/** * Checks the Values sent trough post * * Checks the Values sent trough post. Normally this is already done * by Javascript, but it could be possible that the client doens't run * JS, so this is done here again. Sadly, it is not possible to rewrite * the posted values again * @access private * @global array * @param array Submitted field values * @see getSettings(), initCheckTypes(), arrCheckTypes, _isSpam(), errorMsg * @return boolean Return FALSE if a field's value isn't valid, otherwise TRUE */ function _checkValues($arrFields, $useCaptcha) { global $_ARRAYLANG; $error = false; $arrSettings = $this->getSettings(); $arrSpamKeywords = explode(',', $arrSettings['spamProtectionWordList']); $this->initCheckTypes(); if (count($arrFields['fields']) > 0) { foreach ($arrFields['fields'] as $fieldId => $field) { $value = ''; $validationRegex = null; $isRequired = $field['is_required']; switch ($field['type']) { case 'label': case 'fieldset': case 'horizontalLine': // we need to use a 'continue 2' here to first break out of the switch and then move over to the next iteration of the foreach loop continue 2; break; case 'select': $value = $arrFields['data'][$fieldId]; break; case 'file': case 'multi_file': if (!$this->legacyMode && $isRequired) { //check if the user has uploaded any files $tup = self::getTemporaryUploadPath($this->submissionId, $fieldId); $path = $tup[0] . '/' . $tup[2]; if (count(@scandir($path)) == 2) { //only . and .. present, directory is empty //no uploaded files in a mandatory field - no good. $error = true; } // we need to use a 'continue 2' here to first break out of the switch and then move over to the next iteration of the foreach loop continue 2; } // this is used for legacyMode $value = isset($arrFields['uploadedFiles'][$fieldId]) ? $arrFields['uploadedFiles'][$fieldId] : ''; break; case 'text': case 'checkbox': case 'checkboxGroup': case 'country': case 'date': case 'hidden': case 'password': case 'radio': case 'textarea': case 'recipient': case 'special': default: if ($field['check_type']) { $validationRegex = "#" . $this->arrCheckTypes[$field['check_type']]['regex'] . "#"; if (!empty($this->arrCheckTypes[$field['check_type']]['modifiers'])) { $validationRegex .= $this->arrCheckTypes[$field['check_type']]['modifiers']; } } $value = isset($arrFields['data'][$fieldId]) ? $arrFields['data'][$fieldId] : ''; break; } if ($isRequired && $value != 0 && empty($value)) { $error = true; } elseif (empty($value)) { continue; } elseif ($validationRegex && !preg_match($validationRegex, $value)) { $error = true; } elseif ($this->_isSpam($value, $arrSpamKeywords)) { $error = true; } } } if ($useCaptcha) { if (!\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $error = true; } } if ($error) { $this->errorMsg = $_ARRAYLANG['TXT_FEEDBACK_ERROR'] . '<br />'; return false; } else { return true; } }
/** * show thread * * @param integer $intThreadId * @return bool */ function showThread($intThreadId) { global $objDatabase, $_ARRAYLANG; $objFWUser = \FWUser::getFWUserObject(); $this->_communityLogin(); $intThreadId = intval($intThreadId); if (!empty($_REQUEST['notification_update']) && $_REQUEST['notification_update'] == $_ARRAYLANG['TXT_FORUM_UPDATE_NOTIFICATION']) { $this->_updateNotification($intThreadId); } $intCatId = !empty($_REQUEST['category_id']) ? intval($_REQUEST['category_id']) : '0'; if ($intCatId == 0) { $intCatId = $this->_getCategoryIdFromThread($intThreadId); } if (empty($intCatId)) { \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum'); die; } if ($objFWUser->objUser->login()) { $this->_objTpl->touchBlock('notificationRow'); } else { $this->_objTpl->hideBlock('notificationRow'); } $intPostId = !empty($_REQUEST['postid']) ? intval($_REQUEST['postid']) : 0; $intPostId = $intPostId == 0 && !empty($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : $intPostId; $this->_objTpl->setVariable('FORUM_EDIT_POST_ID', $intPostId); $_REQUEST['act'] = !empty($_REQUEST['act']) ? $_REQUEST['act'] : ''; if ($_REQUEST['act'] == 'delete') { if ($this->_checkAuth($intCatId, 'delete')) { if ($this->_deletePost($intCatId, $intThreadId, $_REQUEST['postid'])) { $this->_objTpl->setVariable('TXT_FORUM_SUCCESS', '<br />' . $_ARRAYLANG['TXT_FORUM_DELETED_SUCCESSFULLY']); } else { $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_DELETE_FAILED']); } } else { $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']); } } $pos = !empty($_REQUEST['pos']) ? intval($_REQUEST['pos']) : 0; $this->_objTpl->setVariable(array('FORUM_PAGING_POS' => $pos)); if (!empty($_REQUEST['preview_new'])) { $pos = $this->_getLastPos($intPostId, $intThreadId); } if (!empty($_REQUEST['postid'])) { if ($_REQUEST['act'] == 'quote') { $pos = $this->_getLastPos($intPostId, $intThreadId); } if ($_REQUEST['act'] == 'edit') { $pos = $this->_getEditPos($intPostId, $intThreadId); } } if (!empty($_REQUEST['l']) && $_REQUEST['l'] == 1) { $pos = $this->_getEditPos($intPostId, $intThreadId); } $arrPosts = $this->createPostArray($intThreadId, $pos); if (!empty($_REQUEST['preview_edit']) && $_REQUEST['post_id'] != 0 && $_REQUEST['act'] != 'quote') { $intPostId = intval($intPostId); $pos = $this->_getEditPos($intPostId, $intThreadId); $arrPosts = $this->createPostArray($intThreadId, $pos); $arrPosts[$intPostId]['subject'] = !empty($_REQUEST['subject']) ? contrexx_strip_tags($_REQUEST['subject']) : $_ARRAYLANG['TXT_FORUM_NO_SUBJECT']; $arrPosts[$intPostId]['content'] = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForOutput(contrexx_input2raw($_REQUEST['message'])); } $userId = $objFWUser->objUser->login() ? $objFWUser->objUser->getId() : 0; $icon = !empty($_REQUEST['icons']) ? intval($_REQUEST['icons']) : 1; if ($_REQUEST['act'] == 'edit') { //submit is an edit $arrEditedPost = $this->_getPostingData($intPostId); $subject = addcslashes(htmlentities($arrEditedPost['subject'], ENT_QUOTES, CONTREXX_CHARSET), '\\'); $content = $arrEditedPost['content']; $keywords = addcslashes(htmlentities($arrEditedPost['keywords'], ENT_QUOTES, CONTREXX_CHARSET), '\\'); $attachment = $arrEditedPost['attachment']; $this->_objTpl->setVariable('FORUM_POST_EDIT_USERID', $arrPosts[$intPostId]['user_id']); if (!empty($attachment)) { $this->_objTpl->setVariable('TXT_FORUM_DELETE_ATTACHMENT', sprintf($_ARRAYLANG['TXT_FORUM_DELETE_ATTACHMENT'], $attachment)); } $this->_objTpl->touchBlock('updatePost'); $this->_objTpl->hideBlock('createPost'); $this->_objTpl->hideBlock('previewNewPost'); $this->_objTpl->touchBlock('previewEditPost'); } else { //new post if ($this->_objTpl->blockExists('delAttachment')) { $this->_objTpl->hideBlock('delAttachment'); } $subject = !empty($_REQUEST['subject']) ? contrexx_strip_tags($_REQUEST['subject']) : ''; $content = !empty($_REQUEST['message']) ? contrexx_input2raw(strip_tags($_REQUEST['message'])) : ''; $keywords = !empty($_REQUEST['keywords']) ? contrexx_strip_tags($_REQUEST['keywords']) : ''; $attachment = !empty($_REQUEST['attachment']) ? contrexx_strip_tags($_REQUEST['attachment']) : ''; $this->_objTpl->touchBlock('createPost'); $this->_objTpl->hideBlock('updatePost'); $this->_objTpl->touchBlock('previewNewPost'); $this->_objTpl->hideBlock('previewEditPost'); } if ($_REQUEST['act'] == 'quote') { $quoteContent = $this->_getPostingData($intPostId); $subject = 'RE: ' . addcslashes(htmlentities($quoteContent['subject'], ENT_QUOTES, CONTREXX_CHARSET), '\\'); $content = '[quote=' . $arrPosts[$intPostId]['user_name'] . ']' . strip_tags($quoteContent['content']) . '[/quote]'; } $firstPost = current($arrPosts); if ($this->_arrSettings['wysiwyg_editor'] == 1) { //IF WYSIWIG enabled.. $strMessageInputHTML = new \Cx\Core\Wysiwyg\Wysiwyg('message', $content, 'bbcode'); } else { //plain textarea $strMessageInputHTML = '<textarea style="width: 400px; height: 150px;" rows="5" cols="10" name="message">' . contrexx_raw2xhtml($content) . '</textarea>'; } $this->_objTpl->setGlobalVariable(array('FORUM_JAVASCRIPT_GOTO' => $this->getJavascript('goto'), 'FORUM_JAVASCRIPT_DELETE' => $this->getJavascript('deletePost'), 'FORUM_JAVASCRIPT_SCROLLTO' => $this->getJavascript('scrollto'), 'FORUM_SCROLLPOS' => !empty($_REQUEST['scrollpos']) ? intval($_REQUEST['scrollpos']) : '0', 'FORUM_JAVASCRIPT_INSERT_TEXT' => $this->getJavascript('insertText', array($intCatId, $intThreadId, $firstPost)), 'FORUM_NAME' => $this->_shortenString($firstPost['subject'], $this->_maxStringlength), 'FORUM_TREE' => $this->_createNavTree($intCatId) . '<a title="' . $this->_arrTranslations[$intCatId][$this->_intLangId]['name'] . '" href="index.php?section=Forum&cmd=board&id=' . $intCatId . '">' . $this->_shortenString($this->_arrTranslations[$intCatId][$this->_intLangId]['name'], $this->_maxStringlength) . '</a> > ', 'FORUM_DROPDOWN' => $this->createForumDD('forum_quickaccess', $intCatId, 'onchange="gotoForum(this);"', ''), 'TXT_FORUM_COMMA_SEPARATED_KEYWORDS' => $_ARRAYLANG['TXT_FORUM_COMMA_SEPARATED_KEYWORDS'], 'TXT_FORUM_KEYWORDS' => $_ARRAYLANG['TXT_FORUM_KEYWORDS'], 'TXT_FORUM_FILE_ATTACHMENT' => $_ARRAYLANG['TXT_FORUM_FILE_ATTACHMENT'], 'TXT_FORUM_RATING' => $_ARRAYLANG['TXT_FORUM_RATING'], 'TXT_FORUM_ADD_POST' => $_ARRAYLANG['TXT_FORUM_ADD_POST'], 'TXT_FORUM_SUBJECT' => $_ARRAYLANG['TXT_FORUM_SUBJECT'], 'TXT_FORUM_MESSAGE' => $_ARRAYLANG['TXT_FORUM_MESSAGE'], 'TXT_FORUM_RESET' => $_ARRAYLANG['TXT_FORUM_RESET'], 'TXT_FORUM_CREATE_POST' => $_ARRAYLANG['TXT_FORUM_CREATE_POST'], 'TXT_FORUM_ICON' => $_ARRAYLANG['TXT_FORUM_ICON'], 'TXT_FORUM_QUOTE' => $_ARRAYLANG['TXT_FORUM_QUOTE'], 'TXT_FORUM_EDIT' => $_ARRAYLANG['TXT_FORUM_EDIT'], 'TXT_FORUM_DELETE' => $_ARRAYLANG['TXT_FORUM_DELETE'], 'TXT_FORUM_PREVIEW' => $_ARRAYLANG['TXT_FORUM_PREVIEW'], 'TXT_FORUM_UPDATE_POST' => $_ARRAYLANG['TXT_FORUM_UPDATE_POST'], 'TXT_FORUM_NOTIFY_NEW_POSTS' => $_ARRAYLANG['TXT_FORUM_NOTIFY_NEW_POSTS'], 'TXT_FORUM_QUICKACCESS' => $_ARRAYLANG['TXT_FORUM_QUICKACCESS'], 'TXT_FORUM_UPDATE_NOTIFICATION' => $_ARRAYLANG['TXT_FORUM_UPDATE_NOTIFICATION'], 'TXT_FORUM_THREAD_ACTION_DESC' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_DESC'], 'TXT_FORUM_THREAD_ACTION_MOVE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE'], 'TXT_FORUM_THREAD_ACTION_CLOSE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_CLOSE_' . $firstPost['is_locked']], 'TXT_FORUM_THREAD_ACTION_STICKY' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_STICKY_' . $firstPost['is_sticky']], 'TXT_FORUM_THREAD_ACTION_DELETE' => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_DELETE'], 'TXT_FORUM_CHOOSE_FILE' => $_ARRAYLANG['TXT_FORUM_CHOOSE_FILE'], 'FORUM_NOTIFICATION_CHECKBOX_CHECKED' => $this->_hasNotification($intThreadId) ? 'checked="checked"' : '', 'FORUM_SUBJECT' => stripslashes($subject), 'FORUM_KEYWORDS' => stripslashes($keywords), 'FORUM_ATTACHMENT_OLDNAME' => $attachment, 'FORUM_MESSAGE_INPUT' => $strMessageInputHTML, 'FORUM_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode(), 'FORUM_THREAD_ID' => $intThreadId, 'FORUM_CATEGORY_ID' => $intCatId, 'FORUM_POSTS_PAGING' => getPaging($this->_postCount, $pos, '§ion=Forum&cmd=thread&id=' . $intThreadId, $_ARRAYLANG['TXT_FORUM_OVERVIEW_POSTINGS'], true, $this->_arrSettings['posting_paging']))); if ($objFWUser->objUser->login()) { $this->_objTpl->hideBlock('captcha'); } else { $this->_objTpl->touchBlock('captcha'); } $this->_setIcons($this->_getIcons()); if (!