function cp_welcome_email_send($member_id) { global $PREFS, $DB, $REGX; if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $password_string = "abcdefghijklmnopqrstuvwxyz1234567890"; $password = ""; for($i=0; $i<8; $i++) { $password .= $password_string[ rand(0, strlen($password_string)-1) ]; } $message = $this->settings["welcome_email_body"]; $from = $this->settings["welcome_email_from"]; $subject = $this->settings["welcome_email_subject"]; $subject = str_replace("{site_name}", $PREFS->ini('site_name'), $subject); $query = $DB->query("SELECT username, screen_name, email from exp_members WHERE member_id = " . $member_id); $message = str_replace("{password}", $password, $message); $message = str_replace("{username}", $query->row["username"], $message); $message = str_replace("{name}", $query->row["screen_name"], $message); $message = str_replace("{site_name}", $PREFS->ini('site_name'), $message); $message = str_replace("{site_url}", $PREFS->ini('site_url'), $message); $DB->query("UPDATE exp_members SET password = SHA('". $password . "') WHERE member_id = " . $member_id); $to = $query->row["email"]; $email = new EEmail; $email->wordwrap = false; $email->mailtype = 'text'; $email->from( $from ); $email->to( $to ); if ($this->settings["welcome_email_bcc"]=="yes") { $email->bcc( $PREFS->ini('webmaster_email') ); } $email->subject( $subject ); $email->message($REGX->entities_to_ascii( $message )); $email->Send(); }
/** ---------------------------------------- /** Reset the user's password /** ----------------------------------------*/ function reset_password() { global $LANG, $PREFS, $SESS, $FNS, $DSP, $IN, $OUT, $DB; /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] == TRUE) { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } if ( ! $id = $IN->GBL('id')) { return $OUT->show_user_error('submission', array($LANG->line('mbr_no_reset_id'))); } $time = time() - (60*60*24); // Get the member ID from the reset_password field $query = $DB->query("SELECT member_id FROM exp_reset_password WHERE resetcode ='".$DB->escape_str($id)."' and date > $time"); if ($query->num_rows == 0) { return $OUT->show_user_error('submission', array($LANG->line('mbr_id_not_found'))); } $member_id = $query->row['member_id']; // Fetch the user data $sql = "SELECT username, email FROM exp_members WHERE member_id ='$member_id'"; $query = $DB->query($sql); if ($query->num_rows == 0) { return false; } $address = $query->row['email']; $username = $query->row['username']; $rand = $FNS->random('alpha', 8); // Update member's password $sql = "UPDATE exp_members SET password = '******' WHERE member_id = '$member_id'"; $DB->query($sql); // Kill old data from the reset_password field $DB->query("DELETE FROM exp_reset_password WHERE date < $time || member_id = '$member_id'"); // Buid the email message if ($IN->GBL('r') == 'f') { if ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id'))) { $query = $DB->query("SELECT board_forum_url, board_label FROM exp_forum_boards WHERE board_id = '".$DB->escape_str($IN->GBl('board_id'))."'"); } else { $query = $DB->query("SELECT board_forum_url, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $return = $query->row['board_forum_url']; $site_name = $query->row['board_label']; } else { $site_name = stripslashes($PREFS->ini('site_name')); $return = $PREFS->ini('site_url'); } $swap = array( 'name' => $username, 'username' => $username, 'password' => $rand, 'site_name' => $site_name, 'site_url' => $return ); $template = $FNS->fetch_email_template('reset_password_notification'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); // Instantiate the email class require PATH_CORE.'core.email'.EXT; $email = new EEmail; $email->wordwrap = true; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($address); $email->subject($email_tit); $email->message($email_msg); if ( ! $email->Send()) { return $OUT->show_user_error('submission', array($LANG->line('error_sending_email'))); } /** ---------------------------------------- /** Build success message /** ----------------------------------------*/ $site_name = ($PREFS->ini('site_name') == '') ? $LANG->line('back') : stripslashes($PREFS->ini('site_name')); $data = array( 'title' => $LANG->line('mbr_login'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('password_has_been_reset'), 'link' => array($return, $site_name) ); $OUT->show_message($data); }
/** ---------------------------------------- /** Register Member /** ----------------------------------------*/ function register_member() { global $IN, $DB, $SESS, $PREFS, $FNS, $LOC, $LANG, $OUT, $STAT, $REGX, $EXT; /** ------------------------------------- /** Do we allow new member registrations? /** ------------------------------------*/ if ($PREFS->ini('allow_member_registration') == 'n') { return false; } /** ---------------------------------------- /** Is user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] == TRUE) { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } /* ------------------------------------------- /* 'member_member_register_start' hook. /* - Take control of member registration routine /* - Added EE 1.4.2 */ $edata = $EXT->call_extension('member_member_register_start'); if ($EXT->end_script === TRUE) return; /* /* -------------------------------------------*/ /** ---------------------------------------- /** Set the default globals /** ----------------------------------------*/ $default = array('username', 'password', 'password_confirm', 'email', 'screen_name', 'url', 'location'); foreach ($default as $val) { if ( ! isset($_POST[$val])) $_POST[$val] = ''; } if ($_POST['screen_name'] == '') $_POST['screen_name'] = $_POST['username']; /** ------------------------------------- /** Instantiate validation class /** -------------------------------------*/ if ( ! class_exists('Validate')) { require PATH_CORE.'core.validate'.EXT; } $VAL = new Validate( array( 'member_id' => '', 'val_type' => 'new', // new or update 'fetch_lang' => TRUE, 'require_cpw' => FALSE, 'enable_log' => FALSE, 'username' => $_POST['username'], 'cur_username' => '', 'screen_name' => $_POST['screen_name'], 'cur_screen_name' => '', 'password' => $_POST['password'], 'password_confirm' => $_POST['password_confirm'], 'cur_password' => '', 'email' => $_POST['email'], 'cur_email' => '' ) ); $VAL->validate_username(); $VAL->validate_screen_name(); $VAL->validate_password(); $VAL->validate_email(); /** ------------------------------------- /** Do we have any custom fields? /** -------------------------------------*/ $query = $DB->query("SELECT m_field_id, m_field_name, m_field_label, m_field_required FROM exp_member_fields WHERE m_field_reg = 'y'"); $cust_errors = array(); $cust_fields = array(); if ($query->num_rows > 0) { foreach ($query->result as $row) { if (isset($_POST['m_field_id_'.$row['m_field_id']])) { if ($row['m_field_required'] == 'y' AND $_POST['m_field_id_'.$row['m_field_id']] == '') { $cust_errors[] = $LANG->line('mbr_field_required').' '.$row['m_field_label']; } $cust_fields['m_field_id_'.$row['m_field_id']] = $REGX->xss_clean($_POST['m_field_id_'.$row['m_field_id']]); } } } if ($PREFS->ini('use_membership_captcha') == 'y') { if ( ! isset($_POST['captcha']) || $_POST['captcha'] == '') { $cust_errors[] = $LANG->line('captcha_required'); } } if ($PREFS->ini('require_terms_of_service') == 'y') { if ( ! isset($_POST['accept_terms'])) { $cust_errors[] = $LANG->line('mbr_terms_of_service_required'); } } $errors = array_merge($VAL->errors, $cust_errors); /** ------------------------------------- /** Display error is there are any /** -------------------------------------*/ if (count($errors) > 0) { return $OUT->show_user_error('submission', $errors); } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($PREFS->ini('use_membership_captcha') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row['count'] == 0) { return $OUT->show_user_error('submission', array($LANG->line('captcha_incorrect'))); } $DB->query("DELETE FROM exp_captcha WHERE (word='".