/**
* API method
* Adds a group
* @param mixed[] $params
* @option string name
* @option bool is_default
*/
function ws_groups_add($params, &$service)
{
$params['name'] = pwg_db_real_escape_string($params['name']);
// is the name not already used ?
$query = '
SELECT COUNT(*)
FROM ' . GROUPS_TABLE . '
WHERE name = \'' . $params['name'] . '\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count != 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.');
}
// creating the group
single_insert(GROUPS_TABLE, array('name' => $params['name'], 'is_default' => boolean_to_string($params['is_default'])));
return $service->invoke('pwg.groups.getList', array('group_id' => pwg_db_insert_id()));
}
function PhpBB_Adduser($pwg_id, $login, $password, $adresse_mail)
{
global $conf;
$conf_Register_PhpBB = isset($conf['Register_PhpBB']) ? explode(";", $conf['Register_PhpBB']) : array();
$registred = time();
$registred_ip = $_SERVER['REMOTE_ADDR'];
// Check if UAM is installed and if bridge is set - Exception for admins and webmasters
if (function_exists('FindAvailableConfirmMailID') and isset($conf_Register_PhpBB[5]) and $conf_Register_PhpBB[5] == 'true') {
$default_user_group = '7';
} else {
$query = "\nSELECT group_id\nFROM " . PhpBB_GROUPS_TABLE . "\nWHERE group_name = 'REGISTERED'\n;";
$default_user_group = pwg_db_fetch_assoc(pwg_query($query));
}
$query = "\nUPDATE " . PhpBB_CONFIG_TABLE . "\nSET config_value = config_value+1\nWHERE config_name = 'num_users'\n;";
$result = pwg_query($query);
$query = "\nUPDATE " . PhpBB_CONFIG_TABLE . "\nSET config_value = '" . pwg_db_real_escape_string($login) . "'\nWHERE config_name = 'newest_username'\n;";
$result = pwg_query($query);
$query = "\nSELECT config_value\nFROM " . PhpBB_CONFIG_TABLE . "\nWHERE config_name = 'board_timezone'\n;";
$board_timezone = pwg_db_fetch_assoc(pwg_query($query));
$query = "\nSELECT config_value\nFROM " . PhpBB_CONFIG_TABLE . "\nWHERE config_name = 'default_dateformat'\n;";
$default_dateformat = pwg_db_fetch_assoc(pwg_query($query));
$query = "\nSELECT config_value\nFROM " . PhpBB_CONFIG_TABLE . "\nWHERE config_name = 'default_lang'\n;";
$default_lang = pwg_db_fetch_assoc(pwg_query($query));
$query = "\nSELECT config_value\nFROM " . PhpBB_CONFIG_TABLE . "\nWHERE config_name = 'default_style'\n;";
$default_style = pwg_db_fetch_assoc(pwg_query($query));
$query = "\nSELECT group_colour\nFROM " . PhpBB_GROUPS_TABLE . "\nWHERE group_id = '" . $default_user_group . "'\n;";
$default_colour = pwg_db_fetch_assoc(pwg_query($query));
$query = '
INSERT INTO ' . PhpBB_USERS_TABLE . " (\n username,\n username_clean,\n " . (isset($default_user_group['group_id']) ? 'group_id' : '') . ",\n\tuser_password,\n\tuser_email,\n\t" . (isset($board_timezone['config_value']) ? 'user_timezone' : '') . ",\n\t" . (isset($default_lang['config_value']) ? 'user_lang' : '') . ",\n\t" . (isset($default_dateformat['config_value']) ? 'user_dateformat' : '') . ",\n\t" . (isset($default_style['config_value']) ? 'user_style' : '') . ",\n\tuser_colour,\n\tuser_regdate,\n\tuser_ip,\n\tuser_lastvisit,\n\tuser_new\n\t)\nVALUES(\n\t'" . pwg_db_real_escape_string($login) . "',\n\t'" . strtolower(pwg_db_real_escape_string($login)) . "',\n\t" . (isset($default_user_group['group_id']) ? "'" . $default_user_group['group_id'] . "'" : '') . ",\n\t'" . $password . "',\n\t'" . $adresse_mail . "',\n\t" . (isset($board_timezone['config_value']) ? "'" . $board_timezone['config_value'] . "'" : '') . ",\n\t" . (isset($default_lang['config_value']) ? "'" . $default_lang['config_value'] . "'" : '') . ",\n\t" . (isset($default_dateformat['config_value']) ? "'" . $default_dateformat['config_value'] . "'" : '') . ",\n\t" . (isset($default_style['config_value']) ? "'" . $default_style['config_value'] . "'" : '') . ",\n\t'" . $default_colour['group_colour'] . "',\n\t'" . $registred . "',\n\t'" . $registred_ip . "',\n\t'" . $registred . "',\n\t'0'\n\t)\n;";
$result = pwg_query($query);
$bb_id = pwg_db_insert_id();
PhpBB_Linkuser($pwg_id, $bb_id);
$query = "\nSELECT user_id\nFROM " . PhpBB_USERS_TABLE . "\nWHERE username = '******'\n;";
$userid = pwg_db_fetch_assoc(pwg_query($query));
$query = "\nUPDATE " . PhpBB_CONFIG_TABLE . "\nSET config_value = '" . $userid . "'\nWHERE config_name = 'newest_user_id'\n;";
$result = pwg_query($query);
$query = '
INSERT INTO ' . PhpBB_USERGROUP_TABLE . " (\n " . (isset($default_user_group['group_id']) ? 'group_id' : '') . ",\n\tuser_id,\n\tgroup_leader,\n\tuser_pending\n\t)\nVALUES(\n\t" . (isset($default_user_group['group_id']) ? "'" . $default_user_group['group_id'] . "'" : '') . ",\n\t" . (isset($userid['user_id']) ? "'" . $userid['user_id'] . "'" : '') . ",\n\t'0',\n\t'0'\n\t)\n;";
$result = pwg_query($query);
$query = "\nUPDATE " . PhpBB_CONFIG_TABLE . "\nSET config_value = '" . $default_colour . "'\nWHERE config_name = 'newest_user_colour'\n;";
$result = pwg_query($query);
}
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_GUEST);
if (empty($_GET['q'])) {
redirect(make_index_url());
}
$search = array();
$search['q'] = $_GET['q'];
$query = '
