static function sendMail()
{
$subject = sanitize($_POST['subject']);
$message = sanitize($_POST['message'], 1);
$headers = sanitize($_POST['headers']);
$mailaddress = sanitize($_POST['mailaddress']);
$contactform_mailaddress = getOption("contactform_mailaddress");
$contactform_mailaddress = str_replace(" ", "", $contactform_mailaddress);
zp_mail($subject, $message, $headers, array($contactform_mailaddress, $mailaddress));
}
static function save($savemsg, $userobj, $what)
{
global $_zp_gallery;
if ($what == 'new' && ($mail = $userobj->getEmail())) {
$ref = Zenphoto_Authority::getResetTicket($adm = $userobj->getUser(), $userobj->getPass());
$msg = "\n" . sprintf(gettext('You are receiving this e-mail because a user code (%1$s) has been created for you on the Zenphoto gallery %2$s.'), $adm, $_zp_gallery->getTitle()) . "\n" . sprintf(gettext('To set your Zenphoto User password visit: %s'), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user={$adm}") . "\n" . gettext("This ticket will automatically expire in 3 days.");
$err_msg = zp_mail(gettext("Zenphoto user created"), $msg, array($mail));
if (!empty($err_msg)) {
$savemsg .= $err_msg;
}
}
return $savemsg;
}
/**
* Filters a new comment post and sends email replies to previous posters
* @param object $comment the comment
* @param object $owner the element commented upon.
*/
function emailReply($comment, $owner)
{
$gallery = new Gallery();
if ($comment->getInModeration() || $comment->getPrivate()) {
return $comment;
// we are not going to e-mail unless the comment has passed.
}
$oldcomments = $owner->comments;
$emails = array();
foreach ($oldcomments as $oldcomment) {
$name = $oldcomment['name'];
$emails[$name] = $oldcomment['email'];
}
$emails = array_unique($emails);
switch ($comment->getType()) {
case "albums":
$url = "album=" . urlencode($owner->name);
$action = sprintf(gettext('A reply has been posted on album "%1$s".'), $owner->name);
break;
case "news":
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($owner->getTitlelink());
$action = sprintf(gettext('A reply has been posted on article "%1$s".'), $owner->getTitlelink());
break;
case "pages":
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($owner->getTitlelink());
$action = sprintf(gettext('A reply has been posted on page "%1$s".'), $owner->getTitlelink());
break;
default:
// all image types
$url = "album=" . urlencode($owner->album->name) . "&image=" . urlencode($owner->filename);
$action = sprintf(gettext('A reply has been posted on "%1$s" the album "%2$s".'), $owner->getTitle(), $owner->getAlbumName());
}
if ($comment->getAnon()) {
$email = $name = '<' . gettext("Anonymous") . '>';
} else {
$name = $comment->getname();
$email = $comment->getEmail();
}
$message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $name, $email, $comment->getWebsite(), $comment->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n";
$on = gettext('Reply posted');
zp_mail("[" . $gallery->getTitle() . "] {$on}", $message, $emails);
return $comment;
}
if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
$newdate = time() + getOption('user_expiry_interval') * 86400;
}
$userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
$userobj->setValid(1);
$userobj->save();
break;
case 'revalidate':
$gallery = new Gallery();
$site = $gallery->getTitle();
$user_e = $userobj->getEmail();
$user = $userobj->getUser();
$key = bin2hex(serialize(array('user' => $user, 'email' => $user_e, 'date' => time())));
$link = FULLWEBPATH . '/index.php?user_expiry_reverify=' . $key;
$message = sprintf(gettext('Your %1$s credentials need to be renewed. Visit %2$s to renew your logon credentials.'), $site, $link);
$msg = zp_mail(sprintf(gettext('%s renewal required'), $site), $message, array($user => $user_e));
break;
}
}
}
}
header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user-expiry/user-expiry-tab.php?page=users&tab=groups&applied=' . $msg);
exit;
}
}
printAdminHeader('users');
echo '</head>' . "\n";
?>
<body>
<?php
private static function checkexpires($loggedin, $userobj)
{
global $_zp_gallery;
if ($userobj->logout_link !== true) {
return $loggedin;
}
if (!($subscription = 86400 * getOption('user_expiry_interval'))) {
// expiry is disabled
return $loggedin;
}
$expires = strtotime($userobj->getDateTime()) + $subscription;
if ($expires < time()) {
$userobj->setValid(2);
$userobj->save();
$loggedin = false;
} else {
if ($expires < time() + getOption('user_expiry_warn_interval') * 86400) {
// expired
if (getOption('user_expiry_auto_renew')) {
$newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
if ($newdate + getOption('user_expiry_interval') * 86400 < time()) {
$newdate = time() + getOption('user_expiry_interval') * 86400;
}
$userobj->setDateTime(date('Y-m-d H:i:s', $newdate));
$userobj->setValid(1);
$credentials = $userobj->getCredentials();
$key = array_search('exiry_notice', $credentials);
if ($key !== false) {
unset($credentials[$key]);
$userobj->setCredentials($credentials);
}
$userobj->save();
} else {
if ($mail = $userobj->getEmail()) {
$credentials = $userobj->getCredentials();
if (!in_array('exiry_notice', $credentials)) {
$credentials[] = 'exiry_notice';
$userobj->setCredentials($credentials);
$userobj->save();
$message = sprintf(gettext('Your user id for the Zenphoto site %s will expire on %s.'), $_zp_gallery->getTitle(), date('Y-m-d', $expires));
$notify = zp_mail(get_language_string(gettext('User id expiration')), $message, array($userobj->getName() => $mail));
}
}
}
} else {
$credentials = $userobj->getCredentials();
$key = array_search('exiry_notice', $credentials);
if ($key !== false) {
unset($credentials[$key]);
$userobj->setCredentials($credentials);
$userobj->save();
}
}
}
return $loggedin;
}
/**
* Rolls a log over if it has grown too large.