$DB->escape_str($_POST['captcha'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200"); } /** ---------------------------------------- /** Secure Mode Forms? /** ----------------------------------------*/ if ($PREFS->ini('secure_forms') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row['count'] == 0) { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } $DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200"); } /** ------------------------------------- /** Assign the base query data /** -------------------------------------*/ // Set member group if ($PREFS->ini('req_mbr_activation') == 'manual' || $PREFS->ini('req_mbr_activation') == 'email') { $data['group_id'] = 4; // Pending } else { if ($PREFS->ini('default_member_group') == '') { $data['group_id'] = 4; // Pending } else { $data['group_id'] = $PREFS->ini('default_member_group'); } } $data['username'] = $_POST['username']; $data['password'] = $FNS->hash(stripslashes($_POST['password'])); $data['ip_address'] = $IN->IP; $data['unique_id'] = $FNS->random('encrypt'); $data['join_date'] = $LOC->now; $data['email'] = $_POST['email']; $data['screen_name'] = $_POST['screen_name']; $data['url'] = $REGX->prep_url($_POST['url']); $data['location'] = $_POST['location']; // Optional Fields $optional = array('bio' => 'bio', 'language' => 'deft_lang', 'timezone' => 'server_timezone', 'time_format' => 'time_format'); foreach($optional as $key => $value) { if (isset($_POST[$value])) { $data[$key] = $_POST[$value]; } } $data['daylight_savings'] = ($IN->GBL('daylight_savings', 'POST') == 'y') ? 'y' : 'n'; // We generate an authorization code if the member needs to self-activate if ($PREFS->ini('req_mbr_activation') == 'email') { $data['authcode'] = $FNS->random('alpha', 10); } /** ------------------------------------- /** Insert basic member data /** -------------------------------------*/ $DB->query($DB->insert_string('exp_members', $data)); $member_id = $DB->insert_id; /** ------------------------------------- /** Insert custom fields /** -------------------------------------*/ $cust_fields['member_id'] = $member_id; $DB->query($DB->insert_string('exp_member_data', $cust_fields)); /** ------------------------------------- /** Create a record in the member homepage table /** -------------------------------------*/ // This is only necessary if the user gains CP access, but we'll add the record anyway. $DB->query($DB->insert_string('exp_member_homepage', array('member_id' => $member_id))); /** ------------------------------------- /** Mailinglist Subscribe /** -------------------------------------*/ $mailinglist_subscribe = FALSE; if (isset($_POST['mailinglist_subscribe']) && is_numeric($_POST['mailinglist_subscribe'])) { // Kill duplicate emails from authorizatin queue. $DB->query("DELETE FROM exp_mailing_list_queue WHERE email = '".$DB->escape_str($_POST['email'])."'"); // Validate Mailing List ID $query = $DB->query("SELECT COUNT(*) AS count FROM exp_mailing_lists WHERE list_id = '".$DB->escape_str($_POST['mailinglist_subscribe'])."'"); // Email Not Already in Mailing List $results = $DB->query("SELECT count(*) AS count FROM exp_mailing_list WHERE email = '".$DB->escape_str($_POST['email'])."' AND list_id = '".$DB->escape_str($_POST['mailinglist_subscribe'])."'"); /** ------------------------------------- /** INSERT Email /** -------------------------------------*/ if ($query->row['count'] > 0 && $results->row['count'] == 0) { $mailinglist_subscribe = TRUE; $code = $FNS->random('alpha', 10); if ($PREFS->ini('req_mbr_activation') == 'email') { // Activated When Membership Activated $DB->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); } elseif ($PREFS->ini('req_mbr_activation') == 'manual') { // Mailing List Subscribe Email $DB->query("INSERT INTO exp_mailing_list_queue (email, list_id, authcode, date) VALUES ('".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".time()."')"); $LANG->fetch_language_file('mailinglist'); $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?'; $action_id = $FNS->fetch_action_id('Mailinglist', 'authorize_email'); $swap = array( 'activation_url' => $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$code, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url') ); $template = $FNS->fetch_email_template('mailinglist_activation_instructions'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $E = new EEmail; $E->wordwrap = true; $E->mailtype = 'plain'; $E->priority = '3'; $E->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $E->to($_POST['email']); $E->subject($email_tit); $E->message($email_msg); $E->Send(); } else { // Automatically Accepted $DB->query("INSERT INTO exp_mailing_list (user_id, list_id, authcode, email, ip_address) VALUES ('', '".$DB->escape_str($_POST['mailinglist_subscribe'])."', '".$code."', '".$DB->escape_str($_POST['email'])."', '".$DB->escape_str($IN->IP)."')"); } } } /** ------------------------------------- /** Update global member stats /** -------------------------------------*/ if ($PREFS->ini('req_mbr_activation') == 'none') { $STAT->update_member_stats(); } /** ------------------------------------- /** Send admin notifications /** -------------------------------------*/ if ($PREFS->ini('new_member_notification') == 'y' AND $PREFS->ini('mbr_notification_emails') != '') { $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $swap = array( 'name' => $name, 'site_name' => stripslashes($PREFS->ini('site_name')), 'control_panel_url' => $PREFS->ini('cp_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $FNS->fetch_email_template('admin_notify_reg'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); $notify_address = $REGX->remove_extra_commas($PREFS->ini('mbr_notification_emails')); /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; $email->wordwrap = true; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($notify_address); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } // ------------------------------------------- // 'member_member_register' hook. // - Additional processing when a member is created through the User Side // $edata = $EXT->call_extension('member_member_register', $data); if ($EXT->end_script === TRUE) return; // // ------------------------------------------- /** ------------------------------------- /** Send user notifications /** -------------------------------------*/ if ($PREFS->ini('req_mbr_activation') == 'email') { $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?'; $action_id = $FNS->fetch_action_id('Member', 'activate_member'); $name = ($data['screen_name'] != '') ? $data['screen_name'] : $data['username']; $board_id = ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id'))) ? $IN->GBL('board_id') : 1; $forum_id = ($IN->GBL('FROM') == 'forum') ? '&r=f&board_id='.$board_id : ''; $add = ($mailinglist_subscribe !== TRUE) ? '' : '&mailinglist='.$_POST['mailinglist_subscribe']; $swap = array( 'name' => $name, 'activation_url' => $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$data['authcode'].$forum_id.