/**
* Main function to determine the avatar to use
*/
function _getAvatarURL($user, &$title, &$size)
{
global $auth;
if (!$size || !is_int($size)) {
$size = $this->getConf('size');
}
// check first if a local image for the given user exists
$userinfo = $auth->getUserData($user);
if (is_array($userinfo)) {
if ($userinfo['name'] && !$title) {
$title = hsc($userinfo['name']);
}
$avatar = $this->getConf('namespace') . ':' . $user;
$formats = array('.png', '.jpg', '.gif');
foreach ($formats as $format) {
$img = mediaFN($avatar . $format);
if (!@file_exists($img)) {
continue;
}
$src = ml($avatar . $format, array('w' => $size, 'h' => $size));
break;
}
if (!$src) {
$mail = $userinfo['mail'];
}
} else {
$mail = $user;
}
if (!$src) {
$seed = md5($mail);
if (function_exists('imagecreatetruecolor')) {
// we take the monster ID as default
$file = 'monsterid.php?seed=' . $seed . '&size=' . $size . '&.png';
} else {
// GDlib is not availble - resort to default images
switch ($size) {
case 20:
case 40:
case 80:
$file = 'images/default_' . $size . '.png';
break;
default:
$file = 'images/default_120.png';
}
}
$default = ml(DOKU_URL . '/lib/plugins/avatar/' . $file, 'cache=recache', true, '&', true);
// do not pass invalid or empty emails to gravatar site...
if (mail_isvalid($mail) && $size <= 80) {
$src = ml('http://www.gravatar.com/avatar.php?' . 'gravatar_id=' . $seed . '&default=' . urlencode($default) . '&size=' . $size . '&rating=' . $this->getConf('rating') . '&.jpg', 'cache=recache');
// show only default image if invalid or empty email given
} else {
$src = $default;
}
}
if (!$title) {
$title = obfuscate($mail);
}
return $src;
}
function _validate()
{
parent::_validate();
$value = $this->getParam('value');
if (!is_null($value) && !mail_isvalid($value)) {
throw new Exception(sprintf($this->getLang('e_email'), hsc($this->getParam('label'))));
}
}
/**
* Validate
*
* @param int|string $rawvalue
* @return int|string
*/
public function validate($rawvalue)
{
$rawvalue = parent::validate($rawvalue);
$mail = $this->config['prefix'] . $rawvalue . $this->config['postfix'];
if (!mail_isvalid($mail)) {
throw new ValidationException('Mail invalid', $mail);
}
return $rawvalue;
}
/**
* Simple test to make sure the plugin.info.txt is in correct format
*/
public function test_plugininfo()
{
$file = __DIR__ . '/../plugin.info.txt';
$this->assertFileExists($file);
$info = confToHash($file);
$this->assertArrayHasKey('base', $info);
$this->assertArrayHasKey('author', $info);
$this->assertArrayHasKey('email', $info);
$this->assertArrayHasKey('date', $info);
$this->assertArrayHasKey('name', $info);
$this->assertArrayHasKey('desc', $info);
$this->assertArrayHasKey('url', $info);
$this->assertEquals('svgpureinsert', $info['base']);
$this->assertRegExp('/^https?:\\/\\//', $info['url']);
$this->assertTrue(mail_isvalid($info['email']));
$this->assertRegExp('/^\\d\\d\\d\\d-\\d\\d-\\d\\d$/', $info['date']);
$this->assertTrue(false !== strtotime($info['date']));
}
/**
* Makes sure the given data fits with the given type
*/
function _cleanData($value, $type)
{
$value = trim($value);
if (!$value) {
return '';
}
if (is_array($type)) {
if (isset($type['enum']) && !preg_match('/(^|,\\s*)' . preg_quote_cb($value) . '($|\\s*,)/', $type['enum'])) {
return '';
}
$type = $type['type'];
}
switch ($type) {
case 'dt':
if (preg_match('/^(\\d\\d\\d\\d)-(\\d\\d?)-(\\d\\d?)$/', $value, $m)) {
return sprintf('%d-%02d-%02d', $m[1], $m[2], $m[3]);
}
return '';
case 'url':
if (!preg_match('!^[a-z]+://!i', $value)) {
$value = 'http://' . $value;
}
return $value;
case 'mail':
$email = '';
$name = '';
$part = '';
$parts = preg_split('/\\s+/', $value);
do {
$part = array_shift($parts);
if (!$email && mail_isvalid($part)) {
$email = strtolower($part);
continue;
}
$name .= $part . ' ';
} while ($part);
return trim($email . ' ' . $name);
case 'page':
case 'nspage':
