function saveUploadedFile($file, $target, $exttype = '', $imgtype = '', $rename = 0, $maxsize = 0) { // imgtype can be all exif_imagetype supported by your PHP install // see http://www.php.net/exif_imagetype $file_status = array('status' => false, 'error' => '', 'name' => '', 'tmp_name' => '', 'size' => 0, 'path' => '', 'ext' => '', 'rename' => '', 'maxsize' => intval($maxsize), 'error_num' => 0, 'type' => ''); if (!isset($_FILES[$file]) || !is_uploaded_file($_FILES[$file]['tmp_name'])) { $file_status['error'] = 'Upload not defined'; return $file_status; } $file_status['name'] = sanitize_filename($_FILES[$file]['name']); $file_status['ext'] = which_ext($file_status['name']); $file_status['tmp_name'] = $_FILES[$file]['tmp_name']; $file_status['size'] = $_FILES[$file]['size']; $file_status['type'] = empty($_FILES[$file]['type']) || !is_mimetype_format($_FILES[$file]['type']) ? get_mimetype_by_extension($file_status['ext']) : $_FILES[$file]['type']; $file_status['path'] = $target; $file_status['rename'] = $file_status['name']; $file_status['maxsize'] = empty($file_status['maxsize']) ? $GLOBALS['phpwcms']['file_maxsize'] : $file_status['maxsize']; if (intval($file_status['size']) > $file_status['maxsize']) { $file_status['error'] = 'File is too large'; $file_status['error_num'] = 400; return $file_status; } if (empty($target)) { $file_status['error'] = 'Target directory not defined'; $file_status['error_num'] = 412; return $file_status; } if (!@_mkdir($target)) { $file_status['error'] = 'The target directory "' . $target . '" can not be found or generated'; $file_status['error_num'] = 412; return $file_status; } if ($_FILES[$file]['error']) { $file_status['error'] = $_FILES[$file]['error']; $file_status['error_num'] = 409; return $file_status; } if ($imgtype) { $imgtype = convertStringToArray(strtolower($imgtype)); if (count($imgtype)) { $data = @getimagesize($_FILES[$file]['tmp_name']); $exif_imagetype = array(1 => 'gif', 2 => 'jpeg', 2 => 'jpg', 3 => 'png', 4 => 'swf', 5 => 'psd', 6 => 'bmp', 7 => 'tif', 8 => 'tiff', 9 => 'jpc', 10 => 'jp2', 11 => 'jpx', 12 => 'jb2', 13 => 'swc', 14 => 'iff', 15 => 'wbmp', 16 => 'xbm'); if (!$data && !$exttype) { $file_status['error'] = 'Format' . ($file_status['ext'] ? ' *.' . $file_status['ext'] : '') . ' not supported ('; $allowed = array(); foreach ($imgtype as $value) { $allowed[] = '*.' . $exif_imagetype[$value]; } $file_status['error'] .= implode(', ', $allowed) . ')'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } elseif ($data) { if (empty($exif_imagetype[$data[2]]) || !in_array($data[2], $imgtype)) { $file_status['error'] = 'File type '; $file_status['error'] .= empty($exif_imagetype[$data[2]]) ? $data[2] : $exif_imagetype[$data[2]]; $file_status['error'] .= ' is not supported for this upload ('; foreach ($imgtype as $imgt) { $file_status['error'] .= empty($exif_imagetype[$imgt]) ? $imgt : $exif_imagetype[$imgt]; $file_status['error'] .= ', '; } $file_status['error'] = trim(trim($file_status['error']), ','); $file_status['error'] .= ' only)'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } $file_status['image'] = $data; $exttype = ''; } } } if ($exttype) { $exttype = convertStringToArray(strtolower($exttype)); if (!in_array($file_status['ext'], $exttype)) { $file_status['error'] = 'File type *.' . $file_status['ext'] . ' is not supported for this upload (*.' . implode(', *.', $exttype) . ' only)'; $file_status['error_num'] = 415; @unlink($_FILES[$file]['tmp_name']); return $file_status; } } if (!is_writable($target)) { $file_status['error'] = 'Target directory <b>' . str_replace(PHPWCMS_ROOT, '', $target) . '</b> is not writable'; $file_status['error_num'] = 412; @unlink($_FILES[$file]['tmp_name']); return $file_status; } $rename = convertStringToArray($rename); if (count($rename)) { $_temp_name = cut_ext($file_status['rename']); foreach ($rename as $value) { switch ($value) { case 1: $_temp_name = str_replace(array(':', '/', "\\", ' '), array('-', '-', '-', '_'), phpwcms_remove_accents($_temp_name)); $_temp_name = preg_replace('/[^0-9a-z_\\-\\.]