$add, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'username' => $data['username'], 'email' => $data['email'] ); $template = $FNS->fetch_email_template('mbr_activation_instructions'); $email_tit = $this->_var_swap($template['title'], $swap); $email_msg = $this->_var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; $email->wordwrap = true; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($data['email']); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); $message = $LANG->line('mbr_membership_instructions_email'); } elseif ($PREFS->ini('req_mbr_activation') == 'manual') { $message = $LANG->line('mbr_admin_will_activate'); } else { /** ---------------------------------------- /** Log user in /** ----------------------------------------*/ $expire = 60*60*24*182; $FNS->set_cookie($SESS->c_expire , time()+$expire, $expire); $FNS->set_cookie($SESS->c_uniqueid , $data['unique_id'], $expire); $FNS->set_cookie($SESS->c_password , $data['password'], $expire); /** ---------------------------------------- /** Create a new session /** ----------------------------------------*/ if ($PREFS->ini('user_session_type') == 'cs' || $PREFS->ini('user_session_type') == 's') { $SESS->sdata['session_id'] = $FNS->random(); $SESS->sdata['member_id'] = $member_id; $SESS->sdata['last_activity'] = $LOC->now; $SESS->sdata['site_id'] = $PREFS->ini('site_id'); $FNS->set_cookie($SESS->c_session , $SESS->sdata['session_id'], $SESS->session_length); $DB->query($DB->insert_string('exp_sessions', $SESS->sdata)); } /** ---------------------------------------- /** Update existing session variables /** ----------------------------------------*/ $SESS->userdata['username'] = $data['username']; $SESS->userdata['member_id'] = $member_id; /** ---------------------------------------- /** Update stats /** ----------------------------------------*/ $cutoff = $LOC->now - (15 * 60); $weblog_id = (USER_BLOG !== FALSE) ? UB_BLOG_ID : 0; $DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ((ip_address = '$IN->IP' AND member_id = '0') OR (date < $cutoff AND weblog_id = '$weblog_id'))"); $data = array( 'weblog_id' => $weblog_id, 'member_id' => $SESS->userdata('member_id'), 'name' => ($SESS->userdata['screen_name'] == '') ? $SESS->userdata['username'] : $SESS->userdata['screen_name'], 'ip_address' => $IN->IP, 'date' => $LOC->now, 'anon' => 'y', 'site_id' => $PREFS->ini('site_id') ); $DB->query($DB->update_string('exp_online_users', $data, array("ip_address" => $IN->IP, "member_id" => $data['member_id'], "weblog_id" => $data['weblog_id']))); $message = $LANG->line('mbr_your_are_logged_in'); } /** ---------------------------------------- /** Build the message /** ----------------------------------------*/ if ($IN->GBL('FROM') == 'forum') { if ($IN->GBL('board_id') !== FALSE && is_numeric($IN->GBL('board_id'))) { $query = $DB->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '".$DB->escape_str($IN->GBl('board_id'))."'"); } else { $query = $DB->query("SELECT board_forum_url, board_id, board_label FROM exp_forum_boards WHERE board_id = '1'"); } $site_name = $query->row['board_label']; $return = $query->row['board_forum_url']; } else { $site_name = ($PREFS->ini('site_name') == '') ? $LANG->line('back') : stripslashes($PREFS->ini('site_name')); $return = $PREFS->ini('site_url'); } $data = array( 'title' => $LANG->line('mbr_registration_complete'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('mbr_registration_completed')."\n\n".$message, 'redirect' => '', 'link' => array($return, $site_name) ); $OUT->show_message($data); }
/** --------------------------------------- /** Receive a trackback /** ---------------------------------------*/ function receive_trackback() { global $EXT, $REGX, $DB, $IN, $FNS, $LANG, $LOC, $PREFS, $STAT, $SESS; /** ---------------------------------------- /** Is the nation of the user banend? /** ----------------------------------------*/ $SESS->nation_ban_check(); $entry_id = !isset($_POST['tb_id']) ? '' : strip_tags($_POST['tb_id']); $charset = !isset($_POST['charset']) ? 'auto' : strtoupper(trim($_POST['charset'])); if ($entry_id != '' && !is_numeric($entry_id)) { $entry_id = ''; } if ($entry_id == '' && !isset($_GET['ACT_1'])) { return $this->trackback_response(1); } if ($entry_id == '' && !is_numeric($_GET['ACT_1'])) { return $this->trackback_response(1); } $id = $entry_id == '' ? $_GET['ACT_1'] : $entry_id; /** ----------------------------------- /** Verify and pre-process post data /** -----------------------------------*/ $required_post_data = array('url', 'title', 'blog_name', 'excerpt'); foreach ($required_post_data as $val) { if (!isset($_POST[$val]) || $_POST[$val] == '') { return $this->trackback_response(1); } if ($val != 'url') { if (function_exists('mb_convert_encoding')) { $_POST[$val] = mb_convert_encoding($_POST[$val], strtoupper($PREFS->ini('charset')), strtoupper($charset)); } elseif (function_exists('iconv')) { $return = @iconv($charset != 'auto' ? strtoupper($charset) : '', strtoupper($PREFS->ini('charset')), $_POST[$val]); if ($return !== FALSE) { $_POST[$val] = $return; } } elseif (function_exists('utf8_encode') && strtoupper($PREFS->ini('charset') == 'UTF-8')) { $_POST[$val] = utf8_encode($_POST[$val]); } } $_POST[$val] = $val != 'url' ? $REGX->xml_convert(strip_tags($_POST[$val]), TRUE) : strip_tags($_POST[$val]); } /** ---------------------------- /** Fetch preferences /** ----------------------------*/ $sql = "SELECT exp_weblog_titles.title, \n exp_weblog_titles.url_title,\n exp_weblog_titles.site_id,\n exp_weblog_titles.allow_trackbacks, \n exp_weblog_titles.trackback_total, \n exp_weblog_titles.weblog_id,\n exp_weblogs.blog_title,\n exp_weblogs.blog_url,\n exp_weblogs.trackback_system_enabled,\n exp_weblogs.comment_url,\n exp_weblogs.comment_notify,\n exp_weblogs.comment_notify_emails,\n exp_weblogs.comment_notify_authors,\n exp_weblogs.trackback_max_hits,\n exp_weblogs.trackback_use_captcha\n FROM exp_weblog_titles, exp_weblogs\n WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id\n AND exp_weblog_titles.entry_id = '" . $DB->escape_str($id) . "'"; $query = $DB->query($sql); if ($query->num_rows == 0) { return $this->trackback_response(1); } foreach ($query->row as $key => $val) { ${$key} = $val; } /** ---------------------------- /** Are pings allowed? /** ----------------------------*/ if ($allow_trackbacks == 'n' || $trackback_system_enabled == 'n') { return $this->trackback_response(1); } /** ----------------------------------- /** Do we require the TB Captcha? /** -----------------------------------*/ if ($trackback_use_captcha == 'y') { // First we see if the captcha is passed from input class $captcha = isset($_GET['ACT_2']) ? $_GET['ACT_2'] : ''; // If not, we need to fetch it from: $_POST['url'] if ($captcha == '') { $url = $IN->URI; $url_array = explode('/', trim($url, '/')); $captcha = $url_array[count($url_array) - 1]; } // Captchas are 8 characters long, so if the string we just fetched // is not then send them to the corn fields. if (strlen($captcha) < 8) { return $this->trackback_response(3); } // Query the captcha table $res = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $DB->escape_str($captcha) . "' AND date > UNIX_TIMESTAMP()-7200"); // No cappy? Very crappy... if ($res->row['count'] == 0) { return $this->trackback_response(3); } // Kill the captcha and any old, expired ones from the DB. $DB->query("DELETE FROM exp_captcha WHERE word='" . $DB->escape_str($captcha) . "' OR date < UNIX_TIMESTAMP()-7200"); // We need to remove the captcha string from the end of the URL // before we store it in the database. $_POST['url'] = str_replace($captcha, '', $_POST['url']); $_POST['url'] = $FNS->remove_double_slashes($_POST['url']); } // end captcha stuff... /** ---------------------------- /** Blacklist/Whitelist Check /** ----------------------------*/ if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') { return $this->trackback_response(3); } /** ---------------------------- /** Spam check /** ----------------------------*/ $last_hour = $LOC->now - 3600; $query = $DB->query("SELECT COUNT(*) as count FROM exp_trackbacks WHERE trackback_ip = '" . $IN->IP . "' AND trackback_date > '{$last_hour}'"); if ($query->row['count'] >= $trackback_max_hits) { return $this->trackback_response(4); } /** ---------------------------- /** Check for previous pings /** ----------------------------*/ $query = $DB->query("SELECT COUNT(*) as count FROM exp_trackbacks WHERE trackback_url = '" . $DB->escape_str($_POST['url']) . "' AND entry_id = '" . $DB->escape_str($id) . "'"); if ($query->row['count'] > 0) { return $this->trackback_response(2); } /** ---------------------------------------- /** Limit size of excerpt /** ----------------------------------------*/ $content = $FNS->char_limiter($_POST['excerpt']); /** ---------------------------------------- /** Do we allow duplicate data? /** ----------------------------------------*/ if ($PREFS->ini('deny_duplicate_data') == 'y') { $query = $DB->query("SELECT count(*) AS count FROM exp_trackbacks WHERE content = '" . $DB->escape_str($content) . "' "); if ($query->row['count'] > 0) { return $this->trackback_response(2); } } /** ---------------------------- /** Insert the trackback /** ----------------------------*/ $data = array('entry_id' => $id, 'weblog_id' => $weblog_id, 'title' => $_POST['title'], 'content' => $content, 'weblog_name' => $_POST['blog_name'], 'trackback_url' => $REGX->xml_convert($_POST['url']), 'trackback_date' => $LOC->now, 'trackback_ip' => $IN->IP, 'site_id' => $site_id); /* ------------------------------------- /* 'insert_trackback_insert_array' hook. /* - Modify any of the soon to be inserted values */ if ($EXT->active_hook('insert_trackback_insert_array') === TRUE) { $data = $EXT->call_extension('insert_trackback_insert_array', $data); if ($EXT->end_script === TRUE) { return; } } /* /* -------------------------------------*/ $DB->query($DB->insert_string('exp_trackbacks', $data)); $trackback_id = $DB->insert_id; if ($DB->affected_rows == 0) { return $this->trackback_response(3); } /** ------------------------------------------------ /** Update trackback count and "recent trackback" date /** ------------------------------------------------*/ $query = $DB->query("SELECT trackback_total, author_id FROM exp_weblog_titles WHERE entry_id = '{$id}'"); $trackback_total = $query->row['trackback_total'] + 1; $author_id = $query->row['author_id']; $DB->query("UPDATE exp_weblog_titles SET trackback_total = '{$trackback_total}', recent_trackback_date = '" . $LOC->now . "' WHERE entry_id = '{$id}'"); $DB->query("UPDATE exp_weblogs SET last_trackback_date = '" . $LOC->now . "' WHERE weblog_id = '{$weblog_id}'"); /** ---------------------------------------- /** Update global stats /** ----------------------------------------*/ $STAT->update_trackback_stats($weblog_id); /** ---------------------------------------- /** Fetch Notification Emails /** ----------------------------------------*/ $notify_emails = ''; if ($comment_notify == 'y' and $comment_notify_emails != '') { $notify_emails = $comment_notify_emails; } if ($comment_notify_authors == 'y') { $result = $DB->query("SELECT email FROM exp_members WHERE member_id = '" . $DB->escape_str($author_id) . "'"); $notify_emails .= ',' . $result->row['email']; } /** ---------------------------- /** Send notification /** ----------------------------*/ if ($notify_emails != '') { /** ---------------------------- /** Build email message /** ----------------------------*/ $delete_link = $PREFS->ini('cp_url') . '?S=0&C=edit' . '&M=del_comment_conf' . '&weblog_id=' . $weblog_id . '&entry_id=' . $id . '&trackback_id=' . $trackback_id; $swap = array('entry_title' => $title, 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $url_title . '/'), 'sending_weblog_name' => stripslashes($_POST['blog_name']), 'sending_entry_title' => stripslashes($_POST['title']), 'sending_weblog_url' => $_POST['url'], 'trackback_id' => $trackback_id, 'trackback_ip' => $IN->IP, 'delete_link' => $delete_link); $template = $FNS->fetch_email_template('admin_notify_trackback'); $email_msg = $FNS->var_swap($template['data'], $swap); $email_tit = $FNS->var_swap($template['title'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ require PATH_CORE . 'core.email' . EXT; $email = new EEmail(); foreach (explode(',', $notify_emails) as $addy) { if ($addy == '') { continue; } $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } /** ---------------------------- /** Return response /** ----------------------------*/ return $this->trackback_response(0); }
/** ----------------------------------- /** Send Message /** -----------------------------------*/ function send_message() { global $LANG, $DB, $IN, $LOC, $FNS, $SESS, $REGX, $PREFS; $submission_error = array(); /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] === TRUE) { return $this->_error_page(); } /** ---------------------------------------- /** Is the IP or User Agent unavalable? /** ----------------------------------------*/ if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == '') { return $this->_error_page(); } /** ------------------------------------- /** Status Setting /** -------------------------------------*/ if ($IN->GBL('preview') or $IN->GBL('remove')) { $status = 'preview'; } elseif ($IN->GBL('draft')) { $status = 'draft'; } else { $status = 'sent'; } /** ------------------------------------- /** Already Sent? /** -------------------------------------*/ if ($IN->GBL('message_id') !== FALSE && is_numeric($IN->GBL('message_id'))) { $query = $DB->query("SELECT message_status FROM exp_message_data WHERE message_id = '" . $DB->escape_str($IN->GBL('message_id')) . "'"); if ($query->num_rows > 0 && $query->row['message_status'] == 'sent') { return $this->_error_page($LANG->line('messsage_already_sent')); } } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_waiting_period => How many hours after becoming a member until they can PM? /* -------------------------------------------*/ $waiting_period = $PREFS->ini('prv_msg_waiting_period') !== FALSE ? (int) $PREFS->ini('prv_msg_waiting_period') : 1; if ($SESS->userdata['join_date'] > $LOC->now - $waiting_period * 60 * 60) { return $this->_error_page(str_replace(array('%time%', '%email%', '%site%'), array($waiting_period, $FNS->encode_email($PREFS->ini('webmaster_email')), $PREFS->ini('site_name')), $LANG->line('waiting_period_not_reached'))); } /* ------------------------------------------- /* Hidden Configuration Variables /* - prv_msg_throttling_period => How many seconds between PMs? /* -------------------------------------------*/ if ($status == 'sent' && $SESS->userdata['group_id'] != 1) { $period = $PREFS->ini('prv_msg_throttling_period') !== FALSE ? (int) $PREFS->ini('prv_msg_throttling_period') : 30; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . $DB->escape_str($LOC->now - $period)); if ($query->row['count'] > 0) { return $this->_error_page(str_replace('%x', $period, $LANG->line('send_throttle'))); } } /** ------------------------------------------ /** Is there a recipient, subject, and body? /** ------------------------------------------*/ if ($IN->GBL('recipients') == '' && $status == 'sent') { $submission_error[] = $LANG->line('empty_recipients_field'); } elseif ($IN->GBL('subject') == '') { $submission_error[] = $LANG->line('empty_subject_field'); } elseif ($IN->GBL('body') == '') { $submission_error[] = $LANG->line('empty_body_field'); } /** ------------------------------------------- /** Deny Duplicate Data /** -------------------------------------------*/ if ($PREFS->ini('deny_duplicate_data') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_data d\n \t\t\t\t\t\t WHERE d.