function parseAndReplaceAll($text, $slotback = '') { global $directdump; $directdump = false; //[sql.s1.field1.type] //[var.name.type] //[para.name] $newstring = ""; $oldpos = 0; $pos = strpos($text, "[", $oldpos); $ifs = array(); $cif = 0; $ifs[$cif] = false; while ($pos !== false) { //search for close $pos2 = strpos($text, "]", $pos); if ($pos2 !== false) { if ($ifs[$cif]) { //ignore only for an [endif] [fi] $token = substr($text, $pos + 1, $pos2 - $pos - 1); $arr = explode(".", $token); if ($arr[0] == 'if' || $arr[0] == '!if' || $arr[0] == 'nif') { $cif++; $ifs[$cif] = true; } if ($arr[0] == "endif" || $arr[0] == "fi") { $ifs[$cif] = false; $cif--; } $oldpos = $pos2 + 1; } else { if ($directdump) { echo substr($text, $oldpos, $pos - $oldpos); } else { $newstring .= substr($text, $oldpos, $pos - $oldpos); } $oldpos = $pos; //we have a token.. anallys $token = substr($text, $pos + 1, $pos2 - $pos - 1); if (strlen($token)) { $displaytype = ""; $displaypara = ""; $displayvalue = ""; $arr = explode(".", $token); $iftest = false; $ifnegative = false; if (isset($arr[0]) && ($arr[0] == 'if' || $arr[0] == '!if' || $arr[0] == 'nif')) { $iftest = true; if ($arr[0] == '!if' || $arr[0] == 'nif') { $ifnegative = true; } $iftestvalue = ""; if (isset($arr[1])) { $iftestvalue = $arr[1]; } for ($i = 2; $i < count($arr); $i++) { $arr[$i - 2] = $arr[$i]; } if (count($arr)) { unset($arr[count($arr) - 1]); } if (count($arr)) { unset($arr[count($arr) - 1]); } } if (isset($arr[1]) || $token == "fi" || $token == "endif") { switch ($arr[0]) { case 'endif': case 'fi': $oldpos = $pos2 + 1; $ifs[$cif] = false; $cif--; break; case 'sql': //valid $oldpos = $pos2 + 1; if (isset($arr[3])) { $displaytype = $arr[3]; } if (isset($arr[4])) { $displaypara = $arr[4]; } //get value if (isset($arr[1]) && isset($GLOBALS[$arr[1] . '_sql_conn'])) { if (isset($arr[2])) { $displayvalue = $GLOBALS[$arr[1] . '_sql_conn']->getvalue($arr[2]); } if ($displaytype == "fast" && isset($arr[2])) { $displayvalue = $GLOBALS[$arr[1] . '_sql_conn']->getvaluefast($arr[2]); if (isset($arr[4])) { $displaytype = $arr[4]; } if (isset($arr[5])) { $displaypara = $arr[5]; } } if ($displaytype == "mins") { $displaypara = $GLOBALS[$arr[1] . '_sql_conn']->getvalue($arr[2] . "_panala"); require_once "config/dateutils.php"; $diff = timediff($displayvalue, $displaypara, getLT("dateformat")); $secs = intval(timediffsecs($diff) / 60); $displayvalue = $secs; $displaypara = $arr[5]; } } else { if ($arr[1] == "conn") { if (isset($arr[2])) { $displayvalue = $GLOBALS[$arr[1]]->getvalue($arr[2]); } if ($displaytype == "fast" && isset($arr[2])) { $displayvalue = $GLOBALS[$arr[1]]->getvaluefast($arr[2]); if (isset($arr[4])) { $displaytype = $arr[4]; } if (isset($arr[5])) { $displaypara = $arr[5]; } } if ($displaytype == "mins") { $displaypara = $GLOBALS[$arr[1]]->getvalue($arr[2] . "_panala"); require_once "config/dateutils.php"; $diff = timediff($displayvalue, $displaypara, getLT("dateformat")); $secs = intval(timediffsecs($diff) / 60); $displayvalue = $secs; $displaypara = $arr[5]; } } } break; case 'var': case 'g': //valid $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = $GLOBALS[$arr[1]]; } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } //get value break; case 'cache': $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = cache_getvalue($arr[1]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } //get value break; case 'para': //valid $oldpos = $pos2 + 1; global $_control_replace_sql; if (isset($arr[1])) { $displayvalue = $_control_replace_sql('@' . $arr[1]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'post': //valid $oldpos = $pos2 + 1; global $_POST; if (isset($arr[1]) && $_POST[$arr[1]] != "") { $displayvalue = '' . correctPostValue($_POST[$arr[1]]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'posttags': //valid $oldpos = $pos2 + 1; global $_POST; if (isset($arr[1]) && $_POST[$arr[1]] != "") { $displayvalue = '' . correctPostValue(implode(",", $_POST[$arr[1]])); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'get': //valid $oldpos = $pos2 + 1; global $_GET; if (isset($arr[1]) && $_GET[$arr[1]] != "") { $displayvalue = '' . correctPostValue($_GET[$arr[1]]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'config': case 'c': //valid $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = getUserConfig($arr[1]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'cookie': $oldpos = $pos2 + 1; if (isset($arr[1]) && isset($arr[2])) { $displayvalue = cookie_getvalue($arr[1], $arr[2]); } if (isset($arr[3])) { $displaytype = $arr[3]; } if (isset($arr[4])) { $displaypara = $arr[4]; } break; case 'session': case 's': //valid $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = session_getvalue($arr[1]); } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'utils': //valid $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = $arr[1]; } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } break; case 'slot': //we have a callback $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = $arr[1]; } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } if ($slotback != '') { $displayvalue = $slotback($displayvalue, $displaytype, $displaypara); $displaytype = ''; $displaypara = ''; } break; case 'call': //we have a callback $oldpos = $pos2 + 1; if (isset($arr[1])) { $displayvalue = $arr[1]; } if (isset($arr[2])) { $displaytype = $arr[2]; } if (isset($arr[3])) { $displaypara = $arr[3]; } $fn = $displayvalue; if (function_exists($fn)) { $displayvalue = $fn($displaytype, $displaypara); } else { $displayvalue = ''; } break; } } $displaypara = str_replace('^', '.', $displaypara); if ($iftest) { //we have an ok $cif++; $iftestvalue = str_replace('^', '.', $iftestvalue); if ($ifnegative) { if ($displayvalue != $iftestvalue) { $ifs[$cif] = false; } else { $ifs[$cif] = true; } } else { if ($displayvalue == $iftestvalue) { $ifs[$cif] = false; } else { $ifs[$cif] = true; } } } else { $oldnewstring = $newstring; if ($directdump) { $newstring = ''; } switch ($displaytype) { case 'lb': $newstring .= '['; break; case 'rb': $newstring .= ']'; break; case 'now': require_once "config/dateutils.php"; if ($displayvalue != "") { $newstring .= date($displayvalue); } else { $newstring .= showDate(date("Y-m-d"), getLT("dateformat")); } break; case 'date': require_once "config/dateutils.php"; if ($displaypara != "") { if ($displayvalue != "0000-00-00") { $newstring .= date(str_replace("~", ".", $displaypara), showDate($displayvalue, "time")); } } else { $newstring .= showDate($displayvalue, getLT("dateformat")); } break; case 'sqldate': require_once "config/dateutils.php"; $newstring .= getDateForMysql($displayvalue, getLT("dateformat")); break; case 'time': require_once "config/dateutils.php"; $newstring .= showTime($displayvalue); break; case 'intval': if ($displaypara != "") { $newstring .= bcadd($displayvalue, '0'); } else { $newstring .= intval($displayvalue); } break; case 'number': $newstring .= showNumber($displayvalue, $displaypara); break; case 'exnumber': $newstring .= number_format(floatval($displayvalue), $displaypara, '.', ''); break; case 'zeronumber': if (abs(round($displayvalue) - $displayvalue) <= 0.01) { $newstring .= showNumber(round($displayvalue), $displaypara); } else { $newstring .= showNumber($displayvalue, $displaypara); } break; case 'zeros': $newstring .= str_pad($displayvalue, $displaypara, "0", STR_PAD_LEFT); break; case 'spell': require_once "extern/numberspell.php"; if (isset($GLOBALS[$displaypara])) { $newstring .= spellNumber($displayvalue, $GLOBALS[$displaypara]); } else { $newstring .= spellNumber($displayvalue, getCurrentLang()); } break; case 'sqlescape': global $conn; if ($displaypara != "") { $newstring .= $conn->escape(substr($displayvalue, 0, intval($displaypara))); } else { $newstring .= $conn->escape($displayvalue); } break; case 'sqlvalues': global $conn; $myvalues = ''; $myarr = explode(",", $displayvalue); foreach ($myarr as $kkmk => $kkmv) { if ($myvalues != "") { $myvalues .= ","; } $myvalues .