*
* @param string $log
*/
function switchLog($log)
{
$dir = getcwd();
chdir(SERVERPATH . '/' . DATA_FOLDER);
$list = safe_glob($log . '-*.log');
if (empty($list)) {
$counter = 1;
} else {
sort($list);
$last = array_pop($list);
preg_match('|' . $log . '-(.*).log|', $last, $matches);
$counter = $matches[1] + 1;
}
chdir($dir);
@copy(SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '.log', SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '-' . $counter . '.log');
if (getOption($log . '_log_mail')) {
zp_mail(sprintf(gettext('%s log size limit exceeded'), $log), sprintf(gettext('The %1$s log has exceeded its size limit and has been renamed to %2$s.'), $log, $log . '-' . $counter . '.log'));
}
}
/**
* Prints the mail contact form, handles checks and the mail sending. It uses Zenphoto's check for valid e-mail address and website URL and also supports CAPTCHA.
* The contact form itself is a separate file and is located within the /contact_form/form.php so that it can be style as needed.
*
* @param string $subject_override set to override the subject.
*/
function printContactForm($subject_override = '')
{
global $_zp_UTF8, $_zp_captcha, $_processing_post, $_zp_current_admin_obj;
$error = array();
if (isset($_POST['sendmail'])) {
$mailcontent = array();
$mailcontent['title'] = getField('title');
$mailcontent['name'] = getField('name');
$mailcontent['company'] = getField('company');
$mailcontent['street'] = getField('street');
$mailcontent['city'] = getField('city');
$mailcontent['state'] = getField('state');
$mailcontent['postal'] = getField('postal');
$mailcontent['country'] = getField('country');
$mailcontent['email'] = getField('email');
$mailcontent['website'] = getField('website');
$mailcontent['phone'] = getField('phone');
$mailcontent['subject'] = getField('subject');
$mailcontent['message'] = getField('message', 1);
// if you want other required fields or less add/modify their checks here
if (getOption('contactform_title') == "required" && empty($mailcontent['title'])) {
$error[1] = gettext("a title");
}
if (getOption('contactform_name') == "required" && empty($mailcontent['name'])) {
$error[2] = gettext("a name");
}
if (getOption('contactform_company') == "required" && empty($mailcontent['company'])) {
$error[3] = gettext("a company");
}
if (getOption('contactform_street') == "required" && empty($mailcontent['street'])) {
$error[4] = gettext("a street");
}
if (getOption('contactform_city') == "required" && empty($mailcontent['city'])) {
$error[5] = gettext("a city");
}
if (getOption('contactform_state') == "required" && empty($mailcontent['state'])) {
$error[5] = gettext("a state");
}
if (getOption('contactform_postal') == "required" && empty($mailcontent['postal'])) {
$error[5] = gettext("a postal code");
}
if (getOption('contactform_country') == "required" && empty($mailcontent['country'])) {
$error[6] = gettext("a country");
}
if (getOption('contactform_email') == "required" && (empty($mailcontent['email']) || !is_valid_email_zp($mailcontent['email']))) {
$error[7] = gettext("a valid email address");
}
if (getOption('contactform_website') == "required" && empty($mailcontent['website'])) {
$error[8] = gettext('a website');
} else {
if (!empty($mailcontent['website'])) {
if (substr($mailcontent['website'], 0, 7) != "http://") {
$mailcontent['website'] = "http://" . $mailcontent['website'];
}
}
}
if (getOption("contactform_phone") == "required" && empty($mailcontent['phone'])) {
$error[9] = gettext("a phone number");
}
if (getOption("contactform_subject") == "required" && empty($mailcontent['subject'])) {
$error[10] = gettext("a subject");
}
if (getOption("contactform_message") == "required" && empty($mailcontent['message'])) {
$error[11] = gettext("a message");
}
// CAPTCHA start
if (getOption("contactform_captcha")) {
$code_ok = trim(sanitize($_POST['code_h']));
$code = trim(sanitize($_POST['code']));
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$error[5] = gettext("the correct CAPTCHA verification code");
}
// no ticket
}
// CAPTCHA end
// If required fields are empty or not valide print note
if (count($error) != 0) {
?>
<div class="errorbox">
<h2>
<?php
$err = $error;
switch (count($err)) {
case 1:
printf(gettext('Please enter %s. Thanks.'), array_shift($err));
break;
case 2:
printf(gettext('Please enter %1$s and %2$s. Thanks.'), array_shift($err), array_shift($err));
break;
default:
$list = '<ul class="errorlist">';
foreach ($err as $item) {
$list .= '<li>' . $item . '</li>';
}
$list .= '</ul>';
printf(gettext('Please enter: %sThanks.'), $list);
break;
}
?>
</h2>
</div>
<?php
} else {
$mailaddress = $mailcontent['email'];
$name = $mailcontent['name'];
$subject = $mailcontent['subject'] . " (" . getBareGalleryTitle() . ")";
$message = $mailcontent['message'] . "\n\n";
if (!empty($mailcontent['title'])) {
$message .= $mailcontent['title'];
}
if (!empty($mailcontent['name'])) {
$message .= $mailcontent['name'] . "\n";
}
if (!empty($mailcontent['company'])) {