$this->_checkAuth($intCatId, 'read')) { $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']); return false; } $intCounter = 0; foreach ($arrPosts as $postId => $arrValues) { $strRating = '<span id="forum_current_rating_' . $postId . '" class="rating_%s">%s</span>'; if ($arrValues['rating'] == 0) { $class = 'none'; } elseif ($arrValues['rating'] > 0) { $class = 'pos'; } else { $class = 'neg'; } $strRating = sprintf($strRating, $class, $arrValues['rating']); $strUserProfileLink = $arrValues['user_id'] > 0 ? '<a title="' . $arrValues['user_name'] . '" href="index.php?section=Access&cmd=user&id=' . $arrValues['user_id'] . '">' . $arrValues['user_name'] . '</a>' : $this->_anonymousName; $arrAttachment = $this->_getAttachment($arrValues['attachment']); $this->_objTpl->setGlobalVariable(array('FORUM_POST_ROWCLASS' => $intCounter++ % 2 + 1)); $quoteLink = "id=" . $intThreadId . "&act=quote&postid=" . $postId; $quoteLinkLoggedIn = "location.href='" . \Cx\Core\Csrf\Controller\Csrf::enhanceURI("index.php?section=Forum") . "&cmd=thread&" . htmlentities($quoteLink) . "';"; $quoteLinkNotLoggedIn = "location.href='" . \Cx\Core\Csrf\Controller\Csrf::enhanceURI("index.php?section=Login") . "&redirect=" . base64_encode("index.php?section=Forum&cmd=thread&" . $quoteLink) . "';"; $this->_objTpl->setVariable(array('FORUM_POST_DATE' => $arrValues['time_created'], 'FORUM_POST_LAST_EDITED' => $arrValues['time_edited'] != date(ASCMS_DATE_FORMAT, 0) ? $_ARRAYLANG['TXT_FORUM_LAST_EDITED'] . $arrValues['time_edited'] : '', 'FORUM_USER_ID' => $arrValues['user_id'], 'FORUM_USER_NAME' => $strUserProfileLink, 'FORUM_USER_IMAGE' => !empty($arrValues['user_image']) ? '<img border="0" width="60" height="60" src="' . $arrValues['user_image'] . '" title="' . $arrValues['user_name'] . '\'s avatar" alt="' . $arrValues['user_name'] . '\'s avatar" />' : '', 'FORUM_USER_GROUP' => '', 'FORUM_USER_RANK' => '', 'FORUM_USER_REGISTERED_SINCE' => '', 'FORUM_USER_POSTING_COUNT' => '', 'FORUM_USER_CONTACTS' => '', 'FORUM_POST_NUMBER' => '#' . $arrValues['post_number'], 'FORUM_POST_ICON' => $arrValues['post_icon'], 'FORUM_POST_SUBJECT' => $arrValues['subject'], 'FORUM_POST_MESSAGE' => $arrValues['content'], 'FORUM_POST_RATING' => $strRating, 'FORUM_POST_ATTACHMENT_LINK' => $arrAttachment['webpath'], 'FORUM_POST_ATTACHMENT_FILENAME' => $arrAttachment['name'], 'FORUM_POST_ATTACHMENT_ICON' => $arrAttachment['icon'], 'FORUM_POST_ATTACHMENT_FILESIZE' => $arrAttachment['size'], 'FORUM_QUOTE_ONCLICK' => $this->_checkAuth($intCatId, 'write') ? $quoteLinkLoggedIn : $quoteLinkNotLoggedIn)); if (!$objFWUser->objUser->login() && !$this->_checkAuth($intCatId, 'write')) { $button = '<input type="button" value="' . $_ARRAYLANG['TXT_FORUM_CREATE_POST'] . '" onclick="location.href=\'' . \Cx\Core\Csrf\Controller\Csrf::enhanceURI('index.php?section=Login') . '&redirect=' . base64_encode($_SERVER['REQUEST_URI']) . '\';" />'; $this->_objTpl->setVariable(array('FORUM_POST_REPLY_REDIRECT' => $button)); } $this->_objTpl->setVariable(array('FORUM_POST_ID' => $postId, 'FORUM_RATING_POST_ID' => $postId)); if ($firstPost['is_locked'] != 1 && ($this->_checkAuth($intCatId, 'edit') || $objFWUser->objUser->login() && $arrValues['user_id'] == $objFWUser->objUser->getId())) { $this->_objTpl->touchBlock('postEdit'); } else { $this->_objTpl->hideBlock('postEdit'); } if ($firstPost['is_locked'] != 1 && ($this->_checkAuth($intCatId, 'write') || !$firstPost['is_locked'])) { $this->_objTpl->touchBlock('postQuote'); } else { $this->_objTpl->hideBlock('postQuote'); } if ($this->_checkAuth($intCatId, 'delete') && $arrValues['post_number'] != 1) { $this->_objTpl->setVariable(array('FORUM_POST_ID' => $postId)); $this->_objTpl->touchBlock('postDelete'); } else { $this->_objTpl->hideBlock('postDelete'); } if ($this->_objTpl->blockExists('rating')) { if ($objFWUser->objUser->login() && !$this->_hasRated($postId)) { $this->_objTpl->parse('rating'); } else { $this->_objTpl->hideBlock('rating'); } } if ($this->_objTpl->blockExists('attachment')) { if (!empty($arrValues['attachment'])) { $this->_objTpl->parse('attachment'); } else { $this->_objTpl->hideBlock('attachment'); } } $this->_objTpl->parse('forumPosts'); } if (!$this->_checkAuth($intCatId, 'write') || $firstPost['is_locked'] == 1) { $this->_objTpl->hideBlock('addPost'); $this->_objTpl->hideBlock('addPostAnchor'); } else { $this->_objTpl->touchBlock('addPostAnchor'); } // initialize the uploader $this->initForumUploader(); //addpost code if (!empty($_REQUEST['create']) && $_REQUEST['create'] == $_ARRAYLANG['TXT_FORUM_CREATE_POST']) { if (!$this->_checkAuth($intCatId, 'write') && $firstPost['is_locked'] != 1) { //auth check $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']); $this->_objTpl->hideBlock('addPost'); return false; } if (!$objFWUser->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { //captcha check return false; } if (strlen(trim($content)) < $this->_minPostlength) { //content check $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength)); return false; } if (false !== ($match = $this->_hasBadWords($content))) { $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1])); return false; } $fileInfo = $this->_handleUpload('forum_attachment'); if ($fileInfo === false) { //an error occured, the file wasn't properly transferred. exit function to display error set in _handleUpload() return false; } $lastPostIdQuery = ' SELECT max( id ) as last_post_id FROM ' . DBPREFIX . 'module_forum_postings WHERE category_id = ' . $intCatId . ' AND thread_id = ' . $intThreadId; if (($objRSmaxId = $objDatabase->SelectLimit($lastPostIdQuery, 1)) !== false) { $intPrevPostId = $objRSmaxId->fields['last_post_id']; } else { die('Database error: ' . $objDatabase->ErrorMsg()); } $insertQuery = 'INSERT INTO ' . DBPREFIX . 'module_forum_postings ( id, category_id, thread_id, prev_post_id, user_id, time_created, time_edited, is_locked, is_sticky, rating, views, icon, keywords, subject, content, attachment ) VALUES ( NULL, ' . $intCatId . ', ' . $intThreadId . ', ' . $intPrevPostId . ', ' . $userId . ', ' . time() . ', 0, 0, 0, 0, 0, ' . $icon . ",\n '{$keywords}' ,'" . $subject . "', '" . contrexx_raw2db($content) . "', '" . $fileInfo['name'] . "'\n )"; if ($objDatabase->Execute($insertQuery) !== false) { $lastInsertId = $objDatabase->Insert_ID(); $this->updateViewsNewItem($intCatId, $lastInsertId, true); $this->_updateNotification($intThreadId); $this->_sendNotifications($intThreadId, $subject, $content); $pageId = \Cx\Core\Core\Controller\Cx::instanciate()->getPage()->getId(); $cacheManager = new \Cx\Core_Modules\Cache\Controller\CacheManager(); $cacheManager->deleteSingleFile($pageId); } \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&pos=' . $this->_getLastPos($postId, $intThreadId)); die; } if (!empty($_REQUEST['preview_new'])) { $content = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForOutput($content); if (false !== ($match = $this->_hasBadWords($content))) { $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1])); return false; } if (strlen(trim($content)) < $this->_minPostlength) { //content check $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength)); return false; } $this->_objTpl->setVariable(array('FORUM_POST_ROWCLASS' => $intCounter++ % 2 + 1, 'FORUM_POST_DATE' => date(ASCMS_DATE_FORMAT, time()), 'FORUM_USER_ID' => $userId, 'FORUM_USER_NAME' => $objFWUser->objUser->login() ? '<a href="index.php?section=Access&cmd=user&id=' . $userId . '" title="' . htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET) . '">' . htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET) . '</a>' : $this->_anonymousName, 'FORUM_USER_IMAGE' => !empty($arrValues['user_image']) ? '<img border="0" width="60" height="60" src="' . $arrValues['user_image'] . '" title="' . $arrValues['user_name'] . '\'s avatar" alt="' . $arrValues['user_name'] . '\'s avatar" />' : '', 'FORUM_USER_GROUP' => '', 'FORUM_USER_RANK' => '', 'FORUM_USER_REGISTERED_SINCE' => '', 'FORUM_USER_POSTING_COUNT' => '', 'FORUM_USER_CONTACTS' => '', 'FORUM_POST_NUMBER' => '#' . ($this->_postCount + 1), 'FORUM_POST_ICON' => $this->getThreadIcon($icon), 'FORUM_POST_SUBJECT' => stripslashes($subject), 'FORUM_POST_MESSAGE' => $content, 'FORUM_POST_RATING' => '0')); $this->_objTpl->touchBlock('createPost'); $this->_objTpl->hideBlock('updatePost'); if ($this->_objTpl->blockExists('attachment')) { $this->_objTpl->hideBlock('attachment'); } $this->_objTpl->hideBlock('postEdit'); $this->_objTpl->hideBlock('postQuote'); $this->_objTpl->touchBlock('previewNewPost'); $this->_objTpl->hideBlock('previewEditPost'); $this->_objTpl->parse('forumPosts'); } if (!empty($_REQUEST['update']) && $_REQUEST['update'] == $_ARRAYLANG['TXT_FORUM_UPDATE_POST']) { if (strlen(trim($content)) < $this->_minPostlength) { //content size check $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_POST_EMPTY'], $this->_minPostlength)); return false; } if (!$this->_checkAuth($intCatId, 'edit') && (!$objFWUser->objUser->login() || $arrValues['user_id'] != $objFWUser->objUser->getId())) { $this->_objTpl->setVariable('TXT_FORUM_ERROR', '<br />' . $_ARRAYLANG['TXT_FORUM_NO_ACCESS']); $this->_objTpl->hideBlock('postEdit'); return false; } if (!$objFWUser->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $this->_objTpl->touchBlock('updatePost'); $this->_objTpl->hideBlock('createPost'); return false; } if (false !== ($match = $this->_hasBadWords($content))) { $this->_objTpl->setVariable('TXT_FORUM_ERROR', sprintf('<br />' . $_ARRAYLANG['TXT_FORUM_BANNED_WORD'], $match[1])); return false; } $fileInfo = $this->_handleUpload('forum_attachment'); if ($fileInfo === false) { //an error occured, the file wasn't properly transferred. exit function to display error set in _handleUpload() return false; } if (empty($_POST['forum_delete_attachment']) && empty($fileInfo['name']) && !empty($_REQUEST['forum_attachment_oldname'])) { $fileInfo['name'] = contrexx_addslashes($_REQUEST['forum_attachment_oldname']); } elseif (!empty($_POST['forum_delete_attachment']) && $_POST['forum_delete_attachment'] == 1 || !empty($_REQUEST['forum_attachment_oldname']) && $fileInfo['name'] != $_REQUEST['forum_attachment_oldname']) { unlink(\Cx\Core\Core\Controller\Cx::instanciate()->getWebsiteMediaForumUploadPath() . '/' . str_replace(array('./', '.\\'), '', $_REQUEST['forum_attachment_oldname'])); } $updateQuery = 'UPDATE ' . DBPREFIX . 'module_forum_postings SET time_edited = ' . mktime() . ', icon = ' . $icon . ', subject = \'' . $subject . '\', keywords = \'' . $keywords . '\', content = \'' . contrexx_raw2db($content) . '\', attachment = \'' . $fileInfo['name'] . '\' WHERE id = ' . $intPostId; if ($objDatabase->Execute($updateQuery) !== false) { $this->updateViews($intThreadId, $intPostId); $pageId = \Cx\Core\Core\Controller\Cx::instanciate()->getPage()->getId(); $cacheManager = new \Cx\Core_Modules\Cache\Controller\CacheManager(); $cacheManager->deleteSingleFile($pageId); } \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&pos=' . $this->_getLastPos($postId, $intThreadId)); die; } if (!empty($_REQUEST['preview_edit'])) { $this->_objTpl->touchBlock('updatePost'); $this->_objTpl->hideBlock('createPost'); $this->_objTpl->hideBlock('previewNewPost'); $this->_objTpl->touchBlock('previewEditPost'); } $hasAccess = false; foreach (array('STICKY', 'MOVE', 'CLOSE', 'DELETE') as $action) { if (!$this->_checkAuth($intCatId, strtolower($action))) { $this->_objTpl->setVariable('FORUM_THREAD_ACTIONS_DISABLED_' . $action, 'disabled="disabled"'); } else { $hasAccess = true; } } if ($this->_objTpl->blockExists('threadActionsSelect')) { if ($userId < 1 || !$hasAccess) { $this->_objTpl->hideBlock('threadActionsSelect'); } else { $this->_objTpl->touchBlock('threadActionsSelect'); } } if (!empty($_REQUEST['action']) && $_REQUEST['action'] == 'move' && !empty($_REQUEST['id'])) { $thread = intval($_REQUEST['id']); $newCat = intval($_REQUEST['moveToThread']); $oldCat = $this->_getCategoryIdFromThread($thread); $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `category_id` = {$newCat} WHERE `thread_id` = " . $thread; if ($objDatabase->Execute($query)) { $intMovedPosts = $objDatabase->Affected_Rows(); $query = "SELECT max( `id` ) as `lastid` FROM `" . DBPREFIX . "module_forum_postings` WHERE `thread_id` = {$thread}"; $objRS = $objDatabase->SelectLimit($query, 1); $intMovedPostLastId = $objRS->fields['lastid']; $query = "SELECT max( `id` ) as `lastid` FROM `" . DBPREFIX . "module_forum_postings` WHERE `category_id` = {$oldCat}"; $objRS = $objDatabase->SelectLimit($query, 1); $query = "UPDATE `" . DBPREFIX . "module_forum_statistics` SET `thread_count` = `thread_count` - 1, `post_count` = `post_count` - {$intMovedPosts}, `last_post_id` = " . (intval($objRS->fields['lastid']) > 0 ? intval($objRS->fields['lastid']) : 0) . " WHERE `category_id` = {$oldCat}"; $objDatabase->Execute($query); $query = "SELECT `id` FROM `" . DBPREFIX . "module_forum_postings` WHERE `category_id` = {$newCat} GROUP BY `time_created` DESC"; $objRS = $objDatabase->Execute($query); $query = "UPDATE `" . DBPREFIX . "module_forum_statistics` SET `thread_count` = `thread_count` + 1, `post_count` = `post_count` + {$intMovedPosts}, `last_post_id` = " . $objRS->fields['id'] . " WHERE `category_id` = {$newCat}"; $objDatabase->Execute($query); $this->_objTpl->hideBlock('moveForm'); $this->_objTpl->setVariable(array('TXT_THREAD_ACTION_' . ($success ? 