $pg_type . '/' . $pg_name . '.txt'), FILE_TEXT), $source_member, $as_admin, 60, NULL, $connection, false, false, false, true, false, NULL, $on_behalf_of_member); $page_url = build_url(array('page' => $pg_name), $s_zone); while (array_key_exists($i, $STRUCTURE_LIST)) { $urls_for[] = $page_url; $i++; } } } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 1; } else { if (substr($comcode, 0, 8) == '<comcode') { require_code('comcode_xml'); if (!$as_admin) { check_specific_permission('comcode_dangerous', NULL, $source_member); } $_ = new comcode_xml_to_tempcode($comcode, $source_member, 60, NULL, $connection, false, false, false, true, false, $on_behalf_of_member); } else { require_code('comcode_text'); comcode_text_to_tempcode($comcode, $source_member, $as_admin, 60, NULL, $connection, false, false, false, true, false, NULL, $on_behalf_of_member); } $base = array_key_exists('base', $attributes) ? intval($attributes['base']) : 1; } $list_types = $embed->evaluate() == '' ? array() : explode(',', $embed->evaluate()); $list_types += array('decimal', 'lower-alpha', 'lower-roman', 'upper-alpha', 'upper-roman', 'disc'); $levels_allowed = array_key_exists('levels', $attributes) ? intval($attributes['levels']) : NULL; // Convert the list structure into a tree structure $past_level_stack = array(1); $subtree_stack = array(array()); $levels = 1; foreach ($STRUCTURE_LIST as $i => $struct) { $level = $struct[0]; $title = $struct[1]; $uniq_id = $struct[2]; $url = array_key_exists($i, $urls_for) ? $urls_for[$i] : ''; if ($level > $levels_allowed && !is_null($levels_allowed)) { continue; } // Going down the tree if ($level > $past_level_stack[$levels - 1]) { array_push($past_level_stack, $level); array_push($subtree_stack, array(array($uniq_id, $title->evaluate(), $url))); $levels++; } else { // Going back up the tree, destroying levels that must have now closed off while ($level < $past_level_stack[$levels - 1] && $levels > 2) { array_pop($past_level_stack); $subtree = array_pop($subtree_stack); $levels--; // Alter the last of the next level on stack so it is actually taking the closed off level as children, and changing from a property list to a pair: property list & children $subtree_stack[$levels - 1][count($subtree_stack[$levels - 1]) - 1] = array($subtree_stack[$levels - 1][count($subtree_stack[$levels - 1]) - 1], $subtree); } // Store the title where we are $subtree_stack[$levels - 1][] = array($uniq_id, $title->evaluate(), $url); } } // Clean up... going up until we're with 1 while ($levels > 1) { array_pop($past_level_stack); $subtree = array_pop($subtree_stack); $levels--; $parent_level_start_index = count($subtree_stack[$levels - 1]) - 1; if ($parent_level_start_index < 0) { $subtree_stack[$levels - 1] = $subtree; } else { $subtree_stack[$levels - 1][$parent_level_start_index] = array($subtree_stack[$levels - 1][$parent_level_start_index], $subtree); } } // Now we have the structure to display $levels_t = _do_contents_level($subtree_stack[0], $list_types, $base); $temp_tpl = do_template('COMCODE_CONTENTS', array('_GUID' => 'ca2f5320fa930e2257a2e74e4f98e5a0', 'LEVELS' => $levels_t)); $STRUCTURE_LIST = $old_structure_list; // Restore, so subsequent 'title' tags have correct numbering break; } // Last ditch effort: custom tags if ($temp_tpl->is_definitely_empty() && !$wml) { global $REPLACE_TARGETS; if (array_key_exists($tag, $REPLACE_TARGETS)) { $replace = $REPLACE_TARGETS[$tag]['replace']; $parameters = explode(',', $REPLACE_TARGETS[$tag]['parameters']); $binding = array('CONTENT' => $embed, 'RAND' => uniqid('', true)); foreach ($parameters as $parameter) { $parameter = trim($parameter); $parts = explode('=', $parameter); if (count($parts) == 1) { $parts[] = ''; } if (count($parts) != 2) { continue; } list($parameter, $default) = $parts; if (!array_key_exists($parameter, $attributes) || $attributes[$parameter] == '') { $attributes[$parameter] = $default; } $binding[strtoupper($parameter)] = $attributes[$parameter]; $replace = str_replace('{' . $parameter . '}', '{' . strtoupper($parameter) . '*}', $replace); } $replace = str_replace('{content}', array_key_exists($tag, $GLOBALS['TEXTUAL_TAGS']) ? '{CONTENT}' : '{CONTENT*}', $replace); require_code('tempcode_compiler'); $temp_tpl = template_to_tempcode($replace); $temp_tpl = $temp_tpl->bind($binding, '(custom comcode: ' . $tag . ')'); } } return $temp_tpl; }