$message .= $mailcontent['company'] . "\n";
}
if (!empty($mailcontent['street'])) {
$message .= $mailcontent['street'] . "\n";
}
if (!empty($mailcontent['city'])) {
$message .= $mailcontent['city'] . "\n";
}
if (!empty($mailcontent['state'])) {
$message .= $mailcontent['state'] . "\n";
}
if (!empty($mailcontent['postal'])) {
$message .= $mailcontent['postal'] . "\n";
}
if (!empty($mailcontent['country'])) {
$message .= $mailcontent['country'] . "\n";
}
if (!empty($mailcontent['email'])) {
$message .= $mailcontent['email'] . "\n";
}
if (!empty($mailcontent['phone'])) {
$message .= $mailcontent['phone'] . "\n";
}
if (!empty($mailcontent['website'])) {
$message .= $mailcontent['website'] . "\n";
}
$message .= "\n\n";
if (getOption('contactform_confirm')) {
echo get_language_string(getOption("contactform_confirmtext"));
if (getOption('contactform_sendcopy')) {
echo get_language_string(getOption("contactform_sendcopy_text"));
}
?>
<div>
<?php
$_processing_post = true;
include getPlugin('contact_form/form.php', true);
?>
<form id="confirm" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8" style="float: left">
<input type="hidden" id="confirm" name="confirm" value="confirm" />
<input type="hidden" id="name" name="name" value="<?php
echo html_encode($name);
?>
" />
<input type="hidden" id="subject" name="subject" value="<?php
echo html_encode($subject);
?>
" />
<input type="hidden" id="message" name="message" value="<?php
echo html_encode($message);
?>
" />
<input type="hidden" id="mailaddress" name="mailaddress" value="<?php
echo html_encode($mailaddress);
?>
" />
<input type="submit" value="<?php
echo gettext("Confirm");
?>
" />
</form>
<form id="discard" action="<?php
echo sanitize($_SERVER['REQUEST_URI']);
?>
" method="post" accept-charset="UTF-8">
<input type="hidden" id="discard" name="discard" value="discard" />
<input type="submit" value="<?php
echo gettext("Discard");
?>
" />
</form>
</div>
<?php
return;
} else {
// simulate confirmation action
$_POST['confirm'] = true;
$_POST['subject'] = $subject;
$_POST['message'] = $message;
$_POST['mailaddress'] = $mailaddress;
$_POST['name'] = $name;
}
}
}
if (isset($_POST['confirm'])) {
$subject = sanitize($_POST['subject']);
$message = sanitize($_POST['message'], 1);
$mailaddress = sanitize($_POST['mailaddress']);
$name = sanitize($_POST['name']);
$contactform_mailinglist = getOption("contactform_mailaddress");
$mailinglist = explode(';', $contactform_mailinglist);
if (getOption('contactform_sendcopy')) {
$sendcopy = array($name => $mailaddress);
} else {
$sendcopy = NULL;
}
$err_msg = zp_mail($subject, $message, $mailinglist, $sendcopy);
if ($err_msg) {
$msgs = explode('.', $err_msg);
unset($msgs[0]);
// the "mail send failed" text
unset($msgs[count($msgs)]);
// a trailing empty one
?>
<div class="errorbox">
<strong><?php
echo ngettext('Error sending mail:', 'Errors sending mail:', count($msgs));
?>
</strong>
<ul class="errorlist">
<?php
foreach ($msgs as $line) {
echo '<li>' . trim($line) . '</li>';
}
?>
</ul>
</div>
<?php
} else {
echo get_language_string(getOption("contactform_thankstext"));
}
echo '<p><a href="?again">' . get_language_string(getOption('contactform_newmessagelink')) . '</a></p>';
} else {
if (count($error) <= 0) {
if (zp_loggedin()) {
$mailcontent = array('title' => '', 'name' => $_zp_current_admin_obj->getName(), 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'postal' => '', 'email' => $_zp_current_admin_obj->getEmail(), 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
if (getOption('zp_plugin_comment_form')) {
$raw = $_zp_current_admin_obj->getCustomData();
if (preg_match('/^a:[0-9]+:{/', $raw)) {
$address = unserialize($raw);
foreach ($address as $key => $field) {
$mailcontent[$key] = $field;
}
}
}
} else {
$mailcontent = array('title' => '', 'name' => '', 'company' => '', 'street' => '', 'city' => '', 'state' => '', 'country' => '', 'email' => '', 'postal' => '', 'website' => '', 'phone' => '', 'subject' => $subject_override, 'message' => '');
}
}
echo get_language_string(getOption("contactform_introtext"));
if (getOption('contactform_sendcopy')) {
echo get_language_string(getOption("contactform_sendcopy_text"));
}
$_processing_post = false;
include getPlugin('contact_form/form.php', true);
}
}
// handle form post
if (isset($_GET['verify'])) {
$currentadmins = getAdministrators();
$params = unserialize(pack("H*", $_GET['verify']));
$adminuser = NULL;
foreach ($currentadmins as $admin) {
if ($admin['user'] == $params['user'] && $admin['email'] == $params['email']) {
$adminuser = $admin;
break;
}
}
if (!is_null($adminuser)) {
$rights = getOption('register_user_rights');
saveAdmin($adminuser['user'], NULL, $admin_n = $adminuser['name'], $admin_e = $adminuser['email'], $rights, NULL);
if (getOption('register_user_notify')) {
zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $admin_n, $adminuser['user'], $admin_e));
}
$notify = 'verified';
} else {
$notify = 'not_verified';
}
}
if (isset($_POST['register_user'])) {
$pass = trim($_POST['adminpass']);
$user = trim($_POST['adminuser']);
$admin_n = trim($_POST['admin_name']);
$admin_e = trim($_POST['admin_email']);
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim($_POST['adminpass_2'])) {
if (empty($pass)) {
$pwd = null;
/**
* User authentication support
*/
function handleLogon()
{
global $_zp_current_admin_obj, $_zp_login_error, $_zp_captcha, $_zp_loggedin;
if (isset($_POST['login'])) {
$post_user = sanitize(@$_POST['user'], 0);
$post_pass = sanitize(@$_POST['pass'], 0);
$_zp_loggedin = false;
switch (@$_POST['password']) {
default:
$user = self::checkLogon($post_user, $post_pass);
if ($user) {
$_zp_loggedin = $user->getRights();
}
$_zp_loggedin = zp_apply_filter('admin_login_attempt', $_zp_loggedin, $post_user, $post_pass);
if ($_zp_loggedin) {
self::logUser($user);
$_zp_current_admin_obj = $user;
session_regenerate_id(true);
} else {
zp_clearCookie("zp_user_auth");
// Clear the cookie, just in case
$_zp_login_error = 1;
}
break;
case 'challenge':
$user = $this->getAnAdmin(array('`user`=' => $post_user, '`valid`=' => 1));
if (is_object($user)) {
$info = $user->getChallengePhraseInfo();
if ($post_pass && $info['response'] == $post_pass) {
$ref = self::getResetTicket($post_user, $user->getPass());
header('location:' . WEBPATH . '/' . ZENFOLDER . '/admin-users.php?ticket=' . $ref . '&user='******'Sorry, that is not the answer.');
$_REQUEST['logon_step'] = 'challenge';
break;
case 'captcha':
if ($_zp_captcha->checkCaptcha(trim(@$_POST['code']), sanitize(@$_POST['code_h'], 3))) {
require_once dirname(__FILE__) . '/load_objectClasses.php';
// be sure that the plugins are loaded for the mail handler
if (empty($post_user)) {
$requestor = gettext('You are receiving this e-mail because of a password reset request on your ZenPhoto20 gallery.');
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your ZenPhoto20 gallery from a user who tried to log in as %s."), $post_user);
}
$admins = $this->getAdministrators();
$mails = array();
$user = NULL;
foreach ($admins as $key => $tuser) {
if (!empty($tuser['email'])) {
if (!empty($post_user) && ($tuser['user'] == $post_user || $tuser['email'] == $post_user)) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
$mails[$name] = $tuser['email'];
$user = $tuser;
unset($admins[$key]);
// drop him from alternate list.
} else {
if (!($tuser['rights'] & ADMIN_RIGHTS)) {
unset($admins[$key]);
// eliminate any peons from the list
}
}
} else {
unset($admins[$key]);
// we want to ignore groups and users with no email address here!
}
}
$cclist = array();
foreach ($admins as $tuser) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
if (is_null($user)) {
$user = $tuser;
$mails[$name] = $tuser['email'];
} else {
$cclist[$name] = $tuser['email'];
}
}
if (is_null($user)) {
$_zp_login_error = gettext('There was no one to which to send the reset request.');
} else {
$ref = self::getResetTicket($user['user'], $user['pass']);
$msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user="******"\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
$err_msg = zp_mail(gettext("The ZenPhoto20 information you requested"), $msg, $mails, $cclist);
if (empty($err_msg)) {
$_zp_login_error = 2;
} else {
$_zp_login_error = $err_msg;
}
}
} else {
$_zp_login_error = gettext('Your input did not match the captcha');
$_REQUEST['logon_step'] = 'captcha';
}
break;
}
}
return $_zp_loggedin;
}
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a comment object
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code CAPTCHA code entered
* @param string $code_ok CAPTCHA hash expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @param string $customdata
* @param bit $check bitmask of which fields must be checked. If set overrides the options
* @return object
*/
function comment_form_addComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon, $customdata, $check = false)
{
global $_zp_captcha, $_zp_gallery, $_zp_authority, $_zp_comment_on_hold, $_zp_spamFilter;
if ($check === false) {
$whattocheck = 0;
if (getOption('comment_email_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_EMAIL_REQUIRED;
}
if (getOption('comment_name_required')) {
$whattocheck = $whattocheck | COMMENT_NAME_REQUIRED;
}
if (getOption('comment_web_required') == 'required') {
$whattocheck = $whattocheck | COMMENT_WEB_REQUIRED;
}
switch (getOption('Use_Captcha')) {
case 0:
break;
case 2:
if (zp_loggedin(POST_COMMENT_RIGHTS)) {
break;
}
default:
$whattocheck = $whattocheck | USE_CAPTCHA;
break;
}
if (getOption('comment_body_requiired')) {
$whattocheck = $whattocheck | COMMENT_BODY_REQUIRED;
}
if (getOption('email_new_comments')) {
$whattocheck = $whattocheck | COMMENT_SEND_EMAIL;
}
} else {
$whattocheck = $check;
}
$type = $receiver->table;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
$receiverid = $receiver->getID();
$goodMessage = 2;
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$commentobj = new Comment();
$commentobj->transient = false;
// otherwise we won't be able to save it....