SElECT id FROM ' . SEARCH_TABLE . '
WHERE rules = \'' . addslashes(serialize($search)) . '\'
;';
$search_id = array_from_query($query, 'id');
if (!empty($search_id)) {
$search_id = $search_id[0];
$query = '
UPDATE ' . SEARCH_TABLE . '
SET last_seen=NOW()
WHERE id=' . $search_id;
pwg_query($query);
} else {
$query = '
INSERT INTO ' . SEARCH_TABLE . '
(rules, last_seen)
VALUES
(\'' . addslashes(serialize($search)) . '\', NOW() )
;';
pwg_query($query);
$search_id = pwg_db_insert_id(SEARCH_TABLE);
}
redirect(make_index_url(array('section' => 'search', 'search' => $search_id)));
function insert_user_comment_guestbook(&$comm, $key)
{
global $conf, $user, $page;
$comm = array_merge($comm, array('ip' => $_SERVER['REMOTE_ADDR'], 'agent' => $_SERVER['HTTP_USER_AGENT']));
if (!$conf['guestbook']['comments_validation'] or is_admin()) {
$comment_action = 'validate';
} else {
$comment_action = 'moderate';
}
// author
if (!is_classic_user()) {
if (empty($comm['author'])) {
$page['errors'][] = l10n('Please enter your username');
$comment_action = 'reject';
} else {
$comm['author_id'] = $conf['guest_id'];
// if a guest try to use the name of an already existing user,
// he must be rejected
$query = '
SELECT COUNT(*) AS user_exists
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . " = '" . addslashes($comm['author']) . "'\n;";
$row = pwg_db_fetch_assoc(pwg_query($query));
if ($row['user_exists'] == 1) {
$page['errors'][] = l10n('This login is already used by another user');
$comment_action = 'reject';
}
}
} else {
$comm['author'] = addslashes($user['username']);
$comm['author_id'] = $user['id'];
}
// content
if (empty($comm['content'])) {
$comment_action = 'reject';
}
// key
if (!verify_ephemeral_key(@$key)) {
$comment_action = 'reject';
$_POST['cr'][] = 'key';
}
// email
if (empty($comm['email']) and is_classic_user() and !empty($user['email'])) {
$comm['email'] = $user['email'];
} else {
if (empty($comm['email']) and $conf['comments_email_mandatory']) {
$page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
$comment_action = 'reject';
} else {
if (!empty($comm['email']) and !email_check_format($comm['email'])) {
$page['errors'][] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
$comment_action = 'reject';
}
}
}
// website
if (!empty($comm['website'])) {
$comm['website'] = strip_tags($comm['website']);
if (!preg_match('/^(https?:\\/\\/)/i', $comm['website'])) {
$comm['website'] = 'http://' . $comm['website'];
}
if (!url_check_format($comm['website'])) {
$page['errors'][] = l10n('invalid website address');
$comment_action = 'reject';
}
}
// anonymous id = ip address
$ip_components = explode('.', $_SERVER["REMOTE_ADDR"]);
if (count($ip_components) > 3) {
array_pop($ip_components);
}
$comm['anonymous_id'] = implode('.', $ip_components);
// comment validation and anti-spam
if ($comment_action != 'reject' and $conf['anti-flood_time'] > 0 and !is_admin()) {
$reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
$query = '
SELECT COUNT(1) FROM ' . GUESTBOOK_TABLE . '
WHERE
date > ' . $reference_date . '
AND author_id = ' . $comm['author_id'];
if (!is_classic_user()) {
$query .= '
AND anonymous_id = "' . $comm['anonymous_id'] . '"';
}
$query .= '
;';
list($counter) = pwg_db_fetch_row(pwg_query($query));
if ($counter > 0) {
$page['errors'][] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
$comment_action = 'reject';
}
}
// perform more spam check
$comment_action = trigger_change('user_comment_check', $comment_action, $comm, 'guestbook');
if ($comment_action != 'reject') {
$query = '
INSERT INTO ' . GUESTBOOK_TABLE . '(
author,
author_id,
anonymous_id,
content,
date,
validated,
validation_date,
website,
rate,
email
)
VALUES (
\'' . $comm['author'] . '\',
' . $comm['author_id'] . ',
\'' . $comm['anonymous_id'] . '\',
\'' . $comm['content'] . '\',
NOW(),
\'' . ($comment_action == 'validate' ? 'true' : 'false') . '\',
' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . ',
' . (!empty($comm['website']) ? '\'' . $comm['website'] . '\'' : 'NULL') . ',
' . (!empty($comm['rate']) ? $comm['rate'] : 'NULL') . ',
' . (!empty($comm['email']) ? '\'' . $comm['email'] . '\'' : 'NULL') . '
)
';
pwg_query($query);
$comm['id'] = pwg_db_insert_id(GUESTBOOK_TABLE);
if ($conf['guestbook']['email_admin_on_comment'] and 'validate' == $comment_action or $conf['guestbook']['email_admin_on_comment_validation'] and 'moderate' == $comment_action) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$comment_url = add_url_params(GUESTBOOK_URL, array('comment_id' => $comm['id']));
$keyargs_content = array(get_l10n_args('Author: %s', stripslashes($comm['author'])), get_l10n_args('Comment: %s', stripslashes($comm['content'])), get_l10n_args('', ''), get_l10n_args('Manage this user comment: %s', $comment_url));
if ('moderate' == $comment_action) {
$keyargs_content[] = get_l10n_args('', '');
$keyargs_content[] = get_l10n_args('(!) This comment requires validation', '');
}
pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($comm['author'])), $keyargs_content);
}
}
return $comment_action;
}
/**
* Creates a new user.
