Exemplo n.º 1
0
function ucnatwords($s)
{
    // capitalize first letter in every word after removing accents
    return preg_replace_callback("#(^|[ '~-])(\\w+)#", function ($e) {
        return $e[1] . strtoupper($e[2][0]) . substr($e[2], 1);
    }, strtolower(strflat($s)));
}
Exemplo n.º 2
0
function wmatch($word, $wl, $dlimit = 0, $closest = true)
{
    $word = strtolower(strflat($word));
    $ret = false;
    foreach ($wl as $w) {
        $d = levenshtein($word, strtolower(strflat($w)));
        if ($d < 0) {
            continue;
        }
        /* DON'T return immediately if $d is 0 to be case and accent insensitive */
        if ($d <= $dlimit) {
            if ($closest && $d < $dlimit) {
                $ret = array($w);
                $dlimit = $d;
            } else {
                $ret[] = $w;
            }
        }
    }
    return $ret;
}
Exemplo n.º 3
0
function strtofname($s, $strict = false)
{
    /* remove accents */
    $s = strflat($s);
    /* lower case */
    $s = strtolower($s);
    /* keep letters, digits, underscores and dashes replacing others by a dash */
    $s = preg_replace('#[^a-z0-9_-]#', '-', $s);
    /* replace consecutive dashes by one */
    $s = preg_replace('/[-]+/', '-', $s);
    /* remove a dash at the beginning or at the end */
    $s = preg_replace('/^-|-$/', '', $s);
    if (!$strict) {
        return $s;
    }
    /* remove words which are too short */
    $r = array();
    foreach (explode('-', $s) as $w) {
        if (strlen($w) > 2) {
            $r[] = $w;
        }
    }
    return implode('-', $r);
}
Exemplo n.º 4
0
function remindme($lang)
{
    $with_name = true;
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['remindme_send'])) {
        $action = 'remindme';
    }
    $login = $confirmed = $code = $token = false;
    if (!empty($_SESSION['login'])) {
        $login = $_SESSION['login'];
    } else {
        if (!empty($_SESSION['user']['name'])) {
            $login = $_SESSION['user']['name'];
        } else {
            if (!empty($_SESSION['user']['mail'])) {
                $login = $_SESSION['user']['mail'];
            }
        }
    }
    switch ($action) {
        case 'remindme':
            if (isset($_POST['remindme_login'])) {
                $login = strtolower(strflat(readarg($_POST['remindme_login'])));
            }
            if (isset($_POST['remindme_confirmed'])) {
                $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['remindme_code'])) {
                $code = readarg($_POST['remindme_code']);
            }
            if (isset($_POST['remindme_token'])) {
                $token = readarg($_POST['remindme_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_login = false;
    $bad_login = false;
    $missing_confirmation = false;
    $email_sent = false;
    $user_page = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'remindme':
            if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$login) {
                $missing_login = true;
            } else {
                if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
                    $bad_login = true;
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'remindme':
            if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
                break;
            }
            require_once 'models/user.inc';
            $user_id = user_find($login);
            if (!$user_id) {
                $bad_login = true;
                require_once 'log.php';
                write_log('password.err', substr($login, 0, 40));
                break;
            }
            $user = user_get($user_id);
            if (!$user) {
                $internal_error = true;
                break;
            }
            if (!$user['user_active'] or $user['user_banned']) {
                $bad_login = true;
                break;
            }
            require_once 'newpassword.php';
            $newpassword = newpassword();
            if (!user_set_newpassword($user_id, $newpassword)) {
                $internal_error = true;
                break;
            }
            require_once 'emailcrypto.php';
            global $sitename, $webmaster;
            $to = $user['user_mail'];
            $subject = translate('email:new_password_subject', $lang);
            $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
            if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
                $internal_error = true;
            } else {
                $email_sent = $to;
            }
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    } else {
        if ($email_sent) {
            $user_page = url('user', $lang);
        }
    }
    $_SESSION['remindme_token'] = $token = token_id();
    $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('email_sent', 'user_page');
    $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
    return $output;
}
Exemplo n.º 5
0
function newsletterpage($lang, $newsletter, $page)
{
    global $with_toolbar;
    $newsletter_id = thread_id($newsletter);
    if (!$newsletter_id) {
        return run('error/notfound', $lang);
    }
    $page_id = thread_node_id($newsletter_id, $page, $lang);
    if (!$page_id) {
        return run('error/notfound', $lang);
    }
    $r = thread_get($lang, $newsletter_id);
    if (!$r) {
        return run('error/notfound', $lang);
    }
    extract($r);
    /* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */
    $newsletter_name = $thread_name;
    $newsletter_title = $thread_title;
    $newsletter_nocloud = $thread_nocloud;