= "'" . $conn->escape($kkmv) . "'"; } if ($myvalues == "") { $myvalues = "''"; } $newstring .= $myvalues; break; case 'split': $sparr = explode(".", trim($displayvalue)); $newstring .= $sparr[intval($displaypara)]; break; case 'explode': $sparr = explode(" ", trim($displayvalue)); $newstring .= $sparr[intval($displaypara)]; break; case 'substr': if (intval($displaypara) < 0) { $newstring .= substr($displayvalue, intval($displaypara)); } else { $newstring .= substr($displayvalue, 0, intval($displaypara)); } break; case 'trim': $displayvalue = str_replace(" ", "", trim($displayvalue)); $displayvalue = str_replace(".", "", $displayvalue); $displayvalue = str_replace("-", "", $displayvalue); $displayvalue = str_replace("=", "", $displayvalue); $newstring .= $displayvalue; break; case 'html': $newstring .= str_replace("\n", "<br>", $displayvalue); break; case 'nohtml': $newstring .= strip_tags(html_entity_decode2($displayvalue)); break; case 'pin': $newstring .= substr(md5($displayvalue), intval($displaypara)); break; case 'lang': $newstring .= getLT($displayvalue); break; case 'upper': $newstring .= strtoupper($displayvalue); break; case 'caps': $newstring .= strtoupper(substr(getLT($displayvalue), 0, 1)) . strtolower(substr(getLT($displayvalue), 1)); break; case 'lower': $newstring .= strtolower($displayvalue); break; case 'adresa': $newstring .= strtoupper(str_ireplace("zip", "cod postal", $displayvalue)); break; case 'full': $newstring .= parseAndReplaceAll($displayvalue, $slotback); break; case 'easyread': $newstring .= strrev(join(str_split(strrev($displayvalue), 3), ".")); break; case 'phone': $displayvalue = str_replace("-", "", $displayvalue); $displayvalue = str_replace("/", "", $displayvalue); $displayvalue = str_replace(" ", "", $displayvalue); $displayvalue = str_replace(".", "", $displayvalue); $displayvalue = str_replace(",", "", $displayvalue); $displayvalue = str_replace(",", "", $displayvalue); $displayvalue = substr($displayvalue, 0, 10); $newstring .= $displayvalue; break; case 'seo': $newstring .= buildSeoLink($displayvalue); break; default: $newstring .= $displayvalue; break; } if ($directdump) { echo $newstring; $newstring = $oldnewstring; } } } } } $pos = strpos($text, "[", $pos + 1); } $newstring .= substr($text, $oldpos); return $newstring; }
function makecontact_execute($action, $slot) { global $_POST; global $_GET; global $_CONFIG; require_once "config/db.php"; global $conn; global $_local_error; $_local_error = ""; global $_local_reloadform; $_local_reloadform = ""; global $render_current_slot; global $current_slots; //mark slot on execution stack $render_current_slot++; $current_slots[$render_current_slot] = $slot; if (getUserConfig("pageprotection") == "yes") { if (isset($_POST['fprotection']) && $_POST['fprotection'] != "") { if (isset($_GET['ajax']) && $_GET['ajax'] == 1) { if (intval(session_getvalue("protection_page")) != intval($_POST['fprotection'])) { $_local_error = getLT("protectionerror"); } } else { if (intval(session_getvalue("protection_page")) != intval($_POST['fprotection']) + 1) { $_local_error = getLT("protectionerror"); } } } } //set default filter $control_filter = ""; $control_name = "makecontact"; $control_table = "projectissues"; $control_id = "id"; //check for rights if (getUserConfig('dinsec_makecontact_cando', $action) == 'no') { $_local_error = getLT('nopermissions'); } if (getUserConfig('dinsec_makecontact_canpost', $action) == 'no') { $_local_error = getLT('nopermissions'); } if (session_getvalue("blockaccess_makecontact") == "yes") { $_local_error = getLT('nopermissions'); } if (session_getvalue("blockaccess_projectissues") == "yes") { $_local_error = getLT('nopermissions'); } if ($_local_error == "") { switch ($action) { case 'add': if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { $_local_error = 'usercanceled'; setSlotView($slot, "add"); break; } if ($_local_error == '') { if (!isset($_POST['iname']) || $_POST['iname'] == '' || strip_tags($_POST['iname']) == '') { $_local_error .