function AddStyleSheet($StyleSheetLocation, $Media = '', $Position = '100', $StyleRoot = '~') { if ($StyleRoot == '~') { $StyleRoot = $this->Context->Configuration['WEB_ROOT']; } if (!is_array($this->StyleSheets)) { $this->StyleSheets = array(); } $StylePath = $StyleSheetLocation; if ($StylePath != '') { $StylePath = ConcatenatePath($StyleRoot, $StyleSheetLocation); } $this->InsertItemAt($this->StyleSheets, array('Sheet' => $StylePath, 'Media' => $Media), $Position); }
function RequestPasswordReset($Username) { $Username = FormatStringForDatabaseInput($Username, ''); $Email = false; if ($Username == '') { $this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrInvalidUsername')); } else { // Attempt to retrieve email address $s = $this->Context->ObjectFactory->NewContextObject($this->Context, 'SqlBuilder'); $s->SetMainTable('User', 'u'); $s->AddSelect(array('Email', 'Name', 'UserID'), 'u'); $s->AddWhere('u', 'Name', '', $Username, '='); $UserResult = $this->Context->Database->Select($s, $this->Name, 'RequestPasswordReset', 'An error occurred while retrieving account information.'); if ($this->Context->Database->RowCount($UserResult) == 0) { $this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrAccountNotFound')); } else { $Name = ''; $Email = ''; $UserID = 0; while ($rows = $this->Context->Database->GetRow($UserResult)) { $UserID = ForceInt($rows['UserID'], 0); $Email = ForceString($rows['Email'], ''); $Name = FormatStringForDisplay($rows['Name'], 1); } // Now that we have the email, generate an email verification key $EmailVerificationKey = DefineVerificationKey(); // Insert the email verification key into the user table $s->Clear(); $s->SetMainTable('User', 'u'); $s->AddFieldNameValue('EmailVerificationKey', $EmailVerificationKey, 1); $s->AddWhere('u', 'UserID', '', $UserID, '='); $this->Context->Database->Update($s, $this->Name, 'RequestPasswordReset', 'An error occurred while managing your account information.'); // If there are no errors, send the user an email if ($this->Context->WarningCollector->Count() == 0) { // Retrieve the email body $File = $this->Context->Configuration['LANGUAGES_PATH'] . $this->Context->Configuration['LANGUAGE'] . '/email_password_request.txt'; $EmailBody = @file_get_contents($File); if (!$EmailBody) { $this->Context->ErrorManager->AddError($this->Context, $this->Name, 'AssignRole', 'Failed to read email template (' . $File . ').'); } $e = $this->Context->ObjectFactory->NewContextObject($this->Context, 'Email'); $e->HtmlOn = 0; $e->WarningCollector =& $this->Context->WarningCollector; $e->ErrorManager =& $this->Context->ErrorManager; $e->AddFrom($this->Context->Configuration['SUPPORT_EMAIL'], $this->Context->Configuration['SUPPORT_NAME']); $e->AddRecipient($Email, $Name); $e->Subject = $this->Context->Configuration['APPLICATION_TITLE'] . ' ' . $this->Context->GetDefinition('PasswordResetRequest'); $e->Body = str_replace(array('{user_name}', '{forum_name}', '{password_url}'), array($Name, $this->Context->Configuration['APPLICATION_TITLE'], ConcatenatePath($this->Context->Configuration['BASE_URL'], GetUrl($this->Context->Configuration, 'people.php', '', '', '', '', 'PostBackAction=PasswordResetForm&u=' . $UserID . '&k=' . $EmailVerificationKey))), $EmailBody); $e->Send(); } } } return $this->Context->WarningCollector->Iif($Email, false); }
function NotifyDiscussion($DiscussionForm) { $DiscussionID = @$DiscussionForm->DelegateParameters['ResultDiscussion']->DiscussionID; if ($DiscussionID > 0) { #Detect if Whispered $result = mysql_query("SELECT WhisperUserID FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Discussion WHERE DiscussionID = '{$DiscussionID}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { $Whispered = 1; } else { $Whispered = 0; } $WhisperUserID = $row[0]; if (CheckSubscribeOwn($DiscussionForm->Context)) { ChangeNotify($DiscussionForm->Context, 'DISCUSSION', $DiscussionID, 1); } } else { $DiscussionID = @$DiscussionForm->DelegateParameters['ResultComment']->DiscussionID; #Detect if Whispered $mTitle = @$DiscussionForm->DelegateParameters['ResultComment']->Title; $CommentID = @$DiscussionForm->DelegateParameters['ResultComment']->CommentID; $result = mysql_query("SELECT WhisperUserID FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Discussion WHERE DiscussionID = '{$DiscussionID}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { $Whispered = 1; } else { $Whispered = 0; } $WhisperUserID = $row[0]; if ($Whispered == 0) { $result = mysql_query("SELECT WhisperUserID FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Comment WHERE CommentID = '{$CommentID}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { $Whispered = 1; } else { $Whispered = 0; } $WhisperUserID = $row[0]; } } if ($DiscussionID > 0) { $Notifieusers = array(); $SelfUser = $DiscussionForm->Context->Session->UserID; if ($DiscussionForm->Context->Configuration['NOTIFY_AUTO_ALL'] == 0) { #Add all users who have subscribed to all, aren't already notified except the posting user if ($DiscussionForm->Context->Configuration['NOTIFY_ALLOW_ALL'] == 1) { $result = mysql_query("SELECT A.UserID,Email,FirstName, LastName FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Notify AS A, " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "User AS B WHERE A.Method = 'ALL' AND A.UserID <> '{$SelfUser}' AND A.UserID = B.UserID AND B.Notified = 0", $DiscussionForm->Context->Database->Connection); while ($row = mysql_fetch_row($result)) { if ($Whispered == 1 and $WhisperUserID == $row[0] or $Whispered == 0) { array_push($Notifieusers, array($row[0], $row[1], $row[2], $row[3])); } } } #Add all users who have subscribed to this category , aren't already notified except the posting user if ($DiscussionForm->Context->Configuration['NOTIFY_ALLOW_CATEGORY'] == 1) { $result = mysql_query("SELECT CategoryID FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Discussion WHERE DiscussionID = '{$DiscussionID}'", $DiscussionForm->Context->Database->Connection); $row = mysql_fetch_row($result); $result2 = mysql_query("SELECT A.UserID,Email,FirstName, LastName FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Notify AS A, " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "User AS B WHERE A.Method = 'CATEGORY' AND A.SelectID = '{$row['0']}' AND A.UserID <> '{$SelfUser}' AND A.UserID = B.UserID AND B.Notified = 0", $DiscussionForm->Context->Database->Connection); while ($row2 = mysql_fetch_row($result2)) { if ($Whispered == 1 and $WhisperUserID == $row[0] or $Whispered == 0) { array_push($Notifieusers, array($row2[0], $row2[1], $row2[2], $row2[3])); } } } #Add all users who have subscribed to this discussion , aren't already notified except the posting user if ($DiscussionForm->Context->Configuration['NOTIFY_ALLOW_DISCUSSION'] == 1) { $result2 = mysql_query("SELECT A.UserID,Email,FirstName, LastName FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "Notify AS A, " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "User AS B WHERE A.Method = 'DISCUSSION' AND A.SelectID = '{$DiscussionID}' AND A.UserID <> '{$SelfUser}' AND A.UserID = B.UserID AND B.Notified = 0", $DiscussionForm->Context->Database->Connection); while ($row2 = mysql_fetch_row($result2)) { if ($Whispered == 1 and $WhisperUserID = $row[0] or $Whispered == 0) { array_push($Notifieusers, array($row2[0], $row2[1], $row2[2], $row2[3])); } } } } else { #Add all users $result = mysql_query("SELECT UserID,Email,FirstName, LastName FROM " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "User WHERE UserID <> '{$SelfUser}' AND Notified = 0", $DiscussionForm->Context->Database->Connection); while ($row = mysql_fetch_row($result)) { if ($Whispered == 1 and $WhisperUserID == $row[0] or $Whispered == 0) { array_push($Notifieusers, array($row[0], $row[1], $row[2], $row[3])); } } } #Remove double inserted users array_unique($Notifieusers); #Send an email for each user: $mailsent = array(); $e = $DiscussionForm->Context->ObjectFactory->NewContextObject($DiscussionForm->Context, 'Email'); $e->HtmlOn = 0; foreach ($Notifieusers as $val) { $mName = ''; if ($val[2] != '') { $mName = ' ' . $val[2]; } if ($val[1] != "" and !in_array($val[1], $mailsent)) { if ($val[2] != "" and $val[3] != "") { $NotifyName = ''; } else { $NotifyName = $val[2] . ' ' . $val[3]; } $e->Clear(); $e->AddFrom($DiscussionForm->Context->Configuration['SUPPORT_EMAIL'], $DiscussionForm->Context->Configuration['SUPPORT_NAME']); $e->AddRecipient($val[1], $NotifyName); $e->Subject = $DiscussionForm->Context->Configuration['APPLICATION_TITLE'] . ' ' . $DiscussionForm->Context->GetDefinition('Notification'); $EmailBody = @file_get_contents($DiscussionForm->Context->Configuration['EXTENSIONS_PATH'] . 'Notify/email_notify.txt'); $e->Body = str_replace(array("{name}", "{forum_name}", "{title}", "{comment}", "{user}", "{topic_url}", "{support_name}"), array($mName, $DiscussionForm->Context->Configuration['APPLICATION_TITLE'], $mTitle, $mComment, $mUser, ConcatenatePath($DiscussionForm->Context->Configuration['BASE_URL'] . 'comments.php?DiscussionID=' . $DiscussionID, ''), $DiscussionForm->Context->Configuration['SUPPORT_NAME']), $EmailBody); $e->Send(); array_push($mailsent, $val[1]); mysql_query("UPDATE " . $DiscussionForm->Context->Configuration['DATABASE_TABLE_PREFIX'] . "User SET Notified = 1 WHERE UserID = '{$val['0']}'"); } } } }
function GetRequestUri() { global $Configuration; $Host = ForceString($_SERVER['HTTP_HOST'], ''); if ($Host != '') { $Host = PrependString($Configuration['HTTP_METHOD'] . '://', $Host); } $Path = @$_SERVER['REQUEST_URI']; // If the path wasn't provided in the REQUEST_URI variable, let's look elsewhere for it if ($Path == '') { $Path = @$_SERVER['HTTP_X_REWRITE_URL']; } // Some servers use this instead // If the path still wasn't found, let's try building it with other variables if ($Path == '') { $Path = @$_SERVER['SCRIPT_NAME']; $Path .= @$_SERVER['QUERY_STRING'] == '' ? '' : '?' . @$_SERVER['QUERY_STRING']; } $FullPath = ConcatenatePath($Host, $Path); return FormatStringForDisplay($FullPath); }
/* Extension Name: Guest Welcome Message Extension Url: http://vanillaforums.org/addon/9/guest-welcome-message Description: Adds a welcome message to the panel if the person viewing the forum doesn't have an active session. Version: 4.0 Author: Mark O'Sullivan Author Url: http://markosullivan.ca/ * * * Copyright 2006 Mark O'Sullivan <http://markosullivan.ca/> * Copyright 2010 Damien Lebrun <*****@*****.**> * * Changes: * * 4.0: * * - GuestWelcome definition is deprecated. It uses GuestWelcomeMessage * definition instead. This definition doesn't need to include the * sign-in and registration URLs. * */ $Context->SetDefinition("GuestWelcomeMessage", '<strong>Welcome Guest!</strong><br />' . 'Want to take part in these discussions? If you have an account, ' . '<a href="%s">sign in now</a>. <br />' . 'If you don\'t have an account, ' . '<a href="%s">apply for one now</a>.'); $GuestWelcomeMessagePage = array("account.php", "categories.php", "comments.php", "index.php", "search.php"); if (in_array($Context->SelfUrl, $GuestWelcomeMessagePage) && $Context->Session->UserID == 0) { $SignInUrl = empty($Configuration['SIGNIN_URL']) ? GetUrl($Configuration, "people.php") : ConcatenatePath($Configuration['BASE_URL'], $Configuration['SIGNIN_URL']); $RegisterUrl = empty($Configuration['REGISTRATION_URL']) ? GetUrl($Configuration, "people.php", "", "", "", "", "PostBackAction=ApplyForm") : ConcatenatePath($Configuration['BASE_URL'], $Configuration['REGISTRATION_URL']); $NoticeCollector->AddNotice(sprintf($Context->GetDefinition('GuestWelcomeMessage'), $SignInUrl, $RegisterUrl)); unset($SignInUrl, $RegisterUrl); } unset($GuestWelcomeMessagePage);
