function ucnatwords($s)
{
// capitalize first letter in every word after removing accents
return preg_replace_callback("#(^|[ '~-])(\\w+)#", function ($e) {
return $e[1] . strtoupper($e[2][0]) . substr($e[2], 1);
}, strtolower(strflat($s)));
}
function wmatch($word, $wl, $dlimit = 0, $closest = true)
{
$word = strtolower(strflat($word));
$ret = false;
foreach ($wl as $w) {
$d = levenshtein($word, strtolower(strflat($w)));
if ($d < 0) {
continue;
}
/* DON'T return immediately if $d is 0 to be case and accent insensitive */
if ($d <= $dlimit) {
if ($closest && $d < $dlimit) {
$ret = array($w);
$dlimit = $d;
} else {
$ret[] = $w;
}
}
}
return $ret;
}
function strtofname($s, $strict = false)
{
/* remove accents */
$s = strflat($s);
/* lower case */
$s = strtolower($s);
/* keep letters, digits, underscores and dashes replacing others by a dash */
$s = preg_replace('#[^a-z0-9_-]#', '-', $s);
/* replace consecutive dashes by one */
$s = preg_replace('/[-]+/', '-', $s);
/* remove a dash at the beginning or at the end */
$s = preg_replace('/^-|-$/', '', $s);
if (!$strict) {
return $s;
}
/* remove words which are too short */
$r = array();
foreach (explode('-', $s) as $w) {
if (strlen($w) > 2) {
$r[] = $w;
}
}
return implode('-', $r);
}
function remindme($lang)
{
$with_name = true;
$with_captcha = true;
$action = 'init';
if (isset($_POST['remindme_send'])) {
$action = 'remindme';
}
$login = $confirmed = $code = $token = false;
if (!empty($_SESSION['login'])) {
$login = $_SESSION['login'];
} else {
if (!empty($_SESSION['user']['name'])) {
$login = $_SESSION['user']['name'];
} else {
if (!empty($_SESSION['user']['mail'])) {
$login = $_SESSION['user']['mail'];
}
}
}
switch ($action) {
case 'remindme':
if (isset($_POST['remindme_login'])) {
$login = strtolower(strflat(readarg($_POST['remindme_login'])));
}
if (isset($_POST['remindme_confirmed'])) {
$confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['remindme_code'])) {
$code = readarg($_POST['remindme_code']);
}
if (isset($_POST['remindme_token'])) {
$token = readarg($_POST['remindme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_confirmation = false;
$email_sent = false;
$user_page = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'remindme':
if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$login) {
$missing_login = true;
} else {
if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
$bad_login = true;
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'remindme':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
break;
}
require_once 'models/user.inc';
$user_id = user_find($login);
if (!$user_id) {
$bad_login = true;
require_once 'log.php';
write_log('password.err', substr($login, 0, 40));
break;
}
$user = user_get($user_id);
if (!$user) {
$internal_error = true;
break;
}
if (!$user['user_active'] or $user['user_banned']) {
$bad_login = true;
break;
}
require_once 'newpassword.php';
$newpassword = newpassword();
if (!user_set_newpassword($user_id, $newpassword)) {
$internal_error = true;
break;
}
require_once 'emailcrypto.php';
global $sitename, $webmaster;
$to = $user['user_mail'];
$subject = translate('email:new_password_subject', $lang);
$msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
$internal_error = true;
} else {
$email_sent = $to;
}
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
} else {
if ($email_sent) {
$user_page = url('user', $lang);
}
}
$_SESSION['remindme_token'] = $token = token_id();
$errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_sent', 'user_page');
$output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
return $output;
}
function newsletterpage($lang, $newsletter, $page)
{
global $with_toolbar;
$newsletter_id = thread_id($newsletter);
if (!$newsletter_id) {
return run('error/notfound', $lang);
}
$page_id = thread_node_id($newsletter_id, $page, $lang);
if (!$page_id) {
return run('error/notfound', $lang);
}
$r = thread_get($lang, $newsletter_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */
$newsletter_name = $thread_name;
$newsletter_title = $thread_title;
$newsletter_nocloud = $thread_nocloud;
$newsletter_nosearch = $thread_nosearch;
$r = thread_get_node($lang, $newsletter_id, $page_id);
if (!$r) {
return run('error/notfound', $lang);
}
extract($r);
/* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */
if ($node_ignored) {
return run('error/notfound', $lang);
}
$page_name = $node_name;
$page_title = $node_title;
$page_abstract = $node_abstract;
$page_cloud = $node_cloud;
$page_modified = $node_modified;
if ($newsletter_title and $page_title) {
head('title', $newsletter_title . ' - ' . $page_title);
} else {
if ($page_title) {
head('title', $page_title);
} else {
if ($newsletter_title) {
head('title', $newsletter_title);
}
}
}
