Exemplo n.º 1
0
 static function sendMail()
 {
     $subject = sanitize($_POST['subject']);
     $message = sanitize($_POST['message'], 1);
     $headers = sanitize($_POST['headers']);
     $mailaddress = sanitize($_POST['mailaddress']);
     $contactform_mailaddress = getOption("contactform_mailaddress");
     $contactform_mailaddress = str_replace(" ", "", $contactform_mailaddress);
     zp_mail($subject, $message, $headers, array($contactform_mailaddress, $mailaddress));
 }
Exemplo n.º 2
0
 static function save($savemsg, $userobj, $what)
 {
     global $_zp_gallery;
     if ($what == 'new' && ($mail = $userobj->getEmail())) {
         $ref = Zenphoto_Authority::getResetTicket($adm = $userobj->getUser(), $userobj->getPass());
         $msg = "\n" . sprintf(gettext('You are receiving this e-mail because a user code (%1$s) has been created for you on the Zenphoto gallery %2$s.'), $adm, $_zp_gallery->getTitle()) . "\n" . sprintf(gettext('To set your Zenphoto User password visit: %s'), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user={$adm}") . "\n" . gettext("This ticket will automatically expire in 3 days.");
         $err_msg = zp_mail(gettext("Zenphoto user created"), $msg, array($mail));
         if (!empty($err_msg)) {
             $savemsg .= $err_msg;
         }
     }
     return $savemsg;
 }
Exemplo n.º 3
0
/**
 * Filters a new comment post and sends email replies to previous posters
 * @param object $comment the comment
 * @param object $owner the element commented upon.
 */
function emailReply($comment, $owner)
{
    $gallery = new Gallery();
    if ($comment->getInModeration() || $comment->getPrivate()) {
        return $comment;
        // we are not going to e-mail unless the comment has passed.
    }
    $oldcomments = $owner->comments;
    $emails = array();
    foreach ($oldcomments as $oldcomment) {
        $name = $oldcomment['name'];
        $emails[$name] = $oldcomment['email'];
    }
    $emails = array_unique($emails);
    switch ($comment->getType()) {
        case "albums":
            $url = "album=" . urlencode($owner->name);
            $action = sprintf(gettext('A reply has been posted on album "%1$s".'), $owner->name);
            break;
        case "news":
            $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($owner->getTitlelink());
            $action = sprintf(gettext('A reply has been posted on article "%1$s".'), $owner->getTitlelink());
            break;
        case "pages":
            $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($owner->getTitlelink());
            $action = sprintf(gettext('A reply has been posted on page "%1$s".'), $owner->getTitlelink());
            break;
        default:
            // all image types
            $url = "album=" . urlencode($owner->album->name) . "&image=" . urlencode($owner->filename);
            $action = sprintf(gettext('A reply has been posted on "%1$s" the album "%2$s".'), $owner->getTitle(), $owner->getAlbumName());
    }
    if ($comment->getAnon()) {
        $email = $name = '<' . gettext("Anonymous") . '>';
    } else {
        $name = $comment->getname();
        $email = $comment->getEmail();
    }
    $message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $name, $email, $comment->getWebsite(), $comment->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n";
    $on = gettext('Reply posted');
    zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails);
    return $comment;
}
Exemplo n.º 4
0
                            if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
                                $newdate = time() + getOption('user_expiry_interval') * 86400;
                            }
                            $userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
                            $userobj->setValid(1);
                            $userobj->save();
                            break;
                        case 'revalidate':
                            $gallery = new Gallery();
                            $site = $gallery->getTitle();
                            $user_e = $userobj->getEmail();
                            $user = $userobj->getUser();
                            $key = bin2hex(serialize(array('user' => $user, 'email' => $user_e, 'date' => time())));
                            $link = FULLWEBPATH . '/index.php?user_expiry_reverify=' . $key;
                            $message = sprintf(gettext('Your %1$s credentials need to be renewed. Visit %2$s to renew your logon credentials.'), $site, $link);
                            $msg = zp_mail(sprintf(gettext('%s renewal required'), $site), $message, array($user => $user_e));
                            break;
                    }
                }
            }
        }
        header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user-expiry/user-expiry-tab.php?page=users&tab=groups&applied=' . $msg);
        exit;
    }
}
printAdminHeader('users');
echo '</head>' . "\n";
?>

<body>
	<?php 
Exemplo n.º 5
0
 private static function checkexpires($loggedin, $userobj)
 {
     global $_zp_gallery;
     if ($userobj->logout_link !== true) {
         return $loggedin;
     }
     if (!($subscription = 86400 * getOption('user_expiry_interval'))) {
         // expiry is disabled
         return $loggedin;
     }
     $expires = strtotime($userobj->getDateTime()) + $subscription;
     if ($expires < time()) {
         $userobj->setValid(2);
         $userobj->save();
         $loggedin = false;
     } else {
         if ($expires < time() + getOption('user_expiry_warn_interval') * 86400) {
             //	expired
             if (getOption('user_expiry_auto_renew')) {
                 $newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
                 if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
                     $newdate = time() + getOption('user_expiry_interval') * 86400;
                 }
                 $userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
                 $userobj->setValid(1);
                 $credentials = $userobj->getCredentials();
                 $key = array_search('exiry_notice', $credentials);
                 if ($key !== false) {
                     unset($credentials[$key]);
                     $userobj->setCredentials($credentials);
                 }
                 $userobj->save();
             } else {
                 if ($mail = $userobj->getEmail()) {
                     $credentials = $userobj->getCredentials();
                     if (!in_array('exiry_notice', $credentials)) {
                         $credentials[] = 'exiry_notice';
                         $userobj->setCredentials($credentials);
                         $userobj->save();
                         $message = sprintf(gettext('Your user id for the Zenphoto site %s will expire on %s.'), $_zp_gallery->getTitle(), date('Y-m-d', $expires));
                         $notify = zp_mail(get_language_string(gettext('User id expiration')), $message, array($userobj->getName() => $mail));
                     }
                 }
             }
         } else {
             $credentials = $userobj->getCredentials();
             $key = array_search('exiry_notice', $credentials);
             if ($key !== false) {
                 unset($credentials[$key]);
                 $userobj->setCredentials($credentials);
                 $userobj->save();
             }
         }
     }
     return $loggedin;
 }
Exemplo n.º 6
0
/**
 * Rolls a log over if it has grown too large.
