/** * Deliver a backup file. * Originally had the option of "http" or "smtp", but for glFusion * only "smtp" is needed. Files can be downloaded at any time via * the backup admin interface. */ private function deliver_backup($filename = '') { global $_VARS, $_CONF; if ($filename == '' || !filename) { return false; } $diskfile = $this->backup_dir . $filename; $recipient = $_VARS['_dbback_sendto']; if (!file_exists($diskfile)) { COM_errorLog("dbBackup: File {$diskfile} does not exist"); return false; } if (!COM_isEmail($recipient)) { COM_errorLog("{$recipient} is not a valid email address"); return false; } $message = sprintf("Attached to this email is\n %s\n Size:%s kilobytes\n", $filename, round(filesize($diskfile) / 1024)); $status = $this->SendMail($recipient, $_CONF['site_name'] . ' ' . 'Database Backup', $message, '', false, 0, '', '', array($diskfile)); return $status; }
function prj_sendEmail($user, $subject, $message) { global $_USER, $_CONF, $_TABLES, $_PRJCONF; $target_uid = DB_getItem($_TABLES['users'], "uid", "username='******'"); $emailaddress = DB_getItem($_TABLES['users'], "email", "username = '******'"); $emailtest = COM_isEmail($emailaddress); if ($_PRJCONF['notifications_enabled'] && $emailtest) { COM_mail($emailaddress, $subject, $message, $_CONF['site_mail'], false); // Log notification for admin viewing and tracking $type = "projects"; $logentry = $type . "," . $user . "," . $subject; prj_logNotification($logentry); } return true; }
function createuser() { global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR; $retval = ''; $retval = ''; $passwd = ''; $passwd_conf = ''; if ($_CONF['disable_new_user_registration']) { COM_setMsg($LANG04[122], 'error'); echo COM_refresh($_CONF['site_url']); } $email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : ''; $email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : ''; $username = isset($_POST['username']) ? $_POST['username'] : ''; if (isset($_POST['passwd'])) { $passwd = trim($_POST['passwd']); } if (isset($_POST['passwd_conf'])) { $passwd_conf = trim($_POST['passwd_conf']); } $username = COM_truncate(trim($username), 48); if (!USER_validateUsername($username)) { $retval .= newuserform($LANG04[162]); return $retval; } $email = COM_truncate(trim($email), 96); $email_conf = trim($email_conf); if ($_CONF['registration_type'] == 1) { if (empty($passwd) || $passwd != $passwd_conf) { $retval .= newuserform($MESSAGE[67]); return $retval; } } $fullname = ''; if (!empty($_POST['fullname'])) { $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); } if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 and $ecount == 0) { // For glFusion, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $msg = CUSTOM_userCheck($username, $email); if (!empty($msg)) { // no, it's not okay with the custom userform $retval = CUSTOM_userForm($msg); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = PLG_itemPreSave('registration', $spamCheckData); if (!empty($msg)) { $retval .= newuserform($msg); return $retval; } if ($_CONF['registration_type'] == 1 && !empty($passwd)) { $encryptedPasswd = SEC_encryptPassword($passwd); } else { $encryptedPasswd = ''; } $uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) { echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, $passwd, 1); } } else { $retval = emailpassword($username, $passwd); } return $retval; } else { $retval .= newuserform($LANG04[19]); } } else { if ($email !== $email_conf) { $msg = $LANG04[125]; $retval .= newuserform($msg); } else { // invalid username or email address if (empty($username) || strlen($username) > 48) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } $retval .= newuserform($msg); } } return $retval; }
public function testIsEmailReturnFalseForInvalidEmails() { // Line 3075 // Commented emails should be invalid, // but pass PEAR isValidInetAddress validation. $invalidemails = array("abc@def@example.com", "abc\\\\@def@example.com", "abc\\@example.com", "@example.com", "doug@", "\"*****@*****.**", "ote\"@example.com", "\"Doug \"Ace\" L.\"@example.com", "Doug\\ \\\"Ace\\\"\\ L\\.@example.com", "hello world@example.com", "gatsby@f.sc.ot.t.f.i.tzg.era.l.d."); foreach ($invalidemails as $k => $invalid) { $this->assertFalse(COM_isEmail($invalid), 'Error asserting ' . $invalid . ' is an invalid email'); } }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5'); } } } }