include '../../appg/init_vanilla.php'; $PostBackKey = ForceIncomingString('PostBackKey', ''); $PostBackAction = ForceIncomingString('PostBackAction', ''); $Type = ForceIncomingString('Type', ''); $ElementID = ForceIncomingInt('ElementID', 0); $Value = ForceIncomingInt('Value', 0); if ($PostBackAction !== 'ChangeNotifi') { header("HTTP/1.1 404 Not Found"); $Context->Unload(); echo 'Wrong address.'; exit; } if ($Context->Session->UserID === 0) { header("HTTP/1.1 401 Unauthorised"); header('WWW-Authenticate: Vanilla-Login-1.0'); header('Location: ' . ConcatenatePath($Context->Configuration['BASE_URL'], $Context->Configuration['SIGNIN_URL'])); $Context->Unload(); echo 'You are not logged-in'; exit; } if ($PostBackKey == '' || $PostBackKey === $Context->Session->GetCsrfValidationKey()) { header("HTTP/1.1 401 Unauthorized"); header('Www-Authenticate: Vanilla-Csrf-Check key="' . $Context->Session->GetCsrfValidationKey() . '"'); echo 'Unable to authenticate this request.'; $Context->Unload(); exit; } if ($Type != 'OWN') { if ($Type != 'KEEPEMAILING') { ChangeNotifi($Context, $Type, $ElementID, $Value); }
function Upload($InputName, $DestinationFolder, $DestinationName = '', $TimeStampName = '0', $OverwriteExistingFile = '0') { $Return = ""; if (array_key_exists($InputName, $_FILES)) { $FileName = basename($_FILES[$InputName]['name']); $FilePieces = explode('.', $FileName); $FileExtension = $FilePieces[count($FilePieces) - 1]; if ($FileExtension == 'gz' && $FilePieces[count($FilePieces) - 2] == 'tar') { $FileExtension = 'tar.gz'; } if ($FileName != '') { // Define file properties if ($DestinationName == '') { $DestinationName = $FileName; } $TempFileName = $_FILES[$InputName]['tmp_name']; $FileType = $_FILES[$InputName]['type']; $this->CurrentFileSize = $_FILES[$InputName]['size']; // Ensure the file is not empty if ($this->CurrentFileSize == 0) { $this->Context->WarningCollector->Add('The file you attempted to upload (' . $FileName . ') was empty.'); } // Ensure that the file's type is allowed if (!array_key_exists($FileType, $this->AllowedFileTypes)) { $this->Context->WarningCollector->Add('You are not allowed to upload (' . $FileName . ') the requested file type: ' . $FileType); } else { // Now make sure that the file type has the proper extension if (!in_array(strtoupper($FileExtension), explode(',', strtoupper(join(',', $this->AllowedFileTypes[$FileType]))))) { $Message = ''; for ($i = 0; $i < count($this->AllowedFileTypes[$FileType]); $i++) { if ($Message != '') { $Message .= ', '; } $Message .= $this->AllowedFileTypes[$FileType][$i]; } $Message = 'The file you attempted to upload (' . $FileName . ') was of type "' . $FileType . '", but the file extension "' . $FileExtension . '" did not match the accepted extensions for this type of file: ' . $Message; $this->Context->WarningCollector->Add($Message); } } // Ensure that the file is not beyond the maximum allowable size if ($this->CurrentFileSize > $this->MaximumFileSize) { $this->Context->WarningCollector->Add('The file you have attempted to upload (' . $FileName . ') is larger than the allowed size: ' . FormatFileSize($this->MaximumFileSize)); } if ($this->Context->WarningCollector->Count() == 0) { // Redefine new file to include proper file extension $DestinationNameOnly = substr($DestinationName, 0, strpos($DestinationName, '.' . $FileExtension)); if ($TimeStampName) { $DestinationNameOnly .= date('-Y-m-d', mktime()); $DestinationName = $DestinationNameOnly . '.' . $FileExtension; } $Return = $DestinationName; $NewFilePath = ConcatenatePath($DestinationFolder, $Return); if (!$OverwriteExistingFile) { $Loop = 2; while (file_exists($NewFilePath)) { $Return = $DestinationNameOnly . $Loop . '.' . $FileExtension; $NewFilePath = ConcatenatePath($DestinationFolder, $Return); $Loop++; } } if (!move_uploaded_file($_FILES[$InputName]['tmp_name'], $NewFilePath)) { $this->Context->WarningCollector->Add('Failed to upload the file: ' . $FileName); } } } else { $this->Context->WarningCollector->Add('You must provide a file to be uploaded.'); } } else { $this->Context->WarningCollector->Add('The file you attempted to upload could not be found in postback data.'); } return $Return; }