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_body = '" . $DB->escape_str($REGX->xss_clean($IN->GBL('body'))) . "'"); if ($query->row['count'] > 0) { return $this->_error_page($LANG->line('duplicate_message_sent')); } } /** ------------------------------------------ /** Valid Recipients? - Only Checked on Sent /** ------------------------------------------*/ $recipients = $this->convert_recipients($IN->GBL('recipients'), 'array', 'member_id'); $cc = trim($IN->GBL('cc')) == '' ? array() : $this->convert_recipients($IN->GBL('cc'), 'array', 'member_id'); $recip_orig = sizeof($recipients); $cc_orig = sizeof($cc); // Make sure CC does not contain members in Recipients $cc = array_diff($cc, $recipients); if (sizeof($recipients) == 0 && $status == 'sent') { $submission_error[] = $LANG->line('empty_recipients_field'); } if ($this->invalid_name === TRUE) { $submission_error[] = $LANG->line('invalid_username'); } /** ------------------------------------------ /** Too Big for Its Britches? /** ------------------------------------------*/ if ($this->max_chars != 0 && strlen($IN->GBL('body')) > $this->max_chars) { $submission_error[] = str_replace('%max%', $this->max_chars, $LANG->line('message_too_large')); } /** ------------------------------------- /** Super Admins get a free pass /** -------------------------------------*/ if ($SESS->userdata('group_id') != 1) { /** ------------------------------------------ /** Sender Allowed to Send More Messages? /** ------------------------------------------*/ $query = $DB->query("SELECT COUNT(c.copy_id) AS count \n\t\t\t\t\t\t\t\t FROM exp_message_copies c, exp_message_data d\n\t\t\t\t\t\t\t\t WHERE c.message_id = d.message_id\n\t\t\t\t\t\t\t\t AND c.sender_id = '" . $DB->escape_str($this->member_id) . "'\n\t\t\t\t\t\t\t\t AND d.message_status = 'sent'\n\t\t\t\t\t\t\t\t AND d.message_date > " . ($LOC->now - 24 * 60 * 60)); if ($query->row['count'] + sizeof($recipients) + sizeof($cc) > $this->send_limit) { $submission_error[] = $LANG->line('sending_limit_warning'); } /** ------------------------------------------ /** Sender Allowed to Store More Messages? /** ------------------------------------------*/ if ($this->storage_limit != '0' && ($IN->GBL('sent_copy') !== FALSE && $IN->GBL('sent_copy') == 'y')) { if ($this->total_messages == '') { $this->storage_usage(); } if ($this->total_messages + 1 > $this->storage_limit) { $submission_error[] = $LANG->line('storage_limit_warning'); } } } /** ------------------------------------- /** Upload Path Set? /** -------------------------------------*/ if ($this->upload_path == '' && (isset($_POST['remove']) || isset($_FILES['userfile']['name']) && $_FILES['userfile']['name'] != '')) { $submission_error[] = $LANG->line('unable_to_recieve_attach'); } /** ------------------------------------- /** Attachments? /** -------------------------------------*/ if ($IN->GBL('attach') !== FALSE && $IN->GBL('attach') != '') { $this->attachments = explode('|', $_POST['attach']); } /* ------------------------------------- /* Create Forward Attachments /* /* We have to copy the attachments for /* forwarded messages. We only do this /* when the compose messaage page is first /* submitted. We have a special variable /* called 'create_attach' to tell us when /* that is. /* -------------------------------------*/ if ($this->attach_allowed == 'y' && $this->upload_path != '' && sizeof($this->attachments) > 0 && $IN->GBL('create_attach')) { if (($message = $this->_duplicate_files()) !== TRUE) { $submission_error[] = $message . BR; } } /** ------------------------------------- /** Is this a remove attachment request? /** -------------------------------------*/ if (isset($_POST['remove']) && $this->upload_path != '') { $id = key($_POST['remove']); if (is_numeric($id)) { $this->_remove_attachment($id); // Treat an attachment removal like a draft, where we do not // see the preview only the message. $this->hide_preview = TRUE; } } /** ------------------------------------- /** Do we have an attachment to deal with? /** -------------------------------------*/ if ($this->attach_allowed == 'y') { if ($this->upload_path != '' and isset($_FILES['userfile']['name']) and $_FILES['userfile']['name'] != '') { $preview = $IN->GBL('preview', 'POST') !== FALSE ? TRUE : FALSE; if (($message = $this->_attach_file()) !== TRUE) { $submission_error[] = $message . BR; } } } /** ----------------------------------- /** Check Overflow /** -----------------------------------*/ $details = array(); $details['overflow_recipients'] = array(); $details['overflow_cc'] = array(); for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) { if ($this->_check_overflow($recipients[$i]) === FALSE) { $details['overflow_recipients'][] = $recipients[$i]; unset($recipients[$i]); } } for ($i = 0, $size = sizeof($cc); $i < $size; $i++) { if ($this->_check_overflow($cc[$i]) === FALSE) { $details['overflow_cc'][] = $cc[$i]; unset($cc[$i]); } } /* ------------------------------------------------- /* If we have people unable to receive a message /* because of an overflow we make the message a /* preview and will send a message to the sender. /* -------------------------------------*/ if (sizeof($details['overflow_recipients']) > 0 or sizeof($details['overflow_cc']) > 0) { sort($recipients); sort($cc); $overflow_names = array(); /* ------------------------------------- /* Send email alert regarding a full /* inbox to these users, load names /* for error message /* -------------------------------------*/ global $PREFS; $query = $DB->query("SELECT exp_members.screen_name, exp_members.email, exp_members.accept_messages, exp_member_groups.prv_msg_storage_limit\n\t\t\t\t\t\t\t\t FROM exp_members\n\t\t\t\t\t\t\t\t LEFT JOIN exp_member_groups ON exp_member_groups.group_id = exp_members.group_id\n\t\t\t\t\t\t\t\t WHERE exp_members.member_id IN ('" . implode("','", array_merge($details['overflow_recipients'], $details['overflow_cc'])) . "')\n\t\t\t\t\t\t\t\t AND exp_member_groups.site_id = '" . $DB->escape_str($PREFS->ini('site_id')) . "'"); if ($query->num_rows > 0) { if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $swap = array('sender_name' => $SESS->userdata('screen_name'), 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url')); $template = $FNS->fetch_email_template('pm_inbox_full'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); foreach ($query->result as $row) { $overflow_names[] = $row['screen_name']; if ($row['accept_messages'] != 'y') { continue; } $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($row['email']); $email->subject($email_tit); $email->message($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'], 'pm_storage_limit' => $row['prv_msg_storage_limit']))); $email->Send(); } } $submission_error[] = str_replace('%overflow_names%', implode(', ', $overflow_names), $LANG->line('overflow_recipients')); } /** ---------------------------------------- /** Submission Errors Force a Preview /** ----------------------------------------*/ if (sizeof($submission_error) > 0) { $status = 'preview'; $this->hide_preview = TRUE; $this->invalid_name = FALSE; } /* ------------------------------------- /* Check Blocked on Sent /* /* If a message is blocked, we will not notify /* the sender of this and simply proceed. /* -------------------------------------*/ if ($status == 'sent') { $sql = "SELECT member_id FROM exp_message_listed\n\t\t\t\t\tWHERE listed_type = 'blocked'\n\t\t\t\t\tAND listed_member = '{$this->member_id}'\n\t\t\t\t\tAND \n\t\t\t\t\t(\n\t\t\t\t\tmember_id IN ('" . implode("','", $recipients) . "')"; if (sizeof($cc) > 0) { $sql .= "OR\n\t\t\t\t\t\t member_id IN ('" . implode("','", $cc) . "')"; } $sql .