/** * This function record in the hello queue the message to send to the specified group or to csv list * * @param array $vars Same as $_POST, holds all the email info * @return string HTML with success or error message * */ function send_messages($vars) { global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01; require_once $_CONF['path_system'] . 'lib-user.php'; $retval = ''; if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) { $retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG31[26]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= $display .= display_mailform($vars); return $retval; } // Urgent message! if (isset($vars['priority'])) { $priority = 1; } else { $priority = 0; } if (!empty($vars['to_group'])) { $groupList = implode(',', USER_getChildGroups($vars['to_group'])); //Group name $group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " "); $group_name = DB_fetchArray($group_name); $email_group = $group_name[0]; if (isset($vars['overstyr'])) { $sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1"; $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))"; $sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})"; } else { $sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1"; $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))"; $sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1"; $sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})"; } $result = DB_query($sql); $nrows = DB_numRows($result); $quantity = $nrows; } else { // OK, let's upload csv file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); //Debug with story debug function if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads(1); $upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv')); if (!$upload->setPath($_CONF['path_data'])) { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $upload->printErrors(false); $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filename = 'import_hello_' . COM_makesid() . '.' . $fextension; } if ($filename == '') { $output = COM_siteHeader('menu', $LANG24[30]); $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= 'Upload error: csv file name is empty. Please try again...'; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); echo $output; exit; } $upload->setFileNames($filename); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $msg = $upload->printErrors(false); return $LANG24[30]; } //email group $email_group = $LANG_HELLO01['csv_file']; $destinataires = array(); $separator = $vars['separator']; if (!in_array($separator, array(',', 'tab', ';'))) { $separator = ','; } if ($separator == 'tab') { $separator = "\t"; } if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) { $quantity = 0; while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) { //todo check if email is valid if ($data[0] != '' and COM_isEmail($data[0])) { $quantity++; $destinataires[] = $data[0]; } } fclose($handle); } } $retval .= COM_startBlock($LANG31[1]); // register hello $creation = date('YmdHi', time()); $subject = addslashes($vars['subject']); $content = addslashes($vars['content']); $from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')"; DB_query($sql_ajout_hello); $new_hello_id = DB_insertId(); // Loop through and send the messages in the DB! $successes = 0; $failures = 0; if (!empty($vars['to_group'])) { for ($i = 0; $i < $quantity; $i++) { $A = DB_fetchArray($result); $destinataire = $A['email']; $expediteur = $from; $date = date('YmdHi', time()); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')"; if ($destinataire != '') { if (DB_query($sql_ajout_hello)) { $successes = $successes + 1; } else { $failures = $failures + 1; } } else { $failures = $failures + 1; } } } else { //csv file for ($i = 0; $i < $quantity; $i++) { $destinataire = $destinataires[$i]; $expediteur = $from; $date = date('YmdHi', time()); $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')"; if (DB_query($sql_ajout_hello)) { $successes = $successes + 1; } else { $failures = $failures + 1; } } } if ($successes >= 0) { $retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority']; } if ($failures > 0) { $retval .= 'Oups... There was ' . $failures . ' failure(s)'; } if (empty($vars['to_group'])) { //list emails from csv reset($destinataires); $retval .= COM_makeList($destinataires); } $retval .= COM_endBlock(); return $retval; }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // verify password if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } else { if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // re athenticate remote user again for these changes to take place // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21])); return $display; } DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>'; } $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { $passwd = ''; if ($service == '') { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) { SEC_updateUserPassword($A['passwd'], $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
/** * Creates a user * Creates a user with the give username and email address * * @param string $username username to create user for * @param string $email email address to assign to user * @param string $email_conf confirmation email address check * @return string HTML for the form again if error occurs, otherwise nothing. */ function createuser($username, $email, $email_conf) { global $_CONF, $_TABLES, $LANG01, $LANG04; $retval = ''; $username = trim($username); $email = trim($email); $email_conf = trim($email_conf); if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 && $ecount == 0) { // For Geeklog, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // no, it's not okay with the custom userform $retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string'])); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $msg = PLG_itemPreSave('registration', $username); if (!empty($msg)) { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); return $retval; } $uid = USER_createAccount($username, $email); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) { COM_redirect($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, 1); } } else { $retval = emailpassword($username, 1); } return $retval; } else { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($LANG04[19]); } else { $retval .