return cleanID($value);
default:
return $value;
}
}
/**
* update setting with user provided value $input
* if value fails error check, save it
*
* @return true if changed, false otherwise (incl. on error)
*/
function update($input)
{
if (is_null($input)) {
return false;
}
if ($this->is_protected()) {
return false;
}
$value = is_null($this->_local) ? $this->_default : $this->_local;
if ($value == $input) {
return false;
}
// replace variables with pseudo values
$test = $input;
$test = str_replace('@USER@', 'joe', $test);
$test = str_replace('@NAME@', 'Joe Schmoe', $test);
$test = str_replace('@MAIL@', '*****@*****.**', $test);
// now only check the address part
if (preg_match('#(.*?)<(.*?)>#', $test, $matches)) {
$text = trim($matches[1]);
$addr = $matches[2];
} else {
$addr = $test;
}
if (!mail_isvalid($addr)) {
$this->_error = true;
$this->_input = $input;
return false;
}
$this->_local = $input;
return true;
}
/**
* update setting with user provided value $input
* if value fails error check, save it
*
* @param mixed $input
* @return boolean true if changed, false otherwise (incl. on error)
*/
function update($input)
{
if (is_null($input)) {
return false;
}
if ($this->is_protected()) {
return false;
}
$value = is_null($this->_local) ? $this->_default : $this->_local;
if ($value == $input) {
return false;
}
if ($input === '') {
$this->_local = $input;
return true;
}
$mail = $input;
if ($this->_placeholders) {
// replace variables with pseudo values
$mail = str_replace('@USER@', 'joe', $mail);
$mail = str_replace('@NAME@', 'Joe Schmoe', $mail);
$mail = str_replace('@MAIL@', '*****@*****.**', $mail);
}
// multiple mail addresses?
if ($this->_multiple) {
$mails = array_filter(array_map('trim', explode(',', $mail)));
} else {
$mails = array($mail);
}
// check them all
foreach ($mails as $mail) {
// only check the address part
if (preg_match('#(.*?)<(.*?)>#', $mail, $matches)) {
$addr = $matches[2];
} else {
$addr = $mail;
}
if (!mail_isvalid($addr)) {
$this->_error = true;
$this->_input = $input;
return false;
}
}
$this->_local = $input;
return true;
}
/**
* Returns cleaned user data
*
* @param array $candidate raw values of line from input file
* @param $error
* @return array|bool cleaned data or false
*/
protected function _cleanImportUser($candidate, &$error)
{
global $INPUT;
// kludgy ....
$INPUT->set('userid', $candidate[0]);
$INPUT->set('userpass', $candidate[1]);
$INPUT->set('username', $candidate[2]);
$INPUT->set('usermail', $candidate[3]);
$INPUT->set('usergroups', $candidate[4]);
$cleaned = $this->_retrieveUser();
list($user, $pass, $name, $mail, $grps) = $cleaned;
if (empty($user)) {
$error = $this->lang['import_error_baduserid'];
return false;
}
// no need to check password, handled elsewhere
if (!($this->_auth->canDo('modName') xor empty($name))) {
$error = $this->lang['import_error_badname'];
return false;
}
if ($this->_auth->canDo('modMail')) {
if (empty($mail) || !mail_isvalid($mail)) {
$error = $this->lang['import_error_badmail'];
return false;
}
} else {
if (!empty($mail)) {
$error = $this->lang['import_error_badmail'];
return false;
}
}
return $cleaned;
}
function send_link($email, $url, &$valid_email)
{
if (!mail_isvalid($email)) {
msg($this->getLang('bad_email') . $email);
$valid_email = false;
return false;
}
global $conf;
$text = $this->getLang('email_confirm') . "\n\n";
$text .= $url;
$text .= "\n\n";
$subject = $this->getLang('subject_confirm');
return mail_send($email, $subject . $conf['title'], $text, $conf['mailfrom']);
}
/**
* Update user profile
*
* @author Christopher Smith <*****@*****.**>
*/
function updateprofile()
{
global $conf;
global $INFO;
global $lang;
global $auth;
if (!$auth) {
return false;
}
if (empty($_POST['save'])) {
return false;
}
if (!checkSecurityToken()) {
return false;
}
// should not be able to get here without Profile being possible...
