/**
* Does the actual authentication of the user and returns an id that will be used
* to load the current user (loadUserOnSession)
*
* @param STRING $name
* @param STRING $password
* @return STRING id - used for loading the user
*
* Contributions by Erik Mitchell erikm@logicpd.com
*/
function authenticateUser($name, $password)
{
if (empty($_POST['SAMLResponse'])) {
return parent::authenticateUser($name, $password);
}
require 'modules/Users/authentication/SAMLAuthenticate/settings.php';
require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php';
$samlresponse = new SamlResponse($_POST['SAMLResponse']);
$samlresponse->user_settings = get_user_settings();
if ($samlresponse->is_valid()) {
$dbresult = $GLOBALS['db']->query("SELECT id, status FROM users WHERE user_name='" . $samlresponse->get_nameid() . "' AND deleted = 0");
//user already exists use this one
if ($row = $GLOBALS['db']->fetchByAssoc($dbresult)) {
if ($row['status'] != 'Inactive') {
return $row['id'];
} else {
return '';
}
} else {
return $this->createUser($samlresponse->get_nameid());
}
}
return '';
}
/**
* Handle basic posting setup and some basic checks
*/
function handle_basic_posting_data($check = false, $page = 'blog', $mode = 'add')
{
global $auth, $blog_attachment, $blog_id, $config, $db, $template, $user, $phpbb_root_path, $phpEx, $category_ary;
$submit = isset($_POST['submit']) ? true : false;
$preview = isset($_POST['preview']) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['cancel_unglobalise']) ? true : false;
$submitted = $submit || $preview || $refresh ? true : false;
// shortcut for any of the 3 above
if ($check) {
$error = array();
// check the captcha
if ($mode == 'add') {
if (!handle_captcha('check')) {
$error[] = $user->lang['CONFIRM_CODE_WRONG'];
}
}
// check the form key
if (!check_form_key('postform')) {
$error[] = $user->lang['FORM_INVALID'];
}
return $error;
} else {
$above_subject = $above_message = $above_submit = $panel_data = '';
$panels = array('options-panel' => $user->lang['OPTIONS']);
if ($page == 'blog') {
$category_list = make_category_select($category_ary);
if ($category_list) {
$panels['categories-panel'] = $user->lang['CATEGORIES'];
}
$panels['poll-panel'] = $user->lang['ADD_POLL'];
if ($user->data['is_registered']) {
// Build permissions box
permission_settings_builder(true, $mode);
$panels['permissions-panel'] = $user->lang['PERMISSIONS'];
}
// Some variables
$template->assign_vars(array('CATEGORY_LIST' => $category_list, 'S_CAT_0_SELECTED' => is_array($category_ary) && in_array(0, $category_ary), 'S_SHOW_POLL_BOX' => true));
}
if ($mode == 'add') {
// setup the captcha
handle_captcha('build');
}
// Subscriptions
if ($config['user_blog_subscription_enabled'] && $user->data['is_registered']) {
$panels['subscriptions-panel'] = $user->lang['SUBSCRIPTION'];
$subscription_types = get_blog_subscription_types();
$subscribed = array();
if ($page == 'blog' && $mode == 'add' && !$submitted) {
// check default subscription settings from user_settings
global $user_settings;
get_user_settings($user->data['user_id']);
if (isset($user_settings[$user->data['user_id']])) {
foreach ($subscription_types as $type => $name) {
// Bitwise check
if ($user_settings[$user->data['user_id']]['blog_subscription_default'] & $type) {
$subscribed[$type] = true;
}
}
}
} else {
if (!$submitted) {
// check set subscription settings
$sql = 'SELECT * FROM ' . BLOGS_SUBSCRIPTION_TABLE . '
WHERE sub_user_id = ' . $user->data['user_id'] . '
AND blog_id = ' . intval($blog_id);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$subscribed[$row['sub_type']] = true;
}
}
}
foreach ($subscription_types as $type => $name) {
$template->assign_block_vars('subscriptions', array('TYPE' => 'subscription_' . $type, 'NAME' => isset($user->lang[$name]) ? $user->lang[$name] : $name, 'S_CHECKED' => $submitted && request_var('subscription_' . $type, false) || isset($subscribed[$type]) ? true : false));
}
}
// Attachments
$attachment_data = $blog_attachment->attachment_data;
$filename_data = $blog_attachment->filename_data;
$form_enctype = @ini_get('file_uploads') == '0' || strtolower(@ini_get('file_uploads')) == 'off' || @ini_get('file_uploads') == '0' || !$config['allow_attachments'] || !$auth->acl_get('u_attach') ? '' : ' enctype="multipart/form-data"';
posting_gen_inline_attachments($attachment_data);
if ($auth->acl_get('u_blogattach') && $config['allow_attachments'] && $form_enctype) {
$allowed_extensions = $blog_attachment->obtain_blog_attach_extensions();
if (sizeof($allowed_extensions['_allowed_'])) {
$blog_attachment->posting_gen_attachment_entry($attachment_data, $filename_data);
$panels['attach-panel'] = $user->lang['ADD_ATTACHMENT'];
}
}
// Add the forum key
add_form_key('postform');
// Generate smiley listing
generate_smilies('inline', false);
// Build custom bbcodes array
display_custom_bbcodes();
$temp = compact('page', 'mode', 'panels', 'panel_data', 'above_subject', 'above_message', 'above_submit');
blog_plugins::plugin_do_ref('function_handle_basic_posting_data', $temp);
extract($temp);
$template->assign_vars(array('EXTRA_ABOVE_SUBJECT' => $above_subject, 'EXTRA_ABOVE_MESSAGE' => $above_message, 'EXTRA_ABOVE_SUBMIT' => $above_submit, 'EXTRA_PANELS' => $panel_data, 'JS_PANELS_LIST' => "'" . implode("', '", array_keys($panels)) . "'", 'UA_PROGRESS_BAR' => append_sid("{$phpbb_root_path}posting.{$phpEx}", "mode=popup", false), 'S_BLOG' => $page == 'blog' ? true : false, 'S_REPLY' => $page == 'reply' ? true : false, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']) ? true : false, 'S_FORM_ENCTYPE' => $form_enctype));
foreach ($panels as $name => $title) {
$template->assign_vars(array('S_' . strtoupper(str_replace('-', '_', $name)) => true));
$template->assign_block_vars('panel_list', array('NAME' => $name, 'TITLE' => $title));
}
}
}
function main($id, $mode)
{
global $auth, $cache, $template, $user, $db, $config, $phpEx, $phpbb_root_path;
global $blog_plugins, $blog_plugins_path, $user_settings;
$preview = isset($_POST['preview']) ? true : false;
$submit = isset($_POST['submit']) ? true : false;
$error = array();
$user->add_lang(array('mods/blog/common', 'mods/blog/ucp'));
include $phpbb_root_path . 'blog/functions.' . $phpEx;
blog_plugins::plugin_do('ucp_start');
get_user_settings($user->data['user_id']);
switch ($mode) {
case 'ucp_blog_settings':
$subscription_types = get_blog_subscription_types();
if ($submit) {
$sql_ary = array('instant_redirect' => request_var('instant_redirect', 0), 'blog_subscription_default' => 0, 'blog_style' => $auth->acl_get('u_blog_style') ? request_var('blog_style', '') : '', 'blog_css' => $auth->acl_get('u_blog_css') ? request_var('blog_css', '') : '');
if ($config['user_blog_subscription_enabled']) {
foreach ($subscription_types as $type => $name) {
if (request_var('subscription_' . $type, false)) {
