Пример #1
0
function init()
{
    global $MayBeDuplicate;
    if (get_magic_quotes_gpc()) {
        bw_error("The software is not meant to work with PHP magic_quotes_gpc = On. Please turn it Off (probably in php.ini).");
    }
    $phpexts = get_loaded_extensions();
    if (!in_array("gd", $phpexts)) {
        bw_error("Install GD module in PHP before going on.");
    }
    if (isset($_SERVER["SERVERNAME"])) {
        // This is only to be done for interactive session (typically mailbot.php, run by a cron gives an error for this)
        $apacheexts = apache_get_modules();
        if (!in_array("mod_rewrite", $apacheexts)) {
            bw_error("Install mod_rewrite module in Apache before going on.");
        }
    }
    if (version_compare(phpversion(), "5.0.0") < 0) {
        bw_error("PHP version is lower than 5.0.0. Please update. ");
    }
    SetupSession();
    DBConnect();
    // a duplicate use by several users has been detected
    if (!empty($MayBeDuplicate)) {
        LogStr($MayBeDuplicate);
    }
    LanguageChangeTest();
    // evaluate the events (messages received, keep uptodate whoisonline ...)
    EvaluateMyEvents();
    // Check if the navigation of the user must be logged
    if (HasFlag("RecordLogs")) {
        $url = $_SERVER['PHP_SELF'];
        if (!empty($_SERVER['QUERY_STRING'])) {
            $url .= "?" . $_SERVER['QUERY_STRING'];
        }
        LogStr("url=" . $url, "RecordLogs");
    }
}
Пример #2
0
function sql_query($ss_sql)
{
    if (isset($_SESSION['sql_query']) && $_SESSION['sql_query'] == "AlreadyIn") {
        //	  die ("<br>recursive sql_query<br>".$ss_sql);
    }
    $_SESSION['sql_query'] = "AlreadyIn";
    $qry = mysql_query($ss_sql . " /* " . $_SERVER["PHP_SELF"] . " */");
    if ($qry) {
        $_SESSION['sql_query'] = "";
        return $qry;
    }
    $error = mysql_error();
    if (HasRight("Debug") or $_SERVER['SERVER_NAME'] == 'localhost') {
        $_SESSION['sql_query'] = "";
        bw_error(debug("<br>query problem with<br><font color=red> {$ss_sql} mysql_error: " . $error . "</font><br>"));
    } else {
        error_log(debug("\nquery problem with\n {$ss_sql} mysql_error: " . $error . "\n"));
        LogStr("Pb with <b>" . $ss_sql . "</b>", "sql_query");
        die("query problem " . $_SERVER['REMOTE_ADDR'] . " " . date("F j, Y, g:i a"));
    }
}
Пример #3
0
function bw_sendmail($to, $_mail_subject, $text, $textinhtml = "", $extra_headers = "", $_FromParam = "", $IdLanguage = 0, $PreferenceHtmlEmail = "yes", $LogInfo = "", $replyto = "", $ParamGreetings = "")
{
    global $_SYSHCVOL;
    $mail_subject = $_mail_subject;
    // This is aimed to produce an additional information in the subject of the mail when it is not sent via www.bewelcome.org
    if (isset($_SERVER['SERVER_NAME']) and $_SERVER['SERVER_NAME'] != "www.bewelcome.org") {
        $mail_subject = "[via " . $_SERVER['SERVER_NAME'] . "]" . $_mail_subject;
    }
    if (isset($_SESSION['verbose'])) {
        $verbose = $_SESSION['verbose'];
    } else {
        $verbose = false;
    }
    $FromParam = $_FromParam;
    if ($_FromParam == "") {
        $FromParam = $_SYSHCVOL['MessageSenderMail'];
    }
    // Is sender in format "name" <email@address>?
    if (strpos($FromParam, '" <')) {
        $parts = explode('" <', $FromParam);
        $From = array(substr($parts[1], 0, -1) => substr($parts[0], 1));
    } else {
        $From = $FromParam;
    }
    $text = str_replace("<br />", "", $text);
    $text = str_replace("\r\n", "\n", $text);
    // solving the century-bug: NO MORE DAMN TOO MANY BLANK LINES!!!