if (!$auth->canDo('Profile')) {
msg($lang['profna'], -1);
return false;
}
if ($_POST['newpass'] != $_POST['passchk']) {
msg($lang['regbadpass'], -1);
// complain about misspelled passwords
return false;
}
//clean fullname and email
$_POST['fullname'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['fullname']));
$_POST['email'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['email']));
if (empty($_POST['fullname']) && $auth->canDo('modName') || empty($_POST['email']) && $auth->canDo('modMail')) {
msg($lang['profnoempty'], -1);
return false;
}
if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')) {
msg($lang['regbadmail'], -1);
return false;
}
if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) {
$changes['name'] = $_POST['fullname'];
}
if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) {
$changes['mail'] = $_POST['email'];
}
if (!empty($_POST['newpass']) && $auth->canDo('modPass')) {
$changes['pass'] = $_POST['newpass'];
}
if (!count($changes)) {
msg($lang['profnochange'], -1);
return false;
}
if ($conf['profileconfirm']) {
if (!$auth->checkPass($_SERVER['REMOTE_USER'], $_POST['oldpass'])) {
msg($lang['badlogin'], -1);
return false;
}
}
if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
// update cookie and session with the changed data
$cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
list($user, $sticky, $pass) = explode('|', $cookie, 3);
if ($changes['pass']) {
$pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt());
}
auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
return true;
}
}
/**
* Handles comment actions, dispatches data processing routines
*/
function handle_act_preprocess(&$event, $param)
{
global $ID;
global $INFO;
global $conf;
global $lang;
// handle newthread ACTs
if ($event->data == 'newthread') {
// we can handle it -> prevent others
$event->preventDefault();
$event->data = $this->_newThread();
}
// enable captchas
if (in_array($_REQUEST['comment'], array('add', 'save'))) {
if (@file_exists(DOKU_PLUGIN . 'captcha/action.php')) {
$this->_captchaCheck();
}
if (@file_exists(DOKU_PLUGIN . 'recaptcha/action.php')) {
$this->_recaptchaCheck();
}
}
// if we are not in show mode or someone wants to unsubscribe, that was all for now
if ($event->data != 'show' && $event->data != 'discussion_unsubscribe' && $event->data != 'discussion_confirmsubscribe') {
return;
}
if ($event->data == 'discussion_unsubscribe' or $event->data == 'discussion_confirmsubscribe') {
// ok we can handle it prevent others
$event->preventDefault();
if (!isset($_REQUEST['hash'])) {
return false;
} else {
$file = metaFN($ID, '.comments');
$data = unserialize(io_readFile($file));
$themail = '';
foreach ($data['subscribers'] as $mail => $info) {
// convert old style subscribers just in case
if (!is_array($info)) {
$hash = $data['subscribers'][$mail];
$data['subscribers'][$mail]['hash'] = $hash;
$data['subscribers'][$mail]['active'] = true;
$data['subscribers'][$mail]['confirmsent'] = true;
}
if ($data['subscribers'][$mail]['hash'] == $_REQUEST['hash']) {
$themail = $mail;
}
}
if ($themail != '') {
if ($event->data == 'discussion_unsubscribe') {
unset($data['subscribers'][$themail]);
msg(sprintf($lang['unsubscribe_success'], $themail, $ID), 1);
} elseif ($event->data == 'discussion_confirmsubscribe') {
$data['subscribers'][$themail]['active'] = true;
msg(sprintf($lang['subscribe_success'], $themail, $ID), 1);
}
io_saveFile($file, serialize($data));
$event->data = 'show';
return true;
} else {
return false;
}
}
} else {
// do the data processing for comments
$cid = $_REQUEST['cid'];
switch ($_REQUEST['comment']) {
case 'add':
if (empty($_REQUEST['text'])) {
return;