= newuserform($LANG04[19]); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } } elseif ($email !== $email_conf) { $msg = $LANG04[125]; if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } else { // invalid username or email address if (empty($username) || strlen($username) > 16) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } return $retval; }
} else { $display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter(); } } break; case 'sendstory': $sid = COM_sanitizeID(COM_applyFilter($_POST['sid'])); if (empty($sid)) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } else { $html = 0; if ($postmode == 'html') { $html = 1; } $shortmessage = $_POST['shortmsg']; if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail'])) { $display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage, 52) . COM_siteFooter(); } else { if (empty($_POST['to']) || empty($_POST['from']) || empty($shortmessage)) { $display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage) . COM_siteFooter(); } else { $msg = PLG_itemPreSave('emailstory', $shortmessage); if (!empty($msg)) { $display .= COM_siteHeader('menu', '') . COM_errorLog($msg, 2) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $shortmessage) . COM_siteFooter(); } else { $display .= mailstory($sid, $_POST['to'], $_POST['toemail'], $_POST['from'], $_POST['fromemail'], $shortmessage, $html); } } } } break;
function COM_emailNotification($msgData = array()) { global $_CONF; // define the maximum number of emails allowed per bcc $maxEmailsPerSend = 10; // ensure we have something to send... if (!isset($msgData['htmlmessage']) && !isset($msgData['textmessage'])) { COM_errorLog("COM_emailNotification() - No message data provided"); return false; // no message defined } if (empty($msgData['htmlmessage']) && empty($msgData['textmessage'])) { COM_errorLog("COM_emailNotification() - Empty message data provided"); return false; // no text in either... } if (!isset($msgData['subject']) || empty($msgData['subject'])) { COM_errorLog("COM_emailNotification() - No subject provided"); return false; // must have a subject } $queued = 0; $subject = substr($msgData['subject'], 0, strcspn($msgData['subject'], "\r\n")); $subject = COM_emailEscape($subject); require_once $_CONF['path'] . 'lib/phpmailer/class.phpmailer.php'; $mail = new PHPMailer(); $mail->SetLanguage('en', $_CONF['path'] . 'lib/phpmailer/language/'); $mail->CharSet = COM_getCharset(); if ($_CONF['mail_backend'] == 'smtp') { $mail->IsSMTP(); $mail->Host = $_CONF['mail_smtp_host']; $mail->Port = $_CONF['mail_smtp_port']; if ($_CONF['mail_smtp_secure'] != 'none') { $mail->SMTPSecure = $_CONF['mail_smtp_secure']; } if ($_CONF['mail_smtp_auth']) { $mail->SMTPAuth = true; $mail->Username = $_CONF['mail_smtp_username']; $mail->Password = $_CONF['mail_smtp_password']; } $mail->Mailer = "smtp"; } elseif ($_CONF['mail_backend'] == 'sendmail') { $mail->Mailer = "sendmail"; $mail->Sendmail = $_CONF['mail_sendmail_path']; } else { $mail->Mailer = "mail"; } $mail->WordWrap = 76; if (isset($msgData['htmlmessage']) && !empty($msgData['htmlmessage'])) { $mail->IsHTML(true); $mail->Body = $msgData['htmlmessage']; if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) { $mail->AltBody = $msgData['textmessage']; } } else { $mail->IsHTML(false); if (isset($msgData['textmessage']) && !empty($msgData['textmessage'])) { $mail->Body = $msgData['textmessage']; } } $mail->Subject = $subject; if (isset($msgData['embeddedImage']) && is_array($msgData['embeddedImage'])) { foreach ($msgData['embeddedImage'] as $embeddedImage) { $mail->AddEmbeddedImage($embeddedImage['file'], $embeddedImage['name'], $embeddedImage['filename'], $embeddedImage['encoding'], $embeddedImage['mime']); } } if (is_array($msgData['from'])) { $mail->From = $msgData['from']['email']; $mail->FromName = $msgData['from']['name']; } else { $mail->From = $msgData['from']; $mail->FromName = $_CONF['site_name']; } $queued = 0; if (is_array($msgData['to'])) { foreach ($msgData['to'] as $to) { if (is_array($to)) { $mail->AddBCC($to['email'], $to['name']); } else { if (COM_isEmail($to)) { $mail->AddBCC($to); } } $queued++; if ($queued >= $maxEmailsPerSend) { if (!$mail->Send()) { COM_errorLog("Email Error: " . $mail->ErrorInfo); } $queued = 0; $mail->ClearBCCs(); } } } if ($queued > 0) { if (!@$mail->Send()) { COM_errorLog("Email Error: " . $mail->ErrorInfo); } } }
