function usersearch($lang)
{
$with_name = true;
$with_website = true;
$action = 'init';
if (isset($_POST['usersearch_search']) or isset($_GET['q'])) {
$action = 'search';
}
$pagesize = 20;
$page = 1;
$what = false;
switch ($action) {
case 'search':
if (isset($_POST['usersearch_what'])) {
$what = readarg($_POST['usersearch_what']);
} else {
if (isset($_GET['q'])) {
$what = readarg($_GET['q']);
if (isset($_GET['p'])) {
$page = readarg($_GET['p']);
if (!is_numeric($page)) {
$page = 1;
}
}
}
}
break;
default:
break;
}
$count = 0;
$result = false;
switch ($action) {
case 'search':
$r = user_search($what, $pagesize, $page);
if (!$r) {
break;
}
list($count, $result) = $r;
$edit_url = url('adminuser', $lang);
foreach ($result as &$r) {
$r['edit'] = $edit_url . '/' . $r['user_id'];
}
break;
default:
break;
}
$output = view('usersearch', $lang, compact('what', 'page', 'pagesize', 'count', 'result', 'with_name', 'with_website'));
return $output;
}
function remindme($lang)
{
$with_name = true;
$with_captcha = true;
$action = 'init';
if (isset($_POST['remindme_send'])) {
$action = 'remindme';
}
$login = $confirmed = $code = $token = false;
if (!empty($_SESSION['login'])) {
$login = $_SESSION['login'];
} else {
if (!empty($_SESSION['user']['name'])) {
$login = $_SESSION['user']['name'];
} else {
if (!empty($_SESSION['user']['mail'])) {
$login = $_SESSION['user']['mail'];
}
}
}
switch ($action) {
case 'remindme':
if (isset($_POST['remindme_login'])) {
$login = strtolower(strflat(readarg($_POST['remindme_login'])));
}
if (isset($_POST['remindme_confirmed'])) {
$confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['remindme_code'])) {
$code = readarg($_POST['remindme_code']);
}
if (isset($_POST['remindme_token'])) {
$token = readarg($_POST['remindme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_confirmation = false;
$email_sent = false;
$user_page = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'remindme':
if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$login) {
$missing_login = true;
} else {
if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
$bad_login = true;
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'remindme':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
break;
}
require_once 'models/user.inc';
$user_id = user_find($login);
if (!$user_id) {
$bad_login = true;
require_once 'log.php';
write_log('password.err', substr($login, 0, 40));
break;
}
$user = user_get($user_id);
if (!$user) {
$internal_error = true;
break;
}
if (!$user['user_active'] or $user['user_banned']) {
$bad_login = true;
break;
}
require_once 'newpassword.php';
$newpassword = newpassword();
if (!user_set_newpassword($user_id, $newpassword)) {
$internal_error = true;
break;
}
require_once 'emailcrypto.php';
global $sitename, $webmaster;
$to = $user['user_mail'];
$subject = translate('email:new_password_subject', $lang);
$msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
$internal_error = true;
} else {
$email_sent = $to;
}
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
} else {
if ($email_sent) {
$user_page = url('user', $lang);
}
}
$_SESSION['remindme_token'] = $token = token_id();
$errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_sent', 'user_page');
$output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
return $output;
}
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore)
{
$user_id = user_profile('id');
$moderator = user_has_role('moderator');
// $user_id == $node_user_id || user_has_role('moderator')
$now = time();
$message_maxlen = 1000;
$with_captcha = false;
$action = 'init';
if ($user_id) {
if (isset($_POST['comment_comment'])) {
$action = 'comment';
} else {
if (isset($_POST['comment_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['comment_validate'])) {
$action = 'validate';
} else {
if (isset($_POST['comment_moderate'])) {
$action = 'moderate';
} else {
if (isset($_POST['comment_modify'])) {
$action = 'modify';
} else {
if (isset($_POST['comment_delete'])) {
$action = 'delete';
}
}
}
}
}
}
}
$id = $message = $token = false;
switch ($action) {
case 'validate':
if (isset($_POST['comment_code'])) {
$code = readarg($_POST['comment_code']);
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
case 'moderate':
if (isset($_POST['comment_moderate'])) {
$id = readarg($_POST['comment_moderate']);
}
break;
case 'modify':
case 'delete':
if (isset($_POST['comment_id'])) {
$id = readarg($_POST['comment_id']);
}
if (isset($_POST['comment_message'])) {
$message = readarg($_POST['comment_message'], true, false);
// trim but DON'T strip!
}
if (isset($_POST['comment_token'])) {
$token = readarg($_POST['comment_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_id = false;
$bad_id = false;
$missing_message = false;
$message_too_long = false;
switch ($action) {
case 'validate':
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
/* fall thru */
/* fall thru */
case 'comment':
case 'edit':
case 'modify':
case 'delete':
if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) {
$bad_token = true;
}
break;
default:
break;
}
switch ($action) {
case 'moderate':
case 'modify':
case 'delete':
if ($bad_token) {
break;
}
if (!$id) {
$missing_id = true;
break;
}
if (!is_numeric($id)) {
$id = false;
$bad_id = true;
break;
}
if (!$moderator) {
$r = node_get_comment($node_id, $id, $lang);
if (!$r) {
$id = false;
$bad_id = true;
break;
}
extract($r);
/* comment_user_id, comment_created */
if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) {
$id = false;
$bad_id = true;
break;
}
}
break;
default:
break;
}
switch ($action) {
case 'comment':
case 'validate':
case 'edit':
case 'modify':
if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) {
break;
}
if (!$message) {
$missing_message = true;
} else {
if (strlen(utf8_decode($message)) > $message_maxlen) {
$message_too_long = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'validate':
if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) {
break;
}
$ip_address = client_ip_address();
$r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'comment' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url;
@emailme($subject, $msg);
$message = false;
break;
case 'modify':
if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) {
break;
}
$r = node_set_comment($node_id, $id, $message, $lang);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
case 'delete':
if ($bad_token or $missing_id or $bad_id) {
break;
}
$r = node_delete_comment($node_id, $id);
if (!$r) {
$internal_error = true;
break;
}
$id = $message = false;
break;
default:
break;
}
$newcomment = $user_page = false;
if (!$id and !$nomore) {
if ($user_id) {
$newcomment = true;
} else {
$user_page = url('user', $lang);
}
}
$comments = node_get_all_comments($node_id, $lang);
$moderated = false;
if ($comments) {
if ($moderator) {
$moderated = true;
} else {
$moderated = array();
foreach ($comments as $c) {
if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) {
$moderated[] = $c['comment_id'];
}
}
}
}
$_SESSION['comment_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long');
$output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors'));
return $output;
}
function newsletterpage($lang, $newsletter, $page)
{
global $with_toolbar;
$newsletter_id = thread_id($newsletter);
if (!$newsletter_id) {
return run('error/notfound', $lang);
}
$page_id = thread_node_id($newsletter_id, $page, $lang);
if (!$page_id) {
return run('error/notfound', $lang);
}
$r = thread_get($lang, $newsletter_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */
$newsletter_name = $thread_name;
$newsletter_title = $thread_title;
$newsletter_nocloud = $thread_nocloud;
$newsletter_nosearch = $thread_nosearch;
$r = thread_get_node($lang, $newsletter_id, $page_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */
if ($node_ignored) {
return run('error/notfound', $lang);
}
$page_name = $node_name;
$page_title = $node_title;
$page_abstract = $node_abstract;
$page_cloud = $node_cloud;
$page_modified = $node_modified;
if ($newsletter_title and $page_title) {
head('title', $newsletter_title . ' - ' . $page_title);
} else {
if ($page_title) {
head('title', $page_title);
} else {
if ($newsletter_title) {
head('title', $newsletter_title);
}
}
}
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$message_title = $message_html = $message_text = false;
$r = newsletter_get_message($newsletter_id, $page_id, $lang);
if ($r) {
list($message_title, $message_html, $message_text) = $r;
}
$postnews = false;
$with_mail = false;
$mailto = false;
$missing_mail = false;
$bad_mail = false;
$email_sent = false;
if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) {
require_once 'userprofile.php';
$mailto = user_profile('mail');
$with_mail = true;
if (isset($_POST['newsletterpage_send'])) {
if (isset($_POST['newsletterpage_mailto'])) {
$mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto'])));
if (!$mailto) {
$missing_mail = true;
} else {
if (!validate_mail($mailto)) {
$bad_mail = true;
}
}
}
if (!($missing_mail or $bad_mail)) {
require_once 'emailhtml.php';
$cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css';
$css = @file_get_contents($cssfile);
$r = emailhtml($message_text, $message_html, $css, $mailto, $message_title);
if ($r) {
$email_sent = true;
}
}
}
$postnews = build('postnews', $lang, $newsletter_id, $page_id);
}
$prev_page_label = $prev_page_url = false;
$r = thread_node_prev($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* prev_node_id prev_node_name prev_node_title prev_node_number */
$prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number;
$prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id);
}
$next_page_label = $next_page_url = false;
$r = thread_node_next($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* next_node_id next_node_name next_node_title next_node_number */