$user_exists = $db->query_first("\n SELECT userid, username, email, languageid\n FROM " . TABLE_PREFIX . "user\n WHERE username = '******'username']) . "'\n "); if (!empty($user_exists['username'])) { $valid_entries = FALSE; $error_type = "username"; $messages['fields'][] = $error_type; $messages['errors'][] = "Sorry, this username is already taken."; // fetch_error('usernametaken', $user_exists['username'], ''); } if (empty($vbulletin->GPC['terms_and_conditions'])) { $valid_entries = FALSE; $userdata->error('fieldmissing'); $messages['errors'][] = $message = "Please agree to the " . fetch_phrase('forum_rules', 'register'); $messages['fields'][] = $error_type = "terms_and_conditions"; } // validate email if (is_valid_email_address($vbulletin->GPC['email'])) { list($email_name, $email_domain) = preg_split("/@/", $vbulletin->GPC['email']); if (!checkdnsrr($email_domain, "MX")) { $valid_entries = FALSE; $messages['errors'][] = $message = fetch_error('bademail') . " No MX records found for domain."; $messages['fields'][] = $error_type = "email"; } else { if ($vbulletin->options['requireuniqueemail']) { // check if email already exists on DB $user_exists = $db->query_read_slave("\n SELECT userid, username, email, languageid\n FROM " . TABLE_PREFIX . "user\n WHERE UPPER(email) = '" . strtoupper($db->escape_string($vbulletin->GPC['email'])) . "'\n "); if ($db->num_rows($user_exists)) { $valid_entries = FALSE; $messages['errors'][] = $message = fetch_error('emailtaken', ''); $messages['fields'][] = $error_type = "email"; } }
/** * The actualiser to contact a member. * * @return tempcode The UI */ function actual() { if (addon_installed('captcha')) { require_code('captcha'); enforce_captcha(); } $member_id = get_param_integer('id'); $email_address = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if (is_null($email_address)) { fatal_exit(do_lang_tempcode('INTERNAL_ERROR')); } $to_name = $GLOBALS['FORUM_DRIVER']->get_username($member_id); breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('EMAIL_MEMBER', escape_html($to_name))))); if (is_null($to_name)) { warn_exit(do_lang_tempcode('USER_NO_EXIST')); } $from_email = trim(post_param('email_address')); require_code('type_validation'); if (!is_valid_email_address($from_email)) { warn_exit(do_lang_tempcode('INVALID_EMAIL_ADDRESS')); } $from_name = post_param('name'); $title = get_page_title('EMAIL_MEMBER', true, array(escape_html($GLOBALS['FORUM_DRIVER']->get_username($member_id)))); require_code('mail'); $attachments = array(); $size_so_far = 0; require_code('uploads'); is_swf_upload(true); foreach ($_FILES as $file) { if (is_swf_upload() || is_uploaded_file($file['tmp_name'])) { $attachments[$file['tmp_name']] = $file['name']; $size_so_far += $file['size']; } else { if (defined('UPLOAD_ERR_NO_FILE') && array_key_exists('error', $file) && $file['error'] != UPLOAD_ERR_NO_FILE) { warn_exit(do_lang_tempcode('ERROR_UPLOADING_ATTACHMENTS')); } } } $size = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_max_email_attach_size_mb'); if ($size_so_far > $size * 1024 * 1024) { warn_exit(do_lang_tempcode('EXCEEDED_ATTACHMENT_SIZE', integer_format($size))); } mail_wrap(do_lang('EMAIL_MEMBER_SUBJECT', get_site_name(), post_param('subject'), NULL, get_lang($member_id)), post_param('message'), array($email_address), $to_name, $from_email, $from_name, 3, $attachments, false, get_member()); log_it('EMAIL', strval($member_id), $to_name); breadcrumb_set_self(do_lang_tempcode('DONE')); $url = get_param('redirect'); return redirect_screen($title, $url, do_lang_tempcode('SUCCESS')); }
/** * Find the posted value from the get_field_inputter field * * @param boolean Whether we were editing (because on edit, it could be a fractional edit) * @param array The field details * @param string Where the files will be uploaded to * @param ?string Former value of field (NULL: none) * @return string The value */ function inputted_to_field_value($editing, $field, $upload_dir = 'uploads/catalogues', $old_value = NULL) { $id = $field['id']; $tmp_name = 'field_' . strval($id); require_code('type_validation'); $value = post_param($tmp_name, $editing ? STRING_MAGIC_NULL : ''); if ($value != '' && $value != STRING_MAGIC_NULL && !is_valid_email_address($value)) { warn_exit(do_lang_tempcode('INVALID_EMAIL_ADDRESS')); } return $value; }