}
// don't add empty comments
if (isset($_SERVER['REMOTE_USER']) && !$this->getConf('adminimport')) {
$comment['user']['id'] = $_SERVER['REMOTE_USER'];
$comment['user']['name'] = $INFO['userinfo']['name'];
$comment['user']['mail'] = $INFO['userinfo']['mail'];
} elseif (isset($_SERVER['REMOTE_USER']) && $this->getConf('adminimport') && auth_ismanager() || !isset($_SERVER['REMOTE_USER'])) {
if (empty($_REQUEST['name']) or empty($_REQUEST['mail'])) {
return;
}
// don't add anonymous comments
if (!mail_isvalid($_REQUEST['mail'])) {
msg($lang['regbadmail'], -1);
return;
} else {
$comment['user']['id'] = 'test' . hsc($_REQUEST['user']);
$comment['user']['name'] = hsc($_REQUEST['name']);
$comment['user']['mail'] = hsc($_REQUEST['mail']);
}
}
$comment['user']['address'] = $this->getConf('addressfield') ? hsc($_REQUEST['address']) : '';
$comment['user']['url'] = $this->getConf('urlfield') ? $this->_checkURL($_REQUEST['url']) : '';
$comment['subscribe'] = $this->getConf('subscribe') ? $_REQUEST['subscribe'] : '';
$comment['date'] = array('created' => $_REQUEST['date']);
$comment['raw'] = cleanText($_REQUEST['text']);
$repl = $_REQUEST['reply'];
if ($this->getConf('moderate') && !auth_ismanager()) {
$comment['show'] = false;
} else {
$comment['show'] = true;
}
$this->_add($comment, $repl);
break;
case 'save':
$raw = cleanText($_REQUEST['text']);
$this->_save(array($cid), $raw);
break;
case 'delete':
$this->_save(array($cid), '');
break;
case 'toogle':
$this->_save(array($cid), '', 'toogle');
break;
}
}
}
function test1()
{
$tests = array();
// our own tests
$tests[] = array('*****@*****.**', true);
$tests[] = array('~someone@somewhere.com', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
// FS#1447
$tests[] = array("rfc2822+allthesechars_#*!'`/-={}are.legal@somewhere.com.au", true);
$tests[] = array('*****@*****.**', true);
// FS#1049
$tests[] = array('bugs@php.net1', true);
// new ICAN rulez seem to allow this
$tests[] = array('.bugs@php.net1', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('bugs@php.net.', false);
$tests[] = array('bu(g)s@php.net1', false);
$tests[] = array('bu[g]s@php.net1', false);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
// tests from http://code.google.com/p/php-email-address-validation/ below
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('t*est@example.com', true);
$tests[] = array('+1~1+@example.com', true);
$tests[] = array('{_test_}@example.com', true);
$tests[] = array('"[[ test ]]"@example.com', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('test."test"@example.com', true);
$tests[] = array('"test@test"@example.com', true);
$tests[] = array('test@123.123.123.123', true);
$tests[] = array('test@[123.123.123.123]', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('*****@*****.**', true);
$tests[] = array('test.example.com', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('*****@*****.**', false);
$tests[] = array('test@test@example.com', false);
$tests[] = array('test@@example.com', false);
$tests[] = array('-- test --@example.com', false);
// No spaces allowed in local part
$tests[] = array('[test]@example.com', false);
// Square brackets only allowed within quotes
$tests[] = array('"test\\test"@example.com', false);
// Quotes cannot contain backslash
$tests[] = array('"test"test"@example.com', false);
// Quotes cannot be nested
$tests[] = array('()[]\\;:,<>@example.com', false);
// Disallowed Characters
$tests[] = array('test@.', false);
$tests[] = array('test@example.', false);
$tests[] = array('test@.org', false);
$tests[] = array('*****@*****.**', false);
// 64 characters is maximum length for local part. This is 65.