$commentobj->setOwnerID($receiverid);
$commentobj->setName($name);
$commentobj->setEmail($email);
$commentobj->setWebsite($website);
$commentobj->setComment($comment);
$commentobj->setType($type);
$commentobj->setIP($ip);
$commentobj->setPrivate($private);
$commentobj->setAnon($anon);
$commentobj->setInModeration(0);
$commentobj->setCustomData($customdata);
if ($whattocheck & COMMENT_EMAIL_REQUIRED && (empty($email) || !is_valid_email_zp($email))) {
$commentobj->setInModeration(-2);
$commentobj->comment_error_text .= ' ' . gettext("You must supply an e-mail address.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_NAME_REQUIRED && empty($name)) {
$commentobj->setInModeration(-3);
$commentobj->comment_error_text .= ' ' . gettext("You must enter your name.");
$goodMessage = false;
}
if ($whattocheck & COMMENT_WEB_REQUIRED && (empty($website) || !isValidURL($website))) {
$commentobj->setInModeration(-4);
$commentobj->comment_error_text .= ' ' . gettext("You must supply a WEB page URL.");
$goodMessage = false;
}
if ($whattocheck & USE_CAPTCHA) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$commentobj->setInModeration(-5);
$commentobj->comment_error_text .= ' ' . gettext("CAPTCHA verification failed.");
$goodMessage = false;
}
}
if ($whattocheck & COMMENT_BODY_REQUIRED && empty($comment)) {
$commentobj->setInModeration(-6);
$commentobj->comment_error_text .= ' ' . gettext("You must enter something in the comment text.");
$goodMessage = false;
}
$moderate = 0;
if ($goodMessage && isset($_zp_spamFilter)) {
$goodMessage = $_zp_spamFilter->filterMessage($name, $email, $website, $comment, $receiver, $ip);
switch ($goodMessage) {
case 0:
$commentobj->setInModeration(2);
$commentobj->comment_error_text .= sprintf(gettext('Your comment was rejected by the <em>%s</em> SPAM filter.'), $_zp_spamFilter->name);
$goodMessage = false;
break;
case 1:
$_zp_comment_on_hold = sprintf(gettext('Your comment has been marked for moderation by the <em>%s</em> SPAM filter.'), $_zp_spamFilter->name);
$commentobj->comment_error_text .= $_zp_comment_on_hold;
$commentobj->setInModeration(1);
$moderate = 1;
break;
case 2:
$commentobj->setInModeration(0);
break;
}
}
$localerrors = $commentobj->getInModeration();
zp_apply_filter('comment_post', $commentobj, $receiver);
if ($check === false) {
// ignore filter provided errors if caller is supplying the fields to check
$localerrors = $commentobj->getInModeration();
}
if ($goodMessage && $localerrors >= 0) {
// Update the database entry with the new comment
$commentobj->save();
// add to comments array and notify the admin user
if (!$moderate) {
$receiver->comments[] = array('name' => $commentobj->getname(), 'email' => $commentobj->getEmail(), 'website' => $commentobj->getWebsite(), 'comment' => $commentobj->getComment(), 'date' => $commentobj->getDateTime(), 'custom_data' => $commentobj->getCustomData());
}
switch ($type) {
case "albums":
$url = "album=" . pathurlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your album “%1$s”.'), $receiver->name);
} else {
$action = sprintf(gettext('A comment has been posted on your album “%1$s”.'), $receiver->name);
}
break;
case "news":
$url = "p=news&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your article “%1$s”.'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your article “%1$s”.'), $receiver->getTitlelink());
}
break;
case "pages":
$url = "p=pages&title=" . urlencode($receiver->getTitlelink());
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your page “%1$s”.'), $receiver->getTitlelink());
} else {
$action = sprintf(gettext('A comment has been posted on your page “%1$s”.'), $receiver->getTitlelink());
}
break;
default:
// all image types
$album = $receiver->getAlbum();
$url = "album=" . pathurlencode($album->name) . "&image=" . urlencode($receiver->filename);
$ur_album = getUrAlbum($album);
if ($moderate) {
$action = sprintf(gettext('A comment has been placed in moderation on your image “%1$s” in the album “%2$s”.'), $receiver->getTitle(), $album->name);
} else {
$action = sprintf(gettext('A comment has been posted on your image “%1$s” in the album “%2$s”.'), $receiver->getTitle(), $album->name);
}
break;
}
if ($whattocheck & COMMENT_SEND_EMAIL) {
$message = $action . "\n\n" . sprintf(gettext('Author: %1$s' . "\n" . 'Email: %2$s' . "\n" . 'Website: %3$s' . "\n" . 'Comment:' . "\n\n" . '%4$s'), $commentobj->getname(), $commentobj->getEmail(), $commentobj->getWebsite(), $commentobj->getComment()) . "\n\n" . sprintf(gettext('You can view all comments about this item here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/index.php?' . $url) . "\n\n" . sprintf(gettext('You can edit the comment here:' . "\n" . '%1$s'), 'http://' . $_SERVER['SERVER_NAME'] . WEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/comment_form/admin-comments.php?page=editcomment&id=' . $commentobj->getID());
$emails = array();
$admin_users = $_zp_authority->getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone with full rights
if (!empty($admin['email']) && ($admin['rights'] & ADMIN_RIGHTS || ($admin['rights'] & (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS)) == (MANAGE_ALL_ALBUM_RIGHTS | COMMENT_RIGHTS))) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
if ($type === "images" or $type === "albums") {
// mail to album admins
$id = $ur_album->getID();
$sql = 'SELECT `adminid` FROM ' . prefix('admin_to_object') . ' WHERE `objectid`=' . $id . ' AND `type` LIKE "album%"';
$result = query($sql);
if ($result) {
while ($anadmin = db_fetch_assoc($result)) {
$id = $anadmin['adminid'];
if (array_key_exists($id, $admin_users)) {
$admin = $admin_users[$id];
if ($admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
db_free_result($result);
}
}
$on = gettext('Comment posted');
$result = zp_mail("[" . $_zp_gallery->getTitle() . "] {$on}", $message, $emails);
if ($result) {
$commentobj->setInModeration(-12);
$commentobj->comment_error_text = $result;
}
}
}
return $commentobj;
}
/**
* User authentication support
*/
function handleLogon()
{
global $_zp_authority, $_zp_current_admin_obj, $_zp_login_error, $_zp_captcha, $_zp_loggedin;
if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
$post_user = sanitize($_POST['user']);
$post_pass = sanitize($_POST['pass'], 0);
$user = $this->checkLogon($post_user, $post_pass, true);
if ($user) {
$_zp_loggedin = $user->getRights();
} else {
$_zp_loggedin = false;
}
$_zp_loggedin = zp_apply_filter('admin_login_attempt', $_zp_loggedin, $post_user, $post_pass);
if ($_zp_loggedin) {
$this->logUser($user);
} else {
// Clear the cookie, just in case
zp_setCookie("zenphoto_auth", "", -368000);
// was it a request for a reset?
