Пример #1
0
function usersearch($lang)
{
    $with_name = true;
    $with_website = true;
    $action = 'init';
    if (isset($_POST['usersearch_search']) or isset($_GET['q'])) {
        $action = 'search';
    }
    $pagesize = 20;
    $page = 1;
    $what = false;
    switch ($action) {
        case 'search':
            if (isset($_POST['usersearch_what'])) {
                $what = readarg($_POST['usersearch_what']);
            } else {
                if (isset($_GET['q'])) {
                    $what = readarg($_GET['q']);
                    if (isset($_GET['p'])) {
                        $page = readarg($_GET['p']);
                        if (!is_numeric($page)) {
                            $page = 1;
                        }
                    }
                }
            }
            break;
        default:
            break;
    }
    $count = 0;
    $result = false;
    switch ($action) {
        case 'search':
            $r = user_search($what, $pagesize, $page);
            if (!$r) {
                break;
            }
            list($count, $result) = $r;
            $edit_url = url('adminuser', $lang);
            foreach ($result as &$r) {
                $r['edit'] = $edit_url . '/' . $r['user_id'];
            }
            break;
        default:
            break;
    }
    $output = view('usersearch', $lang, compact('what', 'page', 'pagesize', 'count', 'result', 'with_name', 'with_website'));
    return $output;
}
Пример #2
0
function remindme($lang)
{
    $with_name = true;
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['remindme_send'])) {
        $action = 'remindme';
    }
    $login = $confirmed = $code = $token = false;
    if (!empty($_SESSION['login'])) {
        $login = $_SESSION['login'];
    } else {
        if (!empty($_SESSION['user']['name'])) {
            $login = $_SESSION['user']['name'];
        } else {
            if (!empty($_SESSION['user']['mail'])) {
                $login = $_SESSION['user']['mail'];
            }
        }
    }
    switch ($action) {
        case 'remindme':
            if (isset($_POST['remindme_login'])) {
                $login = strtolower(strflat(readarg($_POST['remindme_login'])));
            }
            if (isset($_POST['remindme_confirmed'])) {
                $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['remindme_code'])) {
                $code = readarg($_POST['remindme_code']);
            }
            if (isset($_POST['remindme_token'])) {
                $token = readarg($_POST['remindme_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_login = false;
    $bad_login = false;
    $missing_confirmation = false;
    $email_sent = false;
    $user_page = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'remindme':
            if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$login) {
                $missing_login = true;
            } else {
                if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
                    $bad_login = true;
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'remindme':
            if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
                break;
            }
            require_once 'models/user.inc';
            $user_id = user_find($login);
            if (!$user_id) {
                $bad_login = true;
                require_once 'log.php';
                write_log('password.err', substr($login, 0, 40));
                break;
            }
            $user = user_get($user_id);
            if (!$user) {
                $internal_error = true;
                break;
            }
            if (!$user['user_active'] or $user['user_banned']) {
                $bad_login = true;
                break;
            }
            require_once 'newpassword.php';
            $newpassword = newpassword();
            if (!user_set_newpassword($user_id, $newpassword)) {
                $internal_error = true;
                break;
            }
            require_once 'emailcrypto.php';
            global $sitename, $webmaster;
            $to = $user['user_mail'];
            $subject = translate('email:new_password_subject', $lang);
            $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
            if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
                $internal_error = true;
            } else {
                $email_sent = $to;
            }
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    } else {
        if ($email_sent) {
            $user_page = url('user', $lang);
        }
    }
    $_SESSION['remindme_token'] = $token = token_id();
    $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('email_sent', 'user_page');
    $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
    return $output;
}
Пример #3
0
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore)
{
    $user_id = user_profile('id');
    $moderator = user_has_role('moderator');
    // $user_id == $node_user_id || user_has_role('moderator')
    $now = time();
    $message_maxlen = 1000;
    $with_captcha = false;
    $action = 'init';
    if ($user_id) {
        if (isset($_POST['comment_comment'])) {
            $action = 'comment';
        } else {
            if (isset($_POST['comment_edit'])) {
                $action = 'edit';
            } else {
                if (isset($_POST['comment_validate'])) {
                    $action = 'validate';
                } else {
                    if (isset($_POST['comment_moderate'])) {
                        $action = 'moderate';
                    } else {
                        if (isset($_POST['comment_modify'])) {
                            $action = 'modify';
                        } else {
                            if (isset($_POST['comment_delete'])) {
                                $action = 'delete';
                            }
                        }
                    }
                }
            }
        }
    }
    $id = $message = $token = false;
    switch ($action) {
        case 'validate':
            if (isset($_POST['comment_code'])) {
                $code = readarg($_POST['comment_code']);
            }
            /* fall thru */
        /* fall thru */
        case 'comment':
        case 'edit':
            if (isset($_POST['comment_message'])) {
                $message = readarg($_POST['comment_message'], true, false);
                // trim but DON'T strip!
            }
            if (isset($_POST['comment_token'])) {
                $token = readarg($_POST['comment_token']);
            }
            break;
        case 'moderate':
            if (isset($_POST['comment_moderate'])) {
                $id = readarg($_POST['comment_moderate']);
            }
            break;
        case 'modify':
        case 'delete':
            if (isset($_POST['comment_id'])) {
                $id = readarg($_POST['comment_id']);
            }
            if (isset($_POST['comment_message'])) {
                $message = readarg($_POST['comment_message'], true, false);
                // trim but DON'T strip!
            }
            if (isset($_POST['comment_token'])) {
                $token = readarg($_POST['comment_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_id = false;
    $bad_id = false;
    $missing_message = false;
    $message_too_long = false;
    switch ($action) {
        case 'validate':
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            /* fall thru */
        /* fall thru */
        case 'comment':
        case 'edit':
        case 'modify':
        case 'delete':
            if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) {
                $bad_token = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'moderate':
        case 'modify':
        case 'delete':
            if ($bad_token) {
                break;
            }
            if (!$id) {
                $missing_id = true;
                break;
            }
            if (!is_numeric($id)) {
                $id = false;
                $bad_id = true;
                break;
            }
            if (!$moderator) {
                $r = node_get_comment($node_id, $id, $lang);
                if (!$r) {
                    $id = false;
                    $bad_id = true;
                    break;
                }
                extract($r);
                /* comment_user_id, comment_created */
                if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) {
                    $id = false;
                    $bad_id = true;
                    break;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'comment':
        case 'validate':
        case 'edit':
        case 'modify':
            if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) {
                break;
            }
            if (!$message) {
                $missing_message = true;
            } else {
                if (strlen(utf8_decode($message)) > $message_maxlen) {
                    $message_too_long = true;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'validate':
            if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) {
                break;
            }
            $ip_address = client_ip_address();
            $r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang);
            if (!$r) {
                $internal_error = true;
                break;
            }
            require_once 'serveripaddress.php';
            require_once 'emailme.php';
            global $sitename;
            $ip = server_ip_address();
            $timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
            $subject = 'comment' . '@' . $sitename;
            $msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url;
            @emailme($subject, $msg);
            $message = false;
            break;
        case 'modify':
            if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) {
                break;
            }
            $r = node_set_comment($node_id, $id, $message, $lang);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $id = $message = false;
            break;
        case 'delete':
            if ($bad_token or $missing_id or $bad_id) {
                break;
            }
            $r = node_delete_comment($node_id, $id);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $id = $message = false;
            break;
        default:
            break;
    }
    $newcomment = $user_page = false;
    if (!$id and !$nomore) {
        if ($user_id) {
            $newcomment = true;
        } else {
            $user_page = url('user', $lang);
        }
    }
    $comments = node_get_all_comments($node_id, $lang);
    $moderated = false;
    if ($comments) {
        if ($moderator) {
            $moderated = true;
        } else {
            $moderated = array();
            foreach ($comments as $c) {
                if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) {
                    $moderated[] = $c['comment_id'];
                }
            }
        }
    }
    $_SESSION['comment_token'] = $token = token_id();
    $errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long');
    $output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors'));
    return $output;
}
Пример #4
0
function newsletterpage($lang, $newsletter, $page)
{
    global $with_toolbar;
    $newsletter_id = thread_id($newsletter);
    if (!$newsletter_id) {
        return run('error/notfound', $lang);
    }
    $page_id = thread_node_id($newsletter_id, $page, $lang);
    if (!$page_id) {
        return run('error/notfound', $lang);
    }
    $r = thread_get($lang, $newsletter_id);
    if (!$r) {
        return run('error/notfound', $lang);
    }
    extract($r);
    /* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */
    $newsletter_name = $thread_name;
    $newsletter_title = $thread_title;
    $newsletter_nocloud = $thread_nocloud;
    $newsletter_nosearch = $thread_nosearch;
    $r = thread_get_node($lang, $newsletter_id, $page_id);
    if (!$r) {
        return run('error/notfound', $lang);
    }
    extract($r);
    /* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */
    if ($node_ignored) {
        return run('error/notfound', $lang);
    }
    $page_name = $node_name;
    $page_title = $node_title;
    $page_abstract = $node_abstract;
    $page_cloud = $node_cloud;
    $page_modified = $node_modified;
    if ($newsletter_title and $page_title) {
        head('title', $newsletter_title . ' - ' . $page_title);
    } else {
        if ($page_title) {
            head('title', $page_title);
        } else {
            if ($newsletter_title) {
                head('title', $newsletter_title);
            }
        }
    }
    head('description', false);
    head('keywords', false);
    head('robots', 'noindex, nofollow');
    $message_title = $message_html = $message_text = false;
    $r = newsletter_get_message($newsletter_id, $page_id, $lang);
    if ($r) {
        list($message_title, $message_html, $message_text) = $r;
    }
    $postnews = false;
    $with_mail = false;
    $mailto = false;
    $missing_mail = false;
    $bad_mail = false;
    $email_sent = false;
    if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) {
        require_once 'userprofile.php';
        $mailto = user_profile('mail');
        $with_mail = true;
        if (isset($_POST['newsletterpage_send'])) {
            if (isset($_POST['newsletterpage_mailto'])) {
                $mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto'])));
                if (!$mailto) {
                    $missing_mail = true;
                } else {
                    if (!validate_mail($mailto)) {
                        $bad_mail = true;
                    }
                }
            }
            if (!($missing_mail or $bad_mail)) {
                require_once 'emailhtml.php';
                $cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css';
                $css = @file_get_contents($cssfile);
                $r = emailhtml($message_text, $message_html, $css, $mailto, $message_title);
                if ($r) {