/** * Saves the user's information back to the database * * @A array User's data * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (isset($_POST['merge'])) { if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) { echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit'); } USER_mergeAccounts(); } // If not set or possibly removed from template - initialize variable if (!isset($A['cooktime'])) { $A['cooktime'] = 0; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}"); $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret)) { $ret['number'] = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message hander - if not numeric use default message // - if not numeric use default message if (!is_numeric($ret)) { $ret = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $A['username']); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}"); } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = $A['new_username']; if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']); if (!empty($photo) && strstr($photo, $_USER['username']) !== false) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; @rename($imgpath . $photo, $imgpath . $newphoto); DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />'; } $profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80); $A['location'] = strip_tags($A['location']); $A['sig'] = strip_tags($A['sig']); $A['about'] = strip_tags($A['about']); $A['pgpkey'] = strip_tags($A['pgpkey']); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if ($service == '') { if (!empty($A['newp'])) { $A['newp'] = trim($A['newp']); $A['newp_conf'] = trim($A['newp_conf']); if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) { $passwd = SEC_encryptPassword($A['newp']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; $token_ttl = $A['cooktime']; } else { $cooktime = 0; $token_ttl = 14400; } $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } elseif (!SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['newp'] != $A['newp_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = 0; } $ltToken = SEC_createTokenGeneral('ltc', $cooktime); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cookie_timeout = 0; $token_ttl = 14400; } else { $cookie_timeout = time() + $A['cooktime']; $token_ttl = $A['cooktime']; } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'"); if ($cookie_timeout > 0) { $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } else { SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged((int) $_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } PLG_profileExtrasSave(); PLG_profileSave(); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
DB_query("INSERT INTO {$_TABLES['forum_watch']} (forum_id,topic_id,uid,date_added) VALUES ('{$forum}','{$pid}','{$_USER['uid']}',now() )"); } if ($_USER['email'] != '' and COM_isEmail($_USER['email'])) { $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=2&showtopic={$id}"); } else { // Invalid or no email address remind user to add one $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=12&showtopic={$id}"); } } else { $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=3&showtopic={$id}"); } } else { DB_query("INSERT INTO {$_TABLES['forum_watch']} (forum_id,topic_id,uid,date_added) VALUES ('{$forum}','{$pid}','{$_USER['uid']}',now() )"); $nid = -$id; DB_query("DELETE FROM {$_TABLES['forum_watch']} WHERE uid='{$_USER['uid']}' AND forum_id='{$forum}' AND topic_id = '{$nid}'"); if ($_USER['email'] != '' and COM_isEmail($_USER['email'])) { $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=2&showtopic={$id}"); } else { // Invalid or no email address remind user to add one $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=12&showtopic={$id}"); } } COM_output($display); exit; } elseif ($_REQUEST['submit'] == 'delete' and $id != 0) { DB_query("DELETE FROM {$_TABLES['forum_watch']} WHERE (id='{$id}')"); $display = COM_refresh($_CONF['site_url'] . "/forum/notify.php?msg=1&filter={$notifytype}"); COM_output($display); exit; } elseif ($_REQUEST['submit'] == 'delete2' and $id != '') { // Check and see if subscribed to complete forum and if so - unsubscribe to just this topic
function gf_chknotifications($forumid, $topicid, $userid, $type = 'topic') { global $_TABLES, $LANG_GF01, $LANG_GF02, $_CONF, $CONF_FORUM; $pid = DB_getItem($_TABLES['forum_topic'], 'pid', "id='{$topicid}'"); if ($pid == 0) { $pid = $topicid; } $sql = "SELECT * FROM {$_TABLES['forum_watch']} WHERE ((topic_id='{$pid}') OR ((forum_id='{$forumid}') AND (topic_id='0') )) GROUP BY uid"; $sqlresult = DB_query($sql); $postername = COM_getDisplayName($userid); $nrows = DB_numRows($sqlresult); $site_language = unserialize(DB_getItem($_TABLES['conf_values'], 'value', "group_name='Core' AND name='language'")); // Retrieve original language of site $mail_language = $_CONF['language']; $last_mail_language = $mail_language; $plugin_path = $_CONF['path'] . 