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$message_title = $message_html = $message_text = false;
$r = newsletter_get_message($newsletter_id, $page_id, $lang);
if ($r) {
list($message_title, $message_html, $message_text) = $r;
}
$postnews = false;
$with_mail = false;
$mailto = false;
$missing_mail = false;
$bad_mail = false;
$email_sent = false;
if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) {
require_once 'userprofile.php';
$mailto = user_profile('mail');
$with_mail = true;
if (isset($_POST['newsletterpage_send'])) {
if (isset($_POST['newsletterpage_mailto'])) {
$mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto'])));
if (!$mailto) {
$missing_mail = true;
} else {
if (!validate_mail($mailto)) {
$bad_mail = true;
}
}
}
if (!($missing_mail or $bad_mail)) {
require_once 'emailhtml.php';
$cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css';
$css = @file_get_contents($cssfile);
$r = emailhtml($message_text, $message_html, $css, $mailto, $message_title);
if ($r) {
$email_sent = true;
}
}
}
$postnews = build('postnews', $lang, $newsletter_id, $page_id);
}
$prev_page_label = $prev_page_url = false;
$r = thread_node_prev($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* prev_node_id prev_node_name prev_node_title prev_node_number */
$prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number;
$prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id);
}
$next_page_label = $next_page_url = false;
$r = thread_node_next($lang, $newsletter_id, $page_id);
if ($r) {
extract($r);
/* next_node_id next_node_name next_node_title next_node_number */
$next_page_label = $next_node_title ? $next_node_title : $next_node_number;
$next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id);
}
$content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent'));
$search = false;
if (!$newsletter_nosearch) {
$search_text = '';
$search_url = url('search', $lang, $newsletter_name);
$suggest_url = url('suggest', $lang, $newsletter_name);
$search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
}
$cloud = false;
if (!$newsletter_nocloud) {
$cloud_url = url('search', $lang, $newsletter_name);
$byname = $bycount = $index = true;
$cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index'));
}
$headline_text = $newsletter_title ? $newsletter_title : $newsletter_id;
$headline_url = url('newsletter', $lang);
$headline = compact('headline_text', 'headline_url');
$title = view('headline', false, $headline);
$sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
$search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false;
$edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false;
$validate = url('newsletter', $lang) . '/' . $page_name;
$banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search'));
$toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false;
$output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar'));
return $output;
}
function subscribe($lang)
{
global $sitekey, $system_languages;
$with_locale = count($system_languages) > 1;
// true, false
$with_captcha = true;
$action = 'init';
if (isset($_POST['subscribe_send'])) {
$action = 'subscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$user_locale = user_profile('locale');
if (!$user_locale) {
$user_locale = $lang;
}
$unsubscribe_page = false;
switch ($action) {
case 'init':
if ($sitekey) {
$unsubscribe_page = url('newsletterunsubscribe', $lang);
}
break;
case 'subscribe':
if (isset($_POST['subscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
}
if ($with_locale) {
if (isset($_POST['subscribe_locale'])) {
$user_locale = readarg($_POST['subscribe_locale']);
}
}
if (isset($_POST['subscribe_confirmed'])) {
$confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['subscribe_code'])) {
$code = readarg($_POST['subscribe_code']);
}
if (isset($_POST['subscribe_token'])) {
$token = readarg($_POST['subscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$missing_locale = false;
$bad_locale = false;
$missing_confirmation = false;
$email_registered = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'subscribe':
if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (newsletter_get_user($user_mail)) {
$duplicated_mail = true;
}
}
}
if ($with_locale) {
if (!$user_locale) {
$missing_locale = true;
} else {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'subscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
break;
}
$r = newsletter_create_user($user_mail, $user_locale);
if (!$r) {
$internal_error = true;
break;
}
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'subscribe' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
@emailme($subject, $msg);
$email_registered = true;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['subscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_registered');