    $use_html = $PreferenceHtmlEmail;
    if ($use_html == "html") {
        $use_html = "yes";
    }
    if ($verbose) {
        echo "<br />use_html=[" . $use_html . "] mail to " . $to . "<br />\n\$_SERVER['SERVER_NAME']=", $_SERVER['SERVER_NAME'], "<br />\n";
    }
    if (stristr($text, ";&#") != false) {
        // if there is any non ascii char, force html
        if ($verbose) {
            echo "<br />1 <br />\n";
        }
        if ($use_html != "yes") {
            if ($verbose) {
                echo "<br /> no html 2<br />\n";
            }
            $use_html = "yes";
            if ($LogInfo == "") {
                LogStr("Forcing HTML for message to " . $to, "hcvol_mail");
            } else {
                LogStr("Forcing HTML <b>{$LogInfo}</b>", "hcvol_mail");
            }
        }
    }
    $headers = $extra_headers;
    if (!strstr($headers, "From:") and $From != "") {
        $headers = $headers . "From:" . utf8_encode($FromParam) . "\n";
    }
    if ($use_html == "yes" or strpos($text, "<html>") !== false) {
        // if html is forced or text is in html then add the MIME header
        if ($verbose) {
            echo "<br />3<br />";
        }
        $use_html = "yes";
    }
    if ($replyto != "") {
        $headers = $headers . "Reply-To:" . utf8_encode($replyto);
        //replyto stays the same
    }
    if (!strstr($headers, "Reply-To:") and $From != "") {
        $headers = $headers . "Reply-To:" . utf8_encode($FromParam);
        $replyto = $From;
    } elseif (!strstr($headers, "Reply-To:")) {
        $headers = $headers . "Reply-To:" . utf8_encode($_SYSHCVOL['MessageSenderMail']);
        $replyto = $_SYSHCVOL['MessageSenderMail'];
    }
    $headers .= "\nX-Mailer:PHP";
    // mail of client
    $Greetings = $ParamGreetings;
    if ($use_html == "yes") {
        if ($verbose) {
            echo "<br/ >4<br />\n";
        }
        if ($textinhtml != "") {
            if ($verbose) {
                echo "<br>5 will use text in html paramameter<br>";
            }
            $texttosend = $textinhtml;
        } else {
            if ($verbose) {
                echo "<br>6<br>\n";
            }
            $texttosend = $text;
        }
        if (strpos($texttosend, "<html>") === false) {
            // If not allready html
            if ($verbose) {
                echo "<br>7<br>";
            }
            $html_text = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n" . "<html>\n<head>\n<title>" . $mail_subject . "</title>\n</head>\n<body bgcolor='#ffffcc'>\n" . str_replace("\n", "<br>", $texttosend);
            $html_text .= "<br>" . $Greetings;
            $html_text .= "\n</body>\n</html>";
        } else {
            if ($verbose) {
                echo "<br>8<br>\n";
            }
            $html_text = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n" . str_replace("\n", "<br>\n", $texttosend);
            // In this case, its already in html, \n are to replace by <br>
        }
    }
    if ($verbose) {
        echo "<br>9 <br>\n";
    }
    $plain_text = $text . "\n" . $Greetings;
    $plain_text = str_replace("<br>", "\n", $plain_text);
    $plain_text = str_replace("</td>", "</td>\n", $plain_text);
    if ($verbose) {
        echo "<br>10 " . nl2br($html_text) . "<br>\n";
    }
    if ($verbose) {
        echo "<br>12 " . $html_text . "<br>\n";
    }
    // Debugging trick
    if ($verbose) {
        echo "<table bgcolor='#ffff99' cellspacing=3 cellpadding=3 border=2><tr><td>";
        echo "\$From:<font color=#6633ff>{$From}</font> \$To:<font color=#6633ff>{$to}</font><br />";
        echo "\$mail_subject:<font color=#6633ff><b>", $mail_subject, "</b></font></td>";
        $ss = $headers;
        echo "<tr><td>\$headers=<font color=#ff9933>";
        for ($ii = 0; $ii < strlen($ss); $ii++) {
            $jj = ord($ss[$ii]);
            if ($jj == 10) {
                echo "\\n<br>";
            } elseif ($jj == 13) {
                echo "\\r";
            } else {
                echo chr($jj);
            }
        }
        echo "</font></td>";
        echo "<tr><td><font color=#6633ff>", htmlentities($html_text), "</font></td>";
        if ($use_html == "yes") {
            echo "<tr><td>{$html_text}</td>";
        }
        echo "</table><br />";
    }
    // end of for $ii
    // end of debugging trick
    // remove new line in $mail_subject because it is not accepted
    if ($verbose) {
        echo "<br>13 removing extra \\n from \$mail_subject<br>\n";
    }
    //CZ_070619: Removing the newlines
    $mail_subject = str_replace("\n", "", $mail_subject);
    $mail_subject = str_replace("\r", "", $mail_subject);
    //CZ_070702: Let's check if the string isnt already in utf8
    if (!mb_check_encoding($mail_subject, "UTF-8")) {
        //CZ_070619: now encoding the subject
        $mail_subject = utf8_encode($mail_subject);
    }
    if (!is_object($From) && !is_array($From) && !mb_check_encoding($From, "UTF-8")) {
        $From = utf8_encode($From);
    }
    //Create the message
    $message = Swift_Message::newInstance()->setSubject($mail_subject)->setFrom($From)->setTo($to);
    $config = HTMLPurifier_Config::createDefault();
    $config->set('Cache.SerializerPath', SCRIPT_BASE . 'data');
    $config->set('HTML.Allowed', 'a[href]');
    $purifier = new HTMLPurifier($config);
    $plain_text = $purifier->purify($plain_text);
    $message->setBody($plain_text);
    $message->addPart($plain_text, 'text/plain', 'utf-8');
    //attach the html if used.