$tests[] = array('*****@*****.**', false);
// 255 characters is maximum length for domain. This is 256.
$tests[] = array('test@example', false);
$tests[] = array('test@[123.123.123.123', false);
$tests[] = array('test@123.123.123.123]', false);
foreach ($tests as $test) {
$info = 'Testing ' . $test[0];
$this->signal('failinfo', $info);
if ($test[1]) {
$this->assertTrue((bool) mail_isvalid($test[0]));
} else {
$this->assertFalse((bool) mail_isvalid($test[0]));
}
}
}
/**
* Update user profile
*
* @author Christopher Smith <*****@*****.**>
*/
function updateprofile()
{
global $conf;
global $lang;
/* @var DokuWiki_Auth_Plugin $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
if (!$INPUT->post->bool('save')) {
return false;
}
if (!checkSecurityToken()) {
return false;
}
if (!actionOK('profile')) {
msg($lang['profna'], -1);
return false;
}
$changes = array();
$changes['pass'] = $INPUT->post->str('newpass');
$changes['name'] = $INPUT->post->str('fullname');
$changes['mail'] = $INPUT->post->str('email');
// check misspelled passwords
if ($changes['pass'] != $INPUT->post->str('passchk')) {
msg($lang['regbadpass'], -1);
return false;
}
// clean fullname and email
$changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name']));
$changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail']));
// no empty name and email (except the backend doesn't support them)
if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) {
msg($lang['profnoempty'], -1);
return false;
}
if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) {
msg($lang['regbadmail'], -1);
return false;
}
$changes = array_filter($changes);
// check for unavailable capabilities
if (!$auth->canDo('modName')) {
unset($changes['name']);
}
if (!$auth->canDo('modMail')) {
unset($changes['mail']);
}
if (!$auth->canDo('modPass')) {
unset($changes['pass']);
}
// anything to do?
if (!count($changes)) {
msg($lang['profnochange'], -1);
return false;
}
if ($conf['profileconfirm']) {
if (!$auth->checkPass($INPUT->server->str('REMOTE_USER'), $INPUT->post->str('oldpass'))) {
msg($lang['badpassconfirm'], -1);
return false;
}
}
if (!$auth->triggerUserMod('modify', array($INPUT->server->str('REMOTE_USER'), &$changes))) {
msg($lang['proffail'], -1);
return false;
}
if ($changes['pass']) {
// update cookie and session with the changed data
list(, $sticky, ) = auth_getCookie();
$pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
} else {
// make sure the session is writable
@session_start();
// invalidate session cache
$_SESSION[DOKU_COOKIE]['auth']['time'] = 0;
session_write_close();
}
return true;
}
public function inputToInternal($value, $def)
{
switch ($def['format']) {
case 'image':
case 'file':
if (!is_bool($value)) {
if (!is_array($value) || trim(implode('', $value)) === '') {
$value = null;
}
}
break;
case 'integer':
$value = trim($value);
if ($value === '') {
$value = null;
} else {
if ($value !== '') {
if (!preg_match('/^[+-]?\\d+$/', $value)) {
throw new Exception($this->getLang('badinteger'));
}
}
$value = intval($value);
}
break;
case 'date':
$value = strtolower(trim($value));
if ($value === '') {
$value = null;
} else {
if (in_array($value, array($this->getLang('today'), $this->getLang('now')))) {
$value = time();
} else {
$value = self::parseInternalDate($value);
if ($value === false) {
throw new Exception($this->getLang('baddate'));
}
$value = mktime(12, 0, 0, $value['month'], $value['day'], $value['year']);
}
}
break;
case 'time':
$value = strtolower(trim($value));
if ($value !== '') {
if ($value == $this->getLang('now')) {