'SUCCESS' : 'ERROR') => $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE' . (!$success ? 'UN' : '') . 'SUCCESSFUL'], 'FORUM_CATEGORY_ID' => $intCatId, 'FORUM_THREAD_ID' => $intThreadId)); \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $thread); } } if (!empty($_GET['a'])) { $this->_objTpl->setVariable(array('TXT_FORUM_' . ($_GET['r'] == 1 ? 'SUCCESS' : 'ERROR') => '<br />' . $_ARRAYLANG['TXT_FORUM_THREAD_ACTION_' . strtoupper($_GET['a']) . '_' . (!$_GET['r'] ? 'UN' : '') . 'SUCCESSFUL' . $_GET['s']])); } $success = false; if (!empty($_REQUEST['thread_actions'])) { $action = contrexx_addslashes($_REQUEST['thread_actions']); if ($this->_checkAuth($intCatId, $action)) { switch ($action) { case 'move': $arrForums = $this->createForumArray($this->_intLangId); foreach ($arrForums as $intCatID => $arrThread) { $strOptions .= '<option value="' . $intCatID . '" ' . ($arrThread['level'] == 0 ? 'disabled="disabled"' : '') . '>' . str_repeat(' ', $arrThread['level'] * 2) . $arrThread['name'] . '</option>'; } $this->_objTpl->setVariable(array('FORUM_THREADS' => $strOptions)); $success = true; $suffix = ''; \Env::get('cx')->getPage()->setTitle($_ARRAYLANG['TXT_FORUM_THREAD_ACTION_MOVE']); break; case 'close': $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `is_locked` = IF(`is_locked` = '0' OR `is_locked` = '', '1', '0') WHERE thread_id = " . intval($_REQUEST['id']); if ($objDatabase->Execute($query) !== false) { $success = true; } $suffix = '_' . $firstPost['is_locked']; break; case 'sticky': $query = "UPDATE `" . DBPREFIX . "module_forum_postings` SET `is_sticky` = IF(`is_sticky` = '0' OR `is_sticky` = '', '1', '0') WHERE thread_id = " . intval($_REQUEST['id']); if ($objDatabase->Execute($query) !== false) { $success = true; } $suffix = '_' . $firstPost['is_sticky']; break; default: break; } if ($action != 'move') { \Cx\Core\Csrf\Controller\Csrf::header('Location: index.php?section=Forum&cmd=thread&id=' . $intThreadId . '&a=' . $action . '&r=' . $success . '&s=' . $suffix); } } else { $this->_objTpl->setVariable('TXT_THREAD_ACTION_ERROR', $_ARRAYLANG['TXT_FORUM_NO_ACCESS']); } $this->_objTpl->parse('threadActions'); $this->_objTpl->touchBlock('threadActions'); $this->_objTpl->hideBlock('threadDisplay'); } else { $this->updateViews($intThreadId, $intPostId); $this->_objTpl->hideBlock('threadActions'); } return true; }
/** * Show the login mask. * * @access private * @global array $_ARRAYLANG * @global FWUser $objFWUser */ private function showLogin() { global $_CORELANG, $_ARRAYLANG; $this->objTemplate->addBlockfile('CONTENT_FILE', 'CONTENT_BLOCK', '/core_modules/Login/View/Template/Backend/login.html'); $frontendLink = ASCMS_INSTANCE_OFFSET; if (empty($frontendLink)) { $frontendLink = '/'; } $this->objTemplate->setVariable(array('TITLE' => $_ARRAYLANG['TXT_LOGIN_LOGIN'], 'TXT_LOGIN_LOGIN' => $_ARRAYLANG['TXT_LOGIN_LOGIN'], 'TXT_FRONTEND_LINK' => $_ARRAYLANG['TXT_FRONTEND_LINK'], 'TXT_LOGIN_ENTER_A_LOGIN' => $_ARRAYLANG['TXT_LOGIN_ENTER_A_LOGIN'], 'TXT_LOGIN_ENTER_A_PASSWORD' => $_ARRAYLANG['TXT_LOGIN_ENTER_A_PASSWORD'], 'TXT_LOGIN_ENTER_CAPTCHA' => $_ARRAYLANG['TXT_LOGIN_ENTER_CAPTCHA'], 'TXT_LOGIN_USERNAME' => $_ARRAYLANG['TXT_LOGIN_USERNAME'], 'TXT_LOGIN_PASSWORD' => $_ARRAYLANG['TXT_LOGIN_PASSWORD'], 'TXT_LOGIN_PASSWORD_LOST' => $_ARRAYLANG['TXT_LOGIN_PASSWORD_LOST'], 'TXT_LOGIN_REMEMBER_ME' => $_CORELANG['TXT_CORE_REMEMBER_ME'], 'REDIRECT_URL' => !empty($_POST['redirect']) ? $_POST['redirect'] : ASCMS_PATH_OFFSET . ASCMS_BACKEND_PATH . substr(getenv('REQUEST_URI'), strlen(\Env::get('cx')->getWebsiteBackendPath())), 'FRONTEND_LINK' => $frontendLink, 'JAVASCRIPT' => \JS::getCode())); if (\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $this->objTemplate->setVariable('LOGIN_ERROR_MESSAGE', \FWUser::getFWUserObject()->getErrorMsg()); $this->objTemplate->parse('error_message'); } else { $this->objTemplate->hideBlock('error_message'); } if (isset($_SESSION['auth']['loginLastAuthFailed'])) { $this->objTemplate->setVariable(array('TXT_LOGIN_SECURITY_CODE' => $_ARRAYLANG['TXT_LOGIN_SECURITY_CODE'], 'CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode(3))); $this->objTemplate->parse('captcha'); } else { $this->objTemplate->hideBlock('captcha'); } }
/** * Send Recommendation * * Send an email if the input is valid. Otherwise * Show some error messages and the form again */ function _sendRecomm() { global $_ARRAYLANG, $_CONFIG, $_LANGID, $_CORELANG; if (empty($_POST['receivername'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_RECEIVER_NAME'] . ' ' . $_ARRAYLANG['TXT_IS_EMPTY'] . '<br />'; } if (empty($_POST['receivermail'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_RECEIVER_MAIL'] . ' ' . $_ARRAYLANG['TXT_IS_EMPTY'] . '<br />'; } elseif (!$this->isEmail($_POST['receivermail'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_RECEIVER_MAIL'] . ' ' . $_ARRAYLANG['TXT_IS_INVALID'] . '<br />'; } if (empty($_POST['sendername'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_SENDER_NAME'] . ' ' . $_ARRAYLANG['TXT_IS_EMPTY'] . '<br />'; } if (empty($_POST['sendermail'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_SENDER_MAIL'] . ' ' . $_ARRAYLANG['TXT_IS_EMPTY'] . '<br />'; } elseif (!$this->isEmail($_POST['sendermail'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_SENDER_MAIL'] . ' ' . $_ARRAYLANG['TXT_IS_INVALID'] . '<br />'; } if (empty($_POST['comment'])) { $this->_pageMessage .= $_ARRAYLANG['TXT_STATUS_COMMENT'] . ' ' . $_ARRAYLANG['TXT_IS_EMPTY'] . '<br />'; } $receivername = $_POST['receivername']; $receivermail = $_POST['receivermail']; $sendername = $_POST['sendername']; $sendermail = $_POST['sendermail']; $comment = $_POST['comment']; if (!empty($this->_pageMessage) || !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { //something's missing or wrong $this->_objTpl->setVariable('RECOM_STATUS', '<div class="text-danger">' . $this->_pageMessage . '</div>'); $this->_objTpl->setCurrentBlock('recommend_form'); $this->_objTpl->setVariable(array('RECOM_SCRIPT' => $this->getJs(), 'RECOM_RECEIVER_NAME' => stripslashes($receivername), 'RECOM_RECEIVER_MAIL' => stripslashes($receivermail), 'RECOM_SENDER_NAME' => stripslashes($sendername), 'RECOM_SENDER_MAIL' => stripslashes($sendermail), 'RECOM_COMMENT' => stripslashes($comment), 'RECOM_PREVIEW' => $this->getMessageBody($_LANGID), 'RECOM_FEMALE_SALUTATION_TEXT' => $this->getFemaleSalutation($_LANGID), 'RECOM_MALE_SALUTATION_TEXT' => $this->getMaleSalutation($_LANGID))); $this->_objTpl->setVariable(array('RECOM_TXT_RECEIVER_NAME' => $_ARRAYLANG['TXT_RECEIVERNAME_FRONTEND'], 'RECOM_TXT_RECEIVER_MAIL' => $_ARRAYLANG['TXT_RECEIVERMAIL_FRONTEND'], 'RECOM_TXT_GENDER' => $_ARRAYLANG['TXT_GENDER_FRONTEND'], 'RECOM_TXT_SENDER_NAME' => $_ARRAYLANG['TXT_SENDERNAME_FRONTEND'], 'RECOM_TXT_SENDER_MAIL' => $_ARRAYLANG['TXT_SENDERMAIL_FRONTEND'], 'RECOM_TXT_COMMENT' => $_ARRAYLANG['TXT_COMMENT_FRONTEND'], 'RECOM_TXT_PREVIEW' => $_ARRAYLANG['TXT_PREVIEW_FRONTEND'], 'RECOM_TXT_FEMALE' => $_ARRAYLANG['TXT_FEMALE_FRONTEND'], 'RECOM_TXT_MALE' => $_ARRAYLANG['TXT_MALE_FRONTEND'], 'RECOM_TEXT' => $_ARRAYLANG['TXT_INTRODUCTION'], 'TXT_RECOMMEND_SEND' => $_ARRAYLANG['TXT_RECOMMEND_SEND'], 'TXT_RECOMMEND_DELETE' => $_ARRAYLANG['TXT_RECOMMEND_DELETE'])); $this->_objTpl->setVariable(array('RECOM_TXT_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], 'RECOM_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode())); if ($this->_objTpl->blockExists('recommend_captcha')) { $this->_objTpl->parse('recommend_captcha'); } else { $this->_objTpl->hideBlock('recommend_captcha'); } $this->_objTpl->parseCurrentBlock('recommend_form'); $this->_objTpl->parse(); } else { //data is valid if (empty($_POST['uri'])) { $url = ASCMS_PROTOCOL . '://' . $_SERVER['HTTP_HOST'] . ASCMS_PATH_OFFSET; } else { $url = $_POST['uri']; } if ($_POST['gender'] == 'male') { $salutation = $this->getMaleSalutation($_LANGID); } else { $salutation = $this->getFemaleSalutation($_LANGID); } $body = $this->getMessageBody($_LANGID); $body = preg_replace('/<SENDER_NAME>/', $sendername, $body); $body = preg_replace('/<SENDER_MAIL>/', $sendermail, $body); $body = preg_replace('/<RECEIVER_NAME>/', $receivername, $body); $body = preg_replace('/<RECEIVER_MAIL>/', $receivermail, $body); $body = preg_replace('/<URL>/', $url, $body); $body = preg_replace('/<COMMENT>/', $comment, $body); $body = preg_replace('/<SALUTATION>/', $salutation, $body); $subject = $this->getMessageSubject($_LANGID); $subject = preg_replace('/<SENDER_NAME>/', $sendername, $subject); $subject = preg_replace('/<SENDER_MAIL>/', $sendermail, $subject); $subject = preg_replace('/<RECEIVER_NAME>/', $receivername, $subject); $subject = preg_replace('/<RECEIVER_MAIL>/', $receivermail, $subject); $subject = preg_replace('/<URL>/', $url, $subject); $subject = preg_replace('/<COMMENT>/', $comment, $subject); $subject = preg_replace('/<SALUTATION>/', $salutation, $subject); if (@(include_once ASCMS_LIBRARY_PATH . '/phpmailer/class.phpmailer.php')) { $objMail = new \phpmailer(); if ($_CONFIG['coreSmtpServer'] > 0) { if (($arrSmtp = \SmtpSettings::getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } $objMail->CharSet = CONTREXX_CHARSET; $objMail->SetFrom($sendermail, $sendername); $objMail->Subject = $subject; $objMail->IsHTML(false); $objMail->Body = $body; $objMail->AddAddress($receivermail); $objMail->Send(); $objMail->ClearAddresses(); $objMail->AddAddress($_CONFIG['contactFormEmail']); $objMail->Send(); } $this->_objTpl->setVariable('RECOM_STATUS', $_ARRAYLANG['TXT_SENT_OK']); $this->_objTpl->parse(); } }
/** * performs the registratio page * * @return null */ function showRegistrationForm() { global $_ARRAYLANG, $_CORELANG; $this->_objTpl->setTemplate($this->pageContent, true, true); $objFWUser = \FWUser::getFWUserObject(); $objUser = $objFWUser->objUser; $userId = intval($objUser->getId()); $userLogin = $objUser->login(); $captchaCheck = true; if (!$userLogin && isset($_POST['submitRegistration'])) { $captchaCheck = \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check(); if (!$captchaCheck) { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_ERROR' => '<span class="text-danger">' . $_ARRAYLANG['TXT_CALENDAR_INVALID_CAPTCHA_CODE'] . '</span>')); } } $objEvent = $this->objEventManager->eventList[0]; if (empty($objEvent)) { \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd($this->moduleName, '')); return; } if (!$objEvent->status) { \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd($this->moduleName, '')); return; } if ($objEvent->access == 1 && !\FWUser::getFWUserObject()->objUser->login()) { $link = base64_encode(CONTREXX_SCRIPT_PATH . '?' . $_SERVER['QUERY_STRING']); \Cx\Core\Csrf\Controller\Csrf::redirect(CONTREXX_SCRIPT_PATH . "?section=Login&redirect=" . $link); return; } $dateForPageTitle = $objEvent->startDate; $this->pageTitle = $this->format2userDate($dateForPageTitle) . ": " . html_entity_decode($objEvent->title, ENT_QUOTES, CONTREXX_CHARSET); // Only show registration form if event lies in the future if (time() <= $objEvent->startDate->getTimestamp()) { // Only show registration form if event accepts registrations. // Event accepts registrations, if registration is set up and // - no attendee limit is set // - or if there are still free places available if ($objEvent->registration == CalendarEvent::EVENT_REGISTRATION_INTERNAL && (empty($objEvent->numSubscriber) || !\FWValidator::isEmpty($objEvent->getFreePlaces()))) { $this->_objTpl->setVariable(array($this->moduleLangVar . '_EVENT_ID' => intval($_REQUEST['id']), $this->moduleLangVar . '_FORM_ID' => intval($objEvent->registrationForm), $this->moduleLangVar . '_EVENT_DATE' => intval($_REQUEST['date']), $this->moduleLangVar . '_USER_ID' => $userId, 'TXT_' . $this->moduleLangVar . '_REGISTRATION_SUBMIT' => $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUBMIT'])); $objFormManager = new \Cx\Modules\Calendar\Controller\CalendarFormManager(); $objFormManager->setEvent($objEvent); $objFormManager->getFormList(); //$objFormManager->showForm($this->_objTpl,intval($objEvent->registrationForm), 2, $objEvent->ticketSales); // Made the ticket sales always true, because ticket functionality currently not implemented $objFormManager->showForm($this->_objTpl, intval($objEvent->registrationForm), 2, true); /* if ($this->arrSettings['paymentStatus'] == '1' && $objEvent->ticketSales && ($this->arrSettings['paymentBillStatus'] == '1' || $this->arrSettings['paymentYellowpayStatus'] == '1')) { $paymentMethods = '<select class="calendarSelect" name="paymentMethod">'; $paymentMethods .