$sql_ary['blog_subscription_default'] += $type;
}
}
}
update_user_blog_settings($user->data['user_id'], $sql_ary);
} else {
if ($config['user_blog_subscription_enabled']) {
$subscribed = array();
if (isset($user_settings[$user->data['user_id']])) {
foreach ($subscription_types as $type => $name) {
// Bitwise check
if ($user_settings[$user->data['user_id']]['blog_subscription_default'] & $type) {
$subscribed[$type] = true;
}
}
}
foreach ($subscription_types as $type => $name) {
$template->assign_block_vars('subscriptions', array('TYPE' => 'subscription_' . $type, 'NAME' => isset($user->lang[$name]) ? $user->lang[$name] : $name, 'S_CHECKED' => isset($subscribed[$type]) ? true : false));
}
}
if ($auth->acl_get('u_blog_style')) {
$available_styles = array(array('name' => $user->lang['NONE'], 'value' => 0, 'demo' => $phpbb_root_path . 'images/spacer.gif'));
$sql = 'SELECT * FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' st WHERE style_active = 1 AND s.template_id = st.template_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$demo = $phpbb_root_path . 'images/spacer.gif';
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png';
} else {
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif';
} else {
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg';
}
}
}
$available_styles[] = array('name' => $row['style_name'], 'value' => $row['style_id'], 'demo' => $demo);
}
$db->sql_freeresult($result);
$dh = @opendir($phpbb_root_path . 'blog/styles/');
if ($dh) {
while (($file = readdir($dh)) !== false) {
if (file_exists($phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx)) {
// Inside of the style.php file, add to the $available_styles array
include $phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx;
}
}
closedir($dh);
}
foreach ($available_styles as $row) {
if (isset($user_settings[$user->data['user_id']]) && $user_settings[$user->data['user_id']]['blog_style'] == $row['value'] && isset($row['demo']) && $row['demo']) {
$default_demo = $row['demo'];
}
$template->assign_block_vars('blog_styles', array('VALUE' => $row['value'], 'SELECTED' => isset($user_settings[$user->data['user_id']]) && $user_settings[$user->data['user_id']]['blog_style'] == $row['value'] ? true : false, 'NAME' => $row['name'], 'BLOG_CSS' => isset($row['blog_css']) && $row['blog_css'] ? true : false, 'DEMO' => isset($row['demo']) && $row['demo'] ? $row['demo'] : ''));
}
}
$template->assign_vars(array('S_BLOG_INSTANT_REDIRECT' => isset($user_settings[$user->data['user_id']]) ? $user_settings[$user->data['user_id']]['instant_redirect'] : 0, 'S_SUBSCRIPTIONS' => $config['user_blog_subscription_enabled'] ? true : false, 'S_BLOG_STYLE' => isset($available_styles) && sizeof($available_styles) > 1 ? true : false, 'S_BLOG_CSS' => $auth->acl_get('u_blog_css') ? true : false, 'DEFAULT_DEMO' => isset($default_demo) ? $default_demo : $phpbb_root_path . 'images/spacer.gif', 'BLOG_CSS' => isset($user_settings[$user->data['user_id']]) ? $user_settings[$user->data['user_id']]['blog_css'] : ''));
}
break;
case 'ucp_blog_permissions':
if (!$config['user_blog_user_permissions']) {
$error[] = $user->lang['USER_PERMISSIONS_DISABLED'];
$template->assign_vars(array('PERMISSIONS_DISABLED' => true));
} else {
if ($submit) {
$sql_ary = array('perm_guest' => request_var('perm_guest', 1), 'perm_registered' => request_var('perm_registered', 2), 'perm_foe' => request_var('perm_foe', 0), 'perm_friend' => request_var('perm_friend', 2));
update_user_blog_settings($user->data['user_id'], $sql_ary, isset($_POST['resync']) ? true : false);
} else {
permission_settings_builder();
}
}
break;
case 'ucp_blog_title_description':
include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
include $phpbb_root_path . 'blog/includes/functions_posting.' . $phpEx;
if (!function_exists('display_custom_bbcodes')) {
include $phpbb_root_path . 'includes/functions_display.' . $phpEx;
}
$user->add_lang('posting');
$post_options = new post_options();
$post_options->set_status(true, true, true);
$post_options->set_in_template();
if ($submit || $preview) {
// see if they tried submitting a message or suject(if they hit preview or submit) put it in an array for consistency with the edit mode
$blog_title = utf8_normalize_nfc(request_var('title', '', true));
$blog_description = utf8_normalize_nfc(request_var('message', '', true));
// set up the message parser to parse BBCode, Smilies, etc
$message_parser = new parse_message();
$message_parser->message = $blog_description;
$message_parser->parse($post_options->enable_bbcode, $post_options->enable_magic_url, $post_options->enable_smilies, $post_options->img_status, $post_options->flash_status, $post_options->bbcode_status, $post_options->url_status);
} else {
if (isset($user_settings[$user->data['user_id']])) {
$blog_title = $user_settings[$user->data['user_id']]['title'];
$blog_description = $user_settings[$user->data['user_id']]['description'];
decode_message($blog_description, $user_settings[$user->data['user_id']]['description_bbcode_uid']);
} else {
$blog_title = $blog_description = '';
}
}
if (!$submit || sizeof($error)) {
if ($preview && !sizeof($error)) {
$preview_message = $message_parser->format_display($post_options->enable_bbcode, $post_options->enable_magic_url, $post_options->enable_smilies, false);
// output some data to the template parser
$template->assign_vars(array('S_DISPLAY_PREVIEW' => true, 'PREVIEW_SUBJECT' => censor_text($blog_title), 'PREVIEW_MESSAGE' => $preview_message, 'POST_DATE' => $user->format_date(time())));
}
// Generate smiley listing
generate_smilies('inline', false);
// Build custom bbcodes array
display_custom_bbcodes();
$template->assign_vars(array('S_PREVIEW_BUTTON' => true, 'TITLE' => $blog_title, 'MESSAGE' => $blog_description));
} else {
if ($submit) {
$sql_ary = array('user_id' => $user->data['user_id'], 'title' => $blog_title, 'description' => $message_parser->message, 'description_bbcode_bitfield' => $message_parser->bbcode_bitfield, 'description_bbcode_uid' => $message_parser->bbcode_uid);
unset($message_parser);
update_user_blog_settings($user->data['user_id'], $sql_ary);
}
}
break;
default:
$default = true;
$temp = compact('mode', 'error', 'default');
blog_plugins::plugin_do_ref('ucp_default', $temp);
// make sure you set default to false if you use your own page
extract($temp);
if ($default) {
trigger_error('NO_MODE');
}
}
blog_plugins::plugin_do('ucp_end');
if ($submit && !sizeof($error)) {
//$cache->destroy('_blog_settings_' . $user->data['user_id']);
meta_refresh(3, $this->u_action);
$message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
trigger_error($message);
}
$template->assign_vars(array('L_TITLE' => $user->lang[strtoupper($mode)], 'L_TITLE_EXPLAIN' => $user->lang[strtoupper($mode) . '_EXPLAIN'], 'ERROR' => sizeof($error) ? implode($error, '<br />') : false, 'MODE' => $mode, 'S_UCP_ACTION' => $this->u_action));