= ")"; $blocked = $DB->query($sql); if ($blocked->num_rows > 0) { foreach ($blocked->result as $row) { $details['blocked'][] = $row['member_id']; } $recipients = array_diff($recipients, $details['blocked']); $cc = sizeof($cc) > 0 ? array_diff($cc, $details['blocked']) : array(); sort($recipients); sort($cc); } } /** ------------------------------------- /** Store Data /** -------------------------------------*/ $data = array('message_id' => '', 'sender_id' => $this->member_id, 'message_date' => $LOC->now, 'message_subject' => $REGX->xss_clean($IN->GBL('subject')), 'message_body' => $REGX->xss_clean($IN->GBL('body')), 'message_tracking' => !$IN->GBL('tracking') ? 'n' : 'y', 'message_attachments' => sizeof($this->attachments) > 0 ? 'y' : 'n', 'message_recipients' => implode('|', $recipients), 'message_cc' => implode('|', $cc), 'message_hide_cc' => !$IN->GBL('hide_cc') ? 'n' : 'y', 'message_sent_copy' => !$IN->GBL('sent_copy') ? 'n' : 'y', 'total_recipients' => sizeof($recipients) + sizeof($cc), 'message_status' => $status); if ($IN->GBL('message_id') && is_numeric($IN->GBL('message_id'))) { /* ------------------------------------- /* Preview or Draft previously submitted. /* So, we're updating an already existing message /* -------------------------------------*/ $message_id = $IN->GBL('message_id'); unset($data['message_id']); $DB->query($DB->update_string('exp_message_data', $data, "message_id = '" . $DB->escape_str($message_id) . "'")); } else { $DB->query($DB->insert_string('exp_message_data', $data)); $message_id = $DB->insert_id; } /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ if ($status == 'sent') { $copy_data = array('copy_id' => '', 'message_id' => $message_id, 'sender_id' => $this->member_id); /** ----------------------------------------- /** Send out Messages to Recipients and CC /** -----------------------------------------*/ for ($i = 0, $size = sizeof($recipients); $i < $size; $i++) { $copy_data['recipient_id'] = $recipients[$i]; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } for ($i = 0, $size = sizeof($cc); $i < $size; $i++) { $copy_data['recipient_id'] = $cc[$i]; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } /** ---------------------------------- /** Increment exp_members.private_messages /** ----------------------------------*/ $DB->query("UPDATE exp_members SET private_messages = private_messages + 1\n\t\t\t\t\t\tWHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')"); /** ---------------------------------- /** Send Any and All Email Notifications /** ----------------------------------*/ $query = $DB->query("SELECT screen_name, email FROM exp_members\n\t\t\t\t\t\t\t\t WHERE member_id IN ('" . implode("','", array_merge($recipients, $cc)) . "')\n\t\t\t\t\t\t\t\t AND notify_of_pm = 'y'\n\t\t\t\t\t\t\t\t AND member_id != {$this->member_id}"); if ($query->num_rows > 0) { global $PREFS; if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); $TYPE->smileys = FALSE; $TYPE->highlight_code = TRUE; if ($PREFS->ini('enable_censoring') == 'y' && $PREFS->ini('censored_words') != '') { $subject = $TYPE->filter_censored_words($REGX->xss_clean($IN->GBL('subject'))); } else { $subject = $REGX->xss_clean($IN->GBL('subject')); } $body = $TYPE->parse_type(stripslashes($REGX->xss_clean($IN->GBL('body'))), array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $swap = array('sender_name' => $SESS->userdata('screen_name'), 'message_subject' => $subject, 'message_content' => $body, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url')); $template = $FNS->fetch_email_template('private_message_notification'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); foreach ($query->result as $row) { $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($row['email']); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($FNS->var_swap($email_msg, array('recipient_name' => $row['screen_name'])))); $email->Send(); } } } /** ------------------------------------- /** Sent Copy? /** -------------------------------------*/ if ($status == 'sent' && $data['message_sent_copy'] == 'y') { $copy_data['recipient_id'] = $this->member_id; $copy_data['message_authcode'] = $FNS->random('alpha', 10); $copy_data['message_folder'] = '2'; // Sent Message Folder $copy_data['message_read'] = 'y'; // Already read automatically $DB->query($DB->insert_string('exp_message_copies', $copy_data)); } /** ------------------------------------- /** Replying or Forwarding? /** -------------------------------------*/ if ($status == 'sent' && ($IN->GBL('replying') !== FALSE or $IN->GBL('forwarding') !== FALSE)) { $copy_id = $IN->GBL('replying') !== FALSE ? $IN->GBL('replying') : $IN->GBL('forwarding'); $status = $IN->GBL('replying') !== FALSE ? 'replied' : 'forwarded'; $DB->query("UPDATE exp_message_copies SET message_status = '{$status}' WHERE copy_id = '{$copy_id}'"); } /** ------------------------------------- /** Correct Member ID for Attachments /** -------------------------------------*/ if (sizeof($this->attachments) > 0) { $DB->query("UPDATE exp_message_attachments SET message_id = '{$message_id}' \n\t\t\t\t\t\tWHERE attachment_id IN ('" . implode("','", $this->attachments) . "')"); } /** ------------------------------------- /** Remove Temp Status for Attachments /** -------------------------------------*/ if ($status == 'sent') { $DB->query("UPDATE exp_message_attachments SET is_temp = 'n' WHERE message_id = '{$message_id}'"); } /** ------------------------------------- /** Redirect Them /** -------------------------------------*/ if ($status == 'preview') { return $this->compose($message_id, $submission_error); } elseif ($status == 'draft') { $this->drafts(); } else { $FNS->redirect($this->_create_path('inbox')); } }
// Get the member email address $sql_member = "SELECT email FROM exp_members WHERE member_id='" . $row['member_id'] . "'"; $sql_query = $DB->query($sql_member); // Assemble the email $receipient = $sql_query->row['email']; $bcc_emails = $PREFS->core_ini['webmaster_email']; $email_subject = "Your Be Fabulous subscription has expired"; $email_msg = "Hello\n"; $email_msg = $email_msg . "\n"; $email_msg = $email_msg . "This is just a brief email to let you know that your Be Fabulous 12 month subscription has expired.\n"; $email_msg = $email_msg . "\n"; $email_msg = $email_msg . "To re-subscribe simply visit http://www.be-fabulous.co.uk and log-in to your account. You will see an option on the right hand side of the 'All about you' page to 'Upgrade your subscription'.\n"; $email_msg = $email_msg . "\n"; $email_msg = $email_msg . "If you need any help or have any questions please don't hesitate to contact us by replying to this email or calling Karen on +44 (0) 7970 732057.\n"; $email_msg = $email_msg . "\n"; $email_msg = $email_msg . " - End of Message - \n"; // Send the Email $email = new EEmail(); $email->wordwrap = false; $email->mailtype = 'text'; $email->validate = true; $email->from($PREFS->core_ini['webmaster_email'], $PREFS->core_ini['webmaster_name']); $email->to($receipient); $email->bcc($bcc_emails); $email->subject($email_subject); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); $email->initialize(); } } }
/** ----------------------------------------- /** USAGE: Submit New Post. /** -----------------------------------------*/ function newPost($plist) { global $DB, $LANG, $FNS, $LOC, $PREFS, $REGX, $IN, $STAT; $parameters = $plist->output_parameters(); if (!$this->fetch_member_data($parameters['2'], $parameters['3'])) { return new XML_RPC_Response('0', '802', $LANG->line('invalid_access')); } /** --------------------------------------- /** Parse Out Weblog Information /** ---------------------------------------*/ $this->parse_weblog($parameters['1']); $this->status = $parameters['5'] == '0' ? 'closed' : 'open'; $sticky = 'n'; /** --------------------------------------- /** Parse Weblog Meta-Information /** ---------------------------------------*/ // using entities because of <title> conversion by xss_clean() if (preg_match('/<title>(.+?)<\\/title>/is', $parameters['4'], $matches)) { $this->title = $PREFS->ini('auto_convert_high_ascii') == 'y' ? $REGX->ascii_to_entities(trim($matches['1'])) : $matches['1']; $parameters['4'] = str_replace($matches['0'], '', $parameters['4']); } if (preg_match('/<weblog_id>(.+?)<\\/weblog_id>/is', $parameters['4'], $matches)) { $this->weblog_id = trim($matches['1']); $parameters['4'] = str_replace($matches['0'], '', $parameters['4']); $this->parse_weblog($this->weblog_id); } if (preg_match('/<category>(.*?)<\\/category>/is', $parameters['4'], $matches)) { $this->categories = trim($matches['1']); $parameters['4'] = str_replace($matches['0'], '', $parameters['4']); if (strlen($this->categories) > 0) { $this->check_categories("AND exp_weblogs.weblog_id = '{$this->weblog_id}'"); } } if (preg_match('/<sticky>(.+?)<\\/sticky>/is', $parameters['4'], $matches)) { $sticky = (trim($matches['1']) == 'yes' or trim($matches['1']) == 'y') ? 'y' : 'n'; $parameters['4'] = str_replace($matches['0'], '', $parameters['4']); } /** --------------------------------------- /** Default Weblog Data for weblog_id /** ---------------------------------------*/ $query = $DB->query("SELECT deft_comments, deft_trackbacks, cat_group,\n \t\t\t\t\t\t blog_title, blog_url,\n \t\t\t\t\t\t weblog_notify_emails, weblog_notify, comment_url\n \t\t\t\t\t\t FROM exp_weblogs\n \t\t\t\t\t\t WHERE weblog_id = '{$this->weblog_id}'"); if ($query->num_rows == 0) { return new XML_RPC_Response('0', '802', $LANG->line('invalid_weblog')); } $notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : ''; /** --------------------------------------- /** URL Title Unique? /** ---------------------------------------*/ $url_title = $REGX->create_url_title($this->title, TRUE); $sql = "SELECT count(*) AS count \n\t\t\t\tFROM exp_weblog_titles \n\t\t\t\tWHERE url_title = '" . $DB->escape_str($url_title) . "' \n\t\t\t\tAND weblog_id = '{$this->weblog_id}'"; $results = $DB->query($sql); // Already have default title if ($results->row['count'] > 0) { // Give it a moblog title $inbetween = $PREFS->ini('word_separator') == 'dash' ? '-' : '_'; $url_title .= $inbetween . 'api'; /** --------------------------------------- /** Multiple Title Find /** ---------------------------------------*/ $sql = "SELECT count(*) AS count \n\t\t\t\t\tFROM exp_weblog_titles \n\t\t\t\t\tWHERE url_title LIKE '" . $DB->escape_like_str($url_title) . "%' \n\t\t\t\t\tAND weblog_id = '{$this->weblog_id}'"; $results = $DB->query($sql); $url_title .= $results->row['count'] + 1; } /** --------------------------------- /** Build our query string /** ---------------------------------*/ $metadata = array('entry_id' => '', 'weblog_id' => $this->weblog_id, 'author_id' => $this->userdata['member_id'], 'title' => $this->title, 'url_title' => $url_title, 'ip_address' => $IN->IP, 'entry_date' => $LOC->now, 'edit_date' => gmdate("YmdHis", $LOC->now), 'year' => gmdate('Y', $LOC->now), 'month' => gmdate('m', $LOC->now), 'day' => gmdate('d', $LOC->now), 'sticky' => $sticky, 'status' => $this->status, 'allow_comments' => $query->row['deft_comments'], 'allow_trackbacks' => $query->row['deft_trackbacks']); /** --------------------------------------- /** Parse Weblog Field Data /** ---------------------------------------*/ $entry_data = array('weblog_id' => $this->weblog_id); if (sizeof($this->fields) > 0) { foreach ($this->fields as $field_id => $afield) { if (preg_match('/<' . $afield['0'] . '>(.+?)<\\/' . $afield['0'] . '>/is', $parameters['4'], $matches)) { if (!isset($entry_data['field_id_' . $field_id])) { $entry_data['field_id_' . $field_id] = $matches['1']; $entry_data['field_ft_' . $field_id] = $afield['1']; } else { $entry_data['field_id_' . $field_id] .= "\n" . $matches['1']; } $parameters['4'] = trim(str_replace($matches['0'], '', $parameters['4'])); } } } if (trim($parameters['4']) != '') { if (!isset($entry_data[$this->field])) { $entry_data['field_id_' . $this->field] = trim($parameters['4']); $entry_data['field_ft_' . $this->field] = $this->fields[$this->field]['1']; } else { $entry_data[$this->field] .= "\n" . trim($parameters['4']); } } /** --------------------------------- /** Insert the entry data /** ---------------------------------*/ $metadata['site_id'] = $this->site_id; $DB->query($DB->insert_string('exp_weblog_titles', $metadata)); $entry_data['entry_id'] = $DB->insert_id; $entry_data['site_id'] = $this->site_id; $DB->query($DB->insert_string('exp_weblog_data', $entry_data)); /** --------------------------------- /** Insert Categories, if any /** ---------------------------------*/ if (sizeof($this->ecategories) > 0) { foreach ($this->ecategories as $catid => $cat_name) { $DB->query("INSERT INTO exp_category_posts \n \t\t\t\t\t(entry_id, cat_id) \n \t\t\t\t\tVALUES \n \t\t\t\t\t('" . $entry_data['entry_id'] . "', '{$catid}')"); } } /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $swap = array('name' => $this->userdata['screen_name'], 'email' => $this->userdata['email'], 'weblog_name' => $query->row['blog_title'], 'entry_title' => $metadata['title'], 'entry_url' => $FNS->remove_double_slashes($query->row['blog_url'] . '/' . $metadata['url_title'] . '/'), 'comment_url' => $FNS->remove_double_slashes($query->row['comment_url'] . '/' . $metadata['url_title'] . '/')); $template = $FNS->fetch_email_template('admin_notify_entry'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); // We don't want to send a notification if the person // leaving the entry is in the notification list $notify_address = str_replace($this->userdata['email'], "", $notify_address); $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } /** --------------------------------- /** Clear caches if needed /** ---------------------------------*/ if ($PREFS->ini('new_posts_clear_caches') == 'y') { $FNS->clear_caching('all'); } else { $FNS->clear_caching('sql'); } /** --------------------------------------- /** Update those stats, stat! /** ---------------------------------------*/ $STAT->update_weblog_stats($this->weblog_id); $query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $this->userdata['member_id'] . "'"); $total_entries = $query->row['total_entries'] + 1; $DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '" . $LOC->now . "' WHERE member_id = '" . $this->userdata['member_id'] . "'"); /** --------------------------------- /** Return Entry ID of new entry /** ---------------------------------*/ return new XML_RPC_Response(new XML_RPC_Values($entry_data['entry_id'], 'string')); }