    if ($use_html) {
        $message->addPart($html_text, 'text/html', 'utf-8');
    }
    // Create transport
    $transport = Swift_SmtpTransport::newInstance('localhost', 25, false);
    // Create mailer using transport
    $mailer = Swift_Mailer::newInstance($transport);
    //send the message to the list of member in the mail
    $tolist = explode(";", $to);
    $ret = "";
    foreach ($tolist as $email) {
        $ret = $ret . $mailer->send($message);
    }
    if ($verbose) {
        echo "<br />14 <br />\n";
        echo "headers:\n";
        print_r($headers);
        echo "\n<br />to=", $to, "<br />\n";
        echo "subj=", $mail_subject, "<br />";
        echo "text :<i>", htmlentities($html_text), "</i><br />\n";
        echo " \$ret=", $ret, "<br />\n";
    }
    return $ret;
}
Пример #4
0
     die("Sorry your query [" . $sQuery . "] has failed #IdQuery=<b>" . $IdQuery . "</b>");
     DisplayMyResults(array(), array(), array(), null, "Sorry your query [" . $sQuery . "] has failed #IdQuery=<b>" . $IdQuery . "</b>", $TList);
     break;
 }
 if (stripos($sQuery, "--") === 0 or stripos($sQuery, "//") === 0) {
     // Proceed with comments
     $_TResult[] = $sQuery;
     $_TTitle[] = $sQuery;
 } elseif (stripos($sQuery, "delete") === 0 or stripos($sQuery, "update") === 0 or stripos($sQuery, "truncate") === 0 or stripos($sQuery, "replace") === 0 or stripos($sQuery, "insert") === 0) {
     if (!$qry) {
         $Message = $sQuery . "<br><b>" . mysql_error() . "</b>";
     } else {
         $AffectedRows = mysql_affected_rows();
         $Message = $AffectedRows . " affected rows<br />";
         $iCount = 0;
         LogStr($AffectedRows . " affected rows by query IdQuery=#" . $IdQuery . " /#" . $jj, "adminquery");
         $TTitle[] = "Affected rows";
         $TResult[] = sprintf("%d", $AffectedRows);
         $_TResult[] = $TResult;
         $_TTitle[] = $TTitle;
     }
 } else {
     $AffectedRows = 0;
     $iCount = mysql_num_fields($qry);
     for ($ii = 0; $ii < $iCount; $ii++) {
         $TTitle[$ii] = mysql_field_name($qry, $ii);
     }
     while ($rr = mysql_fetch_array($qry)) {
         array_push($TResult, $rr);
     }
     $_TResult[] = $TResult;
Пример #5
0
if (array_key_exists('switchtrans', $_SESSION) and $_SESSION['switchtrans'] == 'on') {
    //  echo "<a href=\"",$langurl,"switchtrans=off\"><img border=0 height=10 src=\"images/showtransarray.gif\" alt=\"remove translation mode\" width=16></a>&nbsp;";
    $pagetotranslate = $_SERVER['PHP_SELF'];
    if ($pagetotranslate[0] == "/") {
        $pagetotranslate[0] = "_";
    }
    echo "      <a href=\"" . bwlink("admin/adminwords.php?showtransarray=1&amp;pagetotranslate=" . $pagetotranslate) . "\" target=\"_blank\"><img height=\"11px\" width=\"16px\" src=\"" . bwlink("images/switchtrans.gif") . "\" alt=\"go to current translation list for " . $_SERVER['PHP_SELF'] . "\" title=\"go to current translation list for " . $_SERVER['PHP_SELF'] . "\" /></a>\n";
}
echo "      </div>\n";
echo "      <p>&nbsp;</p>\n";
echo "\t<p class=\"center\">";
echo "\t\t<a href=\"../about\">" . ww("AboutUsPage") . "</a>|";
echo "    <a href=\"../terms\">" . ww('TermsOfUse') . "</a>|";
echo "    <a href=\"../privacy\">" . ww('Privacy') . "</a>|";
echo "\t\t<a href=\"../impressum\">" . ww("Impressum") . "</a>|";
echo "\t\t<a href=\"" . bwlink("faq.php") . "\">" . "faq" . "</a>|";
echo "\t\t<a href=\"" . bwlink("feedback.php") . "\">" . ww("Contact") . "</a>";
echo "\t</p>";
echo "      <p class=\"center\">&copy;2007-2008 <strong>BeWelcome</strong> - " . ww("TheHospitalityNetwork") . "</p>\n";
echo "    </div>   <!-- footer --> \n";
echo "  </div>   <!-- page --> \n";
echo "</div>   <!-- page_margins --> \n";
echo "</body>\n";
echo "</html>\n";
// This will log the delay if a $started_time=time() was issued in config.inc.php and if the delay exceed one second
// in config.inc.php it must also be declared as global
global $started_time;
if (isset($started_time) and $started_time > 0) {
    $started_time = $started_time - time();
    LogStr("Delay for the page according to footer " . $started_time . " second [" . $_SERVER['PHP_SELF'] . "]", "DebugDelay");
}
Пример #6
0
function ComputeSpamCheck($IdMess)
{
    $Mes = LoadRow("select * from messages where id=" . $IdMess);
    if (isset($Mes->id)) {
        $CheckerComment = $Mes->CheckerComment;
        // Case NeverCheckSendMail
        if (HasFlag("NeverCheckSendMail", "", $Mes->IdSender)) {
            $Status = 'ToSend';
            $SpamInfo = "NotSpam";
            $CheckerComment .= "Sent by member with NeverCheckSendMail \n";
            $str = "update messages set Status='" . $Status . "',CheckerComment='" . $CheckerComment . "',SpamInfo='" . $SpamInfo . "' where id=" . $Mes->id . " and Status!='Sent'";
            sql_query($str);
            LogStr("NeverCheckSendMail for message #" . $IdMess . " from <b>" . fUsername($Mes->IdSender) . "</b> to <b>" . fUsername($Mes->IdReceiver) . "</b>", "AutoSpamCheck");
            return $Status;
        }
        // Test what the Spam mark should be
        $SpamInfo = "NotSpam";
        // By default its not a Spam
        $tt = explode(";", wwinlang("MessageBlackWord", 0));
        $max = count($tt);
        for ($ii = 0; $ii < $max; $ii++) {
            if (strstr($Mes->Message, $tt[$ii]) != "" and $tt[$ii] != "") {
                $SpamInfo = "SpamBlkWord";
                $CheckerComment .= "Has BlackWord <b>" . $tt[$ii] . "</b>\n";
            }
        }
        $tt = explode(";", wwinlang("MessageBlackWord", GetDefaultLanguage($Mes->IdSender)));
        $max = count($tt);
        for ($ii = 0; $ii < $max; $ii++) {
            if (strstr($Mes->Message, $tt[$ii]) != "" and $tt[$ii] != "") {
                $SpamInfo = "SpamBlkWord";
                $CheckerComment .= "Has BlackWord (in sender language)<b>" . $tt[$ii] . "</b>\n";
            }
        }
        // End of Test what the Spam mark should be
        // Case AlwayCheckSendMail
        if (HasFlag("AlwayCheckSendMail", "", $Mes->IdSender)) {
            $Status = 'ToCheck';
            $CheckerComment .= "Sent by member with AlwayCheckSendMail \n";
            $str = "update messages set Status='" . $Status . "',CheckerComment='" . $CheckerComment . "',SpamInfo='" . $SpamInfo . "' where id=" . $Mes->id . " and Status!='Sent'";
            sql_query($str);
            LogStr("AlwayCheckSendMail for message #" . $IdMess . " from <b>" . fUsername($Mes->IdSender) . "</b> to <b>" . fUsername($Mes->IdReceiver) . "</b>", "AutoSpamCheck");
            return $Status;
        }
        // Case if receiver has preference PreferenceCheckMyMail set to "Yes"  : mail is always set to toCheck
        $rPrefCheckMyMail = LoadRow("select *  from memberspreferences where IdMember=" . $Mes->IdReceiver . " and IdPreference=4");
        // PreferenceCheckMyMail --> IdPref=4
        if (isset($rPrefCheckMyMail->Value) and $rPrefCheckMyMail->Value == 'Yes') {
            // if member has choosen CheckMyMail
            $Status = 'ToCheck';
            $CheckerComment .= "Member has asked for checking\n";
            $str = "update messages set Status='" . $Status . "',CheckerComment='" . $CheckerComment . "',SpamInfo='" . $SpamInfo . "' where id=" . $Mes->id . " and Status!='Sent'";
            sql_query($str);
            LogStr("PreferenceCheckMyMail for message #" . $IdMess . " from <b>" . fUsername($Mes->IdSender) . "</b> to <b>" . fUsername($Mes->IdReceiver) . "</b>", "AutoSpamCheck");
            return $Status;
        }
        // Default case
        $Status = 'ToSend';
        $str = "update messages set Status='" . $Status . "',CheckerComment='" . $CheckerComment . "',SpamInfo='" . $SpamInfo . "' where id=" . $Mes->id . " and Status!='Sent'";
        sql_query($str);
        return $Status;
    }
}
Пример #7
0
function GetCryptM($ss, $IsCrypted = "crypted")
{
    //	LogStr(" entering GetCryptM(\"".addslashes($ss)."\",\"".$IsCrypted."\")","JYH") ;
    switch ($IsCrypted) {
        case "crypted":
        case "always":
            if (strstr($ss, "<membercrypted>") !== false) {
                return $ss;
            }
            // todo add right test
            return "<membercrypted>" . CryptM($ss) . "</membercrypted>";
            break;
        case "not crypted":
            return strip_tags($ss);
            break;
        default:
            // we should never come here
            $strlog = "FunctionsCrypt.php:: function GetCryptM() Problem to encrypt " . $ss . " IsCrypted=[" . $IsCrypted . "]";
            if (function_exists(LogStr)) {
                LogStr($strlog, "Bug");
            }
            if (function_exists(bw_error)) {