$next_page_label = $next_node_title ? $next_node_title : $next_node_number;
$next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id);
}
$content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent'));
$search = false;
if (!$newsletter_nosearch) {
$search_text = '';
$search_url = url('search', $lang, $newsletter_name);
$suggest_url = url('suggest', $lang, $newsletter_name);
$search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
}
$cloud = false;
if (!$newsletter_nocloud) {
$cloud_url = url('search', $lang, $newsletter_name);
$byname = $bycount = $index = true;
$cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index'));
}
$headline_text = $newsletter_title ? $newsletter_title : $newsletter_id;
$headline_url = url('newsletter', $lang);
$headline = compact('headline_text', 'headline_url');
$title = view('headline', false, $headline);
$sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
$search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false;
$edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false;
$validate = url('newsletter', $lang) . '/' . $page_name;
$banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search'));
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false;
$output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar'));
return $output;
}
function donateme($lang)
{
global $supported_currencies;
$action = 'init';
if (isset($_POST['donateme_donate'])) {
$action = 'donate';
}
$amount = $currency = $token = false;
switch ($action) {
case 'donate':
if (isset($_POST['donateme_amount'])) {
$amount = readarg($_POST['donateme_amount']);
}
if (isset($_POST['donateme_currency'])) {
$currency = readarg($_POST['donateme_currency']);
}
if (isset($_POST['donateme_token'])) {
$token = readarg($_POST['donateme_token']);
}
break;
default:
break;
}
$missing_amount = false;
$bad_amount = false;
$missing_currency = false;
$bad_currency = false;
$bad_token = false;
switch ($action) {
case 'donate':
if (!isset($_SESSION['donateme_token']) or $token != $_SESSION['donateme_token']) {
$bad_token = true;
break;
}
if (!$amount) {
$missing_amount = true;
} else {
if (!(is_numeric($amount) and $amount >= 1)) {
$bad_amount = true;
}
}
if (!$currency) {
$missing_currency = true;
} else {
if (!validate_currency($currency)) {
$bad_currency = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'donate':
if ($bad_token or $missing_amount or $bad_amount or $missing_currency or $bad_currency) {
break;
}
unset($_SESSION['donateme_token']);
require_once 'actions/paypalcheckout.php';
paypalcheckout($lang, $amount, $currency);
break;
default:
break;
}
$_SESSION['donateme_token'] = $token = token_id();
$errors = compact('missing_amount', 'bad_amount', 'missing_currency', 'bad_currency');
$output = view('donateme', $lang, compact('token', 'supported_currencies', 'amount', 'currency', 'errors'));
return $output;
}
function search($lang, $arglist = false)
{
global $search_all, $search_pertinence, $rss_thread;
$cloud = false;
if (is_array($arglist)) {
if (isset($arglist[0])) {
$cloud = $arglist[0];
}
}
$cloud_id = $cloud_name = false;
$thread_nocloud = $thread_nosearch = false;
if ($cloud) {
$cloud_id = cloud_id($cloud);
if (!$cloud_id) {
return run('error/notfound', $lang);
}
if ($cloud_id == $rss_thread) {
if (!user_has_role('administrator')) {
return run('error/unauthorized', $lang);
}
}
$r = cloud_get($lang, $cloud_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* cloud_name cloud_title cloud_action */
$r = thread_get($lang, $cloud_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* thread_type thread_nocloud thread_nosearch */
if ($thread_type == 'thread' or $thread_nosearch and $thread_nocloud) {
return run('error/notfound', $lang);
}
} else {
if ($search_all === false) {
return run('error/notfound', $lang);
}
if ($search_all !== true) {
$thread_nosearch = true;
}
}
$action = 'none';
if (isset($_POST['search'])) {
$action = 'search';
}
$searchtext = $taglist = false;
$rsearch = false;
switch ($action) {
case 'none':
if (!empty($arglist['q'])) {
$searchtext = $arglist['q'];
$taglist = explode(' ', $searchtext);
}
break;
case 'search':
if (isset($_POST['searchtext'])) {
$searchtext = readarg($_POST['searchtext'], true, false);
// trim but DON'T strip!
if ($searchtext) {
global $search_distance, $search_closest;
$taglist = cloud_match($lang, $cloud_id, $searchtext, $search_distance, $search_closest);
}
}
break;
default:
break;
}
if ($taglist) {
$rsearch = cloud_search($lang, $cloud_id, $taglist, $search_pertinence);
}
$search_title = translate('search:title', $lang);
$search_url = false;
$search = $cloud = $title = false;
if ($rsearch) {
if (!$thread_nosearch) {
$search_url = url('search', $lang, $cloud_name);
}
if (!$thread_nocloud) {
$cloud_url = url('search', $lang, $cloud_name);
$byname = $bycount = $index = true;
$cloud = build('cloud', $lang, $cloud_url, $cloud_id, false, 30, compact('byname', 'bycount', 'index'));
}
$headline_text = $search_title;
$headline_url = false;
$headline = compact('headline_text', 'headline_url');
$title = view('headline', false, $headline);
$content = build('searchlist', $lang, $rsearch, $taglist);
} else {
$headline_text = $cloud_id ? $cloud_title : $search_title;
$headline_url = false;
if (!$thread_nosearch) {
$search_url = url('search', $lang, $cloud_name);
}
$cloud_url = url('search', $lang, $cloud_name);
$headline = compact('headline_text', 'headline_url');
$title = view('headline', false, $headline);
$byname = true;
$bycount = $index = false;
$content = build('cloud', $lang, $cloud_url, $cloud_id, false, false, compact('byname', 'bycount', 'index'));
}
if ($search_url) {
$search_text = $searchtext;
$suggest_url = url('suggest', $lang, $cloud_name);
$search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
}
$sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
if ($search) {
$search = compact('search_url', 'search_text', 'suggest_url');
}
$banner = build('banner', $lang, compact('headline', 'search'));
head('title', $cloud_id ? $cloud_title : $search_title);
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$output = layout('standard', compact('banner', 'content', 'sidebar'));
return $output;
}
function subscribe($lang)
{
global $sitekey, $system_languages;
$with_locale = count($system_languages) > 1;
// true, false
$with_captcha = true;
$action = 'init';
if (isset($_POST['subscribe_send'])) {
$action = 'subscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$user_locale = user_profile('locale');
if (!$user_locale) {
$user_locale = $lang;
}
$unsubscribe_page = false;
switch ($action) {
case 'init':
if ($sitekey) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
}
break;
case 'subscribe':
if (isset($_POST['subscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
}
if ($with_locale) {
if (isset($_POST['subscribe_locale'])) {
$user_locale = readarg($_POST['subscribe_locale']);
}
}
if (isset($_POST['subscribe_confirmed'])) {
$confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['subscribe_code'])) {
$code = readarg($_POST['subscribe_code']);
}
if (isset($_POST['subscribe_token'])) {
$token = readarg($_POST['subscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$missing_locale = false;
$bad_locale = false;
$missing_confirmation = false;
$email_registered = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'subscribe':
if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (newsletter_get_user($user_mail)) {
$duplicated_mail = true;
}
}
}
if ($with_locale) {
if (!$user_locale) {
$missing_locale = true;
} else {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'subscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
break;
}
$r = newsletter_create_user($user_mail, $user_locale);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'subscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
@emailme($subject, $msg);
$email_registered = true;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['subscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_registered');
$output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
return $output;
}
function login($lang)
{
$with_name = true;
$with_captcha = true;
$with_facebook = false;
$with_newuser = true;
$with_newpassword = true;
if ($with_facebook) {
require_once 'facebook.php';
$facebook = facebook();
}
$login = $password = $code = $token = false;
if (isset($_SESSION['login'])) {
$login = $_SESSION['login'];
}
$action = 'init';
if (isset($_POST['login_enter'])) {
$action = 'enter';
}
switch ($action) {
case 'init':
if ($with_facebook) {
$facebook_user = $facebook->getUser();
if ($facebook_user) {
try {
$facebook_user_profile = $facebook->api('/me', 'GET');
if (!empty($facebook_user_profile['email'])) {
$login = $facebook_user_profile['email'];
}
$action = 'facebook';
} catch (FacebookApiException $e) {
}
$facebook->destroySession();
}
}
break;
case 'enter':
if (isset($_POST['login_login'])) {
$login = strtolower(strflat(readarg($_POST['login_login'])));
}
if (isset($_POST['login_password'])) {
$password = readarg($_POST['login_password']);
}
if (isset($_POST['login_code'])) {
$code = readarg($_POST['login_code']);
}
if (isset($_POST['login_token'])) {
$token = readarg($_POST['login_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_password = false;
$access_denied = false;
switch ($action) {
case 'enter':
if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
$bad_token = true;
break;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$password) {
$missing_password = true;
}
/* fall thru */
/* fall thru */
case 'facebook':
if (!$login) {
$missing_login = true;
} else {
if (!(validate_user_name($login) or validate_mail($login))) {
$bad_login = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'enter':
case 'facebook':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
