/** * reminder form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Reminder * @author Henry Ruhs */ function reminder_form() { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_disabled = ' disabled="disabled"'; } /* captcha object */ $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); /* collect output */ $output .= '<h2 class="title_content">' . l('reminder') . '</h2>'; $output .= form_element('form', 'form_reminder', 'js_validate_form form_default form_reminder', '', '', '', 'action="' . REWRITE_ROUTE . 'reminder" method="post"'); $output .= form_element('fieldset', '', 'set_reminder', '', '', l('reminder_request') . l('point')) . '<ul>'; $output .= '<li>' . form_element('email', 'email', 'field_text field_note', 'email', '', l('email'), 'maxlength="50" required="required" autofocus="autofocus"' . $code_disabled) . '</li>'; /* collect captcha task output */ $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; $output .= '</ul></fieldset>'; /* collect captcha solution output */ $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'reminder_post', l('submit'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/reminder'] = 'visited'; echo $output; }
/** * login form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Login * @author Henry Ruhs */ function login_form() { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_disabled = ' disabled="disabled"'; } /* captcha object */ if (s('captcha') > 0) { $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); } /* reminder question */ if (s('reminder') == 1) { $legend = anchor_element('internal', '', 'link_legend', l('reminder_question') . l('question_mark'), 'reminder', '', 'rel="nofollow"'); } else { $legend = l('fields_limited') . l('point'); } /* collect output */ $output .= '<h2 class="title_content">' . l('login') . '</h2>'; $output .= form_element('form', 'form_login', 'js_validate_form form_default form_login', '', '', '', 'action="' . REWRITE_ROUTE . 'login" method="post"'); $output .= form_element('fieldset', '', 'set_login', '', '', $legend) . '<ul>'; $output .= '<li>' . form_element('text', 'user', 'field_text field_note', 'user', '', l('user'), 'maxlength="50" required="required" autofocus="autofocus"' . $code_disabled) . '</li>'; $output .= '<li>' . form_element('password', 'password', 'js_unmask_password field_text field_note', 'password', '', l('password'), 'maxlength="50" required="required" autocomplete="off"' . $code_disabled) . '</li>'; /* collect captcha task output */ if (LOGGED_IN != TOKEN && s('captcha') > 0) { $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; } $output .= '</ul></fieldset>'; /* collect captcha solution output */ if (s('captcha') > 0) { $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); if (LOGGED_IN == TOKEN) { $output .= form_element('hidden', '', '', 'task', $captchaHash->getRaw()); } $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); } /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'login_post', l('submit'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/login'] = '******'; echo $output; }
/** * comment form * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Comments * @author Henry Ruhs * * @param integer $article * @param string $language */ function comment_form($article = '', $language = '') { $output = Redaxscript\Hook::trigger(__FUNCTION__ . '_start'); /* disable fields if attack blocked */ if (ATTACK_BLOCKED > 9) { $code_readonly = $code_disabled = ' disabled="disabled"'; } else { if (LOGGED_IN == TOKEN) { $author = MY_USER; $email = MY_EMAIL; $code_readonly = ' readonly="readonly"'; } } /* captcha object */ if (s('captcha') > 0) { $captcha = new Redaxscript\Captcha(Redaxscript\Language::getInstance()); $captcha->init(); } /* collect output */ $output .= '<h2 class="title_content">' . l('comment_new') . '</h2>'; $output .= form_element('form', 'form_comment', 'js_validate_form form_default form_comment', '', '', '', 'method="post"'); $output .= form_element('fieldset', '', 'set_comment', '', '', l('fields_required') . l('point')) . '<ul>'; $output .= '<li>' . form_element('text', 'author', 'field_text field_note', 'author', $author, '* ' . l('author'), 'maxlength="50" required="required"' . $code_readonly) . '</li>'; $output .