'plugins/forum/'; for ($i = 1; $i <= $nrows; $i++) { $N = DB_fetchArray($sqlresult); // Don't need to send a notification to the user that posted this message and users with NOTIFY disabled if ($N['uid'] > 1 and $N['uid'] != $userid and $CONF_FORUM['allow_notification'] == '1') { // if the topic_id is 0 for this record - user has subscribed to complete forum. Check if they have opted out of this forum topic. if (DB_count($_TABLES['forum_watch'], array('uid', 'forum_id', 'topic_id'), array($N['uid'], $forumid, -$topicid)) == 0) { // Check if user does not want to receive multiple notifications for same topic and already has been notified $userNotifyOnceOption = DB_getItem($_TABLES['forum_userprefs'], 'notify_once', "uid='{$N['uid']}'"); // Retrieve the log record for this user if it exists then check if user has viewed this topic yet // The logtime value may be 0 which indicates the user has not yet viewed the topic $lsql = DB_query("SELECT time FROM {$_TABLES['forum_log']} WHERE uid='{$N['uid']}' AND forum='{$forumid}' AND topic='{$topicid}'"); if (DB_numRows($lsql) == 1) { $nologRecord = false; list($logtime) = DB_fetchArray($lsql); } else { $nologRecord = true; $logtime = 0; } if ($userNotifyOnceOption == 0 or $userNotifyOnceOption == 1 and ($nologRecord or $logtime != 0)) { $topicrec = DB_query("SELECT subject,name,forum FROM {$_TABLES['forum_topic']} WHERE id='{$pid}'"); $A = DB_fetchArray($topicrec); $userrec = DB_query("SELECT username,email,language,status FROM {$_TABLES['users']} WHERE uid='{$N['uid']}'"); $B = DB_fetchArray($userrec); if ($B['status'] == USER_ACCOUNT_ACTIVE) { // Need to send email in user own language if set, else site default // Should not use current user language if does not match if (empty($B['language'])) { $mail_language = $site_language; } else { $mail_language = $B['language']; } if ($mail_language != $last_mail_language) { $langfile = $plugin_path . 'language/' . $mail_language . '.php'; if (file_exists($langfile)) { require $langfile; $last_mail_language = $mail_language; } else { // Use site default language as backup $langfile = $plugin_path . 'language/' . $site_language . '.php'; if (file_exists($langfile)) { require $langfile; $last_mail_language = $site_language; } else { require $plugin_path . 'language/english.php'; $last_mail_language = 'english'; } } } $subjectline = "{$_CONF['site_name']} {$LANG_GF02['msg22']}"; $message = "{$LANG_GF01['HELLO']} {$B['username']},\n\n"; if ($type == 'forum') { $forum_name = DB_getItem($_TABLES['forum_forums'], forum_name, "forum_id='{$forumid}'"); $message .= sprintf($LANG_GF02['msg23b'], $A['subject'], $A['name'], $forum_name, $_CONF['site_name'], $_CONF['site_url'], $pid); } else { $message .= sprintf($LANG_GF02['msg23a'], $A['subject'], $postername, $A['name'], $_CONF['site_name']); $message .= sprintf($LANG_GF02['msg23c'], $_CONF['site_url'], $pid); } $message .= $LANG_GF02['msg26']; $message .= sprintf($LANG_GF02['msg27'], "{$_CONF['site_url']}/forum/notify.php"); $message .= "{$LANG_GF02['msg25']}{$_CONF['site_name']} {$LANG_GF01['ADMIN']}\n"; // Check and see if Site admin has enabled email notifications if ($CONF_FORUM['allow_notification']) { if ($nologRecord and $userNotifyOnceOption == 1) { DB_query("INSERT INTO {$_TABLES['forum_log']} (uid,forum,topic,time) VALUES ('{$N['uid']}', '{$forumid}', '{$topicid}','0') "); } if ($B['email'] != '' and COM_isEmail($B['email'])) { COM_mail($B['email'], $subjectline, $message); } } } } } } } }
function fncSave($mode) { global $_CONF; global $LANG_ASSIST_ADMIN; global $_TABLES; $retval = ''; //------------------ $fary = array(); $fary[] = array('name' => 'fromname', 'reserv' => 'fn'); //@@ $fary[] = array('name' => 'replyto', 'reserv' => 'rt'); $fary[] = array('name' => 'sprefix', 'reserv' => 'sp'); $fary[] = array('name' => 'sid', 'reserv' => 'si'); $fary[] = array('name' => 'testto'); $fary[] = array('name' => 'uidfrom', 'reserv' => 'uf'); $fary[] = array('name' => 'uidto', 'reserv' => 'ut'); ///@@@@@ 20111220 delete $fary[]=array('name' =>'last_schedule' ); $fary[] = array('name' => 'introbody', 'reserv' => 'ib'); //@@ $fary[] = array('name' => 'overstyr', 'reserv' => 'os'); //@@ $fary[] = array('name' => 'toenv', 'reserv' => 'te'); //@@ $fary[] = array('name' => 'selectgroup', 'reserv' => 'sg'); //@@ $fary[] = array('name' => 'bulkmm', 'reserv' => 'bm'); //@@ $fary[] = array('name' => 'bulkcnt', 'reserv' => 'bc'); //@@ //------------------ // clean 'em up $fromname = COM_applyFilter($_POST['fromname']); $fromname = addslashes(COM_checkHTML(COM_checkWords($fromname))); $replyto = COM_applyFilter($_POST['replyto']); $replyto = addslashes(COM_checkHTML(COM_checkWords($replyto))); //-- $sprefix = COM_applyFilter($_POST['sprefix']); $sprefix = addslashes(COM_checkHTML(COM_checkWords($sprefix))); $sid = COM_applyFilter($_POST['sid']); $sid = addslashes(COM_checkHTML(COM_checkWords($sid))); $testto = COM_applyFilter($_POST['testto']); $testto = addslashes(COM_checkHTML(COM_checkWords($testto))); $uidfrom = COM_applyFilter($_POST['uidfrom'], true); $uidfrom = addslashes(COM_checkHTML(COM_checkWords($uidfrom))); $uidto = COM_applyFilter($_POST['uidto'], true); $uidto = addslashes(COM_checkHTML(COM_checkWords($uidto))); // hiroron start 2010/07/13 $dt_year = COM_applyFilter($_POST['datetime_year'], true); $dt_month = COM_applyFilter($_POST['datetime_month'], true); $dt_day = COM_applyFilter($_POST['datetime_day'], true); $dt_hour = COM_applyFilter($_POST['datetime_hour'], true); $dt_minute = COM_applyFilter($_POST['datetime_minute'], true); // hiroron end 2010/07/13 $dt = COM_convertDate2Timestamp($dt_year . '-' . $dt_month . '-' . $dt_day, $dt_hour . ':' . $dt_minute . ':00'); $uidto = COM_applyFilter($_POST['uidto'], true); $uidto = addslashes(COM_checkHTML(COM_checkWords($uidto))); // 冒頭文 本文 introbody $introbody = COM_applyFilter($_POST['introbody'], true); $introbody = addslashes(COM_checkHTML(COM_checkWords($introbody))); // ユーザの受信許可設定を無視して送る $overstyr = COM_applyFilter($_POST['overstyr'], true); $overstyr = addslashes(COM_checkHTML(COM_checkWords($overstyr))); //送信先環境 $toenv = COM_applyFilter($_POST['toenv'], true); $toenv = addslashes(COM_checkHTML(COM_checkWords($toenv))); //送信先グループ $selectgroup = COM_applyFilter($_POST['selectgroup'], true); $selectgroup = addslashes(COM_checkHTML(COM_checkWords($selectgroup))); //一括予約 $bulkmm = COM_applyFilter($_POST['bulkmm'], true); $bulkmm = addslashes(COM_checkHTML(COM_checkWords($bulkmm))); $bulkcnt = COM_applyFilter($_POST['bulkcnt'], true); $bulkcnt = addslashes(COM_checkHTML(COM_checkWords($bulkcnt))); // CHECK はじめ $err = ""; //差出人必須 if (empty($fromname)) { $err .= $LANG_ASSIST_ADMIN['err_fromname'] . "<br/>" . LB; } if (COM_isEmail($replyto) == false) { $err .= $LANG_ASSIST_ADMIN['err_replyto'] . "<br/>" . LB; } //差出人必須 // hiroron start 2010/07/13 // if ($mode==="test" OR $mode==="send"){ if ($mode === "test" or $mode === "send" or $mode === "reserv") { // hiroron end 2010/07/13 if ($sid == "") { $err .= $LANG_ASSIST_ADMIN['err_sid'] . "<br/>" . LB; } } //test 送信先 if ($mode === "test") { if ($test === "") { $err .= $LANG_ASSIST_ADMIN['err_testto'] . "<br/>" . LB; } } if ($testto != "") { if (COM_isEmail($testto) == false) { $err .= $LANG_ASSIST_ADMIN['err_testto'] . "<br/>" . LB; } } // hiroron start 2010/07/13 // 予約送信 if ($mode === 'reserv') { if ($dt_year === "" or $dt_month === "" or $dt_day === "" or $dt_hour === "" or $dt_minute === "") { $err .= $LANG_ASSIST_ADMIN['err_reserv'] . "<br/>" . LB; } } // hiroron end 2010/07/13 //errorのあるとき if ($err != "") { return $err; } // CHECK おわり $fields = "name"; $fields .= ",value"; // for ($i = 0; $i < count($fary); $i++) { $fname = $fary[$i]['name']; $values = "'assist_{$fname}'"; $values .= ",'{${$fname}}'"; DB_save($_TABLES['vars'], $fields, $values); } //assist_re_datetime $values = "'assist_re_datetime'"; $values .= ",'{$dt}'"; DB_save($_TABLES['vars'], $fields, $values); // hiroron start 2010/07/13 if ($mode === "reserv") { $ts = $dt; //assist_fn_1234567890 for ($i = 0; $i < count($fary); $i++) { $reserv = $fary[$i]['reserv']; if ($reserv != "") { $fname = $fary[$i]['name']; $values = "'assist_{$reserv}_{$ts}'"; $values .= ",'{${$fname}}'"; DB_save($_TABLES['vars'], $fields, $values); } } $values = "'assist_li_{$ts}'"; $values .= ",'0'"; DB_save($_TABLES['vars'], $fields, $values); touch($_CONF['path_data'] . "assist_reserv_{$ts}"); } // hiroron end 2010/07/13 $rt = $LANG_ASSIST_ADMIN['mail_save_ok']; return $rt; }
/** * This function allows the administrator to import batches of users * * TODO: This function should first display the users that are to be imported, * together with the invalid users and the reason of invalidity. Each valid line * should have a checkbox that allows selection of final to be imported users. * After clicking an extra button, the actual import should take place. This will * prevent problems in case the list formatting is incorrect. * * @return string HTML with success or error message * */ function importusers() { global $_CONF, $_TABLES, $LANG04, $LANG28; // Setting this to true will cause import to print processing status to // webpage and to the error.log file $verbose_import = true; $retval = ''; // Bulk import implies admin authorisation: $_CONF['usersubmission'] = 0; // First, upload the file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($_CONF['path_data']); $upload->setAllowedMimeTypes(array('text/plain' => '.txt')); $upload->setFileNames('user_import_file.txt'); if ($upload->uploadFiles()) { // Good, file got uploaded, now install everything $thefile = current($_FILES); $filename = $_CONF['path_data'] . 'user_import_file.txt'; if (!file_exists($filename)) { // empty upload form $retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform'); return $retval; } } else { // A problem occurred, print debug information $retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); return $retval; } $users = file($filename); $retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header')); // Following variables track import processing statistics $successes = 0; $failures = 0; foreach ($users as $line) { $line = rtrim($line); if (empty($line)) { continue; } list($full_name, $u_name, $email) = explode("\t", $line); $full_name = strip_tags($full_name); $u_name = COM_applyFilter($u_name); $email = COM_applyFilter($email); if ($verbose_import) { $retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n"; COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1); } // prepare for database $userName = trim($u_name); $fullName = trim($full_name); $emailAddr = trim($email); if (COM_isEmail($email)) { // email is valid form $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr)); if ($ucount == 0 && $ecount == 0) { // user doesn't already exist - pass in optional true for $batchimport parm $uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true); $result = USER_createAndSendPassword($userName, $emailAddr, $uid); if ($result) { $successes++; if ($verbose_import) { $retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n"; COM_errorLog("Account for {$u_name} created successfully", 1); } } else { // user creation failed $retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n"; COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1); } } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n"; // user already exists COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1); } $failures++; } // end if $ucount == 0 && ecount == 0 } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n"; // malformed email COM_errorLog("{$email} is not a valid email address, account not created", 1); } $failures++; } // end if COM_isEmail($email) } // end foreach unlink($filename); $retval .= '<p>' . sprintf($LANG28[32], $successes, $failures); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24])); return $retval; }
function MG_sendPostCard() { global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST; global $LANG_DIRECTION, $LANG_CHARSET; $mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true)); $toname = COM_applyFilter($_POST['toname']); $toemail = COM_applyFilter($_POST['toemail']); $fromname = COM_applyFilter($_POST['fromname']); $fromemail = COM_applyFilter($_POST['fromemail']); $subject = strip_tags(COM_checkWords($_POST['subject'])); $message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message']))); $ccself = isset($_POST['ccself']) ? 1 : 0; $errCount = 0; $msg = ''; if (!COM_isEmail($toemail)) { $errCount++; } if (!COM_isEmail($fromemail)) { $errCount++; } if (empty($subject)) { $errCount++; } if (empty($message)) { $errCount++; } $captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : ''; $msg = PLG_itemPreSave('mediagallery', $captchaString); if ($msg != '') { $errCount++; } if ($errCount > 0) { return MG_editPostCard('edit', $mid, $msg); } $retval = ''; $aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"'); if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows < 1) { $retval = MG_siteHeader(); $retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true); $retval .= MG_siteFooter(); echo $retval; exit; } $M = DB_fetchArray($result); // trim the database $purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400; DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate); // save this one in the database $newsubject = DB_escapeString($subject); $newmessage = DB_escapeString($message); $pcId = COM_makesid(); $pc_time = time(); if (COM_isAnonUser()) { $uid = 1; } else { $uid = (int) $_USER['uid']; } $sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})"; $result = DB_query($sql); if (DB_error()) { COM_errorLog("Media Gallery: Error saving postcard"); } COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard'); $last = COM_checkSpeedlimit('mgpostcard'); if ($last > 0) { $msg = sprintf($LANG_MG02['postcard_speedlimit'], $last); return MG_errorHandler($msg); } $alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId; // build the template... $T = new Template(MG_getTemplatePath($aid)); $T->set_file('postcard', 'postcard.thtml'); $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg'); if (empty($LANG_DIRECTION)) { // default to left-to-right $direction = 'ltr'; } else { $direction = $LANG_DIRECTION; } if (empty($LANG_CHARSET)) { $charset = $_CONF['default_charset']; if (empty($charset)) { $charset = 'iso-8859-1'; } } else { $charset = $LANG_CHARSET; } $T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit'])); $T->parse('output', 'postcard'); $retval .= $T->finish($T->get_var('output')); $msgData['subject'] = htmlspecialchars($subject); $msgData['htmlmessage'] = $retval; $msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link); $msgData['from']['email'] = $fromemail; $msgData['from']['name'] = $fromname; $msgData['to'][] = array('email' => $toemail, 'name' => $toname); if ($ccself) { $msgData['to'][] = array('email' => $fromemail, 'name' => $fromname); } foreach ($_MG_CONF['validExtensions'] as $tnext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) { $msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']); } } $msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif'); COM_emailNotification($msgData); $msgNo = 8; // update the sent post card database...Or maybe just log it in an error log? $logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid; MG_postcardLog($logentry); COM_updateSpeedlimit('mgpostcard'); header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid); exit; }