/i', '', $_temp_name); break; case 2: $_temp_name = time() . '_' . $_temp_name; break; case 3: $_temp_name = date('Ymd-His') . '_' . $_temp_name; break; case 4: $_temp_name = date('Ymd') . '_' . $_temp_name; break; case 5: $_temp_name = generic_string(6) . '_' . $_temp_name; break; case 6: $_temp_name = md5($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '')); break; case 7: $_temp_name = shortHash($_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : '')); break; } } $file_status['rename'] = $_temp_name . ($file_status['ext'] ? '.' . $file_status['ext'] : ''); } @umask(0); if (!@move_uploaded_file($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) { if (!copy($_FILES[$file]['tmp_name'], $target . $file_status['rename'])) { $file_status['error'] = 'Saving uploaded file <b>' . html($file_status['name']) . '</b> to <b>' . html(str_replace(PHPWCMS_ROOT, '', $target . $file_status['rename'])) . '</b> failed'; $file_status['error_num'] = 412; @unlink($_FILES[$file]['tmp_name']); return $file_status; } } @chmod($target . $file_status['rename'], 0644); $file_status['status'] = true; return $file_status; }
case 'application/octet-stream': $_userInfo['csv'] = csvFileToArray($_FILES['cvsfile']['tmp_name'], $_userInfo['delimeter']); if (is_array($_userInfo['csv'])) { $_userInfo['nonImported'] = array(); $c = 1; $_userInfo['csvTime'] = time(); foreach ($_userInfo['csv'] as $row) { if (!isset($row[1])) { $row[1] = ''; } if (!empty($row[0]) && is_valid_email($row[0])) { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address ("; $sql .= "address_email, address_name, address_key, address_subscription, address_verified, address_tstamp) VALUES ("; $sql .= "'" . aporeplace($row[0]) . "', "; $sql .= "'" . aporeplace($row[1]) . "', "; $sql .= "'" . aporeplace(shortHash($row[0] . time())) . "', "; $sql .= "'" . ($_userInfo['subscribe_all'] ? '' : aporeplace(serialize($_userInfo['subscribe_select']))) . "', "; $sql .= $_userInfo['subscribe_active'] . ", FROM_UNIXTIME(" . $_userInfo['csvTime'] . ") )"; $sql = _dbQuery($sql, 'INSERT'); if (empty($sql['INSERT_ID'])) { $_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1] . ' (' . mysql_error() . ')'; } } else { $_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1]; } $c++; } } break; default: $_userInfo['csvError'] = 'False MIME TYPE. Be sure to upload CSV file only.';
continue; } // now check if field name exists and build corresponding name value if (empty($POST_val[trim($form_value_nl)])) { $form_newletter_setting['name_field'] .= $form_value_nl; } else { $form_value_nl = trim($form_value_nl); $form_newletter_setting['name_field'] .= $POST_val[$form_value_nl]; } } $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); } if (empty($form_newletter_setting['name_field'])) { $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; } $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash($form_newletter_setting['email_field'] . time())); // create SQL query to populate recipient into recipients db $form_newletter_setting['sql'] = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address '; $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['hash']) . ", "; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['email_field']) . ", "; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['name_field']) . ", "; $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) . ", "; $form_newletter_setting['sql'] .= _dbEscape(serialize($form_newletter_setting['selection'])) . ", "; $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe']) . ", "; $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe']); $form_newletter_setting['sql'] .= ')'; // save recipient in db and send verify message in case of double opt-in $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); // now send opt-in email