= $this->arrSettings['paymentBillStatus'] == '1' || $objEvent->price == 0 ? '<option value="1">'.$_ARRAYLANG['TXT_CALENDAR_PAYMENT_BILL'].'</option>' : ''; $paymentMethods .= $this->arrSettings['paymentYellowpayStatus'] == '1' && $objEvent->price > 0 ? '<option value="2">'.$_ARRAYLANG['TXT_CALENDAR_PAYMENT_YELLOWPAY'].'</option>' : ''; $paymentMethods .= '</select>'; $this->_objTpl->setVariable(array( 'TXT_'.$this->moduleLangVar.'_PAYMENT_METHOD' => $_ARRAYLANG['TXT_CALENDAR_PAYMENT_METHOD'], $this->moduleLangVar.'_PAYMENT_METHODS' => $paymentMethods, )); $this->_objTpl->parse('calendarRegistrationPayment'); } else { $this->_objTpl->hideBlock('calendarRegistrationPayment'); } */ if (!$userLogin) { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], $this->moduleLangVar . '_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode())); $this->_objTpl->parse('calendarRegistrationCaptcha'); } else { $this->_objTpl->hideBlock('calendarRegistrationCaptcha'); } if (isset($_POST['submitRegistration']) && $captchaCheck) { $objRegistration = new \Cx\Modules\Calendar\Controller\CalendarRegistration(intval($_POST['form'])); if ($objRegistration->save($_POST)) { if ($objRegistration->saveIn == 2) { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED_WAITLIST']; } else { if ($objRegistration->saveIn == 0) { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED_SIGNOFF']; } else { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED']; /* if($_POST["paymentMethod"] == 2) { $objRegistration->get($objRegistration->id); $objEvent = new \Cx\Modules\Calendar\Controller\CalendarEvent($objRegistration->eventId); $this->getSettings(); $amount = (int) $objEvent->price * 100; $status .= \Cx\Modules\Calendar\Controller\CalendarPayment::_yellowpay(array("orderID" => $objRegistration->id, "amount" => $amount, "currency" => $this->arrSettings["paymentCurrency"], "language" => "DE")); } */ } } $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $status)); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } else { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_ERROR' => '<span class="text-danger">' . $_ARRAYLANG['TXT_CALENDAR_CHECK_REQUIRED'] . '</span>')); $this->_objTpl->parse('calendarRegistrationForm'); $this->_objTpl->hideBlock('calendarRegistrationStatus'); } } else { $this->_objTpl->parse('calendarRegistrationForm'); $this->_objTpl->hideBlock('calendarRegistrationStatus'); } } else { $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $_ARRAYLANG['TXT_CALENDAR_EVENT_FULLY_BLOCKED'])); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } } else { $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $_ARRAYLANG['TXT_CALENDAR_EVENT_IN_PAST'])); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } }
/** * checks input */ function checkInput() { global $_ARRAYLANG; $objValidator = new \FWValidator(); $captchaCheck = true; $_POST['forename'] = strip_tags(contrexx_stripslashes($_POST['forename'])); $_POST['name'] = strip_tags(contrexx_stripslashes($_POST['name'])); $_POST['comment'] = htmlentities(strip_tags(contrexx_stripslashes($_POST['comment'])), ENT_QUOTES, CONTREXX_CHARSET); $_POST['location'] = strip_tags(contrexx_stripslashes($_POST['location'])); $_POST['email'] = strip_tags(contrexx_stripslashes($_POST['email'])); $_POST['url'] = strip_tags(contrexx_stripslashes($_POST['url'])); if (!\FWUser::getFWUserObject()->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $captchaCheck = false; } if (empty($_POST['name']) || empty($_POST['forename'])) { $this->makeError($_ARRAYLANG['TXT_NAME']); } if (empty($_POST['comment'])) { $this->makeError($_ARRAYLANG['TXT_COMMENT']); } if (empty($_POST['malefemale'])) { $this->makeError($_ARRAYLANG['TXT_SEX']); } if (empty($_POST['location'])) { $this->makeError($_ARRAYLANG['TXT_LOCATION']); } if (!$objValidator->isEmail($_POST['email'])) { $this->makeError($_ARRAYLANG['TXT_EMAIL']); } if (empty($this->error) && $captchaCheck) { return true; } else { return false; } }
/** * Validates the submitted comment data and writes it to the databse if valid. * Additionally, a notification is send out to the administration about the comment * by e-mail (only if the corresponding configuration option is set to do so). * * @param integer News message ID for which the comment shall be stored * @param string Title of the news message for which the comment shall be stored. * The title will be used in the notification e-mail * @param string The poster's name of the comment * @param string The comment's title * @param string The comment's message text * @global ADONewConnection * @global array * @global array * @global array * @return array Returns an array of two elements. The first is either TRUE on success or FALSE on failure. * The second element contains an error message on failure. */ private function storeMessageComment($newsMessageId, $newsMessageTitle, $name, $title, $message) { global $objDatabase, $_ARRAYLANG, $_CORELANG, $_CONFIG; if (!isset($_SESSION['news'])) { $_SESSION['news'] = array(); $_SESSION['news']['comments'] = array(); } // just comment if ($this->checkForCommentFlooding($newsMessageId)) { return array(false, sprintf($_ARRAYLANG['TXT_NEWS_COMMENT_INTERVAL_MSG'], $this->arrSettings['news_comments_timeout'])); } if (empty($title)) { return array(false, $_ARRAYLANG['TXT_NEWS_MISSING_COMMENT_TITLE']); } if (empty($message)) { return array(false, $_ARRAYLANG['TXT_NEWS_MISSING_COMMENT_MESSAGE']); } $date = time(); $userId = 0; if (\FWUser::getFWUserObject()->objUser->login()) { $userId = \FWUser::getFWUserObject()->objUser->getId(); $name = \FWUser::getParsedUserTitle($userId); } elseif ($this->arrSettings['news_comments_anonymous'] == '1') { // deny comment if the poster did not specify his name if (empty($name)) { return array(false, $_ARRAYLANG['TXT_NEWS_POSTER_NAME_MISSING']); } // check CAPTCHA for anonymous posters if (!\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { return array(false, null); } } else { // Anonymous comments are not allowed return array(false, null); } $isActive = $this->arrSettings['news_comments_autoactivate']; $ipAddress = contrexx_input2raw($_SERVER['REMOTE_ADDR']); $objResult = $objDatabase->Execute("\n INSERT INTO `" . DBPREFIX . "module_news_comments` \n SET `title` = '" . contrexx_raw2db($title) . "',\n `text` = '" . contrexx_raw2db($message) . "',\n `newsid` = '" . contrexx_raw2db($newsMessageId) . "',\n `date` = '" . contrexx_raw2db($date) . "',\n `poster_name` = '" . contrexx_raw2db($name) . "',\n `userid` = '" . contrexx_raw2db($userId) . "',\n `ip_address` = '" . contrexx_raw2db($ipAddress) . "',\n `is_active` = '" . contrexx_raw2db($isActive) . "'"); if (!$objResult) { return array(false, $_ARRAYLANG['TXT_NEWS_COMMENT_SAVE_ERROR']); } /* Prevent comment flooding from same user: Either user is authenticated or had to validate a CAPTCHA. In either way, a Contrexx session had been initialized, therefore we are able to use the $_SESSION to log this comment */ $_SESSION['news']['comments'][$newsMessageId] = $date; // Don't send a notification e-mail to the administrator if (!$this->arrSettings['news_comments_notification']) { return array(true, null); } // Send a notification e-mail to administrator if (!@(include_once ASCMS_LIBRARY_PATH . '/phpmailer/class.phpmailer.php')) { \DBG::msg('Unable to send e-mail notification to admin'); //DBG::stack(); return array(true, null); } $objMail = new \phpmailer(); if ($_CONFIG['coreSmtpServer'] > 0 && @(include_once ASCMS_CORE_PATH . '/SmtpSettings.class.php')) { if (($arrSmtp = \SmtpSettings::getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } $objMail->CharSet = CONTREXX_CHARSET; $objMail->From = $_CONFIG['coreAdminEmail']; $objMail->FromName = $_CONFIG['coreGlobalPageTitle']; $objMail->IsHTML(false); $objMail->Subject = sprintf($_ARRAYLANG['TXT_NEWS_COMMENT_NOTIFICATION_MAIL_SUBJECT'], $newsMessageTitle); $manageCommentsUrl = ASCMS_PROTOCOL . '://' . $_CONFIG['domainUrl'] . ($_SERVER['SERVER_PORT'] == 80 ? NULL : ':' . intval($_SERVER['SERVER_PORT'])) . ASCMS_ADMIN_WEB_PATH . '/index.php?cmd=News&act=comments&newsId=' . $newsMessageId; $activateCommentTxt = $this->arrSettings['news_comments_autoactivate'] ? '' : sprintf($_ARRAYLANG['TXT_NEWS_COMMENT_NOTIFICATION_MAIL_LINK'], $manageCommentsUrl); $objMail->Body = sprintf($_ARRAYLANG['TXT_NEWS_COMMENT_NOTIFICATION_MAIL_BODY'], $_CONFIG['domainUrl'], $newsMessageTitle, \FWUser::getParsedUserTitle($userId, $name), $title, nl2br($message), $activateCommentTxt); $objMail->AddAddress($_CONFIG['coreAdminEmail']); if (!$objMail->Send()) { \DBG::msg('Sending of notification e-mail failed'); //DBG::stack(); } return array(true, null); }
/** * Checks the login * * @return bool|mixed false or user id */ public function checkLogin() { $username = isset($_POST['USERNAME']) && $_POST['USERNAME'] != '' ? contrexx_stripslashes($_POST['USERNAME']) : null; $password = isset($_POST['PASSWORD']) && $_POST['PASSWORD'] != '' ? md5(contrexx_stripslashes($_POST['PASSWORD'])) : null; if (isset($username) && isset($password)) { return $this->objUser->checkLoginData($username, $password, \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()); } return false; }
function getSourceCode($id, $lang, $preview = false, $show = false) { global $_ARRAYLANG, $objInit, $objDatabase; $hasFileInput = false; //remember if we added a file input -> this would need the uploader to be initialized $arrFields = $this->getFormFields($id); $sourcecode = array(); $this->initContactForms(); $sourcecode[] = '<div class="text-warning" id="contactFeedback">{CONTACT_FEEDBACK_TEXT}</div> <div id="contactDescription"><!-- BEGIN formText -->' . ($preview ? $this->arrForms[$id]['lang'][$lang]['text'] : '{' . $id . '_FORM_TEXT}') . '<!-- END formText --></div> <div class="text-danger" id="contactFormError">' . ($preview ? $_ARRAYLANG['TXT_NEW_ENTRY_ERORR'] : '{TXT_NEW_ENTRY_ERORR}') . '</div> <!-- BEGIN contact_form --> <form role="form" id="contactForm' . ($this->arrForms[$id]['useCustomStyle'] > 0 ? '_' . $id : '') . '" class="contactForm' . ($this->arrForms[$id]['useCustomStyle'] > 0 ? '_' . $id : '') . '" action="' . ($preview ? '../' : '') . 'index.php?section=Contact&cmd=' . $id . '" method="post" enctype="multipart/form-data" onsubmit="return checkAllFields();"> <fieldset id="contactFrame"> <legend>' . ($preview ? $this->arrForms[$id]['lang'][$lang]['name'] : '{' . $id . '_FORM_NAME}') . '</legend>'; foreach ($arrFields as $fieldId => $arrField) { if ($arrField['is_required']) { $required = '<strong class="is_required">*</strong>'; } else { $required = ''; } if ($arrField['type'] != 'fieldset' && $arrField['type'] != 'hidden') { $sourcecode[] = '<div class="contact row form-group">'; } switch ($arrField['type']) { case 'label': case 'hidden': case 'horizontalLine': case 'checkbox': break; case 'fieldset': $sourcecode[] = '</fieldset>'; $sourcecode[] = '<fieldset id="contactFormFieldId_' . $fieldId . '">'; $sourcecode[] = "<legend>" . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . "</legend>"; break; case 'checkboxGroup': case 'radio': $sourcecode[] = '<label>' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . $required . '</label>'; break; case 'date': $sourcecode[] = '<label for="contactFormFieldId_' . $fieldId . '">' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . $required . '</label>'; break; case 'datetime': $sourcecode[] = '<label for="contactFormFieldId_' . $fieldId . '">' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . $required . '</label>'; break; default: $sourcecode[] = '<label for="contactFormFieldId_' . $fieldId . '">' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . $required . '</label>'; } $arrField['lang'][$lang]['value'] = preg_replace('/\\[\\[([A-Z0-9_]+)\\]\\]/', '{$1}', $arrField['lang'][$lang]['value']); $fieldType = $arrField['type'] != 'special' ? $arrField['type'] : $arrField['special_type']; switch ($fieldType) { case 'label': $sourcecode[] = '<div class="contactFormClass_' . $arrField['type'] . '">' . contrexx_raw2xhtml($arrField['lang'][$lang]['value']) . '</div>'; break; case 'checkbox': $sourcecode[] = '<div class="checkbox"><label for="contactFormFieldId_' . $fieldId . '"><input class="contactFormClass_' . $arrField['type'] . '" id="contactFormFieldId_' . $fieldId . '" type="checkbox" name="contactFormField_' . $fieldId . '" value="1" {SELECTED_' . $fieldId . '} />' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['name']) : "{" . $fieldId . "_LABEL}") . $required . '</label></div>'; break; case 'checkboxGroup': $selectedLang = $preview ? FRONTEND_LANG_ID : $lang; $sourcecode[] = '<div class="contactFormGroup" id="contactFormFieldId_' . $fieldId . '">'; $options = explode(',', $arrField['lang'][$selectedLang]['value']); foreach ($options as $index => $option) { $sourcecode[] = '<div class="checkbox"><label class="noCaption" for="contactFormField_' . $index . '_' . $fieldId . '"><input type="checkbox" class="contactFormClass_' . $arrField['type'] . '" name="contactFormField_' . $fieldId . '[]" id="contactFormField_' . $index . '_' . $fieldId . '" value="' . contrexx_raw2xhtml($option) . '" {SELECTED_' . $fieldId . '_' . $index . '}/>' . ($preview ? contrexx_raw2xhtml($option) : '{' . $fieldId . '_' . $index . '_VALUE}') . '</label></div>'; } $sourcecode[] = '</div>'; break; case 'country': case 'access_country': $sourcecode[] = '<select class="contactFormClass_' . $arrField['type'] . '" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '">'; if ($arrField['is_required'] == 1) { $sourcecode[] = "<option value=\"" . ($preview ? $_ARRAYLANG['TXT_CONTACT_PLEASE_SELECT'] : '{TXT_CONTACT_PLEASE_SELECT}') . "\">" . ($preview ? $_ARRAYLANG['TXT_CONTACT_PLEASE_SELECT'] : '{TXT_CONTACT_PLEASE_SELECT}') . "</option>"; } else { $sourcecode[] = "<option value=\"" . ($preview ? $_ARRAYLANG['TXT_CONTACT_NOT_SPECIFIED'] : '{TXT_CONTACT_NOT_SPECIFIED}') . "\">" . ($preview ? $_ARRAYLANG['TXT_CONTACT_NOT_SPECIFIED'] : '{TXT_CONTACT_NOT_SPECIFIED}') . "</option>"; } if ($preview) { $lang = $arrField['lang'][$lang]['name']; $country = \Cx\Core\Country\Controller\Country::getNameArray(true, $lang); foreach ($country as $id => $name) { $sourcecode[] = "<option value=\"" . $name . "\" >" . $name . "</option>"; } } else { $sourcecode[] = "<!-- BEGIN field_" . $fieldId . " -->"; $sourcecode[] = "<option value=\"{" . $fieldId . "_VALUE}\" {SELECTED_" . $fieldId . "} >{" . $fieldId . "_VALUE}</option>"; $sourcecode[] = "<!-- END field_" . $fieldId . " -->"; } $sourcecode[] = "</select>"; break; case 'date': $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . ' date" type="text" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '" value="{' . $fieldId . '_VALUE}" />'; break; case 'datetime': $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . ' datetime" type="text" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '" value="{' . $fieldId . '_VALUE}" />'; break; case 'access_birthday': $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . ' date" id="contactFormFieldId_' . $fieldId . '" type="text" name="contactFormField_' . $fieldId . '" value="' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['value']) : '{' . $fieldId . '_VALUE}') . '" />'; break; case 'file': case 'multi_file': $sourcecode[] = '<div class="contactFormUpload" id="contactFormUpload_' . $fieldId . '">{CONTACT_UPLOADER_FOLDER_WIDGET_' . $fieldId . '}<input type="hidden" name="contactFormUploadId_' . $fieldId . '" value = "{CONTACT_UPLOADER_ID_' . $fieldId . '}"/>'; $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . '" id="contactFormFieldId_' . $fieldId . '" type="file" name="contactFormField_' . $fieldId . '" disabled="disabled"/></div>'; break; case 'hidden': $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . '" id="contactFormFieldId_' . $fieldId . '" type="hidden" name="contactFormField_' . $fieldId . '" value="' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['value']) : "{" . $fieldId . "_VALUE}") . '" />'; break; case 'horizontalLine': $sourcecode[] = '<hr />'; break; case 'password': $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . '" id="contactFormFieldId_' . $fieldId . '" type="password" name="contactFormField_' . $fieldId . '" value="" />'; break; case 'radio': $selectedLang = $preview ? FRONTEND_LANG_ID : $lang; $sourcecode[] = '<div class="contactFormGroup" id="contactFormFieldId_' . $fieldId . '">'; $options = explode(',', $arrField['lang'][$selectedLang]['value']); foreach ($options as $index => $option) { $sourcecode[] .= '<div class="radio"><label class="noCaption" for="contactFormField_' . $index . '_' . $fieldId . '"><input class="contactFormClass_' . $arrField['type'] . '" type="radio" name="contactFormField_' . $fieldId . '" id="contactFormField_' . $index . '_' . $fieldId . '" value="' . ($preview ? contrexx_raw2xhtml($option) : '{' . $fieldId . '_' . $index . '_VALUE}') . '" {SELECTED_' . $fieldId . '_' . $index . '} />' . ($preview ? contrexx_raw2xhtml($option) : '{' . $fieldId . '_' . $index . '_VALUE}') . '</label></div>'; } $sourcecode[] = '</div>'; break; case 'access_title': case 'access_gender': // collect user attribute options $arrOptions = array(); $accessAttributeId = str_replace('access_', '', $fieldType); $objAttribute = \FWUser::getFWUserObject()->objUser->objAttribute->getById($accessAttributeId); // get options $arrAttribute = $objAttribute->getChildren(); foreach ($arrAttribute as $attributeId) { $objAttribute = \FWUser::getFWUserObject()->objUser->objAttribute->getById($attributeId); $arrOptions[] = $objAttribute->getName(FRONTEND_LANG_ID); } // options will be used for select input generation $arrField['lang'][FRONTEND_LANG_ID]['value'] = implode(',', $arrOptions); case 'select': $sourcecode[] = '<select class="contactFormClass_' . $arrField['type'] . '" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '">'; if ($preview) { $options = explode(',', $arrField['lang'][FRONTEND_LANG_ID]['value']); foreach ($options as $index => $option) { $sourcecode[] = "<option value='" . contrexx_raw2xhtml($option) . "'>" . contrexx_raw2xhtml($option) . "</option>"; } } else { $sourcecode[] = "<!-- BEGIN field_" . $fieldId . " -->"; $sourcecode[] = "<option value='{" . $fieldId . "_VALUE}' {SELECTED_" . $fieldId . "}>" . '{' . $fieldId . '_VALUE}' . "</option>"; $sourcecode[] = "<!-- END field_" . $fieldId . " -->"; } $sourcecode[] = "</select>"; break; case 'textarea': $sourcecode[] = '<textarea class="contactFormClass_' . $arrField['type'] . '" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '" rows="5" cols="20">{' . $fieldId . '_VALUE}</textarea>'; break; case 'recipient': $sourcecode[] = '<select class="contactFormClass_' . $arrField['type'] . '" name="contactFormField_' . $fieldId . '" id="contactFormFieldId_' . $fieldId . '">'; if ($preview) { foreach ($this->arrForms[$id]['recipients'] as $index => $arrRecipient) { $sourcecode[] = "<option value='" . $index . "'>" . $arrRecipient['lang'][$lang] . "</option>"; } } else { $sourcecode[] = "<!-- BEGIN field_" . $fieldId . " -->"; $sourcecode[] = "<option value='{" . $fieldId . "_VALUE_ID}' {SELECTED_" . $fieldId . "} >" . '{' . $fieldId . '_VALUE}' . "</option>"; $sourcecode[] = "<!-- END field_" . $fieldId . " -->"; } $sourcecode[] = "</select>"; break; case 'fieldset': break; default: $sourcecode[] = '<input class="contactFormClass_' . $arrField['type'] . '" id="contactFormFieldId_' . $fieldId . '" type="text" name="contactFormField_' . $fieldId . '" value="' . ($preview ? contrexx_raw2xhtml($arrField['lang'][$lang]['value']) : '{' . $fieldId . '_VALUE}') . '" />'; break; } if ($arrField['type'] != 'fieldset' && $arrField['type'] != 'hidden') { $sourcecode[] = '</div>'; } } if ($preview) { $themeId = $objInit->arrLang[FRONTEND_LANG_ID]['themesid']; if (($objRS = $objDatabase->SelectLimit("SELECT `foldername` FROM `" . DBPREFIX . "skins` WHERE `id` = " . $themeId, 1)) !== false) { $themePath = $objRS->fields['foldername']; } $sourcecode[] = '<link href="../core_modules/Contact/View/Style/form.css" rel="stylesheet" type="text/css" />'; if ($this->arrForms[$id]['useCaptcha']) { $sourcecode[] = '<div class="contact row form-group">'; $sourcecode[] = '<label>' . $_ARRAYLANG["TXT_CONTACT_CAPTCHA"] . '</label>'; $sourcecode[] = \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode(); $sourcecode[] = '</div>'; } } else { $sourcecode[] = "<!-- BEGIN contact_form_captcha -->"; $sourcecode[] = '<div class="contact row form-group">'; $sourcecode[] = '<label>{TXT_CONTACT_CAPTCHA}</label>'; $sourcecode[] = '{CONTACT_CAPTCHA_CODE}'; $sourcecode[] = '</div>'; $sourcecode[] = "<!-- END contact_form_captcha -->"; } $sourcecode[] = '<div class="contact row form-group">'; $sourcecode[] = '<input class="contactFormClass_button btn btn-default" type="submit" name="submitContactForm" value="' . ($preview ? $_ARRAYLANG['TXT_CONTACT_SUBMIT'] : '{TXT_CONTACT_SUBMIT}') . '" /><input class="contactFormClass_button btn btn-default" type="reset" value="' . ($preview ? $_ARRAYLANG['TXT_CONTACT_RESET'] : '{TXT_CONTACT_RESET}') . '" />'; $sourcecode[] = '<input type="hidden" name="unique_id" value="{CONTACT_UNIQUE_ID}" />'; $sourcecode[] = '</div>'; $sourcecode[] = "</fieldset>"; $sourcecode[] = "</form>"; $sourcecode[] = "<!-- END contact_form -->"; $sourcecode[] = $preview ? $this->_getJsSourceCode($id, $arrFields, $preview, $show) : "{CONTACT_JAVASCRIPT}"; if ($show) { $sourcecode = preg_replace('/\\{([A-Z0-9_-]+)\\}/', '[[\\1]]', $sourcecode); } return implode("\n", $sourcecode); }
function saveComment($intEntryId, $arrCommentData) { global $_ARRAYLANG, $objDatabase; $strRemoteAddress = contrexx_addslashes($_SERVER['REMOTE_ADDR']); $objFWUser = \FWUser::getFWUserObject(); $objUser = $objFWUser->objUser; if ($objUser->login()) { $intAddedBy = $objUser->getId(); } else { $intAddedBy = 0; //captcha check if (!\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { die('captcha'); } } $objInsertComment = $objDatabase->Execute("\n INSERT INTO\n " . DBPREFIX . "module_" . $this->moduleTablePrefix . "_comments\n SET\n `entry_id`='" . intval($intEntryId) . "',\n `added_by`='" . intval($intAddedBy) . "',\n `date`='" . mktime() . "',\n `ip`='" . $strRemoteAddress . "',\n `name`='" . contrexx_addslashes($arrCommentData['commentName']) . "',\n `mail`='" . contrexx_addslashes($arrCommentData['commentMail']) . "',\n `url`='" . contrexx_addslashes($arrCommentData['commentUrl']) . "',\n `notification`='0',\n `comment`='" . contrexx_addslashes($arrCommentData['commentComment']) . "'\n "); if ($objInsertComment !== false) { echo 'success-' . $arrCommentData['commentPageSection'] . "-" . $arrCommentData['commentPageCmd']; } else { echo 'fail'; } die; }
private function checkCaptcha() { global $_ARRAYLANG; $arrSettings = \User_Setting::getSettings(); if (!$arrSettings['user_captcha']['status'] || \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { return true; } $this->arrStatusMsg['error'][] = $_ARRAYLANG['TXT_ACCESS_INVALID_CAPTCHA_CODE']; return false; }