*
* @param string $login
* @param string $password
* @param string $mail_adress
* @param bool $notify_admin
* @param array &$errors populated with error messages
* @param bool $notify_user
* @return int|false user id or false
*/
function register_user($login, $password, $mail_address, $notify_admin = true, &$errors = array(), $notify_user = false)
{
global $conf;
if ($login == '') {
$errors[] = l10n('Please, enter a login');
}
if (preg_match('/^.* $/', $login)) {
$errors[] = l10n('login mustn\'t end with a space character');
}
if (preg_match('/^ .*$/', $login)) {
$errors[] = l10n('login mustn\'t start with a space character');
}
if (get_userid($login)) {
$errors[] = l10n('this login is already used');
}
if ($login != strip_tags($login)) {
$errors[] = l10n('html tags are not allowed in login');
}
$mail_error = validate_mail_address(null, $mail_address);
if ('' != $mail_error) {
$errors[] = $mail_error;
}
if ($conf['insensitive_case_logon'] == true) {
$login_error = validate_login_case($login);
if ($login_error != '') {
$errors[] = $login_error;
}
}
$errors = trigger_change('register_user_check', $errors, array('username' => $login, 'password' => $password, 'email' => $mail_address));
// if no error until here, registration of the user
if (count($errors) == 0) {
$insert = array($conf['user_fields']['username'] => pwg_db_real_escape_string($login), $conf['user_fields']['password'] => $conf['password_hash']($password), $conf['user_fields']['email'] => $mail_address);
single_insert(USERS_TABLE, $insert);
$user_id = pwg_db_insert_id();
// Assign by default groups
$query = '
SELECT id
FROM ' . GROUPS_TABLE . '
WHERE is_default = \'' . boolean_to_string(true) . '\'
ORDER BY id ASC
;';
$result = pwg_query($query);
$inserts = array();
while ($row = pwg_db_fetch_assoc($result)) {
$inserts[] = array('user_id' => $user_id, 'group_id' => $row['id']);
}
if (count($inserts) != 0) {
mass_inserts(USER_GROUP_TABLE, array('user_id', 'group_id'), $inserts);
}
$override = array();
if ($language = get_browser_language()) {
$override['language'] = $language;
}
create_user_infos($user_id, $override);
if ($notify_admin and $conf['email_admin_on_new_user']) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$admin_url = get_absolute_root_url() . 'admin.php?page=user_list&username='******'User: %s', stripslashes($login)), get_l10n_args('Email: %s', $mail_address), get_l10n_args(''), get_l10n_args('Admin: %s', $admin_url));
pwg_mail_notification_admins(get_l10n_args('Registration of %s', stripslashes($login)), $keyargs_content);
}
if ($notify_user and email_check_format($mail_address)) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$keyargs_content = array(get_l10n_args('Hello %s,', stripslashes($login)), get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', stripslashes($login)), get_l10n_args('Password: %s', stripslashes($password)), get_l10n_args('Email: %s', $mail_address), get_l10n_args('', ''), get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()));
pwg_mail($mail_address, array('subject' => '[' . $conf['gallery_title'] . '] ' . l10n('Registration'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
}
trigger_notify('register_user', array('id' => $user_id, 'username' => $login, 'email' => $mail_address));
return $user_id;
} else {
return false;
}
}
function ws_pfemail_mailbox_save($params, &$service)
{
$mailbox = array();
if (isset($params['id']) and !empty($params['id'])) {
// we are edition mode
$query = '
SELECT *
FROM ' . PFEMAIL_MAILBOXES_TABLE . '
WHERE id = ' . $params['id'] . '
;';
$mailboxes = query2array($query, 'id');
if (!isset($mailboxes[$params['id']])) {
return new PwgError(404, 'id not found');
}
$mailbox = $mailboxes[$params['id']];
}
$mailbox['path'] = $params['path'];
$mailbox['login'] = $params['login'];
$mailbox['password'] = $params['password'];
$mailbox['category_id'] = $params['category_id'];
$mailbox['moderated'] = $params['moderated'] ? 'true' : 'false';
if (isset($mailbox['id'])) {
single_update(PFEMAIL_MAILBOXES_TABLE, $mailbox, array('id' => $params['id']));
} else {
single_insert(PFEMAIL_MAILBOXES_TABLE, $mailbox);
$mailbox['id'] = pwg_db_insert_id(PFEMAIL_MAILBOXES_TABLE);
}
return $mailbox;
}
/**
* Create a new tag.