$content["newsletter"]["success"] = 1; $content["newsletter"]["reffering_key"] = ""; $check_sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_address WHERE address_email=" . _dbEscape($content["newsletter"]["email_address"]) . " LIMIT 1"; if ($check_result = mysql_query($check_sql, $db)) { if ($check_row = mysql_fetch_array($check_result, MYSQL_ASSOC)) { $content["newsletter"]["reffering_key"] = $check_row["address_key"]; $content["newsletter"]["reffering_id"] = $check_row["address_id"]; } mysql_free_result($check_result); } if ($content["newsletter"]["reffering_key"]) { //if email exists in newsletter address list update entry $e_sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET " . "address_name=" . _dbEscape($content["newsletter"]["email_name"]) . ", " . "address_verified=0, " . "address_subscription=" . _dbEscape(serialize($content["newsletter"]["email_subscription"])) . ", " . "address_url1=" . _dbEscape($content["newsletter"]["url1"]) . ", " . "address_url2=" . _dbEscape($content["newsletter"]["url2"]) . " " . "WHERE address_id=" . _dbEscape($content["newsletter"]["reffering_id"]); $content["newsletter"]["updated"] = 1; } else { $content["newsletter"]["reffering_key"] = preg_replace('/[^a-z0-9]/i', '', shortHash($content["newsletter"]["email_address"] . time())); //if email not exists in newsletter address list insert entry $e_sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address (" . "address_email, address_name, address_key, address_subscription, address_url1, address_url2) VALUES (" . _dbEscape($content["newsletter"]["email_address"]) . ", " . _dbEscape($content["newsletter"]["email_name"]) . ", " . _dbEscape($content["newsletter"]["reffering_key"]) . ", " . _dbEscape(serialize($content["newsletter"]["email_subscription"])) . ", " . _dbEscape($content["newsletter"]["url1"]) . ", " . _dbEscape($content["newsletter"]["url2"]) . ")"; $content["newsletter"]["updated"] = 0; } mysql_query($e_sql, $db); $content["newsletter"]["verify_link"] = PHPWCMS_URL . "verify.php?s=" . rawurlencode($content["newsletter"]["reffering_key"]); $content["newsletter"]["delete_link"] = PHPWCMS_URL . "verify.php?u=" . rawurlencode($content["newsletter"]["reffering_key"]); $content["newsletter"]["mailtext"] = $content["newsletter"]["updated"] ? $content["newsletter"]["change_text"] : $content["newsletter"]["reg_text"]; $content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_NAME}", $content["newsletter"]["email_name"], $content["newsletter"]["mailtext"]); $content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_EMAIL}", $content["newsletter"]["email_address"], $content["newsletter"]["mailtext"]); $content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_VERIFY}", $content["newsletter"]["verify_link"], $content["newsletter"]["mailtext"]); $content["newsletter"]["mailtext"] = str_replace("{NEWSLETTER_DELETE}", $content["newsletter"]["delete_link"], $content["newsletter"]["mailtext"]); $content["newsletter"]["mailtext"] = replaceGlobalRT($content["newsletter"]["mailtext"]); $content['newsletter']['subject'] = returnTagContent($content["newsletter"]["mailtext"], 'SUBJECT'); if (empty($content['newsletter']['subject']['tag'])) {