                bw_error($strlog);
            } else {
                error_log($strlog);
            }
            die("Major problem with crypting issue");
    }
    // end of switch
}
Пример #8
0
switch (GetParam("action")) {
    case "del":
        $str = "delete from intermembertranslations where IdTranslator=" . GetParam("IdTranslator") . " and IdMember=" . $IdMember;
        sql_query($str);
        LogStr("Removing translator <b>" . fUserName(GetParam("IdTranslator")) . "</b>", "mytranslators");
        break;
    case "add":
        // todo
        $IdTranslator = IdMember(GetParam("Username"), 0);
        $IdLanguage = Getparam("IdLanguage");
        $rr = LoadRow("select id from intermembertranslations where IdTranslator=" . $IdTranslator . " and IdMember=" . $IdMember . " and IdLanguage=" . $IdLanguage);
        if (!isset($rr->id) and $IdTranslator != 0) {
            // if not allready exists
            $str = "insert into intermembertranslations(IdTranslator,IdMember,IdLanguage) values(" . $IdTranslator . "," . $IdMember . "," . $IdLanguage . ")";
            sql_query($str);
            LogStr("Adding translator <b>" . fUserName(GetParam("IdTranslator")) . "</b> for language", "mytranslators");
        }
        break;
}
$TData = array();
$str = "select intermembertranslations.*,members.Username,members.ProfileSummary,cities.Name as cityname,regions.Name as regionname,countries.Name as countryname,membersphotos.FilePath as photo,membersphotos.Comment";
$str .= " from intermembertranslations,cities,countries,regions,recentvisits,members left join membersphotos on membersphotos.IdMember=members.id and membersphotos.SortOrder=0 where cities.IdRegion=regions.id and countries.id=cities.IdCountry and cities.id=members.IdCity and status='Active' and members.id=intermembertranslations.IdTranslator and intermembertranslations.IdMember=" . $IdMember . " and members.status='Active' GROUP BY members.id order by intermembertranslations.updated desc";
$qry = sql_query($str);
while ($rr = mysql_fetch_object($qry)) {
    if ($rr->ProfileSummary > 0) {
        $rr->ProfileSummary = FindTrad($rr->ProfileSummary);
    } else {
        $rr->ProfileSummary = "";
    }
    array_push($TData, $rr);
}
Пример #9
0
function toggleAction($act, $newValue)
{
    $str = "UPDATE comments SET {$act} = {$newValue} WHERE id=" . Getparam("IdComment");
    sql_query($str);
    LogStr(" Toggling <b>hide</b> for IdComment #" . Getparam("IdComment"), "AdminComment");
}
Пример #10
0
function SwitchToNewLang($para_newlang = "")
{
    //echo $_SERVER["HTTP_ACCEPT_LANGUAGE"],"\$para_newlang=",$para_newlang;
    $newlang = $para_newlang;
    if (empty($newlang)) {
        if (!empty($_COOKIE['LastLang'])) {
            // If there is already a cookie ide set, we are going try it as language
            $newlang = $_COOKIE['LastLang'];
        } else {
            $newlang = CV_def_lang;
            // use the default one
            if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
                // To avoid a notice error
                // Try to look in the default browser settings
                $TLang = explode(",", $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
                for ($ii = 0; $ii < count($TLang); $ii++) {
                    $rr = LoadRow("SELECT languages.id AS id FROM languages,words WHERE languages.ShortCode='" . $TLang[$ii] . "' and languages.id=words.Idlanguage and words.code='WelcomeToSignup'");
                    if (isset($rr->id)) {
                        // if valid language found
                        $newlang = $TLang[$ii];
                        break;
                    }
                }
            }
            // end Try to look in the default browser settings
        }
    }
    if (!isset($_SESSION['lang']) || $_SESSION['lang'] != $newlang || !isset($_SESSION['IdLanguage'])) {
        // Update lang if url lang has changed
        $RowLanguage = LoadRow("SELECT SQL_CACHE id,ShortCode FROM languages WHERE ShortCode='" . $newlang . "'");
        if (isset($RowLanguage->id)) {
            if (isset($_SESSION['IdMember'])) {
                LogStr("change to language from [" . $_SESSION['lang'] . "] to [" . $newlang . "]", "SwitchLanguage");
            }
            $_SESSION['lang'] = $RowLanguage->ShortCode;
            $_SESSION['IdLanguage'] = $RowLanguage->id;