*
* @param string $tag_name
* @return array ('id', info') or ('error')
*/
function create_tag($tag_name)
{
// does the tag already exists?
$query = '
SELECT id
FROM ' . TAGS_TABLE . '
WHERE name = \'' . $tag_name . '\'
;';
$existing_tags = query2array($query, null, 'id');
if (count($existing_tags) == 0) {
single_insert(TAGS_TABLE, array('name' => $tag_name, 'url_name' => trigger_change('render_tag_url', $tag_name)));
$inserted_id = pwg_db_insert_id(TAGS_TABLE);
return array('info' => l10n('Tag "%s" was added', stripslashes($tag_name)), 'id' => $inserted_id);
} else {
return array('error' => l10n('Tag "%s" already exists', stripslashes($tag_name)));
}
}
/**
* Creates an authentication key.
*
* @since 2.8
* @param int $user_id
* @return array
*/
function create_user_auth_key($user_id, $user_status = null)
{
global $conf;
if (0 == $conf['auth_key_duration']) {
return false;
}
if (!isset($user_status)) {
// we have to find the user status
$query = '
SELECT
status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $user_id . '
;';
$user_infos = query2array($query);
if (count($user_infos) == 0) {
return false;
}
$user_status = $user_infos[0]['status'];
}
if (!in_array($user_status, array('normal', 'generic'))) {
return false;
}
$candidate = generate_key(30);
$query = '
SELECT
COUNT(*),
NOW(),
ADDDATE(NOW(), INTERVAL ' . $conf['auth_key_duration'] . ' SECOND)
FROM ' . USER_AUTH_KEYS_TABLE . '
WHERE auth_key = \'' . $candidate . '\'
;';
list($counter, $now, $expiration) = pwg_db_fetch_row(pwg_query($query));
if (0 == $counter) {
$key = array('auth_key' => $candidate, 'user_id' => $user_id, 'created_on' => $now, 'duration' => $conf['auth_key_duration'], 'expired_on' => $expiration);
single_insert(USER_AUTH_KEYS_TABLE, $key);
$key['auth_key_id'] = pwg_db_insert_id();
return $key;
} else {
return create_user_auth_key($user_id, $user_status);
}
}
/**
* Tries to insert a user comment and returns action to perform.
*
* @param array &$comm
* @param string $key secret key sent back to the browser
* @param array &$infos output array of error messages
* @return string validate, moderate, reject
*/
function insert_user_comment(&$comm, $key, &$infos)
{
global $conf, $user;
$comm = array_merge($comm, array('ip' => $_SERVER['REMOTE_ADDR'], 'agent' => $_SERVER['HTTP_USER_AGENT']));
$infos = array();
if (!$conf['comments_validation'] or is_admin()) {
$comment_action = 'validate';
//one of validate, moderate, reject
} else {
$comment_action = 'moderate';
//one of validate, moderate, reject
}
// display author field if the user status is guest or generic
if (!is_classic_user()) {
if (empty($comm['author'])) {
if ($conf['comments_author_mandatory']) {
$infos[] = l10n('Username is mandatory');
$comment_action = 'reject';
}
$comm['author'] = 'guest';
}
$comm['author_id'] = $conf['guest_id'];
// if a guest try to use the name of an already existing user, he must be
// rejected
if ($comm['author'] != 'guest') {
$query = '
SELECT COUNT(*) AS user_exists
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . " = '" . addslashes($comm['author']) . "'";
$row = pwg_db_fetch_assoc(pwg_query($query));
if ($row['user_exists'] == 1) {
$infos[] = l10n('This login is already used by another user');
$comment_action = 'reject';
}
}
} else {
$comm['author'] = addslashes($user['username']);
$comm['author_id'] = $user['id'];
}
if (empty($comm['content'])) {
// empty comment content
$comment_action = 'reject';
}
if (!verify_ephemeral_key(@$key, $comm['image_id'])) {
$comment_action = 'reject';
$_POST['cr'][] = 'key';
// rvelices: I use this outside to see how spam robots work
}
// website
if (!empty($comm['website_url'])) {
if (!$conf['comments_enable_website']) {
// honeypot: if the field is disabled, it should be empty !