/** * The actualiser for recommending the site. * * @return tempcode The UI. */ function actual() { breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('RECOMMEND_SITE')))); $name = post_param('name'); $message = post_param('message'); $recommender_email_address = post_param('recommender_email_address'); $invite = false; if (addon_installed('captcha')) { require_code('captcha'); enforce_captcha(); } require_code('type_validation'); $email_adrs_to_send = array(); $names_to_send = array(); foreach ($_POST as $key => $email_address) { if (substr($key, 0, 14) != 'email_address_') { continue; } if ($email_address == '') { continue; } if (get_magic_quotes_gpc()) { $email_address = stripslashes($email_address); } if (!is_valid_email_address($email_address)) { attach_message(do_lang_tempcode('INVALID_EMAIL_ADDRESS'), 'warn'); return $this->gui(); } else { $email_adrs_to_send[] = $email_address; $names_to_send[] = $email_address; } if (is_guest()) { break; } } $adrbook_emails = array(); $adrbook_names = array(); $adrbook_use_these = array(); foreach ($_POST as $key => $email_address) { if (preg_match('#details_email_|details_name_|^use_details_#', $key) == 0) { continue; } if (preg_match('#details_email_#', $key) != 0) { if (get_magic_quotes_gpc()) { $email_address = stripslashes($email_address); } if (is_valid_email_address($email_address)) { $curr_num = intval(preg_replace('#details_email_#', '', $key)); $adrbook_emails[$curr_num] = $email_address; } } if (preg_match('#details_name_#', $key)) { $curr_num = intval(preg_replace('#details_name_#', '', $key)); $adrbook_names[$curr_num] = $email_address; } if (preg_match('#^use_details_#', $key)) { $curr_num = intval(preg_replace('#use_details_#', '', $key)); $adrbook_use_these[$curr_num] = $curr_num; } } //add emails from address book file foreach ($adrbook_use_these as $key => $value) { $cur_email = array_key_exists($key, $adrbook_emails) && strlen($adrbook_emails[$key]) > 0 ? $adrbook_emails[$key] : ''; $cur_name = array_key_exists($key, $adrbook_names) && strlen($adrbook_names[$key]) > 0 ? $adrbook_names[$key] : ''; if (strlen($cur_email) > 0) { $email_adrs_to_send[] = $cur_email; $names_to_send[] = strlen($cur_name) > 0 ? $cur_name : $cur_email; } } if (count($email_adrs_to_send) == 0) { warn_exit(do_lang_tempcode('ERROR_NO_CONTACTS_SELECTED')); } foreach ($email_adrs_to_send as $key => $email_address) { if (get_magic_quotes_gpc()) { $email_address = stripslashes($email_address); } if (post_param_integer('wrap_message', 0) == 1) { $title = get_page_title('_RECOMMEND_SITE', true, array(escape_html(get_site_name()))); $referring_username = is_guest() ? NULL : get_member(); $_url = post_param_integer('invite', 0) == 1 ? build_url(array('page' => 'join', 'email_address' => $email_address, 'keep_referrer' => $referring_username), get_module_zone('join')) : build_url(array('page' => '', 'keep_referrer' => $referring_username), ''); $url = $_url->evaluate(); $join_url = $GLOBALS['FORUM_DRIVER']->join_url(); $_message = do_lang(post_param_integer('invite', 0) == 1 ? 'INVITE_MEMBER_MESSAGE' : 'RECOMMEND_MEMBER_MESSAGE', $name, $url, array(get_site_name(), $join_url)) . $message; } else { $title = get_page_title('RECOMMEND_LINK'); $_message = $message; } if (may_use_invites() && get_forum_type() == 'ocf' && !is_guest() && post_param_integer('invite', 0) == 1) { $invites = get_num_invites(get_member()); if ($invites > 0) { send_recommendation_email($name, $email_address, $_message, true, $recommender_email_address, post_param('subject', NULL), $names_to_send[$key]); $GLOBALS['FORUM_DB']->query_insert('f_invites', array('i_inviter' => get_member(), 'i_email_address' => $email_address, 'i_time' => time(), 'i_taken' => 0)); $invite = true; } } elseif (get_option('is_on_invites') == '0' && get_forum_type() == 'ocf') { $GLOBALS['FORUM_DB']->query_insert('f_invites', array('i_inviter' => get_member(), 'i_email_address' => $email_address, 'i_time' => time(), 'i_taken' => 0)); } if (!$invite) { send_recommendation_email($name, $email_address, $_message, false, $recommender_email_address, post_param('subject', NULL), $names_to_send[$key]); } } breadcrumb_set_self(do_lang_tempcode('DONE')); return inform_screen($title, do_lang_tempcode('RECOMMENDATION_MADE')); }