$output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
return $output;
}
function login($lang)
{
$with_name = true;
$with_captcha = true;
$with_facebook = false;
$with_newuser = true;
$with_newpassword = true;
if ($with_facebook) {
require_once 'facebook.php';
$facebook = facebook();
}
$login = $password = $code = $token = false;
if (isset($_SESSION['login'])) {
$login = $_SESSION['login'];
}
$action = 'init';
if (isset($_POST['login_enter'])) {
$action = 'enter';
}
switch ($action) {
case 'init':
if ($with_facebook) {
$facebook_user = $facebook->getUser();
if ($facebook_user) {
try {
$facebook_user_profile = $facebook->api('/me', 'GET');
if (!empty($facebook_user_profile['email'])) {
$login = $facebook_user_profile['email'];
}
$action = 'facebook';
} catch (FacebookApiException $e) {
}
$facebook->destroySession();
}
}
break;
case 'enter':
if (isset($_POST['login_login'])) {
$login = strtolower(strflat(readarg($_POST['login_login'])));
}
if (isset($_POST['login_password'])) {
$password = readarg($_POST['login_password']);
}
if (isset($_POST['login_code'])) {
$code = readarg($_POST['login_code']);
}
if (isset($_POST['login_token'])) {
$token = readarg($_POST['login_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_password = false;
$access_denied = false;
switch ($action) {
case 'enter':
if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
$bad_token = true;
break;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$password) {
$missing_password = true;
}
/* fall thru */
/* fall thru */
case 'facebook':
if (!$login) {
$missing_login = true;
} else {
if (!(validate_user_name($login) or validate_mail($login))) {
$bad_login = true;
}
}
break;
default:
break;
}
switch ($action) {
case 'enter':
case 'facebook':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
break;
}
require_once 'models/user.inc';
$user = user_login($login, $password);
if (!$user) {
$access_denied = true;
require_once 'log.php';
write_log('enter.err', substr($login, 0, 100));
$_SESSION['login'] = $login;
break;
}
$user['ip'] = client_ip_address();
if (in_array('administrator', $user['role'])) {
require_once 'serveripaddress.php';
require_once 'emailme.php';
global $sitename;
$ip = server_ip_address();
$timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
$subject = 'login' . '@' . $sitename;
$msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
@emailme($subject, $msg);
if ($action == 'facebook') {
$access_denied = true;
break;
}
}
session_regenerate();
$_SESSION['user'] = $user;
unset($_SESSION['login']);
unset($_SESSION['login_token']);
return true;
default:
break;
}
$connectbar = false;
if ($with_facebook) {
$scope = 'email';
$facebook_login_url = $facebook->getLoginUrl(compact('scope'));
$connectbar = view('connect', $lang, compact('facebook_login_url'));
}
$password_page = $with_newpassword ? url('password', $lang) : false;
$newuser_page = $with_newuser ? url('newuser', $lang) : false;
$_SESSION['login_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
$output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
return $output;
}
function unsubscribe($lang)
{
$with_captcha = true;
$action = 'init';
if (isset($_POST['unsubscribe_send'])) {
$action = 'unsubscribe';
}
$confirmed = $code = $token = false;
$user_mail = user_profile('mail');
$subscribe_page = false;
switch ($action) {
case 'init':
$subscribe_page = url('newslettersubscribe', $lang);
break;
case 'unsubscribe':
if (isset($_POST['unsubscribe_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
}
if (isset($_POST['unsubscribe_confirmed'])) {
$confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['unsubscribe_code'])) {
$code = readarg($_POST['unsubscribe_code']);
}
if (isset($_POST['unsubscribe_token'])) {
$token = readarg($_POST['unsubscribe_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$unknown_mail = false;
$missing_confirmation = false;
$mail_unsubscribed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'unsubscribe':
if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
$bad_mail = true;
} else {
if (!newsletter_get_user($user_mail)) {
$unknown_mail = true;
}
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'unsubscribe':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
break;
}
require_once 'urlencodeaction.php';
$id = 1;
// confirmnewsletterunsubscribe, see saction
$param = $user_mail;
$s64 = urlencodeaction($id, $param);
if (!$s64) {
$internal_error = true;
break;
}
$saction_page = url('saction', $lang);
if (!$saction_page) {
$internal_error = true;
break;
}
global $base_url;
$url = $base_url . $saction_page . '/' . $s64;
require_once 'emailtext.php';
$to = $user_mail;
$subject = translate('newsletter:unregister_subject', $lang);
$f = translate('newsletter:unregister_text', $lang);
$s = sprintf($f, $url);