break;
}
require_once 'models/user.inc';
$user = user_login($login, $password);
if (!$user) {
$access_denied = true;
require_once 'log.php';
write_log('enter.err', substr($login, 0, 100));
$_SESSION['login'] = $login;
break;
}
$user['ip'] = client_ip_address();
if (in_array('administrator', $user['role'])) {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'login' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
@emailme($subject, $msg);
if ($action == 'facebook') {
$access_denied = true;
break;
}
}
session_regenerate();
$_SESSION['user'] = $user;
unset($_SESSION['login']);
unset($_SESSION['login_token']);
return true;
default:
break;
}
$connectbar = false;
if ($with_facebook) {
$scope = 'email';
$facebook_login_url = $facebook->getLoginUrl(compact('scope'));
$connectbar = view('connect', $lang, compact('facebook_login_url'));
}
$password_page = $with_newpassword ? url('password', $lang) : false;
$newuser_page = $with_newuser ? url('newuser', $lang) : false;
$_SESSION['login_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
$output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
return $output;
}
function threadeditsummary($lang, $clang, $thread)
{
global $supported_threads, $with_toolbar;
if (!user_has_role('writer')) {
return run('error/unauthorized', $lang);
}
$confirmed = false;
$thread_id = thread_id($thread);
if (!$thread_id) {
return run('error/notfound', $lang);
}
$action = 'init';
if (isset($_POST['thread_edit'])) {
$action = 'edit';
} else {
if (isset($_POST['thread_reorder'])) {
$action = 'reorder';
} else {
if (isset($_POST['node_create'])) {
$action = 'create';
} else {
if (isset($_POST['node_copy'])) {
$action = 'copy';
} else {
if (isset($_POST['node_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['node_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['node_hide'])) {
$action = 'hide';
} else {
if (isset($_POST['node_show'])) {
$action = 'show';
}
}
}
}
}
}
}
}
$thread_type = $thread_name = $thread_title = $thread_abstract = $thread_cloud = $thread_image = false;
$thread_search = $thread_tag = false;
$thread_comment = $thread_morecomment = $thread_vote = $thread_morevote = false;
$thread_ilike = $thread_tweet = $thread_plusone = $thread_linkedin = $thread_pinit = false;
$thread_visits = false;
$thread_nosearch = $thread_nocloud = $thread_nocomment = $thread_nomorecomment = $thread_novote = $thread_nomorevote = true;
$new_node_name = $new_node_title = $new_node_number = false;
$old_node_number = false;
$p = false;
switch ($action) {
case 'init':
case 'reset':
$r = thread_get($clang, $thread_id, false);
if ($r) {
extract($r);
/* thread_type thread_name thread_title thread_abstract thread_cloud thread_image thread_visits thread_nosearch thread_nocloud thread_nocomment thread_nomorecomment thread_novote thread_nomorevote */
}
$thread_search = !$thread_nosearch;
$thread_tag = !$thread_nocloud;
$thread_comment = !$thread_nocomment;
$thread_morecomment = !$thread_nomorecomment;
$thread_vote = !$thread_novote;
$thread_morevote = !$thread_nomorevote;
break;
case 'edit':
case 'create':
case 'copy':
case 'delete':
case 'hide':
case 'show':
case 'reorder':
if (isset($_POST['thread_type'])) {
$thread_type = readarg($_POST['thread_type']);
}
if (isset($_POST['thread_title'])) {
$thread_title = readarg($_POST['thread_title']);
}
if (isset($_POST['thread_name'])) {
$thread_name = strtofname(readarg($_POST['thread_name']));
}
if (!$thread_name and $thread_title) {
$thread_name = strtofname($thread_title);
}
if (isset($_POST['thread_abstract'])) {
$thread_abstract = readarg($_POST['thread_abstract']);
}
if (isset($_POST['thread_image'])) {
$thread_image = readarg($_POST['thread_image']);
}
if (isset($_POST['thread_cloud'])) {
$thread_cloud = readarg($_POST['thread_cloud'], true, false);
// trim but DON'T strip!
preg_match_all('/(\\S+)/', $thread_cloud, $r);
$thread_cloud = implode(' ', array_unique($r[0]));
}
if (isset($_POST['thread_search'])) {
$thread_search = readarg($_POST['thread_search']) == 'on' ? true : false;
$thread_nosearch = !$thread_search;
}
if (isset($_POST['thread_tag'])) {
$thread_tag = readarg($_POST['thread_tag']) == 'on' ? true : false;
$thread_nocloud = !$thread_tag;
}
if (isset($_POST['thread_visits'])) {
$thread_visits = readarg($_POST['thread_visits']) == 'on' ? true : false;
}
if (isset($_POST['thread_comment'])) {
$thread_comment = readarg($_POST['thread_comment']) == 'on' ? true : false;
$thread_nocomment = !$thread_comment;
}
if (isset($_POST['thread_morecomment'])) {
$thread_morecomment = readarg($_POST['thread_morecomment']) == 'on' ? true : false;
$thread_nomorecomment = !$thread_morecomment;
}
if (isset($_POST['thread_vote'])) {
$thread_vote = readarg($_POST['thread_vote']) == 'on' ? true : false;
$thread_novote = !$thread_vote;
}
if (isset($_POST['thread_morevote'])) {
$thread_morevote = readarg($_POST['thread_morevote']) == 'on' ? true : false;
$thread_nomorevote = !$thread_morevote;
}
if (isset($_POST['thread_ilike'])) {
$thread_ilike = readarg($_POST['thread_ilike'] == 'on' ? true : false);
}
if (isset($_POST['thread_tweet'])) {
$thread_tweet = readarg($_POST['thread_tweet'] == 'on' ? true : false);
}
if (isset($_POST['thread_plusone'])) {
$thread_plusone = readarg($_POST['thread_plusone'] == 'on' ? true : false);
}
if (isset($_POST['thread_linkedin'])) {
$thread_linkedin = readarg($_POST['thread_linkedin'] == 'on' ? true : false);
}
if (isset($_POST['thread_pinit'])) {
$thread_pinit = readarg($_POST['thread_pinit'] == 'on' ? true : false);
}
if (isset($_POST['new_node_title'])) {
$new_node_title = readarg($_POST['new_node_title']);
$new_node_name = strtofname($new_node_title);
}
if (isset($_POST['new_node_number'])) {
$new_node_number = readarg($_POST['new_node_number']);
}
if (isset($_POST['old_node_number'])) {
$old_node_number = readarg($_POST['old_node_number']);
}
if (isset($_POST['p'])) {
$p = $_POST['p'];
// DON'T readarg!
}
break;
default:
break;
}
$thread_contents = array();
$r = thread_get_contents($clang, $thread_id, false);
/* node_id node_number node_ignored node_name node_title node_cloud thread_image */
if (!$r or count($r) != count($p)) {
$p = false;
}
if ($r) {
$pos = 1;
$thread_url = url('threadedit', $lang) . '/' . $thread_id;
foreach ($r as $c) {
$c['node_url'] = $thread_url . '/' . $c['node_id'];
$c['pos'] = $p ? $p[$pos] : $pos;
$thread_contents[$pos] = $c;
$pos++;
}
}
$missing_thread_name = false;
$bad_thread_name = false;
$missing_thread_type = false;
$bad_thread_type = false;
$missing_new_node_title = false;
$bad_new_node_title = false;
$bad_new_node_number = false;
$missing_old_node_number = false;
$bad_old_node_number = false;
switch ($action) {
case 'edit':
if (!$thread_name) {
$missing_thread_name = true;
} else {
if (!preg_match('#^\\w+(-\\w+)*$#', $thread_name)) {
$bad_thread_name = true;
}
}
if (!$thread_type) {
$missing_thread_type = true;
} else {
if (!in_array($thread_type, $supported_threads)) {
$bad_thread_type = true;
}
}
break;
case 'create':
case 'copy':
if (!$new_node_title) {
$missing_new_node_title = true;
} else {
if (!$new_node_name) {
$bad_new_node_title = true;
} else {
if (!preg_match('#^\\w+(-\\w+)*$#', $new_node_name)) {
$bad_new_node_title = true;
}
}
}
if (!$new_node_number) {
$new_node_number = false;
} else {
if (!is_numeric($new_node_number)) {
$bad_new_node_number = true;
} else {
if ($new_node_number < 1 or $new_node_number > count($thread_contents) + 1) {
$bad_new_node_number = true;
}
}
}
if ($action == 'create') {
break;
}
/* fall thru */
/* fall thru */
case 'delete':
case 'hide':
case 'show':
if (!$old_node_number) {
$missing_old_node_number = true;
} else {
if (!is_numeric($old_node_number)) {
$bad_old_node_number = true;
} else {
if ($old_node_number < 1 or $old_node_number > count($thread_contents)) {
$bad_old_node_number = true;
}
}
}
break;
case 'reorder':
break;
default:
break;
}
$confirm_delete_node = false;
switch ($action) {
case 'edit':
if ($missing_thread_name or $bad_thread_name or $missing_thread_type or $bad_thread_type) {
break;
}
$r = thread_set($clang, $thread_id, $thread_name, $thread_title, $thread_type, $thread_abstract, $thread_cloud, $thread_image, $thread_visits, $thread_nosearch, $thread_nocloud, $thread_nocomment, $thread_nomorecomment, $thread_novote, $thread_nomorevote, $thread_ilike, $thread_tweet, $thread_plusone, $thread_linkedin, $thread_pinit);
if (!$r) {
break;
}
break;
case 'create':
case 'copy':
if ($missing_new_node_title or $bad_new_node_title or $bad_new_node_number or $action == 'copy' and ($missing_old_node_number or $bad_old_node_number)) {
break;
}
$user_id = user_profile('id');
if ($action == 'copy') {
$node_id = $thread_contents[$old_node_number]['node_id'];
$np = thread_copy_node($clang, $user_id, $thread_id, $node_id, $new_node_name, $new_node_title, $new_node_number);
} else {
$np = thread_create_node($clang, $user_id, $thread_id, $new_node_name, $new_node_title, $new_node_number);
}
if (!$np) {
break;
}
extract($np);
/* node_id node_number node_ignored */
$node_ignored = false;
$node_title = $new_node_title;
$node_url = url('threadedit', $lang) . '/' . $thread_id . '/' . $node_id;
$pos = $node_number;
if ($thread_contents) {
foreach ($thread_contents as &$c) {
if ($c['node_number'] >= $pos) {
$c['node_number']++;
}
if ($c['pos'] >= $pos) {
$c['pos']++;
}
}
array_splice($thread_contents, $pos - 1, 0, array(compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos')));
} else {
$pos = 1;
$thread_contents = array($pos => compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos'));
}
$new_node_name = $new_node_title = false;
$new_node_number = $node_number + 1;
$old_node_number = false;
break;
case 'delete':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
if (!$confirmed) {
$confirm_delete_node = true;