/** * Standard stage of pointstore item purchase. * * @return tempcode The UI */ function _newpop3() { if (get_option('is_on_pop3_buy') == '0') { return new ocp_tempcode(); } $title = get_page_title('TITLE_NEWPOP3'); // Getting User Information $member_id = get_member(); $pointsleft = available_points($member_id); // So we don't need to call these big ugly names, again... $_suffix = post_param('esuffix'); $prefix = post_param('email-prefix'); $pass1 = post_param('pass1'); $pass2 = post_param('pass2'); // Which suffix have we chosen? $suffix = 'pop3_' . $_suffix; $_suffix_price = get_price($suffix); $points_after = $pointsleft - $_suffix_price; pointstore_handle_error_already_has('pop3'); if ($points_after < 0 && !has_specific_permission(get_member(), 'give_points_self')) { return warn_screen($title, do_lang_tempcode('NOT_ENOUGH_POINTS', escape_html($_suffix))); } // Password checking (to see if both 'passwords' are the same) if ($pass1 != $pass2) { return warn_screen($title, do_lang_tempcode('PASSWORD_MISMATCH')); } // Does the prefix contain valid characters? require_code('type_validation'); if (!is_valid_email_address($prefix . '@' . $_suffix)) { return warn_screen($title, do_lang_tempcode('INVALID_EMAIL_PREFIX')); } pointstore_handle_error_taken($prefix, $_suffix); // Return $proceed_url = build_url(array('page' => '_SELF', 'type' => '__newpop3', 'id' => 'pop3'), '_SELF'); $keep = new ocp_tempcode(); $keep->attach(form_input_hidden('prefix', $prefix)); $keep->attach(form_input_hidden('suffix', $_suffix)); $keep->attach(form_input_hidden('password', $pass1)); return do_template('POINTSTORE_CONFIRM_SCREEN', array('_GUID' => '099ab9d87fb6e68d74de27e7d41d50c0', 'MESSAGE' => paragraph($prefix . '@' . $_suffix), 'TITLE' => $title, 'ACTION' => do_lang_tempcode('TITLE_NEWPOP3'), 'KEEP' => $keep, 'COST' => integer_format($_suffix_price), 'POINTS_AFTER' => integer_format($points_after), 'PROCEED_URL' => $proceed_url, 'CANCEL_URL' => build_url(array('page' => '_SELF'), '_SELF'))); }
$tpl->name = 'newstopic'; $tpl->menuitem = MNU_START_NEWS_POST; require $opt['rootpath'] . 'lib2/logic/captcha.inc.php'; require $opt['rootpath'] . 'lib2/mail.class.php'; $topicid = isset($_REQUEST['topic']) ? $_REQUEST['topic'] : 1; $newstext = isset($_REQUEST['newstext']) ? $_REQUEST['newstext'] : ''; $newshtml = isset($_REQUEST['newshtml']) ? $_REQUEST['newshtml'] + 0 : 0; $email = isset($_REQUEST['email']) ? $_REQUEST['email'] : ''; $captcha_id = isset($_REQUEST['captcha_id']) ? $_REQUEST['captcha_id'] : ''; $captcha = isset($_REQUEST['captcha']) ? $_REQUEST['captcha'] : ''; $emailok = false; $tpl->assign('email_error', 0); $tpl->assign('captcha_error', 0); $tpl->assign('confirm', 0); if (isset($_REQUEST['submit'])) { $emailok = is_valid_email_address($email) ? true : false; $captchaok = checkCaptcha($captcha_id, $captcha); if ($emailok == true && $captchaok == true) { // filtern und ausgabe vorbereiten $tpl->assign('confirm', 1); if ($newshtml == 0) { $newstext = htmlspecialchars($newstext, ENT_COMPAT, 'UTF-8'); } else { $purifier = new OcHTMLPurifier($opt); $newstext = $purifier->purify($newstext); } $sTopic = sql_value("SELECT `name` FROM `news_topics` WHERE `id`='&1'", '', $topicid); $tpl->assign('newstopic', $sTopic); $tpl->assign('newstext', $newstext); // in DB schreiben sql("INSERT INTO `news` (`content`, `topic`, `display`) VALUES ('&1', '&2', '&3')", $newstext, $topicid, 0);
$tpl->menuitem = MNU_MYPROFILE_DATA_EMAIL; $login->verify(); if ($login->userid == 0) { $tpl->redirect('login.php?target=newemail.php'); } $user = new user($login->userid); $tpl->assign('newemail', $user->getNewEMail()); if (isset($_REQUEST['request'])) { $email = isset($_REQUEST['email']) ? $_REQUEST['email'] : ''; $tpl->assign('email', $email); $bError = false; if (mb_strtolower($user->getEMail()) == mb_strtolower($email)) { $tpl->assign('emailErrorSame', true); $bError = true; } if ($bError == false && !is_valid_email_address($email)) { $tpl->assign('emailErrorInvalid', true); $bError = true; } if ($bError == false && $user->existEMail($email)) { $tpl->assign('emailErrorExists', true); $bError = true; } if ($bError == false && $user->requestNewEMail($email)) { $tpl->assign('emailRequested', true); $tpl->assign('newemail', $email); } else { if ($bError == false) { $tpl->assign('emailErrorUnkown', true); $bError = true; }