$this->tpl_name = 'blog/ucp_blog';
$this->page_title = strtoupper($mode);
}
require_once '../includes/common.inc.php';
require_once '../includes/admin_functions.inc.php';
allow_dept(DEPT_ADMIN | DEPT_MODERATOR);
$output['uid'] = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
$output['return'] = sanitize_and_format_gpc($_GET, 'return', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
$tpl = new phemplate('skin/', 'remove_nonjs');
if (isset($_GET['top'])) {
$content_file = 'user_login_top.html';
$tpl->set_var('user', $_SESSION[_LICENSE_KEY_]['user']);
} else {
$content_file = 'user_login.html';
if (strpos($output['return'], '?') === false) {
$qs_sep = '?';
} else {
$qs_sep = '&';
}
$output['return'] .= $qs_sep . 'clean_user_session=1';
$output['return'] = rawurlencode($output['return']);
$query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`=" . $output['uid'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user = mysql_fetch_assoc($res);
$user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
$_SESSION[_LICENSE_KEY_]['user'] = $user;
}
}
$tpl->set_file('content', $content_file);
$tpl->set_var('output', $output);
echo $tpl->process('', 'content');
Copyright (c) 2010, OneLogin, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the <organization> nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL ONELOGIN, INC. BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
********************************************************************************/
require 'modules/Users/authentication/SAMLAuthenticate/settings.php';
require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php';
$authrequest = new AuthRequest();
$authrequest->user_settings = get_user_settings();
$url = $authrequest->create();
header("Location: {$url}");
$Revision$
Software by: DateMill (http://www.datemill.com)
Copyright by: DateMill (http://www.datemill.com)
Support at: http://www.datemill.com/forum
*******************************************************************************
* See the "docs/licenses/etano.txt" file for license. *
******************************************************************************/
define('CACHE_LIMITER', 'private');
require 'includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/email_change.inc.php';
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$uid = sanitize_and_format_gpc($_GET, 'uid', TYPE_INT, 0, 0);
$email = sanitize_and_format_gpc($_GET, 'email', TYPE_STRING, $__field2format[FIELD_TEXTFIELD], '');
if (!empty($uid) && !empty($email)) {
$req_email = get_user_settings($uid, '', 'new_email');
if ($req_email == $email) {
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `email`='{$email}' WHERE `" . USER_ACCOUNT_ID . "`={$uid} LIMIT 1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$query = "DELETE FROM `{$dbtable_prefix}user_settings2` WHERE `fk_user_id`={$uid} AND `config_option`='new_email'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$topass['message']['type'] = MESSAGE_INFO;
$topass['message']['text'] = $GLOBALS['_lang'][3];
} else {
$topass['message']['type'] = MESSAGE_ERROR;
$topass['message']['text'] = $GLOBALS['_lang'][4];
}
static function login_by_id($user_id)
{
global $dbtable_prefix;
EtanoApi::load_common();
if (is_file(_BASEPATH_ . '/events/processors/login.php')) {
include_once _BASEPATH_ . '/events/processors/login.php';
}
require_once _BASEPATH_ . '/skins_site/' . EtanoApi::get_my_skin() . '/lang/login.inc.php';
$score_threshold = 600;
// seconds
$error = false;
$topass = array();
$nextpage = 'login.php';
$qs = '';
$qssep = '';
$log['level'] = 'login';
$log['user_id'] = $user_id;
$log['sess'] = session_id();
// $log['user']=$user;
// $log['membership']=$_SESSION[_LICENSE_KEY_]['user']['membership'];
$log['ip'] = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
log_user_action($log);
rate_limiter($log);
$query = "SELECT a.`" . USER_ACCOUNT_ID . "` as `user_id`,b.`_user` as `user`,a.`status`,a.`membership`,UNIX_TIMESTAMP(a.`last_activity`) as `last_activity`,a.`email`,b.`status` as `pstat` FROM `" . USER_ACCOUNTS_TABLE . "` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` WHERE a.`" . USER_ACCOUNT_ID . "`={$user_id}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$user = mysql_fetch_assoc($res);
$user['membership'] = (int) $user['membership'];
$user['user_id'] = (int) $user['user_id'];
if ($user['status'] == ASTAT_ACTIVE) {
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
$user['prefs'] = get_user_settings($user['user_id'], 'def_user_prefs', array('date_format', 'datetime_format', 'time_offset', 'rate_my_photos', 'profile_comments'));
$score = 0;
// it might happen that the user is already logged in. Don't add the login score if that's the case.
$query = "SELECT `fk_user_id` FROM `{$dbtable_prefix}online` WHERE `fk_user_id`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (!mysql_num_rows($res)) {
$score += add_member_score($user['user_id'], 'login', 1, true);
// just read the value
}
if ($user['last_activity'] < $time - $score_threshold) {
$score += add_member_score($user['user_id'], 'login_bonus', 1, true);
// just read the value
}
if (!empty($score)) {
add_member_score($user['user_id'], 'force', 1, false, $score);
}
$query = "UPDATE `" . USER_ACCOUNTS_TABLE . "` SET `last_activity`='" . gmdate('YmdHis') . "' WHERE `" . USER_ACCOUNT_ID . "`=" . $user['user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (USE_DB_SESSIONS == 1) {
$query = "REPLACE INTO `{$dbtable_prefix}online` SET `fk_user_id`=" . $user['user_id'] . ",`sess`='" . session_id() . "',`sess_data`='" . sanitize_and_format(serialize($_SESSION), TYPE_STRING, FORMAT_ADDSLASH) . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
unset($user['last_activity'], $user['email']);
$_SESSION[_LICENSE_KEY_]['user'] = array_merge(isset($_SESSION[_LICENSE_KEY_]['user']) ? $_SESSION[_LICENSE_KEY_]['user'] : array(), $user);
$_SESSION[_LICENSE_KEY_]['user']['loginout'] = $time;
if (isset($_on_after_login)) {
for ($i = 0; isset($_on_after_login[$i]); ++$i) {
call_user_func($_on_after_login[$i]);
}
}
} elseif ($user['status'] == ASTAT_UNVERIFIED) {
throw new Exception('', ASTAT_UNVERIFIED);
} elseif ($user['status'] == ASTAT_SUSPENDED) {
throw new Exception($GLOBALS['_lang'][71], ASTAT_SUSPENDED);
}
} else {
throw new Exception($GLOBALS['_lang'][72], 0);
}
return true;
}
******************************************************************************/
require 'includes/common.inc.php';
require _BASEPATH_ . '/includes/user_functions.inc.php';
require _BASEPATH_ . '/skins_site/' . get_my_skin() . '/lang/photos.inc.php';
check_login_member('upload_photos');
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . get_my_skin() . '/', 'remove_nonjs');