$comment_action = 'reject';
$_POST['cr'][] = 'website_url';
} else {
$comm['website_url'] = strip_tags($comm['website_url']);
if (!preg_match('/^https?/i', $comm['website_url'])) {
$comm['website_url'] = 'http://' . $comm['website_url'];
}
if (!url_check_format($comm['website_url'])) {
$infos[] = l10n('Your website URL is invalid');
$comment_action = 'reject';
}
}
}
// email
if (empty($comm['email'])) {
if (!empty($user['email'])) {
$comm['email'] = $user['email'];
} elseif ($conf['comments_email_mandatory']) {
$infos[] = l10n('Email address is missing. Please specify an email address.');
$comment_action = 'reject';
}
} elseif (!email_check_format($comm['email'])) {
$infos[] = l10n('mail address must be like xxx@yyy.eee (example : jack@altern.org)');
$comment_action = 'reject';
}
// anonymous id = ip address
$ip_components = explode('.', $comm['ip']);
if (count($ip_components) > 3) {
array_pop($ip_components);
}
$anonymous_id = implode('.', $ip_components);
if ($comment_action != 'reject' and $conf['anti-flood_time'] > 0 and !is_admin()) {
// anti-flood system
$reference_date = pwg_db_get_flood_period_expression($conf['anti-flood_time']);
$query = '
SELECT count(1) FROM ' . COMMENTS_TABLE . '
WHERE date > ' . $reference_date . '
AND author_id = ' . $comm['author_id'];
if (!is_classic_user()) {
$query .= '
AND anonymous_id LIKE "' . $anonymous_id . '.%"';
}
$query .= '
;';
list($counter) = pwg_db_fetch_row(pwg_query($query));
if ($counter > 0) {
$infos[] = l10n('Anti-flood system : please wait for a moment before trying to post another comment');
$comment_action = 'reject';
$_POST['cr'][] = 'flood_time';
}
}
// perform more spam check
$comment_action = trigger_change('user_comment_check', $comment_action, $comm);
if ($comment_action != 'reject') {
$query = '
INSERT INTO ' . COMMENTS_TABLE . '
(author, author_id, anonymous_id, content, date, validated, validation_date, image_id, website_url, email)
VALUES (
\'' . $comm['author'] . '\',
' . $comm['author_id'] . ',
\'' . $comm['ip'] . '\',
\'' . $comm['content'] . '\',
NOW(),
\'' . ($comment_action == 'validate' ? 'true' : 'false') . '\',
' . ($comment_action == 'validate' ? 'NOW()' : 'NULL') . ',
' . $comm['image_id'] . ',
' . (!empty($comm['website_url']) ? '\'' . $comm['website_url'] . '\'' : 'NULL') . ',
' . (!empty($comm['email']) ? '\'' . $comm['email'] . '\'' : 'NULL') . '
)
';
pwg_query($query);
$comm['id'] = pwg_db_insert_id(COMMENTS_TABLE);
invalidate_user_cache_nb_comments();
if ($conf['email_admin_on_comment'] && 'validate' == $comment_action or $conf['email_admin_on_comment_validation'] and 'moderate' == $comment_action) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$comment_url = get_absolute_root_url() . 'comments.php?comment_id=' . $comm['id'];
$keyargs_content = array(get_l10n_args('Author: %s', stripslashes($comm['author'])), get_l10n_args('Email: %s', stripslashes($comm['email'])), get_l10n_args('Comment: %s', stripslashes($comm['content'])), get_l10n_args(''), get_l10n_args('Manage this user comment: %s', $comment_url));
if ('moderate' == $comment_action) {
$keyargs_content[] = get_l10n_args('(!) This comment requires validation');
}
pwg_mail_notification_admins(get_l10n_args('Comment by %s', stripslashes($comm['author'])), $keyargs_content);
}
}
return $comment_action;
}
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null)
{
// 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg
//
// 2) keep/resize original
//
// 3) register in database
// TODO
// * check md5sum (already exists?)
global $conf, $user;
if (isset($original_md5sum)) {
$md5sum = $original_md5sum;
} else {
$md5sum = md5_file($source_filepath);
}
$file_path = null;
$is_tiff = false;
if (isset($image_id)) {
// this photo already exists, we update it
$query = '
SELECT
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$file_path = $row['path'];
}
if (!isset($file_path)) {
die('[' . __FUNCTION__ . '] this photo does not exist in the database');
}
// delete all physical files related to the photo (thumbnail, web site, HD)
delete_element_files(array($image_id));
} else {
// this photo is new
// current date
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4);
// upload directory hierarchy
$upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day);
// compute file path
$date_string = preg_replace('/[^\\d]/', '', $dbnow);
$random_string = substr($md5sum, 0, 8);
$filename_wo_ext = $date_string . '-' . $random_string;
$file_path = $upload_dir . '/' . $filename_wo_ext . '.';
list($width, $height, $type) = getimagesize($source_filepath);
if (IMAGETYPE_PNG == $type) {
$file_path .= 'png';
} elseif (IMAGETYPE_GIF == $type) {
$file_path .= 'gif';
} elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) {
$is_tiff = true;
$file_path .= 'tif';
} elseif (IMAGETYPE_JPEG == $type) {
$file_path .= 'jpg';
} elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) {
$original_extension = strtolower(get_extension($original_filename));
if (in_array($original_extension, $conf['file_ext'])) {
$file_path .= $original_extension;
} else {
die('unexpected file type');
}
} else {
die('forbidden file type');
}
prepare_directory($upload_dir);
}
if (is_uploaded_file($source_filepath)) {
move_uploaded_file($source_filepath, $file_path);
} else {
rename($source_filepath, $file_path);
}
@chmod($file_path, 0644);
if ($is_tiff and pwg_image::get_library() == 'ext_imagick') {
// move the uploaded file to pwg_representative sub-directory
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = $conf['tiff_representative_ext'];
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$exec = $conf['ext_imagick_dir'] . 'convert';
if ('jpg' == $conf['tiff_representative_ext']) {
$exec .= ' -quality 98';
}
$exec .= ' "' . realpath($file_path) . '"';
$dest = pathinfo($representative_file_path);
$exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"';
$exec .= ' 2>&1';
@exec($exec, $returnarray);
// sometimes ImageMagick creates file-0.jpg (full size) + file-1.jpg
// (thumbnail). I don't know how to avoid it.