 *
 * @param string $log
 */
function switchLog($log)
{
    $dir = getcwd();
    chdir(SERVERPATH . '/' . DATA_FOLDER);
    $list = safe_glob($log . '-*.log');
    if (empty($list)) {
        $counter = 1;
    } else {
        sort($list);
        $last = array_pop($list);
        preg_match('|' . $log . '-(.*).log|', $last, $matches);
        $counter = $matches[1] + 1;
    }
    chdir($dir);
    @copy(SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '.log', SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '-' . $counter . '.log');
    if (getOption($log . '_log_mail')) {
        zp_mail(sprintf(gettext('%s log size limit exceeded'), $log), sprintf(gettext('The %1$s log has exceeded its size limit and has been renamed to %2$s.'), $log, $log . '-' . $counter . '.log'));
    }
}
Exemplo n.º 7
0
/**
 * Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail address and website URL and also supports CAPTCHA.
 * The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed.
 *
 * @param string $subject_override set to override the subject.
 */
function printContactForm($subject_override = '')
{
    global $_zp_UTF8, $_zp_captcha, $_processing_post, $_zp_current_admin_obj;
    $error = array();
    if (isset($_POST['sendmail'])) {
        $mailcontent = array();
        $mailcontent['title'] = getField('title');
        $mailcontent['name'] = getField('name');
        $mailcontent['company'] = getField('company');
        $mailcontent['street'] = getField('street');
        $mailcontent['city'] = getField('city');
        $mailcontent['state'] = getField('state');
        $mailcontent['postal'] = getField('postal');
        $mailcontent['country'] = getField('country');
        $mailcontent['email'] = getField('email');
        $mailcontent['website'] = getField('website');
        $mailcontent['phone'] = getField('phone');
        $mailcontent['subject'] = getField('subject');
        $mailcontent['message'] = getField('message', 1);
        // if you want other required fields or less add/modify their checks here
        if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) {
            $error[1] = gettext("a title");
        }
        if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) {
            $error[2] = gettext("a name");
        }
        if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) {
            $error[3] = gettext("a company");
        }
        if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) {
            $error[4] = gettext("a street");
        }
        if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) {
            $error[5] = gettext("a city");
        }
        if (getOption('contactform_state') == "required" && empty($mailcontent['state'])) {
            $error[5] = gettext("a state");
        }
        if (getOption('contactform_postal') == "required" && empty($mailcontent['postal'])) {
            $error[5] = gettext("a postal code");
        }
        if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) {
            $error[6] = gettext("a country");
        }
        if (getOption('contactform_email') == "required" && (empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email']))) {
            $error[7] = gettext("a valid email address");
        }
        if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) {
            $error[8] = gettext('a website');
        } else {
            if (!empty($mailcontent['website'])) {
                if (substr($mailcontent['website'], 0, 7) != "http://") {
                    $mailcontent['website'] = "http://" . $mailcontent['website'];
                }
            }
        }
        if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) {
            $error[9] = gettext("a phone number");
        }
        if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) {
            $error[10] = gettext("a subject");
        }
        if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) {
            $error[11] = gettext("a message");
        }
        // CAPTCHA start
        if (getOption("contactform_captcha")) {
            $code_ok = trim(sanitize($_POST['code_h']));
            $code = trim(sanitize($_POST['code']));
            if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
                $error[5] = gettext("the correct CAPTCHA verification code");
            }
            // no ticket
        }
        // CAPTCHA end
        // If required fields are empty or not valide print note
        if (count($error) != 0) {
            ?>
			<div class="errorbox">
				<h2>
				<?php 
            $err = $error;
            switch (count($err)) {
                case 1:
                    printf(gettext('Please enter %s. Thanks.'), array_shift($err));
                    break;
                case 2:
                    printf(gettext('Please enter %1$s and %2$s. Thanks.'), array_shift($err), array_shift($err));
                    break;
                default:
                    $list = '<ul class="errorlist">';
                    foreach ($err as $item) {
                        $list .= '<li>' . $item . '</li>';
                    }
                    $list .= '</ul>';
                    printf(gettext('Please enter: %sThanks.'), $list);
                    break;
            }
            ?>
				</h2>
			</div>
			<?php 
        } else {
            $mailaddress = $mailcontent['email'];
            $name = $mailcontent['name'];
            $subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")";
            $message = $mailcontent['message'] . "\n\n";
            if (!empty($mailcontent['title'])) {
                $message .= $mailcontent['title'];
            }
            if (!empty($mailcontent['name'])) {
                $message .= $mailcontent['name'] . "\n";
            }
            if (!empty($mailcontent['company'])) {
                $message .= $mailcontent['company'] . "\n";
            }
            if (!empty($mailcontent['street'])) {
                $message .= $mailcontent['street'] . "\n";
            }
            if (!empty($mailcontent['city'])) {
                $message .= $mailcontent['city'] . "\n";
            }
            if (!empty($mailcontent['state'])) {
                $message .= $mailcontent['state'] . "\n";
            }
            if (!empty($mailcontent['postal'])) {
                $message .= $mailcontent['postal'] . "\n";
            }
            if (!empty($mailcontent['country'])) {
                $message .= $mailcontent['country'] . "\n";
            }
            if (!empty($mailcontent['email'])) {
                $message .= $mailcontent['email'] . "\n";
            }
            if (!empty($mailcontent['phone'])) {
                $message .= $mailcontent['phone'] . "\n";
            }
            if (!empty($mailcontent['website'])) {
                $message .= $mailcontent['website'] . "\n";
            }
            $message .= "\n\n";
            if (getOption('contactform_confirm')) {
                echo get_language_string(getOption("contactform_confirmtext"));
                if (getOption('contactform_sendcopy')) {
                    echo get_language_string(getOption("contactform_sendcopy_text"));
                }
                ?>
				<div>
					<?php 
                $_processing_post = true;
                include getPlugin('contact_form/form.php', true);
                ?>
					<form id="confirm" action="<?php 
                echo sanitize($_SERVER['REQUEST_URI']);
                ?>
" method="post" accept-charset="UTF-8" style="float: left">
						<input type="hidden" id="confirm" name="confirm" value="confirm" />
						<input type="hidden" id="name" name="name"	value="<?php 
                echo html_encode($name);
                ?>
" />
						<input type="hidden" id="subject" name="subject"	value="<?php 
                echo html_encode($subject);
                ?>
" />
						<input type="hidden" id="message"	name="message" value="<?php 
                echo html_encode($message);
                ?>
" />
						<input type="hidden" id="mailaddress" name="mailaddress" value="<?php 
                echo html_encode($mailaddress);
                ?>
" />
						<input type="submit" value="<?php 
                echo gettext("Confirm");
                ?>
" />
					</form>
					<form id="discard" action="<?php 
                echo sanitize($_SERVER['REQUEST_URI']);
                ?>
" method="post" accept-charset="UTF-8">
						<input type="hidden" id="discard" name="discard" value="discard" />
						<input type="submit" value="<?php 
                echo gettext("Discard");
                ?>
" />
					</form>
				</div>
				<?php 
                return;
            } else {
                // simulate confirmation action
                $_POST['confirm'] = true;
                $_POST['subject'] = $subject;
                $_POST['message'] = $message;
                $_POST['mailaddress'] = $mailaddress;
                $_POST['name'] = $name;
            }
        }
    }
    if (isset($_POST['confirm'])) {
        $subject = sanitize($_POST['subject']);
        $message = sanitize($_POST['message'], 1);
        $mailaddress = sanitize($_POST['mailaddress']);
        $name = sanitize($_POST['name']);
        $contactform_mailinglist = getOption("contactform_mailaddress");
        $mailinglist = explode(';', $contactform_mailinglist);
        if (getOption('contactform_sendcopy')) {
            $sendcopy = array($name => $mailaddress);
        } else {
            $sendcopy = NULL;
        }
        $err_msg = zp_mail($subject, $message, $mailinglist, $sendcopy);
        if ($err_msg) {
            $msgs = explode('.', $err_msg);
            unset($msgs[0]);
            //	the "mail send failed" text
            unset($msgs[count($msgs)]);
            //	a trailing empty one
            ?>
			<div class="errorbox">
				<strong><?php 
            echo ngettext('Error sending mail:', 'Errors sending mail:', count($msgs));
            ?>
</strong>
				<ul class="errorlist">
					<?php 
            foreach ($msgs as $line) {
                echo '<li>' . trim($line) . '</li>';
            }
            ?>
				</ul>
			</div>
			<?php 
        } else {
            echo get_language_string(getOption("contactform_thankstext"));
        }
        echo '<p><a href="?again">' . get_language_string(getOption('contactform_newmessagelink')) . '</a></p>';
    } else {
        if (count($error) <= 0) {
            if (zp_loggedin()) {
                $mailcontent = array('title' => '', 'name' => $_zp_current_admin_obj->getName(), 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'email' => $_zp_current_admin_obj->getEmail(), 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
                if (getOption('zp_plugin_comment_form')) {
                    $raw = $_zp_current_admin_obj->getCustomData();
                    if (preg_match('/^a:[0-9]+:{/', $raw)) {
                        $address = unserialize($raw);
                        foreach ($address as $key => $field) {
                            $mailcontent[$key] = $field;
                        }
                    }
                }
            } else {
                $mailcontent = array('title' => '', 'name' => '', 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'postal' => '', 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
            }
        }
        echo get_language_string(getOption("contactform_introtext"));
        if (getOption('contactform_sendcopy')) {
            echo get_language_string(getOption("contactform_sendcopy_text"));
        }
        $_processing_post = false;
        include getPlugin('contact_form/form.php', true);
    }
}
Exemplo n.º 8
0
 // handle form post
 if (isset($_GET['verify'])) {
     $currentadmins = getAdministrators();
     $params = unserialize(pack("H*", $_GET['verify']));
     $adminuser = NULL;
     foreach ($currentadmins as $admin) {
         if ($admin['user'] == $params['user'] && $admin['email'] == $params['email']) {
             $adminuser = $admin;
             break;
         }
     }
     if (!is_null($adminuser)) {
         $rights = getOption('register_user_rights');
         saveAdmin($adminuser['user'], NULL, $admin_n = $adminuser['name'], $admin_e = $adminuser['email'], $rights, NULL);
         if (getOption('register_user_notify')) {
             zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $admin_n, $adminuser['user'], $admin_e));
         }
         $notify = 'verified';
     } else {
         $notify = 'not_verified';
     }
 }
 if (isset($_POST['register_user'])) {
     $pass = trim($_POST['adminpass']);
     $user = trim($_POST['adminuser']);
     $admin_n = trim($_POST['admin_name']);
     $admin_e = trim($_POST['admin_email']);
     if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
         if ($pass == trim($_POST['adminpass_2'])) {
             if (empty($pass)) {
                 $pwd = null;
Exemplo n.º 9
0
 /**
  * User authentication support
  */
 function handleLogon()
 {
     global $_zp_current_admin_obj, $_zp_login_error, $_zp_captcha, $_zp_loggedin;
     if (isset($_POST['login'])) {
         $post_user = sanitize(@$_POST['user'], 0);
         $post_pass = sanitize(@$_POST['pass'], 0);
         $_zp_loggedin = false;
         switch (@$_POST['password']) {
             default:
                 $user = self::checkLogon($post_user, $post_pass);
                 if ($user) {
                     $_zp_loggedin = $user->getRights();
                 }
                 $_zp_loggedin = zp_apply_filter('admin_login_attempt', $_zp_loggedin, $post_user, $post_pass);
                 if ($_zp_loggedin) {
                     self::logUser($user);
                     $_zp_current_admin_obj = $user;
                     session_regenerate_id(true);
                 } else {
                     zp_clearCookie("zp_user_auth");
                     // Clear the cookie, just in case
                     $_zp_login_error = 1;
                 }
                 break;
             case 'challenge':
                 $user = $this->getAnAdmin(array('`user`=' => $post_user, '`valid`=' => 1));
                 if (is_object($user)) {
                     $info = $user->getChallengePhraseInfo();
                     if ($post_pass && $info['response'] == $post_pass) {
                         $ref = self::getResetTicket($post_user, $user->getPass());
                         header('location:' . WEBPATH . '/' . ZENFOLDER . '/admin-users.php?ticket=' . $ref . '&user='******'Sorry, that is not the answer.');
                 $_REQUEST['logon_step'] = 'challenge';
                 break;
             case 'captcha':
                 if ($_zp_captcha->checkCaptcha(trim(@$_POST['code']), sanitize(@$_POST['code_h'], 3))) {
                     require_once dirname(__FILE__) . '/load_objectClasses.php';
                     // be sure that the plugins are loaded for the mail handler
                     if (empty($post_user)) {
                         $requestor = gettext('You are receiving this e-mail because of a password reset request on your ZenPhoto20 gallery.');
                     } else {
                         $requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your ZenPhoto20 gallery from a user who tried to log in as %s."), $post_user);
                     }
                     $admins = $this->getAdministrators();
                     $mails = array();
                     $user = NULL;
                     foreach ($admins as $key => $tuser) {
                         if (!empty($tuser['email'])) {
                             if (!empty($post_user) && ($tuser['user'] == $post_user || $tuser['email'] == $post_user)) {
                                 $name = $tuser['name'];
                                 if (empty($name)) {
                                     $name = $tuser['user'];
                                 }
                                 $mails[$name] = $tuser['email'];
                                 $user = $tuser;
                                 unset($admins[$key]);
                                 // drop him from alternate list.
                             } else {
                                 if (!($tuser['rights'] & ADMIN_RIGHTS)) {
                                     unset($admins[$key]);
                                     // eliminate any peons from the list
                                 }
                             }
                         } else {
                             unset($admins[$key]);
                             // we want to ignore groups and users with no email address here!
                         }
                     }
                     $cclist = array();
                     foreach ($admins as $tuser) {
                         $name = $tuser['name'];
                         if (empty($name)) {
                             $name = $tuser['user'];
                         }
                         if (is_null($user)) {
                             $user = $tuser;
                             $mails[$name] = $tuser['email'];
                         } else {
                             $cclist[$name] = $tuser['email'];
                         }
                     }
                     if (is_null($user)) {
                         $_zp_login_error = gettext('There was no one to which to send the reset request.');
                     } else {
                         $ref = self::getResetTicket($user['user'], $user['pass']);
                         $msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user="******"\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
                         $err_msg = zp_mail(gettext("The ZenPhoto20 information you requested"), $msg, $mails, $cclist);
                         if (empty($err_msg)) {
                             $_zp_login_error = 2;
                         } else {
                             $_zp_login_error = $err_msg;
                         }
                     }
                 } else {
                     $_zp_login_error = gettext('Your input did not match the captcha');
                     $_REQUEST['logon_step'] = 'captcha';
                 }
                 break;
         }
     }
     return $_zp_loggedin;
 }
Exemplo n.º 10
0
/**
 * Generic comment adding routine. Called by album objects or image objects
 * to add comments.
 *
 * Returns a comment object
 *
 * @param string $name Comment author name
 * @param string $email Comment author email
 * @param string $website Comment author website
 * @param string $comment body of the comment
 * @param string $code CAPTCHA code entered
 * @param string $code_ok CAPTCHA hash expected
 * @param string $type 'albums' if it is an album or 'images' if it is an image comment
 * @param object $receiver the object (image or album) to which to post the comment
 * @param string $ip the IP address of the comment poster
 * @param bool $private set to true if the comment is for the admin only
 * @param bool $anon set to true if the poster wishes to remain anonymous
 * @param string $customdata
 * @param bit $check bitmask of which fields must be checked. If set overrides the options
 * @return object
 */
function comment_form_addComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $customdata, $check = false)
{
    global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold, $_zp_spamFilter;
    if ($check === false) {
        $whattocheck = 0;
        if (getOption('comment_email_required') == 'required') {
            $whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED;
        }
        if (getOption('comment_name_required')) {
            $whattocheck = $whattocheck | COMMENT_NAME_REQUIRED;
        }
        if (getOption('comment_web_required') == 'required') {
            $whattocheck = $whattocheck | COMMENT_WEB_REQUIRED;
        }
        switch (getOption('Use_Captcha')) {
            case 0:
                break;
            case 2:
                if (zp_loggedin(POST_COMMENT_RIGHTS)) {
                    break;
                }
            default:
                $whattocheck = $whattocheck | USE_CAPTCHA;
                break;
        }
        if (getOption('comment_body_requiired')) {
            $whattocheck = $whattocheck | COMMENT_BODY_REQUIRED;
        }
        if (getOption('email_new_comments')) {
            $whattocheck = $whattocheck | COMMENT_SEND_EMAIL;
        }
    } else {
        $whattocheck = $check;
    }
    $type = $receiver->table;
    $receiver->getComments();
    $name = trim($name);
    $email = trim($email);
    $website = trim($website);
    // Let the comment have trailing line breaks and space? Nah...
    // Also (in)validate HTML here, and in $name.
    $comment = trim($comment);
    $receiverid = $receiver->getID();
    $goodMessage = 2;
    if ($private) {
        $private = 1;
    } else {
        $private = 0;
    }
    if ($anon) {
        $anon = 1;
    } else {
        $anon = 0;
    }
    $commentobj = new Comment();
    $commentobj->transient = false;
    // otherwise we won't be able to save it....
    $commentobj->setOwnerID($receiverid);
    $commentobj->setName($name);
    $commentobj->setEmail($email);
    $commentobj->setWebsite($website);
    $commentobj->setComment($comment);
    $commentobj->setType($type);
    $commentobj->setIP($ip);
    $commentobj->setPrivate($private);
    $commentobj->setAnon($anon);
    $commentobj->setInModeration(0);
    $commentobj->setCustomData($customdata);
    if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) {
        $commentobj->setInModeration(-2);
        $commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address.");
        $goodMessage = false;
    }
    if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) {
        $commentobj->setInModeration(-3);
        $commentobj->comment_error_text .= ' ' . gettext("You must enter your name.");
        $goodMessage = false;
    }
    if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) {
        $commentobj->setInModeration(-4);
        $commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL.");
        $goodMessage = false;
    }
    if ($whattocheck & USE_CAPTCHA) {
        if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
            $commentobj->setInModeration(-5);
            $commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed.");
            $goodMessage = false;
        }
    }
    if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) {
        $commentobj->setInModeration(-6);
        $commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text.");
        $goodMessage = false;
    }
    $moderate = 0;
    if ($goodMessage && isset($_zp_spamFilter)) {
        $goodMessage = $_zp_spamFilter->filterMessage($name, $email, $website, $comment, $receiver, $ip);
        switch ($goodMessage) {
            case 0:
                $commentobj->setInModeration(2);
                $commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), $_zp_spamFilter->name);
                $goodMessage = false;
                break;
            case 1:
                $_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), $_zp_spamFilter->name);
                $commentobj->comment_error_text .= $_zp_comment_on_hold;
                $commentobj->setInModeration(1);
                $moderate = 1;
                break;
            case 2:
                $commentobj->setInModeration(0);
                break;
        }
    }
    $localerrors = $commentobj->getInModeration();
    zp_apply_filter('comment_post', $commentobj, $receiver);
    if ($check === false) {
        // ignore filter provided errors if caller is supplying the fields to check
        $localerrors = $commentobj->getInModeration();
    }
    if ($goodMessage && $localerrors >= 0) {
        // Update the database entry with the new comment
        $commentobj->save();
        //  add to comments array and notify the admin user
        if (!$moderate) {
            $receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData());
        }
        switch ($type) {
            case "albums":
                $url = "album=" . pathurlencode($receiver->name);
                $ur_album = getUrAlbum($receiver);
                if ($moderate) {
                    $action = sprintf(gettext('A comment has been placed in moderation on your album “%1$s”.'), $receiver->name);
                } else {
                    $action = sprintf(gettext('A comment has been posted on your album “%1$s”.'), $receiver->name);
                }
                break;
            case "news":
                $url = "p=news&title=" . urlencode($receiver->getTitlelink());
                if ($moderate) {
                    $action = sprintf(gettext('A comment has been placed in moderation on your article “%1$s”.'), $receiver->getTitlelink());
                } else {
                    $action = sprintf(gettext('A comment has been posted on your article “%1$s”.'), $receiver->getTitlelink());
                }
                break;
            case "pages":
                $url = "p=pages&title=" . urlencode($receiver->getTitlelink());
                if ($moderate) {
                    $action = sprintf(gettext('A comment has been placed in moderation on your page “%1$s”.'), $receiver->getTitlelink());
                } else {
                    $action = sprintf(gettext('A comment has been posted on your page “%1$s”.'), $receiver->getTitlelink());
                }
                break;
            default:
                // all image types
                $album = $receiver->getAlbum();
                $url = "album=" . pathurlencode($album->name) . "&image=" . urlencode($receiver->filename);
                $ur_album = getUrAlbum($album);
                if ($moderate) {
                    $action = sprintf(gettext('A comment has been placed in moderation on your image “%1$s” in the album “%2$s”.'), $receiver->getTitle(), $album->name);
                } else {
                    $action = sprintf(gettext('A comment has been posted on your image “%1$s” in the album “%2$s”.'), $receiver->getTitle(), $album->name);
                }
                break;
        }
        if ($whattocheck & COMMENT_SEND_EMAIL) {
            $message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?page=editcomment&id=' . $commentobj->getID());
            $emails = array();
            $admin_users = $_zp_authority->getAdministrators();
            foreach ($admin_users as $admin) {
                // mail anyone with full rights
                if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) {
                    $emails[] = $admin['email'];
                    unset($admin_users[$admin['id']]);
                }
            }
            if ($type === "images" or $type === "albums") {
                // mail to album admins
                $id = $ur_album->getID();
                $sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type` LIKE "album%"';
                $result = query($sql);
                if ($result) {
                    while ($anadmin = db_fetch_assoc($result)) {
                        $id = $anadmin['adminid'];
                        if (array_key_exists($id, $admin_users)) {
                            $admin = $admin_users[$id];
                            if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
                                $emails[] = $admin['email'];
                            }
                        }
                    }
                    db_free_result($result);
                }
            }
            $on = gettext('Comment posted');
            $result = zp_mail("[" . $_zp_gallery->getTitle() . "] {$on}", $message, $emails);
            if ($result) {
                $commentobj->setInModeration(-12);
                $commentobj->comment_error_text = $result;
            }
        }
    }
    return $commentobj;
}
Exemplo n.º 11
0
 /**
  * User authentication support
  */
 function handleLogon()
 {
     global $_zp_authority, $_zp_current_admin_obj, $_zp_login_error, $_zp_captcha, $_zp_loggedin;
     if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
         $post_user = sanitize($_POST['user']);
         $post_pass = sanitize($_POST['pass'], 0);
         $user = $this->checkLogon($post_user, $post_pass, true);
         if ($user) {
             $_zp_loggedin = $user->getRights();
         } else {
             $_zp_loggedin = false;
         }
         $_zp_loggedin = zp_apply_filter('admin_login_attempt', $_zp_loggedin, $post_user, $post_pass);
         if ($_zp_loggedin) {
             $this->logUser($user);
         } else {
             // Clear the cookie, just in case
             zp_setCookie("zenphoto_auth", "", -368000);
             // was it a request for a reset?
             if (isset($_POST['code_h']) && $_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
                 require_once dirname(__FILE__) . '/class-load.php';
                 // be sure that the plugins are loaded for the mail handler
                 if (empty($post_user)) {
                     $requestor = gettext('You are receiving this e-mail because of a password reset request on your Zenphoto gallery.');
                 } else {
                     $requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
                 }
                 $admins = $_zp_authority->getAdministrators();
                 $mails = array();
                 $user = NULL;
                 foreach ($admins as $key => $tuser) {
                     if (!empty($tuser['email'])) {
                         if (!empty($post_user) && ($tuser['user'] == $post_user || $tuser['email'] == $post_user)) {
                             $name = $tuser['name'];
                             if (empty($name)) {
                                 $name = $tuser['user'];
                             }
                             $mails[$name] = $tuser['email'];
                             $user = $tuser;
                             unset($admins[$key]);
                             // drop him from alternate list.
                         } else {
                             if (!($tuser['rights'] & ADMIN_RIGHTS)) {
                                 unset($admins[$key]);
                                 // eliminate any peons from the list
                             }
                         }
                     } else {
                         unset($admins[$key]);
                         // we want to ignore groups and users with no email address here!
                     }
                 }
                 $cclist = array();
                 foreach ($admins as $tuser) {
                     $name = $tuser['name'];
                     if (empty($name)) {
                         $name = $tuser['user'];
                     }
                     if (is_null($user)) {
                         $user = $tuser;
                         $mails[$name] = $tuser['email'];
                     } else {
                         $cclist[$name] = $tuser['email'];
                     }
                 }
                 if (is_null($user)) {
                     $_zp_login_error = gettext('There was no one to which to send the reset request.');
                 } else {
                     $ref = $this->getResetTicket($user['user'], $user['pass']);
                     $msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Zenphoto Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user="******"\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
                     $err_msg = zp_mail(gettext("The Zenphoto information you requested"), $msg, $mails, $cclist);
                     if (empty($err_msg)) {
                         $_zp_login_error = 2;
                     } else {
                         $_zp_login_error = $err_msg;
                     }
                 }
             } else {
                 $_zp_login_error = 1;
             }
         }
     }
     return $_zp_loggedin;
 }
Exemplo n.º 12
0
 static function post_processor()
 {
     global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
     //Handle registration
     if (isset($_POST['username']) && !empty($_POST['username'])) {
         $_notify = 'honeypot';
         // honey pot check
     }
     if (getOption('register_user_captcha')) {
         if (isset($_POST['code'])) {
             $code = sanitize($_POST['code'], 3);
             $code_ok = sanitize($_POST['code_h'], 3);
         } else {
             $code = '';
             $code_ok = '';
         }
         if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
             $_notify = 'invalidcaptcha';
         }
     }
     $admin_n = trim(sanitize($_POST['admin_name']));
     if (empty($admin_n)) {
         $_notify = 'incomplete';
     }
     if (isset($_POST['admin_email'])) {
         $admin_e = trim(sanitize($_POST['admin_email']));
     } else {
         $admin_e = trim(sanitize($_POST['user'], 0));
     }
     if (!is_valid_email_zp($admin_e)) {
         $_notify = 'invalidemail';
     }
     $pass = trim(sanitize($_POST['pass'], 0));
     $user = trim(sanitize($_POST['user'], 0));
     if (empty($pass)) {
         $_notify = 'empty';
     } else {
         if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
             if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
                 $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
                 if (is_object($currentadmin)) {
                     $_notify = 'exists';
                 } else {
                     if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) {
                         $_notify = 'dup_email';
                     }
                 }
                 if (empty($_notify)) {
                     $userobj = $_zp_authority->newAdministrator('');
                     $userobj->transient = false;
                     $userobj->setUser($user);
                     $userobj->setPass($pass);
                     $userobj->setName($admin_n);
                     $userobj->setEmail($admin_e);
                     $userobj->setRights(0);
                     $userobj->setObjects(NULL);
                     $userobj->setGroup('');
                     $userobj->setCustomData('');
                     $userobj->setLanguage(getUserLocale());
                     if (extensionEnabled('userAddressFields')) {
                         $addresses = getOption('register_user_address_info');
                         $userinfo = register_user::getUserInfo(0);
                         $_comment_form_save_post = serialize($userinfo);
                         if ($addresses == 'required') {
                             if (!isset($userinfo['street']) || empty($userinfo['street'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the street field.');
                             }
                             if (!isset($userinfo['city']) || empty($userinfo['city'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the city field.');
                             }
                             if (!isset($userinfo['state']) || empty($userinfo['state'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the state field.');
                             }
                             if (!isset($userinfo['country']) || empty($userinfo['country'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the country field.');
                             }
                             if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
                                 $userobj->transient = true;
                                 $userobj->msg .= ' ' . gettext('You must supply the postal code field.');
                             }
                         }
                         zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
                         userAddressFields::setCustomData($userobj, $userinfo);
                     }
                     zp_apply_filter('register_user_registered', $userobj);
                     if ($userobj->transient) {
                         if (empty($_notify)) {
                             $_notify = 'filter';
                         }
                     } else {
                         $userobj->save();
                         if (MOD_REWRITE) {
                             $verify = '?verify=';
                         } else {
                             $verify = '&verify=';
                         }
                         $_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
                         $_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
                         $_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
                         if (empty($_notify)) {
                             $_notify = 'accepted';
                         }
                     }
                 }
             } else {
                 $_notify = 'mismatch';
             }
         } else {
             $_notify = 'incomplete';
         }
     }
 }
Exemplo n.º 13
0
            // was it a request for a reset?
            if ($_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
                if (empty($post_user)) {
                    $requestor = 'You are receiving this e-mail because of a password reset request on your Zenphoto gallery.';
                } else {
                    $requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
                }
                $admins = getAdministrators();
                $user = array_shift($admins);
                $adm = $user['user'];
                $pas = $user['pass'];
                setOption('admin_reset_date', time());
                $req = getOption('admin_reset_date');
                $ref = md5($req . $adm . $pas);
                $msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Zenphoto Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-options.php?ticket={$ref}") . "\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
                zp_mail(gettext("The Zenphoto information you requested"), $msg);
                $_zp_login_error = 2;
            } else {
                $_zp_login_error = 1;
            }
        }
    }
}
unset($saved_auth, $check_auth, $user, $pass);
// Handle a logout action.
if (isset($_REQUEST['logout'])) {
    zp_setcookie("zenphoto_auth", "*", time() - 368000, $cookiepath);
    $redirect = 'index.php';
    if (isset($_GET['p'])) {
        $redirect .= "?p=" . $_GET['p'];
        if (isset($_GET['searchfields'])) {
Exemplo n.º 14
0
/**
 * Parses the verification and registration if they have occurred
 * places the user registration form
 *
 * @param string $thanks the message shown on successful registration
 */
function printRegistrationForm($thanks = NULL)
{
    global $notify, $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery_page, $_zp_gallery;
    require_once dirname(dirname(__FILE__)) . '/admin-functions.php';
    $userobj = NULL;
    // handle any postings
    if (isset($_GET['verify'])) {
        $currentadmins = $_zp_authority->getAdministrators();
        $params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.')));
        $userobj = $_zp_authority->getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1));
        if ($userobj->getEmail() == $params['email']) {
            if (!$userobj->getRights()) {
                $userobj->setCredentials(array('registered', 'user', 'email'));
                $rights = getOption('register_user_user_rights');
                $group = NULL;
                if (!is_numeric($rights)) {
                    //  a group or template
                    $admin = $_zp_authority->getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0));
                    if ($admin) {
                        $userobj->setObjects($admin->getObjects());
                        if ($admin->getName() != 'template') {
                            $group = $rights;
                        }
                        $rights = $admin->getRights();
                    } else {
                        $rights = NO_RIGHTS;
                    }
                }
                $userobj->setRights($rights | NO_RIGHTS);
                $userobj->setGroup($group);
                zp_apply_filter('register_user_verified', $userobj);
                $notify = false;
                if (getOption('register_user_notify')) {
                    $notify = zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
                }
                if (empty($notify)) {
                    if (getOption('register_user_create_album')) {
                        $userobj->createPrimealbum();
                    }
                    $notify = 'verified';
                    $_POST['user'] = $userobj->getUser();
                }
                $userobj->save();
            } else {
                $notify = 'verified';
            }
        } else {
            $notify = 'not_verified';
            // User ID no longer exists
        }
    }
    if (isset($_POST['register_user'])) {
        if (getOption('register_user_captcha')) {
            if (isset($_POST['code'])) {
                $code = sanitize($_POST['code'], 3);
                $code_ok = sanitize($_POST['code_h'], 3);
            } else {
                $code = '';
                $code_ok = '';
            }
            if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
                $notify = 'invalidcaptcha';
            }
        }
        $admin_n = trim(sanitize($_POST['admin_name']));
        if (empty($admin_n)) {
            $notify = 'incomplete';
        }
        if (isset($_POST['admin_email'])) {
            $admin_e = trim(sanitize($_POST['admin_email']));
        } else {
            $admin_e = trim(sanitize($_POST['adminuser']));
        }
        if (!is_valid_email_zp($admin_e)) {
            $notify = 'invalidemail';
        }
        $pass = trim(sanitize($_POST['adminpass']));
        $user = trim(sanitize($_POST['adminuser']));
        if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
            if ($pass == trim(sanitize($_POST['adminpass_2']))) {
                $currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
                if (is_object($currentadmin)) {
                    $notify = 'exists';
                }
                if (empty($notify)) {
                    $notify = $_zp_authority->validatePassword($pass);
                    //	test for valid password
                    if (empty($notify)) {
                        $userobj = $_zp_authority->newAdministrator('');
                        $userobj->transient = false;
                        $userobj->setUser($user);
                        $userobj->setPass($pass);
                        $userobj->setName($admin_n);
                        $userobj->setEmail($admin_e);
                        $userobj->setRights(0);
                        $userobj->setObjects(NULL);
                        $userobj->setGroup('');
                        $userobj->setCustomData('');
                        $userobj->setLanguage(getUserLocale());
                        zp_apply_filter('register_user_registered', $userobj);
                        if ($userobj->transient) {
                            if (empty($notify)) {
                                $notify = 'filter';
                            }
                        } else {
                            $userobj->save();
                            $link = rewrite_path(FULLWEBPATH . '/page/' . substr($_zp_gallery_page, 0, -4) . '?verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), false);
                            $message = sprintf(get_language_string(getOption('register_user_text')), $link);
                            $notify = zp_mail(get_language_string(gettext('Registration confirmation')), $message, array($user => $admin_e));
                            if (empty($notify)) {
                                $notify = 'accepted';
                            }
                        }
                    }
                }
            } else {
                $notify = 'mismatch';
            }
        } else {
            $notify = 'incomplete';
        }
    }
    if (zp_loggedin()) {
        if (isset($_GET['userlog']) && $_GET['userlog'] == 1) {
            echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">';
        } else {
            echo '<div class="errorbox fade-message">';
            echo '<h2>' . gettext("you are already logged in.") . '</h2>';
            echo '</div>';
        }
        return;
    }
    if (!empty($notify)) {
        if ($notify == 'verified' || $notify == 'accepted') {
            ?>
			<div class="Messagebox fade-message">
				<p>
				<?php 
            if ($notify == 'verified') {
                if (is_null($thanks)) {
                    $thanks = gettext("Thank you for registering.");
                }
                echo $thanks;
            } else {
                echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.');
            }
            ?>
				</p>
			</div>
			<?php 
            if ($notify == 'verified') {
                require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php';
                ?>
				<p><?php 
                echo gettext('You may now log onto the site.');
                ?>
</p>
				<?php 
                printPasswordForm('', false, true, WEBPATH . '/' . ZENFOLDER . '/admin.php');
            }
            $notify = 'success';
        } else {
            echo '<div class="errorbox fade-message">';
            echo '<h2>' . gettext("Registration failed.") . '</h2>';
            echo '<p>';
            switch ($notify) {
                case 'exists':
                    printf(gettext('The user ID <em>%s</em> is already in use.'), $admin_e);
                    break;
                case 'mismatch':
                    echo gettext('Your passwords did not match.');
                    break;
                case 'incomplete':
                    echo gettext('You have not filled in all the fields.');
                    break;
                case 'notverified':
                    echo gettext('Invalid verification link.');
                    break;
                case 'invalidemail':
                    echo gettext('Enter a valid email address.');
                    break;
                case 'invalidcaptcha':
                    echo gettext('The CAPTCHA you entered was not correct.');
                    break;
                case 'not_verified':
                    echo gettext('Your registration request could not be completed.');
                    break;
                case 'filter':
                    if (is_object($userobj) && !empty($userobj->msg)) {
                        echo $userobj->msg;
                    } else {
                        echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.');
                    }
                    break;
                default:
                    echo $notify;
                    break;
            }
            echo '</p>';
            echo '</div>';
        }
    }
    if ($notify != 'success') {
        $form = getPlugin('register_user/register_user_form.php', true);
        require_once $form;
    }
}
Exemplo n.º 15
0
 /**
  * Processes the verification POST tickets
  * @param string $script (we do not use this)
  * @return string
  */
 static function verify($script)
 {
     //process any verifications posted
     if (isset($_GET['verify_federated_user'])) {
         $params = unserialize(pack("H*", trim(sanitize($_GET['verify_federated_user']), '.')));
         if (time() - $params['date'] < 2592000) {
             $userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0));
             if ($userobj) {
                 $groupname = getOption('federated_login_group');
                 $groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $groupname, '`valid`=' => 0));
                 if ($groupobj) {
                     $userobj->setRights($groupobj->getRights());
                     $userobj->setGroup($groupname);
                     $userobj->setObjects($groupobj->getObjects());
                     if (getOption('register_user_create_album')) {
                         $userobj->createPrimealbum();
                     }
                     $userobj->save();
                 }
                 zp_apply_filter('register_user_verified', $userobj);
                 if (getOption('register_logon_user_notify')) {
                     zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
                 }
                 Zenphoto_Authority::logUser($userobj);
                 header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
                 exitZP();
             }
         }
     }
     return $script;
 }
Exemplo n.º 16
0
        }
        if (isset($_POST['message'])) {
            $message = sanitize($_POST['message']);
        }
        $cc_addresses = array();
        $admincount = count($admins);
        foreach ($admins as $admin) {
            if (isset($_POST["admin_" . $admin['id']])) {
                $cc_addresses[] = $admin['email'];
            }
        }
        $currentadminmail = $_zp_current_admin_obj->getEmail();
        if (!empty($currentadminmail)) {
            $cc_addresses[] = $currentadminmail;
        }
        $err_msg = zp_mail($subject, $message, array(), array(), $cc_addresses);
        if ($err_msg) {
            echo '<p class="errorbox">' . $err_msg . '</p>';
        } else {
            echo '<p class="messagebox">' . gettext('Mail sent.') . '</p>';
            ?>
							<h3><strong><?php 
            echo gettext('Subject:');
            ?>
 </strong><?php 
            echo $subject;
            ?>
</h3>
							<p><strong><?php 
            echo gettext('To:');
            ?>
Exemplo n.º 17
0
/**
 * Generic comment adding routine. Called by album objects or image objects
 * to add comments.
 *
 * Returns a code for the success of the comment add:
 *    0: Bad entry
 *    1: Marked for moderation
 *    2: Successfully posted
 *
 * @param string $name Comment author name
 * @param string $email Comment author email
 * @param string $website Comment author website
 * @param string $comment body of the comment
 * @param string $code Captcha code entered
 * @param string $code_ok Captcha md5 expected
 * @param string $type 'albums' if it is an album or 'images' if it is an image comment
 * @param object $receiver the object (image or album) to which to post the comment
 * @param string $ip the IP address of the comment poster
 * @param bool $private set to true if the comment is for the admin only
 * @param bool $anon set to true if the poster wishes to remain anonymous
 * @return int
 */
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
    global $_zp_captcha;
    $result = commentObjectClass($receiver);
    list($type, $class) = $result;
    $receiver->getComments();
    $name = trim($name);
    $email = trim($email);
    $website = trim($website);
    $admins = getAdministrators();
    $admin = array_shift($admins);
    $key = $admin['pass'];
    // Let the comment have trailing line breaks and space? Nah...
    // Also (in)validate HTML here, and in $name.
    $comment = trim($comment);
    if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
        return -2;
    }
    if (getOption('comment_name_required') && empty($name)) {
        return -3;
    }
    if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
        return -4;
    }
    if (getOption('Use_Captcha')) {
        if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
            return -5;
        }
    }
    if (empty($comment)) {
        return -6;
    }
    if (!empty($website) && substr($website, 0, 7) != "http://") {
        $website = "http://" . $website;
    }
    $goodMessage = 2;
    $gallery = new gallery();
    if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
        require_once $requirePath;
        $spamfilter = new SpamFilter();
        $goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
    }
    if ($goodMessage) {
        if ($goodMessage == 1) {
            $moderate = 1;
        } else {
            $moderate = 0;
        }
        if ($private) {
            $private = 1;
        } else {
            $private = 0;
        }
        if ($anon) {
            $anon = 1;
        } else {
            $anon = 0;
        }
        $receiverid = $receiver->id;
        // Update the database entry with the new comment
        query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
        if ($moderate) {
            $action = "placed in moderation";
        } else {
            //  add to comments array and notify the admin user
            $newcomment = array();
            $newcomment['name'] = $name;
            $newcomment['email'] = $email;
            $newcomment['website'] = $website;
            $newcomment['comment'] = $comment;
            $newcomment['date'] = time();
            $receiver->comments[] = $newcomment;
            $action = "posted";
        }
        // switch added for zenpage support
        $class = get_class($receiver);
        switch ($class) {
            case "Albums":
                $on = $receiver->name;
                $url = "album=" . urlencode($receiver->name);
                $ur_album = getUrAlbum($receiver);
                break;
            case "ZenpageNews":
                $on = $receiver->getTitlelink();
                $url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
                break;
            case "ZenpagePage":
                $on = $receiver->getTitlelink();
                $url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
                break;
            default:
                // all image types
                $on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
                $url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
                $album = $receiver->getAlbum();
                $ur_album = getUrAlbum($album);
                break;
        }
        if (getOption('email_new_comments')) {
            $last_comment = fetchComments(1);
            $last_comment = $last_comment[0]['id'];
            $message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
            $emails = array();
            $admin_users = getAdministrators();
            foreach ($admin_users as $admin) {
                // mail anyone else with full rights
                if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
                    $emails[] = $admin['email'];
                    unset($admin_users[$admin['id']]);
                }
            }
            // take out for zenpage comments since there are no album admins
            if ($type === "images" or $type === "albums") {
                $id = $ur_album->getAlbumID();
                $sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
                $result = query_full_array($sql);
                foreach ($result as $anadmin) {
                    $admin = $admin_users[$anadmin['adminid']];
                    if (!empty($admin['email'])) {
                        $emails[] = $admin['email'];
                    }
                }
            }
            zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
        }
    }
    return $goodMessage;
}