$output['max_file_size'] = get_site_option('max_size', 'core_photo');
if (empty($output['max_file_size'])) {
$output['max_file_size'] = ini_get('upload_max_filesize');
if (strcasecmp(substr($output['max_file_size'], -1), 'm') == 0) {
$output['max_file_size'] = (int) substr($output['max_file_size'], 0, -1) * 1024 * 1024;
} elseif (strcasecmp(substr($output['max_file_size'], -1), 'k') == 0) {
$output['max_file_size'] = (int) substr($output['max_file_size'], 0, -1) * 1024;
}
}
$output['photos_remaining'] = get_user_settings($_SESSION[_LICENSE_KEY_]['user']['user_id'], 'core_photo', 'max_user_photos');
if ($output['photos_remaining'] == -1) {
$output['photos_remaining'] = $GLOBALS['_lang'][149];
} else {
$output['photos_remaining'] = sprintf($GLOBALS['_lang'][150], $output['photos_remaining']);
}
$output['lang_257'] = sanitize_and_format($GLOBALS['_lang'][257], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
$tpl->set_file('content', 'photos_upload.html');
$tpl->set_var('output', $output);
$tpl->process('content', 'content');
$tplvars['title'] = $GLOBALS['_lang'][151];
$tplvars['page_title'] = $GLOBALS['_lang'][151];
$tplvars['page'] = 'photos_upload';
$tplvars['css'] = 'photos_upload.css';
if (is_file('photos_upload_left.php')) {
include 'photos_upload_left.php';
$db = new MyDB();
if (!$db) {
echo $db->lastErrorMsg();
} else {
echo "Opened database successfully</br>";
}
$userName = $_COOKIE["username"];
$sql = <<<EOF
UPDATE User set gender='{$gender}', height='{$height}', weight='{$weight}', birth='{$birth}',country='{$country}',city='{$city}',address='{$address}' where name='{$userName}';
EOF;
$ret = $db->exec($sql);
if (!$ret) {
echo $db->lastErrorMsg();
} else {
header("Location: http://www.kmoving.com/server/user/settings.php");
}
$db->close();
}
$name = $_POST["name"];
$gender = $_POST["gender"];
$height = $_POST["height"];
$weight = $_POST["weight"];
$birth = $_POST["birth"];
$country = $_POST["country"];
$city = $_POST["city"];
$address = $_POST["address"];
if ($gender != null || $height != null || $height != null || $weight != null || $country != null || $city != null || $address != null) {
set_user_settings($gender, $height, $weight, $birth, $country, $city, $address);
} else {
get_user_settings();
}
// get the plugin config for saml
$pluginconfig = get_config('auth/onelogin_saml');
if (!isset($_POST['SAMLResponse']) && !(isset($_GET['normal']) && $_GET['normal'] || isset($SESSION->normal) && $SESSION->normal) && !(isset($_GET['logout']) && $_GET['logout'])) {
## myDebugger("SAML REQUEST");
$onelogin_saml_issuer = "onelogin_saml";
$onelogin_saml_name_identifier_format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
require_once 'lib/onelogin/saml.php';
$authrequest = new AuthRequest();
$authrequest->user_settings = get_user_settings();
$onelogin_saml_url = $authrequest->create();
redirect($onelogin_saml_url, 0);
} elseif (isset($_POST['SAMLResponse']) && $_POST['SAMLResponse'] && !(isset($_GET['normal']) && $_GET['normal']) || isset($SESSION->normal) && $SESSION->normal && !(isset($_GET['logout']) && $_GET['logout'])) {
## myDebugger("SAML RESPONSE");
require_once 'lib/onelogin/saml.php';
$samlresponse = new SamlResponse($_POST['SAMLResponse']);
$samlresponse->user_settings = get_user_settings();
if (!$samlresponse->is_valid()) {
print_error("An invalid SAML response was received from the Identity Provider. Contact the admin.");
}
//onelogin_saml_auth($samlresponse);
$username = $onelogin_saml_nameId = $samlresponse->get_nameid();
// make variables accessible to saml->get_userinfo; Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['onelogin_saml_login_attributes'] = $saml_attributes = $samlresponse->get_saml_attributes();
## myDebugger("<pre>SAML ATTRIBUTES...<br />".print_r($saml_attributes, true)."SAML...<br />".htmlentities(base64_decode($_POST['SAMLResponse']))."</pre>");
$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE;
} else {
// You shouldn't be able to reach here.
print_error("Module Setup Error: Review the OneLogin setup instructions for the SAML authentication module, and be sure to change the following one line of code in Moodle's core in 'login/index.php'.<br /><br /><div style=\"text-align:center;\">CHANGE THE FOLLOWING LINE OF CODE (in 'login/index.php')...</div><br /><font style=\"font-size:18px;\"><strong>if (!empty(\$CFG->alternateloginurl)) {</strong></font><br /><br /><div style=\"text-align:center;\">...to...</div><br /><strong><font style=\"font-size:18px;\">if (!empty(\$CFG->alternateloginurl) && !isset(\$_GET['normal'])) { </font></strong> \r\n");
}
///$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : FALSE;
///unset($SESSION->retry);
function send_queue_message()
{
$limit = 50;
// number of messages in a batch
unset($_on_before_insert, $_on_after_insert);
if (is_file(_BASEPATH_ . '/events/cronjobs/send_queue_message.php')) {
include_once _BASEPATH_ . '/events/cronjobs/send_queue_message.php';
}
global $dbtable_prefix, $def_skin;
include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
$filters = array();
$notifs = array();
$emails = array();
$mail_ids = array();
$receivers = array();
$query = "SELECT a.`mail_id`,a.`fk_user_id`,a.`fk_user_id_other`,a.`_user_other`,a.`subject`,a.`message_body`,a.`date_sent`,a.`message_type`,b.`email`,c.`_user` as `user` FROM `{$dbtable_prefix}queue_message` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` ORDER BY a.`mail_id` ASC LIMIT {$limit}";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
while ($rsrow = mysql_fetch_assoc($res)) {
$temp['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, FORMAT_TEXT2HTML);
$temp['_user_other'] = $rsrow['_user_other'];
if (empty($temp['_user_other']) && $rsrow['message_type'] == MESS_SYSTEM) {
$temp['_user_other'] = $GLOBALS['_lang'][135];
}
$temp['email'] = $rsrow['email'];
$temp['user'] = $rsrow['user'];
$mail_ids[] = $rsrow['mail_id'];
if (isset($receivers[$rsrow['fk_user_id']])) {
++$receivers[$rsrow['fk_user_id']];
} else {
$receivers[$rsrow['fk_user_id']] = 1;
}
unset($rsrow['mail_id'], $rsrow['email'], $rsrow['user']);
$rsrow['subject'] = sanitize_and_format($rsrow['subject'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
$rsrow['message_body'] = sanitize_and_format($rsrow['message_body'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DB]);
if (!isset($filters[$rsrow['fk_user_id']])) {
$query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $rsrow['fk_user_id'];
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow2 = mysql_fetch_assoc($res2)) {
$filters[$rsrow['fk_user_id']][] = $rsrow2;
}
if (!isset($filters[$rsrow['fk_user_id']])) {
$filters[$rsrow['fk_user_id']] = array();
}
}
if (!isset($notifs[$rsrow['fk_user_id']])) {
$notifs[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'notify_me');
}
$notify = true;
$was_sent = false;
// was sent by a filter?
if (!empty($filters[$rsrow['fk_user_id']])) {
for ($i = 0; isset($filters[$rsrow['fk_user_id']][$i]); ++$i) {
$filter = $filters[$rsrow['fk_user_id']][$i];
switch ($filter['filter_type']) {
case FILTER_SENDER:
if ($rsrow['fk_user_id_other'] == $filter['field_value']) {
if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
$into = "`{$dbtable_prefix}user_spambox`";
$notify = false;
} else {
$into = "`{$dbtable_prefix}user_inbox`";
$rsrow['fk_folder_id'] = $filter['fk_folder_id'];
}
$query = "INSERT INTO {$into} SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
$was_sent = true;
}
break 2;
// exit the filters for() too
}
}
}
if (!$was_sent) {
// no filter here - insert directly in inbox
$query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET ";
foreach ($rsrow as $k => $v) {
$query .= "`{$k}`='{$v}',";
}
$query = substr($query, 0, -1);
if (isset($_on_before_insert)) {
for ($i = 0; isset($_on_before_insert[$i]); ++$i) {
call_user_func($_on_before_insert[$i], $rsrow);
}
}
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (isset($_on_after_insert)) {
for ($i = 0; isset($_on_after_insert[$i]); ++$i) {
call_user_func($_on_after_insert[$i], $rsrow);
}
}
}
if ($notifs[$rsrow['fk_user_id']] && $notify) {
$emails[] = $temp;
}
}
if (!empty($mail_ids)) {
$query = "DELETE FROM `{$dbtable_prefix}queue_message` WHERE `mail_id` IN ('" . join("','", $mail_ids) . "')";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
if (!empty($receivers)) {
$uids = array();
// we build an array like array(num_messages1=>array(uid1,uid2,..),num_messages2=>array(uid3,uid4...),...)
// this way we can add score for more users at once, saving some processing time
foreach ($receivers as $uid => $num) {
if (isset($uids[$num])) {
$uids[$num][] = $uid;
} else {
$uids[$num] = array($uid);
}
}
foreach ($uids as $num => $nuids) {
add_member_score($nuids, 'new_message', $num);
}
}
// send the notification emails
if (!empty($emails)) {
for ($i = 0; isset($emails[$i]); ++$i) {
send_template_email($emails[$i]['email'], $emails[$i]['subject'], 'new_message.html', $def_skin, $emails[$i]);
}
}
return true;
}
/**
* Creates the tpl loop to show comments and the textarea where new comments could be written. Handles the cases when user is
* not logged in or not allowed to post comments.
*
* @access public
* @param string $type the identifier for the item where comments are displayed. Can be one of 'user','photo','blog','video'
* @param int $parent_id the ID in the parent table of the item where these comments are posted.
* @param array $config reference to the $config array in the calling script. It needs 'use_captcha','bbcode_comments','smilies_comm'
* @param array $output reference to the $output array in the calling script. It injects additional variables in $output to be
* used by the template system.
*
*/
function create_comments_loop($type, $parent_id, &$output, $params = array())
{
global $dbtable_prefix, $__field2format, $_list_of_online_members, $page_last_modified_time;
$myreturn = array();
switch ($type) {
case 'user':
$table = "{$dbtable_prefix}comments_profile";
$allow_comments = !empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $_SESSION[_LICENSE_KEY_]['user']['user_id'] == $parent_id ? $_SESSION[_LICENSE_KEY_]['user']['prefs']['profile_comments'] : get_user_settings($parent_id, 'def_user_prefs', 'profile_comments');
break;
case 'blog':
$table = "{$dbtable_prefix}comments_blog";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
case 'photo':
$table = "{$dbtable_prefix}comments_photo";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
case 'video':
$table = "{$dbtable_prefix}comments_video";
$allow_comments = isset($output['allow_comments']) ? $output['allow_comments'] : 1;
break;
}
$config = get_site_option(array('use_captcha', 'bbcode_comments', 'smilies_comm'), 'core');
$edit_comment = sanitize_and_format_gpc($_GET, 'edit_comment', TYPE_INT, 0, 0);
$query = "SELECT a.`comment_id`,a.`comment`,a.`fk_user_id`,a.`_user` as `user`,UNIX_TIMESTAMP(a.`date_posted`) as `date_posted`,b.`_photo` as `photo` FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED . " ORDER BY a.`comment_id` ASC";
if (isset($params['offset']) && isset($params['limit'])) {
$query .= " LIMIT " . $params['offset'] . ',' . $params['limit'];
$count_query = "SELECT count(*) FROM `{$table}` a LEFT JOIN `{$dbtable_prefix}user_profiles` b ON a.`fk_user_id`=b.`fk_user_id` WHERE a.`fk_parent_id`={$parent_id} AND a.`status`=" . STAT_APPROVED;
if (!($res = @mysql_query($count_query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$totalrows = mysql_result($res, 0, 0);
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow = mysql_fetch_assoc($res)) {
if ($rsrow['date_posted'] > $page_last_modified_time) {
$page_last_modified_time = $rsrow['date_posted'];
}
// if someone has asked to edit his/her comment
if ($edit_comment == $rsrow['comment_id']) {
$output['comment_id'] = $rsrow['comment_id'];
$output['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2EDIT]);
}
$rsrow['date_posted'] = strftime($_SESSION[_LICENSE_KEY_]['user']['prefs']['datetime_format'], $rsrow['date_posted'] + $_SESSION[_LICENSE_KEY_]['user']['prefs']['time_offset']);
$rsrow['comment'] = sanitize_and_format($rsrow['comment'], TYPE_STRING, $__field2format[TEXT_DB2DISPLAY]);
if (!empty($config['bbcode_comments'])) {
$rsrow['comment'] = bbcode2html($rsrow['comment']);
}
if (!empty($config['smilies_comm'])) {
$rsrow['comment'] = text2smilies($rsrow['comment']);
}
// allow showing the edit links to rightfull owners
if (!empty($_SESSION[_LICENSE_KEY_]['user']['user_id']) && $rsrow['fk_user_id'] == $_SESSION[_LICENSE_KEY_]['user']['user_id']) {
$rsrow['editme'] = true;
}
if (empty($rsrow['fk_user_id'])) {
// for the link to member profile
unset($rsrow['fk_user_id']);
} else {
if (isset($_list_of_online_members[$rsrow['fk_user_id']])) {
$rsrow['is_online'] = 'is_online';
$rsrow['user_online_status'] = $GLOBALS['_lang'][102];
} else {
$rsrow['user_online_status'] = $GLOBALS['_lang'][103];
}
}
if (empty($rsrow['photo']) || !is_file(_PHOTOPATH_ . '/t1/' . $rsrow['photo'])) {
$rsrow['photo'] = 'no_photo.gif';
}
$myreturn[] = $rsrow;
}
if (!empty($myreturn)) {
$output['show_comments'] = true;
if (isset($totalrows)) {
$output['pager'] = pager($totalrows, $params['offset'], $params['limit']);
$output['num_comments'] = $totalrows;
} else {
$output['num_comments'] = count($myreturn);
}
}
if ($allow_comments) {
// may I post comments please?