/** * Checks if the user has been successfully authenticated * * If a user has been successfully authenticated then he will be * redirected to the requested page, otherwise the login page will be displayed * * @access private * @global array * @see cmsSession::cmsSessionStatusUpdate(), contrexx_strip_tags, \Cx\Core\Html\Sigma::get() * @return string \Cx\Core\Html\Sigma::get() */ function _login() { global $_CORELANG, $sessionObj; $objFWUser = \FWUser::getFWUserObject(); if (isset($_REQUEST['redirect'])) { $redirect = contrexx_strip_tags($_REQUEST['redirect']); } elseif (isset($_SESSION['redirect'])) { $redirect = $_SESSION['redirect']; } else { $redirect = ""; } \Cx\Lib\SocialLogin::parseSociallogin($this->_objTpl); $arrSettings = \User_Setting::getSettings(); if (function_exists('curl_init') && $arrSettings['sociallogin']['status'] && !empty($_GET['provider'])) { $providerLogin = $this->loginWithProvider($_GET['provider']); if ($providerLogin) { return $providerLogin; } } if ($objFWUser->objUser->login()) { if (isset($_POST['login']) && $objFWUser->checkLogin() || isset($_GET['auth-token']) && isset($_GET['user-id'])) { $objFWUser->objUser->reset(); $objFWUser->logoutAndDestroySession(); $sessionObj = \cmsSession::getInstance(); } elseif (isset($_POST['login'])) { $_GET['relogin'] = '******'; } } if ((!isset($_GET['relogin']) || $_GET['relogin'] != 'true') && $objFWUser->objUser->login() || $objFWUser->checkAuth()) { $groupRedirect = ($objGroup = $objFWUser->objGroup->getGroup($objFWUser->objUser->getPrimaryGroupId())) && $objGroup->getHomepage() ? preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $objGroup->getHomepage()) : CONTREXX_SCRIPT_PATH; \LinkGenerator::parseTemplate($groupRedirect); if (isset($_SESSION['redirect'])) { unset($_SESSION['redirect']); } if (!empty($redirect)) { $redirect = \FWUser::getRedirectUrl(urlencode(base64_decode($redirect))); } \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . (empty($redirect) ? $groupRedirect : $redirect)); exit; } else { if (isset($_POST['login'])) { $this->_statusMessage = $_CORELANG['TXT_PASSWORD_OR_USERNAME_IS_INCORRECT']; } } if (isset($_SESSION['auth']['loginLastAuthFailed'])) { $this->_objTpl->setVariable(array('TXT_CORE_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], 'CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode())); $this->_objTpl->parse('captcha'); } else { $this->_objTpl->hideBlock('captcha'); } // TODO: loading the language data of component Access at this // point is a workaround as the integration of the Access // component's functionality itself is hard-coded too and // has not been implemented through the system component // framework. $accessLang = \Env::get('init')->getComponentSpecificLanguageData('Access'); $this->_objTpl->setVariable(array('TXT_ACCESS_SIGNUP_BY_FACEBOOK' => $accessLang['TXT_ACCESS_SIGNUP_BY_FACEBOOK'], 'TXT_ACCESS_SIGNUP_BY_GOOGLE' => $accessLang['TXT_ACCESS_SIGNUP_BY_GOOGLE'], 'TXT_ACCESS_SIGNUP_BY_TWITTER' => $accessLang['TXT_ACCESS_SIGNUP_BY_TWITTER'], 'TXT_CORE_SIGN_UP' => $_CORELANG['TXT_CORE_SIGN_UP'], 'TXT_LOGIN' => $_CORELANG['TXT_LOGIN'], 'TXT_USER_NAME' => $_CORELANG['TXT_USER_NAME'], 'TXT_EMAIL' => $_CORELANG['TXT_EMAIL'], 'TXT_PASSWORD' => $_CORELANG['TXT_PASSWORD'], 'TXT_LOGIN_REMEMBER_ME' => $_CORELANG['TXT_CORE_REMEMBER_ME'], 'TXT_PASSWORD_LOST' => $_CORELANG['TXT_PASSWORD_LOST'], 'LOGIN_REDIRECT' => $redirect, 'LOGIN_STATUS_MESSAGE' => $this->_statusMessage)); return $this->_objTpl->get(); }
/** * Insert a new comment for a message into database, if the function is activated. Furthermore, all input values are validated. * Sends also the notification mail to the administrator, if it is enabled in options. * * @global ADONewConnection * @global array * @global array */ function addComment() { global $objDatabase, $_ARRAYLANG, $_CONFIG; \Cx\Core\Csrf\Controller\Csrf::check_code(); $this->initUserId(); //Check for activated function if (!$this->_arrSettings['blog_comments_activated']) { $this->_strErrorMessage = $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_ERROR_ACTIVATED']; return; } if ($this->hasUserJustCommented()) { $this->_strErrorMessage = str_replace('[SECONDS]', intval($this->_arrSettings['blog_comments_timeout']), $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_ERROR_TIMEOUT']); return; } //Create validator-object $objValidator = new \FWValidator(); //Get general-input $intMessageId = intval($_POST['frmAddComment_MessageId']); $strSubject = contrexx_addslashes(strip_tags($_POST['frmAddComment_Subject'])); $strComment = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForDb($_POST['frmAddComment_Comment']); //Get specified-input if ($this->_intCurrentUserId == 0) { $intUserId = 0; $strName = contrexx_addslashes(strip_tags($_POST['frmAddComment_Name'])); $strEMail = contrexx_addslashes(strip_tags($_POST['frmAddComment_EMail'])); $strWWW = contrexx_addslashes(strip_tags($objValidator->getUrl($_POST['frmAddComment_WWW']))); } else { $intUserId = $this->_intCurrentUserId; $strName = ''; $strEMail = ''; $strWWW = ''; } //Get options $intIsActive = intval($this->_arrSettings['blog_comments_autoactivate']); $intIsNotification = intval($this->_arrSettings['blog_comments_notification']); //Validate general-input if ($intMessageId <= 0) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MID']); } if (empty($strSubject)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_SUBJECT']); } if (empty($strComment)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_COMMENT']); } //Validate specified-input if ($this->_intCurrentUserId == 0) { if (empty($strName)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_NAME']); } if (!$objValidator->isEmail($strEMail)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_EMAIL']); } } $captchaCheck = true; if (!\FWUser::getFWUserObject()->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $captchaCheck = false; } //Now check error-string if (empty($this->_strErrorMessage) && $captchaCheck) { //No errors, insert entry $objDatabase->Execute(' INSERT INTO ' . DBPREFIX . 'module_blog_comments SET message_id = ' . $intMessageId . ', lang_id = ' . $this->_intLanguageId . ', is_active = "' . $intIsActive . '", time_created = ' . time() . ', ip_address = "' . $_SERVER['REMOTE_ADDR'] . '", user_id = ' . $intUserId . ', user_name = "' . $strName . '", user_mail = "' . $strEMail . '", user_www = "' . $strWWW . '", subject = "' . $strSubject . '", comment = "' . $strComment . '" '); //Set a cookie with the current timestamp. Avoids flooding. setcookie('BlogCommentLast', time(), 0, ASCMS_PATH_OFFSET . '/'); $this->_strStatusMessage = $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_SUCCESS']; $this->writeCommentRSS(); if ($intIsNotification) { //Send notification to administrator if (\Env::get('ClassLoader')->loadFile(ASCMS_LIBRARY_PATH . '/phpmailer/class.phpmailer.php')) { $objMail = new \phpmailer(); if ($_CONFIG['coreSmtpServer'] > 0) { if (($arrSmtp = \SmtpSettings::getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } if ($this->_intCurrentUserId > 0) { $objFWUser = \FWUser::getFWUserObject(); $strName = htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET); } $strMailSubject = str_replace('[SUBJECT]', $strSubject, $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MAIL_SUBJECT']); $strMailBody = str_replace('[USERNAME]', $strName, $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MAIL_BODY']); $strMailBody = str_replace('[DOMAIN]', ASCMS_PROTOCOL . '://' . $_CONFIG['domainUrl'] . ASCMS_PATH_OFFSET, $strMailBody); $strMailBody = str_replace('[SUBJECT]', $strSubject, $strMailBody); $strMailBody = str_replace('[COMMENT]', $strComment, $strMailBody); $objMail->CharSet = CONTREXX_CHARSET; $objMail->SetFrom($_CONFIG['coreAdminEmail'], $_CONFIG['coreGlobalPageTitle']); $objMail->AddAddress($_CONFIG['coreAdminEmail']); $objMail->Subject = $strMailSubject; $objMail->IsHTML(false); $objMail->Body = $strMailBody; $objMail->Send(); } } } }
/** * performs the registratio page * * @return null */ function showRegistrationForm() { global $_ARRAYLANG, $_CORELANG; $this->_objTpl->setTemplate($this->pageContent, true, true); $objFWUser = \FWUser::getFWUserObject(); $objUser = $objFWUser->objUser; $userId = intval($objUser->getId()); $userLogin = $objUser->login(); $captchaCheck = true; if (!$userLogin && isset($_POST['submitRegistration'])) { $captchaCheck = \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check(); if (!$captchaCheck) { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_ERROR' => '<span class="text-danger">' . $_ARRAYLANG['TXT_CALENDAR_INVALID_CAPTCHA_CODE'] . '</span>')); } } $objEvent = new \Cx\Modules\Calendar\Controller\CalendarEvent(intval($_REQUEST['id'])); $numRegistrations = (int) $objEvent->registrationCount; $this->pageTitle = date("d.m.Y", isset($_GET['date']) ? $_GET['date'] : $objEvent->startDate) . ": " . html_entity_decode($objEvent->title, ENT_QUOTES, CONTREXX_CHARSET); if (time() <= intval($_REQUEST['date'])) { if ($numRegistrations < $objEvent->numSubscriber) { $this->_objTpl->setVariable(array($this->moduleLangVar . '_EVENT_ID' => intval($_REQUEST['id']), $this->moduleLangVar . '_FORM_ID' => intval($objEvent->registrationForm), $this->moduleLangVar . '_EVENT_DATE' => intval($_REQUEST['date']), $this->moduleLangVar . '_USER_ID' => $userId, 'TXT_' . $this->moduleLangVar . '_REGISTRATION_SUBMIT' => $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUBMIT'])); $objFormManager = new \Cx\Modules\Calendar\Controller\CalendarFormManager(); $objFormManager->getFormList(); //$objFormManager->showForm($this->_objTpl,intval($objEvent->registrationForm), 2, $objEvent->ticketSales); // Made the ticket sales always true, because ticket functionality currently not implemented $objFormManager->showForm($this->_objTpl, intval($objEvent->registrationForm), 2, true); /* if ($this->arrSettings['paymentStatus'] == '1' && $objEvent->ticketSales && ($this->arrSettings['paymentBillStatus'] == '1' || $this->arrSettings['paymentYellowpayStatus'] == '1')) { $paymentMethods = '<select class="calendarSelect" name="paymentMethod">'; $paymentMethods .= $this->arrSettings['paymentBillStatus'] == '1' || $objEvent->price == 0 ? '<option value="1">'.$_ARRAYLANG['TXT_CALENDAR_PAYMENT_BILL'].'</option>' : ''; $paymentMethods .= $this->arrSettings['paymentYellowpayStatus'] == '1' && $objEvent->price > 0 ? '<option value="2">'.$_ARRAYLANG['TXT_CALENDAR_PAYMENT_YELLOWPAY'].'</option>' : ''; $paymentMethods .= '</select>'; $this->_objTpl->setVariable(array( 'TXT_'.$this->moduleLangVar.'_PAYMENT_METHOD' => $_ARRAYLANG['TXT_CALENDAR_PAYMENT_METHOD'], $this->moduleLangVar.'_PAYMENT_METHODS' => $paymentMethods, )); $this->_objTpl->parse('calendarRegistrationPayment'); } else { $this->_objTpl->hideBlock('calendarRegistrationPayment'); } */ if (!$userLogin) { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], $this->moduleLangVar . '_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode())); $this->_objTpl->parse('calendarRegistrationCaptcha'); } else { $this->_objTpl->hideBlock('calendarRegistrationCaptcha'); } if (isset($_POST['submitRegistration']) && $captchaCheck) { $objRegistration = new \Cx\Modules\Calendar\Controller\CalendarRegistration(intval($_POST['form'])); if ($objRegistration->save($_POST)) { if ($objRegistration->saveIn == 2) { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED_WAITLIST']; } else { if ($objRegistration->saveIn == 0) { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED_SIGNOFF']; } else { $status = $_ARRAYLANG['TXT_CALENDAR_REGISTRATION_SUCCESSFULLY_ADDED']; /* if($_POST["paymentMethod"] == 2) { $objRegistration->get($objRegistration->id); $objEvent = new \Cx\Modules\Calendar\Controller\CalendarEvent($objRegistration->eventId); parent::getSettings(); $amount = (int) $objEvent->price * 100; $status .= \Cx\Modules\Calendar\Controller\CalendarPayment::_yellowpay(array("orderID" => $objRegistration->id, "amount" => $amount, "currency" => $this->arrSettings["paymentCurrency"], "language" => "DE")); } */ } } $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $status)); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } else { $this->_objTpl->setVariable(array('TXT_' . $this->moduleLangVar . '_ERROR' => '<span class="text-danger">' . $_ARRAYLANG['TXT_CALENDAR_CHECK_REQUIRED'] . '</span>')); $this->_objTpl->parse('calendarRegistrationForm'); $this->_objTpl->hideBlock('calendarRegistrationStatus'); } } else { $this->_objTpl->parse('calendarRegistrationForm'); $this->_objTpl->hideBlock('calendarRegistrationStatus'); } } else { $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $_ARRAYLANG['TXT_CALENDAR_EVENT_FULLY_BLOCKED'])); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } } else { $this->_objTpl->setVariable(array($this->moduleLangVar . '_LINK_BACK' => '<a href="' . CONTREXX_DIRECTORY_INDEX . '?section=' . $this->moduleName . '">' . $_ARRAYLANG['TXT_CALENDAR_BACK'] . '</a>', $this->moduleLangVar . '_REGISTRATION_STATUS' => $_ARRAYLANG['TXT_CALENDAR_EVENT_IN_PAST'])); $this->_objTpl->touchBlock('calendarRegistrationStatus'); $this->_objTpl->hideBlock('calendarRegistrationForm'); } }