$msg = $s . "\n\n" . translate('email:salutations', $lang);
emailtext($msg, $to, $subject, false);
$mail_unsubscribed = $user_mail;
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['unsubscribe_token'] = $token = token_id();
$errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('mail_unsubscribed');
$output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
return $output;
}
function useredit($lang, $user_id)
{
global $system_languages, $supported_roles;
$is_admin = user_has_role('administrator');
$is_owner = $user_id == user_profile('id');
$with_name = true;
$with_status = ($user_id != 1 and $is_admin);
$with_delete = ($user_id != 1 and $is_admin and !$is_owner);
$with_newpassword = false;
// ($user_id != 1 and $is_owner);
$with_locale = count($system_languages) > 1 ? true : false;
$with_role = ($user_id != 1 and $is_admin);
$with_timezone = ($user_id != 1 and $is_admin);
$with_website = true;
$with_info = false;
$confirmed = false;
$action = 'init';
if (isset($_POST['useredit_modify'])) {
$action = 'modify';
}
if ($with_newpassword) {
if (isset($_POST['useredit_change'])) {
$action = 'change';
}
}
if ($with_delete) {
if (isset($_POST['useredit_delete'])) {
$action = 'delete';
} else {
if (isset($_POST['useredit_confirmdelete'])) {
$action = 'delete';
$confirmed = true;
} else {
if (isset($_POST['useredit_cancel'])) {
$action = 'cancel';
}
}
}
}
$user_name = $user_mail = $user_locale = $user_timezone = false;
$user_website = false;
$user_active = $user_banned = false;
$user_accessed = false;
$user_role = false;
$user_newpassword = false;
$user_lastname = $user_firstname = false;
$token = false;
switch ($action) {
case 'init':
case 'reset':
$r = user_get($user_id);
if ($r) {
extract($r);
/* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
}
$user_newpassword = false;
if ($with_info) {
$r = user_get_info($user_id);
if ($r) {
extract($r);
/* user_lastname, user_firstname */
}
}
if ($with_role) {
$user_role = user_get_role($user_id);
}
break;
case 'modify':
case 'change':
case 'delete':
case 'cancel':
if ($with_info) {
if (isset($_POST['useredit_lastname'])) {
$user_lastname = readarg($_POST['useredit_lastname']);
}
if (isset($_POST['useredit_firstname'])) {
$user_firstname = readarg($_POST['useredit_firstname']);
}
}
if (isset($_POST['useredit_name'])) {
$user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
}
if (isset($_POST['useredit_mail'])) {
$user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
}
if (isset($_POST['useredit_website'])) {
$user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
}
if (isset($_POST['useredit_timezone'])) {
$user_timezone = readarg($_POST['useredit_timezone']);
}
if (isset($_POST['useredit_locale'])) {
$user_locale = readarg($_POST['useredit_locale']);
}
if ($with_role) {
if (isset($_POST['useredit_role'])) {
$user_role = readarg($_POST['useredit_role']);
}
}
if ($with_status) {
if (isset($_POST['useredit_active'])) {
$user_active = readarg($_POST['useredit_active']) == 'on';
}
if (isset($_POST['useredit_banned'])) {
$user_banned = readarg($_POST['useredit_banned']) == 'on';
}
if (isset($_POST['useredit_accessed'])) {
$user_accessed = (int) readarg($_POST['useredit_accessed']);
}
}
if ($with_newpassword) {
if (isset($_POST['useredit_newpassword'])) {
$user_newpassword = readarg($_POST['useredit_newpassword']);
}
}
if (isset($_POST['useredit_token'])) {
$token = readarg($_POST['useredit_token']);
}
break;
default:
break;
}
$bad_token = false;
$missing_lastname = false;
$missing_firstname = false;
$missing_name = false;
$bad_name = false;
$duplicated_name = false;
$missing_mail = false;
$bad_mail = false;
$duplicated_mail = false;
$bad_role = false;
$bad_website = false;
$missing_locale = false;
$bad_locale = false;
$bad_timezone = false;
$missing_newpassword = false;
$bad_newpassword = false;
$account_modified = false;
$password_changed = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'modify':
if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
$bad_token = true;
}
if ($with_info) {
if (!$user_lastname) {
$missing_lastname = true;
}
if (!$user_firstname) {
$missing_firstname = true;
}
}
if ($with_name and !$user_name) {
$missing_name = true;
}
if ($user_name) {
if (!validate_user_name($user_name)) {
$bad_name = true;
} else {
if (!user_check_name($user_name, $user_id)) {
$duplicated_name = true;
}
}
}
if (!$user_mail) {
$missing_mail = true;
} else {
if (!validate_mail($user_mail)) {
$bad_mail = true;
} else {
if (!user_check_mail($user_mail, $user_id)) {
$duplicated_mail = true;
}
}
}
if ($user_role) {
foreach ($user_role as $role) {
if (!validate_role($role)) {
$bad_role = true;
break;
}
}
}
if ($user_website) {
if (!validate_website($user_website)) {
$bad_website = true;
} else {
$user_website = normalize_website($user_website);
}
}
if ($user_timezone) {