    $newsletter_nosearch = $thread_nosearch;
    $r = thread_get_node($lang, $newsletter_id, $page_id);
    if (!$r) {
        return run('error/notfound', $lang);
    }
    extract($r);
    /* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */
    if ($node_ignored) {
        return run('error/notfound', $lang);
    }
    $page_name = $node_name;
    $page_title = $node_title;
    $page_abstract = $node_abstract;
    $page_cloud = $node_cloud;
    $page_modified = $node_modified;
    if ($newsletter_title and $page_title) {
        head('title', $newsletter_title . ' - ' . $page_title);
    } else {
        if ($page_title) {
            head('title', $page_title);
        } else {
            if ($newsletter_title) {
                head('title', $newsletter_title);
            }
        }
    }
    head('description', false);
    head('keywords', false);
    head('robots', 'noindex, nofollow');
    $message_title = $message_html = $message_text = false;
    $r = newsletter_get_message($newsletter_id, $page_id, $lang);
    if ($r) {
        list($message_title, $message_html, $message_text) = $r;
    }
    $postnews = false;
    $with_mail = false;
    $mailto = false;
    $missing_mail = false;
    $bad_mail = false;
    $email_sent = false;
    if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) {
        require_once 'userprofile.php';
        $mailto = user_profile('mail');
        $with_mail = true;
        if (isset($_POST['newsletterpage_send'])) {
            if (isset($_POST['newsletterpage_mailto'])) {
                $mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto'])));
                if (!$mailto) {
                    $missing_mail = true;
                } else {
                    if (!validate_mail($mailto)) {
                        $bad_mail = true;
                    }
                }
            }
            if (!($missing_mail or $bad_mail)) {
                require_once 'emailhtml.php';
                $cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css';
                $css = @file_get_contents($cssfile);
                $r = emailhtml($message_text, $message_html, $css, $mailto, $message_title);
                if ($r) {
                    $email_sent = true;
                }
            }
        }
        $postnews = build('postnews', $lang, $newsletter_id, $page_id);
    }
    $prev_page_label = $prev_page_url = false;
    $r = thread_node_prev($lang, $newsletter_id, $page_id);
    if ($r) {
        extract($r);
        /* prev_node_id prev_node_name prev_node_title prev_node_number */
        $prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number;
        $prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id);
    }
    $next_page_label = $next_page_url = false;
    $r = thread_node_next($lang, $newsletter_id, $page_id);
    if ($r) {
        extract($r);
        /* next_node_id next_node_name next_node_title next_node_number */
        $next_page_label = $next_node_title ? $next_node_title : $next_node_number;
        $next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id);
    }
    $content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent'));
    $search = false;
    if (!$newsletter_nosearch) {
        $search_text = '';
        $search_url = url('search', $lang, $newsletter_name);
        $suggest_url = url('suggest', $lang, $newsletter_name);
        $search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
    }
    $cloud = false;
    if (!$newsletter_nocloud) {
        $cloud_url = url('search', $lang, $newsletter_name);
        $byname = $bycount = $index = true;
        $cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index'));
    }
    $headline_text = $newsletter_title ? $newsletter_title : $newsletter_id;
    $headline_url = url('newsletter', $lang);
    $headline = compact('headline_text', 'headline_url');
    $title = view('headline', false, $headline);
    $sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
    $search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false;
    $edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false;
    $validate = url('newsletter', $lang) . '/' . $page_name;
    $banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search'));
    $toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false;
    $output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar'));
    return $output;
}
Exemplo n.º 6
0
function subscribe($lang)
{
    global $sitekey, $system_languages;
    $with_locale = count($system_languages) > 1;
    // true, false
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['subscribe_send'])) {
        $action = 'subscribe';
    }
    $confirmed = $code = $token = false;
    $user_mail = user_profile('mail');
    $user_locale = user_profile('locale');
    if (!$user_locale) {
        $user_locale = $lang;
    }
    $unsubscribe_page = false;
    switch ($action) {
        case 'init':
            if ($sitekey) {
                $unsubscribe_page = url('newsletterunsubscribe', $lang);
            }
            break;
        case 'subscribe':
            if (isset($_POST['subscribe_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
            }
            if ($with_locale) {
                if (isset($_POST['subscribe_locale'])) {
                    $user_locale = readarg($_POST['subscribe_locale']);
                }
            }
            if (isset($_POST['subscribe_confirmed'])) {
                $confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['subscribe_code'])) {
                $code = readarg($_POST['subscribe_code']);
            }
            if (isset($_POST['subscribe_token'])) {
                $token = readarg($_POST['subscribe_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $duplicated_mail = false;
    $missing_locale = false;
    $bad_locale = false;
    $missing_confirmation = false;
    $email_registered = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'subscribe':
            if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (newsletter_get_user($user_mail)) {
                        $duplicated_mail = true;
                    }
                }
            }
            if ($with_locale) {
                if (!$user_locale) {
                    $missing_locale = true;
                } else {
                    if (!validate_locale($user_locale)) {
                        $bad_locale = true;
                    }
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'subscribe':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
                break;
            }
            $r = newsletter_create_user($user_mail, $user_locale);
            if (!$r) {
                $internal_error = true;
                break;
            }
            require_once 'serveripaddress.php';
            require_once 'emailme.php';
            global $sitename;
            $ip = server_ip_address();
            $timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
            $subject = 'subscribe' . '@' . $sitename;
            $msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
            @emailme($subject, $msg);
            $email_registered = true;
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['subscribe_token'] = $token = token_id();
    $errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('email_registered');
    $output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
    return $output;
}
Exemplo n.º 7
0
function login($lang)
{
    $with_name = true;
    $with_captcha = true;
    $with_facebook = false;
    $with_newuser = true;
    $with_newpassword = true;
    if ($with_facebook) {
        require_once 'facebook.php';
        $facebook = facebook();
    }
    $login = $password = $code = $token = false;
    if (isset($_SESSION['login'])) {
        $login = $_SESSION['login'];
    }
    $action = 'init';
    if (isset($_POST['login_enter'])) {
        $action = 'enter';
    }
    switch ($action) {
        case 'init':
            if ($with_facebook) {
                $facebook_user = $facebook->getUser();
                if ($facebook_user) {
                    try {
                        $facebook_user_profile = $facebook->api('/me', 'GET');
                        if (!empty($facebook_user_profile['email'])) {
                            $login = $facebook_user_profile['email'];
                        }
                        $action = 'facebook';
                    } catch (FacebookApiException $e) {
                    }
                    $facebook->destroySession();
                }
            }
            break;
        case 'enter':
            if (isset($_POST['login_login'])) {
                $login = strtolower(strflat(readarg($_POST['login_login'])));
            }
            if (isset($_POST['login_password'])) {
                $password = readarg($_POST['login_password']);
            }
            if (isset($_POST['login_code'])) {
                $code = readarg($_POST['login_code']);
            }
            if (isset($_POST['login_token'])) {
                $token = readarg($_POST['login_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_login = false;
    $bad_login = false;
    $missing_password = false;
    $access_denied = false;
    switch ($action) {
        case 'enter':
            if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
                $bad_token = true;
                break;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$password) {
                $missing_password = true;
            }
            /* fall thru */
        /* fall thru */
        case 'facebook':
            if (!$login) {
                $missing_login = true;
            } else {
                if (!(validate_user_name($login) or validate_mail($login))) {
                    $bad_login = true;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'enter':
        case 'facebook':
            if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
                break;
            }
            require_once 'models/user.inc';
            $user = user_login($login, $password);
            if (!$user) {
                $access_denied = true;
                require_once 'log.php';
                write_log('enter.err', substr($login, 0, 100));
                $_SESSION['login'] = $login;
                break;
            }
            $user['ip'] = client_ip_address();
            if (in_array('administrator', $user['role'])) {
                require_once 'serveripaddress.php';
                require_once 'emailme.php';
                global $sitename;
                $ip = server_ip_address();
                $timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
                $subject = 'login' . '@' . $sitename;
                $msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
                @emailme($subject, $msg);
                if ($action == 'facebook') {
                    $access_denied = true;
                    break;
                }
            }
            session_regenerate();
            $_SESSION['user'] = $user;
            unset($_SESSION['login']);