/** * Use the data passed in by the user to create a new account. */ protected function createAccount() { if (!isset($_POST['signup_action'])) { $this->_forward('index', 'signup', null, array('signup_error' => 'Improper post data.')); return false; } if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) { return $this->failToCreateAccount('Missing fields.'); } $username = $_POST['username']; $exists = $this->_getUsersModel()->nicknameExists($username); if ($exists) { return $this->failToCreateAccount('The username you chose already exists.'); } $password = $_POST['password']; if (strlen($password) < 5 || $password == $username) { return $this->failToCreateAccount('Please provide a better password.'); } $email = trim($_POST['email']); if (!is_valid_email_address($email)) { return $this->failToCreateAccount('Invalid email provided.'); } // Create the user now! $profile = array('nickname' => $username, 'email' => $email); $user_id = $this->_getUsersModel()->createNewUserFromProfile($profile); $this->_getUserIDModel()->attachUserID($username, $password, $user_id); $authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Registry::get('dbAdapter'), 'userid', 'username', 'password', "MD5(CONCAT('" . Zend_Registry::get('staticSalt') . "', ?, salt))"); $authAdapter->setIdentity($username)->setCredential($password); $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { $this->_storeUserProfile($auth, $user_id, $profile); $this->_helper->getHelper('Redirector')->setGotoSimple('edit', 'profile'); } else { return $this->failToCreateAccount('Failed to authenticate you.'); } return true; }
$presentation = unserialize($result[2]['data']); } /* /* 6.0 Hooks that affect blocks in the $presentation object (view). These hooks cannot affect blocks outside of the given view */ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['action'])) { switch ($_POST['action']) { // Login block hook. Authenticate user and assign group that is first in the list for the user's group (see users_groups_system) table this hook also affects the login block for display of login errors case 'login': if ('login' == $_SESSION['user']['view']) { $_POST['email'] = trim(strtolower($_POST['email'])); /* Check syntax. Elseif structure helps provide more specific error messages */ if (!(isset($_POST['email']) && strlen($_POST['email']))) { $presentation->block_cache['login']['block']->errors['email_addr'] = 'Enter e-mail address'; } elseif (!is_valid_email_address($_POST['email'])) { $presentation->block_cache['login']['block']->errors['email_addr'] = 'Enter valid e-mail address'; } /* 2) check if passwd is from $_POST and is not empty. Length 6 characters min. */ if (!(isset($_POST['password']) && strlen($_POST['password']))) { $presentation->block_cache['login']['block']->errors['passwd'] = 'Enter your password'; } elseif (isset($_POST['password']) && strlen($_POST['password']) < 6) { $presentation->block_cache['login']['block']->errors['passwd'] = 'Invalid password'; } /* 3) database record check */ if ($presentation->block_cache['login']['block']->errors['passwd'] == ' ' && $presentation->block_cache['login']['block']->errors['email_addr'] == ' ') { /* Select user record and check for correct email_addr and passwd */ $params = array(0 => array(':email_addr', $_POST['email'], PDO::PARAM_STR)); bind_params($params, $query[7]); $query[7]->execute(); if (!($result[7] = $query[7]->fetch(PDO::FETCH_ASSOC))) {
<?php $passcode = isset($_GET['passcode']) ? $_GET['passcode'] : ''; function is_valid_email_address() { return isset($_GET['email']) && filter_var($_GET['email'], FILTER_VALIDATE_EMAIL); } // first, check that a valid email address has been given if (is_valid_email_address()) { $email = $_GET['email']; // now, get a copy of whatever version of the vCard the requester is allowed $url = "http://neilcrosby.com/vcard/?vcf=1&passcode={$passcode}"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $contents = curl_exec($ch); // close cURL resource, and free up system resources curl_close($ch); #$contents = file_get_contents('../vcard.vcf'); // and save it to a temporary location (so that it gets a nice filename) $dir = '/tmp/' . md5(time()); mkdir($dir); $tempFile = $dir . '/NeilCrosby.vcf'; file_put_contents($tempFile, $contents); // send the email require 'geekMail-1.0.php'; $geekMail = new geekMail(); $geekMail->setMailType('text'); $geekMail->from('*****@*****.**', 'Neil Crosby'); $geekMail->to($email);