$representative_file_abspath = realpath($dest['dirname']) . '/' . $dest['basename'];
if (!file_exists($representative_file_abspath)) {
$first_file_abspath = preg_replace('/\\.' . $representative_ext . '$/', '-0.' . $representative_ext, $representative_file_abspath);
if (file_exists($first_file_abspath)) {
rename($first_file_abspath, $representative_file_abspath);
}
}
}
//
// generate pwg_representative in case of video
//
$ffmpeg_video_exts = array('wmv', 'mov', 'mkv', 'mp4', 'mpg', 'flv', 'asf', 'xvid', 'divx', 'mpeg', 'avi', 'rm');
if (isset($original_extension) and in_array($original_extension, $ffmpeg_video_exts)) {
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = 'jpg';
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$second = 1;
$ffmpeg = $conf['ffmpeg_dir'] . 'ffmpeg';
$ffmpeg .= ' -i "' . $file_path . '"';
$ffmpeg .= ' -an -ss ' . $second;
$ffmpeg .= ' -t 1 -r 1 -y -vcodec mjpeg -f mjpeg';
$ffmpeg .= ' "' . $representative_file_path . '"';
// file_put_contents('/tmp/ffmpeg.log', "\n==== ".date('c')."\n".__FUNCTION__.' : '.$ffmpeg."\n", FILE_APPEND);
@exec($ffmpeg);
if (!file_exists($representative_file_path)) {
$representative_ext = null;
}
}
if (isset($original_extension) and 'pdf' == $original_extension and pwg_image::get_library() == 'ext_imagick') {
$representative_file_path = dirname($file_path) . '/pwg_representative/';
$representative_file_path .= get_filename_wo_extension(basename($file_path)) . '.';
$representative_ext = 'jpg';
$representative_file_path .= $representative_ext;
prepare_directory(dirname($representative_file_path));
$exec = $conf['ext_imagick_dir'] . 'convert';
$exec .= ' -quality 98';
$exec .= ' "' . realpath($file_path) . '"[0]';
$dest = pathinfo($representative_file_path);
$exec .= ' "' . realpath($dest['dirname']) . '/' . $dest['basename'] . '"';
$exec .= ' 2>&1';
@exec($exec, $returnarray);
}
if (pwg_image::get_library() != 'gd') {
if ($conf['original_resize']) {
$need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']);
if ($need_resize) {
$img = new pwg_image($file_path);
$img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false);
$img->destroy();
}
}
}
// we need to save the rotation angle in the database to compute
// width/height of "multisizes"
$rotation_angle = pwg_image::get_rotation_angle($file_path);
$rotation = pwg_image::get_rotation_code_from_angle($rotation_angle);
$file_infos = pwg_image_infos($file_path);
if (isset($image_id)) {
$update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$update['level'] = $level;
}
single_update(IMAGES_TABLE, $update, array('id' => $image_id));
} else {
// database registration
$file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path));
$insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$insert['level'] = $level;
}
if (isset($representative_ext)) {
$insert['representative_ext'] = $representative_ext;
}
single_insert(IMAGES_TABLE, $insert);
$image_id = pwg_db_insert_id(IMAGES_TABLE);
}
if (isset($categories) and count($categories) > 0) {
associate_images_to_categories(array($image_id), $categories);
}
// update metadata from the uploaded file (exif/iptc)
if ($conf['use_exif'] and !function_exists('read_exif_data')) {
$conf['use_exif'] = false;
}
sync_metadata(array($image_id));
invalidate_user_cache();
// cache thumbnail
$query = '
SELECT
id,
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$image_infos = pwg_db_fetch_assoc(pwg_query($query));
set_make_full_url();
// in case we are on uploadify.php, we have to replace the false path
$thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos));
unset_make_full_url();
fetchRemote($thumb_url, $dest);
return $image_id;
}
function add_uploaded_file($source_filepath, $original_filename = null, $categories = null, $level = null, $image_id = null, $original_md5sum = null)
{
// 1) move uploaded file to upload/2010/01/22/20100122003814-449ada00.jpg
//
// 2) keep/resize original
//
// 3) register in database
// TODO
// * check md5sum (already exists?)