$sql .= "address_subscription\t= '" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "' "; $sql .= 'WHERE '; if ($_userInfo['count']) { // update based on email address $sql .= "address_email='" . aporeplace($_userInfo['subscriber_data']['address_email']) . "'"; } else { // update based on email address $sql .= 'address_id=' . $_userInfo['subscriber_data']['address_id']; $sql .= ' LIMIT 1'; } _dbQuery($sql, 'UPDATE'); } else { // insert $sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address '; $sql .= '(address_key, address_email, address_name, address_verified, address_subscription) VALUES ('; $sql .= "'" . aporeplace(shortHash($_userInfo['subscriber_data']['address_email'] . time())) . "', "; $sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_email']) . "', "; $sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_name']) . "', "; $sql .= $_userInfo['subscriber_data']['address_verified'] . ", "; $sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "')"; $_userInfo['result'] = _dbQuery($sql, 'INSERT'); if (!empty($_userInfo['result']['INSERT_ID'])) { $_userInfo['subscriber_id'] = $_userInfo['result']['INSERT_ID']; $_userInfo['subscriber_data']['address_id'] = $_userInfo['result']['INSERT_ID']; } } } // in case data should be saved and closed then if ($_userInfo['error']['email'] == 0 && (!empty($_POST['save']) || !empty($_userInfo['count']))) { $_userInfo['subscriber_data'] = false; }
function showServerIds() { global $serverIdWhiteList; foreach ($serverIdWhiteList as $serverId) { echo "{$serverId} => " . shortHash($serverId) . " <br>\n"; } }
$plugin['data']['shop_pref_zone_base'] = clean_slweg($_POST['pref_zone_base']); // check if multiple emails foreach ($plugin['data']['shop_pref_email_to'] as $key => $value) { if (!is_valid_email($value)) { unset($plugin['data']['shop_pref_email_to'][$key]); } } $plugin['data']['shop_pref_email_to'] = strtolower(implode(';', $plugin['data']['shop_pref_email_to'])); if (!is_valid_email($plugin['data']['shop_pref_email_from'])) { $plugin['data']['shop_pref_email_from'] = ''; } if (!is_valid_email($plugin['data']['shop_pref_email_paypal'])) { $plugin['data']['shop_pref_email_paypal'] = ''; } if ($plugin['data']['shop_pref_api_access'] && $plugin['data']['shop_pref_api_key'] === '') { $plugin['data']['shop_pref_api_key'] = preg_replace('/[^a-zA-Z0-9]/', '', shortHash(PHPWCMS_URL . $phpwcms['db_pass'])); } for ($x = 0; $x <= 4; $x++) { // Weight based $plugin['data']['shop_pref_shipping'][$x]['weight'] = clean_slweg($_POST['pref_shipping_weight'][$x]); $plugin['data']['shop_pref_shipping'][$x]['net'] = clean_slweg($_POST['pref_shipping_net'][$x]); $plugin['data']['shop_pref_shipping'][$x]['vat'] = clean_slweg($_POST['pref_shipping_vat'][$x]); $plugin['data']['shop_pref_shipping'][$x]['weight'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['weight']); $plugin['data']['shop_pref_shipping'][$x]['weight'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['weight']), 3); $plugin['data']['shop_pref_shipping'][$x]['net'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['net']); $plugin['data']['shop_pref_shipping'][$x]['net'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['net']), 3); $plugin['data']['shop_pref_shipping'][$x]['vat'] = str_replace($BLM['thousands_sep'], '', $plugin['data']['shop_pref_shipping'][$x]['vat']); $plugin['data']['shop_pref_shipping'][$x]['vat'] = round(str_replace($BLM['dec_point'], '.', $plugin['data']['shop_pref_shipping'][$x]['vat']), 2); // Price based $plugin['data']['shop_pref_shipping'][$x]['price'] = clean_slweg($_POST['pref_shipping_price'][$x]); $plugin['data']['shop_pref_shipping'][$x]['price_net'] = clean_slweg($_POST['pref_shipping_price_net'][$x]);