if (allow_at_level('write_comments', $_SESSION[_LICENSE_KEY_]['user']['membership'])) {
$output['allow_comments'] = true;
if (empty($_SESSION[_LICENSE_KEY_]['user']['user_id'])) {
if (!empty($config['use_captcha'])) {
require _BASEPATH_ . '/includes/classes/sco_captcha.class.php';
$c = new sco_captcha(_BASEPATH_ . '/includes/fonts', 4);
$_SESSION['captcha_word'] = $c->gen_rnd_string(4);
$output['rand'] = make_seed();
$output['use_captcha'] = true;
}
}
// would you let me use bbcode?
if (!empty($config['bbcode_comments'])) {
$output['bbcode_comments'] = true;
}
// if we came back after an error get what was previously posted
if (isset($_SESSION['topass']['input'])) {
$output = array_merge($output, $_SESSION['topass']['input']);
unset($_SESSION['topass']['input']);
}
} else {
unset($output['allow_comments']);
}
} else {
unset($output['allow_comments']);
}
if (!empty($edit_comment)) {
$_SERVER['QUERY_STRING'] = str_replace('&edit_comment=' . $edit_comment, '', $_SERVER['QUERY_STRING']);
}
return $myreturn;
}
if ($blog_id) {
if ($blog_data->get_blog_data('blog', $blog_id) === false) {
trigger_error('BLOG_NOT_EXIST');
}
$user_id = blog_data::$blog[$blog_id]['user_id'];
}
if ($user_id) {
blog_data::$user_queue[] = (int) $user_id;
$blog_data->get_user_data(false, true);
// do it this way so we get user data on editors/deleters
if (!array_key_exists($user_id, blog_data::$user)) {
trigger_error('NO_USER');
}
$username = blog_data::$user[$user_id]['username'];
}
get_user_settings(array($user_id, $user->data['user_id']));
get_zebra_info(array($user_id, $user->data['user_id']));
// Make sure the user can view this blog by checking the blog's individual permissions
if ($blog_id && !handle_user_blog_permissions($blog_id)) {
trigger_error('NO_PERMISSIONS_READ');
}
// Put the template we want in $blog_template for easier access/use
// style= to use a board style, blogstyle= to use a custom blog style, otherwise it is set to the user's style or blank if none set
$blog_template = isset($_GET['style']) ? request_var('style', 0) : (isset($_GET['blogstyle']) ? request_var('blogstyle', '') : ($user_id && isset($user_settings[$user_id]) ? $user_settings[$user_id]['blog_style'] : ''));
/**
* Ok, now lets actually start setting up the page.
*/
/*
* A slightly (weird) way it is that I have set this up. Only on the view blog/user page can the user set a custom style except if that custom style is also a board style.
* If the style they selected is also a board style we will also show that style on the posting/etc pages. This is to keep it easier on the custom template developers.
*/
function queue_or_send_message($mess_array, $force_send = false)
{
global $dbtable_prefix;
if (!$force_send) {
require _BASEPATH_ . '/includes/tables/queue_message.inc.php';
$query = "INSERT INTO `{$dbtable_prefix}queue_message` SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($queue_message_default['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
} else {
require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
$was_sent = false;
// was sent by a filter?
$notify_receiver = get_user_settings($mess_array['fk_user_id'], 'def_user_prefs', 'notify_me');
// see if the receiver has any filters in place to re-route our message
$query = "SELECT `filter_type`,`field`,`field_value`,`fk_folder_id` FROM `{$dbtable_prefix}message_filters` WHERE `fk_user_id`=" . $mess_array['fk_user_id'];
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$filters = array();
$filters[$mess_array['fk_user_id']] = array();
while ($rsrow = mysql_fetch_assoc($res)) {
$filters[$mess_array['fk_user_id']][] = $rsrow;
}
if (!empty($filters[$mess_array['fk_user_id']])) {
for ($i = 0; isset($filters[$mess_array['fk_user_id']][$i]); ++$i) {
$filter =& $filters[$mess_array['fk_user_id']][$i];
switch ($filter['filter_type']) {
case FILTER_SENDER:
if ($mess_array['fk_user_id_other'] == $filter['field_value']) {
if ($filter['fk_folder_id'] == FOLDER_SPAMBOX) {
$into = "`{$dbtable_prefix}user_spambox`";
$notify_receiver = false;
require _BASEPATH_ . '/includes/tables/user_inbox.inc.php';
$defaults_table =& $user_spambox_default;
} else {
$into = "`{$dbtable_prefix}user_inbox`";
$mess_array['fk_folder_id'] = $filter['fk_folder_id'];
$defaults_table =& $user_inbox_default;
}
$query = "INSERT INTO {$into} SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($defaults_table['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$was_sent = true;
}
break 2;
// exit the filters for() too
}
}
}
if (!$was_sent) {
// no filter here - insert directly in inbox
$query = "INSERT INTO `{$dbtable_prefix}user_inbox` SET `date_sent`='" . gmdate('YmdHis') . "'";
foreach ($user_inbox_default['defaults'] as $k => $v) {
if (isset($mess_array[$k])) {
$query .= ",`{$k}`='" . $mess_array[$k] . "'";
}
}
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
if ($notify_receiver) {
// new message notification
$mess_array['subject'] = sanitize_and_format($mess_array['subject'], TYPE_STRING, FORMAT_STRIPSLASH | FORMAT_TEXT2HTML);
$def_skin = get_default_skin_dir();
if (empty($mess_array['_user_other']) && $mess_array['message_type'] == MESS_SYSTEM) {
include_once _BASEPATH_ . '/skins_site/' . $def_skin . '/lang/mailbox.inc.php';
$mess_array['_user_other'] =& $GLOBALS['_lang'][135];
}
$query = "SELECT a.`email`,b.`_user` FROM `" . USER_ACCOUNTS_TABLE . "` a,`{$dbtable_prefix}user_profiles` b WHERE a.`" . USER_ACCOUNT_ID . "`=b.`fk_user_id` AND a.`" . USER_ACCOUNT_ID . "`='" . $mess_array['fk_user_id'] . "'";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$receiver_email = mysql_result($res, 0, 0);
$mess_array['user'] = mysql_result($res, 0, 1);
send_template_email($receiver_email, $mess_array['subject'], 'new_message.html', $def_skin, $mess_array);
}
}
}
}
/**
* Perform actions on a user's profile from the acp_users file
*/
function blog_acp_profile($user_id, $submit)
{
global $db, $phpbb_root_path, $phpEx, $template, $user;
$user->add_lang(array('mods/blog/common', 'mods/blog/ucp'));
include "{$phpbb_root_path}blog/includes/functions.{$phpEx}";
include "{$phpbb_root_path}blog/includes/constants.{$phpEx}";
include $phpbb_root_path . 'blog/plugins/plugins.' . $phpEx;
new blog_plugins();
if ($submit) {
$blog_description = utf8_normalize_nfc(request_var('blog_description', '', true));
$blog_description_uid = $blog_description_bitfield = $blog_description_options = '';