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_delete_node($thread_id, $node_id);
if (!$r) {
break;
}
unset($thread_contents[$old_node_number]);
$thread_contents = array_values($thread_contents);
foreach ($thread_contents as &$c) {
if ($c['node_number'] >= $old_node_number) {
$c['node_number']--;
}
if ($c['pos'] >= $old_node_number) {
$c['pos']--;
}
}
$new_node_number = $old_node_number = false;
break;
case 'hide':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_set_node_ignored($thread_id, $node_id, true);
if (!$r) {
break;
}
$thread_contents[$old_node_number]['node_ignored'] = true;
break;
case 'show':
if ($missing_old_node_number or $bad_old_node_number) {
break;
}
$node_id = $thread_contents[$old_node_number]['node_id'];
$r = thread_set_node_ignored($thread_id, $node_id, false);
if (!$r) {
break;
}
$thread_contents[$old_node_number]['node_ignored'] = false;
break;
case 'reorder':
if (!$p) {
break;
}
$neworder = range(1, count($p));
array_multisort($p, SORT_NUMERIC, $neworder);
$number = 1;
$nc = array();
foreach ($neworder as $i) {
$c =& $thread_contents[$i];
if ($c['node_number'] != $number) {
thread_set_node_number($thread_id, $c['node_id'], $number);
$c['node_number'] = $number;
}
$c['pos'] = $number;
$nc[$number++] = $c;
}
$thread_contents = $nc;
break;
default:
break;
}
head('title', $thread_title ? $thread_title : $thread_id);
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$headline_text = translate('threadall:title', $lang);
$headline_url = url('threadedit', $lang) . '?' . 'clang=' . $clang;
$headline = compact('headline_text', 'headline_url');
$view = $thread_name ? url('thread', $clang) . '/' . $thread_id . '?' . 'slang=' . $lang : false;
$scroll = true;
$banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
$title = view('headline', false, $headline);
$sidebar = view('sidebar', false, compact('title'));
$inlanguages = view('inlanguages', false, compact('clang'));
$errors = compact('missing_thread_name', 'bad_thread_name', 'missing_thread_type', 'bad_thread_type', 'missing_new_node_title', 'bad_new_node_title', 'bad_new_node_number', 'missing_old_node_number', 'bad_old_node_number');
$content = view('editing/threadeditsummary', $lang, compact('clang', 'inlanguages', 'supported_threads', 'thread_id', 'thread_type', 'thread_title', 'thread_name', 'thread_abstract', 'thread_cloud', 'thread_image', 'thread_visits', 'thread_search', 'thread_tag', 'thread_comment', 'thread_morecomment', 'thread_vote', 'thread_morevote', 'thread_ilike', 'thread_tweet', 'thread_plusone', 'thread_linkedin', 'thread_pinit', 'thread_contents', 'new_node_name', 'new_node_title', 'new_node_number', 'old_node_number', 'confirm_delete_node', 'errors'));
$output = layout('editing', compact('toolbar', 'banner', 'content', 'sidebar'));
return $output;
}
function nodeeditor($lang, $clang, $node_id, $content_types)
{
$action = 'init';
if (isset($_POST['node_edit'])) {
$action = 'edit';
}
$node_name = $node_title = $node_abstract = $node_cloud = $node_image = $node_comment = $node_morecomment = $node_vote = $node_morevote = false;
$node_ilike = $node_tweet = $node_plusone = $node_linkedin = $node_pinit = false;
$node_visits = false;
$node_nocomment = $node_nomorecomment = $node_novote = $node_nomorevote = true;
switch ($action) {
case 'init':
case 'reset':
$r = node_get($clang, $node_id, false);
if ($r) {
extract($r);
}
$node_comment = !$node_nocomment;
$node_morecomment = !$node_nomorecomment;
$node_vote = !$node_novote;
$node_morevote = !$node_nomorevote;
break;
case 'edit':
if (isset($_POST['node_title'])) {
$node_title = readarg($_POST['node_title']);
}
if (isset($_POST['node_name'])) {
$node_name = strtofname(readarg($_POST['node_name']));
}
if (empty($node_name) and !empty($node_title)) {
$node_name = strtofname($node_title);
}
if (isset($_POST['node_abstract'])) {
$node_abstract = readarg($_POST['node_abstract']);
}
if (isset($_POST['node_cloud'])) {
$node_cloud = readarg($_POST['node_cloud'], true, false);
// trim but DON'T strip!
preg_match_all('/(\\S+)/', $node_cloud, $r);
$node_cloud = implode(' ', array_unique($r[0]));
}
if (isset($_POST['node_image'])) {
$node_image = readarg($_POST['node_image']);
}
if (isset($_POST['node_visits'])) {
$node_visits = readarg($_POST['node_visits']) == 'on' ? true : false;
}
if (isset($_POST['node_comment'])) {
$node_comment = readarg($_POST['node_comment']) == 'on' ? true : false;
$node_nocomment = !$node_comment;
}
if (isset($_POST['node_morecomment'])) {
$node_morecomment = readarg($_POST['node_morecomment']) == 'on' ? true : false;
$node_nomorecomment = !$node_morecomment;
}
if (isset($_POST['node_vote'])) {
$node_vote = readarg($_POST['node_vote']) == 'on' ? true : false;
$node_novote = !$node_vote;
}
if (isset($_POST['node_morevote'])) {
$node_morevote = readarg($_POST['node_morevote']) == 'on' ? true : false;
$node_nomorevote = !$node_morevote;
}
if (isset($_POST['node_ilike'])) {
$node_ilike = readarg($_POST['node_ilike'] == 'on' ? true : false);
}
if (isset($_POST['node_tweet'])) {
$node_tweet = readarg($_POST['node_tweet'] == 'on' ? true : false);
}
if (isset($_POST['node_plusone'])) {
$node_plusone = readarg($_POST['node_plusone'] == 'on' ? true : false);
}
if (isset($_POST['node_linkedin'])) {
$node_linkedin = readarg($_POST['node_linkedin'] == 'on' ? true : false);
}
if (isset($_POST['node_pinit'])) {
$node_pinit = readarg($_POST['node_pinit'] == 'on' ? true : false);
}
break;
default:
break;
}
$missing_node_name = false;
$bad_node_name = false;
switch ($action) {
case 'edit':
if (empty($node_name)) {
$missing_node_name = true;
} else {
if (!preg_match('#^\\w+(-\\w+)*$#', $node_name)) {
$bad_node_name = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'edit':
if ($missing_node_name or $bad_node_name) {
break;
}
$r = node_set($clang, $node_id, $node_name, $node_title, $node_abstract, $node_cloud, $node_image, $node_visits, $node_nocomment, $node_nomorecomment, $node_novote, $node_nomorevote, $node_ilike, $node_tweet, $node_plusone, $node_linkedin, $node_pinit);
if (!$r) {
break;
}
if (!$node_comment) {
$node_morecomment = false;
}
if (!$node_vote) {
$node_morevote = false;
}
break;
default:
break;
}
$content_editor = build('nodecontenteditor', $lang, $clang, $node_id, $content_types);
$inlanguages = view('inlanguages', false, compact('clang'));
$errors = compact('missing_node_name', 'bad_node_name');
$output = view('editing/nodeeditor', $lang, compact('clang', 'inlanguages', 'node_name', 'node_title', 'node_abstract', 'node_cloud', 'node_image', 'node_visits', 'node_comment', 'node_morecomment', 'node_vote', 'node_morevote', 'node_ilike', 'node_tweet', 'node_plusone', 'node_linkedin', 'node_pinit', 'content_editor', 'errors'));
return $output;
}
function unsubscribe($lang)
{
$with_captcha = true;
$action = 'init';
if (isset($_POST['unsubscribe_send'])) {
$action = 'unsubscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$subscribe_page = false;
switch ($action) {
case 'init':
$subscribe_page = url('newslettersubscribe', $lang);
break;
case 'unsubscribe':
if (isset($_POST['unsubscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
}
if (isset($_POST['unsubscribe_confirmed'])) {
$confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['unsubscribe_code'])) {
$code = readarg($_POST['unsubscribe_code']);
}
if (isset($_POST['unsubscribe_token'])) {
$token = readarg($_POST['unsubscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$unknown_mail = false;
$missing_confirmation = false;
$mail_unsubscribed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'unsubscribe':
if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (!newsletter_get_user($user_mail)) {
$unknown_mail = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'unsubscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
break;
}
require_once 'urlencodeaction.php';
$id = 1;
// confirmnewsletterunsubscribe, see saction
$param = $user_mail;
$s64 = urlencodeaction($id, $param);
if (!$s64) {
$internal_error = true;
break;
}
$saction_page = url('saction', $lang);
if (!$saction_page) {
$internal_error = true;
break;
}
global $base_url;
$url = $base_url . $saction_page . '/' . $s64;
require_once 'emailtext.php';
$to = $user_mail;
$subject = translate('newsletter:unregister_subject', $lang);
$f = translate('newsletter:unregister_text', $lang);
$s = sprintf($f, $url);
$msg = $s . "\n\n" . translate('email:salutations', $lang);
emailtext($msg, $to, $subject, false);
$mail_unsubscribed = $user_mail;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['unsubscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('mail_unsubscribed');
$output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
return $output;
}
function nodecontenteditor($lang, $clang, $node_id, $content_types)
{
global $contents_model;
$action = 'init';
if (isset($_POST['content_modify'])) {
$action = 'modify';
} else {
if (isset($_POST['content_create'])) {
$action = 'create';
} else {
if (isset($_POST['content_delete'])) {
$action = 'delete';
}
}
}
$new_content_type = $new_content_number = false;
$old_content_number = false;
$node_contents = false;
$id = false;
$p = false;
switch ($action) {
case 'init':
case 'reset':
$r = node_get_contents($clang, $node_id);
if ($r) {
$pos = 1;
$node_contents = array();
foreach ($r as $c) {
$c['content_pos'] = $c['content_number'];
$node_contents[$pos] = $c;
$pos++;
}
}
break;
case 'modify':
case 'create':
case 'delete':
if (isset($_POST['content_new_type'])) {
$new_content_type = readarg($_POST['content_new_type']);
}
if (isset($_POST['content_new_number'])) {
$new_content_number = readarg($_POST['content_new_number']);
}
if (isset($_POST['content_old_number'])) {
$old_content_number = readarg($_POST['content_old_number']);
}
if (isset($_POST['content_id'])) {
$id = $_POST['content_id'];
// DON'T readarg!