if (!validate_timezone($user_timezone)) {
$bad_timezone = true;
}
}
if ($with_locale and !$user_locale) {
$missing_locale = true;
}
if ($user_locale) {
if (!validate_locale($user_locale)) {
$bad_locale = true;
}
}
break;
case 'change':
if (!$user_newpassword) {
$missing_newpassword = true;
} else {
if (!validate_password($user_newpassword)) {
$bad_newpassword = true;
}
}
break;
default:
break;
}
$confirm_delete = false;
switch ($action) {
case 'modify':
if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
break;
}
$r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['name'] = $user_name;
$_SESSION['user']['mail'] = $user_mail;
$_SESSION['user']['website'] = $user_website;
$_SESSION['user']['locale'] = $user_locale;
$_SESSION['user']['timezone'] = $user_timezone;
}
if ($with_info) {
$r = user_set_info($user_id, $user_lastname, $user_firstname);
if (!$r) {
$internal_error = true;
break;
}
if ($is_owner) {
$_SESSION['user']['lastname'] = $user_lastname;
$_SESSION['user']['firstname'] = $user_firstname;
}
}
if ($with_role) {
$r = user_set_role($user_id, $user_role);
if (!$r) {
$internal_error = true;
break;
}
}
if ($with_status) {
$r = user_set_status($user_id, $user_active, $user_banned);
if (!$r) {
$internal_error = true;
break;
}
}
$account_modified = true;
break;
case 'change':
if ($missing_newpassword or $bad_newpassword) {
break;
}
$r = user_set_newpassword($user_id, $user_newpassword);
if (!$r) {
$internal_error = true;
break;
}
$password_changed = true;
break;
case 'delete':
if (!$confirmed) {
$confirm_delete = true;
break;
}
$r = user_delete($user_id);
if (!$r) {
$internal_error = true;
break;
}
return false;
default:
break;
}
$user_newpassword = false;
if ($internal_error) {
$contact_page = url('contact', $lang);
}
$_SESSION['useredit_token'] = $token = token_id();
$errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
$infos = compact('account_modified', 'password_changed');
$output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
return $output;
}
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
$action = 'init';
if (isset($_POST['mailme_send'])) {
$action = 'send';
}
$mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
if (isset($_SESSION['user']['mail'])) {
$mail = $_SESSION['user']['mail'];
}
switch ($action) {
case 'send':
if (isset($_POST['mailme_mail'])) {
$mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
}
if (isset($_POST['mailme_subject'])) {
$subject = readarg($_POST['mailme_subject']);
}
if (isset($_POST['mailme_message'])) {
$message = readarg($_POST['mailme_message']);
}
if ($with_appointment) {
if (isset($_POST['mailme_date'])) {
$date = readarg($_POST['mailme_date']);
}
if (isset($_POST['mailme_hour'])) {
$hour = readarg($_POST['mailme_hour']);
}
if (isset($_POST['mailme_minute'])) {
$minute = readarg($_POST['mailme_minute']);
}
}
if (isset($_POST['mailme_code'])) {
$code = readarg($_POST['mailme_code']);
}
if (isset($_POST['mailme_token'])) {
$token = readarg($_POST['mailme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_mail = false;
$bad_mail = false;
$missing_subject = false;
$bad_subject = false;
$missing_message = false;
$bad_appointment = false;
$email_sent = false;
$home_page = false;
$internal_error = false;
switch ($action) {
case 'send':
if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$mail) {
$missing_mail = true;
} else {
if (!validate_mail($mail)) {
$bad_mail = true;
}
}
if (!$subject) {
$missing_subject = true;
} else {
if (is_mail_injected($subject)) {
$bad_subject = true;
}
}
if (!$message) {
$missing_message = true;
}
if ($with_appointment) {
if ($date) {
if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
$bad_appointment = true;
} else {
if (!checkdate($d[3], $d[4], $d[1])) {
$bad_appointment = true;
} else {
if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
$bad_appointment = true;
}
}
}
}
if (is_numeric($hour) and is_numeric($minute)) {
if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
$bad_appointment = true;
}
}
}
break;
default:
break;
}
switch ($action) {
case 'send':
if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
break;
}
require_once 'emailme.php';
if ($date) {
$f = translate('email:appointment', $lang);
$s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
$message .= "\n\n{$s}";
}
$r = emailme($subject, $message, $mail, $to);
if (!$r) {
$internal_error = true;
break;
}
$subject = $message = $date = $hour = $minute = false;
if ($with_home) {
global $home_action;
$home_page = url($home_action, $lang);
}
$email_sent = true;
break;
default:
break;
}
$_SESSION['mailme_token'] = $token = token_id();
$errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
$infos = compact('email_sent', 'home_page');
$output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
return $output;
}