= getLT('iname') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['iemail']) || $_POST['iemail'] == '' || strip_tags($_POST['iemail']) == '') { $_local_error .= getLT('iemail') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['icontactname']) || $_POST['icontactname'] == '' || strip_tags($_POST['icontactname']) == '') { $_local_error .= getLT('icontactname') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['useraddress'])) { $_local_error .= getLT('javascript?'); } else { $ab_def = strtok($_POST['useraddress'], "-"); $ab_test = $ab_def . '-' . number_format(floatVal($ab_def . '.12') * 0.34, 4, '.', ''); if ($ab_test !== $_POST['useraddress']) { $_local_error .= getLT('antiboterror?'); } } } if ($_local_error == "") { $conn->addnew($control_table); $conn->setvalue('iname', correctPostValue($_POST['iname'])); $conn->setvalue('iemail', correctPostValue($_POST['iemail'])); $conn->setvalue('icontactname', correctPostValue($_POST['icontactname'])); $html = correctPostValue($_POST['idesc']); $html = str_ireplace("<script", "[script", $html); $html = str_ireplace("<link", "[link", $html); $html = str_ireplace("<style", "[style", $html); $conn->setvalue('idesc', $html); $conn->setvalue('projectid', $_CONFIG['projectid']); $conn->setvalue('idate', date("Y-m-d H:i:s")); $id = $conn->update(); if ($id != "") { session_addvalue($slot . '_info', getLT('wblank')); session_setvalue($slot . "_viewid", $id); setSlotView($slot, "add"); } else { $_local_error = getLT('unableadd'); break; } } case 'sendemail': if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { $_local_error = 'usercanceled'; break; } if ($_local_error == "") { ob_start(); require_once "config/htmlreport.php"; require_once "config/templates.php"; require_once "config/mail.php"; global $_templates; require_once "config/utils.php"; $_control_replace_sql = "parseAndReplaceAll"; $pdf = new HtmlReport(""); $emailbody = ob_get_contents(); ob_end_clean(); $emailbody = html_entity_decode($emailbody); $emailsubject = getLT('emailcontact'); global $mails_sql_conn; $mails_sql_conn = create_db_connection(); $mails_sql_conn->openselect($_control_replace_sql("select pemails as email from projects where id=0[config.projectid]")); $noemail = false; if ($mails_sql_conn->eof()) { $noemail = true; } while (!$mails_sql_conn->eof()) { $mailman = createMailObject(); $mailman->IsHTML(true); $emailto = $mails_sql_conn->getvalue("email"); $emailreply = ""; $emailbcc = ""; $emailcc = ""; $emailfrom = ""; $emailbody = getFileContent(getFilePathFor('html', 'makecontact')); require_once "config/utils.php"; $emailbody = parseAndReplaceAll($emailbody); $emailreply = correctPostValue($_POST["iemail"]); $mailman->Body = $emailbody; $mailman->Subject = $emailsubject; $mailman->ClearAddresses(); $mailman->AddAddress($emailto); if ($emailbcc != "") { $mailman->AddBCC($emailbcc); } if ($emailcc != "") { $mailman->AddCC($emailcc); } if ($emailfrom != "") { $mailman->FromName = ""; $mailman->From = $emailfrom; } if ($emailreply != '') { $mailman->AddReplyTo($emailreply); } $mailman->send(); $mails_sql_conn->movenext(); } $mails_sql_conn->close(); if ($noemail) { session_addvalue($slot . '_error', getLT('noemailfound')); } else { session_addvalue($slot . '_info', getLT('yourmessageissent')); } } break; default: //$_local_error="slot:".$slot." unknown post action: ".$action; setSlotView($slot, ""); break; } } if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { //if($_local_error!="") session_addvalue($slot.'_error',getLT($_local_error)); $_local_error = ''; } else { if ($_local_reloadform != "" || $_local_error != "" || $action == "justreloadform") { //save post for later use foreach ($_POST as $key => $val) { if (is_array($val)) { session_setvalue('savedpost_makecontact_' . $key, correctPostValue(implode(",", str_replace(',', ' ', $_POST[$key])))); } else { session_setvalue('savedpost_makecontact_' . $key, correctPostValue($val)); } } if ($_local_error != "") { session_addvalue($slot . '_error', $_local_error); } } } $render_current_slot--; return $_local_error; }