/** * Checks if the user has been successfully authenticated * * If a user has been successfully authenticated then he will be * redirected to the requested page, otherwise the login page will be displayed * * @access private * @global array * @see cmsSession::cmsSessionStatusUpdate(), contrexx_strip_tags, \Cx\Core\Html\Sigma::get() * @return string \Cx\Core\Html\Sigma::get() */ function _login() { global $_CORELANG, $sessionObj; $objFWUser = \FWUser::getFWUserObject(); if (isset($_REQUEST['redirect'])) { $redirect = contrexx_strip_tags($_REQUEST['redirect']); } elseif (isset($_SESSION['redirect'])) { $redirect = $_SESSION['redirect']; } else { $redirect = ""; } \Cx\Lib\SocialLogin::parseSociallogin($this->_objTpl); $arrSettings = \User_Setting::getSettings(); if (function_exists('curl_init') && $arrSettings['sociallogin']['status'] && !empty($_GET['provider'])) { $providerLogin = $this->loginWithProvider($_GET['provider']); if ($providerLogin) { return $providerLogin; } } if ($objFWUser->objUser->login()) { if (isset($_POST['login']) && $objFWUser->checkLogin() || isset($_GET['auth-token']) && isset($_GET['user-id'])) { $objFWUser->objUser->reset(); $objFWUser->logoutAndDestroySession(); $sessionObj = \cmsSession::getInstance(); } else { $_GET['relogin'] = '******'; } } if ((!isset($_GET['relogin']) || $_GET['relogin'] != 'true') && $objFWUser->objUser->login() || $objFWUser->checkAuth()) { $groupRedirect = ($objGroup = $objFWUser->objGroup->getGroup($objFWUser->objUser->getPrimaryGroupId())) && $objGroup->getHomepage() ? preg_replace('/\\[\\[([A-Z0-9_-]+)\\]\\]/', '{\\1}', $objGroup->getHomepage()) : CONTREXX_SCRIPT_PATH; \LinkGenerator::parseTemplate($groupRedirect); if (isset($_SESSION['redirect'])) { unset($_SESSION['redirect']); } if (!empty($redirect)) { $redirect = \FWUser::getRedirectUrl(urlencode(base64_decode($redirect))); } \Cx\Core\Csrf\Controller\Csrf::header('Location: ' . (empty($redirect) ? $groupRedirect : $redirect)); exit; } else { if (isset($_POST['login'])) { $this->_statusMessage = $_CORELANG['TXT_PASSWORD_OR_USERNAME_IS_INCORRECT']; } } if (isset($_SESSION['auth']['loginLastAuthFailed'])) { $this->_objTpl->setVariable(array('TXT_CORE_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], 'CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode())); $this->_objTpl->parse('captcha'); } else { $this->_objTpl->hideBlock('captcha'); } $this->_objTpl->setVariable(array('TXT_LOGIN' => $_CORELANG['TXT_LOGIN'], 'TXT_USER_NAME' => $_CORELANG['TXT_USER_NAME'], 'TXT_PASSWORD' => $_CORELANG['TXT_PASSWORD'], 'TXT_LOGIN_REMEMBER_ME' => $_CORELANG['TXT_CORE_REMEMBER_ME'], 'TXT_PASSWORD_LOST' => $_CORELANG['TXT_PASSWORD_LOST'], 'LOGIN_REDIRECT' => $redirect, 'LOGIN_STATUS_MESSAGE' => $this->_statusMessage)); return $this->_objTpl->get(); }
function _profile() { global $_ARRAYLANG, $_CORELANG, $objDatabase; $this->_objTpl->setTemplate($this->pageContent); $showForm = true; $arrStatusMessage = array('ok' => array(), 'error' => array()); $isNewsletterRecipient = false; $isAccessRecipient = false; $recipientId = 0; $recipientEmail = ''; $recipientUri = ''; $recipientSex = ''; $recipientSalutation = 0; $recipientTitle = ''; $recipientPosition = ''; $recipientIndustrySector = ''; $recipientPhoneMobile = ''; $recipientPhonePrivate = ''; $recipientFax = ''; $recipientNotes = ''; $recipientLastname = ''; $recipientFirstname = ''; $recipientCompany = ''; $recipientAddress = ''; $recipientZip = ''; $recipientCity = ''; $recipientCountry = ''; $recipientPhoneOffice = ''; $recipientBirthday = ''; $recipientLanguage = ''; $recipientStatus = 0; $requestedMail = isset($_GET['mail']) ? contrexx_input2raw(urldecode($_GET['mail'])) : (isset($_POST['mail']) ? contrexx_input2raw($_POST['mail']) : ''); $arrAssociatedLists = array(); $arrPreAssociatedInactiveLists = array(); $code = isset($_REQUEST['code']) ? contrexx_addslashes($_REQUEST['code']) : ''; if (!empty($code) && !empty($requestedMail)) { $objRecipient = $objDatabase->SelectLimit("SELECT accessUserID\n FROM " . DBPREFIX . "module_newsletter_access_user AS nu\n INNER JOIN " . DBPREFIX . "access_users AS au ON au.id=nu.accessUserID\n WHERE nu.code='" . $code . "'\n AND email='" . contrexx_raw2db($requestedMail) . "'", 1); if ($objRecipient && $objRecipient->RecordCount() == 1) { $objUser = \FWUser::getFWUserObject()->objUser->getUser($objRecipient->fields['accessUserID']); if ($objUser) { $recipientId = $objUser->getId(); $isAccessRecipient = true; //$arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } else { $objRecipient = $objDatabase->SelectLimit("SELECT id FROM " . DBPREFIX . "module_newsletter_user WHERE status=1 AND code='" . $code . "' AND email='" . contrexx_raw2db($requestedMail) . "'", 1); if ($objRecipient && $objRecipient->RecordCount() == 1) { $recipientId = $objRecipient->fields['id']; $isNewsletterRecipient = true; } } } else { if (\FWUser::getFWUserObject()->objUser->login()) { $objUser = \FWUser::getFWUserObject()->objUser; $recipientId = $objUser->getId(); $isAccessRecipient = true; //$arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } // Get interface settings $objInterface = $objDatabase->Execute('SELECT `setvalue` FROM `' . DBPREFIX . 'module_newsletter_settings` WHERE `setname` = "recipient_attribute_status"'); $recipientAttributeStatus = json_decode($objInterface->fields['setvalue'], true); $captchaOk = true; if (isset($recipientAttributeStatus['captcha']) && $recipientAttributeStatus['captcha']['active']) { if (!\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $captchaOk = false; array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_CAPTCHA']); } } if (isset($_POST['recipient_save'])) { if (isset($_POST['email'])) { $recipientEmail = $_POST['email']; } if (isset($_POST['website'])) { $recipientUri = $_POST['website']; } if (isset($_POST['sex'])) { $recipientSex = in_array($_POST['sex'], array('f', 'm')) ? $_POST['sex'] : ''; } if (isset($_POST['salutation'])) { // TODO: use FWUSER $arrRecipientTitles = $this->_getRecipientTitles(); $recipientSalutation = in_array($_POST['salutation'], array_keys($arrRecipientTitles)) ? intval($_POST['salutation']) : 0; } if (isset($_POST['title'])) { $recipientTitle = $_POST['title']; } if (isset($_POST['lastname'])) { $recipientLastname = $_POST['lastname']; } if (isset($_POST['firstname'])) { $recipientFirstname = $_POST['firstname']; } if (isset($_POST['position'])) { $recipientPosition = $_POST['position']; } if (isset($_POST['company'])) { $recipientCompany = $_POST['company']; } if (isset($_POST['industry_sector'])) { $recipientIndustrySector = $_POST['industry_sector']; } if (isset($_POST['address'])) { $recipientAddress = $_POST['address']; } if (isset($_POST['zip'])) { $recipientZip = $_POST['zip']; } if (isset($_POST['city'])) { $recipientCity = $_POST['city']; } if (isset($_POST['newsletter_country_id'])) { $recipientCountry = $_POST['newsletter_country_id']; } if (isset($_POST['phone_office'])) { $recipientPhoneOffice = $_POST['phone_office']; } if (isset($_POST['phone_private'])) { $recipientPhonePrivate = $_POST['phone_private']; } if (isset($_POST['phone_mobile'])) { $recipientPhoneMobile = $_POST['phone_mobile']; } if (isset($_POST['fax'])) { $recipientFax = $_POST['fax']; } if (isset($_POST['day']) && isset($_POST['month']) && isset($_POST['year'])) { $recipientBirthday = str_pad(intval($_POST['day']), 2, '0', STR_PAD_LEFT) . '-' . str_pad(intval($_POST['month']), 2, '0', STR_PAD_LEFT) . '-' . intval($_POST['year']); } if (isset($_POST['language'])) { $recipientLanguage = $_POST['language']; } if (isset($_POST['notes'])) { $recipientNotes = $_POST['notes']; } if (isset($_POST['list'])) { foreach ($_POST['list'] as $listId => $status) { if (intval($status) == 1) { array_push($arrAssociatedLists, intval($listId)); } } } elseif (!$recipientId) { // Signup request where no recipient list had been selected // check if the user didn't select any list or if there is non or just 1 recipient list visible and was therefore not visible for the user to select // only show newsletter-lists that are visible for new users (not yet registered ones) $excludeDisabledLists = 1; $arrLists = self::getLists($excludeDisabledLists); switch (count($arrLists)) { case 0: // no active lists > ok break; case 1: // only 1 list is active, therefore no list was visible for selection -> let's signup the new recipient to this very list $arrAssociatedLists = array_keys($arrLists); break; default: // more than one list is active, therefore the user would have been able to select his preferred lists. // however, the fact that we landed in this case is that the user didn't make any selection at all. // so lets be it like that > the user won't be subscribed to any list break; } } if (!$isAccessRecipient) { // add or update existing newsletter recipient (for access user see ELSE case) $arrPreAssociatedInactiveLists = $this->_getAssociatedListsOfRecipient($recipientId, false); $arrAssociatedInactiveLists = array_intersect($arrPreAssociatedInactiveLists, $arrAssociatedLists); $objValidator = new \FWValidator(); if ($objValidator->isEmail($recipientEmail)) { // Let's check if a user account with the provided email address is already present // Important: we must check only for active accounts (active => 1), otherwise we'll send a notification e-mail // to a user that won't be able to active himself due to his account's inactive state. // TODO: implement feature $objUser = null; //FWUser::getFWUserObject()->objUser->getUsers(array('email' => $recipientEmail, 'active' => 1)); if (false && $objUser) { // there is already a user account present by the same email address as the one submitted by the user // TODO: send notification e-mail about existing e-mail account // Important: We must output the same status message as if the user has been newly added! // This shall prevent email-address-crawling-bots from detecting existing e-mail accounts. array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { if ($this->_validateRecipientAttributes($recipientAttributeStatus, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientBirthday)) { if ($captchaOk && $this->_isUniqueRecipientEmail($recipientEmail, $recipientId)) { if (!empty($arrAssociatedInactiveLists) || !empty($arrAssociatedLists) && ($objList = $objDatabase->SelectLimit('SELECT id FROM ' . DBPREFIX . 'module_newsletter_category WHERE status=1 AND (id=' . implode(' OR id=', $arrAssociatedLists) . ')', 1)) && $objList->RecordCount() > 0) { if ($recipientId > 0) { if ($this->_updateRecipient($recipientAttributeStatus, $recipientId, $recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, 1, $arrAssociatedLists, $recipientLanguage)) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_YOUR_DATE_SUCCESSFULLY_UPDATED']); $showForm = false; } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_UPDATE_YOUR_DATA']); } } else { if ($this->_addRecipient($recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, $recipientStatus, $arrAssociatedLists, $recipientLanguage)) { if ($this->_sendAuthorizeEmail($recipientEmail, $recipientSex, $recipientSalutation, $recipientFirstname, $recipientLastname)) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { $objDatabase->Execute("DELETE tblU, tblR FROM " . DBPREFIX . "module_newsletter_user AS tblU, " . DBPREFIX . "module_newsletter_rel_user_cat AS tblR WHERE tblU.email='" . contrexx_addslashes($recipientEmail) . "' AND tblR.user = tblU.id"); array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIPTION_CANCELED_BY_EMAIL']); } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_ADDING_YOU']); } } } else { $unsub = $_ARRAYLANG['TXT_UNSUBSCRIBE']; if (isset($_REQUEST['code']) && isset($_REQUEST['mail'])) { $nm = new \Cx\Modules\Newsletter\Controller\NewsletterManager(); $unsub = $nm->GetUnsubscribeURL($_REQUEST['code'], $_REQUEST['mail']); } array_push($arrStatusMessage['error'], sprintf($_ARRAYLANG['TXT_NEWSLETTER_UNSUBSCRIBE_IF_ONLY_ONE_LIST_ACTIVE'], $unsub)); } } elseif ($captchaOk && empty($recipientId)) { // We must send a new confirmation e-mail here // otherwise someone could reactivate someone else's e-mail address // It could be that a user who has unsubscribed himself from the newsletter system (recipient = deactivated) would like to subscribe the newsletter again. // Therefore, lets see if we can find a recipient by the specified e-mail address that has been deactivated (status=0) $objRecipient = $objDatabase->SelectLimit("SELECT id, language, notes, status FROM " . DBPREFIX . "module_newsletter_user WHERE email='" . contrexx_input2db($recipientEmail) . "'", 1); $recipientId = $objRecipient && !