}
if (isset($_POST['content_p'])) {
$p = $_POST['content_p'];
// DON'T readarg!
}
if (isset($_POST['content_ignored'])) {
$ignored = $_POST['content_ignored'];
// DON'T readarg!
}
break;
default:
break;
}
$bad_contents = false;
switch ($action) {
case 'create':
case 'delete':
case 'modify':
if (!$id or !$p and !(is_array($id) and is_array($p) and count($id) == count($p))) {
$bad_contents = true;
} else {
foreach ($id as $i => $v) {
if (!is_numeric($v) or !(isset($p[$i]) and is_numeric($p[$i]))) {
$bad_contents = true;
break;
}
}
}
if ($bad_contents) {
break;
}
$node_contents = array();
foreach ($contents_model as $type => $fields) {
foreach ($fields as $fname => $props) {
$fieldname = "content_{$type}_{$fname}";
if (isset($_POST[$fieldname]) and is_array($_POST[$fieldname])) {
foreach ($_POST[$fieldname] as $i => $value) {
$v = readarg($value, true, false);
// trim but DON'T strip_tags!
if (!isset($node_contents[$i])) {
$content_ignored = isset($ignored[$i]) && $ignored[$i] == 'on';
$node_contents[$i] = array('content_id' => $id[$i], 'content_pos' => $p[$i], 'content_ignored' => $content_ignored, 'content_type' => $type, $fieldname => $v);
} else {
$node_contents[$i][$fieldname] = $v;
}
}
}
}
}
if (!$node_contents) {
$bad_contents = true;
break;
}
ksort($node_contents);
break;
default:
break;
}
$missing_new_content_type = false;
$bad_new_content_type = false;
$bad_new_content_number = false;
$missing_old_content_number = false;
$bad_old_content_number = false;
switch ($action) {
case 'create':
if (empty($new_content_type)) {
$missing_new_content_type = true;
} else {
if (!$content_types or !in_array($new_content_type, $content_types)) {
$bad_new_content_type = true;
}
}
if (empty($new_content_number)) {
$new_content_number = false;
} else {
if (!is_numeric($new_content_number)) {
$bad_new_content_number = true;
} else {
if ($new_content_number < 1) {
$bad_new_content_number = true;
} else {
if ($new_content_number > count($node_contents)) {
$new_content_number = false;
}
}
}
}
break;
case 'delete':
if (empty($old_content_number)) {
$missing_old_content_number = true;
} else {
if (!is_numeric($old_content_number)) {
$bad_old_content_number = true;
} else {
if ($old_content_number < 1 or $old_content_number > count($node_contents)) {
$bad_old_content_number = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'create':
if ($missing_new_content_type or $bad_new_content_type or $bad_new_content_number) {
break;
}
$nc = node_create_content($clang, $node_id, $new_content_type, $new_content_number);
if (!$nc) {
break;
}
$content_id = $nc['content_id'];
$content_pos = $nc['content_number'];
$content_type = $new_content_type;
$content_ignored = false;
$fields = compact('content_pos', 'content_id', 'content_type', 'content_ignored');
foreach ($contents_model[$content_type] as $fname => $props) {
$fieldname = "content_{$content_type}_{$fname}";
$fields[$fieldname] = isset($props['default']) ? $props['default'] : false;
}
if ($node_contents) {
foreach ($node_contents as &$c) {
if ($c['content_pos'] >= $content_pos) {
$c['content_pos']++;
}
}
array_splice($node_contents, $content_pos - 1, 0, array($fields));
} else {
$content_pos = 1;
$node_contents = array($content_pos => $fields);
}
if ($new_content_number) {
$new_content_number++;
}
$new_content_type = false;
break;
case 'delete':
if ($missing_old_content_number or $bad_old_content_number) {
break;
}
$c = $node_contents[$old_content_number];
$content_id = $c['content_id'];
$content_type = $c['content_type'];
$r = node_delete_content($node_id, $content_id, $content_type);
if (!$r) {
break;
}
unset($node_contents[$old_content_number]);
$node_contents = array_values($node_contents);
foreach ($node_contents as &$c) {
if ($c['content_pos'] >= $old_content_number) {
$c['content_pos']--;
}
}
$old_content_number = false;
break;
case 'modify':
if ($bad_contents) {
break;
}
$neworder = range(1, count($p));
array_multisort($p, SORT_NUMERIC, $neworder);
$number = 1;
$nc = array();
foreach ($neworder as $i) {
$c =& $node_contents[$i];
$c['content_pos'] = $number;
$nc[$number++] = $c;
}
$node_contents = $nc;
$r = node_set_contents($clang, $node_id, $node_contents);
if (!$r) {
break;
}
break;
default:
break;
}
$errors = compact('missing_new_content_type', 'bad_new_content_type', 'bad_new_content_number', 'missing_old_content_number', 'bad_old_content_number');
$output = view('editing/nodecontenteditor', $lang, compact('clang', 'content_types', 'new_content_type', 'new_content_number', 'old_content_number', 'node_contents', 'errors'));
return $output;
}
function useredit($lang, $user_id)
{
global $system_languages, $supported_roles;
$is_admin = user_has_role('administrator');
$is_owner = $user_id == user_profile('id');
$with_name = true;
$with_status = ($user_id != 1 and $is_admin);
$with_delete = ($user_id != 1 and $is_admin and !$is_owner);
$with_newpassword = false;
// ($user_id != 1 and $is_owner);
$with_locale = count($system_languages) > 1 ? true : false;
$with_role = ($user_id != 1 and $is_admin);
$with_timezone = ($user_id != 1 and $is_admin);
$with_website = true;
$with_info = false;
$confirmed = false;
$action = 'init';
if (isset($_POST['useredit_modify'])) {
$action = 'modify';
}
if ($with_newpassword) {
if (isset($_POST['useredit_change'])) {
$action = 'change';
}
}
if ($with_delete) {
if (isset($_POST['useredit_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['useredit_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['useredit_cancel'])) {
$action = 'cancel';
}
}
}
}
$user_name = $user_mail = $user_locale = $user_timezone = false;
$user_website = false;
$user_active = $user_banned = false;
$user_accessed = false;
$user_role = false;
$user_newpassword = false;
$user_lastname = $user_firstname = false;
$token = false;
switch ($action) {
case 'init':
case 'reset':
$r = user_get($user_id);
if ($r) {
extract($r);
/* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
}
$user_newpassword = false;
if ($with_info) {
$r = user_get_info($user_id);
if ($r) {
extract($r);
/* user_lastname, user_firstname */
}
}
if ($with_role) {
$user_role = user_get_role($user_id);
}
break;
case 'modify':
case 'change':
case 'delete':
case 'cancel':
if ($with_info) {
if (isset($_POST['useredit_lastname'])) {
$user_lastname = readarg($_POST['useredit_lastname']);
}
if (isset($_POST['useredit_firstname'])) {
$user_firstname = readarg($_POST['useredit_firstname']);
}
}
if (isset($_POST['useredit_name'])) {
$user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
}
if (isset($_POST['useredit_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
}
if (isset($_POST['useredit_website'])) {
$user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
}
if (isset($_POST['useredit_timezone'])) {
$user_timezone = readarg($_POST['useredit_timezone']);
}
if (isset($_POST['useredit_locale'])) {
$user_locale = readarg($_POST['useredit_locale']);
}
if ($with_role) {
if (isset($_POST['useredit_role'])) {
$user_role = readarg($_POST['useredit_role']);
}
}
if ($with_status) {
if (isset($_POST['useredit_active'])) {
$user_active = readarg($_POST['useredit_active']) == 'on';
}
if (isset($_POST['useredit_banned'])) {
$user_banned = readarg($_POST['useredit_banned']) == 'on';
}
if (isset($_POST['useredit_accessed'])) {
$user_accessed = (int) readarg($_POST['useredit_accessed']);
}
}
if ($with_newpassword) {
if (isset($_POST['useredit_newpassword'])) {
$user_newpassword = readarg($_POST['useredit_newpassword']);
}
}
if (isset($_POST['useredit_token'])) {
$token = readarg($_POST['useredit_token']);
}
break;
default:
break;
}
$bad_token = false;
$missing_lastname = false;
$missing_firstname = false;
$missing_name = false;
$bad_name = false;
$duplicated_name = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$bad_role = false;
$bad_website = false;
$missing_locale = false;
$bad_locale = false;
$bad_timezone = false;
$missing_newpassword = false;
$bad_newpassword = false;
$account_modified = false;
$password_changed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'modify':
if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
$bad_token = true;
}
if ($with_info) {
if (!$user_lastname) {
$missing_lastname = true;
}
if (!$user_firstname) {
$missing_firstname = true;
}
}
if ($with_name and !$user_name) {
$missing_name = true;
}
if ($user_name) {
if (!validate_user_name($user_name)) {
$bad_name = true;
} else {
if (!user_check_name($user_name, $user_id)) {
$duplicated_name = true;
}
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail)) {
$bad_mail = true;
} else {
if (!user_check_mail($user_mail, $user_id)) {