$value = date('H:i:s');
} else {
if (!self::parseInternalTime($value)) {
throw new Exception($this->getLang('badtime'));
}
}
} else {
$value = null;
}
break;
case 'datetime':
$value = strtolower(trim($value));
if ($value === '') {
$value = null;
} else {
if ($value === $this->getLang('now')) {
$value = time();
} else {
list($date, $time, $tail) = preg_split('/[\\s,;]+/', $value);
$date = trim($date);
$time = trim($time);
$tail = trim($tail);
if ($date === '' || $time === '') {
throw new Exception($this->getLang('baddatetime'));
}
if ($tail !== '') {
throw new Exception($this->getLang('baddatetimetail'));
}
if (trim($date) === $this->getLang('today')) {
$date = array('year' => idate('Y'), 'month' => idate('m'), 'day' => idate('d'));
} else {
$date = self::parseInternalDate($date);
if ($date === false) {
throw new Exception($this->getLang('baddate'));
}
}
$time = self::parseInternalTime($time);
if ($time === false) {
throw new Exception($this->getLang('badtime'));
}
$value = mktime($time['hour'], $time['minute'], $time['second'], $date['month'], $date['day'], $date['year']);
}
}
break;
case 'phone':
case 'fax':
$value = trim($value);
if ($value !== '') {
$temp = preg_replace('/\\s+/', '', $value);
$temp = preg_replace('/\\(([^)]+)\\)/', '\\1', $temp);
if (!preg_match('#^\\+?(\\d+(([-/]|/-)\\d+)*)+$#', $temp)) {
throw new Exception($this->getLang('badphonefax'));
}
} else {
$value = null;
}
break;
case 'monetary':
$value = trim($value);
if ($value !== '') {
$valuePattern = '/[+-]?\\d+([.,]\\d)?/';
if (!preg_match($valuePattern, $value)) {
throw new Exception($this->getLang('badmoney'));
}
// validate to have one out of these formats:
// 0,34 or "USD 34,00" or "5 EUR" ...
$temp = preg_split($valuePattern, $value);
if (trim($temp[1]) === '') {
unset($temp[1]);
}
if (trim($temp[0]) === '') {
unset($temp[0]);
}
if (count($temp) > 1) {
throw new Exception($this->getLang('badmoneytail'));
}
} else {
$value = null;
}
break;
case 'real':
$value = trim($value);
if ($value === '') {
$value = null;
} else {
if (!preg_match('/^[+-]?\\d+([.,]\\d+)?$/', $value)) {
throw new Exception($this->getLang('badfloat'));
}
$value = doubleval(strtr($value, ',', '.'));
}
break;
case 'url':
$value = trim($value);
if ($value !== '') {
$info = parse_url($value);
if (!is_array($info)) {
throw new Exception($this->getLang('badurl'));
}
if ($value !== '' && !$info['scheme']) {
throw new Exception($this->getLang('badurlnoabs'));
}
} else {
$value = null;
}
break;
case 'email':
$value = trim($value);
if ($value !== '') {
if (!mail_isvalid($value)) {
throw new Exception($this->getLang('badmail'));
}
if ($this->getConf('checkmaildomains') != false) {
list($box, $domain) = explode('@', $value);
$ip = gethostbyname($domain);
if ($ip === $domain || ip2long($ip) === false) {
if (!getmxrr($domain, $dummy)) {
throw new Exception($this->getLang('badmailunknown'));
}
}
}
} else {
$value = null;
}
break;
case 'acl':
// row-based ACL rule
if ($this->isAuthorized($this->options['mayadmin'])) {
$value = implode(';', $this->parseACLRule(trim($value), true));
} else {
$value = null;
}
break;
case 'text':
// everything's fine here
// everything's fine here
default:
if (trim($value) === '') {
$value = null;
}
}
return $value;
}
/**
* Update user profile
*
* @author Christopher Smith <*****@*****.**>
*/
function updateprofile()
{
global $conf;
global $INFO;
global $lang;
global $auth;
if (empty($_POST['save'])) {
return false;
}
if (!checkSecurityToken()) {
return false;
}
// should not be able to get here without Profile being possible...