/** * Edit a member. * * @param AUTO_LINK The ID of the member. * @param ?SHORT_TEXT The e-mail address. (NULL: don't change) * @param ?BINARY Whether posts are previewed before they are made. (NULL: don't change) * @param ?integer Day of date of birth. (NULL: don't change) (-1: deset) * @param ?integer Month of date of birth. (NULL: don't change) (-1: deset) * @param ?integer Year of date of birth. (NULL: don't change) (-1: deset) * @param ?ID_TEXT The member timezone. (NULL: don't change) * @param ?GROUP The members primary (NULL: don't change). * @param array A map of custom fields values (field-id=>value). * @param ?ID_TEXT The members default theme. (NULL: don't change) * @param ?BINARY Whether the members age may be shown. (NULL: don't change) * @param ?BINARY Whether the member sees signatures in posts. (NULL: don't change) * @param ?BINARY Whether the member automatically is enabled for notifications for content they contribute to. (NULL: don't change) * @param ?LANGUAGE_NAME The members language. (NULL: don't change) * @param ?BINARY Whether the member allows e-mails via the site. (NULL: don't change) * @param ?BINARY Whether the member allows e-mails from staff via the site. (NULL: don't change) * @param ?BINARY Whether the profile has been validated (NULL: do not change this). (NULL: don't change) * @param ?string The username. (NULL: don't change) * @param ?string The password. (NULL: don't change) * @param ?BINARY Whether the member likes to view zones without menus, when a choice is available. (NULL: don't change) * @param ?BINARY Whether the member username will be highlighted. (NULL: don't change) * @param ?SHORT_TEXT Usergroups that may PT the member. (NULL: don't change) * @param ?LONG_TEXT Rules that other members must agree to before they may start a PT with the member. (NULL: don't change) * @param ?TIME When the member is on probation until (NULL: don't change) * @param ?TIME When the member joined (NULL: don't change) * @param ?URLPATH Avatar (NULL: don't change) * @param ?LONG_TEXT Signature (NULL: don't change) * @param ?BINARY Banned status (NULL: don't change) * @param ?URLPATH Photo URL (NULL: don't change) * @param ?URLPATH URL of thumbnail of photo (NULL: don't change) * @param ?SHORT_TEXT Password salt (NULL: don't change) * @param ?ID_TEXT Password compatibility scheme (NULL: don't change) * @param boolean Whether to skip security checks and most of the change-triggered emails */ function ocf_edit_member($member_id, $email_address, $preview_posts, $dob_day, $dob_month, $dob_year, $timezone, $primary_group, $custom_fields, $theme, $reveal_age, $views_signatures, $auto_monitor_contrib_content, $language, $allow_emails, $allow_emails_from_staff, $validated = NULL, $username = NULL, $password = NULL, $zone_wide = 1, $highlighted_name = NULL, $pt_allow = '*', $pt_rules_text = '', $on_probation_until = NULL, $join_time = NULL, $avatar_url = NULL, $signature = NULL, $is_perm_banned = NULL, $photo_url = NULL, $photo_thumb_url = NULL, $salt = NULL, $password_compatibility_scheme = NULL, $skip_checks = false) { require_code('type_validation'); if (!$skip_checks) { $old_email_address = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if (!is_null($email_address) && ($email_address != '' || $old_email_address != '' && !has_specific_permission(get_member(), 'member_maintenance')) && !is_valid_email_address($email_address)) { warn_exit(do_lang_tempcode('_INVALID_EMAIL_ADDRESS', escape_html($email_address))); } } if (!is_null($username) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_password_compat_scheme') != 'remote') { if (!