$duplicated_mail = true;
}
}
}
if ($user_role) {
foreach ($user_role as $role) {
if (!validate_role($role)) {
$bad_role = true;
break;
}
}
}
if ($user_website) {
if (!validate_website($user_website)) {
$bad_website = true;
} else {
$user_website = normalize_website($user_website);
}
}
if ($user_timezone) {
if (!validate_timezone($user_timezone)) {
$bad_timezone = true;
}
}
if ($with_locale and !$user_locale) {
$missing_locale = true;
}
if ($user_locale) {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
break;
case 'change':
if (!$user_newpassword) {
$missing_newpassword = true;
} else {
if (!validate_password($user_newpassword)) {
$bad_newpassword = true;
}
}
break;
default:
break;
}
$confirm_delete = false;
switch ($action) {
case 'modify':
if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
break;
}
$r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['name'] = $user_name;
$_SESSION['user']['mail'] = $user_mail;
$_SESSION['user']['website'] = $user_website;
$_SESSION['user']['locale'] = $user_locale;
$_SESSION['user']['timezone'] = $user_timezone;
}
if ($with_info) {
$r = user_set_info($user_id, $user_lastname, $user_firstname);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['lastname'] = $user_lastname;
$_SESSION['user']['firstname'] = $user_firstname;
}
}
if ($with_role) {
$r = user_set_role($user_id, $user_role);
if (!$r) {
$internal_error = true;
break;
}
}
if ($with_status) {
$r = user_set_status($user_id, $user_active, $user_banned);
if (!$r) {
$internal_error = true;
break;
}
}
$account_modified = true;
break;
case 'change':
if ($missing_newpassword or $bad_newpassword) {
break;
}
$r = user_set_newpassword($user_id, $user_newpassword);
if (!$r) {
$internal_error = true;
break;
}
$password_changed = true;
break;
case 'delete':
if (!$confirmed) {
$confirm_delete = true;
break;
}
$r = user_delete($user_id);
if (!$r) {
$internal_error = true;
break;
}
return false;
default:
break;
}
$user_newpassword = false;
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['useredit_token'] = $token = token_id();
$errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
$infos = compact('account_modified', 'password_changed');
$output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
return $output;
}
function postnews($lang, $newsletter_id, $page_id)
{
$postdate = $scheduled = $mailed = false;
$r = newsletter_get_post($newsletter_id, $page_id, $lang);
if ($r) {
extract($r);
// newsletter_post_scheduled, newsletter_post_mailed
$scheduled = $newsletter_post_scheduled;
$mailed = $newsletter_post_mailed;
}
if ($mailed) {
return view('postnews', $lang, compact('mailed'));
}
$action = 'init';
if (isset($_POST['postnews_post']) and !$scheduled) {
$action = 'post';
} else {
if (isset($_POST['postnews_cancel']) and $scheduled and !$mailed) {
$action = 'cancel';
}
}
$hmin = 8;
$hmax = 18;
$token = false;
$date = false;
$hour = $hmin;
$minute = 0;
switch ($action) {
case 'init':
break;
case 'post':
if (isset($_POST['postnews_date'])) {
$date = readarg($_POST['postnews_date']);
}
if (isset($_POST['postnews_hour'])) {
$hour = readarg($_POST['postnews_hour']);
}
if (isset($_POST['postnews_minute'])) {
$minute = readarg($_POST['postnews_minute']);
}
if (isset($_POST['postnews_token'])) {
$token = readarg($_POST['postnews_token']);
}
break;
case 'cancel':
break;
default:
break;
}
$bad_token = false;
$missing_date = false;
$bad_date = false;
$internal_error = false;
switch ($action) {
case 'post':
if (!isset($_SESSION['postnews_token']) or $token != $_SESSION['postnews_token']) {
$bad_token = true;
}
if (!is_numeric($hour)) {
$hour = $hmin;
} else {
if ($hour < $hmin) {
$hour = $hmin;
} else {
if ($hour >= $hmax) {
$hour = $hmax;
$minute = 0;
}
}
}
if (!is_numeric($minute)) {
$minute = 0;
} else {
if ($minute < 0) {
$minute = 0;
} else {
if ($minute > 59) {
$minute = 59;
}
}
}
if (!$date) {
$missing_date = true;
} else {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_date = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_date = true;
}
}
}
if ($missing_date or $bad_date) {
break;
}
$postdate = mktime($hour, $minute, 0, $d[3], $d[4], $d[1]);
if ($postdate < mktime($hmin, 0, 0)) {
$bad_date = true;
}
break;
default:
break;
}
switch ($action) {
case 'post':
if ($bad_token or $missing_date or $bad_date) {
break;
}
$r = newsletter_schedule_post($newsletter_id, $page_id, $lang, $postdate);
if (!$r) {
$internal_error = true;
break;
}
$scheduled = $postdate;
break;
case 'cancel':
$r = newsletter_cancel_post($newsletter_id, $page_id, $lang);
if (!$r) {
$internal_error = true;
break;
}
$scheduled = false;
break;
default:
break;
}
if (!$scheduled) {
$postdate = mktime($hour, $minute, 0);
if (time() > mktime($hmax + 1, 0, 0)) {
$postdate = strtotime('+1 day', $postdate);
}
}
$_SESSION['postnews_token'] = $token = token_id();
$errors = compact('missing_date', 'bad_date', 'internal_error');
$output = view('postnews', $lang, compact('token', 'scheduled', 'mailed', 'hmin', 'hmax', 'postdate', 'errors'));
return $output;
}
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
$action = 'init';
if (isset($_POST['mailme_send'])) {
$action = 'send';
}
$mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
if (isset($_SESSION['user']['mail'])) {
$mail = $_SESSION['user']['mail'];
}
switch ($action) {
case 'send':
if (isset($_POST['mailme_mail'])) {
$mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
}
if (isset($_POST['mailme_subject'])) {
$subject = readarg($_POST['mailme_subject']);
}
if (isset($_POST['mailme_message'])) {
$message = readarg($_POST['mailme_message']);
}
if ($with_appointment) {
if (isset($_POST['mailme_date'])) {
$date = readarg($_POST['mailme_date']);
}
if (isset($_POST['mailme_hour'])) {
$hour = readarg($_POST['mailme_hour']);
}
if (isset($_POST['mailme_minute'])) {
$minute = readarg($_POST['mailme_minute']);
}
}
if (isset($_POST['mailme_code'])) {
$code = readarg($_POST['mailme_code']);
}
if (isset($_POST['mailme_token'])) {
$token = readarg($_POST['mailme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$missing_subject = false;
$bad_subject = false;
$missing_message = false;
$bad_appointment = false;
$email_sent = false;
$home_page = false;
$internal_error = false;
switch ($action) {
case 'send':
if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$mail) {
$missing_mail = true;
} else {
if (!validate_mail($mail)) {
$bad_mail = true;
}
}
if (!$subject) {
$missing_subject = true;
} else {
if (is_mail_injected($subject)) {
$bad_subject = true;
}
}
if (!$message) {
$missing_message = true;
}
if ($with_appointment) {
if ($date) {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_appointment = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_appointment = true;
} else {
if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
$bad_appointment = true;
}
}
}
}
if (is_numeric($hour) and is_numeric($minute)) {
if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
$bad_appointment = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'send':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
break;
}
require_once 'emailme.php';
if ($date) {
$f = translate('email:appointment', $lang);
$s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
$message .= "\n\n{$s}";
}
$r = emailme($subject, $message, $mail, $to);
if (!$r) {
$internal_error = true;
break;
}
$subject = $message = $date = $hour = $minute = false;
if ($with_home) {
global $home_action;
$home_page = url($home_action, $lang);
}
$email_sent = true;
break;
default:
break;
}
$_SESSION['mailme_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
$infos = compact('email_sent', 'home_page');
$output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
return $output;
}
function upload($lang)
{
$maxfilesize = 1000000;
$action = 'init';
if (isset($_POST['upload_put'])) {
$action = 'upload';
}
$file = $name = $type = $error = false;
$size = 0;
$token = false;
switch ($action) {
case 'upload':
if (isset($_POST['upload_token'])) {
$token = readarg($_POST['upload_token']);
}
if (isset($_FILES['upload_file'])) {
if (isset($_FILES['upload_file']['tmp_name'])) {
$file = $_FILES['upload_file']['tmp_name'];
}
if (isset($_FILES['upload_file']['error'])) {
$error = $_FILES['upload_file']['error'];
}
if (isset($_FILES['upload_file']['name'])) {
$name = $_FILES['upload_file']['name'];
}
if (isset($_FILES['upload_file']['type'])) {
$type = $_FILES['upload_file']['type'];
}
if (isset($_FILES['upload_file']['size'])) {
$size = $_FILES['upload_file']['size'];
}
}
break;
default:
break;
}
$bad_token = false;
$missing_file = false;
$bad_file = false;
$bad_name = false;
$bad_size = false;
$bad_copy = false;
$copy_error = false;
$file_copied = false;
switch ($action) {
case 'upload':
if (!isset($_SESSION['upload_token']) or $token != $_SESSION['upload_token']) {
$bad_token = true;
break;
}
if (!$file) {
$missing_file = true;
} else {
if (!is_uploaded_file($file)) {
$bad_file = true;
} else {
if ($error != UPLOAD_ERR_OK) {
$bad_copy = true;
} else {
if ($size > $maxfilesize) {
$bad_size = true;
} else {
if (!validate_filename($name) or !is_filename_allowed($name)) {
$bad_name = true;
}
}
}
}
}
break;
default:
break;
}
switch ($action) {
case 'upload':
if ($bad_token or $missing_file or $bad_file or $bad_size or $bad_name or $bad_copy) {
break;
}
$filecopy = FILES_DIR . DIRECTORY_SEPARATOR . $name;
if (!@move_uploaded_file($file, $filecopy)) {
$copy_error = true;
break;
}
$file_copied = true;
break;
default:
break;
}
$_SESSION['upload_token'] = $token = token_id();
$errors = compact('missing_file', 'bad_file', 'bad_size', 'bad_name', 'bad_copy', 'copy_error');
$infos = compact('file_copied');
$output = view('upload', $lang, compact('token', 'maxfilesize', 'name', 'errors', 'infos'));
return $output;
}
function threadeditall($lang, $clang)
{
global $supported_threads, $with_toolbar;
if (!user_has_role('writer')) {
return run('error/unauthorized', $lang);
}
$confirmed = false;
$action = 'init';
if (isset($_POST['thread_create'])) {
$action = 'create';
} else {
if (isset($_POST['thread_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['thread_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['threadlist_reorder'])) {
$action = 'reorder';
}
}
}
}
$new_thread_name = $new_thread_title = $new_thread_type = $new_thread_number = false;
$old_thread_number = false;
$p = false;
switch ($action) {
case 'init':
case 'reset':
break;
case 'create':
case 'delete':
case 'reorder':
if (isset($_POST['new_thread_title'])) {
$new_thread_title = readarg($_POST['new_thread_title']);
}
if ($new_thread_title) {
$new_thread_name = strtofname($new_thread_title);
}
if (isset($_POST['new_thread_number'])) {
$new_thread_number = readarg($_POST['new_thread_number']);
}
if (isset($_POST['new_thread_type'])) {
$new_thread_type = readarg($_POST['new_thread_type']);
}
if (isset($_POST['old_thread_number'])) {
$old_thread_number = readarg($_POST['old_thread_number']);
}
if (isset($_POST['p'])) {
$p = $_POST['p'];
// DON'T readarg!
}
default:
break;
}
$thread_list = array();
$r = thread_list($clang, false, false);
if (!$r or count($r) != count($p)) {
$p = false;
}
if ($r) {
$pos = 1;
$thread_url = url('threadedit', $lang);
foreach ($r as $b) {
$b['thread_url'] = $thread_url . '/' . $b['thread_id'];
$b['pos'] = $p ? $p[$pos] : $pos;
$thread_list[$pos] = $b;
$pos++;
}
}
$missing_new_thread_title = false;
$missing_new_thread_name = false;
$bad_new_thread_name = false;
$missing_new_thread_type = false;
$bad_new_thread_type = false;
$bad_new_thread_number = false;
$missing_old_thread_number = false;
$bad_old_thread_number = false;
switch ($action) {
case 'create':
if (!$new_thread_title) {
$missing_new_thread_title = true;
}
if (!$new_thread_name) {
$missing_new_thread_name = true;
} else {
if (!preg_match('#^[\\w-]{2,}$#', $new_thread_name)) {
$bad_new_thread_name = true;
}
}
if (!$new_thread_number) {
$bad_new_thread_number = false;
} else {
if (!is_numeric($new_thread_number)) {
$bad_new_thread_number = true;
} else {
if ($new_thread_number < 1 or $new_thread_number > count($thread_list) + 1) {
$bad_new_thread_number = true;
}
}
}
if (!$new_thread_type) {
$missing_new_thread_type = true;
} else {
if (!in_array($new_thread_type, $supported_threads)) {
$bad_new_thread_type = true;
}
}
break;
case 'delete':
if (!$old_thread_number) {
$missing_old_thread_number = true;
} else {
if (!is_numeric($old_thread_number)) {
$bad_old_thread_number = true;
} else {
if ($old_thread_number < 1 or $old_thread_number > count($thread_list)) {
$bad_old_thread_number = true;
}
}
}
break;
default:
break;
}
$confirm_delete_thread = false;
switch ($action) {
case 'create':
if ($missing_new_thread_title or $missing_new_thread_name or $bad_new_thread_name or $bad_new_thread_number or $missing_new_thread_type or $bad_new_thread_type) {
break;
}
$user_id = user_profile('id');
$np = thread_create($clang, $user_id, $new_thread_name, $new_thread_title, $new_thread_type, $new_thread_number);
if (!$np) {
break;
}
extract($np);
/* thread_id thread_number */
$thread_title = $new_thread_title;
$thread_url = url('threadedit', $lang) . '/' . $thread_id;
$pos = $thread_number;
if ($thread_list) {
foreach ($thread_list as &$tr) {
if ($tr['thread_number'] >= $pos) {
$tr['thread_number']++;
}
if ($tr['pos'] >= $pos) {
$tr['pos']++;
}
}
array_splice($thread_list, $pos - 1, 0, array(compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos')));
array_multisort(range(1, count($thread_list)), $thread_list);
} else {
$pos = 1;
$thread_list = array($pos => compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos'));
}
break;
case 'delete':
if ($missing_old_thread_number or $bad_old_thread_number) {
break;
}
if (!$confirmed) {
$confirm_delete_thread = true;
break;
}
$thread_id = $thread_list[$old_thread_number]['thread_id'];
$r = thread_delete($thread_id);
if (!$r) {
break;
}
unset($thread_list[$old_thread_number]);
foreach ($thread_list as &$b) {
if ($b['pos'] >= $old_thread_number) {
$b['pos']--;
}
}
$old_thread_number = false;
break;
case 'reorder':
if (!$p) {
break;
}
$neworder = range(1, count($p));
array_multisort($p, SORT_NUMERIC, $neworder);
$number = 1;
$nl = array();
foreach ($neworder as $i) {
$tr =& $thread_list[$i];
if ($tr['thread_number'] != $number) {
thread_set_number($tr['thread_id'], $number);
$tr['thread_number'] = $number;
}
$tr['pos'] = $number;
$nl[$number++] = $tr;
}
$thread_list = $nl;
break;
default:
break;
}
head('title', translate('threadall:title', $lang));
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$site_title = translate('title', $lang);
$view = url('thread', $clang) . '?' . 'slang=' . $lang;
$banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
$scroll = true;
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
$inlanguages = view('inlanguages', false, compact('clang'));
$errors = compact('missing_new_thread_title', 'bad_new_thread_title', 'missing_new_thread_name', 'missing_new_thread_type', 'bad_new_thread_name', 'bad_new_thread_type', 'bad_new_thread_number', 'missing_old_thread_number', 'bad_old_thread_number');
$content = view('editing/threadeditall', $lang, compact('clang', 'site_title', 'inlanguages', 'supported_threads', 'thread_list', 'new_thread_title', 'new_thread_type', 'new_thread_number', 'old_thread_number', 'confirm_delete_thread', 'errors'));
$output = layout('editing', compact('toolbar', 'banner', 'content'));
return $output;
}
function configure($lang)
{
global $system_languages;
global $base_url;
$writable_files = array(CONFIG_DIRNAME . DIRECTORY_SEPARATOR . DB_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . CONFIG_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . ALIASES_INC, LOGOS_DIRNAME . DIRECTORY_SEPARATOR . SITELOGO_PNG, SITEMAP_XML, ROBOTS_TXT, AVATARS_DIRNAME, LOG_DIRNAME, TMP_DIRNAME, PHPQRCODECACHE_DIRNAME);
$bad_write_permission = false;
foreach ($writable_files as $fname) {
$fpath = ROOT_DIR . DIRECTORY_SEPARATOR . $fname;
clearstatcache(true, $fpath);
if (!is_writable($fpath)) {
if (!is_array($bad_write_permission)) {
$bad_write_permission = array();
}
$bad_write_permission[] = $fname;
}
}
$token = false;
if (isset($_POST['configure_token'])) {
$token = readarg($_POST['configure_token']);
}
$action = 'init';
if (isset($_POST['configure_configure'])) {
$action = 'configure';
}
$sitename = $webmaster = '';
$content_languages = false;
$default_language = false;
$db_flag = false;
$db_type = 'mysql';
$db_reuse = false;
$db_host = 'localhost';
$db_admin_user = $db_admin_password = '';
$db_name = $db_user = $db_password = $db_prefix = '';
$site_admin_user = $site_admin_password = '';
switch ($action) {
case 'init':
$sitename = 'mysite.net';
$webmaster = '*****@*****.**';
$content_languages = array($lang);
$default_language = $lang;
$db_flag = true;
$db_reuse = false;
$db_name = 'mysite';
$db_user = '******';
$db_prefix = 'mysite_';
do {
$db_password = newpassword(8);
} while (!validate_password($db_password));
break;
case 'configure':
if (isset($_POST['configure_sitename'])) {
$sitename = readarg($_POST['configure_sitename']);
}
if (isset($_POST['configure_webmaster'])) {
$webmaster = readarg($_POST['configure_webmaster']);
}