if (!$auth->canDo('Profile')) {
msg($lang['profna'], -1);
return false;
}
if ($_POST['newpass'] != $_POST['passchk']) {
msg($lang['regbadpass'], -1);
// complain about misspelled passwords
return false;
}
//clean fullname and email
$_POST['fullname'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['fullname']));
$_POST['email'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $_POST['email']));
if (empty($_POST['fullname']) || empty($_POST['email'])) {
msg($lang['profnoempty'], -1);
return false;
}
if (!mail_isvalid($_POST['email'])) {
msg($lang['regbadmail'], -1);
return false;
}
if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) {
$changes['name'] = $_POST['fullname'];
}
if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) {
$changes['mail'] = $_POST['email'];
}
if (!empty($_POST['newpass']) && $auth->canDo('modPass')) {
$changes['pass'] = $_POST['newpass'];
}
if (!count($changes)) {
msg($lang['profnochange'], -1);
return false;
}
if ($conf['profileconfirm']) {
if (!$auth->checkPass($_SERVER['REMOTE_USER'], $_POST['oldpass'])) {
msg($lang['badlogin'], -1);
return false;
}
}
return $auth->modifyUser($_SERVER['REMOTE_USER'], $changes);
}
/**
* Encodes an email address header
*
* Unicode characters will be deaccented and encoded
* quoted_printable for headers.
* Addresses may not contain Non-ASCII data!
*
* Example:
* mail_encode_address("föö <*****@*****.**>, me@somewhere.com","TBcc");
*
* @param string $string Multiple adresses separated by commas
* @param string $header Name of the header (To,Bcc,Cc,...)
* @param boolean $names Allow named Recipients?
*/
function mail_encode_address($string, $header = '', $names = true)
{
$headers = '';
$parts = explode(',', $string);
foreach ($parts as $part) {
$part = trim($part);
// parse address
if (preg_match('#(.*?)<(.*?)>#', $part, $matches)) {
$text = trim($matches[1]);
$addr = $matches[2];
} else {
$addr = $part;
}
// skip empty ones
if (empty($addr)) {
continue;
}
// FIXME: is there a way to encode the localpart of a emailaddress?
if (!utf8_isASCII($addr)) {
msg(htmlspecialchars("E-Mail address <{$addr}> is not ASCII"), -1);
continue;
}
if (!mail_isvalid($addr)) {
msg(htmlspecialchars("E-Mail address <{$addr}> is not valid"), -1);
continue;
}
// text was given
if (!empty($text) && $names) {
// add address quotes
$addr = "<{$addr}>";
if (defined('MAILHEADER_ASCIIONLY')) {
$text = utf8_deaccent($text);
$text = utf8_strip($text);
}
if (!utf8_isASCII($text)) {
// put the quotes outside as in =?UTF-8?Q?"Elan Ruusam=C3=A4e"?= vs "=?UTF-8?Q?Elan Ruusam=C3=A4e?="
if (preg_match('/^"(.+)"$/', $text, $matches)) {
$text = '"=?UTF-8?Q?' . mail_quotedprintable_encode($matches[1], 0) . '?="';
} else {
$text = '=?UTF-8?Q?' . mail_quotedprintable_encode($text, 0) . '?=';
}
// additionally the space character should be encoded as =20 (or each
// word QP encoded separately).
// however this is needed only in mail headers, not globally in mail_quotedprintable_encode().