if (empty($sid)) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } else { if ($_CONF['hideemailicon'] == 1) { $display = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid)); } else { $display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter(); } } break; case 'sendstory': $sid = COM_applyFilter($_POST['sid']); if (empty($sid)) { $display = COM_refresh($_CONF['site_url'] . '/index.php'); } else { if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail']) || strpos($_POST['to'], '@') !== false || strpos($_POST['from'], '@') !== false) { $display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg'], 52) . COM_siteFooter(); } else { if (empty($_POST['to']) || empty($_POST['from']) || empty($_POST['shortmsg'])) { $display .= COM_siteHeader('menu', $LANG08[17]) . COM_showMessageText($LANG08[22]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter(); } else { $msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']); if (!empty($msg)) { $display .= COM_siteHeader('menu', $LANG08[17]) . COM_errorLog($msg, 2) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter(); } else { $display .= mailstory($sid, $_POST['to'], $_POST['toemail'], $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']); } } } } break;
function fncimportexec() { global $_CONF; global $_TABLES; global $LANG_ASSIST_ADMIN; // true:画面にもOKNG経過表示,ログファイルへ出力 // false:ログファイルへ出力のみ $verbose_import = true; $retval = ''; // Bulk import implies admin authorisation: $_CONF['usersubmission'] = 0; // First, upload the file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($_CONF['path_data']); $upload->setAllowedMimeTypes(array('text/plain' => '.txt')); $upload->setFileNames('user_import_file.txt'); if ($upload->uploadFiles()) { // Good, file got uploaded, now install everything $thefile = current($_FILES); $filename = $_CONF['path_data'] . 'user_import_file.txt'; if (!file_exists($filename)) { // empty upload form $retval = COM_refresh($_CONF['site_admin_url'] . "/plugins/" . THIS_PLUGIN . "/" . THIS_SCRIPT . "?msg=err_empty"); return $retval; } } else { //echo "かくにんのこと"."<br>"; $retval = COM_siteHeader('menu', $LANG28[22]); $retval .= COM_startBlock($LANG28[24], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $upload->printErrors(false); $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); return $retval; } //file 処理 $users = file($filename); $retval .= COM_startBlock($LANG_ASSIST_ADMIN['import'], '', COM_getBlockTemplate('_admin_block', 'header')); $successes = 0; $failures = 0; foreach ($users as $line) { $line = rtrim($line); if (empty($line)) { continue; } //echo "line2=".$line."<br>"; list($u_id, $full_name, $u_name, $email) = explode("\t", $line); $u_id = COM_applyFilter($u_id, true); $full_name = strip_tags($full_name); $u_name = COM_applyFilter($u_name); $email = COM_applyFilter($email); if ($verbose_import) { $w = "<br" . XHTML . ">"; $w .= "<b>Working on "; $w .= "uid={$u_id}"; $w .= ", username={$u_name}"; $w .= ", fullname={$full_name}"; $w .= ", email={$email}"; $w .= "</b>"; $w .= "<br" . XHTML . ">\n"; $retval .= $w; COM_errorLog($w, 1); } // 読み込みデータ $uid = trim($u_id); //ユーザID $userName = trim($u_name); //ユーザ名 $fullName = trim($full_name); //氏名 $emailAddr = trim($email); // メールアドレス // CHECK はじめ $err = 0; // E_mailAdress が正しい if (COM_isEmail($email)) { $ucount = DB_count($_TABLES['users'], 'username', addslashes($userName)); $ecount = DB_count($_TABLES['users'], 'email', addslashes($emailAddr)); $icount = DB_count($_TABLES['users'], 'uid', $uid); if ($ucount == 0 && $ecount == 0 && $icount == 0) { // ユーザ名 メールアドレス ユーザID いずれかが登録済 } else { $err = -1; $w = "<br" . XHTML . ">"; $w .= "<b>{$u_name}</b> or <b>{$email}</b> or <b>uid={$uid}</b> already exists"; $w .= ", account not created.<br" . XHTML . ">\n"; COM_errorLog($w, 1); if ($verbose_import) { $retval .= $w; } } // E_mailAdress が正しくない } else { $err = -1; $w = "<br" . XHTML . ">"; $w .= "<b>{$email}</b> is not a valid email address"; $w .= ", account not created<br" . XHTML . ">\n"; COM_errorLog($w, 1); if ($verbose_import) { $retval .= $w; } } // ユーザ名 が未設定 if ($u_name == "") { $err = -1; $w = "<br" . XHTML . ">"; $w .= "<b>{$uname}</b> is not a valid user name"; $w .= ", account not created<br" . XHTML . ">\n"; COM_errorLog($w, 1); if ($verbose_import) { $retval .= $w; } } //-----エラーがなければ、アカウントを作成する if ($err == 0) { $passwd = ""; $homepage = ''; //アカウントの作成 $result = fnccreateAccount($userName, $emailAddr, $passwd, $fullName, $homepage, $uid); // アカウントの作成OK if ($result) { $successes++; $w = "<br" . XHTML . "> "; $w .= "Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n"; COM_errorLog($w, 1); if ($verbose_import) { $retval .= $w; } // アカウントの作成NG } else { $failures++; // user creation failed $w = "<br" . XHTML . ">ERROR: There was a problem creating the account for "; $w .= "<b>{$u_name}</b>.<br" . XHTML . ">\n"; $retval .= $w; COM_errorLog($w, 1); $failures++; } } else { $failures++; } } // end foreach unlink($filename); $retval .= '<p>' . sprintf($LANG28[32], $successes, $failures); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }