}
if (count($error) > 0) {
icms_core_Message::error($error);
echo "<p><a href='admin.php?fct=modulesadmin'>" . _MD_AM_BTOMADMIN . "</a></p>";
icms_cp_footer();
exit;
}
echo "<h4 style='text-align:" . _GLOBAL_LEFT . ";'>" . _MD_AM_PCMFM . "</h4>" . "<form action='admin.php' method='post'>" . "<input type='hidden' name='fct' value='modulesadmin' />" . "<input type='hidden' name='op' value='submit' />" . "<table width='100%' border='0' cellspacing='1' class='outer'>" . "<tr align='center'><th>" . _MD_AM_MODULE . "</th><th>" . _MD_AM_ACTION . "</th><th>" . _MD_AM_ORDER . "</th></tr>";
$mcount = 0;
foreach ($module as $mid) {
if ($mcount % 2 != 0) {
$class = 'odd';
} else {
$class = 'even';
}
echo '<tr class="' . $class . '"><td align="center">' . icms_core_DataFilter::stripSlashesGPC($oldname[$mid]);
$newname[$mid] = trim(icms_core_DataFilter::stripslashesGPC($newname[$mid]));
if ($newname[$mid] != $oldname[$mid]) {
echo ' »» <span style="color:#ff0000;font-weight:bold;">' . $newname[$mid] . '</span>';
}
echo '</td><td align="center">';
if (isset($newstatus[$mid]) && $newstatus[$mid] == 1) {
if ($oldstatus[$mid] == 0) {
echo "<span style='color:#ff0000;font-weight:bold;'>" . _MD_AM_ACTIVATE . "</span>";
} else {
echo _MD_AM_NOCHANGE;
}
} else {
$newstatus[$mid] = 0;
if ($oldstatus[$mid] == 1) {
echo "<span style='color:#ff0000;font-weight:bold;'>" . _MD_AM_DEACTIVATE . "</span>";
}
}
$added_count = count($added);
icms_cp_header();
echo '<div class="CPbigTitle" style="background-image: url('. ICMS_MODULES_URL . '/system/admin/mailusers/images/mailusers_big.png)">' . _MD_AM_MLUS . '</div><br />';
if ($added_count > 0) {
$xoopsMailer = new icms_messaging_Handler();
for ($i = 0; $i < $added_count; $i++) {
$xoopsMailer->setToUsers($added[$i]);
}
$xoopsMailer->setFromName(icms_core_DataFilter::stripSlashesGPC($_POST['mail_fromname']));
$xoopsMailer->setFromEmail(icms_core_DataFilter::stripSlashesGPC($_POST['mail_fromemail']));
$xoopsMailer->setSubject(icms_core_DataFilter::stripSlashesGPC($_POST['mail_subject']));
$xoopsMailer->setBody(icms_core_DataFilter::stripSlashesGPC($_POST['mail_body']));
if (in_array("mail", $_POST['mail_send_to'])) {
$xoopsMailer->useMail();
}
if (in_array("pm", $_POST['mail_send_to']) && empty($_POST['mail_inactive'])) {
$xoopsMailer->usePM();
}
$xoopsMailer->send(TRUE);
echo $xoopsMailer->getSuccess();
echo $xoopsMailer->getErrors();
if ($count_criteria > $limit) {
$form = new icms_form_Theme(_AM_SENDMTOUSERS, "mailusers", "admin.php?fct=mailusers", 'post', TRUE);
if (!empty($_POST['mail_to_group'])) {
foreach ($_POST['mail_to_group'] as $mailgroup) {
$cform->addElement(new icms_form_elements_Hidden('com_pid', (int) $com_pid));
$cform->addElement(new icms_form_elements_Hidden('com_rootid', (int) $com_rootid));
$cform->addElement(new icms_form_elements_Hidden('com_id', $com_id));
$cform->addElement(new icms_form_elements_Hidden('com_itemid', $com_itemid));
$cform->addElement(new icms_form_elements_Hidden('com_order', $com_order));
$cform->addElement(new icms_form_elements_Hidden('com_mode', $com_mode));
// add module specific extra params
if ('system' != $icmsModule->getVar('dirname')) {
$comment_config = $icmsModule->getInfo('comments');
if (isset($comment_config['extraParams']) && is_array($comment_config['extraParams'])) {
foreach ($comment_config['extraParams'] as $extra_param) {
// This routine is included from forms accessed via both GET and POST
if (isset($_POST[$extra_param])) {
$hidden_value = icms_core_DataFilter::stripSlashesGPC($_POST[$extra_param]);
} elseif (isset($_GET[$extra_param])) {
$hidden_value = icms_core_DataFilter::stripSlashesGPC($_GET[$extra_param]);
} else {
$hidden_value = '';
}
$cform->addElement(new icms_form_elements_Hidden($extra_param, $hidden_value));
}
}
}
// Captcha Hack
if ($icmsConfig['use_captchaf'] == TRUE) {
$cform->addElement(new icms_form_elements_Captcha());
}
// Captcha Hack
$button_tray->addElement(new icms_form_elements_Button('', 'com_dopreview', _PREVIEW, 'submit'));
$button_tray->addElement(new icms_form_elements_Button('', 'com_dopost', _CM_POSTCOMMENT, 'submit'));
$cform->addElement($button_tray);
/**
* clean values of all variables of the object for storage.