$text = str_replace(" ", "=20", $text);
}
} else {
$text = '';
}
// add to header comma seperated
if ($headers != '') {
$headers .= ',';
if ($header) {
$headers .= MAILHEADER_EOL . ' ';
}
// avoid overlong mail headers
}
$headers .= $text . ' ' . $addr;
}
if (empty($headers)) {
return null;
}
//if headername was given add it and close correctly
if ($header) {
$headers = $header . ': ' . $headers . MAILHEADER_EOL;
}
return $headers;
}
/**
* Update user profile
*
* @author Christopher Smith <*****@*****.**>
*/
function updateprofile()
{
global $conf;
global $lang;
/* @var auth_basic $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
if (!$INPUT->post->bool('save')) {
return false;
}
if (!checkSecurityToken()) {
return false;
}
if (!actionOK('profile')) {
msg($lang['profna'], -1);
return false;
}
$changes = array();
$changes['pass'] = $INPUT->post->str('newpass');
$changes['name'] = $INPUT->post->str('fullname');
$changes['mail'] = $INPUT->post->str('email');
// check misspelled passwords
if ($changes['pass'] != $INPUT->post->str('passchk')) {
msg($lang['regbadpass'], -1);
return false;
}
// clean fullname and email
$changes['name'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['name']));
$changes['mail'] = trim(preg_replace('/[\\x00-\\x1f:<>&%,;]+/', '', $changes['mail']));
// no empty name and email (except the backend doesn't support them)
if (empty($changes['name']) && $auth->canDo('modName') || empty($changes['mail']) && $auth->canDo('modMail')) {
msg($lang['profnoempty'], -1);
return false;
}
if (!mail_isvalid($changes['mail']) && $auth->canDo('modMail')) {
msg($lang['regbadmail'], -1);
return false;
}
$changes = array_filter($changes);
// check for unavailable capabilities
if (!$auth->canDo('modName')) {
unset($changes['name']);
}
if (!$auth->canDo('modMail')) {
unset($changes['mail']);
}
if (!$auth->canDo('modPass')) {
unset($changes['pass']);
}
// anything to do?
if (!count($changes)) {
msg($lang['profnochange'], -1);
return false;
}
if ($conf['profileconfirm']) {
if (!$auth->checkPass($_SERVER['REMOTE_USER'], $INPUT->post->str('oldpass'))) {
msg($lang['badlogin'], -1);
return false;
}
}
if ($result = $auth->triggerUserMod('modify', array($_SERVER['REMOTE_USER'], $changes))) {
// update cookie and session with the changed data
if ($changes['pass']) {
list(, $sticky, ) = auth_getCookie();
$pass = PMA_blowfish_encrypt($changes['pass'], auth_cookiesalt(!$sticky));
auth_setCookie($_SERVER['REMOTE_USER'], $pass, (bool) $sticky);
}
return true;
}
return false;
}
/**
* Encodes an email address header
*
* Unicode characters will be deaccented and encoded
* quoted_printable for headers.
* Addresses may not contain Non-ASCII data!
*
* Example:
* mail_encode_address("föö <*****@*****.**>, me@somewhere.com","TBcc");
*
* @param string $string Multiple adresses separated by commas
* @param string $header Name of the header (To,Bcc,Cc,...)
* @param boolean $names Allow named Recipients?
*/
function mail_encode_address($string, $header = '', $names = true)
{
$headers = '';
$parts = split(',', $string);
foreach ($parts as $part) {
$part = trim($part);
// parse address
if (preg_match('#(.*?)<(.*?)>#', $part, $matches)) {
$text = trim($matches[1]);
$addr = $matches[2];
} else {
$addr = $part;
}
// skip empty ones
if (empty($addr)) {
continue;
}
// FIXME: is there a way to encode the localpart of a emailaddress?
if (!utf8_isASCII($addr)) {
msg(htmlspecialchars("E-Mail address <{$addr}> is not ASCII"), -1);
continue;
}
if (!mail_isvalid($addr)) {
msg(htmlspecialchars("E-Mail address <{$addr}> is not valid"), -1);
continue;
}
// text was given
if (!empty($text) && $names) {
// add address quotes
$addr = "<{$addr}>";
if (defined('MAILHEADER_ASCIIONLY')) {
$text = utf8_deaccent($text);
$text = utf8_strip($text);
}
if (!utf8_isASCII($text)) {
$text = '=?UTF-8?Q?' . mail_quotedprintable_encode($text, 0) . '?=';
}
} else {
$text = '';
}
// add to header comma seperated and in new line to avoid too long headers
if ($headers != '') {
$headers .= ',' . MAILHEADER_EOL . ' ';
}
$headers .= $text . ' ' . $addr;
}
if (empty($headers)) {
return null;
}
//if headername was given add it and close correctly
if ($header) {
$headers = $header . ': ' . $headers . MAILHEADER_EOL;
}
return $headers;
}