if (isset($_POST['code_h']) && $_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
require_once dirname(__FILE__) . '/class-load.php';
// be sure that the plugins are loaded for the mail handler
if (empty($post_user)) {
$requestor = gettext('You are receiving this e-mail because of a password reset request on your Zenphoto gallery.');
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
}
$admins = $_zp_authority->getAdministrators();
$mails = array();
$user = NULL;
foreach ($admins as $key => $tuser) {
if (!empty($tuser['email'])) {
if (!empty($post_user) && ($tuser['user'] == $post_user || $tuser['email'] == $post_user)) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
$mails[$name] = $tuser['email'];
$user = $tuser;
unset($admins[$key]);
// drop him from alternate list.
} else {
if (!($tuser['rights'] & ADMIN_RIGHTS)) {
unset($admins[$key]);
// eliminate any peons from the list
}
}
} else {
unset($admins[$key]);
// we want to ignore groups and users with no email address here!
}
}
$cclist = array();
foreach ($admins as $tuser) {
$name = $tuser['name'];
if (empty($name)) {
$name = $tuser['user'];
}
if (is_null($user)) {
$user = $tuser;
$mails[$name] = $tuser['email'];
} else {
$cclist[$name] = $tuser['email'];
}
}
if (is_null($user)) {
$_zp_login_error = gettext('There was no one to which to send the reset request.');
} else {
$ref = $this->getResetTicket($user['user'], $user['pass']);
$msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Zenphoto Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-users.php?ticket={$ref}&user="******"\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
$err_msg = zp_mail(gettext("The Zenphoto information you requested"), $msg, $mails, $cclist);
if (empty($err_msg)) {
$_zp_login_error = 2;
} else {
$_zp_login_error = $err_msg;
}
}
} else {
$_zp_login_error = 1;
}
}
}
return $_zp_loggedin;
}
static function post_processor()
{
global $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery, $_notify, $_link, $_message;
//Handle registration
if (isset($_POST['username']) && !empty($_POST['username'])) {
$_notify = 'honeypot';
// honey pot check
}
if (getOption('register_user_captcha')) {
if (isset($_POST['code'])) {
$code = sanitize($_POST['code'], 3);
$code_ok = sanitize($_POST['code_h'], 3);
} else {
$code = '';
$code_ok = '';
}
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$_notify = 'invalidcaptcha';
}
}
$admin_n = trim(sanitize($_POST['admin_name']));
if (empty($admin_n)) {
$_notify = 'incomplete';
}
if (isset($_POST['admin_email'])) {
$admin_e = trim(sanitize($_POST['admin_email']));
} else {
$admin_e = trim(sanitize($_POST['user'], 0));
}
if (!is_valid_email_zp($admin_e)) {
$_notify = 'invalidemail';
}
$pass = trim(sanitize($_POST['pass'], 0));
$user = trim(sanitize($_POST['user'], 0));
if (empty($pass)) {
$_notify = 'empty';
} else {
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if (isset($_POST['disclose_password']) || $pass == trim(sanitize($_POST['pass_r']))) {
$currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
if (is_object($currentadmin)) {
$_notify = 'exists';
} else {
if ($_zp_authority->getAnAdmin(array('`email`=' => $admin_e, '`valid`=' => '1'))) {
$_notify = 'dup_email';
}
}
if (empty($_notify)) {
$userobj = $_zp_authority->newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$userobj->setPass($pass);
$userobj->setName($admin_n);
$userobj->setEmail($admin_e);
$userobj->setRights(0);
$userobj->setObjects(NULL);
$userobj->setGroup('');
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
if (extensionEnabled('userAddressFields')) {
$addresses = getOption('register_user_address_info');
$userinfo = register_user::getUserInfo(0);
$_comment_form_save_post = serialize($userinfo);
if ($addresses == 'required') {
if (!isset($userinfo['street']) || empty($userinfo['street'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the street field.');
}
if (!isset($userinfo['city']) || empty($userinfo['city'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the city field.');
}
if (!isset($userinfo['state']) || empty($userinfo['state'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the state field.');
}
if (!isset($userinfo['country']) || empty($userinfo['country'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the country field.');
}
if (!isset($userinfo['postal']) || empty($userinfo['postal'])) {
$userobj->transient = true;
$userobj->msg .= ' ' . gettext('You must supply the postal code field.');
}
}
zp_setCookie('reister_user_form_addresses', $_comment_form_save_post);
userAddressFields::setCustomData($userobj, $userinfo);
}
zp_apply_filter('register_user_registered', $userobj);
if ($userobj->transient) {
if (empty($_notify)) {
$_notify = 'filter';
}
} else {
$userobj->save();
if (MOD_REWRITE) {
$verify = '?verify=';
} else {
$verify = '&verify=';
}
$_link = PROTOCOL . "://" . $_SERVER['HTTP_HOST'] . register_user::getLink() . $verify . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
$_message = sprintf(get_language_string(getOption('register_user_text')), $_link, $admin_n, $user, $pass);
$_notify = zp_mail(get_language_string(gettext('Registration confirmation')), $_message, array($user => $admin_e));
if (empty($_notify)) {
$_notify = 'accepted';
}
}
}
} else {
$_notify = 'mismatch';
}
} else {
$_notify = 'incomplete';
}
}
}
// was it a request for a reset?