        } else {
            LogStr("problem : " . $newlang . " not found after SwitchLanguage", "Bug");
            $_SESSION['lang'] = CV_def_lang;
            $_SESSION['IdLanguage'] = 0;
        }
        setcookie('LastLang', $_SESSION['lang'], time() + 3600 * 24 * 300);
        // store it as a cookie for 300 days
    }
    if (IsLoggedIn()) {
        // if member is logged in set language preference
        $rPrefLanguage = LoadRow("SELECT * FROM memberspreferences WHERE IdMember=" . $_SESSION['IdMember'] . " and IdPreference=1");
        if (isset($rPrefLanguage->id)) {
            $str = "UPDATE memberspreferences SET Value='" . $_SESSION['IdLanguage'] . "' WHERE id=" . $rPrefLanguage->id;
        } else {
            $str = "INSERT INTO memberspreferences(IdPreference,IdMember,Value,created) VALUES(1," . $_SESSION['IdMember'] . ",'" . $_SESSION['IdLanguage'] . "',now() )";
        }
        sql_query($str);
    }
    // end if Is Logged in
    if (!isset($_SESSION['IdLanguage'])) {
        bw_error("SwitchToNewLang internal failure. IdLanguage still not set.");
    }
}
Пример #11
0
 /**
  * GetCryptM
  *
  * @param string
  * @returns the crypted value of $ss according to member cryptation algorithm
  */
 private function GetCryptM($ss, $IsCrypted = "crypted")
 {
     switch ($IsCrypted) {
         case "crypted":
         case "always":
             if (strstr($ss, "<membercrypted>") !== false) {
                 return $ss;
             }
             // TODO: Add a test for a specific right
             return "<membercrypted>" . self::enc('CryptM', $ss) . "</membercrypted>";
             break;
         case "not crypted":
             return strip_tags($ss);
             break;
         default:
             // we should never come here
             $strlog = "function MOD_crypt::GetCryptM() Problem to crypt " . $ss . " IsCrypted=[" . $IsCrypted . "]";
             if (function_exists(LogStr)) {
                 LogStr($strlog, "Bug");
             }
             if (function_exists(bw_error)) {
                 bw_error($strlog);
             } else {
                 error_log($strlog);
             }
             die("Major problem with crypting issue");
     }
 }
Пример #12
0
function LanguageName($IdLanguage)
{
    $ss = "select SQL_CACHE EnglishName,ShortCode from languages where id=" . $IdLanguage;
    $rr = LoadRow($ss);
    if (!isset($rr->EnglishName)) {
        if (HasRight("Debug")) {
            echo " in FunctionsTools::LanguageName failed for " . $ss;
        } else {
            LogStr(" in FunctionsTools::LanguageName failed for " . $ss, "Debug");
        }
    }
    return $rr->EnglishName;
}
Пример #13
0
/**
* check if the user is a logged in member
* @$ExtraAllowedStatus allows for a list, comma separated of extra status which can 
*  be allowed for members in addition to the basic Active and ActiveHidden members.Status
* this means that in the default case :
* 		(IsLoggedIn()) will return true only if the member has a session
* 		with an IdMember and a Status like Active or ActiveHidden
* in the extended cases
* 		(IsLoggedIn("Pending")) will also return true if the member has a 
*      a status set to Pending, this allow to give specific access to 
* 		other members than the one with Active or ActiveHiddend Status
* 		 
* @return boolean
*/
function IsLoggedIn($ExtraAllowedStatus = "")
{
    if (empty($_SESSION['IdMember'])) {
        return false;
    }
    if (empty($_SESSION['MemberCryptKey'])) {
        //	  LogStr("IsLoggedIn() : Anomaly with MemberCryptKey","Bug");
        return false;
    }
    if ($_SESSION['LogCheck'] != Crc32($_SESSION['MemberCryptKey'] . $_SESSION['IdMember'])) {
        LogStr("Anomaly with Log Check", "Hacking");
        APP_User::get()->logout();
        header("Location: " . PVars::getObj('env')->baseuri);
        exit(0);
    }
    if (empty($_SESSION["MemberStatus"])) {
        $strerror = "Members with IdMember=" . $_SESSION["IdMember"] . " has no \$_SESSION[\"MemberStatus\"]";
        error_log($strerror);
        LogStr($strerror, "Debug");
        die($strerror);
    }
    if ($_SESSION["MemberStatus"] == 'Active') {
        return true;
    }
    if ($_SESSION["MemberStatus"] == 'ActiveHidden') {
        return true;
    }
    if (!empty($ExtraAllowedStatus)) {
        // are there allowed exception ?