global $conf, $user;
if (isset($original_md5sum)) {
$md5sum = $original_md5sum;
} else {
$md5sum = md5_file($source_filepath);
}
$file_path = null;
$is_tiff = false;
if (isset($image_id)) {
// this photo already exists, we update it
$query = '
SELECT
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$result = pwg_query($query);
while ($row = pwg_db_fetch_assoc($result)) {
$file_path = $row['path'];
}
if (!isset($file_path)) {
die('[' . __FUNCTION__ . '] this photo does not exist in the database');
}
// delete all physical files related to the photo (thumbnail, web site, HD)
delete_element_files(array($image_id));
} else {
// this photo is new
// current date
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
list($year, $month, $day) = preg_split('/[^\\d]/', $dbnow, 4);
// upload directory hierarchy
$upload_dir = sprintf(PHPWG_ROOT_PATH . $conf['upload_dir'] . '/%s/%s/%s', $year, $month, $day);
// compute file path
$date_string = preg_replace('/[^\\d]/', '', $dbnow);
$random_string = substr($md5sum, 0, 8);
$filename_wo_ext = $date_string . '-' . $random_string;
$file_path = $upload_dir . '/' . $filename_wo_ext . '.';
list($width, $height, $type) = getimagesize($source_filepath);
if (IMAGETYPE_PNG == $type) {
$file_path .= 'png';
} elseif (IMAGETYPE_GIF == $type) {
$file_path .= 'gif';
} elseif (IMAGETYPE_TIFF_MM == $type or IMAGETYPE_TIFF_II == $type) {
$is_tiff = true;
$file_path .= 'tif';
} elseif (IMAGETYPE_JPEG == $type) {
$file_path .= 'jpg';
} elseif (isset($conf['upload_form_all_types']) and $conf['upload_form_all_types']) {
$original_extension = strtolower(get_extension($original_filename));
if (in_array($original_extension, $conf['file_ext'])) {
$file_path .= $original_extension;
} else {
die('unexpected file type');
}
} else {
die('forbidden file type');
}
prepare_directory($upload_dir);
}
if (is_uploaded_file($source_filepath)) {
move_uploaded_file($source_filepath, $file_path);
} else {
rename($source_filepath, $file_path);
}
@chmod($file_path, 0644);
// handle the uploaded file type by potentially making a
// pwg_representative file.
$representative_ext = trigger_change('upload_file', null, $file_path);
global $logger;
$logger->info("Handling " . (string) $file_path . " got " . (string) $representative_ext);
// If it is set to either true (the file didn't need a
// representative generated) or false (the generation of the
// representative failed), set it to null because we have no
// representative file.
if (is_bool($representative_ext)) {
$representative_ext = null;
}
if (pwg_image::get_library() != 'gd') {
if ($conf['original_resize']) {
$need_resize = need_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight']);
if ($need_resize) {
$img = new pwg_image($file_path);
$img->pwg_resize($file_path, $conf['original_resize_maxwidth'], $conf['original_resize_maxheight'], $conf['original_resize_quality'], $conf['upload_form_automatic_rotation'], false);
$img->destroy();
}
}
}
// we need to save the rotation angle in the database to compute
// width/height of "multisizes"
$rotation_angle = pwg_image::get_rotation_angle($file_path);
$rotation = pwg_image::get_rotation_code_from_angle($rotation_angle);
$file_infos = pwg_image_infos($file_path);
if (isset($image_id)) {
$update = array('file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$update['level'] = $level;
}
single_update(IMAGES_TABLE, $update, array('id' => $image_id));
} else {
// database registration
$file = pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path));
$insert = array('file' => $file, 'name' => get_name_from_file($file), 'date_available' => $dbnow, 'path' => preg_replace('#^' . preg_quote(PHPWG_ROOT_PATH) . '#', '', $file_path), 'filesize' => $file_infos['filesize'], 'width' => $file_infos['width'], 'height' => $file_infos['height'], 'md5sum' => $md5sum, 'added_by' => $user['id'], 'rotation' => $rotation);
if (isset($level)) {
$insert['level'] = $level;
}
if (isset($representative_ext)) {
$insert['representative_ext'] = $representative_ext;
}
single_insert(IMAGES_TABLE, $insert);
$image_id = pwg_db_insert_id(IMAGES_TABLE);
}
if (isset($categories) and count($categories) > 0) {
associate_images_to_categories(array($image_id), $categories);
}
// update metadata from the uploaded file (exif/iptc)
if ($conf['use_exif'] and !function_exists('read_exif_data')) {
$conf['use_exif'] = false;
}
sync_metadata(array($image_id));
invalidate_user_cache();
// cache thumbnail
$query = '
SELECT
id,
path
FROM ' . IMAGES_TABLE . '
WHERE id = ' . $image_id . '
;';
$image_infos = pwg_db_fetch_assoc(pwg_query($query));
set_make_full_url();
// in case we are on uploadify.php, we have to replace the false path
$thumb_url = preg_replace('#admin/include/i#', 'i', DerivativeImage::thumb_url($image_infos));
unset_make_full_url();
fetchRemote($thumb_url, $dest);
return $image_id;
}
/**
* Add new registered user in fluxBB users table from audit/synch action
* Standard FluxBB_Adduser() function is not used because of existing password mismatch
* To solve password synch problem, passwords are reset to NULL to force users to get a new password on their profile page
*/
function Synch_FluxBB_Adduser($pwg_id, $login, $adresse_mail)
{
global $errors, $conf;
$conf_Register_FluxBB = unserialize($conf['Register_FluxBB']);
$registred = time();
$registred_ip = $_SERVER['REMOTE_ADDR'];
$password = NULL;
// Set default FluxBB group - Check if UAM is installed and if bridge is set
if (function_exists('FindAvailableConfirmMailID') and isset($conf_Register_FluxBB['FLUXBB_UAM_LINK']) and $conf_Register_FluxBB['FLUXBB_UAM_LINK'] == 'true') {
$o_default_user_group1 = $conf_Register_FluxBB['FLUXBB_GROUP'];
} else {
$query = '
SELECT conf_value
FROM ' . FluxBB_CONFIG_TABLE . '
WHERE conf_name = "o_default_user_group"
;';
$o_default_user_group = pwg_db_fetch_assoc(pwg_query($query));
}
// Check for timezone settings in FluxBB version 1.4.x or higher
$query1 = '
SELECT conf_value
FROM ' . FluxBB_CONFIG_TABLE . '
WHERE conf_name = "o_default_timezone"
;';
$count1 = pwg_db_num_rows(pwg_query($query1));
// Check for timezone settings in FluxBB version 1.2.x
$query2 = '
SELECT conf_value
FROM ' . FluxBB_CONFIG_TABLE . '
WHERE conf_name = "o_server_timezone"
;';
$count2 = pwg_db_num_rows(pwg_query($query2));
// Set timezone var according of FluxBB version
if ($count1 == 1 and $count2 == 0) {
$o_default_timezone = pwg_db_fetch_assoc(pwg_query($query1));
} else {
if ($count1 == 0 and $count2 == 1) {
$o_default_timezone = pwg_db_fetch_assoc(pwg_query($query2));
}
}
// Get FluxBB default language
$query = '
SELECT conf_value
FROM ' . FluxBB_CONFIG_TABLE . '
WHERE conf_name = "o_default_lang"
;';
$o_default_lang = pwg_db_fetch_assoc(pwg_query($query));
// Get FluxBB default style
$query = '
SELECT conf_value
FROM ' . FluxBB_CONFIG_TABLE . '
WHERE conf_name = "o_default_style"
;';
$o_default_style = pwg_db_fetch_assoc(pwg_query($query));
// Add user - Check if UAM is installed and if bridge is set
if (function_exists('FindAvailableConfirmMailID') and isset($conf_Register_FluxBB['FLUXBB_UAM_LINK']) and $conf_Register_FluxBB['FLUXBB_UAM_LINK'] == 'true') {
$query = "\nINSERT INTO " . FluxBB_USERS_TABLE . " (\n username,\n " . (isset($o_default_user_group1) ? 'group_id' : '') . ",\n password,\n email,\n " . (isset($o_default_timezone['conf_value']) ? 'timezone' : '') . ",\n " . (isset($o_default_lang['conf_value']) ? 'language' : '') . ",\n " . (isset($o_default_style['conf_value']) ? 'style' : '') . ",\n registered,\n registration_ip,\n last_visit\n )\nVALUES(\n '" . pwg_db_real_escape_string($login) . "',\n " . (isset($o_default_user_group1) ? "'" . $o_default_user_group1 . "'" : '') . ",\n '" . $password . "', \n\t'" . $adresse_mail . "',\n " . (isset($o_default_timezone['conf_value']) ? "'" . $o_default_timezone['conf_value'] . "'" : '') . ",\n " . (isset($o_default_lang['conf_value']) ? "'" . $o_default_lang['conf_value'] . "'" : '') . ",\n " . (isset($o_default_style['conf_value']) ? "'" . $o_default_style['conf_value'] . "'" : '') . ",\n '" . $registred . "',\n '" . $registred_ip . "',\n '" . $registred . "'\n );";
pwg_query($query);
} else {
$query = "\nINSERT INTO " . FluxBB_USERS_TABLE . " (\n username,\n " . (isset($o_default_user_group['conf_value']) ? 'group_id' : '') . ",\n password,\n email,\n " . (isset($o_default_timezone['conf_value']) ? 'timezone' : '') . ",\n " . (isset($o_default_lang['conf_value']) ? 'language' : '') . ",\n " . (isset($o_default_style['conf_value']) ? 'style' : '') . ",\n registered,\n registration_ip,\n last_visit\n )\nVALUES(\n '" . pwg_db_real_escape_string($login) . "',\n " . (isset($o_default_user_group['conf_value']) ? "'" . $o_default_user_group['conf_value'] . "'" : '') . ",\n '" . $password . "', \n\t'" . $adresse_mail . "',\n " . (isset($o_default_timezone['conf_value']) ? "'" . $o_default_timezone['conf_value'] . "'" : '') . ",\n " . (isset($o_default_lang['conf_value']) ? "'" . $o_default_lang['conf_value'] . "'" : '') . ",\n " . (isset($o_default_style['conf_value']) ? "'" . $o_default_style['conf_value'] . "'" : '') . ",\n '" . $registred . "',\n '" . $registred_ip . "',\n '" . $registred . "'\n )\n;";
pwg_query($query);
}
$bb_id = pwg_db_insert_id();
FluxBB_Linkuser($pwg_id, $bb_id, "NOK");
}