if ($_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
if (empty($post_user)) {
$requestor = 'You are receiving this e-mail because of a password reset request on your Zenphoto gallery.';
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
}
$admins = getAdministrators();
$user = array_shift($admins);
$adm = $user['user'];
$pas = $user['pass'];
setOption('admin_reset_date', time());
$req = getOption('admin_reset_date');
$ref = md5($req . $adm . $pas);
$msg = "\n" . $requestor . "\n" . sprintf(gettext("To reset your Zenphoto Admin passwords visit: %s"), FULLWEBPATH . "/" . ZENFOLDER . "/admin-options.php?ticket={$ref}") . "\n" . gettext("If you do not wish to reset your passwords just ignore this message. This ticket will automatically expire in 3 days.");
zp_mail(gettext("The Zenphoto information you requested"), $msg);
$_zp_login_error = 2;
} else {
$_zp_login_error = 1;
}
}
}
}
unset($saved_auth, $check_auth, $user, $pass);
// Handle a logout action.
if (isset($_REQUEST['logout'])) {
zp_setcookie("zenphoto_auth", "*", time() - 368000, $cookiepath);
$redirect = 'index.php';
if (isset($_GET['p'])) {
$redirect .= "?p=" . $_GET['p'];
if (isset($_GET['searchfields'])) {
/**
* Parses the verification and registration if they have occurred
* places the user registration form
*
* @param string $thanks the message shown on successful registration
*/
function printRegistrationForm($thanks = NULL)
{
global $notify, $admin_e, $admin_n, $user, $_zp_authority, $_zp_captcha, $_zp_gallery_page, $_zp_gallery;
require_once dirname(dirname(__FILE__)) . '/admin-functions.php';
$userobj = NULL;
// handle any postings
if (isset($_GET['verify'])) {
$currentadmins = $_zp_authority->getAdministrators();
$params = unserialize(pack("H*", trim(sanitize($_GET['verify']), '.')));
$userobj = $_zp_authority->getAnAdmin(array('`user`=' => $params['user'], '`valid`=' => 1));
if ($userobj->getEmail() == $params['email']) {
if (!$userobj->getRights()) {
$userobj->setCredentials(array('registered', 'user', 'email'));
$rights = getOption('register_user_user_rights');
$group = NULL;
if (!is_numeric($rights)) {
// a group or template
$admin = $_zp_authority->getAnAdmin(array('`user`=' => $rights, '`valid`=' => 0));
if ($admin) {
$userobj->setObjects($admin->getObjects());
if ($admin->getName() != 'template') {
$group = $rights;
}
$rights = $admin->getRights();
} else {
$rights = NO_RIGHTS;
}
}
$userobj->setRights($rights | NO_RIGHTS);
$userobj->setGroup($group);
zp_apply_filter('register_user_verified', $userobj);
$notify = false;
if (getOption('register_user_notify')) {
$notify = zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
}
if (empty($notify)) {
if (getOption('register_user_create_album')) {
$userobj->createPrimealbum();
}
$notify = 'verified';
$_POST['user'] = $userobj->getUser();
}
$userobj->save();
} else {
$notify = 'verified';
}
} else {
$notify = 'not_verified';
// User ID no longer exists
}
}
if (isset($_POST['register_user'])) {
if (getOption('register_user_captcha')) {
if (isset($_POST['code'])) {
$code = sanitize($_POST['code'], 3);
$code_ok = sanitize($_POST['code_h'], 3);
} else {
$code = '';
$code_ok = '';
}
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
$notify = 'invalidcaptcha';
}
}
$admin_n = trim(sanitize($_POST['admin_name']));
if (empty($admin_n)) {
$notify = 'incomplete';
}
if (isset($_POST['admin_email'])) {
$admin_e = trim(sanitize($_POST['admin_email']));
} else {
$admin_e = trim(sanitize($_POST['adminuser']));
}
if (!is_valid_email_zp($admin_e)) {
$notify = 'invalidemail';
}
$pass = trim(sanitize($_POST['adminpass']));
$user = trim(sanitize($_POST['adminuser']));
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim(sanitize($_POST['adminpass_2']))) {
$currentadmin = $_zp_authority->getAnAdmin(array('`user`=' => $user, '`valid`>' => 0));
if (is_object($currentadmin)) {
$notify = 'exists';
}
if (empty($notify)) {
$notify = $_zp_authority->validatePassword($pass);
// test for valid password
if (empty($notify)) {
$userobj = $_zp_authority->newAdministrator('');
$userobj->transient = false;
$userobj->setUser($user);
$userobj->setPass($pass);
$userobj->setName($admin_n);
$userobj->setEmail($admin_e);
$userobj->setRights(0);
$userobj->setObjects(NULL);
$userobj->setGroup('');
$userobj->setCustomData('');
$userobj->setLanguage(getUserLocale());
zp_apply_filter('register_user_registered', $userobj);
if ($userobj->transient) {
if (empty($notify)) {
$notify = 'filter';
}
} else {
$userobj->save();
$link = rewrite_path(FULLWEBPATH . '/page/' . substr($_zp_gallery_page, 0, -4) . '?verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e))), false);