= '<li>' . form_element('email', 'email', 'field_text field_note', 'email', $email, '* ' . l('email'), 'maxlength="50" required="required"' . $code_readonly) . '</li>'; $output .= '<li>' . form_element('url', 'url', 'field_text', 'url', '', l('url'), 'maxlength="50"' . $code_disabled) . '</li>'; $output .= '<li>' . form_element('textarea', 'text', 'js_auto_resize js_editor_textarea field_textarea field_note', 'text', '', '* ' . l('comment'), 'rows="5" cols="100" required="required"' . $code_disabled) . '</li>'; /* collect captcha task output */ if (LOGGED_IN != TOKEN && s('captcha') > 0) { $output .= '<li>' . form_element('number', 'task', 'field_text field_note', 'task', '', $captcha->getTask(), 'min="1" max="20" required="required"' . $code_disabled) . '</li>'; } $output .= '</ul></fieldset>'; /* collect hidden output */ $output .= form_element('hidden', '', '', 'language', $language); $output .= form_element('hidden', '', '', 'date', NOW); $output .= form_element('hidden', '', '', 'article', $article); /* collect captcha solution output */ if (s('captcha') > 0) { $captchaHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $captchaHash->init($captcha->getSolution()); if (LOGGED_IN == TOKEN) { $output .= form_element('hidden', '', '', 'task', $captchaHash->getRaw()); } $output .= form_element('hidden', '', '', 'solution', $captchaHash->getHash()); } /* collect hidden and button output */ $output .= form_element('hidden', '', '', 'token', TOKEN); $output .= form_element('button', '', 'js_submit button_default', 'comment_post', l('create'), '', $code_disabled); $output .= '</form>'; $output .= Redaxscript\Hook::trigger(__FUNCTION__ . '_end'); $_SESSION[ROOT . '/comment'] = 'visited'; echo $output; }
/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); /* clean post */ switch (TABLE_PARAMETER) { /* categories */ case 'categories': $parent = $r['parent'] = clean($_POST['parent'], 0); /* articles */ /* articles */ case 'articles': $r['keywords'] = clean($_POST['keywords'], 5); $r['template'] = clean($_POST['template'], 0); /* extras */ /* extras */ case 'extras': $title = $r['title'] = clean($_POST['title'], 5); if (TABLE_PARAMETER != 'categories') { $r['headline'] = clean($_POST['headline'], 0); } $r['sibling'] = clean($_POST['sibling'], 0); /* comments */ /* comments */ case 'comments': if (TABLE_PARAMETER == 'comments') { $r['url'] = clean($_POST['url'], 4); } $author = $r['author'] = clean($_POST['author'], 0); if (TABLE_PARAMETER != 'categories') { $text = $r['text'] = clean($_POST['text'], 1); $date = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'] . ' ' . $_POST['hour'] . ':' . $_POST['minute'] . ':00'; $date = $r['date'] = clean($date, 5); } $rank = $r['rank'] = clean($_POST['rank'], 0); /* groups */ /* groups */ case 'groups': if (TABLE_PARAMETER != 'comments') { $alias = $r['alias'] = clean($_POST['alias'], 2); } /* users */ /* users */ case 'users': if (TABLE_PARAMETER != 'groups') { $language = $r['language'] = clean($_POST['language'], 0); } /* modules */ /* modules */ case 'modules': $alias = clean($_POST['alias'], 2); $status = $r['status'] = clean($_POST['status'], 0); if (TABLE_PARAMETER != 'groups' && TABLE_PARAMETER != 'users' && GROUPS_EDIT == 1) { $access = array_map(array($specialFilter, 'sanitize'), $_POST['access']); $access = array_map('clean', $access); $access_string = implode(', ', $access); if ($access_string == '') { $access_string = null; } $access = $r['access'] = $access_string; } if (TABLE_PARAMETER != 'extras' && TABLE_PARAMETER != 'comments') { $r['description'] = clean($_POST['description'], 5); } $token = $_POST['token']; break; } /* clean contents post */ if (TABLE_PARAMETER == 'articles') { $r['infoline'] = clean($_POST['infoline'], 0); $comments = $r['comments'] = clean($_POST['comments'], 0); if ($category && ID_PARAMETER == '') { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras') { $category = $r['category'] = clean($_POST['category'], 0); } if (TABLE_PARAMETER == 'articles' || TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') { if ($date > NOW) { $status = $r['status'] = 2; } else { $date = $r['date'] = NOW; } } if (TABLE_PARAMETER == 'extras' || TABLE_PARAMETER == 'comments') { $article = $r['article'] = clean($_POST['article'], 0); } if (TABLE_PARAMETER == 'comments' && ID_PARAMETER == '') { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if (TABLE_PARAMETER == 'comments' || TABLE_PARAMETER == 'users') { $email = $r['email'] = clean($_POST['email'], 3); } /* clean groups post */ if (TABLE_PARAMETER == 'groups' && (ID_PARAMETER == '' || ID_PARAMETER > 1)) { $groups_array = array('categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules'); foreach ($groups_array as $value) { ${$value} = array_map(array($specialFilter, 'sanitize'), $_POST[$value]); ${$value} = array_map('clean', ${$value}); $groups_string = implode(', ', ${$value}); if ($groups_string == '') { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = clean($_POST['settings'], 0); $r['filter'] = clean($_POST['filter'], 0); } if ((TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users') && ID_PARAMETER == 1) { $status = $r['status'] = 1; } if (TABLE_PARAMETER == 'groups' || TABLE_PARAMETER == 'users' || TABLE_PARAMETER == 'modules') { $name = $r['name'] = clean($_POST['name'], 0); } /* clean users post */ if (TABLE_PARAMETER == 'users') { if ($_POST['user']) { $user = $r['user'] = clean($_POST['user'], 0); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && $_POST['password'] == '' && $_POST['password_confirm'] == '' || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = clean($_POST['password'], 0); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = NOW; } if (ID_PARAMETER == '' || ID_PARAMETER > 1) { $groups = array_map(array($specialFilter, 'sanitize'), $_POST['groups']); $groups = array_map('clean', $groups); $groups_string = implode(', ', $groups); if ($groups_string == '') { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch (TABLE_PARAMETER) { /* contents */ case 'categories': case 'articles': case 'extras': if ($title == '') { $error = l('title_empty'); } else { $title_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->title; $id_title = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('title', $title)->findOne()->id; } if ($id_title && strcasecmp($title_id, $title) < 0) { $error = l('title_exists'); } if (TABLE_PARAMETER == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if (TABLE_PARAMETER == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = l('alias_exists'); } if (TABLE_PARAMETER != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = l('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if ($alias == '') { $error = l('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = l('alias_exists'); } } /* validate general post */ switch (TABLE_PARAMETER) { case 'articles': case 'extras': case 'comments': if ($text == '') { $error = l('text_empty'); } break; case 'groups': case 'users': case 'modules': if ($name == '') { $error = l('name_empty'); } break; } /* validate users post */ if (TABLE_PARAMETER == 'users') { if ($user == '') { $error = l('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('id', ID_PARAMETER)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = l('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('user_incorrect'); } if ($password_check == 1) { if ($password == '') { $error = l('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch (TABLE_PARAMETER) { case 'comments': if ($author == '') { $error = l('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (ID_PARAMETER == '') { $route .= '/new/' . TABLE_PARAMETER; } else { $route .= '/edit/' . TABLE_PARAMETER . '/' . ID_PARAMETER; } notification(l('error_occurred'), $error, l('back'), $route); return; } else { if (TABLE_EDIT == 1 || TABLE_DELETE == 1) { $route .= '/view/' . TABLE_PARAMETER; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); notification(l('operation_completed'), '', l('continue'), $route); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if (TABLE_PARAMETER == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix(TABLE_PARAMETER)->where('parent', ID_PARAMETER); $categoryArray = array_merge($categoryChildren->findArrayFlat(), array(ID_PARAMETER)); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findArrayFlat(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(array('status' => $status, 'access' => $access))->save(); } $categoryChildren->findMany()->set(array('status' => $status, 'access' => $access))->save(); $articleChildren->findMany()->set(array('status' => $status, 'access' => $access))->save(); } /* query articles */ if (TABLE_PARAMETER == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', ID_PARAMETER)->findMany()->set(array('status' => $status, 'access' => $access))->save(); } if (USERS_EXCEPTION == 1) { $_SESSION[ROOT . '/my_name'] = $name; $_SESSION[ROOT . '/my_email'] = $email; if (file_exists('languages/' . $language . '.php')) { $_SESSION[ROOT . '/language'] = $language; $_SESSION[ROOT . '/language_selected'] = 1; } } notification(l('operation_completed'), '', l('continue'), $route); return; } }
/** * admin process * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Admin * @author Henry Ruhs */ function admin_process() { $aliasFilter = new Redaxscript\Filter\Alias(); $emailFilter = new Redaxscript\Filter\Email(); $urlFilter = new Redaxscript\Filter\Url(); $htmlFilter = new Redaxscript\Filter\Html(); $aliasValidator = new Redaxscript\Validator\Alias(); $loginValidator = new Redaxscript\Validator\Login(); $specialFilter = new Redaxscript\Filter\Special(); $messenger = new Redaxscript\Admin\Messenger(Redaxscript\Registry::getInstance()); $filter = Redaxscript\Registry::get('filter'); $tableParameter = Redaxscript\Registry::get('tableParameter'); $idParameter = Redaxscript\Registry::get('idParameter'); /* clean post */ switch ($tableParameter) { /* categories */ case 'categories': $parent = $r['parent'] = $specialFilter->sanitize($_POST['parent']); /* articles */ /* articles */ case 'articles': $r['keywords'] = $_POST['keywords']; $r['robots'] = $specialFilter->sanitize($_POST['robots']); $r['template'] = $specialFilter->sanitize($_POST['template']); /* extras */ /* extras */ case 'extras': $title = $r['title'] = $_POST['title']; if ($tableParameter != 'categories') { $r['headline'] = $specialFilter->sanitize($_POST['headline']); } $r['sibling'] = $specialFilter->sanitize($_POST['sibling']); $author = $r['author'] = Redaxscript\Registry::get('myUser'); /* comments */ /* comments */ case 'comments': if ($tableParameter == 'comments') { $r['url'] = $urlFilter->sanitize($_POST['url']); $author = $r['author'] = $_POST['author']; } if ($tableParameter != 'categories') { $text = $r['text'] = $filter ? $htmlFilter->sanitize($_POST['text']) : $_POST['text']; $date = $r['date'] = $_POST['date']; } $rank = $r['rank'] = $specialFilter->sanitize($_POST['rank']); /* groups */ /* groups */ case 'groups': if ($tableParameter != 'comments') { $alias = $r['alias'] = $aliasFilter->sanitize($_POST['alias']); } /* users */ /* users */ case 'users': if ($tableParameter != 'groups') { $language = $r['language'] = $specialFilter->sanitize($_POST['language']); } /* modules */ /* modules */ case 'modules': $alias = $aliasFilter->sanitize($_POST['alias']); $status = $r['status'] = $specialFilter->sanitize($_POST['status']); if ($tableParameter != 'groups' && $tableParameter != 'users' && Redaxscript\Registry::get('groupsEdit')) { $access = array_map([$specialFilter, 'sanitize'], $_POST['access']); $access_string = implode(', ', $access); if (!$access_string) { $access_string = null; } $access = $r['access'] = $access_string; } if ($tableParameter != 'extras' && $tableParameter != 'comments') { $r['description'] = $_POST['description']; } $token = $_POST['token']; break; } /* clean contents post */ if ($tableParameter == 'articles') { $r['byline'] = $specialFilter->sanitize($_POST['byline']); $comments = $r['comments'] = $specialFilter->sanitize($_POST['comments']); if ($category && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('categories')->where('id', $category)->findOne()->status; } } if ($tableParameter == 'articles' || $tableParameter == 'extras') { $category = $r['category'] = $specialFilter->sanitize($_POST['category']); } if ($tableParameter == 'articles' || $tableParameter == 'extras' || $tableParameter == 'comments') { if ($date > Redaxscript\Registry::get('now')) { $status = $r['status'] = 2; } if (!$date) { $r['date'] = Redaxscript\Registry::get('now'); } } if ($tableParameter == 'extras' || $tableParameter == 'comments') { $article = $r['article'] = $specialFilter->sanitize($_POST['article']); } if ($tableParameter == 'comments' && !$idParameter) { $status = $r['status'] = Redaxscript\Db::forTablePrefix('articles')->where('id', $article)->findOne()->status; } if ($tableParameter == 'comments' || $tableParameter == 'users') { $email = $r['email'] = $emailFilter->sanitize($_POST['email']); } /* clean groups post */ if ($tableParameter == 'groups' && (!$idParameter || $idParameter > 1)) { $groups_array = ['categories', 'articles', 'extras', 'comments', 'groups', 'users', 'modules']; foreach ($groups_array as $value) { ${$value} = array_map([$specialFilter, 'sanitize'], $_POST[$value]); $groups_string = implode(', ', ${$value}); if (!$groups_string) { $groups_string = 0; } $r[$value] = $groups_string; } $r['settings'] = $specialFilter->sanitize($_POST['settings']); $r['filter'] = $specialFilter->sanitize($_POST['filter']); } if (($tableParameter == 'groups' || $tableParameter == 'users') && $idParameter == 1) { $status = $r['status'] = 1; } if ($tableParameter == 'groups' || $tableParameter == 'users' || $tableParameter == 'modules') { $name = $r['name'] = $specialFilter->sanitize($_POST['name']); } /* clean users post */ if ($tableParameter == 'users') { if ($_POST['user']) { $user = $r['user'] = $specialFilter->sanitize($_POST['user']); } else { $user = $r['user'] = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; } $password_check = $password_confirm = 1; if ($_POST['edit'] && !$_POST['password'] && !$_POST['password_confirm'] || $_POST['delete']) { $password_check = 0; } if ($_POST['password'] != $_POST['password_confirm']) { $password_confirm = 0; } $password = $specialFilter->sanitize($_POST['password']); if ($password_check == 1 && $password_confirm == 1) { $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); } if ($_POST['new']) { $r['first'] = $r['last'] = Redaxscript\Registry::get('now'); } if (!$idParameter || $idParameter > 1) { $groups = array_map([$specialFilter, 'sanitize'], $_POST['groups']); $groups_string = implode(', ', $groups); if (!$groups_string) { $groups_string = 0; } $groups = $r['groups'] = $groups_string; } } $r_keys = array_keys($r); $last = end($r_keys); /* validate post */ switch ($tableParameter) { /* contents */ case 'categories': case 'articles': case 'extras': if (!$title) { $error = Redaxscript\Language::get('title_empty'); } if ($tableParameter == 'categories') { $opponent_id = Redaxscript\Db::forTablePrefix('articles')->where('alias', $alias)->findOne()->id; } if ($tableParameter == 'articles') { $opponent_id = Redaxscript\Db::forTablePrefix('categories')->where('alias', $alias)->findOne()->id; } if ($opponent_id) { $error = Redaxscript\Language::get('alias_exists'); } if ($tableParameter != 'groups' && $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_GENERAL) == Redaxscript\Validator\ValidatorInterface::PASSED || $aliasValidator->validate($alias, Redaxscript\Validator\Alias::MODE_DEFAULT) == Redaxscript\Validator\ValidatorInterface::PASSED) { $error = Redaxscript\Language::get('alias_incorrect'); } /* groups */ /* groups */ case 'groups': if (!$alias) { $error = Redaxscript\Language::get('alias_empty'); } else { $alias_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->alias; $id_alias = Redaxscript\Db::forTablePrefix($tableParameter)->where('alias', $alias)->findOne()->id; } if ($id_alias && strcasecmp($alias_id, $alias) < 0) { $error = Redaxscript\Language::get('alias_exists'); } } /* validate general post */ switch ($tableParameter) { case 'articles': case 'extras': case 'comments': if (!$text) { $error = Redaxscript\Language::get('text_empty'); } break; case 'groups': case 'users': case 'modules': if (!$name) { $error = Redaxscript\Language::get('name_empty'); } break; } /* validate users post */ if ($tableParameter == 'users') { if (!$user) { $error = Redaxscript\Language::get('user_incorrect'); } else { $user_id = Redaxscript\Db::forTablePrefix($tableParameter)->where('id', $idParameter)->findOne()->user; $id_user = Redaxscript\Db::forTablePrefix($tableParameter)->where('user', $user)->findOne()->id; } if ($id_user && strcasecmp($user_id, $user) < 0) { $error = Redaxscript\Language::get('user_exists'); } if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('user_incorrect'); } if ($password_check == 1) { if (!$password) { $error = Redaxscript\Language::get('password_empty'); } if ($password_confirm == 0 || $loginValidator->validate($password) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('password_incorrect'); } } } /* validate last post */ $emailValidator = new Redaxscript\Validator\Email(); switch ($tableParameter) { case 'comments': if (!$author) { $error = Redaxscript\Language::get('author_empty'); } case 'users': if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = Redaxscript\Language::get('email_incorrect'); } } $route = 'admin'; /* handle error */ if ($error) { if (!$idParameter) { $route .= '/new/' . $tableParameter; } else { $route .= '/edit/' . $tableParameter . '/' . $idParameter; } /* show error */ echo $messenger->setRoute(Redaxscript\Language::get('back'), $route)->error($error, Redaxscript\Language::get('error_occurred')); return; } else { if (Redaxscript\Registry::get('tableEdit') == 1 || Redaxscript\Registry::get('tableEdit') == 1) { $route .= '/view/' . $tableParameter; if ($alias) { $route .= '#' . $alias; } else { if ($user) { $route .= '#' . $user; } } } } /* select to null */ foreach ($r as $key => $value) { if ($value == 'select') { $r[$key] = null; } } /* process */ switch (true) { /* query new */ case $_POST['new']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->create()->set($r)->save(); /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; /* query edit */ /* query edit */ case $_POST['edit']: Redaxscript\Db::forTablePrefix(Redaxscript\Registry::get('tableParameter'))->whereIdIs(Redaxscript\Registry::get('idParameter'))->findOne()->set($r)->save(); /* query categories */ if ($tableParameter == 'categories') { $categoryChildren = Redaxscript\Db::forTablePrefix($tableParameter)->where('parent', $idParameter); $categoryArray = array_merge($categoryChildren->findFlatArray(), [$idParameter]); $articleChildren = Redaxscript\Db::forTablePrefix('articles')->whereIn('category', $categoryArray); $articleArray = $articleChildren->findFlatArray(); if (count($articleArray) > 0) { Redaxscript\Db::forTablePrefix('comments')->whereIn('article', $articleArray)->findMany()->set(['status' => $status, 'access' => $access])->save(); } $categoryChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); $articleChildren->findMany()->set(['status' => $status, 'access' => $access])->save(); } /* query articles */ if ($tableParameter == 'articles') { if ($comments == 0) { $status = 0; } Redaxscript\Db::forTablePrefix('comments')->where('article', $idParameter)->findMany()->set(['status' => $status, 'access' => $access])->save(); } if ($tableParameter == 'users' && $idParameter == Redaxscript\Registry::get('myId')) { $auth = new Redaxscript\Auth(Redaxscript\Request::getInstance()); $auth->init(); $auth->setUser('name', $name); $auth->setUser('email', $email); $auth->setUser('language', $language); $auth->save(); Redaxscript\Request::setSession('language', $language); } /* show success */ echo $messenger->setRoute(Redaxscript\Language::get('continue'), $route)->doRedirect()->success(Redaxscript\Language::get('operation_completed')); return; } }
/** * registration post * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Registration * @author Henry Ruhs */ function registration_post() { /* clean post */ if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/registration'] == 'visited') { $name = $r['name'] = clean($_POST['name'], 0); $user = $r['user'] = clean($_POST['user'], 0); $email = $r['email'] = clean($_POST['email'], 3); $password = substr(sha1(uniqid()), 0, 10); $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); $r['password'] = $passwordHash->getHash(); $r['description'] = ''; $r['language'] = Redaxscript\Registry::get('language'); $r['first'] = $r['last'] = NOW; $r['groups'] = Redaxscript\Db::forTablePrefix('groups')->where('alias', 'members')->findOne()->id; if ($r['groups'] == '') { $r['groups'] = 0; } $task = $_POST['task']; $solution = $_POST['solution']; } /* validate post */ $loginValidator = new Redaxscript\Validator\Login(); $emailValidator = new Redaxscript\Validator\Email(); $captchaValidator = new Redaxscript\Validator\Captcha(); if ($name == '') { $error = l('name_empty'); } else { if ($user == '') { $error = l('user_empty'); } else { if ($email == '') { $error = l('email_empty'); } else { if ($loginValidator->validate($user) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('user_incorrect'); } else { if ($emailValidator->validate($email) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('email_incorrect'); } else { if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('captcha_incorrect'); } else { if (Redaxscript\Db::forTablePrefix('users')->where('user', $user)->findOne()->id) { $error = l('user_exists'); } else { if (USERS_NEW == 0 && s('verification') == 1) { $r['status'] = 0; $success = l('registration_verification'); } else { $r['status'] = 1; $success = l('registration_sent'); } /* send login information */ $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login'; $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute); $toArray = array($name => $email); if (s('notification') == 1) { $toArray[s('author')] = s('email'); } $fromArray = array($author => $email); $subject = l('registration'); $bodyArray = array('<strong>' . l('name') . l('colon') . '</strong> ' . $name, '<br />', '<strong>' . l('user') . l('colon') . '</strong> ' . $user, '<br />', '<strong>' . l('password') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '<strong> ' . $loginLink); /* mailer object */ $mailer = new Redaxscript\Mailer(); $mailer->init($toArray, $fromArray, $subject, $bodyArray); $mailer->send(); /* create user */ Redaxscript\Db::forTablePrefix('users')->create()->set($r)->save(); } } } } } } } /* handle error */ if ($error) { if (s('blocker') == 1) { $_SESSION[ROOT . '/attack_blocked']++; } notification(l('error_occurred'), $error, l('back'), 'registration'); } else { notification(l('operation_completed'), $success, l('login'), 'login'); } $_SESSION[ROOT . '/registration'] = ''; }
/** * password reset post * * @since 1.2.1 * @deprecated 2.0.0 * * @package Redaxscript * @category Password * @author Henry Ruhs */ function password_reset_post() { $captchaValidator = new Redaxscript\Validator\Captcha(); /* clean post */ if (ATTACK_BLOCKED < 10 && $_SESSION[ROOT . '/password_reset'] == 'visited') { $post_id = clean($_POST['id'], 0); $post_password = clean($_POST['password'], 0); $password = substr(sha1(uniqid()), 0, 10); $task = $_POST['task']; $solution = $_POST['solution']; } /* query user information */ if ($post_id && $post_password) { $users_result = Redaxscript\Db::forTablePrefix('users')->where(array('id' => $post_id, 'status' => 1))->findArray(); foreach ($users_result as $r) { foreach ($r as $key => $value) { $key = 'my_' . $key; ${$key} = stripslashes($value); } } } /* validate post */ if ($post_id == '' || $post_password == '') { $error = l('input_incorrect'); } else { if ($captchaValidator->validate($task, $solution) == Redaxscript\Validator\ValidatorInterface::FAILED) { $error = l('captcha_incorrect'); } else { if ($my_id == '' || sha1($my_password) != $post_password) { $error = l('access_no'); } else { /* send new password */ $loginRoute = ROOT . '/' . REWRITE_ROUTE . 'login'; $loginLink = anchor_element('external', '', '', $loginRoute, $loginRoute); $toArray = array($my_name => $my_email); $fromArray = array(s('author') => s('email')); $subject = l('password_new'); $bodyArray = array('<strong>' . l('password_new') . l('colon') . '</strong> ' . $password, '<br />', '<strong>' . l('login') . l('colon') . '</strong> ' . $loginLink); /* mailer object */ $mailer = new Redaxscript\Mailer(); $mailer->init($toArray, $fromArray, $subject, $bodyArray); $mailer->send(); /* update password */ $passwordHash = new Redaxscript\Hash(Redaxscript\Config::getInstance()); $passwordHash->init($password); Redaxscript\Db::forTablePrefix('users')->where(array('id' => $post_id, 'status' => 1))->findOne()->set('password', $passwordHash->getHash())->save(); } } } /* handle error */ if ($error) { if (s('blocker') == 1) { $_SESSION[ROOT . '/attack_blocked']++; } if ($post_id && $post_password) { $back_route = 'password_reset/' . $post_id . '/' . $post_password; } else { $back_route = 'reminder'; } notification(l('error_occurred'), $error, l('back'), $back_route); } else { notification(l('operation_completed'), l('password_sent'), l('login'), 'login'); } $_SESSION[ROOT . '/password_reset'] = ''; }