                    $email_sent = true;
                }
            }
        }
        $postnews = build('postnews', $lang, $newsletter_id, $page_id);
    }
    $prev_page_label = $prev_page_url = false;
    $r = thread_node_prev($lang, $newsletter_id, $page_id);
    if ($r) {
        extract($r);
        /* prev_node_id prev_node_name prev_node_title prev_node_number */
        $prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number;
        $prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id);
    }
    $next_page_label = $next_page_url = false;
    $r = thread_node_next($lang, $newsletter_id, $page_id);
    if ($r) {
        extract($r);
        /* next_node_id next_node_name next_node_title next_node_number */
        $next_page_label = $next_node_title ? $next_node_title : $next_node_number;
        $next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id);
    }
    $content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent'));
    $search = false;
    if (!$newsletter_nosearch) {
        $search_text = '';
        $search_url = url('search', $lang, $newsletter_name);
        $suggest_url = url('suggest', $lang, $newsletter_name);
        $search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
    }
    $cloud = false;
    if (!$newsletter_nocloud) {
        $cloud_url = url('search', $lang, $newsletter_name);
        $byname = $bycount = $index = true;
        $cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index'));
    }
    $headline_text = $newsletter_title ? $newsletter_title : $newsletter_id;
    $headline_url = url('newsletter', $lang);
    $headline = compact('headline_text', 'headline_url');
    $title = view('headline', false, $headline);
    $sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
    $search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false;
    $edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false;
    $validate = url('newsletter', $lang) . '/' . $page_name;
    $banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search'));
    $toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false;
    $output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar'));
    return $output;
}
Пример #5
0
function donateme($lang)
{
    global $supported_currencies;
    $action = 'init';
    if (isset($_POST['donateme_donate'])) {
        $action = 'donate';
    }
    $amount = $currency = $token = false;
    switch ($action) {
        case 'donate':
            if (isset($_POST['donateme_amount'])) {
                $amount = readarg($_POST['donateme_amount']);
            }
            if (isset($_POST['donateme_currency'])) {
                $currency = readarg($_POST['donateme_currency']);
            }
            if (isset($_POST['donateme_token'])) {
                $token = readarg($_POST['donateme_token']);
            }
            break;
        default:
            break;
    }
    $missing_amount = false;
    $bad_amount = false;
    $missing_currency = false;
    $bad_currency = false;
    $bad_token = false;
    switch ($action) {
        case 'donate':
            if (!isset($_SESSION['donateme_token']) or $token != $_SESSION['donateme_token']) {
                $bad_token = true;
                break;
            }
            if (!$amount) {
                $missing_amount = true;
            } else {
                if (!(is_numeric($amount) and $amount >= 1)) {
                    $bad_amount = true;
                }
            }
            if (!$currency) {
                $missing_currency = true;
            } else {
                if (!validate_currency($currency)) {
                    $bad_currency = true;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'donate':
            if ($bad_token or $missing_amount or $bad_amount or $missing_currency or $bad_currency) {
                break;
            }
            unset($_SESSION['donateme_token']);
            require_once 'actions/paypalcheckout.php';
            paypalcheckout($lang, $amount, $currency);
            break;
        default:
            break;
    }
    $_SESSION['donateme_token'] = $token = token_id();
    $errors = compact('missing_amount', 'bad_amount', 'missing_currency', 'bad_currency');
    $output = view('donateme', $lang, compact('token', 'supported_currencies', 'amount', 'currency', 'errors'));
    return $output;
}
Пример #6
0
function search($lang, $arglist = false)
{
    global $search_all, $search_pertinence, $rss_thread;
    $cloud = false;
    if (is_array($arglist)) {
        if (isset($arglist[0])) {
            $cloud = $arglist[0];
        }
    }
    $cloud_id = $cloud_name = false;
    $thread_nocloud = $thread_nosearch = false;
    if ($cloud) {
        $cloud_id = cloud_id($cloud);
        if (!$cloud_id) {
            return run('error/notfound', $lang);
        }
        if ($cloud_id == $rss_thread) {
            if (!user_has_role('administrator')) {
                return run('error/unauthorized', $lang);
            }
        }
        $r = cloud_get($lang, $cloud_id);
        if (!$r) {
            return run('error/notfound', $lang);
        }
        extract($r);
        /* cloud_name cloud_title cloud_action */
        $r = thread_get($lang, $cloud_id);
        if (!$r) {
            return run('error/notfound', $lang);
        }
        extract($r);
        /* thread_type thread_nocloud thread_nosearch */
        if ($thread_type == 'thread' or $thread_nosearch and $thread_nocloud) {
            return run('error/notfound', $lang);
        }
    } else {
        if ($search_all === false) {
            return run('error/notfound', $lang);
        }
        if ($search_all !== true) {
            $thread_nosearch = true;
        }
    }
    $action = 'none';
    if (isset($_POST['search'])) {
        $action = 'search';
    }
    $searchtext = $taglist = false;
    $rsearch = false;
    switch ($action) {
        case 'none':
            if (!empty($arglist['q'])) {
                $searchtext = $arglist['q'];
                $taglist = explode(' ', $searchtext);
            }
            break;
        case 'search':
            if (isset($_POST['searchtext'])) {
                $searchtext = readarg($_POST['searchtext'], true, false);
                // trim but DON'T strip!
                if ($searchtext) {
                    global $search_distance, $search_closest;
                    $taglist = cloud_match($lang, $cloud_id, $searchtext, $search_distance, $search_closest);
                }
            }
            break;
        default:
            break;
    }
    if ($taglist) {
        $rsearch = cloud_search($lang, $cloud_id, $taglist, $search_pertinence);
    }
    $search_title = translate('search:title', $lang);
    $search_url = false;
    $search = $cloud = $title = false;
    if ($rsearch) {
        if (!$thread_nosearch) {
            $search_url = url('search', $lang, $cloud_name);
        }
        if (!$thread_nocloud) {
            $cloud_url = url('search', $lang, $cloud_name);
            $byname = $bycount = $index = true;
            $cloud = build('cloud', $lang, $cloud_url, $cloud_id, false, 30, compact('byname', 'bycount', 'index'));
        }
        $headline_text = $search_title;
        $headline_url = false;
        $headline = compact('headline_text', 'headline_url');
        $title = view('headline', false, $headline);
        $content = build('searchlist', $lang, $rsearch, $taglist);
    } else {
        $headline_text = $cloud_id ? $cloud_title : $search_title;
        $headline_url = false;
        if (!$thread_nosearch) {
            $search_url = url('search', $lang, $cloud_name);
        }
        $cloud_url = url('search', $lang, $cloud_name);
        $headline = compact('headline_text', 'headline_url');
        $title = view('headline', false, $headline);
        $byname = true;
        $bycount = $index = false;
        $content = build('cloud', $lang, $cloud_url, $cloud_id, false, false, compact('byname', 'bycount', 'index'));
    }
    if ($search_url) {
        $search_text = $searchtext;
        $suggest_url = url('suggest', $lang, $cloud_name);
        $search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url'));
    }
    $sidebar = view('sidebar', false, compact('search', 'cloud', 'title'));
    if ($search) {
        $search = compact('search_url', 'search_text', 'suggest_url');
    }
    $banner = build('banner', $lang, compact('headline', 'search'));
    head('title', $cloud_id ? $cloud_title : $search_title);
    head('description', false);
    head('keywords', false);
    head('robots', 'noindex, nofollow');
    $output = layout('standard', compact('banner', 'content', 'sidebar'));
    return $output;
}
Пример #7
0
function subscribe($lang)
{
    global $sitekey, $system_languages;
    $with_locale = count($system_languages) > 1;
    // true, false
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['subscribe_send'])) {
        $action = 'subscribe';
    }
    $confirmed = $code = $token = false;
    $user_mail = user_profile('mail');
    $user_locale = user_profile('locale');
    if (!$user_locale) {
        $user_locale = $lang;
    }
    $unsubscribe_page = false;
    switch ($action) {
        case 'init':
            if ($sitekey) {
                $unsubscribe_page = url('newsletterunsubscribe', $lang);
            }
            break;
        case 'subscribe':
            if (isset($_POST['subscribe_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['subscribe_mail'])));
            }
            if ($with_locale) {
                if (isset($_POST['subscribe_locale'])) {
                    $user_locale = readarg($_POST['subscribe_locale']);
                }
            }
            if (isset($_POST['subscribe_confirmed'])) {
                $confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['subscribe_code'])) {
                $code = readarg($_POST['subscribe_code']);
            }
            if (isset($_POST['subscribe_token'])) {
                $token = readarg($_POST['subscribe_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $duplicated_mail = false;
    $missing_locale = false;
    $bad_locale = false;
    $missing_confirmation = false;
    $email_registered = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'subscribe':
            if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (newsletter_get_user($user_mail)) {
                        $duplicated_mail = true;
                    }
                }
            }
            if ($with_locale) {
                if (!$user_locale) {
                    $missing_locale = true;
                } else {
                    if (!validate_locale($user_locale)) {
                        $bad_locale = true;
                    }
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'subscribe':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) {
                break;
            }
            $r = newsletter_create_user($user_mail, $user_locale);
            if (!$r) {
                $internal_error = true;
                break;
            }
            require_once 'serveripaddress.php';
            require_once 'emailme.php';
            global $sitename;
            $ip = server_ip_address();
            $timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
            $subject = 'subscribe' . '@' . $sitename;
            $msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail;
            @emailme($subject, $msg);
            $email_registered = true;
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['subscribe_token'] = $token = token_id();
    $errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('email_registered');
    $output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos'));
    return $output;
}
Пример #8
0
function login($lang)
{
    $with_name = true;
    $with_captcha = true;
    $with_facebook = false;
    $with_newuser = true;
    $with_newpassword = true;
    if ($with_facebook) {
        require_once 'facebook.php';
        $facebook = facebook();
    }
    $login = $password = $code = $token = false;
    if (isset($_SESSION['login'])) {
        $login = $_SESSION['login'];
    }
    $action = 'init';
    if (isset($_POST['login_enter'])) {
        $action = 'enter';
    }
    switch ($action) {
        case 'init':
            if ($with_facebook) {
                $facebook_user = $facebook->getUser();
                if ($facebook_user) {
                    try {
                        $facebook_user_profile = $facebook->api('/me', 'GET');
                        if (!empty($facebook_user_profile['email'])) {
                            $login = $facebook_user_profile['email'];
                        }
                        $action = 'facebook';
                    } catch (FacebookApiException $e) {
                    }
                    $facebook->destroySession();
                }
            }
            break;
        case 'enter':
            if (isset($_POST['login_login'])) {
                $login = strtolower(strflat(readarg($_POST['login_login'])));
            }
            if (isset($_POST['login_password'])) {
                $password = readarg($_POST['login_password']);
            }
            if (isset($_POST['login_code'])) {
                $code = readarg($_POST['login_code']);
            }
            if (isset($_POST['login_token'])) {
                $token = readarg($_POST['login_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_login = false;
    $bad_login = false;
    $missing_password = false;
    $access_denied = false;
    switch ($action) {
        case 'enter':
            if (!isset($_SESSION['login_token']) or $token != $_SESSION['login_token']) {
                $bad_token = true;
                break;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['login']) ? $_SESSION['captcha']['login'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$password) {
                $missing_password = true;
            }
            /* fall thru */
        /* fall thru */
        case 'facebook':
            if (!$login) {
                $missing_login = true;
            } else {
                if (!(validate_user_name($login) or validate_mail($login))) {
                    $bad_login = true;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'enter':
        case 'facebook':
            if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_password) {
                break;
            }
            require_once 'models/user.inc';
            $user = user_login($login, $password);
            if (!$user) {
                $access_denied = true;
                require_once 'log.php';
                write_log('enter.err', substr($login, 0, 100));
                $_SESSION['login'] = $login;
                break;
            }
            $user['ip'] = client_ip_address();
            if (in_array('administrator', $user['role'])) {
                require_once 'serveripaddress.php';
                require_once 'emailme.php';
                global $sitename;
                $ip = server_ip_address();
                $timestamp = strftime('%Y-%m-%d %H:%M:%S', time());
                $subject = 'login' . '@' . $sitename;
                $msg = $ip . ' ' . $timestamp . ' ' . $user['id'] . ' ' . $lang . ' ' . $user['ip'];
                @emailme($subject, $msg);
                if ($action == 'facebook') {
                    $access_denied = true;
                    break;
                }
            }
            session_regenerate();
            $_SESSION['user'] = $user;
            unset($_SESSION['login']);
            unset($_SESSION['login_token']);
            return true;
        default:
            break;
    }
    $connectbar = false;
    if ($with_facebook) {
        $scope = 'email';
        $facebook_login_url = $facebook->getLoginUrl(compact('scope'));
        $connectbar = view('connect', $lang, compact('facebook_login_url'));
    }
    $password_page = $with_newpassword ? url('password', $lang) : false;
    $newuser_page = $with_newuser ? url('newuser', $lang) : false;
    $_SESSION['login_token'] = $token = token_id();
    $errors = compact('missing_code', 'bad_code', 'missing_login', 'bad_login', 'missing_password', 'access_denied');
    $output = view('login', $lang, compact('token', 'connectbar', 'with_captcha', 'with_name', 'password_page', 'newuser_page', 'login', 'errors'));
    return $output;
}
Пример #9
0
function threadeditsummary($lang, $clang, $thread)
{
    global $supported_threads, $with_toolbar;
    if (!user_has_role('writer')) {
        return run('error/unauthorized', $lang);
    }
    $confirmed = false;
    $thread_id = thread_id($thread);
    if (!$thread_id) {
        return run('error/notfound', $lang);
    }
    $action = 'init';
    if (isset($_POST['thread_edit'])) {
        $action = 'edit';
    } else {
        if (isset($_POST['thread_reorder'])) {
            $action = 'reorder';
        } else {
            if (isset($_POST['node_create'])) {
                $action = 'create';
            } else {
                if (isset($_POST['node_copy'])) {
                    $action = 'copy';
                } else {
                    if (isset($_POST['node_delete'])) {
                        $action = 'delete';
                    } else {
                        if (isset($_POST['node_confirmdelete'])) {
                            $action = 'delete';
                            $confirmed = true;
                        } else {
                            if (isset($_POST['node_hide'])) {
                                $action = 'hide';
                            } else {
                                if (isset($_POST['node_show'])) {
                                    $action = 'show';
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    $thread_type = $thread_name = $thread_title = $thread_abstract = $thread_cloud = $thread_image = false;
    $thread_search = $thread_tag = false;
    $thread_comment = $thread_morecomment = $thread_vote = $thread_morevote = false;
    $thread_ilike = $thread_tweet = $thread_plusone = $thread_linkedin = $thread_pinit = false;
    $thread_visits = false;
    $thread_nosearch = $thread_nocloud = $thread_nocomment = $thread_nomorecomment = $thread_novote = $thread_nomorevote = true;
    $new_node_name = $new_node_title = $new_node_number = false;
    $old_node_number = false;
    $p = false;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = thread_get($clang, $thread_id, false);
            if ($r) {
                extract($r);
                /* thread_type thread_name thread_title thread_abstract thread_cloud thread_image thread_visits thread_nosearch thread_nocloud thread_nocomment thread_nomorecomment thread_novote thread_nomorevote */
            }
            $thread_search = !$thread_nosearch;
            $thread_tag = !$thread_nocloud;
            $thread_comment = !$thread_nocomment;
            $thread_morecomment = !$thread_nomorecomment;
            $thread_vote = !$thread_novote;
            $thread_morevote = !$thread_nomorevote;
            break;
        case 'edit':
        case 'create':
        case 'copy':
        case 'delete':
        case 'hide':
        case 'show':
        case 'reorder':
            if (isset($_POST['thread_type'])) {
                $thread_type = readarg($_POST['thread_type']);
            }
            if (isset($_POST['thread_title'])) {
                $thread_title = readarg($_POST['thread_title']);
            }
            if (isset($_POST['thread_name'])) {
                $thread_name = strtofname(readarg($_POST['thread_name']));
            }
            if (!$thread_name and $thread_title) {
                $thread_name = strtofname($thread_title);
            }
            if (isset($_POST['thread_abstract'])) {
                $thread_abstract = readarg($_POST['thread_abstract']);
            }
            if (isset($_POST['thread_image'])) {
                $thread_image = readarg($_POST['thread_image']);
            }
            if (isset($_POST['thread_cloud'])) {
                $thread_cloud = readarg($_POST['thread_cloud'], true, false);
                // trim but DON'T strip!
                preg_match_all('/(\\S+)/', $thread_cloud, $r);
                $thread_cloud = implode(' ', array_unique($r[0]));
            }
            if (isset($_POST['thread_search'])) {
                $thread_search = readarg($_POST['thread_search']) == 'on' ? true : false;
                $thread_nosearch = !$thread_search;
            }
            if (isset($_POST['thread_tag'])) {
                $thread_tag = readarg($_POST['thread_tag']) == 'on' ? true : false;
                $thread_nocloud = !$thread_tag;
            }
            if (isset($_POST['thread_visits'])) {
                $thread_visits = readarg($_POST['thread_visits']) == 'on' ? true : false;
            }
            if (isset($_POST['thread_comment'])) {
                $thread_comment = readarg($_POST['thread_comment']) == 'on' ? true : false;
                $thread_nocomment = !$thread_comment;
            }
            if (isset($_POST['thread_morecomment'])) {
                $thread_morecomment = readarg($_POST['thread_morecomment']) == 'on' ? true : false;
                $thread_nomorecomment = !$thread_morecomment;
            }
            if (isset($_POST['thread_vote'])) {
                $thread_vote = readarg($_POST['thread_vote']) == 'on' ? true : false;
                $thread_novote = !$thread_vote;
            }
            if (isset($_POST['thread_morevote'])) {
                $thread_morevote = readarg($_POST['thread_morevote']) == 'on' ? true : false;
                $thread_nomorevote = !$thread_morevote;
            }
            if (isset($_POST['thread_ilike'])) {
                $thread_ilike = readarg($_POST['thread_ilike'] == 'on' ? true : false);
            }
            if (isset($_POST['thread_tweet'])) {
                $thread_tweet = readarg($_POST['thread_tweet'] == 'on' ? true : false);
            }
            if (isset($_POST['thread_plusone'])) {
                $thread_plusone = readarg($_POST['thread_plusone'] == 'on' ? true : false);
            }
            if (isset($_POST['thread_linkedin'])) {
                $thread_linkedin = readarg($_POST['thread_linkedin'] == 'on' ? true : false);
            }
            if (isset($_POST['thread_pinit'])) {
                $thread_pinit = readarg($_POST['thread_pinit'] == 'on' ? true : false);
            }
            if (isset($_POST['new_node_title'])) {
                $new_node_title = readarg($_POST['new_node_title']);
                $new_node_name = strtofname($new_node_title);
            }
            if (isset($_POST['new_node_number'])) {
                $new_node_number = readarg($_POST['new_node_number']);
            }
            if (isset($_POST['old_node_number'])) {
                $old_node_number = readarg($_POST['old_node_number']);
            }
            if (isset($_POST['p'])) {
                $p = $_POST['p'];
                // DON'T readarg!
            }
            break;
        default:
            break;
    }
    $thread_contents = array();
    $r = thread_get_contents($clang, $thread_id, false);
    /* node_id node_number node_ignored node_name node_title node_cloud thread_image */
    if (!$r or count($r) != count($p)) {
        $p = false;
    }
    if ($r) {
        $pos = 1;
        $thread_url = url('threadedit', $lang) . '/' . $thread_id;
        foreach ($r as $c) {
            $c['node_url'] = $thread_url . '/' . $c['node_id'];
            $c['pos'] = $p ? $p[$pos] : $pos;
            $thread_contents[$pos] = $c;
            $pos++;
        }
    }
    $missing_thread_name = false;
    $bad_thread_name = false;
    $missing_thread_type = false;
    $bad_thread_type = false;
    $missing_new_node_title = false;
    $bad_new_node_title = false;
    $bad_new_node_number = false;
    $missing_old_node_number = false;
    $bad_old_node_number = false;
    switch ($action) {
        case 'edit':
            if (!$thread_name) {
                $missing_thread_name = true;
            } else {
                if (!preg_match('#^\\w+(-\\w+)*$#', $thread_name)) {
                    $bad_thread_name = true;
                }
            }
            if (!$thread_type) {
                $missing_thread_type = true;
            } else {
                if (!in_array($thread_type, $supported_threads)) {
                    $bad_thread_type = true;
                }
            }
            break;
        case 'create':
        case 'copy':
            if (!$new_node_title) {
                $missing_new_node_title = true;
            } else {
                if (!$new_node_name) {
                    $bad_new_node_title = true;
                } else {
                    if (!preg_match('#^\\w+(-\\w+)*$#', $new_node_name)) {
                        $bad_new_node_title = true;
                    }
                }
            }
            if (!$new_node_number) {
                $new_node_number = false;
            } else {
                if (!is_numeric($new_node_number)) {
                    $bad_new_node_number = true;
                } else {
                    if ($new_node_number < 1 or $new_node_number > count($thread_contents) + 1) {
                        $bad_new_node_number = true;
                    }
                }
            }
            if ($action == 'create') {
                break;
            }
            /* fall thru */
        /* fall thru */
        case 'delete':
        case 'hide':
        case 'show':
            if (!$old_node_number) {
                $missing_old_node_number = true;
            } else {
                if (!is_numeric($old_node_number)) {
                    $bad_old_node_number = true;
                } else {
                    if ($old_node_number < 1 or $old_node_number > count($thread_contents)) {
                        $bad_old_node_number = true;
                    }
                }
            }
            break;
        case 'reorder':
            break;
        default:
            break;
    }
    $confirm_delete_node = false;
    switch ($action) {
        case 'edit':
            if ($missing_thread_name or $bad_thread_name or $missing_thread_type or $bad_thread_type) {
                break;
            }
            $r = thread_set($clang, $thread_id, $thread_name, $thread_title, $thread_type, $thread_abstract, $thread_cloud, $thread_image, $thread_visits, $thread_nosearch, $thread_nocloud, $thread_nocomment, $thread_nomorecomment, $thread_novote, $thread_nomorevote, $thread_ilike, $thread_tweet, $thread_plusone, $thread_linkedin, $thread_pinit);
            if (!$r) {
                break;
            }
            break;
        case 'create':
        case 'copy':
            if ($missing_new_node_title or $bad_new_node_title or $bad_new_node_number or $action == 'copy' and ($missing_old_node_number or $bad_old_node_number)) {
                break;
            }
            $user_id = user_profile('id');
            if ($action == 'copy') {
                $node_id = $thread_contents[$old_node_number]['node_id'];
                $np = thread_copy_node($clang, $user_id, $thread_id, $node_id, $new_node_name, $new_node_title, $new_node_number);
            } else {
                $np = thread_create_node($clang, $user_id, $thread_id, $new_node_name, $new_node_title, $new_node_number);
            }
            if (!$np) {
                break;
            }
            extract($np);
            /* node_id node_number node_ignored */
            $node_ignored = false;
            $node_title = $new_node_title;
            $node_url = url('threadedit', $lang) . '/' . $thread_id . '/' . $node_id;
            $pos = $node_number;
            if ($thread_contents) {
                foreach ($thread_contents as &$c) {
                    if ($c['node_number'] >= $pos) {
                        $c['node_number']++;
                    }
                    if ($c['pos'] >= $pos) {
                        $c['pos']++;
                    }
                }
                array_splice($thread_contents, $pos - 1, 0, array(compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos')));
            } else {
                $pos = 1;
                $thread_contents = array($pos => compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos'));
            }
            $new_node_name = $new_node_title = false;
            $new_node_number = $node_number + 1;
            $old_node_number = false;
            break;
        case 'delete':
            if ($missing_old_node_number or $bad_old_node_number) {
                break;
            }
            if (!$confirmed) {
                $confirm_delete_node = true;
                break;
            }
            $node_id = $thread_contents[$old_node_number]['node_id'];
            $r = thread_delete_node($thread_id, $node_id);
            if (!$r) {
                break;
            }
            unset($thread_contents[$old_node_number]);
            $thread_contents = array_values($thread_contents);
            foreach ($thread_contents as &$c) {
                if ($c['node_number'] >= $old_node_number) {
                    $c['node_number']--;
                }
                if ($c['pos'] >= $old_node_number) {
                    $c['pos']--;
                }
            }
            $new_node_number = $old_node_number = false;
            break;
        case 'hide':
            if ($missing_old_node_number or $bad_old_node_number) {
                break;
            }
            $node_id = $thread_contents[$old_node_number]['node_id'];
            $r = thread_set_node_ignored($thread_id, $node_id, true);
            if (!$r) {
                break;
            }
            $thread_contents[$old_node_number]['node_ignored'] = true;
            break;
        case 'show':
            if ($missing_old_node_number or $bad_old_node_number) {
                break;
            }
            $node_id = $thread_contents[$old_node_number]['node_id'];
            $r = thread_set_node_ignored($thread_id, $node_id, false);
            if (!$r) {
                break;
            }
            $thread_contents[$old_node_number]['node_ignored'] = false;
            break;
        case 'reorder':
            if (!$p) {
                break;
            }
            $neworder = range(1, count($p));
            array_multisort($p, SORT_NUMERIC, $neworder);
            $number = 1;
            $nc = array();
            foreach ($neworder as $i) {
                $c =& $thread_contents[$i];
                if ($c['node_number'] != $number) {
                    thread_set_node_number($thread_id, $c['node_id'], $number);
                    $c['node_number'] = $number;
                }
                $c['pos'] = $number;
                $nc[$number++] = $c;
            }
            $thread_contents = $nc;
            break;
        default:
            break;
    }
    head('title', $thread_title ? $thread_title : $thread_id);
    head('description', false);
    head('keywords', false);
    head('robots', 'noindex, nofollow');
    $headline_text = translate('threadall:title', $lang);
    $headline_url = url('threadedit', $lang) . '?' . 'clang=' . $clang;
    $headline = compact('headline_text', 'headline_url');
    $view = $thread_name ? url('thread', $clang) . '/' . $thread_id . '?' . 'slang=' . $lang : false;
    $scroll = true;
    $banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
    $toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
    $title = view('headline', false, $headline);
    $sidebar = view('sidebar', false, compact('title'));
    $inlanguages = view('inlanguages', false, compact('clang'));
    $errors = compact('missing_thread_name', 'bad_thread_name', 'missing_thread_type', 'bad_thread_type', 'missing_new_node_title', 'bad_new_node_title', 'bad_new_node_number', 'missing_old_node_number', 'bad_old_node_number');
    $content = view('editing/threadeditsummary', $lang, compact('clang', 'inlanguages', 'supported_threads', 'thread_id', 'thread_type', 'thread_title', 'thread_name', 'thread_abstract', 'thread_cloud', 'thread_image', 'thread_visits', 'thread_search', 'thread_tag', 'thread_comment', 'thread_morecomment', 'thread_vote', 'thread_morevote', 'thread_ilike', 'thread_tweet', 'thread_plusone', 'thread_linkedin', 'thread_pinit', 'thread_contents', 'new_node_name', 'new_node_title', 'new_node_number', 'old_node_number', 'confirm_delete_node', 'errors'));
    $output = layout('editing', compact('toolbar', 'banner', 'content', 'sidebar'));
    return $output;
}
Пример #10
0
function nodeeditor($lang, $clang, $node_id, $content_types)
{
    $action = 'init';
    if (isset($_POST['node_edit'])) {
        $action = 'edit';
    }
    $node_name = $node_title = $node_abstract = $node_cloud = $node_image = $node_comment = $node_morecomment = $node_vote = $node_morevote = false;
    $node_ilike = $node_tweet = $node_plusone = $node_linkedin = $node_pinit = false;
    $node_visits = false;
    $node_nocomment = $node_nomorecomment = $node_novote = $node_nomorevote = true;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = node_get($clang, $node_id, false);
            if ($r) {
                extract($r);
            }
            $node_comment = !$node_nocomment;
            $node_morecomment = !$node_nomorecomment;
            $node_vote = !$node_novote;
            $node_morevote = !$node_nomorevote;
            break;
        case 'edit':
            if (isset($_POST['node_title'])) {
                $node_title = readarg($_POST['node_title']);
            }
            if (isset($_POST['node_name'])) {
                $node_name = strtofname(readarg($_POST['node_name']));
            }
            if (empty($node_name) and !empty($node_title)) {
                $node_name = strtofname($node_title);
            }
            if (isset($_POST['node_abstract'])) {
                $node_abstract = readarg($_POST['node_abstract']);
            }
            if (isset($_POST['node_cloud'])) {
                $node_cloud = readarg($_POST['node_cloud'], true, false);
                // trim but DON'T strip!
                preg_match_all('/(\\S+)/', $node_cloud, $r);
                $node_cloud = implode(' ', array_unique($r[0]));
            }
            if (isset($_POST['node_image'])) {
                $node_image = readarg($_POST['node_image']);
            }
            if (isset($_POST['node_visits'])) {
                $node_visits = readarg($_POST['node_visits']) == 'on' ? true : false;
            }
            if (isset($_POST['node_comment'])) {
                $node_comment = readarg($_POST['node_comment']) == 'on' ? true : false;
                $node_nocomment = !$node_comment;
            }
            if (isset($_POST['node_morecomment'])) {
                $node_morecomment = readarg($_POST['node_morecomment']) == 'on' ? true : false;
                $node_nomorecomment = !$node_morecomment;
            }
            if (isset($_POST['node_vote'])) {
                $node_vote = readarg($_POST['node_vote']) == 'on' ? true : false;
                $node_novote = !$node_vote;
            }
            if (isset($_POST['node_morevote'])) {
                $node_morevote = readarg($_POST['node_morevote']) == 'on' ? true : false;
                $node_nomorevote = !$node_morevote;
            }
            if (isset($_POST['node_ilike'])) {
                $node_ilike = readarg($_POST['node_ilike'] == 'on' ? true : false);
            }
            if (isset($_POST['node_tweet'])) {
                $node_tweet = readarg($_POST['node_tweet'] == 'on' ? true : false);
            }
            if (isset($_POST['node_plusone'])) {
                $node_plusone = readarg($_POST['node_plusone'] == 'on' ? true : false);
            }
            if (isset($_POST['node_linkedin'])) {
                $node_linkedin = readarg($_POST['node_linkedin'] == 'on' ? true : false);
            }
            if (isset($_POST['node_pinit'])) {
                $node_pinit = readarg($_POST['node_pinit'] == 'on' ? true : false);
            }
            break;
        default:
            break;
    }
    $missing_node_name = false;
    $bad_node_name = false;
    switch ($action) {
        case 'edit':
            if (empty($node_name)) {
                $missing_node_name = true;
            } else {
                if (!preg_match('#^\\w+(-\\w+)*$#', $node_name)) {
                    $bad_node_name = true;
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'edit':
            if ($missing_node_name or $bad_node_name) {
                break;
            }
            $r = node_set($clang, $node_id, $node_name, $node_title, $node_abstract, $node_cloud, $node_image, $node_visits, $node_nocomment, $node_nomorecomment, $node_novote, $node_nomorevote, $node_ilike, $node_tweet, $node_plusone, $node_linkedin, $node_pinit);
            if (!$r) {
                break;
            }
            if (!$node_comment) {
                $node_morecomment = false;
            }
            if (!$node_vote) {
                $node_morevote = false;
            }
            break;
        default:
            break;
    }
    $content_editor = build('nodecontenteditor', $lang, $clang, $node_id, $content_types);
    $inlanguages = view('inlanguages', false, compact('clang'));
    $errors = compact('missing_node_name', 'bad_node_name');
    $output = view('editing/nodeeditor', $lang, compact('clang', 'inlanguages', 'node_name', 'node_title', 'node_abstract', 'node_cloud', 'node_image', 'node_visits', 'node_comment', 'node_morecomment', 'node_vote', 'node_morevote', 'node_ilike', 'node_tweet', 'node_plusone', 'node_linkedin', 'node_pinit', 'content_editor', 'errors'));
    return $output;
}
Пример #11
0
function unsubscribe($lang)
{
    $with_captcha = true;
    $action = 'init';
    if (isset($_POST['unsubscribe_send'])) {
        $action = 'unsubscribe';
    }
    $confirmed = $code = $token = false;
    $user_mail = user_profile('mail');
    $subscribe_page = false;
    switch ($action) {
        case 'init':
            $subscribe_page = url('newslettersubscribe', $lang);
            break;
        case 'unsubscribe':
            if (isset($_POST['unsubscribe_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail'])));
            }
            if (isset($_POST['unsubscribe_confirmed'])) {
                $confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false;
            }
            if (isset($_POST['unsubscribe_code'])) {
                $code = readarg($_POST['unsubscribe_code']);
            }
            if (isset($_POST['unsubscribe_token'])) {
                $token = readarg($_POST['unsubscribe_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $unknown_mail = false;
    $missing_confirmation = false;
    $mail_unsubscribed = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'unsubscribe':
            if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (!newsletter_get_user($user_mail)) {
                        $unknown_mail = true;
                    }
                }
            }
            if (!$confirmed) {
                $missing_confirmation = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'unsubscribe':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) {
                break;
            }
            require_once 'urlencodeaction.php';
            $id = 1;
            // confirmnewsletterunsubscribe, see saction
            $param = $user_mail;
            $s64 = urlencodeaction($id, $param);
            if (!$s64) {
                $internal_error = true;
                break;
            }
            $saction_page = url('saction', $lang);
            if (!$saction_page) {
                $internal_error = true;
                break;
            }
            global $base_url;
            $url = $base_url . $saction_page . '/' . $s64;
            require_once 'emailtext.php';
            $to = $user_mail;
            $subject = translate('newsletter:unregister_subject', $lang);
            $f = translate('newsletter:unregister_text', $lang);
            $s = sprintf($f, $url);
            $msg = $s . "\n\n" . translate('email:salutations', $lang);
            emailtext($msg, $to, $subject, false);
            $mail_unsubscribed = $user_mail;
            $confirmed = false;
            break;
        default:
            break;
    }
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['unsubscribe_token'] = $token = token_id();
    $errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
    $infos = compact('mail_unsubscribed');
    $output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos'));
    return $output;
}
Пример #12
0
function nodecontenteditor($lang, $clang, $node_id, $content_types)
{
    global $contents_model;
    $action = 'init';
    if (isset($_POST['content_modify'])) {
        $action = 'modify';
    } else {
        if (isset($_POST['content_create'])) {
            $action = 'create';
        } else {
            if (isset($_POST['content_delete'])) {
                $action = 'delete';
            }
        }
    }
    $new_content_type = $new_content_number = false;
    $old_content_number = false;
    $node_contents = false;
    $id = false;
    $p = false;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = node_get_contents($clang, $node_id);
            if ($r) {
                $pos = 1;
                $node_contents = array();
                foreach ($r as $c) {
                    $c['content_pos'] = $c['content_number'];
                    $node_contents[$pos] = $c;
                    $pos++;
                }
            }
            break;
        case 'modify':
        case 'create':
        case 'delete':
            if (isset($_POST['content_new_type'])) {
                $new_content_type = readarg($_POST['content_new_type']);
            }
            if (isset($_POST['content_new_number'])) {
                $new_content_number = readarg($_POST['content_new_number']);
            }
            if (isset($_POST['content_old_number'])) {
                $old_content_number = readarg($_POST['content_old_number']);
            }
            if (isset($_POST['content_id'])) {
                $id = $_POST['content_id'];
                // DON'T readarg!
            }
            if (isset($_POST['content_p'])) {
                $p = $_POST['content_p'];
                // DON'T readarg!
            }
            if (isset($_POST['content_ignored'])) {
                $ignored = $_POST['content_ignored'];
                // DON'T readarg!
            }
            break;
        default:
            break;
    }
    $bad_contents = false;
    switch ($action) {
        case 'create':
        case 'delete':
        case 'modify':
            if (!$id or !$p and !(is_array($id) and is_array($p) and count($id) == count($p))) {
                $bad_contents = true;
            } else {
                foreach ($id as $i => $v) {
                    if (!is_numeric($v) or !(isset($p[$i]) and is_numeric($p[$i]))) {
                        $bad_contents = true;
                        break;
                    }
                }
            }
            if ($bad_contents) {
                break;
            }
            $node_contents = array();
            foreach ($contents_model as $type => $fields) {
                foreach ($fields as $fname => $props) {
                    $fieldname = "content_{$type}_{$fname}";
                    if (isset($_POST[$fieldname]) and is_array($_POST[$fieldname])) {
                        foreach ($_POST[$fieldname] as $i => $value) {
                            $v = readarg($value, true, false);
                            // trim but DON'T strip_tags!
                            if (!isset($node_contents[$i])) {
                                $content_ignored = isset($ignored[$i]) && $ignored[$i] == 'on';
                                $node_contents[$i] = array('content_id' => $id[$i], 'content_pos' => $p[$i], 'content_ignored' => $content_ignored, 'content_type' => $type, $fieldname => $v);
                            } else {
                                $node_contents[$i][$fieldname] = $v;
                            }
                        }
                    }
                }
            }
            if (!$node_contents) {
                $bad_contents = true;
                break;
            }
            ksort($node_contents);
            break;
        default:
            break;
    }
    $missing_new_content_type = false;
    $bad_new_content_type = false;
    $bad_new_content_number = false;
    $missing_old_content_number = false;
    $bad_old_content_number = false;
    switch ($action) {
        case 'create':
            if (empty($new_content_type)) {
                $missing_new_content_type = true;
            } else {
                if (!$content_types or !in_array($new_content_type, $content_types)) {
                    $bad_new_content_type = true;
                }
            }
            if (empty($new_content_number)) {
                $new_content_number = false;
            } else {
                if (!is_numeric($new_content_number)) {
                    $bad_new_content_number = true;
                } else {
                    if ($new_content_number < 1) {
                        $bad_new_content_number = true;
                    } else {
                        if ($new_content_number > count($node_contents)) {
                            $new_content_number = false;
                        }
                    }
                }
            }
            break;
        case 'delete':
            if (empty($old_content_number)) {
                $missing_old_content_number = true;
            } else {
                if (!is_numeric($old_content_number)) {
                    $bad_old_content_number = true;
                } else {
                    if ($old_content_number < 1 or $old_content_number > count($node_contents)) {
                        $bad_old_content_number = true;
                    }
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'create':
            if ($missing_new_content_type or $bad_new_content_type or $bad_new_content_number) {
                break;
            }
            $nc = node_create_content($clang, $node_id, $new_content_type, $new_content_number);
            if (!$nc) {
                break;
            }
            $content_id = $nc['content_id'];
            $content_pos = $nc['content_number'];
            $content_type = $new_content_type;
            $content_ignored = false;
            $fields = compact('content_pos', 'content_id', 'content_type', 'content_ignored');
            foreach ($contents_model[$content_type] as $fname => $props) {
                $fieldname = "content_{$content_type}_{$fname}";
                $fields[$fieldname] = isset($props['default']) ? $props['default'] : false;
            }
            if ($node_contents) {
                foreach ($node_contents as &$c) {
                    if ($c['content_pos'] >= $content_pos) {
                        $c['content_pos']++;
                    }
                }
                array_splice($node_contents, $content_pos - 1, 0, array($fields));
            } else {
                $content_pos = 1;
                $node_contents = array($content_pos => $fields);
            }
            if ($new_content_number) {
                $new_content_number++;
            }
            $new_content_type = false;
            break;
        case 'delete':
            if ($missing_old_content_number or $bad_old_content_number) {
                break;
            }
            $c = $node_contents[$old_content_number];
            $content_id = $c['content_id'];
            $content_type = $c['content_type'];
            $r = node_delete_content($node_id, $content_id, $content_type);
            if (!$r) {
                break;
            }
            unset($node_contents[$old_content_number]);
            $node_contents = array_values($node_contents);
            foreach ($node_contents as &$c) {
                if ($c['content_pos'] >= $old_content_number) {
                    $c['content_pos']--;
                }
            }
            $old_content_number = false;
            break;
        case 'modify':
            if ($bad_contents) {
                break;
            }
            $neworder = range(1, count($p));
            array_multisort($p, SORT_NUMERIC, $neworder);
            $number = 1;
            $nc = array();
            foreach ($neworder as $i) {
                $c =& $node_contents[$i];
                $c['content_pos'] = $number;
                $nc[$number++] = $c;
            }
            $node_contents = $nc;
            $r = node_set_contents($clang, $node_id, $node_contents);
            if (!$r) {
                break;
            }
            break;
        default:
            break;
    }
    $errors = compact('missing_new_content_type', 'bad_new_content_type', 'bad_new_content_number', 'missing_old_content_number', 'bad_old_content_number');
    $output = view('editing/nodecontenteditor', $lang, compact('clang', 'content_types', 'new_content_type', 'new_content_number', 'old_content_number', 'node_contents', 'errors'));
    return $output;
}
Пример #13
0
function useredit($lang, $user_id)
{
    global $system_languages, $supported_roles;
    $is_admin = user_has_role('administrator');
    $is_owner = $user_id == user_profile('id');
    $with_name = true;
    $with_status = ($user_id != 1 and $is_admin);
    $with_delete = ($user_id != 1 and $is_admin and !$is_owner);
    $with_newpassword = false;
    // ($user_id != 1 and $is_owner);
    $with_locale = count($system_languages) > 1 ? true : false;
    $with_role = ($user_id != 1 and $is_admin);
    $with_timezone = ($user_id != 1 and $is_admin);
    $with_website = true;
    $with_info = false;
    $confirmed = false;
    $action = 'init';
    if (isset($_POST['useredit_modify'])) {
        $action = 'modify';
    }
    if ($with_newpassword) {
        if (isset($_POST['useredit_change'])) {
            $action = 'change';
        }
    }
    if ($with_delete) {
        if (isset($_POST['useredit_delete'])) {
            $action = 'delete';
        } else {
            if (isset($_POST['useredit_confirmdelete'])) {
                $action = 'delete';
                $confirmed = true;
            } else {
                if (isset($_POST['useredit_cancel'])) {
                    $action = 'cancel';
                }
            }
        }
    }
    $user_name = $user_mail = $user_locale = $user_timezone = false;
    $user_website = false;
    $user_active = $user_banned = false;
    $user_accessed = false;
    $user_role = false;
    $user_newpassword = false;
    $user_lastname = $user_firstname = false;
    $token = false;
    switch ($action) {
        case 'init':
        case 'reset':
            $r = user_get($user_id);
            if ($r) {
                extract($r);
                /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */
            }
            $user_newpassword = false;
            if ($with_info) {
                $r = user_get_info($user_id);
                if ($r) {
                    extract($r);
                    /* user_lastname, user_firstname */
                }
            }
            if ($with_role) {
                $user_role = user_get_role($user_id);
            }
            break;
        case 'modify':
        case 'change':
        case 'delete':
        case 'cancel':
            if ($with_info) {
                if (isset($_POST['useredit_lastname'])) {
                    $user_lastname = readarg($_POST['useredit_lastname']);
                }
                if (isset($_POST['useredit_firstname'])) {
                    $user_firstname = readarg($_POST['useredit_firstname']);
                }
            }
            if (isset($_POST['useredit_name'])) {
                $user_name = strtolower(strflat(readarg($_POST['useredit_name'])));
            }
            if (isset($_POST['useredit_mail'])) {
                $user_mail = strtolower(strflat(readarg($_POST['useredit_mail'])));
            }
            if (isset($_POST['useredit_website'])) {
                $user_website = strtolower(strflat(readarg($_POST['useredit_website'])));
            }
            if (isset($_POST['useredit_timezone'])) {
                $user_timezone = readarg($_POST['useredit_timezone']);
            }
            if (isset($_POST['useredit_locale'])) {
                $user_locale = readarg($_POST['useredit_locale']);
            }
            if ($with_role) {
                if (isset($_POST['useredit_role'])) {
                    $user_role = readarg($_POST['useredit_role']);
                }
            }
            if ($with_status) {
                if (isset($_POST['useredit_active'])) {
                    $user_active = readarg($_POST['useredit_active']) == 'on';
                }
                if (isset($_POST['useredit_banned'])) {
                    $user_banned = readarg($_POST['useredit_banned']) == 'on';
                }
                if (isset($_POST['useredit_accessed'])) {
                    $user_accessed = (int) readarg($_POST['useredit_accessed']);
                }
            }
            if ($with_newpassword) {
                if (isset($_POST['useredit_newpassword'])) {
                    $user_newpassword = readarg($_POST['useredit_newpassword']);
                }
            }
            if (isset($_POST['useredit_token'])) {
                $token = readarg($_POST['useredit_token']);
            }
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_lastname = false;
    $missing_firstname = false;
    $missing_name = false;
    $bad_name = false;
    $duplicated_name = false;
    $missing_mail = false;
    $bad_mail = false;
    $duplicated_mail = false;
    $bad_role = false;
    $bad_website = false;
    $missing_locale = false;
    $bad_locale = false;
    $bad_timezone = false;
    $missing_newpassword = false;
    $bad_newpassword = false;
    $account_modified = false;
    $password_changed = false;
    $internal_error = false;
    $contact_page = false;
    switch ($action) {
        case 'modify':
            if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) {
                $bad_token = true;
            }
            if ($with_info) {
                if (!$user_lastname) {
                    $missing_lastname = true;
                }
                if (!$user_firstname) {
                    $missing_firstname = true;
                }
            }
            if ($with_name and !$user_name) {
                $missing_name = true;
            }
            if ($user_name) {
                if (!validate_user_name($user_name)) {
                    $bad_name = true;
                } else {
                    if (!user_check_name($user_name, $user_id)) {
                        $duplicated_name = true;
                    }
                }
            }
            if (!$user_mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($user_mail)) {
                    $bad_mail = true;
                } else {
                    if (!user_check_mail($user_mail, $user_id)) {
                        $duplicated_mail = true;
                    }
                }
            }
            if ($user_role) {
                foreach ($user_role as $role) {
                    if (!validate_role($role)) {
                        $bad_role = true;
                        break;
                    }
                }
            }
            if ($user_website) {
                if (!validate_website($user_website)) {
                    $bad_website = true;
                } else {
                    $user_website = normalize_website($user_website);
                }
            }
            if ($user_timezone) {
                if (!validate_timezone($user_timezone)) {
                    $bad_timezone = true;
                }
            }
            if ($with_locale and !$user_locale) {
                $missing_locale = true;
            }
            if ($user_locale) {
                if (!validate_locale($user_locale)) {
                    $bad_locale = true;
                }
            }
            break;
        case 'change':
            if (!$user_newpassword) {
                $missing_newpassword = true;
            } else {
                if (!validate_password($user_newpassword)) {
                    $bad_newpassword = true;
                }
            }
            break;
        default:
            break;
    }
    $confirm_delete = false;
    switch ($action) {
        case 'modify':
            if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) {
                break;
            }
            $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone);
            if (!$r) {
                $internal_error = true;
                break;
            }
            if ($is_owner) {
                $_SESSION['user']['name'] = $user_name;
                $_SESSION['user']['mail'] = $user_mail;
                $_SESSION['user']['website'] = $user_website;
                $_SESSION['user']['locale'] = $user_locale;
                $_SESSION['user']['timezone'] = $user_timezone;
            }
            if ($with_info) {
                $r = user_set_info($user_id, $user_lastname, $user_firstname);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
                if ($is_owner) {
                    $_SESSION['user']['lastname'] = $user_lastname;
                    $_SESSION['user']['firstname'] = $user_firstname;
                }
            }
            if ($with_role) {
                $r = user_set_role($user_id, $user_role);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            if ($with_status) {
                $r = user_set_status($user_id, $user_active, $user_banned);
                if (!$r) {
                    $internal_error = true;
                    break;
                }
            }
            $account_modified = true;
            break;
        case 'change':
            if ($missing_newpassword or $bad_newpassword) {
                break;
            }
            $r = user_set_newpassword($user_id, $user_newpassword);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $password_changed = true;
            break;
        case 'delete':
            if (!$confirmed) {
                $confirm_delete = true;
                break;
            }
            $r = user_delete($user_id);
            if (!$r) {
                $internal_error = true;
                break;
            }
            return false;
        default:
            break;
    }
    $user_newpassword = false;
    if ($internal_error) {
        $contact_page = url('contact', $lang);
    }
    $_SESSION['useredit_token'] = $token = token_id();
    $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page');
    $infos = compact('account_modified', 'password_changed');
    $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete'));
    return $output;
}
Пример #14
0
function postnews($lang, $newsletter_id, $page_id)
{
    $postdate = $scheduled = $mailed = false;
    $r = newsletter_get_post($newsletter_id, $page_id, $lang);
    if ($r) {
        extract($r);
        // newsletter_post_scheduled, newsletter_post_mailed
        $scheduled = $newsletter_post_scheduled;
        $mailed = $newsletter_post_mailed;
    }
    if ($mailed) {
        return view('postnews', $lang, compact('mailed'));
    }
    $action = 'init';
    if (isset($_POST['postnews_post']) and !$scheduled) {
        $action = 'post';
    } else {
        if (isset($_POST['postnews_cancel']) and $scheduled and !$mailed) {
            $action = 'cancel';
        }
    }
    $hmin = 8;
    $hmax = 18;
    $token = false;
    $date = false;
    $hour = $hmin;
    $minute = 0;
    switch ($action) {
        case 'init':
            break;
        case 'post':
            if (isset($_POST['postnews_date'])) {
                $date = readarg($_POST['postnews_date']);
            }
            if (isset($_POST['postnews_hour'])) {
                $hour = readarg($_POST['postnews_hour']);
            }
            if (isset($_POST['postnews_minute'])) {
                $minute = readarg($_POST['postnews_minute']);
            }
            if (isset($_POST['postnews_token'])) {
                $token = readarg($_POST['postnews_token']);
            }
            break;
        case 'cancel':
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_date = false;
    $bad_date = false;
    $internal_error = false;
    switch ($action) {
        case 'post':
            if (!isset($_SESSION['postnews_token']) or $token != $_SESSION['postnews_token']) {
                $bad_token = true;
            }
            if (!is_numeric($hour)) {
                $hour = $hmin;
            } else {
                if ($hour < $hmin) {
                    $hour = $hmin;
                } else {
                    if ($hour >= $hmax) {
                        $hour = $hmax;
                        $minute = 0;
                    }
                }
            }
            if (!is_numeric($minute)) {
                $minute = 0;
            } else {
                if ($minute < 0) {
                    $minute = 0;
                } else {
                    if ($minute > 59) {
                        $minute = 59;
                    }
                }
            }
            if (!$date) {
                $missing_date = true;
            } else {
                if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
                    $bad_date = true;
                } else {
                    if (!checkdate($d[3], $d[4], $d[1])) {
                        $bad_date = true;
                    }
                }
            }
            if ($missing_date or $bad_date) {
                break;
            }
            $postdate = mktime($hour, $minute, 0, $d[3], $d[4], $d[1]);
            if ($postdate < mktime($hmin, 0, 0)) {
                $bad_date = true;
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'post':
            if ($bad_token or $missing_date or $bad_date) {
                break;
            }
            $r = newsletter_schedule_post($newsletter_id, $page_id, $lang, $postdate);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $scheduled = $postdate;
            break;
        case 'cancel':
            $r = newsletter_cancel_post($newsletter_id, $page_id, $lang);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $scheduled = false;
            break;
        default:
            break;
    }
    if (!$scheduled) {
        $postdate = mktime($hour, $minute, 0);
        if (time() > mktime($hmax + 1, 0, 0)) {
            $postdate = strtotime('+1 day', $postdate);
        }
    }
    $_SESSION['postnews_token'] = $token = token_id();
    $errors = compact('missing_date', 'bad_date', 'internal_error');
    $output = view('postnews', $lang, compact('token', 'scheduled', 'mailed', 'hmin', 'hmax', 'postdate', 'errors'));
    return $output;
}
Пример #15
0
function mailme($lang, $to = false, $with_appointment = false, $with_captcha = true, $with_home = true)
{
    $action = 'init';
    if (isset($_POST['mailme_send'])) {
        $action = 'send';
    }
    $mail = $subject = $message = $date = $hour = $minute = $code = $token = false;
    if (isset($_SESSION['user']['mail'])) {
        $mail = $_SESSION['user']['mail'];
    }
    switch ($action) {
        case 'send':
            if (isset($_POST['mailme_mail'])) {
                $mail = strtolower(strflat(readarg($_POST['mailme_mail'])));
            }
            if (isset($_POST['mailme_subject'])) {
                $subject = readarg($_POST['mailme_subject']);
            }
            if (isset($_POST['mailme_message'])) {
                $message = readarg($_POST['mailme_message']);
            }
            if ($with_appointment) {
                if (isset($_POST['mailme_date'])) {
                    $date = readarg($_POST['mailme_date']);
                }
                if (isset($_POST['mailme_hour'])) {
                    $hour = readarg($_POST['mailme_hour']);
                }
                if (isset($_POST['mailme_minute'])) {
                    $minute = readarg($_POST['mailme_minute']);
                }
            }
            if (isset($_POST['mailme_code'])) {
                $code = readarg($_POST['mailme_code']);
            }
            if (isset($_POST['mailme_token'])) {
                $token = readarg($_POST['mailme_token']);
            }
            break;
        default:
            break;
    }
    $missing_code = false;
    $bad_code = false;
    $bad_token = false;
    $missing_mail = false;
    $bad_mail = false;
    $missing_subject = false;
    $bad_subject = false;
    $missing_message = false;
    $bad_appointment = false;
    $email_sent = false;
    $home_page = false;
    $internal_error = false;
    switch ($action) {
        case 'send':
            if (!isset($_SESSION['mailme_token']) or $token != $_SESSION['mailme_token']) {
                $bad_token = true;
            }
            if ($with_captcha) {
                if (!$code) {
                    $missing_code = true;
                    break;
                }
                $captcha = isset($_SESSION['captcha']['mailme']) ? $_SESSION['captcha']['mailme'] : false;
                if (!$captcha or $captcha != strtoupper($code)) {
                    $bad_code = true;
                    break;
                }
            }
            if (!$mail) {
                $missing_mail = true;
            } else {
                if (!validate_mail($mail)) {
                    $bad_mail = true;
                }
            }
            if (!$subject) {
                $missing_subject = true;
            } else {
                if (is_mail_injected($subject)) {
                    $bad_subject = true;
                }
            }
            if (!$message) {
                $missing_message = true;
            }
            if ($with_appointment) {
                if ($date) {
                    if (!preg_match('#^([0-9]{4})([/-])([0-9]{2})\\2([0-9]{2})$#', $date, $d)) {
                        $bad_appointment = true;
                    } else {
                        if (!checkdate($d[3], $d[4], $d[1])) {
                            $bad_appointment = true;
                        } else {
                            if (mktime(0, 0, 0, $d[3], $d[4], $d[1]) <= mktime(0, 0, 0, date("m"), date("d"), date("y"))) {
                                $bad_appointment = true;
                            }
                        }
                    }
                }
                if (is_numeric($hour) and is_numeric($minute)) {
                    if ($hour < 0 or $hour > 23 or $minute < 0 or $minute > 59) {
                        $bad_appointment = true;
                    }
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'send':
            if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $missing_subject or $bad_subject or $missing_message or $bad_appointment) {
                break;
            }
            require_once 'emailme.php';
            if ($date) {
                $f = translate('email:appointment', $lang);
                $s = sprintf($f ? $f : "%s %02d:%02d", $date, $hour, $minute);
                $message .= "\n\n{$s}";
            }
            $r = emailme($subject, $message, $mail, $to);
            if (!$r) {
                $internal_error = true;
                break;
            }
            $subject = $message = $date = $hour = $minute = false;
            if ($with_home) {
                global $home_action;
                $home_page = url($home_action, $lang);
            }
            $email_sent = true;
            break;
        default:
            break;
    }
    $_SESSION['mailme_token'] = $token = token_id();
    $errors = compact('missing_code', 'bad_code', 'missing_mail', 'bad_mail', 'missing_subject', 'bad_subject', 'missing_message', 'bad_appointment', 'internal_error');
    $infos = compact('email_sent', 'home_page');
    $output = view('mailme', $lang, compact('token', 'with_captcha', 'with_appointment', 'mail', 'subject', 'message', 'date', 'hour', 'minute', 'errors', 'infos'));
    return $output;
}
Пример #16
0
function upload($lang)
{
    $maxfilesize = 1000000;
    $action = 'init';
    if (isset($_POST['upload_put'])) {
        $action = 'upload';
    }
    $file = $name = $type = $error = false;
    $size = 0;
    $token = false;
    switch ($action) {
        case 'upload':
            if (isset($_POST['upload_token'])) {
                $token = readarg($_POST['upload_token']);
            }
            if (isset($_FILES['upload_file'])) {
                if (isset($_FILES['upload_file']['tmp_name'])) {
                    $file = $_FILES['upload_file']['tmp_name'];
                }
                if (isset($_FILES['upload_file']['error'])) {
                    $error = $_FILES['upload_file']['error'];
                }
                if (isset($_FILES['upload_file']['name'])) {
                    $name = $_FILES['upload_file']['name'];
                }
                if (isset($_FILES['upload_file']['type'])) {
                    $type = $_FILES['upload_file']['type'];
                }
                if (isset($_FILES['upload_file']['size'])) {
                    $size = $_FILES['upload_file']['size'];
                }
            }
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_file = false;
    $bad_file = false;
    $bad_name = false;
    $bad_size = false;
    $bad_copy = false;
    $copy_error = false;
    $file_copied = false;
    switch ($action) {
        case 'upload':
            if (!isset($_SESSION['upload_token']) or $token != $_SESSION['upload_token']) {
                $bad_token = true;
                break;
            }
            if (!$file) {
                $missing_file = true;
            } else {
                if (!is_uploaded_file($file)) {
                    $bad_file = true;
                } else {
                    if ($error != UPLOAD_ERR_OK) {
                        $bad_copy = true;
                    } else {
                        if ($size > $maxfilesize) {
                            $bad_size = true;
                        } else {
                            if (!validate_filename($name) or !is_filename_allowed($name)) {
                                $bad_name = true;
                            }
                        }
                    }
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'upload':
            if ($bad_token or $missing_file or $bad_file or $bad_size or $bad_name or $bad_copy) {
                break;
            }
            $filecopy = FILES_DIR . DIRECTORY_SEPARATOR . $name;
            if (!@move_uploaded_file($file, $filecopy)) {
                $copy_error = true;
                break;
            }
            $file_copied = true;
            break;
        default:
            break;
    }
    $_SESSION['upload_token'] = $token = token_id();
    $errors = compact('missing_file', 'bad_file', 'bad_size', 'bad_name', 'bad_copy', 'copy_error');
    $infos = compact('file_copied');
    $output = view('upload', $lang, compact('token', 'maxfilesize', 'name', 'errors', 'infos'));
    return $output;
}
Пример #17
0
function threadeditall($lang, $clang)
{
    global $supported_threads, $with_toolbar;
    if (!user_has_role('writer')) {
        return run('error/unauthorized', $lang);
    }
    $confirmed = false;
    $action = 'init';
    if (isset($_POST['thread_create'])) {
        $action = 'create';
    } else {
        if (isset($_POST['thread_delete'])) {
            $action = 'delete';
        } else {
            if (isset($_POST['thread_confirmdelete'])) {
                $action = 'delete';
                $confirmed = true;
            } else {
                if (isset($_POST['threadlist_reorder'])) {
                    $action = 'reorder';
                }
            }
        }
    }
    $new_thread_name = $new_thread_title = $new_thread_type = $new_thread_number = false;
    $old_thread_number = false;
    $p = false;
    switch ($action) {
        case 'init':
        case 'reset':
            break;
        case 'create':
        case 'delete':
        case 'reorder':
            if (isset($_POST['new_thread_title'])) {
                $new_thread_title = readarg($_POST['new_thread_title']);
            }
            if ($new_thread_title) {
                $new_thread_name = strtofname($new_thread_title);
            }
            if (isset($_POST['new_thread_number'])) {
                $new_thread_number = readarg($_POST['new_thread_number']);
            }
            if (isset($_POST['new_thread_type'])) {
                $new_thread_type = readarg($_POST['new_thread_type']);
            }
            if (isset($_POST['old_thread_number'])) {
                $old_thread_number = readarg($_POST['old_thread_number']);
            }
            if (isset($_POST['p'])) {
                $p = $_POST['p'];
                // DON'T readarg!
            }
        default:
            break;
    }
    $thread_list = array();
    $r = thread_list($clang, false, false);
    if (!$r or count($r) != count($p)) {
        $p = false;
    }
    if ($r) {
        $pos = 1;
        $thread_url = url('threadedit', $lang);
        foreach ($r as $b) {
            $b['thread_url'] = $thread_url . '/' . $b['thread_id'];
            $b['pos'] = $p ? $p[$pos] : $pos;
            $thread_list[$pos] = $b;
            $pos++;
        }
    }
    $missing_new_thread_title = false;
    $missing_new_thread_name = false;
    $bad_new_thread_name = false;
    $missing_new_thread_type = false;
    $bad_new_thread_type = false;
    $bad_new_thread_number = false;
    $missing_old_thread_number = false;
    $bad_old_thread_number = false;
    switch ($action) {
        case 'create':
            if (!$new_thread_title) {
                $missing_new_thread_title = true;
            }
            if (!$new_thread_name) {
                $missing_new_thread_name = true;
            } else {
                if (!preg_match('#^[\\w-]{2,}$#', $new_thread_name)) {
                    $bad_new_thread_name = true;
                }
            }
            if (!$new_thread_number) {
                $bad_new_thread_number = false;
            } else {
                if (!is_numeric($new_thread_number)) {
                    $bad_new_thread_number = true;
                } else {
                    if ($new_thread_number < 1 or $new_thread_number > count($thread_list) + 1) {
                        $bad_new_thread_number = true;
                    }
                }
            }
            if (!$new_thread_type) {
                $missing_new_thread_type = true;
            } else {
                if (!in_array($new_thread_type, $supported_threads)) {
                    $bad_new_thread_type = true;
                }
            }
            break;
        case 'delete':
            if (!$old_thread_number) {
                $missing_old_thread_number = true;
            } else {
                if (!is_numeric($old_thread_number)) {
                    $bad_old_thread_number = true;
                } else {
                    if ($old_thread_number < 1 or $old_thread_number > count($thread_list)) {
                        $bad_old_thread_number = true;
                    }
                }
            }
            break;
        default:
            break;
    }
    $confirm_delete_thread = false;
    switch ($action) {
        case 'create':
            if ($missing_new_thread_title or $missing_new_thread_name or $bad_new_thread_name or $bad_new_thread_number or $missing_new_thread_type or $bad_new_thread_type) {
                break;
            }
            $user_id = user_profile('id');
            $np = thread_create($clang, $user_id, $new_thread_name, $new_thread_title, $new_thread_type, $new_thread_number);
            if (!$np) {
                break;
            }
            extract($np);
            /* thread_id thread_number */
            $thread_title = $new_thread_title;
            $thread_url = url('threadedit', $lang) . '/' . $thread_id;
            $pos = $thread_number;
            if ($thread_list) {
                foreach ($thread_list as &$tr) {
                    if ($tr['thread_number'] >= $pos) {
                        $tr['thread_number']++;
                    }
                    if ($tr['pos'] >= $pos) {
                        $tr['pos']++;
                    }
                }
                array_splice($thread_list, $pos - 1, 0, array(compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos')));
                array_multisort(range(1, count($thread_list)), $thread_list);
            } else {
                $pos = 1;
                $thread_list = array($pos => compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos'));
            }
            break;
        case 'delete':
            if ($missing_old_thread_number or $bad_old_thread_number) {
                break;
            }
            if (!$confirmed) {
                $confirm_delete_thread = true;
                break;
            }
            $thread_id = $thread_list[$old_thread_number]['thread_id'];
            $r = thread_delete($thread_id);
            if (!$r) {
                break;
            }
            unset($thread_list[$old_thread_number]);
            foreach ($thread_list as &$b) {
                if ($b['pos'] >= $old_thread_number) {
                    $b['pos']--;
                }
            }
            $old_thread_number = false;
            break;
        case 'reorder':
            if (!$p) {
                break;
            }
            $neworder = range(1, count($p));
            array_multisort($p, SORT_NUMERIC, $neworder);
            $number = 1;
            $nl = array();
            foreach ($neworder as $i) {
                $tr =& $thread_list[$i];
                if ($tr['thread_number'] != $number) {
                    thread_set_number($tr['thread_id'], $number);
                    $tr['thread_number'] = $number;
                }
                $tr['pos'] = $number;
                $nl[$number++] = $tr;
            }
            $thread_list = $nl;
            break;
        default:
            break;
    }
    head('title', translate('threadall:title', $lang));
    head('description', false);
    head('keywords', false);
    head('robots', 'noindex, nofollow');
    $site_title = translate('title', $lang);
    $view = url('thread', $clang) . '?' . 'slang=' . $lang;
    $banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view'));
    $scroll = true;
    $toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false;
    $inlanguages = view('inlanguages', false, compact('clang'));
    $errors = compact('missing_new_thread_title', 'bad_new_thread_title', 'missing_new_thread_name', 'missing_new_thread_type', 'bad_new_thread_name', 'bad_new_thread_type', 'bad_new_thread_number', 'missing_old_thread_number', 'bad_old_thread_number');
    $content = view('editing/threadeditall', $lang, compact('clang', 'site_title', 'inlanguages', 'supported_threads', 'thread_list', 'new_thread_title', 'new_thread_type', 'new_thread_number', 'old_thread_number', 'confirm_delete_thread', 'errors'));
    $output = layout('editing', compact('toolbar', 'banner', 'content'));
    return $output;
}
Пример #18
-1
function configure($lang)
{
    global $system_languages;
    global $base_url;
    $writable_files = array(CONFIG_DIRNAME . DIRECTORY_SEPARATOR . DB_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . CONFIG_INC, CONFIG_DIRNAME . DIRECTORY_SEPARATOR . ALIASES_INC, LOGOS_DIRNAME . DIRECTORY_SEPARATOR . SITELOGO_PNG, SITEMAP_XML, ROBOTS_TXT, AVATARS_DIRNAME, LOG_DIRNAME, TMP_DIRNAME, PHPQRCODECACHE_DIRNAME);
    $bad_write_permission = false;
    foreach ($writable_files as $fname) {
        $fpath = ROOT_DIR . DIRECTORY_SEPARATOR . $fname;
        clearstatcache(true, $fpath);
        if (!is_writable($fpath)) {
            if (!is_array($bad_write_permission)) {
                $bad_write_permission = array();
            }
            $bad_write_permission[] = $fname;
        }
    }
    $token = false;
    if (isset($_POST['configure_token'])) {
        $token = readarg($_POST['configure_token']);
    }
    $action = 'init';
    if (isset($_POST['configure_configure'])) {
        $action = 'configure';
    }
    $sitename = $webmaster = '';
    $content_languages = false;
    $default_language = false;
    $db_flag = false;
    $db_type = 'mysql';
    $db_reuse = false;
    $db_host = 'localhost';
    $db_admin_user = $db_admin_password = '';
    $db_name = $db_user = $db_password = $db_prefix = '';
    $site_admin_user = $site_admin_password = '';
    switch ($action) {
        case 'init':