            unset($_SESSION['login_token']);
            return true;
        default:
            break;
    }
    $connectbar = false;
    if ($with_facebook) {
        $scope = 'email';
        $facebook_login_url = $facebook->getLoginUrl(compact('scope'));
        $connectbar = view('connect', $lang, compact('facebook_login_url'));
    }
    $password_page = $with_newpassword ? url('password', $lang) : false;
    $newuser_page = $with_newuser ? url('newuser', $lang) : false;
    $_SESSION['login_token'] = $token = token_id();
    $errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
    $output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
    return $output;
}
Exemplo n.º 8
0
function unsubscribe($lang)
{
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['unsubscribe_send'])) {
        $action = 'unsubscribe';
    }
    $confirmed = $code = $token = false;
    $user_mail = user_profile('mail');
    $subscribe_page = false;
    switch ($action) {
        case 'init':
            $subscribe_page = url('newslettersubscribe', $lang);
            break;
        case 'unsubscribe':
            if (isset($_POST['unsubscribe_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
            }
            if (isset($_POST['unsubscribe_confirmed'])) {
                $confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['unsubscribe_code'])) {
                $code = readarg($_POST['unsubscribe_code']);
            }
            if (isset($_POST['unsubscribe_token'])) {
                $token = readarg($_POST['unsubscribe_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $unknown_mail = false;
    $missing_confirmation = false;
    $mail_unsubscribed = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'unsubscribe':
            if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (!newsletter_get_user($user_mail)) {
                        $unknown_mail = true;
                    }
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'unsubscribe':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
                break;
            }
            require_once 'urlencodeaction.php';
            $id = 1;
            // confirmnewsletterunsubscribe, see saction
            $param = $user_mail;
            $s64 = urlencodeaction($id, $param);
            if (!$s64) {
                $internal_error = true;
                break;
            }
            $saction_page = url('saction', $lang);
            if (!$saction_page) {
                $internal_error = true;
                break;
            }
            global $base_url;
            $url = $base_url . $saction_page . '/' . $s64;
            require_once 'emailtext.php';
            $to = $user_mail;
            $subject = translate('newsletter:unregister_subject', $lang);
            $f = translate('newsletter:unregister_text', $lang);
            $s = sprintf($f, $url);
            $msg = $s . "\n\n" . translate('email:salutations', $lang);
            emailtext($msg, $to, $subject, false);
            $mail_unsubscribed = $user_mail;
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['unsubscribe_token'] = $token = token_id();
    $errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('mail_unsubscribed');
    $output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
    return $output;
}
Exemplo n.º 9
0
function useredit($lang, $user_id)
{
    global $system_languages, $supported_roles;
    $is_admin = user_has_role('administrator');
    $is_owner = $user_id == user_profile('id');
    $with_name = true;
    $with_status = ($user_id != 1 and $is_admin);
    $with_delete = ($user_id != 1 and $is_admin and !$is_owner);
    $with_newpassword = false;
    // ($user_id != 1 and $is_owner);
    $with_locale = count($system_languages) > 1 ? true : false;
    $with_role = ($user_id != 1 and $is_admin);
    $with_timezone = ($user_id != 1 and $is_admin);
    $with_website = true;
    $with_info = false;
    $confirmed = false;
    $action = 'init';
    if (isset($_POST['useredit_modify'])) {
        $action = 'modify';
    }
    if ($with_newpassword) {
        if (isset($_POST['useredit_change'])) {
            $action = 'change';
        }
    }
    if ($with_delete) {
        if (isset($_POST['useredit_delete'])) {
            $action = 'delete';
        } else {
            if (isset($_POST['useredit_confirmdelete'])) {
                $action = 'delete';
                $confirmed = true;
            } else {
                if (isset($_POST['useredit_cancel'])) {
                    $action = 'cancel';
                }
            }
        }
    }
    $user_name = $user_mail = $user_locale = $user_timezone = false;
    $user_website = false;
    $user_active = $user_banned = false;
    $user_accessed = false;
    $user_role = false;
    $user_newpassword = false;
    $user_lastname = $user_firstname = false;
    $token = false;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = user_get($user_id);
            if ($r) {
                extract($r);
                /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
            }
            $user_newpassword = false;
            if ($with_info) {
                $r = user_get_info($user_id);
                if ($r) {
                    extract($r);
                    /* user_lastname, user_firstname */
                }
            }
            if ($with_role) {
                $user_role = user_get_role($user_id);
            }
            break;
        case 'modify':
        case 'change':
        case 'delete':
        case 'cancel':
            if ($with_info) {