        if (!isset($_SESSION["MemberStatus"])) {
            $ret = print_r($_SESSION, true);
            die("no \$_SESSION[\"MemberStatus\"] in IsLoggedIn() " . "<br />\n" . $ret);
        }
        $tt = explode(",", str_replace(";", ",", $ExtraAllowedStatus));
        if (count($tt) > 0 and in_array($_SESSION["MemberStatus"], $tt)) {
            return true;
        }
    }
    return false;
}
Пример #14
0
        LogStr($Message, "AdminPannel");
        if (!($ff = fopen($sysvol_filename, "w"))) {
            echo "failed to open ", $sysvol_filename;
            exit(0);
        }
        $ss = "<?php\n";
        fwrite($ff, $ss);
        $ss = "// Generated using Admin Panel at " . date("F j, Y, g:i a");
        //			echo $ss,"<br>\n";
        fwrite($ff, $ss);
        $str = "select * from hcvol_config";
        $qry = sql_query($str);
        while ($rr = mysql_fetch_object($qry)) {
            $ss = "";
            $ss = $rr->syskey;
            if ($rr->value != "") {
                $ss .= "=" . $rr->value;
            }
            if ($rr->comment != "") {
                $ss .= " //" . $rr->comment;
            }
            fwrite($ff, $ss);
        }
        $ss = "?>";
        fwrite($ff, $ss);
        fclose($ff);
        LogStr($Message . " done", "AdminPannel");
        DisplayPannel(LoadingData("FromFile"), $Message);
        // call the layout
        break;
}
Пример #15
0
    case "LoadFromDB":
        if (!HasRight('Pannel', $action)) {
            // Check the rights
            echo "For this you need the scope <b>" . $action . "</b> within <b>Pannel</b> rights<br>";
            exit(0);
        }
        $Message = "Loading content in Database";
        LogStr("Loading file from base", "AdminPannel");
        DisplayPannel(LoadingData("FromBase"), $Message);
        // call the layout
        break;
    case "LoadFromFile":
        if (!HasRight('Pannel', $action)) {
            // Check the rights
            echo "For this you need the scope <b>" . $action . "</b> within <b>Pannel</b> rights<br>";
            exit(0);
        }
        $Message = "Loading content from file";
        LogStr("Loading file from base", "AdminPannel");
        DisplayPannel(LoadingData("FromFile"), $Message);
        // call the layout
        exit(0);
        break;
    case "Generate":
        if (!HasRight('Pannel', $action)) {
            // Check the rights
            echo "For this you need the scope <b>" . $action . "</b> within <b>Pannel</b> rights<br>";
            exit(0);
        }
        break;
}
Пример #16
0
        }
        // reload for case it was just inserted before
        $rwq = LoadRow("SELECT * FROM words WHERE code='" . "FaqQ_" . GetStrParam("QandA") . "' and IdLanguage=0");
        $rwa = LoadRow("SELECT * FROM words WHERE code='" . "FaqA_" . GetStrParam("QandA") . "' and IdLanguage=0");
        if (GetStrParam('changetype') == 'major') {
            $majorupdate = ',majorupdate = NOW() ';
        } else {
            $majorupdate = '';
        }
        $str = "UPDATE words SET Description='" . addslashes($rwq->Description) . "',Sentence='" . GetStrParam("Question") . "' {$majorupdate} WHERE id=" . $rwq->id;
        sql_query($str);
        $str = "UPDATE words SET Description='" . addslashes($rwa->Description) . "',Sentence='" . GetStrParam("Answer") . "' {$majorupdate} WHERE id=" . $rwa->id;
        sql_query($str);
        $str = "UPDATE faq SET IdCategory=" . GetParam("IdCategory") . ",QandA='" . GetParam("QandA") . "',Active='" . GetStrParam("Status") . "',SortOrder=" . GetParam("SortOrder") . " WHERE id=" . $Faq->id;
        sql_query($str);
        LogStr("updating Faq #" . $Faq->id, "Update Faq");
        break;
}
// prepare the list
if (GetParam("IdCategory")) {
    $FilterCategory = " AND IdCategory=" . GetParam("IdCategory");
} else {
    $FilterCategory = "";
}
if ($IdFaq != 0) {
    // if one specific Faq is chosen
    $str = "SELECT faq.*,faqcategories.Description AS CategoryName,PageTitle FROM faq,faqcategories  WHERE faq.id=" . $IdFaq . " and faqcategories.id=faq.IdCategory " . $FilterCategory . $FilterActive . " ORDER BY faqcategories.SortOrder,faq.SortOrder";
} else {
    $str = "SELECT faq.*,faqcategories.Description AS CategoryName,PageTitle FROM faq,faqcategories  WHERE faqcategories.id=faq.IdCategory " . $FilterCategory . $FilterActive . " ORDER BY faqcategories.SortOrder,faq.SortOrder";
}
$qry = sql_query($str);
Пример #17
0
}
// If there is a Scope limit logs to the type in this Scope (unless it his own logs)
if (!HasRight('Logs', "\"All\"")) {
    $scope = RightScope("Logs");
    str_replace($scope, "\"", "'");
    $where .= " AND (Type IN (" . $scope . ") OR IdMember=" . $_SESSION["IdMember"] . ") ";
}
switch (GetParam("action")) {
    case "del":
        // case a delete is requested
        break;
}
$tData = array();
if (empty($where) and $start_rec == 0) {
    // In this case we will avoid the FOUND_ROW which is a performance killer
    $str = "SELECT logs.*,Username " . "FROM " . $_SYSHCVOL['ARCH_DB'] . ".logs LEFT JOIN members ON members.id=logs.IdMember " . "ORDER BY " . $_SYSHCVOL['ARCH_DB'] . ".logs.id DESC LIMIT {$start_rec}," . $limitcount;
    $qry = sql_query($str);
    $rCount = LoadRow("SELECT count(*)  AS cnt from " . $_SYSHCVOL['ARCH_DB'] . ".logs");
} else {
    $str = "SELECT SQL_CALC_FOUND_ROWS logs.*,Username " . "FROM " . $_SYSHCVOL['ARCH_DB'] . ".logs LEFT JOIN members ON members.id=logs.IdMember " . "WHERE 1=1 " . $where . " " . "ORDER BY " . $_SYSHCVOL['ARCH_DB'] . ".logs.id DESC LIMIT {$start_rec}," . $limitcount;
    $qry = sql_query($str);
    $rCount = LoadRow("SELECT FOUND_ROWS() AS cnt");
}
while ($rr = mysql_fetch_object($qry)) {
    array_push($tData, $rr);
}
if ($username != "0") {
    // Usage of adminlog is logged
    LogStr("Is using adminlog on profile <b>" . $username . "</b>", "adminlog");
}
DisplayAdminLogs($tData, $username, $type, $ip, $andS1, $andS2, $notAndS1, $notAndS2, $rCount->cnt);
Пример #18
0
 function FindTrad($IdTrad, $ReplaceWithBr = false)
 {
     $AllowedTags = "<b><i><br>";
     if ($IdTrad == "") {
         return "";
     }
     if (isset($_SESSION['IdLanguage'])) {
         $IdLanguage = $_SESSION['IdLanguage'];
     } else {
         $IdLanguage = 0;
         // by default laguange 0
     }
     // Try default language
     $row = self::get()->dao->query("select SQL_CACHE Sentence from memberstrads where IdTrad=" . $IdTrad . " and IdLanguage=" . $IdLanguage)->fetch(PDB::FETCH_OBJ);
     if (isset($row->Sentence)) {
         if (isset($row->Sentence) == "") {
             LogStr("Blank Sentence for language " . $IdLanguage . " with MembersTrads.IdTrad=" . $IdTrad, "Bug");
         } else {
             return strip_tags($row->Sentence, $AllowedTags);
         }
     }
     // Try default eng
     $row = self::get()->dao->query("select SQL_CACHE Sentence from memberstrads where IdTrad=" . $IdTrad . " and IdLanguage=0")->fetch(PDB::FETCH_OBJ);
     if (isset($row->Sentence)) {
         if (isset($row->Sentence) == "") {
             LogStr("Blank Sentence for language 1 (eng) with memberstrads.IdTrad=" . $IdTrad, "Bug");
         } else {
             return strip_tags($row->Sentence, $AllowedTags);
         }
     }
     // Try first language available
     $row = self::get()->dao->query("select  SQL_CACHE Sentence from memberstrads where IdTrad=" . $IdTrad . " order by id asc limit 1")->fetch(PDB::FETCH_OBJ);
     if (isset($row->Sentence)) {
         if (isset($row->Sentence) == "") {
             LogStr("Blank Sentence (any language) memberstrads.IdTrad=" . $IdTrad, "Bug");
         } else {
             return strip_tags($row->Sentence, $AllowedTags);
         }
     }
     return "";
 }
Пример #19
0
                    //											echo "str=$str","<br>";
                    sql_query($str);
                }
                if (GetStrParam("Freeze_" . $ii) == "on") {
                    $count++;
                    $str = "update messages set IdChecker=" . $_SESSION['IdMember'] . ",Status='Freeze'" . $SpamChange . " where id=" . $rr->id;
                    //						echo "str=$str","<br>";
                    sql_query($str);
                }
            }
            // end of If this message is in the list of checked message
            $ii++;
        }
        $sResult = $count . " Message processed";
        if ($count > 0) {
            LogStr($sResult, "checking");
        }
        // Log the number of checked message if any
        // end of Load the Message list
        viewSpamSayMember($sResult);
        break;
    case "viewSpamSayMember":
        viewSpamSayMember($sResult);
        break;
    case "update":
        break;
}
// Load the Message list
$str = "select messages.*,messages.Status as MessageStatus,mSender.Username as Username_sender,mReceiver.Username as Username_receiver from messages,members as mSender,members as mReceiver where (messages.Status='ToCheck' and messages.WhenFirstRead='0000-00-00 00:00:00') and mSender.id=IdSender and mReceiver.id=IdReceiver order by messages.Status,messages.id desc limit 20";
if (IsAdmin()) {
    echo "{$str}<br>";