$message = sprintf(get_language_string(getOption('register_user_text')), $link);
$notify = zp_mail(get_language_string(gettext('Registration confirmation')), $message, array($user => $admin_e));
if (empty($notify)) {
$notify = 'accepted';
}
}
}
}
} else {
$notify = 'mismatch';
}
} else {
$notify = 'incomplete';
}
}
if (zp_loggedin()) {
if (isset($_GET['userlog']) && $_GET['userlog'] == 1) {
echo '<meta http-equiv="refresh" content="1; url=' . WEBPATH . '/">';
} else {
echo '<div class="errorbox fade-message">';
echo '<h2>' . gettext("you are already logged in.") . '</h2>';
echo '</div>';
}
return;
}
if (!empty($notify)) {
if ($notify == 'verified' || $notify == 'accepted') {
?>
<div class="Messagebox fade-message">
<p>
<?php
if ($notify == 'verified') {
if (is_null($thanks)) {
$thanks = gettext("Thank you for registering.");
}
echo $thanks;
} else {
echo gettext('Your registration information has been accepted. An email has been sent to you to verify your email address.');
}
?>
</p>
</div>
<?php
if ($notify == 'verified') {
require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_login-out.php';
?>
<p><?php
echo gettext('You may now log onto the site.');
?>
</p>
<?php
printPasswordForm('', false, true, WEBPATH . '/' . ZENFOLDER . '/admin.php');
}
$notify = 'success';
} else {
echo '<div class="errorbox fade-message">';
echo '<h2>' . gettext("Registration failed.") . '</h2>';
echo '<p>';
switch ($notify) {
case 'exists':
printf(gettext('The user ID <em>%s</em> is already in use.'), $admin_e);
break;
case 'mismatch':
echo gettext('Your passwords did not match.');
break;
case 'incomplete':
echo gettext('You have not filled in all the fields.');
break;
case 'notverified':
echo gettext('Invalid verification link.');
break;
case 'invalidemail':
echo gettext('Enter a valid email address.');
break;
case 'invalidcaptcha':
echo gettext('The CAPTCHA you entered was not correct.');
break;
case 'not_verified':
echo gettext('Your registration request could not be completed.');
break;
case 'filter':
if (is_object($userobj) && !empty($userobj->msg)) {
echo $userobj->msg;
} else {
echo gettext('Your registration attempt failed a <code>register_user_registered</code> filter check.');
}
break;
default:
echo $notify;
break;
}
echo '</p>';
echo '</div>';
}
}
if ($notify != 'success') {
$form = getPlugin('register_user/register_user_form.php', true);
require_once $form;
}
}
/**
* Processes the verification POST tickets
* @param string $script (we do not use this)
* @return string
*/
static function verify($script)
{
//process any verifications posted
if (isset($_GET['verify_federated_user'])) {
$params = unserialize(pack("H*", trim(sanitize($_GET['verify_federated_user']), '.')));
if (time() - $params['date'] < 2592000) {
$userobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $params['user'], '`email`=' => $params['email'], '`valid`>' => 0));
if ($userobj) {
$groupname = getOption('federated_login_group');
$groupobj = Zenphoto_Authority::getAnAdmin(array('`user`=' => $groupname, '`valid`=' => 0));
if ($groupobj) {
$userobj->setRights($groupobj->getRights());
$userobj->setGroup($groupname);
$userobj->setObjects($groupobj->getObjects());
if (getOption('register_user_create_album')) {
$userobj->createPrimealbum();
}
$userobj->save();
}
zp_apply_filter('register_user_verified', $userobj);
if (getOption('register_logon_user_notify')) {
zp_mail(gettext('Zenphoto Gallery registration'), sprintf(gettext('%1$s (%2$s) has registered for the zenphoto gallery providing an e-mail address of %3$s.'), $userobj->getName(), $userobj->getUser(), $userobj->getEmail()));
}
Zenphoto_Authority::logUser($userobj);
header("Location: " . FULLWEBPATH . '/' . ZENFOLDER . '/admin.php');
exitZP();
}
}
}
return $script;
}
}
if (isset($_POST['message'])) {
$message = sanitize($_POST['message']);
}
$cc_addresses = array();
$admincount = count($admins);
foreach ($admins as $admin) {
if (isset($_POST["admin_" . $admin['id']])) {
$cc_addresses[] = $admin['email'];
}
}
$currentadminmail = $_zp_current_admin_obj->getEmail();
if (!empty($currentadminmail)) {
$cc_addresses[] = $currentadminmail;
}
$err_msg = zp_mail($subject, $message, array(), array(), $cc_addresses);
if ($err_msg) {
echo '<p class="errorbox">' . $err_msg . '</p>';
} else {
echo '<p class="messagebox">' . gettext('Mail sent.') . '</p>';
?>
<h3><strong><?php
echo gettext('Subject:');
?>
</strong><?php
echo $subject;
?>
</h3>
<p><strong><?php
echo gettext('To:');
?>
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}