if (isset($_POST['configure_content_languages'])) {
$content_languages = readarg($_POST['configure_content_languages']);
}
if (isset($_POST['configure_default_language'])) {
$default_language = readarg($_POST['configure_default_language']);
}
if (isset($_POST['configure_db_flag'])) {
$db_flag = readarg($_POST['configure_db_flag']) == 'yes' ? true : false;
}
if (isset($_POST['configure_db_type'])) {
$db_type = readarg($_POST['configure_db_type']);
}
if (isset($_POST['configure_db_reuse'])) {
$db_reuse = readarg($_POST['configure_db_reuse']) == 'yes' ? true : false;
}
if (isset($_POST['configure_db_admin_user'])) {
$db_admin_user = readarg($_POST['configure_db_admin_user']);
}
if (isset($_POST['configure_db_admin_password'])) {
$db_admin_password = readarg($_POST['configure_db_admin_password']);
}
if (isset($_POST['configure_db_name'])) {
$db_name = readarg($_POST['configure_db_name']);
}
if (isset($_POST['configure_db_host'])) {
$db_host = readarg($_POST['configure_db_host']);
}
if (isset($_POST['configure_db_user'])) {
$db_user = readarg($_POST['configure_db_user']);
}
if (isset($_POST['configure_db_password'])) {
$db_password = readarg($_POST['configure_db_password']);
}
if (isset($_POST['configure_db_prefix'])) {
$db_prefix = readarg($_POST['configure_db_prefix']);
}
if (isset($_POST['configure_site_admin_user'])) {
$site_admin_user = readarg($_POST['configure_site_admin_user']);
}
if (isset($_POST['configure_site_admin_password'])) {
$site_admin_password = readarg($_POST['configure_site_admin_password']);
}
break;
default:
break;
}
$bad_token = false;
$missing_sitename = false;
$missing_webmaster = false;
$missing_content_languages = false;
$bad_content_languages = false;
$missing_default_language = false;
$bad_default_language = false;
$missing_db_admin_user = false;
$missing_db_admin_password = false;
$bad_db_type = false;
$missing_db_name = false;
$bad_db_name = false;
$bad_db_prefix = false;
$missing_db_host = false;
$bad_db_host = false;
$missing_db_user = false;
$bad_db_user = false;
$missing_db_password = false;
$weak_db_password = false;
$missing_site_admin_user = false;
$bad_site_admin_user = false;
$missing_site_admin_password = false;
$weak_site_admin_password = false;
$db_error = false;
$file_error = false;
$internal_error = false;
switch ($action) {
case 'configure':
if (!isset($_SESSION['configure_token']) or $token != $_SESSION['configure_token']) {
$bad_token = true;
}
if (empty($sitename)) {
$missing_sitename = true;
}
if (empty($webmaster)) {
$missing_webmaster = true;
}
if (empty($content_languages)) {
$missing_content_languages = true;
} else {
if (!is_array($content_languages)) {
$bad_content_languages = true;
} else {
foreach ($content_languages as $clang) {
if (!in_array($clang, $system_languages)) {
$bad_content_languages = true;
break;
}
}
if (empty($default_language)) {
$default_language = $content_languages[0];
} else {
if (!in_array($default_language, $content_languages)) {
$bad_default_language = true;
}
}
}
}
if ($db_flag) {
if (empty($db_name)) {
$missing_db_name = true;
} else {
if (!$db_reuse and !validate_db_name($db_name)) {
$bad_db_name = true;
}
}
if (empty($db_type) or !in_array($db_type, array('mysql', 'pgsql'))) {
$bad_db_type = true;
}
if (!empty($db_prefix) and !validate_db_name($db_prefix)) {
$bad_db_prefix = true;
}
if (!$db_reuse) {
if (empty($db_admin_user)) {
$missing_db_admin_user = true;
}
if (empty($db_admin_password)) {
$missing_db_admin_password = true;
}
}
if (empty($db_host)) {
$missing_db_host = true;
} else {
if (!(validate_host_name($db_host) or validate_ip_address($db_host))) {
$bad_db_host = true;
}
}
if (empty($db_user)) {
$missing_db_user = true;
} else {
if (!$db_reuse and !validate_db_name($db_user)) {
$bad_db_user = true;
}
}
if (empty($db_password)) {
$missing_db_password = true;
} else {
if (!$db_reuse and !validate_password($db_password)) {
$weak_db_password = true;
}
}
if (empty($site_admin_user)) {
$missing_site_admin_user = true;
} else {
if (!validate_db_name($site_admin_user)) {
$bad_site_admin_user = true;
}
}
if (empty($site_admin_password)) {
$missing_site_admin_password = true;
} else {
if (!validate_password($site_admin_password)) {
$weak_site_admin_password = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'configure':
if ($bad_token or $bad_write_permission or $missing_sitename or $missing_webmaster or $missing_content_languages or $bad_default_language or $missing_db_admin_user or $missing_db_admin_password or $missing_db_name or $bad_db_name or $bad_db_type or $missing_db_host or $bad_db_host or $missing_db_user or $bad_db_user or $missing_db_password or $weak_db_password or $missing_site_admin_user or $bad_site_admin_user or $missing_site_admin_password or $weak_site_admin_password) {
break;
}
$site_admin_mail = $site_admin_user . '@' . $sitename;
$languages = array($default_language);
foreach ($content_languages as $clang) {
if ($clang != $default_language) {
$languages[] = $clang;
}
}
if ($db_flag) {
switch ($db_type) {
case 'pgsql':
require_once 'configurepgsql.php';
break;
case 'mysql':
default:
require_once 'configuremysql.php';
break;
}
if (!$db_reuse) {
try {
create_db($db_admin_user, $db_admin_password, 'localhost', $db_name, $db_user, $db_password);
} catch (PDOException $e) {
$db_error = $e->getMessage();
break;
}
}
try {
init_db($db_host, $db_name, $db_user, $db_password, $db_prefix, $site_admin_user, $site_admin_password, $site_admin_mail, $default_language);
} catch (PDOException $e) {
$db_error = $e->getMessage();
break;
}
$img = identicon($site_admin_user, AVATAR_SIZE);
@imagepng($img, AVATARS_DIR . DIRECTORY_SEPARATOR . $site_admin_user . '.png');
$db_inc = build_db_inc($db_host, $db_name, $db_user, $db_password, $db_prefix, $db_type);
$config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, 1, 'home', 'page', $languages);
$features = array('captcha', 'avatar', 'rssfeed', 'home', 'contact', 'user', 'nobody', 'account', 'password', 'newuser', 'search', 'suggest', 'download', 'admin', 'adminuser', 'pagecontent', 'pagevisit', 'page', 'editpage', 'folder', 'folderedit', 'story', 'storyedit', 'book', 'bookedit', 'newsletter', 'newsletteredit', 'newslettersubscribe', 'newsletterunsubscribe', 'thread', 'threadedit', 'node', 'editnode', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
$aliases_inc = build_aliases_inc($features, $languages);
} else {
$db_inc = build_db_inc(false, false, false, false, false, false);
$config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, false, 'homepage', 'anypage', $languages);
$features = array('captcha', 'avatar', 'rssfeed', 'homepage', 'contact', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
$aliases_inc = build_aliases_inc($features, $languages);
}
if (!$db_inc or !$config_inc or !$aliases_inc) {
$internal_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . DB_INC, array('<?php', $db_inc))) {
$file_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . CONFIG_INC, array('<?php', $config_inc))) {
$file_error = true;
break;
}
if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . ALIASES_INC, array("<?php", $aliases_inc))) {
$file_error = true;
break;
}
$sitemap_xml = build_sitemap_xml($sitename, $languages);
@file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . SITEMAP_XML, array('<?xml version="1.0" encoding="UTF-8"?>', "\n", $sitemap_xml));
$robots_txt = build_robots_txt($sitename, $languages);
@file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . ROBOTS_TXT, $robots_txt);
$logo = strlogo($sitename);
@imagepng($logo, LOGOS_DIR . DIRECTORY_SEPARATOR . SITELOGO_PNG, 9, PNG_ALL_FILTERS);
imagedestroy($logo);
session_reopen();
reload($base_url);
return false;
default:
break;
}
$_SESSION['configure_token'] = $token = token_id();
$errors = compact('bad_write_permission', 'missing_sitename', 'missing_webmaster', 'missing_content_languages', 'bad_default_language', 'missing_db_admin_user', 'missing_db_admin_password', 'bad_db_type', 'missing_db_name', 'bad_db_name', 'missing_db_host', 'bad_db_host', 'bad_db_prefix', 'missing_db_user', 'bad_db_user', 'missing_db_password', 'weak_db_password', 'missing_site_admin_user', 'bad_site_admin_user', 'missing_site_admin_password', 'weak_site_admin_password');
$output = view('configure', $lang, compact('token', 'sitename', 'webmaster', 'db_error', 'file_error', 'internal_error', 'content_languages', 'default_language', 'db_flag', 'db_type', 'db_reuse', 'db_admin_user', 'db_admin_password', 'db_name', 'db_host', 'db_prefix', 'db_user', 'db_password', 'site_admin_user', 'site_admin_password', 'errors'));
return $output;
}