generate_text_for_storage($blog_description, $blog_description_uid, $blog_description_bitfield, $blog_description_options, true, true, true);
$blog_data = array('title' => utf8_normalize_nfc(request_var('blog_title', '', true)), 'description' => $blog_description, 'description_bbcode_bitfield' => $blog_description_bitfield, 'description_bbcode_uid' => $blog_description_uid, 'blog_style' => request_var('blog_style', ''), 'blog_css' => request_var('blog_css', ''));
update_user_blog_settings($user_id, $blog_data);
} else {
global $user_settings;
get_user_settings($user_id);
$available_styles = array(array('name' => $user->lang['NONE'], 'value' => 0, 'demo' => $phpbb_root_path . 'images/spacer.gif'));
$sql = 'SELECT * FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' st WHERE style_active = 1 AND s.template_id = st.template_id';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$demo = $phpbb_root_path . 'images/spacer.gif';
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.png';
} else {
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.gif';
} else {
if (@file_exists($phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg')) {
$demo = $phpbb_root_path . 'styles/' . $row['template_path'] . '/template/blog/demo.jpg';
}
}
}
$available_styles[] = array('name' => $row['style_name'], 'value' => $row['style_id'], 'demo' => $demo);
}
$db->sql_freeresult($result);
$dh = @opendir($phpbb_root_path . 'blog/styles/');
if ($dh) {
while (($file = readdir($dh)) !== false) {
if (file_exists($phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx)) {
// Inside of the style.php file, add to the $available_styles array
include $phpbb_root_path . 'blog/styles/' . $file . '/style.' . $phpEx;
}
}
closedir($dh);
}
foreach ($available_styles as $row) {
if (isset($user_settings[$user_id]) && $user_settings[$user_id]['blog_style'] == $row['value'] && isset($row['demo']) && $row['demo']) {
$default_demo = $row['demo'];
}
$template->assign_block_vars('blog_styles', array('VALUE' => $row['value'], 'SELECTED' => isset($user_settings[$user_id]) && $user_settings[$user_id]['blog_style'] == $row['value'] ? true : false, 'NAME' => $row['name'], 'BLOG_CSS' => isset($row['blog_css']) && $row['blog_css'] ? true : false, 'DEMO' => isset($row['demo']) && $row['demo'] ? $row['demo'] : ''));
}
if (isset($user_settings[$user_id])) {
decode_message($user_settings[$user_id]['description'], $user_settings[$user_id]['description_bbcode_uid']);
$template->assign_vars(array('BLOG_TITLE' => $user_settings[$user_id]['title'], 'BLOG_DESCRIPTION' => $user_settings[$user_id]['description'], 'DEFAULT_DEMO' => isset($default_demo) ? $default_demo : $phpbb_root_path . 'images/spacer.gif', 'BLOG_CSS' => $user_settings[$user_id]['blog_css']));
}
blog_plugins::plugin_do_arg('function_blog_acp_profile', compact('blog_data', 'user_id'));
}
}
/**
* Updates user settings
*
* ALWAYS use this function if you would like to update a user's blog settings on a different page! Otherwise there may be security problems.
*/
function update_user_blog_settings($user_id, $data, $resync = false)
{
global $cache, $db, $user_settings, $blog_plugins;
if (!isset($user_settings[$user_id])) {
get_user_settings($user_id);
}
// Filter the Blog CSS.
if (isset($data['blog_css'])) {
// Check for valid images if the user put in any urls.
/* This just does not seem to work correctly all the time, so I am removing it.
It really isn't that important anyways, since someone could link to an image, then after they submit the page replace the image with whatever they want.
$urls = array();
preg_match_all('#([a-zA-Z]+):((//)|(\\\\))+[\w\d:\#%/;$~_?\\-=\\\.&]*#', $data['blog_css'], $urls);
foreach ($urls[0] as $img)
{
if (@getimagesize($img) === false)
{
$data['blog_css'] = str_replace($img, ' ', $data['blog_css']);
}
}*/
// Replace quotes so they can be used.
$data['blog_css'] = str_replace('"', '"', $data['blog_css']);
// Now we shall run our main filters.
$script_matches = array('#javascript#', '#vbscript#', '#manuscript#', "#[^a-zA-Z]java#", "#java[^a-zA-Z]#", "#[^a-zA-Z]script#", "#script[^a-zA-Z]#", "#[^a-zA-Z]expression#", "#expression[^a-zA-Z]#", "#[^a-zA-Z]eval#", "#eval[^a-zA-Z]#");
if (preg_replace($script_matches, ' ', strtolower($data['blog_css'])) != strtolower($data['blog_css'])) {
// If they are going to try something so obvious, instead of trying to filter it I'll just delete everything.
$data['blog_css'] = '';
} else {
// Remove CSS/HTML comments, HTML ASCII/HEX, and any other characters I do not think are needed.
$matches = array('#/\\*.+\\*/#', '#<!--.+-->#', '$&#?([a-zA-Z0-9]+);?$', '$([^a-zA-Z0-9",\\*+%!_\\.#{}()/:;-\\s])$');
$data['blog_css'] = preg_replace($matches, ' ', $data['blog_css']);
}
}
if (!isset($user_settings[$user_id])) {
$sql_array = array('user_id' => $user_id, 'perm_guest' => isset($data['perm_guest']) ? $data['perm_guest'] : 1, 'perm_registered' => isset($data['perm_registered']) ? $data['perm_registered'] : 2, 'perm_foe' => isset($data['perm_foe']) ? $data['perm_foe'] : 0, 'perm_friend' => isset($data['perm_friend']) ? $data['perm_friend'] : 2, 'title' => isset($data['title']) ? $data['title'] : '', 'description' => isset($data['description']) ? $data['description'] : '', 'description_bbcode_bitfield' => isset($data['description_bbcode_bitfield']) ? $data['description_bbcode_bitfield'] : '', 'description_bbcode_uid' => isset($data['description_bbcode_uid']) ? $data['description_bbcode_uid'] : '', 'instant_redirect' => isset($data['instant_redirect']) ? $data['instant_redirect'] : 0, 'blog_subscription_default' => isset($data['blog_subscription_default']) ? $data['blog_subscription_default'] : 0, 'blog_style' => isset($data['blog_style']) ? $data['blog_style'] : 0, 'blog_css' => isset($data['blog_css']) ? $data['blog_css'] : '');
$temp = compact('sql_array', 'user_id', 'data');
blog_plugins::plugin_do_ref('function_get_user_settings_insert', $temp);
extract($temp);
$sql = 'INSERT INTO ' . BLOGS_USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_array);
$db->sql_query($sql);
} else {
blog_plugins::plugin_do_ref('function_get_user_settings_update', $data);
$sql = 'UPDATE ' . BLOGS_USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $data) . ' WHERE user_id = ' . intval($user_id);
$db->sql_query($sql);
}
// Resyncronise the Blog Permissions