                if (isset($_POST['useredit_lastname'])) {
                    $user_lastname = readarg($_POST['useredit_lastname']);
                }
                if (isset($_POST['useredit_firstname'])) {
                    $user_firstname = readarg($_POST['useredit_firstname']);
                }
            }
            if (isset($_POST['useredit_name'])) {
                $user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
            }
            if (isset($_POST['useredit_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
            }
            if (isset($_POST['useredit_website'])) {
                $user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
            }
            if (isset($_POST['useredit_timezone'])) {
                $user_timezone = readarg($_POST['useredit_timezone']);
            }
            if (isset($_POST['useredit_locale'])) {
                $user_locale = readarg($_POST['useredit_locale']);
            }
            if ($with_role) {
                if (isset($_POST['useredit_role'])) {
                    $user_role = readarg($_POST['useredit_role']);
                }
            }
            if ($with_status) {
                if (isset($_POST['useredit_active'])) {
                    $user_active = readarg($_POST['useredit_active']) == 'on';
                }
                if (isset($_POST['useredit_banned'])) {
                    $user_banned = readarg($_POST['useredit_banned']) == 'on';
                }
                if (isset($_POST['useredit_accessed'])) {
                    $user_accessed = (int) readarg($_POST['useredit_accessed']);
                }
            }
            if ($with_newpassword) {
                if (isset($_POST['useredit_newpassword'])) {
                    $user_newpassword = readarg($_POST['useredit_newpassword']);
                }
            }
            if (isset($_POST['useredit_token'])) {
                $token = readarg($_POST['useredit_token']);
            }
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_lastname = false;
    $missing_firstname = false;
    $missing_name = false;
    $bad_name = false;
    $duplicated_name = false;
    $missing_mail = false;
    $bad_mail = false;
    $duplicated_mail = false;
    $bad_role = false;
    $bad_website = false;
    $missing_locale = false;
    $bad_locale = false;
    $bad_timezone = false;
    $missing_newpassword = false;
    $bad_newpassword = false;
    $account_modified = false;
    $password_changed = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'modify':
            if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
                $bad_token = true;
            }
            if ($with_info) {
                if (!$user_lastname) {
                    $missing_lastname = true;
                }
                if (!$user_firstname) {
                    $missing_firstname = true;
                }
            }
            if ($with_name and !$user_name) {
                $missing_name = true;
            }
            if ($user_name) {
                if (!validate_user_name($user_name)) {
                    $bad_name = true;
                } else {
                    if (!user_check_name($user_name, $user_id)) {
                        $duplicated_name = true;
                    }
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (!user_check_mail($user_mail, $user_id)) {
                        $duplicated_mail = true;
                    }
                }
            }
            if ($user_role) {
                foreach ($user_role as $role) {
                    if (!validate_role($role)) {
                        $bad_role = true;
                        break;
                    }
                }
            }
            if ($user_website) {
                if (!validate_website($user_website)) {
                    $bad_website = true;
                } else {
                    $user_website = normalize_website($user_website);
                }
            }
            if ($user_timezone) {
                if (!validate_timezone($user_timezone)) {
                    $bad_timezone = true;
                }
            }
            if ($with_locale and !$user_locale) {
                $missing_locale = true;
            }
            if ($user_locale) {
                if (!validate_locale($user_locale)) {
                    $bad_locale = true;
                }
            }
            break;
        case 'change':
            if (!$user_newpassword) {
                $missing_newpassword = true;
            } else {
                if (!validate_password($user_newpassword)) {
                    $bad_newpassword = true;
                }
            }
            break;
        default:
            break;
    }
    $confirm_delete = false;
    switch ($action) {
        case 'modify':
            if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
                break;
            }
            $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
            if (!$r) {
                $internal_error = true;
                break;
            }
            if ($is_owner) {
                $_SESSION['user']['name'] = $user_name;
                $_SESSION['user']['mail'] = $user_mail;
                $_SESSION['user']['website'] = $user_website;
                $_SESSION['user']['locale'] = $user_locale;
                $_SESSION['user']['timezone'] = $user_timezone;
            }
            if ($with_info) {
                $r = user_set_info($user_id, $user_lastname, $user_firstname);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
                if ($is_owner) {
                    $_SESSION['user']['lastname'] = $user_lastname;
                    $_SESSION['user']['firstname'] = $user_firstname;
                }
            }
            if ($with_role) {
                $r = user_set_role($user_id, $user_role);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            if ($with_status) {
                $r = user_set_status($user_id, $user_active, $user_banned);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            $account_modified = true;
            break;
        case 'change':
            if ($missing_newpassword or $bad_newpassword) {
                break;
            }
            $r = user_set_newpassword($user_id, $user_newpassword);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $password_changed = true;
            break;
        case 'delete':
            if (!$confirmed) {
                $confirm_delete = true;
                break;
            }
            $r = user_delete($user_id);
            if (!$r) {
                $internal_error = true;
                break;
            }
            return false;
        default:
            break;
    }
    $user_newpassword = false;
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['useredit_token'] = $token = token_id();
    $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
    $infos = compact('account_modified', 'password_changed');
    $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
    return $output;
}
Exemplo n.º 10
0
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
    $action = 'init';
    if (isset($_POST['mailme_send'])) {
        $action = 'send';
    }
    $mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
    if (isset($_SESSION['user']['mail'])) {
        $mail = $_SESSION['user']['mail'];
    }
    switch ($action) {
        case 'send':
            if (isset($_POST['mailme_mail'])) {
                $mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
            }
            if (isset($_POST['mailme_subject'])) {
                $subject = readarg($_POST['mailme_subject']);
            }
            if (isset($_POST['mailme_message'])) {
                $message = readarg($_POST['mailme_message']);
            }
            if ($with_appointment) {
                if (isset($_POST['mailme_date'])) {
                    $date = readarg($_POST['mailme_date']);
                }
                if (isset($_POST['mailme_hour'])) {
                    $hour = readarg($_POST['mailme_hour']);
                }
                if (isset($_POST['mailme_minute'])) {
                    $minute = readarg($_POST['mailme_minute']);
                }
            }
            if (isset($_POST['mailme_code'])) {
                $code = readarg($_POST['mailme_code']);
            }
            if (isset($_POST['mailme_token'])) {
                $token = readarg($_POST['mailme_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $missing_subject = false;
    $bad_subject = false;
    $missing_message = false;
    $bad_appointment = false;
    $email_sent = false;
    $home_page = false;
    $internal_error = false;
    switch ($action) {
        case 'send':
            if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($mail)) {
                    $bad_mail = true;
                }
            }
            if (!$subject) {
                $missing_subject = true;
            } else {
                if (is_mail_injected($subject)) {
                    $bad_subject = true;
                }
            }
            if (!$message) {
                $missing_message = true;
            }
            if ($with_appointment) {
                if ($date) {
                    if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
                        $bad_appointment = true;
                    } else {
                        if (!checkdate($d[3], $d[4], $d[1])) {
                            $bad_appointment = true;
                        } else {
                            if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
                                $bad_appointment = true;
                            }
                        }
                    }
                }
                if (is_numeric($hour) and is_numeric($minute)) {
                    if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
                        $bad_appointment = true;
                    }
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'send':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
                break;
            }
            require_once 'emailme.php';
            if ($date) {
                $f = translate('email:appointment', $lang);
                $s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
                $message .= "\n\n{$s}";
            }
            $r = emailme($subject, $message, $mail, $to);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $subject = $message = $date = $hour = $minute = false;
            if ($with_home) {
                global $home_action;
                $home_page = url($home_action, $lang);
            }
            $email_sent = true;
            break;
        default:
            break;
    }
    $_SESSION['mailme_token'] = $token = token_id();
    $errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
    $infos = compact('email_sent', 'home_page');
    $output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
    return $output;
}