$skip_checks) { ocf_check_name_valid($username, $member_id, $password); require_code('urls2'); suggest_new_idmoniker_for('members', 'view', strval($member_id), $username); } } // Supplement custom field values given with defaults, and check constraints $all_fields = ocf_get_all_custom_fields_match($GLOBALS['OCF_DRIVER']->get_members_groups($member_id)); foreach ($all_fields as $field) { $field_id = $field['id']; if (array_key_exists($field_id, $custom_fields)) { if (!$skip_checks) { if ($field['cf_public_view'] == 0 && $member_id != get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } if ($field['cf_owner_view'] == 0 && $member_id == get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } if ($field['cf_owner_set'] == 0 && $member_id == get_member() && !has_specific_permission(get_member(), 'view_any_profile_field')) { access_denied('I_ERROR'); } } } } // Set custom profile field values $all_fields_types = collapse_2d_complexity('id', 'cf_type', $all_fields); $changes = array(); foreach ($custom_fields as $field => $value) { if (!array_key_exists($field, $all_fields_types)) { continue; } // Trying to set a field we're not allowed to (doesn't apply to our group) $change = ocf_set_custom_field($member_id, $field, $value, $all_fields_types[$field], true); if (!is_null($change)) { $changes = array_merge($changes, $change); } } if (count($changes) != 0) { $GLOBALS['FORUM_DB']->query_update('f_member_custom_fields', $changes, array('mf_member_id' => $member_id), '', 1); } $old_primary_group = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_primary_group'); $_pt_rules_text = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_pt_rules_text'); $_signature = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_signature'); $update = array(); if (!is_null($theme)) { $update['m_theme'] = $theme; } if (!is_null($preview_posts)) { $update['m_preview_posts'] = $preview_posts; } if (!is_null($dob_day)) { $update['m_dob_day'] = $dob_day == -1 ? NULL : $dob_day; } if (!is_null($dob_month)) { $update['m_dob_month'] = $dob_month == -1 ? NULL : $dob_month; } if (!is_null($dob_year)) { $update['m_dob_year'] = $dob_year == -1 ? NULL : $dob_year; } if (!is_null($timezone)) { $update['m_timezone_offset'] = $timezone; } if (!is_null($reveal_age)) { $update['m_reveal_age'] = $reveal_age; } if (!is_null($email_address)) { $update['m_email_address'] = $email_address; } if (!is_null($views_signatures)) { $update['m_views_signatures'] = $views_signatures; } if (!is_null($auto_monitor_contrib_content)) { $update['m_auto_monitor_contrib_content'] = $auto_monitor_contrib_content; } if (!is_null($language)) { $update['m_language'] = $language; } if (!is_null($allow_emails)) { $update['m_allow_emails'] = $allow_emails; } if (!is_null($allow_emails_from_staff)) { $update['m_allow_emails_from_staff'] = $allow_emails_from_staff; } if (!is_null($zone_wide)) { $update['m_zone_wide'] = $zone_wide; } if (!is_null($pt_allow)) { $update['m_pt_allow'] = $pt_allow; } if (!is_null($pt_rules_text)) { $update['m_pt_rules_text'] = lang_remap_comcode($_pt_rules_text, $pt_rules_text, $GLOBALS['FORUM_DB']); } if ($skip_checks || has_specific_permission(get_member(), 'probate_members')) { $update['m_on_probation_until'] = $on_probation_until; } if (!is_null($join_time)) { $update['m_join_time'] = $join_time; } if (!is_null($avatar_url)) { $update['m_avatar_url'] = $avatar_url; } if (!is_null($signature)) { $update['m_signature'] = lang_remap_comcode($_signature, $signature, $GLOBALS['FORUM_DB']); } if (!is_null($is_perm_banned)) { $update['m_is_perm_banned'] = $is_perm_banned; } if (!is_null($photo_url)) { $update['m_photo_url'] = $photo_url; } if (!is_null($photo_thumb_url)) { $update['m_photo_thumb_url'] = $photo_thumb_url; } $old_username = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_username'); if (!is_null($username) && $username != $old_username && ($skip_checks || has_actual_page_access(get_member(), 'admin_ocf_join') || has_specific_permission($member_id, 'rename_self'))) { $update['m_username'] = $username; // Reassign personal galleries if (addon_installed('galleries')) { require_lang('galleries'); $personal_galleries = $GLOBALS['SITE_DB']->query('SELECT fullname,parent_id FROM ' . get_table_prefix() . 