            $sitename = 'mysite.net';
            $webmaster = '*****@*****.**';
            $content_languages = array($lang);
            $default_language = $lang;
            $db_flag = true;
            $db_reuse = false;
            $db_name = 'mysite';
            $db_user = '******';
            $db_prefix = 'mysite_';
            do {
                $db_password = newpassword(8);
            } while (!validate_password($db_password));
            break;
        case 'configure':
            if (isset($_POST['configure_sitename'])) {
                $sitename = readarg($_POST['configure_sitename']);
            }
            if (isset($_POST['configure_webmaster'])) {
                $webmaster = readarg($_POST['configure_webmaster']);
            }
            if (isset($_POST['configure_content_languages'])) {
                $content_languages = readarg($_POST['configure_content_languages']);
            }
            if (isset($_POST['configure_default_language'])) {
                $default_language = readarg($_POST['configure_default_language']);
            }
            if (isset($_POST['configure_db_flag'])) {
                $db_flag = readarg($_POST['configure_db_flag']) == 'yes' ? true : false;
            }
            if (isset($_POST['configure_db_type'])) {
                $db_type = readarg($_POST['configure_db_type']);
            }
            if (isset($_POST['configure_db_reuse'])) {
                $db_reuse = readarg($_POST['configure_db_reuse']) == 'yes' ? true : false;
            }
            if (isset($_POST['configure_db_admin_user'])) {
                $db_admin_user = readarg($_POST['configure_db_admin_user']);
            }
            if (isset($_POST['configure_db_admin_password'])) {
                $db_admin_password = readarg($_POST['configure_db_admin_password']);
            }
            if (isset($_POST['configure_db_name'])) {
                $db_name = readarg($_POST['configure_db_name']);
            }
            if (isset($_POST['configure_db_host'])) {
                $db_host = readarg($_POST['configure_db_host']);
            }
            if (isset($_POST['configure_db_user'])) {
                $db_user = readarg($_POST['configure_db_user']);
            }
            if (isset($_POST['configure_db_password'])) {
                $db_password = readarg($_POST['configure_db_password']);
            }
            if (isset($_POST['configure_db_prefix'])) {
                $db_prefix = readarg($_POST['configure_db_prefix']);
            }
            if (isset($_POST['configure_site_admin_user'])) {
                $site_admin_user = readarg($_POST['configure_site_admin_user']);
            }
            if (isset($_POST['configure_site_admin_password'])) {
                $site_admin_password = readarg($_POST['configure_site_admin_password']);
            }
            break;
        default:
            break;
    }
    $bad_token = false;
    $missing_sitename = false;
    $missing_webmaster = false;
    $missing_content_languages = false;
    $bad_content_languages = false;
    $missing_default_language = false;
    $bad_default_language = false;
    $missing_db_admin_user = false;
    $missing_db_admin_password = false;
    $bad_db_type = false;
    $missing_db_name = false;
    $bad_db_name = false;
    $bad_db_prefix = false;
    $missing_db_host = false;
    $bad_db_host = false;
    $missing_db_user = false;
    $bad_db_user = false;
    $missing_db_password = false;
    $weak_db_password = false;
    $missing_site_admin_user = false;
    $bad_site_admin_user = false;
    $missing_site_admin_password = false;
    $weak_site_admin_password = false;
    $db_error = false;
    $file_error = false;
    $internal_error = false;
    switch ($action) {
        case 'configure':
            if (!isset($_SESSION['configure_token']) or $token != $_SESSION['configure_token']) {
                $bad_token = true;
            }
            if (empty($sitename)) {
                $missing_sitename = true;
            }
            if (empty($webmaster)) {
                $missing_webmaster = true;
            }
            if (empty($content_languages)) {
                $missing_content_languages = true;
            } else {
                if (!is_array($content_languages)) {
                    $bad_content_languages = true;
                } else {
                    foreach ($content_languages as $clang) {
                        if (!in_array($clang, $system_languages)) {
                            $bad_content_languages = true;
                            break;
                        }
                    }
                    if (empty($default_language)) {
                        $default_language = $content_languages[0];
                    } else {
                        if (!in_array($default_language, $content_languages)) {
                            $bad_default_language = true;
                        }
                    }
                }
            }
            if ($db_flag) {
                if (empty($db_name)) {
                    $missing_db_name = true;
                } else {
                    if (!$db_reuse and !validate_db_name($db_name)) {
                        $bad_db_name = true;
                    }
                }
                if (empty($db_type) or !in_array($db_type, array('mysql', 'pgsql'))) {
                    $bad_db_type = true;
                }
                if (!empty($db_prefix) and !validate_db_name($db_prefix)) {
                    $bad_db_prefix = true;
                }
                if (!$db_reuse) {
                    if (empty($db_admin_user)) {
                        $missing_db_admin_user = true;
                    }
                    if (empty($db_admin_password)) {
                        $missing_db_admin_password = true;
                    }
                }
                if (empty($db_host)) {
                    $missing_db_host = true;
                } else {
                    if (!(validate_host_name($db_host) or validate_ip_address($db_host))) {
                        $bad_db_host = true;
                    }
                }
                if (empty($db_user)) {
                    $missing_db_user = true;
                } else {
                    if (!$db_reuse and !validate_db_name($db_user)) {
                        $bad_db_user = true;
                    }
                }
                if (empty($db_password)) {
                    $missing_db_password = true;
                } else {
                    if (!$db_reuse and !validate_password($db_password)) {
                        $weak_db_password = true;
                    }
                }
                if (empty($site_admin_user)) {
                    $missing_site_admin_user = true;
                } else {
                    if (!validate_db_name($site_admin_user)) {
                        $bad_site_admin_user = true;
                    }
                }
                if (empty($site_admin_password)) {
                    $missing_site_admin_password = true;
                } else {
                    if (!validate_password($site_admin_password)) {
                        $weak_site_admin_password = true;
                    }
                }
            }
            break;
        default:
            break;
    }
    switch ($action) {
        case 'configure':
            if ($bad_token or $bad_write_permission or $missing_sitename or $missing_webmaster or $missing_content_languages or $bad_default_language or $missing_db_admin_user or $missing_db_admin_password or $missing_db_name or $bad_db_name or $bad_db_type or $missing_db_host or $bad_db_host or $missing_db_user or $bad_db_user or $missing_db_password or $weak_db_password or $missing_site_admin_user or $bad_site_admin_user or $missing_site_admin_password or $weak_site_admin_password) {
                break;
            }
            $site_admin_mail = $site_admin_user . '@' . $sitename;
            $languages = array($default_language);
            foreach ($content_languages as $clang) {
                if ($clang != $default_language) {
                    $languages[] = $clang;
                }
            }
            if ($db_flag) {
                switch ($db_type) {
                    case 'pgsql':
                        require_once 'configurepgsql.php';
                        break;
                    case 'mysql':
                    default:
                        require_once 'configuremysql.php';
                        break;
                }
                if (!$db_reuse) {
                    try {
                        create_db($db_admin_user, $db_admin_password, 'localhost', $db_name, $db_user, $db_password);
                    } catch (PDOException $e) {
                        $db_error = $e->getMessage();
                        break;
                    }
                }
                try {
                    init_db($db_host, $db_name, $db_user, $db_password, $db_prefix, $site_admin_user, $site_admin_password, $site_admin_mail, $default_language);
                } catch (PDOException $e) {
                    $db_error = $e->getMessage();
                    break;
                }
                $img = identicon($site_admin_user, AVATAR_SIZE);
                @imagepng($img, AVATARS_DIR . DIRECTORY_SEPARATOR . $site_admin_user . '.png');
                $db_inc = build_db_inc($db_host, $db_name, $db_user, $db_password, $db_prefix, $db_type);
                $config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, 1, 'home', 'page', $languages);
                $features = array('captcha', 'avatar', 'rssfeed', 'home', 'contact', 'user', 'nobody', 'account', 'password', 'newuser', 'search', 'suggest', 'download', 'admin', 'adminuser', 'pagecontent', 'pagevisit', 'page', 'editpage', 'folder', 'folderedit', 'story', 'storyedit', 'book', 'bookedit', 'newsletter', 'newsletteredit', 'newslettersubscribe', 'newsletterunsubscribe', 'thread', 'threadedit', 'node', 'editnode', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
                $aliases_inc = build_aliases_inc($features, $languages);
            } else {
                $db_inc = build_db_inc(false, false, false, false, false, false);
                $config_inc = build_config_inc($sitename, $webmaster, $site_admin_user, false, 'homepage', 'anypage', $languages);
                $features = array('captcha', 'avatar', 'rssfeed', 'homepage', 'contact', 'donation', 'paypalreturn', 'paypalcancel', 'sslverifyclient', 'saction');
                $aliases_inc = build_aliases_inc($features, $languages);
            }
            if (!$db_inc or !$config_inc or !$aliases_inc) {
                $internal_error = true;
                break;
            }
            if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . DB_INC, array('<?php', $db_inc))) {
                $file_error = true;
                break;
            }
            if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . CONFIG_INC, array('<?php', $config_inc))) {
                $file_error = true;
                break;
            }
            if (!@file_put_contents(CONFIG_DIR . DIRECTORY_SEPARATOR . ALIASES_INC, array("<?php", $aliases_inc))) {
                $file_error = true;
                break;
            }
            $sitemap_xml = build_sitemap_xml($sitename, $languages);
            @file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . SITEMAP_XML, array('<?xml version="1.0" encoding="UTF-8"?>', "\n", $sitemap_xml));
            $robots_txt = build_robots_txt($sitename, $languages);
            @file_put_contents(ROOT_DIR . DIRECTORY_SEPARATOR . ROBOTS_TXT, $robots_txt);
            $logo = strlogo($sitename);
            @imagepng($logo, LOGOS_DIR . DIRECTORY_SEPARATOR . SITELOGO_PNG, 9, PNG_ALL_FILTERS);
            imagedestroy($logo);
            session_reopen();
            reload($base_url);
            return false;
        default:
            break;
    }
    $_SESSION['configure_token'] = $token = token_id();
    $errors = compact('bad_write_permission', 'missing_sitename', 'missing_webmaster', 'missing_content_languages', 'bad_default_language', 'missing_db_admin_user', 'missing_db_admin_password', 'bad_db_type', 'missing_db_name', 'bad_db_name', 'missing_db_host', 'bad_db_host', 'bad_db_prefix', 'missing_db_user', 'bad_db_user', 'missing_db_password', 'weak_db_password', 'missing_site_admin_user', 'bad_site_admin_user', 'missing_site_admin_password', 'weak_site_admin_password');
    $output = view('configure', $lang, compact('token', 'sitename', 'webmaster', 'db_error', 'file_error', 'internal_error', 'content_languages', 'default_language', 'db_flag', 'db_type', 'db_reuse', 'db_admin_user', 'db_admin_password', 'db_name', 'db_host', 'db_prefix', 'db_user', 'db_password', 'site_admin_user', 'site_admin_password', 'errors'));
    return $output;
}