# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
/** @define "BASE" "../../../.." */
if (!defined('EXPONENT')) {
exit('');
}
// Check for form errors
$post = $_POST;
$post['manual_redirect'] = true;
if (!expValidator::check_antispam($post)) {
flash('error', gt('Security Validation Failed'));
expHistory::back();
}
global $db, $user;
$f = $db->selectObject("formbuilder_form", "id=" . intval($_POST['id']));
$rpt = $db->selectObject("formbuilder_report", "form_id=" . intval($_POST['id']));
$controls = $db->selectObjects("formbuilder_control", "form_id=" . $f->id . " and is_readonly=0");
$controls = expSorter::sort(array('array' => $controls, 'sortby' => 'rank', 'order' => 'ASC'));
$db_data = null;
$emailFields = array();
$captions = array();
foreach ($controls as $c) {
$ctl = unserialize($c->data);
$control_type = get_class($ctl);
$def = call_user_func(array($control_type, "getFieldDefinition"));
function update()
{
global $db, $user;
/* The global constants can be overridden by passing appropriate params */
//sure wish I could do this once in the constructor. sadly $this->params[] isn't set yet
$require_login = empty($this->params['require_login']) ? COMMENTS_REQUIRE_LOGIN : $this->params['require_login'];
$require_approval = empty($this->params['require_approval']) ? COMMENTS_REQUIRE_APPROVAL : $this->params['require_approval'];
$require_notification = empty($this->params['require_notification']) ? COMMENTS_REQUIRE_NOTIFICATION : $this->params['require_notification'];
$notification_email = empty($this->params['notification_email']) ? COMMENTS_NOTIFICATION_EMAIL : $this->params['notification_email'];
// check the anti-spam control
if (!$user->isLoggedIn()) {
expValidator::check_antispam($this->params, gt("Your comment could not be posted because anti-spam verification failed. Please try again."));
}
// figure out the name and email address
if (!empty($user->id) && empty($this->params['id'])) {
$this->params['name'] = $user->firstname . " " . $user->lastname;
$this->params['email'] = $user->email;
}
// save the comment
if (empty($require_approval)) {
$this->expComment->approved = 1;
}
$this->expComment->update($this->params);
// attach the comment to the datatype it belongs to (blog, news, etc..);
$obj->content_type = $this->params['content_type'];
$obj->content_id = $this->params['content_id'];
$obj->expcomments_id = $this->expComment->id;
if (isset($this->params['subtype'])) {
$obj->subtype = $this->params['subtype'];
}
$db->insertObject($obj, $this->expComment->attachable_table);
$msg = 'Thank you for posting a comment.';
if ($require_approval == 1 && !$user->isAdmin()) {
$msg .= ' ' . gt('Your comment is now pending approval. You will receive an email to') . ' ';
$msg .= $this->expComment->email . ' ' . gt('letting you know when it has been approved.');
}
if ($require_notification && !$user->isAdmin()) {
$this->sendNotification($this->expComment, $this->params);
}
if ($require_approval == 1 && $this->params['approved'] == 1) {
$this->sendApprovalNotification($this->expComment, $this->params);
}
//if ($require_notification && !$user->isAdmin()) {
//}
flash('message', $msg);
expHistory::back();
}
public function send_new_password()
{
global $db;
// find the user
// $u = user::getByUsername($this->params['username']);
$u = user::getUserByName($this->params['username']);
if (!expValidator::check_antispam($this->params)) {
expValidator::failAndReturnToForm(gt('Anti-spam verification failed'), $this->params);
} elseif (empty($u)) {
expValidator::failAndReturnToForm(gt('We were unable to find an account with that username'), $this->params);
} elseif (empty($u->email)) {
expValidator::failAndReturnToForm(gt('Your account does not appear to have an email address. Please contact the site administrators to reset your password'), $this->params);
} elseif ($u->isAdmin()) {
expValidator::failAndReturnToForm(gt('You cannot reset passwords for an administrator account.'), $this->params);
}
$tok = null;
$tok->uid = $u->id;
$tok->expires = time() + 2 * 3600;
$tok->token = md5(time()) . uniqid('');
$email = $template = get_template_for_action($this, 'password_reset_email', $this->loc);
$email->assign('token', $tok);
$msg = $email->render();
$mail = new expMail();
$mail->quickSend(array('html_message' => $msg, 'to' => trim($u->email), 'from' => SMTP_FROMADDRESS, 'subject' => 'Your password has'));
$db->delete('passreset_token', 'uid=' . $u->id);
$db->insertObject($tok, 'passreset_token');
flash('message', gt('An email has been sent to your email address with instructions on how to finish resetting your password.') . '<br><br>' . gt('The new password is good for 2 hours. If you have not completed the password reset process in 2 hours time, the new password will expire.'));
expHistory::back();
}
public function signup()
{
global $db;
// check the anti-spam control
expValidator::check_antispam($this->params, gt("Anti-spam verification failed. Please try again."));
// make sure we have what we need.
if (empty($this->params['email'])) {
expQueue::flashAndFlow('error', 'You must supply an email address to sign up for email alerts.');
}
if (empty($this->params['ealerts'])) {
expQueue::flashAndFlow('error', 'You did not select any E-Alert topics to subscribe to.');
}
// find or create the subscriber
$id = $db->selectValue('subscribers', 'id', 'email="' . $this->params['email'] . '"');
$subscriber = new subscribers($id);
if (empty($subscriber->id)) {
$subscriber->email = trim($this->params['email']);
$subscriber->hash = md5($subscriber->email . time());
$subscriber->save();
}
// delete any old subscriptions and add the user to new subscriptions
$db->delete('expeAlerts_subscribers', 'subscribers_id=' . $subscriber->id);
foreach ($this->params['ealerts'] as $ea_id) {
$obj = null;
$obj->subscribers_id = $subscriber->id;
$obj->expeAlerts_id = $ea_id;
$db->insertObject($obj, 'expeAlerts_subscribers');
}
// send a confirmation email to the user.
$ealerts = $db->selectObjects('expeAlerts', 'id IN (' . implode(',', $this->params['ealerts']) . ')');
$body = get_template_for_action($this, 'confirmation_email', $this->loc);
$body->assign('ealerts', $ealerts);
$body->assign('subscriber', $subscriber);
$mail = new expMail();
$mail->quickSend(array('html_message' => $body->render(), 'to' => $subscriber->email, 'from' => SMTP_FROMADDRESS, 'subject' => 'Please confirm your E-Alert subscriptions'));
redirect_to(array('controller' => 'ealert', 'action' => 'pending', 'id' => $subscriber->id));
}