$objRecipient->EOF ? $objRecipient->fields['id'] : 0; if ($recipientId) { $arrPreAssociatedActiveLists = array(); if ($objRecipient->fields['status']) { // When recipient is active then load his associative list and send notification about the new/existing subscription lists // otherwise someone could unsubscribe lists of someone else $arrPreAssociatedActiveLists = $this->_getAssociatedListsOfRecipient($recipientId); $arrAssociatedLists = array_merge($arrPreAssociatedActiveLists, $arrAssociatedLists); } // Important: We intentionally do not load existing recipient list associations, due to the fact that the user most likely had // himself been unsubscribed from the newsletter system some time in the past. Therefore the user most likey does not want // to be subscribed to any lists more than to those he just selected $arrAssociatedLists = array_unique($arrAssociatedLists); $this->_setRecipientLists($recipientId, $arrAssociatedLists); if (!$objRecipient->fields['status']) { $recipientLanguage = $objRecipient->fields['language']; // Important: We do not update the recipient's profile data here by the reason that we can't verify the recipient's identity at this point! if ($this->_sendAuthorizeEmail($recipientEmail, $recipientSex, $recipientSalutation, $recipientFirstname, $recipientLastname)) { // Important: We must output the same status message as if the user has been newly added! // This shall prevent email-address-crawling-bots from detecting existing e-mail accounts. array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_ADDING_YOU']); array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIPTION_CANCELED_BY_EMAIL']); } } else { $this->sendSubscriptionNotificationMail($recipientEmail, $recipientSex, $recipientSalutation, $recipientFirstname, $recipientLastname, $arrAssociatedLists, $arrPreAssociatedActiveLists); array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } } } else { if ($captchaOk) { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBER_ALREADY_INSERTED']); } } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_MANDATORY_FIELD_ERROR']); } } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NOT_VALID_EMAIL']); } } else { if ($captchaOk) { // update subscribed lists of access user $arrAssociatedLists = array_unique($arrAssociatedLists); $objUser->setSubscribedNewsletterListIDs($arrAssociatedLists); if ($objUser->store()) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_YOUR_DATE_SUCCESSFULLY_UPDATED']); $showForm = false; } else { $arrStatusMessage['error'] = array_merge($arrStatusMessage['error'], $objUser->getErrorMsg()); } } } } elseif ($isNewsletterRecipient) { $objRecipient = $objDatabase->SelectLimit("SELECT uri, sex, salutation, title, lastname, firstname, position, company, industry_sector, address, zip, city, country_id, phone_office, phone_private, phone_mobile, fax, notes, birthday, status, language FROM " . DBPREFIX . "module_newsletter_user WHERE id=" . $recipientId, 1); if ($objRecipient !== false && $objRecipient->RecordCount() == 1) { $recipientEmail = urldecode($_REQUEST['mail']); $recipientUri = $objRecipient->fields['uri']; $recipientSex = $objRecipient->fields['sex']; $recipientSalutation = $objRecipient->fields['salutation']; $recipientTitle = $objRecipient->fields['title']; $recipientLastname = $objRecipient->fields['lastname']; $recipientFirstname = $objRecipient->fields['firstname']; $recipientPosition = $objRecipient->fields['position']; $recipientCompany = $objRecipient->fields['company']; $recipientIndustrySector = $objRecipient->fields['industry_sector']; $recipientAddress = $objRecipient->fields['address']; $recipientZip = $objRecipient->fields['zip']; $recipientCity = $objRecipient->fields['city']; $recipientCountry = $objRecipient->fields['country_id']; $recipientPhoneOffice = $objRecipient->fields['phone_office']; $recipientPhonePrivate = $objRecipient->fields['phone_private']; $recipientPhoneMobile = $objRecipient->fields['phone_mobile']; $recipientFax = $objRecipient->fields['fax']; $recipientBirthday = $objRecipient->fields['birthday']; $recipientLanguage = $objRecipient->fields['language']; $recipientNotes = $objRecipient->fields['notes']; $arrAssociatedLists = $this->_getAssociatedListsOfRecipient($recipientId, false); $arrPreAssociatedInactiveLists = $this->_getAssociatedListsOfRecipient($recipientId, false); } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_AUTHENTICATION_FAILED']); $showForm = false; } } elseif ($isAccessRecipient) { $objUser = \FWUser::getFWUserObject()->objUser->getUser($recipientId); if ($objUser) { $arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } $this->_createDatesDropdown($recipientBirthday); if (count($arrStatusMessage['ok']) > 0) { $this->_objTpl->setVariable('NEWSLETTER_OK_MESSAGE', implode('<br />', $arrStatusMessage['ok'])); $this->_objTpl->parse('newsletter_ok_message'); } else { $this->_objTpl->hideBlock('newsletter_ok_message'); } if (count($arrStatusMessage['error']) > 0) { $this->_objTpl->setVariable('NEWSLETTER_ERROR_MESSAGE', implode('<br />', $arrStatusMessage['error'])); $this->_objTpl->parse('newsletter_error_message'); } else { $this->_objTpl->hideBlock('newsletter_error_message'); } $languages = '<select name="language" class="selectLanguage" id="language" >'; $objLanguage = $objDatabase->Execute("SELECT id, name FROM " . DBPREFIX . "languages WHERE frontend = 1 ORDER BY name"); $languages .= '<option value="0">' . $_ARRAYLANG['TXT_NEWSLETTER_LANGUAGE_PLEASE_CHOSE'] . '</option>'; while (!$objLanguage->EOF) { $selected = $objLanguage->fields['id'] == $recipientLanguage ? 'selected' : ''; $languages .= '<option value="' . $objLanguage->fields['id'] . '" ' . $selected . '>' . contrexx_raw2xhtml($objLanguage->fields['name']) . '</option>'; $objLanguage->MoveNext(); } $languages .= '</select>'; if ($showForm) { if ($isAccessRecipient) { if ($this->_objTpl->blockExists('recipient_profile')) { $this->_objTpl->hideBlock('recipient_profile'); } } else { //display settings recipient profile detials $recipientAttributesArray = array('recipient_sex', 'recipient_salutation', 'recipient_title', 'recipient_firstname', 'recipient_lastname', 'recipient_position', 'recipient_company', 'recipient_industry', 'recipient_address', 'recipient_city', 'recipient_zip', 'recipient_country', 'recipient_phone', 'recipient_private', 'recipient_mobile', 'recipient_fax', 'recipient_birthday', 'recipient_website', 'captcha'); foreach ($recipientAttributesArray as $attribute) { if ($this->_objTpl->blockExists($attribute)) { if ($recipientAttributeStatus[$attribute]['active']) { $this->_objTpl->touchBlock($attribute); $this->_objTpl->setVariable(array('NEWSLETTER_' . strtoupper($attribute) . '_MANDATORY' => $recipientAttributeStatus[$attribute]['required'] ? '*' : '')); } else { $this->_objTpl->hideBlock($attribute); } } } $this->_objTpl->setVariable(array('TXT_MODULE_CAPTCHA' => $_CORELANG['TXT_CORE_CAPTCHA'], 'MODULE_CAPTCHA_CODE' => \Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->getCode(), 'NEWSLETTER_EMAIL' => htmlentities($recipientEmail, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_WEBSITE' => htmlentities($recipientUri, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_SEX_F' => $recipientSex == 'f' ? 'checked="checked"' : '', 'NEWSLETTER_SEX_M' => $recipientSex == 'm' ? 'checked="checked"' : '', 'NEWSLETTER_SALUTATION' => $this->_getRecipientTitleMenu($recipientSalutation, 'name="salutation" size="1"'), 'NEWSLETTER_TITLE' => htmlentities($recipientTitle, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_LASTNAME' => htmlentities($recipientLastname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_FIRSTNAME' => htmlentities($recipientFirstname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_POSITION' => htmlentities($recipientPosition, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_COMPANY' => htmlentities($recipientCompany, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_INDUSTRY_SECTOR' => htmlentities($recipientIndustrySector, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_ADDRESS' => htmlentities($recipientAddress, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_ZIP' => htmlentities($recipientZip, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_CITY' => htmlentities($recipientCity, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_COUNTRY' => $this->getCountryMenu($recipientCountry, $recipientAttributeStatus['recipient_country']['active'] && $recipientAttributeStatus['recipient_country']['required']), 'NEWSLETTER_PHONE' => htmlentities($recipientPhoneOffice, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_PHONE_PRIVATE' => htmlentities($recipientPhonePrivate, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_PHONE_MOBILE' => htmlentities($recipientPhoneMobile, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_FAX' => htmlentities($recipientFax, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_NOTES' => htmlentities($recipientNotes, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_LANGUAGE' => $languages)); $this->_objTpl->setVariable(array('TXT_NEWSLETTER_EMAIL_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_EMAIL_ADDRESS'], 'TXT_NEWSLETTER_SALUTATION' => $_ARRAYLANG['TXT_NEWSLETTER_SALUTATION'], 'TXT_NEWSLETTER_SEX' => $_ARRAYLANG['TXT_NEWSLETTER_SEX'], 'TXT_NEWSLETTER_FEMALE' => $_ARRAYLANG['TXT_NEWSLETTER_FEMALE'], 'TXT_NEWSLETTER_MALE' => $_ARRAYLANG['TXT_NEWSLETTER_MALE'], 'TXT_NEWSLETTER_TITLE' => $_ARRAYLANG['TXT_NEWSLETTER_TITLE'], 'TXT_NEWSLETTER_LASTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_LASTNAME'], 'TXT_NEWSLETTER_FIRSTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_FIRSTNAME'], 'TXT_NEWSLETTER_POSITION' => $_ARRAYLANG['TXT_NEWSLETTER_POSITION'], 'TXT_NEWSLETTER_COMPANY' => $_ARRAYLANG['TXT_NEWSLETTER_COMPANY'], 'TXT_NEWSLETTER_INDUSTRY_SECTOR' => $_ARRAYLANG['TXT_NEWSLETTER_INDUSTRY_SECTOR'], 'TXT_NEWSLETTER_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_ADDRESS'], 'TXT_NEWSLETTER_ZIP' => $_ARRAYLANG['TXT_NEWSLETTER_ZIP'], 'TXT_NEWSLETTER_CITY' => $_ARRAYLANG['TXT_NEWSLETTER_CITY'], 'TXT_NEWSLETTER_COUNTRY' => $_ARRAYLANG['TXT_NEWSLETTER_COUNTRY'], 'TXT_NEWSLETTER_PHONE_PRIVATE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_PRIVATE'], 'TXT_NEWSLETTER_PHONE_MOBILE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_MOBILE'], 'TXT_NEWSLETTER_FAX' => $_ARRAYLANG['TXT_NEWSLETTER_FAX'], 'TXT_NEWSLETTER_PHONE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE'], 'TXT_NEWSLETTER_NOTES' => $_ARRAYLANG['TXT_NEWSLETTER_NOTES'], 'TXT_NEWSLETTER_BIRTHDAY' => $_ARRAYLANG['TXT_NEWSLETTER_BIRTHDAY'], 'TXT_NEWSLETTER_LANGUAGE' => $_ARRAYLANG['TXT_NEWSLETTER_LANGUAGE'], 'TXT_NEWSLETTER_WEBSITE' => $_ARRAYLANG['TXT_NEWSLETTER_WEBSITE'], 'TXT_NEWSLETTER_RECIPIENT_DATE' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_DATE'], 'TXT_NEWSLETTER_RECIPIENT_MONTH' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_MONTH'], 'TXT_NEWSLETTER_RECIPIENT_YEAR' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_YEAR'])); if ($this->_objTpl->blockExists('recipient_profile')) { $this->_objTpl->parse('recipient_profile'); } } // only show newsletter-lists that are visible for new users (not yet registered ones) $excludeDisabledLists = $recipientId == 0; $arrLists = self::getLists($excludeDisabledLists); if ($this->_objTpl->blockExists('newsletter_lists') && !empty($arrLists)) { foreach ($arrLists as $listId => $arrList) { if ($arrList['status'] || in_array($listId, $arrPreAssociatedInactiveLists)) { $this->_objTpl->setVariable(array('NEWSLETTER_LIST_ID' => $listId, 'NEWSLETTER_LIST_NAME' => contrexx_raw2xhtml($arrList['name']), 'NEWSLETTER_LIST_SELECTED' => in_array($listId, $arrAssociatedLists) ? 'checked="checked"' : '')); $this->_objTpl->parse('newsletter_list'); } } $this->_objTpl->setVariable(array('TXT_NEWSLETTER_LISTS' => $_ARRAYLANG['TXT_NEWSLETTER_LISTS'])); $this->_objTpl->parse('newsletter_lists'); } $this->_objTpl->setVariable(array('NEWSLETTER_PROFILE_MAIL' => contrexx_raw2xhtml($requestedMail), 'NEWSLETTER_USER_CODE' => $code, 'TXT_NEWSLETTER_SAVE' => $_ARRAYLANG['TXT_NEWSLETTER_SAVE'])); $this->_objTpl->parse('newsletterForm'); } else { $this->_objTpl->hideBlock('newsletterForm'); } }