'galleries WHERE name LIKE \'member_' . strval($member_id) . '_%\''); foreach ($personal_galleries as $gallery) { $parent_title = get_translated_text($GLOBALS['SITE_DB']->query_value('galleries', 'fullname', array('name' => $gallery['parent_id']))); if (get_translated_text($gallery['fullname']) == do_lang('PERSONAL_GALLERY_OF', $old_username, $parent_title)) { lang_remap($gallery['fullname'], do_lang('PERSONAL_GALLERY_OF', $username, $parent_title), $GLOBALS['FORUM_DB']); } } } require_code('notifications'); $subject = do_lang('USERNAME_CHANGED_MAIL_SUBJECT', $username, $old_username, NULL, get_lang($member_id)); $mail = do_lang('USERNAME_CHANGED_MAIL', comcode_escape(get_site_name()), comcode_escape($username), comcode_escape($old_username), get_lang($member_id)); dispatch_notification('ocf_username_changed', NULL, $subject, $mail, array($member_id)); $subject = do_lang('STAFF_USERNAME_CHANGED_MAIL_SUBJECT', $username, $old_username, NULL, get_site_default_lang()); $mail = do_lang('STAFF_USERNAME_CHANGED_MAIL', comcode_escape(get_site_name()), comcode_escape($username), comcode_escape($old_username), get_site_default_lang()); dispatch_notification('ocf_username_changed_staff', NULL, $subject, $mail); // Fix cacheing for usernames $to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username'); foreach ($to_fix as $fix) { list($table, $field) = explode('/', $fix); $GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $old_username)); } } if (!is_null($password)) { if (is_null($password_compatibility_scheme) && get_value('no_password_hashing') === '1') { $password_compatibility_scheme = 'plain'; $update['m_password_change_code'] = ''; $salt = ''; } if (!is_null($salt) || !is_null($password_compatibility_scheme)) { if (!is_null($salt)) { $update['m_pass_salt'] = $salt; } if (!is_null($password_compatibility_scheme)) { $update['m_password_compat_scheme'] = $password_compatibility_scheme; } $update['m_pass_hash_salted'] = $password; } else { $update['m_password_change_code'] = ''; $salt = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_pass_salt'); $update['m_pass_hash_salted'] = md5($salt . md5($password)); $update['m_password_compat_scheme'] = ''; } if (!$skip_checks) { $part_b = ''; if (!has_actual_page_access(get_member(), 'admin_ocf_join')) { $part_b = do_lang('PASSWORD_CHANGED_MAIL_BODY_2', get_ip_address()); } $mail = do_lang('PASSWORD_CHANGED_MAIL_BODY', get_site_name(), $part_b, NULL, get_lang($member_id)); $old_email_address = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id, 'm_email_address'); if ($old_email_address != $email_address) { $GLOBALS['FORUM_DB']->query_update('f_invites', array('i_email_address' => $old_email_address), array('i_email_address' => $email_address)); } if ($member_id == get_member() || get_value('disable_password_change_mails_for_staff') !== '1') { if (get_page_name() != 'admin_ocf_join') { require_code('notifications'); dispatch_notification('ocf_password_changed', NULL, do_lang('PASSWORD_CHANGED_MAIL_SUBJECT', NULL, NULL, NULL, get_lang($member_id)), $mail, array($member_id), NULL, 2); } } } } if (!is_null($validated)) { $update['m_validated_email_confirm_code'] = ''; if (addon_installed('unvalidated')) { $update['m_validated'] = $validated; } } if (!is_null($highlighted_name)) { $update['m_highlighted_name'] = $highlighted_name; } if (!is_null($primary_group)) { $update['m_primary_group'] = $primary_group; } $old_validated = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_validated'); $GLOBALS['FORUM_DB']->query_update('f_members', $update, array('id' => $member_id), '', 1); if (get_member() != $member_id) { log_it('EDIT_MEMBER_PROFILE', strval($member_id), $username); } if ($old_validated == 0 && $validated == 1) { require_code('mail'); $_login_url = build_url(array('page' => 'login'), get_module_zone('login'), NULL, false, false, true); $login_url = $_login_url->evaluate(); mail_wrap(do_lang('VALIDATED_MEMBER_SUBJECT', get_site_name(), NULL, get_lang($member_id)), do_lang('MEMBER_VALIDATED', get_site_name(), $username, $login_url, get_lang($member_id)), array($email_address), $username); } // Decache from run-time cache unset($GLOBALS['FORUM_DRIVER']->MEMBER_ROWS_CACHED[$member_id]); unset($GLOBALS['MEMBER_CACHE_FIELD_MAPPINGS'][$member_id]); unset($GLOBALS['TIMEZONE_MEMBER_CACHE'][$member_id]); unset($GLOBALS['USER_NAME_CACHE'][$member_id]); }