if ($resync && (array_key_exists('perm_guest', $data) || array_key_exists('perm_registered', $data) || array_key_exists('perm_foe', $data) || array_key_exists('perm_friend', $data))) {
$sql_array = array('perm_guest' => isset($data['perm_guest']) ? $data['perm_guest'] : 1, 'perm_registered' => isset($data['perm_registered']) ? $data['perm_registered'] : 2, 'perm_foe' => isset($data['perm_foe']) ? $data['perm_foe'] : 0, 'perm_friend' => isset($data['perm_friend']) ? $data['perm_friend'] : 2);
$sql = 'UPDATE ' . BLOGS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_array) . ' WHERE user_id = ' . intval($user_id);
$db->sql_query($sql);
}
blog_plugins::plugin_do('function_get_user_settings', compact('data', 'user_id', 'resync'));
//$cache->destroy('_blog_settings_' . $user_id);
}
echo base_url();
?>
assets/img/apple-touch-icon-144x144.png" />
<link rel="apple-touch-icon" sizes="152x152" href="<?php
echo base_url();
?>
assets/img/apple-touch-icon-152x152.png" />
</head>
<body class="fixed-left">
<?php
$this->load->view('logout_modal');
?>
<div id="wrapper" <?php
if (get_user_settings()->left_navigation != 1) {
?>
class="enlarged forced" <?php
}
?>
>
<?php
$this->load->view('header');
?>
<?php
$this->load->view('navigation');
?>
<div class="content-page">
<div class="content">
function search_alerts()
{
global $dbtable_prefix, $tplvars;
$skin = get_default_skin_dir();
require_once _BASEPATH_ . '/includes/search_functions.inc.php';
require_once _BASEPATH_ . '/includes/access_levels.inc.php';
// require_once _BASEPATH_.'/includes/user_functions.inc.php';
$tplvars['tplrelpath'] = _BASEPATH_ . '/skins_site/' . $skin;
$config['limit_results'] = 5;
$query_strlen = 20000;
$query = "SELECT a.`search_id`,a.`fk_user_id`,a.`title`,a.`search`,a.`search_qs`,a.`alert_last_id`,UNIX_TIMESTAMP(a.`alert_last_sent`) as `alert_last_sent`,b.`membership`,c.`_user` as `user`,b.`email` FROM `{$dbtable_prefix}user_searches` a,`" . USER_ACCOUNTS_TABLE . "` b,`{$dbtable_prefix}user_profiles` c WHERE a.`fk_user_id`=b.`" . USER_ACCOUNT_ID . "` AND a.`fk_user_id`=c.`fk_user_id` AND a.`alert`=1";
if (!($res = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
if (mysql_num_rows($res)) {
$tpl = new phemplate(_BASEPATH_ . '/skins_site/' . $skin . '/emails/', 'remove_nonjs');
$tpl->set_file('temp', 'search_alert.html');
$tpl->set_var('tplvars', $tplvars);
$subject = sprintf($GLOBALS['_lang'][217], _SITENAME_);
$subject = sanitize_and_format($subject, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTFIELD]);
require_once _BASEPATH_ . '/includes/classes/user_cache.class.php';
$user_cache = new user_cache($skin);
$insert = "INSERT INTO `{$dbtable_prefix}queue_email` (`to`,`subject`,`message_body`) VALUES ";
$iquery = $insert;
$alert_intervals = array();
$now = time();
while ($rsrow = mysql_fetch_assoc($res)) {
if (!isset($alert_intervals[$rsrow['fk_user_id']])) {
$alert_intervals[$rsrow['fk_user_id']] = get_user_settings($rsrow['fk_user_id'], 'def_user_prefs', 'send_alert_interval') * 86400;
}
if ((int) $now - (int) $rsrow['alert_last_sent'] >= (int) $alert_intervals[$rsrow['fk_user_id']]) {
$output = array();
$rsrow['search'] = unserialize($rsrow['search']);
$rsrow['search']['min_user_id'] = $rsrow['alert_last_id'];
$user_ids = search_results($rsrow['search'], $rsrow['membership']);
if (!empty($user_ids)) {
$GLOBALS['_list_of_online_members'] = get_online_ids();
$last_user_id = 0;
for ($i = 0; isset($user_ids[$i]); ++$i) {
if ($user_ids[$i] > $last_user_id) {
$last_user_id = $user_ids[$i];
}
}
$user_ids = array_slice($user_ids, 0, $config['limit_results']);
// last activity only for not online members
$temp = array();
$inject_by_uid = array();
for ($i = 0; isset($user_ids[$i]); ++$i) {
if (!isset($GLOBALS['_list_of_online_members'][$user_ids[$i]])) {
$temp[] = $user_ids[$i];
} else {
$inject_by_uid[$user_ids[$i]] = array('last_online' => $GLOBALS['_lang'][153]);
}
}
if (!empty($temp)) {
$time = mktime(gmdate('H'), gmdate('i'), gmdate('s'), gmdate('m'), gmdate('d'), gmdate('Y'));
$query = "SELECT `" . USER_ACCOUNT_ID . "` as `uid`,UNIX_TIMESTAMP(`last_activity`) as `last_activity` FROM `" . USER_ACCOUNTS_TABLE . "` WHERE `" . USER_ACCOUNT_ID . "` IN ('" . join("','", $temp) . "')";
if (!($res2 = @mysql_query($query))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
while ($rsrow2 = mysql_fetch_assoc($res2)) {
$rsrow2['last_activity'] = $time - $rsrow2['last_activity'];
if ($rsrow2['last_activity'] < 86400) {
$inject_by_uid[$rsrow2['uid']] = array('last_online' => $GLOBALS['_lang'][154]);
} elseif ($rsrow2['last_activity'] < 172800) {
$inject_by_uid[$rsrow2['uid']] = array('last_online' => $GLOBALS['_lang'][155]);
} elseif ($rsrow2['last_activity'] < 604800) {
$inject_by_uid[$rsrow2['uid']] = array('last_online' => $GLOBALS['_lang'][156]);
} elseif ($rsrow2['last_activity'] < 2419200) {
$inject_by_uid[$rsrow2['uid']] = array('last_online' => $GLOBALS['_lang'][157]);
} else {
$inject_by_uid[$rsrow2['uid']] = array('last_online' => $GLOBALS['_lang'][158]);
}
}
}
$cell_css_classes = array();
for ($i = 0; isset($user_ids[$i]); ++$i) {
if (isset($GLOBALS['_list_of_online_members'][$user_ids[$i]])) {
$cell_css_classes[$i] = 'is_online';
}
}
$output['results'] = smart_table($user_cache->get_cache_array($user_ids, 'result_user', $inject_by_uid), 5, 'list_view', $cell_css_classes);
$output['title'] = sanitize_and_format($rsrow['title'], TYPE_STRING, $GLOBALS['__field2format'][TEXT_DB2DISPLAY]);
$output['search_qs'] = $rsrow['search_qs'];
$output['user'] = $rsrow['user'];
$tpl->set_var('output', $output);
$message_body = $tpl->process('', 'temp', TPL_LOOP | TPL_OPTLOOP | TPL_OPTIONAL | TPL_FINISH);
$message_body = sanitize_and_format($message_body, TYPE_STRING, $GLOBALS['__field2format'][FIELD_TEXTAREA]);
if (strlen($iquery) > $query_strlen) {
$iquery = substr($iquery, 0, -1);
if (!($res2 = @mysql_query($iquery))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
$iquery = $insert;
}
$iquery .= "('" . $rsrow['email'] . "','{$subject}','{$message_body}'),";
$query = "UPDATE `{$dbtable_prefix}user_searches` SET `alert_last_id`={$last_user_id},`alert_last_sent`=now() WHERE `search_id`=" . $rsrow['search_id'];
@mysql_query($query);
}
}
}
if ($iquery != $insert) {
$iquery = substr($iquery, 0, -1);
if (!($res2 = @mysql_query($iquery))) {
trigger_error(mysql_error(), E_USER_ERROR);
}
}
}
return true;
}