* also add slashes whereever needed
*
* We had to put this method in the icms_ipf_Object because the XOBJ_DTYPE_ARRAY does not work properly
* at least on PHP 5.1. So we have created a new type XOBJ_DTYPE_SIMPLE_ARRAY to handle 1 level array
* as a string separated by |
*
* @return bool true if successful
* @access public
*/
public function cleanVars()
{
$existing_errors = $this->getErrors();
$this->_errors = array();
foreach ($this->vars as $k => $v) {
$cleanv = $v['value'];
if (!$v['changed'] || $this->_isNewConfig) {
} else {
$cleanv = is_string($cleanv) ? trim($cleanv) : $cleanv;
switch ($v['data_type']) {
case XOBJ_DTYPE_TXTBOX:
if ($v['required'] && $cleanv != '0' && $cleanv == '') {
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k));
continue;
}
if (isset($v['maxlength']) && strlen($cleanv) > (int) $v['maxlength']) {
$this->setErrors(sprintf(_XOBJ_ERR_SHORTERTHAN, $k, (int) $v['maxlength']));
continue;
}
if (!$v['not_gpc']) {
$cleanv = icms_core_DataFilter::stripSlashesGPC(icms_core_DataFilter::censorString($cleanv));
} else {
$cleanv = icms_core_DataFilter::censorString($cleanv);
}
break;
case XOBJ_DTYPE_TXTAREA:
if ($v['required'] && $cleanv != '0' && $cleanv == '') {
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k));
continue;
}
if (!$v['not_gpc']) {
$cleanv = icms_core_DataFilter::stripSlashesGPC($cleanv);
$cleanv = icms_core_DataFilter::checkVar($cleanv, 'html', 'input');
} else {
//$cleanv = icms_core_DataFilter::censorString($cleanv);
$cleanv = icms_core_DataFilter::checkVar($cleanv, 'html', 'input');
}
break;
case XOBJ_DTYPE_SOURCE:
if (!$v['not_gpc']) {
$cleanv = icms_core_DataFilter::stripSlashesGPC($cleanv);
} else {
$cleanv = $cleanv;
}
break;
case XOBJ_DTYPE_INT:
case XOBJ_DTYPE_TIME_ONLY:
$cleanv = (int) $cleanv;
break;
case XOBJ_DTYPE_CURRENCY:
$cleanv = icms_currency($cleanv);
break;
case XOBJ_DTYPE_FLOAT:
$cleanv = icms_float($cleanv);
break;
case XOBJ_DTYPE_EMAIL:
if ($v['required'] && $cleanv == '') {
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k));
continue;
}
if ($cleanv != '' && !icms_core_DataFilter::checkVar($cleanv, 'email')) {
$this->setErrors(_CORE_DB_INVALIDEMAIL);
continue;
}
if (!$v['not_gpc']) {
$cleanv = icms_core_DataFilter::stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_URL:
if ($v['required'] && $cleanv == '') {
$this->setErrors(sprintf(_XOBJ_ERR_REQUIRED, $k));
continue;
}
if ($cleanv != '' && !preg_match("/^http[s]*:\\/\\//i", $cleanv)) {
$cleanv = 'http://' . $cleanv;
}
if (!$v['not_gpc']) {
$cleanv = icms_core_DataFilter::stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_SIMPLE_ARRAY:
$cleanv = implode('|', $cleanv);
break;
case XOBJ_DTYPE_ARRAY:
$cleanv = is_array($cleanv) ? serialize($cleanv) : $cleanv;
break;
case XOBJ_DTYPE_STIME:
case XOBJ_DTYPE_MTIME:
case XOBJ_DTYPE_LTIME:
$cleanv = !is_string($cleanv) ? (int) $cleanv : strtotime($cleanv);
if (!($cleanv > 0)) {
$cleanv = strtotime($cleanv);
}
break;
default:
break;
}
}
$this->cleanVars[$k] =& $cleanv;
unset($cleanv);
}
if (count($this->_errors) > 0) {
$this->_errors = array_merge($existing_errors, $this->_errors);
return false;
}
$this->_errors = array_merge($existing_errors, $this->_errors);
$this->unsetDirty();
return true;
}
* @license LICENSE.txt
* @package Member
* @subpackage Users
* @author marcan <*****@*****.**>
* @author Sina Asghari (aka stranger) <*****@*****.**>
* @version $Id: invite.php 21047 2011-03-14 15:52:14Z m0nty_ $
*/
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
// If not a user and invite needs one, redirect
if ($icmsConfigUser['activation_type'] == 3 && $icmsConfigUser['allow_register'] == 0 && !is_object(icms::$user)) {
redirect_header('index.php', 6, _US_INVITEBYMEMBER);
exit;
}
$op = !isset($_POST['op']) ? 'invite' : $_POST['op'];
$email = isset($_POST['email']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['email'])) : '';
switch ($op) {
case 'finish':
include 'header.php';
$stop = '';
if (!icms::$security->check()) {
$stop .= implode('<br />', icms::$security->getErrors()) . "<br />";
}
$icmsCaptcha = icms_form_elements_captcha_Object::instance();
if (!$icmsCaptcha->verify()) {
$stop .= $icmsCaptcha->getMessage() . '<br />';
}
if (!checkEmail($email)) {
$stop .= _US_INVALIDMAIL . '<br />';
}
if (empty($stop)) {
$salt = icms_core_Password::createSalt();
$pass = $icmspass->encryptPass($pass, $salt, $icmsConfigUser['enc_type']);
$edituser->setVar('pass', $pass);
$edituser->setVar('pass_expired', 0);
$edituser->setVar('enc_type', $icmsConfigUser['enc_type']);
$edituser->setVar('salt', $salt);
}
$edituser->setVar('level', (int) $_POST['level']);
}
} else {
if ($icmsConfigUser['allow_chguname'] == 1) {
$edituser->setVar('uname', $uname);
}
}
if ($icmsConfigAuth['auth_openid'] == 1) {
$edituser->setVar('openid', icms_core_DataFilter::stripSlashesGPC(trim($_POST['openid'])));
$edituser->setVar('user_viewoid', isset($_POST['user_viewoid']) ? (int) $_POST['user_viewoid'] : 0);
}
// ALTERED BY FREEFORM SOLUTIONS TO SUPPORT USERS CHANGING THEIR OWN PASSWORDS FROM A SINGLE PROFILE PAGE
// A REPEAT OF THE CODE BLOCK JUST ABOVE, TO HANDLE THE CASE WHERE THE USER IS UPDATING THEIR OWN PASSWORD
if ($pass != '' and $edituser->getVar('uid') == icms::$user->getVar('uid')) {
$icmspass = new icms_core_Password();
$salt = icms_core_Password::createSalt();
$pass = $icmspass->encryptPass($pass, $salt, $icmsConfigUser['enc_type']);
$edituser->setVar('pass', $pass);
$edituser->setVar('pass_expired', 0);
$edituser->setVar('enc_type', $icmsConfigUser['enc_type']);
$edituser->setVar('salt', $salt);
}
// Dynamic fields
$profile_handler = icms_getmodulehandler('profile', basename(dirname(__FILE__)), 'profile');
}
} else {
$err = implode('<br />', $uploader->getErrors(FALSE));
echo $err;
}
echo '</code><br /><a href="admin.php?fct=tplsets">' . _MD_AM_BTOTADMIN . '</a>';
icms_cp_footer();
break;
case 'previewtpl':
if (!icms::$security->check()) {
redirect_header('admin.php?fct=tplsets', 3, implode('<br />', icms::$security->getErrors()));
}
$html = icms_core_DataFilter::stripSlashesGPC($html);
$tpltpl_handler =& icms::handler('icms_view_template_file');
$tplfile =& $tpltpl_handler->get($id, TRUE);
$xoopsTpl = new icms_view_Tpl();
if (is_object($tplfile)) {
$dummylayout = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
. '<html><head><meta http-equiv="content-type" content="text/html; charset=' . _CHARSET
. '" /><meta http-equiv="content-language" content="' . _LANGCODE
. '" /><title>' . $icmsConfig['sitename'] . '</title>'
. '<link rel="stylesheet" type="text/css" media="screen" href="' . ICMS_URL . '/icms'
. (( defined('_ADM_USE_RTL') && _ADM_USE_RTL )
? '_rtl'
:'')
. '.css" /><link rel="stylesheet" type="text/css" media="screen" href="'
. xoops_getcss($icmsConfig['theme_set']) . '" />';
/**
* Generates a list of keywords from the provided text
* @param steing $text Text to parse
* @param int $minChar Minimum word length for the keywords
* @return array An array of keywords
*/
public function findMetaKeywords($text, $minChar)
{
$keywords = array();
$text = $this->purifyText($text);
$text = $this->html2text($text);
$text = preg_replace("/([^\r\n])\r\n([^\r\n])/", "\\1 \\2", $text);
$text = preg_replace("/[\r\n]*\r\n[\r\n]*/", "\r\n\r\n", $text);
$text = preg_replace("/[ ]* [ ]*/", ' ', $text);
$text = icms_core_DataFilter::stripSlashesGPC($text);
$originalKeywords = preg_split('/[^a-zA-Z\'"-]+/', $text, -1, PREG_SPLIT_NO_EMPTY);
foreach ($originalKeywords as $originalKeyword) {
$secondRoundKeywords = explode("'", $originalKeyword);
foreach ($secondRoundKeywords as $secondRoundKeyword) {
if (strlen($secondRoundKeyword) >= $minChar) {
if (!in_array($secondRoundKeyword, $keywords)) {
$keywords[] = trim($secondRoundKeyword);
}
}
}
}
return $keywords;
}
$password = $oldpass = '';
if (!empty($_POST['password'])) {
$password = icms_core_DataFilter::stripSlashesGPC(trim($_POST['password']));
$oldpass = !empty($_POST['old_password']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['old_password'])) : '';
}
if ($password !== '' && $_POST['change_pass'] == 1) {
$member_handler = icms::handler('icms_member');
if (!$member_handler->loginUser(addslashes($uname), addslashes($oldpass))) {
$errors[] = _US_BADPWD;
}
if (strlen($password) < $icmsConfigUser['minpass']) {
$errors[] = sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']);
}
$vpass = '';
if (!empty($_POST['vpass'])) {
$vpass = icms_core_DataFilter::stripSlashesGPC(trim($_POST['vpass']));
}
if ($password != $vpass) {
$errors[] = _US_PASSNOTSAME;
}
if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, TRUE) || strripos($password, $username) === TRUE) {
$errors[] = _US_BADPWD;
}
}
if (count($errors) > 0) {
/** Include the header that starts page rendering */
include ICMS_ROOT_PATH . '/header.php';
echo '<div>';
foreach ($errors as $er) {
echo '<span style="color: #ff0000; font-weight: bold;">' . $er . '</span><br />';
}
echo '<form action="' . ICMS_URL . '/misc.php" method="post" onsubmit="return checkForm();"><table width="100%" class="outer" cellspacing="1"><tr><th colspan="2">' . _MSC_RECOMMENDSITE . '</th></tr>';
echo "<tr><td class='head'>\r\n\t\t\t\t\t\t\t\t<input type='hidden' name='op' value='sendsite' />\r\n\t\t\t\t\t\t\t\t<input type='hidden' name='action' value='showpopups' />\r\n\t\t\t\t\t\t\t\t<input type='hidden' name='type' value='friend' />\n";
echo _MSC_YOURNAMEC . "</td>\r\n\t\t\t\t\t\t<td class='even'><input type='text' name='yname' value='{$yname}' id='yname' /></td></tr>\r\n\t\t\t\t\t\t<tr><td class='head'>" . _MSC_YOUREMAILC . "</td><td class='odd'>\r\n\t\t\t\t\t\t<input type='text' name='ymail' value='" . $ymail . "' id='ymail' /></td></tr>\r\n\t\t\t\t\t\t<tr><td class='head'>" . _MSC_FRIENDNAMEC . "</td>\r\n\t\t\t\t\t\t<td class='even'><input type='text' name='fname' value='{$fname}' id='fname' /></td></tr>\r\n\t\t\t\t\t\t<tr><td class='head'>" . _MSC_FRIENDEMAILC . "</td>\r\n\t\t\t\t\t\t<td class='odd'><input type='text' name='fmail' value='{$fmail}' id='fmail' /></td></tr>\r\n\t\t\t\t\t\t<tr><td class='head'> </td><td class='even'>\r\n\t\t\t\t\t\t<input type='submit' value='" . _SEND . "' /> \r\n\t\t\t\t\t\t<input value='" . _CLOSE . "' type='button' onclick='javascript:window.close();' />" . icms::$security->getTokenHTML() . "</td></tr>\r\n\t\t\t\t\t\t</table></form>\n";
$closebutton = 0;
} elseif ($_POST['op'] == 'sendsite') {
if (icms::$user) {
$ymail = icms::$user->getVar('email');
} else {
$ymail = isset($_POST['ymail']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['ymail'])) : '';
}
if (!isset($_POST['yname']) || trim($_POST['yname']) == '' || $ymail == '' || !isset($_POST['fname']) || trim($_POST['fname']) == '' || !isset($_POST['fmail']) || trim($_POST['fmail']) == '') {
redirect_header(ICMS_URL . '/misc.php?action=showpopups&type=friend&op=sendform', 2, _MSC_NEEDINFO);
}
$yname = icms_core_DataFilter::stripSlashesGPC(trim($_POST['yname']));
$fname = icms_core_DataFilter::stripSlashesGPC(trim($_POST['fname']));
$fmail = icms_core_DataFilter::stripSlashesGPC(trim($_POST['fmail']));
if (!checkEmail($fmail) || !checkEmail($ymail) || preg_match('/[\\0-\\31]/', $yname)) {
$errormessage = _MSC_INVALIDEMAIL1 . '<br />' . _MSC_INVALIDEMAIL2 . '';
redirect_header(ICMS_URL . '/misc.php?action=showpopups&type=friend&op=sendform', 2, $errormessage);
}
$xoopsMailer = new icms_messaging_Handler();
$xoopsMailer->setTemplate('tellfriend.tpl');
$xoopsMailer->assign('SITENAME', $icmsConfig['sitename']);
$xoopsMailer->assign('ADMINMAIL', $icmsConfig['adminmail']);
$xoopsMailer->assign('SITEURL', ICMS_URL . '/');
$xoopsMailer->assign('YOUR_NAME', $yname);
$xoopsMailer->assign('FRIEND_NAME', $fname);
$xoopsMailer->setToEmails($fmail);
$xoopsMailer->setFromEmail($ymail);
$xoopsMailer->setFromName($yname);
$xoopsMailer->setSubject(sprintf(_MSC_INTSITE, $icmsConfig['sitename']));
}
if (is_object(icms::$user)) {
redirect_header('index.php', 6, _US_ALREADY_LOGED_IN);
}
$op = !isset($_POST['op']) ? 'register' : filter_input(INPUT_POST, 'op');
$login_name = isset($_POST['login_name']) ? icms_core_DataFilter::stripSlashesGPC($_POST['login_name']) : '';
$uname = isset($_POST['uname']) ? icms_core_DataFilter::stripSlashesGPC($_POST['uname']) : '';
$email = isset($_POST['email']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['email'])) : '';
$url = isset($_POST['url']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['url'])) : '';
$pass = isset($_POST['pass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['pass']) : '';
$vpass = isset($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['vpass']) : '';
$timezone_offset = isset($_POST['timezone_offset']) ? (float)($_POST['timezone_offset']) : $icmsConfig['default_TZ'];
$user_viewemail = (isset($_POST['user_viewemail']) && (int) $_POST['user_viewemail']) ? 1 : 0;
$user_mailok = (isset($_POST['user_mailok']) && (int) $_POST['user_mailok']) ? 1 : 0;
$agree_disc = (isset($_POST['agree_disc']) && (int) $_POST['agree_disc']) ? 1 : 0;
$actkey = isset($_POST['actkey']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['actkey'])) : '';
$thisuser = icms::handler('icms_member_user');
switch ($op) {
case 'newuser':
include 'header.php';
$xoTheme->addScript('', array('type' => ''), '
$(".password").passStrength({
shortPass: "******",
badPass: "******",
goodPass: "******",
strongPass: "******",
baseStyle: "top_testresult",
messageloc: 0
});
});
if (is_object(icms::$user)) {
redirect_header('index.php', 6, _US_ALREADY_LOGED_IN);
}
$op = !isset($_POST['op']) ? 'register' : filter_input(INPUT_POST, 'op');
$login_name = isset($_POST['login_name']) ? icms_core_DataFilter::stripSlashesGPC($_POST['login_name']) : '';
$uname = isset($_POST['uname']) ? icms_core_DataFilter::stripSlashesGPC($_POST['uname']) : '';
$email = isset($_POST['email']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['email'])) : '';
$url = isset($_POST['url']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['url'])) : '';
$pass = isset($_POST['pass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['pass']) : '';
$vpass = isset($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['vpass']) : '';
$timezone_offset = isset($_POST['timezone_offset']) ? (double) $_POST['timezone_offset'] : $icmsConfig['default_TZ'];
$user_viewemail = isset($_POST['user_viewemail']) && (int) $_POST['user_viewemail'] ? 1 : 0;
$user_mailok = isset($_POST['user_mailok']) && (int) $_POST['user_mailok'] ? 1 : 0;
$agree_disc = isset($_POST['agree_disc']) && (int) $_POST['agree_disc'] ? 1 : 0;
$actkey = isset($_POST['actkey']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['actkey'])) : '';
$salt = isset($_POST['salt']) ? trim(icms_core_DataFilter::stripSlashesGPC($_POST['salt'])) : '';
$enc_type = $icmsConfigUser['enc_type'];
$thisuser = icms::handler('icms_member_user');
switch ($op) {
case 'newuser':
include 'header.php';
$xoTheme->addScript('', array('type' => ''), '
$(".password").passStrength({
shortPass: "******",
badPass: "******",
goodPass: "******",
strongPass: "******",
baseStyle: "top_testresult",
messageloc: 0
});
});
/**
* Note: magic_quotes_gpc and magic_quotes_runtime are deprecated as of PHP 5.3.0
*
* @deprecated Use stripSlashesGPC, instead.
* @todo Remove this in version 1.4 - there are no other occurrences in the core
* Enter description here ...
* @param unknown_type $text
*/
function oopsStripSlashesRT($text)
{
icms_core_Debug::setDeprecated('icms_core_DataFilter::stripSlashesGPC', sprintf(_CORE_REMOVE_IN_VERSION, '1.4'));
return icms_core_DataFilter::stripSlashesGPC($text);
}
/**
* Logic for changing the weight (order) and name of modules
*
* @param int $mid Unique ID for the module to change
* @param int $weight Integer value of the weight to be applied to the module
* @param str $name Name to be applied to the module
*/
function xoops_module_change($mid, $weight, $name) {
$module_handler = icms::handler('icms_module');
$module =& $module_handler->get($mid);
$module->setVar('weight', $weight);
$module->setVar('name', $name);
if (!$module_handler->insert($module)) {
$ret = "<p>" . sprintf(_MD_AM_FAILORDER, "<strong>" . icms_core_DataFilter::stripSlashesGPC($name)
. "</strong>") . " " . _MD_AM_ERRORSC . "<br />";
$ret .= $module->getHtmlErrors() . "</p>";
return $ret;
}
return "<p>" . sprintf(_MD_AM_OKORDER, "<strong>" . icms_core_DataFilter::stripSlashesGPC($name) . "</strong>") . "</p>";
}
echo "</select> ";
echo icms::$security->getTokenHTML() . "<input type='submit' value='" . _SUBMIT . "' />";
// Add selected users
} else {
echo "<input type='button' value='" . _MA_USER_ADD_SELECTED . "' onclick='addusers();' />";
}
echo "<input type='hidden' name='token' value='" . htmlspecialchars($token, ENT_QUOTES) . "' />\n";
echo "</td></tr></table></form>\n";
}
$hiddenform = "<form name='findnext' action='findusers.php' method='post'>";
foreach ($_POST as $k => $v) {
if ($k == 'XOOPS_TOKEN_REQUEST') {
// regenerate token value
$hiddenform .= icms::$security->getTokenHTML() . "\n";
} else {
$hiddenform .= "<input type='hidden' name='" . htmlSpecialChars($k, ENT_QUOTES) . "' value='" . htmlSpecialChars(icms_core_DataFilter::stripSlashesGPC($v), ENT_QUOTES) . "' />\n";
}
}
if (!isset($_POST['limit'])) {
$hiddenform .= "<input type='hidden' name='limit' value='" . $limit . "' />\n";
}
if (!isset($_POST['start'])) {
$hiddenform .= "<input type='hidden' name='start' value='" . $start . "' />\n";
}
$hiddenform .= "<input type='hidden' name='token' value='" . htmlspecialchars($token, ENT_QUOTES) . "' />\n";
if (!isset($total) || ($totalpages = ceil($total / $limit)) > 1) {
$prev = $start - $limit;
if ($start - $limit >= 0) {
$hiddenform .= "<a href='#0' onclick='javascript:document.findnext.start.value=" . $prev . ";document.findnext.submit();'>" . _MA_USER_PREVIOUS . "</a> \n";
}
$counter = 1;
}
}
}
if (!empty($password)) {
$password = icms_core_DataFilter::stripSlashesGPC(trim($password));
$oldpass = !empty($old_password) ? icms_core_DataFilter::stripSlashesGPC(trim($old_password)) : '';
$member_handler = icms::handler('icms_member');
$username = $member_handler->getUser($uid)->getVar('login_name');
if (!$member_handler->loginUser(addslashes($username), $oldpass)) {
$errors[] = _US_SORRYINCORRECTPASS;
}
if (strlen($password) < $icmsConfigUser['minpass']) {
$errors[] = sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']);
}
if (!empty($vpass)) {
$vpass = icms_core_DataFilter::stripSlashesGPC(trim($vpass));
}
if ($password != $vpass) {
$errors[] = _US_PASSNOTSAME;
}
if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, TRUE) || strripos($password, $username) === TRUE) {
$errors[] = _US_BADPWD;
}
}
if (count($errors) > 0) {
/** Include the header that starts page rendering */
include ICMS_ROOT_PATH . '/header.php';
icms_core_Message::error($errors);
echo "<a href='edituser.php' title='" . _US_EDITPROFILE . "'>" . _US_EDITPROFILE . "</a>";
include ICMS_ROOT_PATH . '/footer.php';
} else {
unset($_SESSION['openid_response']);
unset($_SESSION['openid_sreg']);
unset($_SESSION['frompage']);
redirect_header($redirect_url, 3, sprintf(_US_OPENID_NEW_USER_CREATED, $newUser->getVar('uname')));
break;
case OPENID_STEP_USER_FOUND:
/** Including the login authentication page */
include_once 'include/checklogin.php';
exit;
break;
case OPENID_STEP_LINK:
// Linking an existing user with this openid
/** Including header.php to start page rendering */
include_once ICMS_ROOT_PATH . '/header.php';
$uname4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($_POST['uname']));
$pass4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($_POST['pass']));
$thisUser = $member_handler->loginUser($uname4sql, $pass4sql);
if (!$thisUser) {
redirect_header($redirect_url, 3, _US_OPENID_LINKED_AUTH_FAILED);
}
if ($thisUser->getVar('level') == 0) {
redirect_header($redirect_url, 3, _US_OPENID_LINKED_AUTH_NOT_ACTIVATED);
}
// This means the authentication succeeded.
$displayId = $xoopsAuth->response->getDisplayIdentifier();
$thisUser->setVar('last_login', time());
$thisUser->setVar('openid', $xoopsAuth->openid);
if (!$member_handler->insertUser($thisUser)) {
redirect_header($redirect_url, 3, _US_OPENID_LINKED_AUTH_CANNOT_SAVE);
}
$_SESSION['xoopsUserId'] = $thisUser->getVar('uid');
$sql = sprintf("DELETE FROM %s WHERE cid = '%u'", $db->prefix('bannerclient'), $cid);
$db->query($sql);
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 1, _AM_DBUPDATED);
break;
case 'BannerClientEdit':
if ($cid > 0) {BannerClientEdit($cid);}
break;
case 'BannerClientChange':
if ($cid <= 0 | !icms::$security->check()) {
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 3, implode('<br />', icms::$security->getErrors()));
}
$db =& icms_db_Factory::instance();
$sql = sprintf("UPDATE %s SET name = %s, contact = %s, email = %s, login = %s, passwd = %s, extrainfo = %s WHERE cid = '%d'",
$db->prefix("bannerclient"),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($name)),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($contact)),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($email)),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($login)),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($passwd)),
$db->quoteString(icms_core_DataFilter::stripSlashesGPC($extrainfo)),
$cid
);
$db->query($sql);
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 1, _AM_DBUPDATED);
break;
}
icms_loadLanguageFile('core', 'user');
$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
/**
* Commented out for OpenID , we need to change it to make a better validation if OpenID is used
*/
/*if ($uname == '' || $pass == '') {
redirect_header(ICMS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}*/
$member_handler = icms::handler('icms_member');
icms_loadLanguageFile('core', 'auth');
$icmsAuth =& icms_auth_Factory::getAuthConnection(icms_core_DataFilter::addSlashes($uname));
// uname&email hack GIJ
$uname4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($uname));
$pass4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($pass));
/*if (strstr( $uname , '@' )) {
// check by email if uname includes '@'
$criteria = new icms_db_criteria_Compo(new icms_db_criteria_Item('email', $uname4sql ));
$criteria->add(new icms_db_criteria_Item('pass', $pass4sql));
$user_handler = icms::handler('icms_member_user');
$users =& $user_handler->getObjects($criteria, false);
if (empty( $users ) || count( $users ) != 1 ) $user = false ;
else $user = $users[0] ;
unset( $users ) ;
} */
if (empty($user) || !is_object($user)) {
$user =& $icmsAuth->authenticate($uname4sql, $pass4sql);
}
// end of uname&email hack GIJ
if (false != $user) {
/**
* returns a specific variable for the object in a proper format
*
* We had to put this method in the icms_ipf_Object because the XOBJ_DTYPE_ARRAY does not work properly
* at least on PHP 5.1. So we have created a new type XOBJ_DTYPE_SIMPLE_ARRAY to handle 1 level array
* as a string separated by |
*
* @access public
* @param string $key key of the object's variable to be returned
* @param string $format format to use for the output
* @return mixed formatted value of the variable
*/
public function getVar($key, $format = 's')
{
global $myts;
$ret = $this->vars[$key]['value'];
switch ($this->vars[$key]['data_type']) {
case XOBJ_DTYPE_TXTBOX:
switch (strtolower($format)) {
case 's':
case 'show':
// ML Hack by marcan
$ret = icms_core_DataFilter::htmlSpecialChars($ret);
if (method_exists($myts, 'formatForML')) {
return $ts->formatForML($ret);
} else {
return $ret;
}
break 1;
// End of ML Hack by marcan
// End of ML Hack by marcan
case 'clean':
$ret = icms_html2text($ret);
$ret = icms_purifyText($ret);
return $ret;
break 1;
// End of ML Hack by marcan
// End of ML Hack by marcan
case 'e':
case 'edit':
return icms_core_DataFilter::htmlSpecialChars($ret);
break 1;
case 'p':
case 'preview':
case 'f':
case 'formpreview':
return icms_core_DataFilter::htmlSpecialChars(icms_core_DataFilter::stripSlashesGPC($ret));
break 1;
case 'n':
case 'none':
default:
break 1;
}
break;
case XOBJ_DTYPE_LTIME:
switch (strtolower($format)) {
case 's':
case 'show':
case 'p':
case 'preview':
case 'f':
case 'formpreview':
$ret = formatTimestamp($ret, _DATESTRING);
return $ret;
break 1;
case 'n':
case 'none':
case 'e':
case 'edit':
break 1;
default:
break 1;
}
break;
case XOBJ_DTYPE_STIME:
switch (strtolower($format)) {
case 's':
case 'show':
case 'p':
case 'preview':
case 'f':
case 'formpreview':
$ret = formatTimestamp($ret, _SHORTDATESTRING);
return $ret;
break 1;
case 'n':
case 'none':
case 'e':
case 'edit':
break 1;
default:
break 1;
}
break;
case XOBJ_DTYPE_TIME_ONLY:
switch (strtolower($format)) {
case 's':
case 'show':
case 'p':
case 'preview':
case 'f':
case 'formpreview':
$ret = formatTimestamp($ret, 'G:i');
return $ret;
break 1;
case 'n':
case 'none':
case 'e':
case 'edit':
break 1;
default:
break 1;
}
break;
case XOBJ_DTYPE_CURRENCY:
$decimal_section_original = strstr($ret, '.');
$decimal_section = $decimal_section_original;
if ($decimal_section) {
if (strlen($decimal_section) == 1) {
$decimal_section = '.00';
} elseif (strlen($decimal_section) == 2) {
$decimal_section = $decimal_section . '0';
}
$ret = str_replace($decimal_section_original, $decimal_section, $ret);
} else {
$ret = $ret . '.00';
}
break;
case XOBJ_DTYPE_TXTAREA:
switch (strtolower($format)) {
case 's':
case 'show':
$ts = icms_core_Textsanitizer::getInstance();
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0;
$xcode = !isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1 ? 1 : 0;
$smiley = !isset($this->vars['dosmiley']['value']) || $this->vars['dosmiley']['value'] == 1 ? 1 : 0;
$image = !isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1 ? 1 : 0;
$br = !isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1 ? 1 : 0;
if (defined('XOOPS_EDITOR_IS_HTML')) {
$br = false;
}
if ($html) {
return $ts->displayTarea($ret, $html, $smiley, $xcode, $image, $br);
} else {
return icms_core_DataFilter::checkVar($ret, 'text', 'output');
}
break 1;
case 'e':
case 'edit':
return htmlspecialchars($ret, ENT_QUOTES);
break 1;
case 'p':
case 'preview':
$ts = icms_core_Textsanitizer::getInstance();
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0;
$xcode = !isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1 ? 1 : 0;
$smiley = !isset($this->vars['dosmiley']['value']) || $this->vars['dosmiley']['value'] == 1 ? 1 : 0;
$image = !isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1 ? 1 : 0;
$br = !isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1 ? 1 : 0;
if ($html) {
return $ts->previewTarea($ret, $html, $smiley, $xcode, $image, $br);
} else {
return icms_core_DataFilter::checkVar($ret, 'text', 'output');
}
break 1;
case 'f':
case 'formpreview':
return htmlspecialchars(icms_core_DataFilter::stripSlashesGPC($ret), ENT_QUOTES);
break 1;
case 'n':
case 'none':
default:
break 1;
}
break;
case XOBJ_DTYPE_SIMPLE_ARRAY:
$ret =& explode('|', $ret);
break;
case XOBJ_DTYPE_ARRAY:
$ret =& unserialize($ret);
break;
case XOBJ_DTYPE_SOURCE:
switch (strtolower($format)) {
case 's':
case 'show':
break 1;
case 'e':
case 'edit':
return htmlspecialchars($ret, ENT_QUOTES);
break 1;
case 'p':
case 'preview':
return icms_core_DataFilter::stripSlashesGPC($ret);
break 1;
case 'f':
case 'formpreview':
return htmlspecialchars(icms_core_DataFilter::stripSlashesGPC($ret), ENT_QUOTES);
break 1;
case 'n':
case 'none':
default:
break 1;
}
break;
default:
if ($this->vars[$key]['options'] != '' && $ret != '') {
switch (strtolower($format)) {
case 's':
case 'show':
$selected = explode('|', $ret);
$options = explode('|', $this->vars[$key]['options']);
$i = 1;
$ret = array();
foreach ($options as $op) {
if (in_array($i, $selected)) {
$ret[] = $op;
}
$i++;
}
return implode(', ', $ret);
case 'e':
case 'edit':
$ret = explode('|', $ret);
break 1;
default:
break 1;
}
}
break;
}
return $ret;
}
//show change password form
$form = new icms_form_Theme(_MD_PROFILE_CHANGEPASSWORD, 'form', $_SERVER['REQUEST_URI'], 'post', true);
$form->addElement(new icms_form_elements_Password(_MD_PROFILE_OLDPASSWORD, 'oldpass', 10, 50), true);
$pwd_tray = new icms_form_elements_Tray(_MD_PROFILE_NEWPASSWORD . '<br />' . _MD_PROFILE_VERIFYPASS);
$pwd_tray->addElement(new icms_form_elements_Password('', 'password', 10, 255, '', false, $icmsConfigUser['pass_level'] ? 'password_adv' : ''));
$pwd_tray->addElement(new icms_form_elements_Password('', 'vpass', 10, 255));
$form->addElement($pwd_tray);
$form->addElement(new icms_form_elements_Button('', 'submit', _SUBMIT, 'submit'));
$form->assign($icmsTpl);
} else {
$stop = '';
$member_handler = icms::handler('icms_member');
$username = icms::$user->getVar('uname');
$password = !empty($_POST['password']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['password'])) : '';
$oldpass = !empty($_POST['oldpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['oldpass'])) : '';
$vpass = !empty($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC(trim($_POST['vpass'])) : '';
if (empty($password) || empty($oldpass) || empty($vpass)) {
$stop .= _MD_PROFILE_PROVIDEPWDS;
} else {
icms_loadLanguageFile('core', 'user');
if (!$member_handler->loginUser(addslashes(icms::$user->getVar('login_name')), addslashes($oldpass))) {
$stop .= _US_BADPWD . "<br />";
}
if (strlen($password) < $icmsConfigUser['minpass']) {
$stop .= sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']) . "<br />";
}
if ($password != $vpass) {
$stop .= _US_PASSNOTSAME . "<br />";
}
if ($password == $username || $password == icms_core_DataFilter::utf8_strrev($username, true) || strripos($password, $username) === true) {
$stop .= _US_BADPWD;
$com_title = icms_core_DataFilter::htmlSpecialChars(icms_core_DataFilter::stripSlashesGPC($_POST['com_title']));
if ($dohtml != 0) {
if (is_object(icms::$user)) {
if (!icms::$user->isAdmin($com_modid)) {
$sysperm_handler = icms::handler('icms_member_groupperm');
if (!$sysperm_handler->checkRight('system_admin', XOOPS_SYSTEM_COMMENT, icms::$user->getGroups())) {
$dohtml = 0;
}
}
} else {
$dohtml = 0;
}
}
$p_comment =& icms_core_DataFilter::checkVar($_POST['com_text'], 'html', 'input');
$noname = isset($noname) ? (int) $noname : 0;
$com_text = icms_core_DataFilter::htmlSpecialChars(icms_core_DataFilter::stripSlashesGPC($_POST['com_text']));
if ($icmsModule->getVar('dirname') != 'system') {
include ICMS_ROOT_PATH . '/header.php';
themecenterposts($com_title, $p_comment);
include ICMS_INCLUDE_PATH . '/comment_form.php';
include ICMS_ROOT_PATH . '/footer.php';
} else {
icms_cp_header();
themecenterposts($com_title, $p_comment);
include ICMS_INCLUDE_PATH . '/comment_form.php';
icms_cp_footer();
}
break;
case "post":
if ($icmsConfig['use_captchaf'] == TRUE) {
$icmsCaptcha = icms_form_elements_captcha_Object::instance();
$xoopsMailer->setToEmails($toUser->getVar('email'));
if (icms::$user->getVar('user_viewemail')) {
$xoopsMailer->setFromEmail(icms::$user->getVar('email'));
$xoopsMailer->setFromName(icms::$user->getVar('uname'));
} else {
$xoopsMailer->setFromEmail($icmsConfig['adminmail']);
$xoopsMailer->setFromName($icmsConfig['sitename']);
}
$xoopsMailer->setTemplate('new_pm.tpl');
$xoopsMailer->assign('X_SITENAME', $icmsConfig['sitename']);
$xoopsMailer->assign('X_SITEURL', ICMS_URL . "/");
$xoopsMailer->assign('X_ADMINMAIL', $icmsConfig['adminmail']);
$xoopsMailer->assign('X_UNAME', $toUser->getVar('uname'));
$xoopsMailer->assign('X_FROMUNAME', icms::$user->getVar('uname'));
$xoopsMailer->assign('X_SUBJECT', icms_core_DataFilter::stripSlashesGPC($_POST['subject']));
$xoopsMailer->assign('X_MESSAGE', icms_core_DataFilter::stripSlashesGPC($_POST['message']));
$xoopsMailer->assign('X_ITEM_URL', ICMS_URL . "/viewpmsg.php");
$xoopsMailer->setSubject(sprintf(_PM_MESSAGEPOSTED_EMAILSUBJ, $icmsConfig['sitename']));
$xoopsMailer->send();
}
echo "<br /><br /><div style='text-align:center;'><h4>" . _PM_MESSAGEPOSTED . "</h4><br />\r\n\t\t\t\t\t<a href=\"javascript:window.opener.location='" . ICMS_URL . "/viewpmsg.php';window.close();\">" . _PM_CLICKHERE . "</a><br /><br />\r\n\t\t\t\t\t<a href=\"javascript:window.close();\">" . _PM_ORCLOSEWINDOW . "</a></div>";
}
}
} elseif ($reply == 1 || $send == 1 || $send2 == 1) {
if ($reply == 1) {
$pm_handler = icms::handler('icms_data_privmessage');
$pm =& $pm_handler->get($msg_id);
if ($pm->getVar("to_userid") == (int) icms::$user->getVar('uid')) {
$pm_uname = icms_member_user_Object::getUnameFromId($pm->getVar("from_userid"));
$message = "[quote]\n";
$message .= sprintf(_PM_USERWROTE, $pm_uname);
case 'BannerClientDelete':
if ($cid > 0) {
BannerClientDelete($cid);
}
break;
case 'BannerClientDelete2':
$db =& icms_db_Factory::instance();
if ($cid <= 0 | !icms::$security->check()) {
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 3, implode('<br />', icms::$security->getErrors()));
}
$sql = sprintf("DELETE FROM %s WHERE cid = '%u'", $db->prefix('banner'), $cid);
$db->query($sql);
$sql = sprintf("DELETE FROM %s WHERE cid = '%u'", $db->prefix('bannerclient'), $cid);
$db->query($sql);
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 1, _AM_DBUPDATED);
break;
case 'BannerClientEdit':
if ($cid > 0) {
BannerClientEdit($cid);
}
break;
case 'BannerClientChange':
if ($cid <= 0 | !icms::$security->check()) {
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 3, implode('<br />', icms::$security->getErrors()));
}
$db =& icms_db_Factory::instance();
$sql = sprintf("UPDATE %s SET name = %s, contact = %s, email = %s, login = %s, passwd = %s, extrainfo = %s WHERE cid = '%d'", $db->prefix("bannerclient"), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($name)), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($contact)), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($email)), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($login)), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($passwd)), $db->quoteString(icms_core_DataFilter::stripSlashesGPC($extrainfo)), $cid);
$db->query($sql);
redirect_header('admin.php?fct=banners&op=BannersAdmin#top', 1, _AM_DBUPDATED);
break;
}
$uid = (int) $_POST['uid'];
$user = $member_handler->getUser($uid);
} else {
$user = $member_handler->createUser();
$user->setVar('user_regdate', time());
$user->setVar('user_avatar', 'blank.gif');
$user->setVar('uorder', $icmsConfig['com_order']);
$user->setVar('umode', $icmsConfig['com_mode']);
}
$errors = array();
$stop = '';
$login_name = isset($_POST['login_name']) ? trim($_POST['login_name']) : '';
$uname = isset($_POST['uname']) ? trim($_POST['uname']) : '';
$email = isset($_POST['email']) ? trim($_POST['email']) : '';
$pass = isset($_POST['password']) ? icms_core_DataFilter::stripSlashesGPC($_POST['password']) : '';
$vpass = isset($_POST['vpass']) ? icms_core_DataFilter::stripSlashesGPC($_POST['vpass']) : '';
icms_loadLanguageFile('core', 'user');
$stop .= icms::handler('icms_member_user')->userCheck($login_name, $uname, $email, !$user->isNew() && $pass == '' ? false : $pass, $vpass, $user->isNew() ? 0 : $user->getVar('uid'));
if ($user->getVar('uid') != icms::$user->getVar('uid')) {
if ($pass != '') {
$icmspass = new icms_core_Password();
$salt = icms_core_Password::createSalt();
$pass = $icmspass->encryptPass($pass, $salt, $icmsConfigUser['enc_type']);
$user->setVar('pass', $pass);
$user->setVar('pass_expired', 0);
$user->setVar('enc_type', $icmsConfigUser['enc_type']);
$user->setVar('salt', $salt);
}
$user->setVar('level', (int) $_POST['level']);
}
$user->setVar('uname', $uname);
defined('ICMS_ROOT_PATH') || exit;
icms_loadLanguageFile('core', 'user');
$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
/**
* Commented out for OpenID , we need to change it to make a better validation if OpenID is used
*/
/*if ($uname == '' || $pass == '') {
redirect_header(ICMS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}*/
$member_handler = icms::handler('icms_member');
icms_loadLanguageFile('core', 'auth');
$icmsAuth =& icms_auth_Factory::getAuthConnection(icms_core_DataFilter::addSlashes($uname));
$uname4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($uname));
$pass4sql = icms_core_DataFilter::stripSlashesGPC($pass);
if (empty($user) || !is_object($user)) {
$user =& $icmsAuth->authenticate($uname4sql, $pass4sql);
}
if (FALSE != $user) {
if (0 == $user->getVar('level')) {
redirect_header(ICMS_URL . '/', 5, _US_NOACTTPADM);
exit;
}
if ($icmsConfigPersona['multi_login']) {
if (is_object($user)) {
$online_handler = icms::handler('icms_core_Online');
$online_handler->gc(300);
$onlines =& $online_handler->getAll();
foreach ($onlines as $online) {
if ($online['online_uid'] == $user->getVar('uid')) {
/**
* sends a welcome message to the user which account has just been activated
*
* return TRUE if success, FALSE if not
*/
public function sendWelcomeMessage()
{
global $icmsConfig, $icmsConfigUser;
if (!$icmsConfigUser['welcome_msg']) {
return true;
}
$xoopsMailer = new icms_messaging_Handler();
$xoopsMailer->useMail();
$xoopsMailer->setBody($icmsConfigUser['welcome_msg_content']);
$xoopsMailer->assign('UNAME', $this->getVar('uname'));
$user_email = $this->getVar('email');
$xoopsMailer->assign('X_UEMAIL', $user_email);
$xoopsMailer->setToEmails($user_email);
$xoopsMailer->setFromEmail($icmsConfig['adminmail']);
$xoopsMailer->setFromName($icmsConfig['sitename']);
$xoopsMailer->setSubject(sprintf(_US_YOURREGISTRATION, icms_core_DataFilter::stripSlashesGPC($icmsConfig['sitename'])));
if (!$xoopsMailer->send(true)) {
$this->setErrors(_US_WELCOMEMSGFAILED);
return false;
} else {
return true;
}
}
icms_cp_footer();
}
break;
case "SmilesEdit":
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
if ($id > 0) {
SmilesEdit($id);
}
break;
case "SmilesSave":
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
if ($id <= 0 | !icms::$security->check()) {
redirect_header('admin.php?fct=smilies', 3, implode('<br />', icms::$security->getErrors()));
}
$smile_code = icms_core_DataFilter::stripSlashesGPC($_POST['smile_code']);
$smile_desc = icms_core_DataFilter::stripSlashesGPC($_POST['smile_desc']);
$smile_display = (int) $_POST['smile_display'] > 0 ? 1 : 0;
$db =& icms_db_Factory::instance();
if ($_FILES['smile_url']['name'] != "") {
$uploader = new icms_file_MediaUploadHandler(ICMS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120);
$uploader->setPrefix('smil');
if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) {
if (!$uploader->upload()) {
$err = $uploader->getErrors();
} else {
$smile_url = $uploader->getSavedFileName();
if (!$db->query(sprintf("UPDATE %s SET code = %s, smile_url = %s, emotion = %s, display = %d WHERE id = '%d'", $db->prefix('smiles'), $db->quoteString($smile_code), $db->quoteString($smile_url), $db->quoteString($smile_desc), $smile_display, $id))) {
$err = 'Failed storing smiley data into the database';
} else {
$oldsmile_path = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . trim($_POST['old_smile'])));
if (0 === strpos($oldsmile_path, ICMS_UPLOAD_PATH) && is_file($oldsmile_path)) {