/** ----------------------------- /** Send email in batch mode /** -----------------------------*/ function batch_send() { global $IN, $DSP, $FNS, $LANG, $DB, $SESS, $PREFS, $REGX; $DSP->title = $LANG->line('communicate'); $DSP->show_crumb = FALSE; $debug_msg = ''; if (!($id = $IN->GBL('id'))) { return $DSP->error_message($LANG->line('problem_with_id'), 0); } /** ----------------------------- /** Fetch mailing list IDs /** -----------------------------*/ $list_templates = array(); if ($this->mailinglist_exists == TRUE) { $query = $DB->query("SELECT list_id FROM exp_email_cache_ml WHERE cache_id = '" . $DB->escape_str($id) . "'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { // Fetch the template for each list $query = $DB->query("SELECT list_template, list_title FROM exp_mailing_lists WHERE list_id = '" . $row['list_id'] . "'"); $list_templates[$row['list_id']] = array('list_template' => $query->row['list_template'], 'list_title' => $query->row['list_title']); } } } /** ----------------------------- /** Fetch cached email /** -----------------------------*/ $query = $DB->query("SELECT * FROM exp_email_cache WHERE cache_id = '" . $DB->escape_str($id) . "'"); if ($query->num_rows == 0) { return $DSP->error_message($LANG->line('cache_data_missing'), 0); } // Turn the result fields into variables foreach ($query->row as $key => $val) { if ($key == 'recipient_array') { ${$key} = $REGX->array_stripslashes(unserialize($val)); } else { ${$key} = $val; } } /** ------------------------------------------------- /** Determine which emails correspond to this batch /** -------------------------------------------------*/ $finished = FALSE; $total = count($recipient_array); $batch = $PREFS->ini('email_batch_size'); if ($batch > $total) { $batch = $total; $finished = TRUE; } /** --------------------------------------- /** Apply text formatting if necessary /** ---------------------------------------*/ if ($text_fmt != 'none' && $text_fmt != '') { if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); $TYPE->parse_smileys = FALSE; $message = $TYPE->parse_type($message, array('text_format' => $text_fmt, 'html_format' => 'all', 'auto_links' => 'n', 'allow_img_url' => 'y')); } /** --------------------- /** Send emails /** ---------------------*/ $action_id = $FNS->fetch_action_id('Mailinglist', 'unsubscribe'); require PATH_CORE . 'core.email' . EXT; $email = new EEmail(); $email->wordwrap = $wordwrap == 'y' ? TRUE : FALSE; $email->mailtype = $mailtype; $email->priority = $priority; $i = 0; foreach ($recipient_array as $key => $val) { if ($i == $batch) { break; } $screen_name = ''; $list_id = FALSE; if (is_array($val) and substr($key, 0, 1) == 'm') { $screen_name = $val['1']; $val = $val['0']; } elseif (is_array($val) and substr($key, 0, 1) == 'l') { $list_id = $val['1']; $val = $val['0']; } $email->initialize(); $email->from($from_email, $from_name); $email->to($val); $email->subject($subject); // m = member id // l = mailing list // r = general recipient // Make a copy so we don't mess up the original $msg = $message; $msg_alt = $plaintext_alt; if (substr($key, 0, 1) == 'l') { $msg = $this->parse_template($list_templates[$list_id], $msg, $action_id, substr($key, 1), $mailtype); $msg_alt = $this->parse_template($list_templates[$list_id], $msg_alt, $action_id, substr($key, 1), 'plain'); } $msg = str_replace('{name}', $screen_name, $msg); $msg_alt = str_replace('{name}', $screen_name, $msg_alt); $email->message($msg, $msg_alt); $error = FALSE; if (!$email->Send()) { $error = TRUE; } $debug_msg = $this->debug_message($email->debug_msg); if ($error == TRUE) { // Let's adjust the recipient array up to this point reset($recipient_array); $recipient_array = addslashes(serialize(array_slice($recipient_array, $i))); $n = $total_sent + $i; $DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '{$recipient_array}' WHERE cache_id = '" . $DB->escape_str($id) . "'"); return $DSP->error_message($LANG->line('error_sending_email') . $debug_msg, 0); } $i++; } $n = $total_sent + $i; /** ------------------------ /** More batches to do... /** ------------------------*/ if ($finished == FALSE) { reset($recipient_array); $recipient_array = addslashes(serialize(array_slice($recipient_array, $i))); $DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '{$recipient_array}' WHERE cache_id = '" . $DB->escape_str($id) . "'"); $DSP->refresh = BASE . AMP . 'C=communicate' . AMP . 'M=batch_send' . AMP . 'id=' . $id; $DSP->ref_rate = 4; $r = $DSP->heading(BR . $LANG->line('sending_email')); $stats = str_replace("%x", $total_sent + 1, $LANG->line('currently_sending_batch')); $stats = str_replace("%y", $n, $stats); $r .= $DSP->qdiv('itemWrapper', $stats); $remaining = $total - $batch; $r .= $DSP->qdiv('itemWrapper', $LANG->line('emails_remaining') . NBS . NBS . $remaining); $r .= $DSP->qdiv('', $DSP->qdiv('alert', $LANG->line('batchmode_warning'))); } else { $DB->query("UPDATE exp_email_cache SET total_sent = '{$n}', recipient_array = '' WHERE cache_id = '" . $DB->escape_str($id) . "'"); $r = $DSP->heading(BR . $LANG->line('email_sent')); $r .= $DSP->qdiv('success', $LANG->line('all_email_sent_message')); $total = $total_sent + $batch; $r .= $DSP->qdiv('itemWrapper', $LANG->line('total_emails_sent') . NBS . NBS . $total); } $DSP->body = $r; }
/** --------------------------------------- /** Reset password /** ---------------------------------------*/ function reset_password() { global $LANG, $PREFS, $FNS, $DSP, $IN, $DB; if (!($id = $IN->GBL('id', 'GET'))) { return $this->login_form(); } $time = time() - 60 * 60 * 24; // Get the member ID from the reset_password field $query = $DB->query("SELECT member_id FROM exp_reset_password WHERE resetcode ='{$id}' and date > {$time}"); if ($query->num_rows == 0) { return $this->login_form(); } $member_id = $query->row['member_id']; // Fetch the user data $query = $DB->query("SELECT username, email FROM exp_members WHERE member_id ='{$member_id}'"); if ($query->num_rows == 0) { return $this->login_form(); } $address = $query->row['email']; $username = $query->row['username']; $rand = $FNS->random('alpha', 8); // Update member's password $DB->query("UPDATE exp_members SET password = '******' WHERE member_id = '" . $DB->escape_str($member_id) . "'"); // Kill old data from the reset_password field $DB->query("DELETE FROM exp_reset_password WHERE date < {$time} OR member_id = '" . $DB->escape_str($member_id) . "'"); // Buid the email message $message = $username . "," . $DSP->nl(2) . $LANG->line('new_login_info') . $DSP->nl(2) . $LANG->line('username') . ': ' . $username . $DSP->nl(1) . $LANG->line('password') . ': ' . $rand; // Instantiate the email class require PATH_CORE . 'core.email' . EXT; $email = new EEmail(); $email->wordwrap = true; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($address); $email->subject($LANG->line('your_new_login_info')); $email->message($message); if (!$email->Send()) { $res = $LANG->line('error_sending_email'); } else { $res = $LANG->line('password_has_been_reset'); } $return = $DSP->div('loginBox') . $DSP->div('default') . $DSP->br(4) . $res . $DSP->br(5) . $DSP->anchor(BASE, $LANG->line('return_to_login')) . $DSP->br(5) . $DSP->div_c() . $DSP->div_c(); $DSP->set_return_data($LANG->line('forgotten_password'), $return); }
/** * Send Notification * * This is the function that ultimately sends all notifications. * * @see http://expressionengine.com/developers/extension_hooks/delete_entries_loop/ * @since version 1.0.0 */ function send_notification($action, $data) { global $PREFS, $FNS, $DB, $SESS, $REGX; $query = $DB->query("SELECT blog_title, blog_url, weblog_notify, weblog_notify_emails\n\t\t FROM exp_weblogs\n\t\t WHERE weblog_id = '" . $data['weblog_id'] . "'"); $weblog_name = $REGX->ascii_to_entities($query->row['blog_title']); $weblog_url = $query->row['blog_url']; $notify_address = ($query->row['weblog_notify'] == ($action == 'deleted' ? 'y' : 'o') and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : ''; // If the 'skip_self' setting is selected, // remove the current user's e-mail address from the list if ($this->settings['skip_self'] == 'y') { if (eregi($SESS->userdata('email'), $notify_address)) { $notify_address = str_replace($SESS->userdata('email'), '', $notify_address); } } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { $swap = array('action' => $action, 'weblog_url' => $weblog_url, 'url_title' => $data['url_title'], 'url' => ($weblog_url and $data['url_title']) ? $FNS->remove_double_slashes($weblog_url . '/' . $data['url_title'] . '/') : '', 'name' => $SESS->userdata('screen_name'), 'email' => $SESS->userdata('email'), 'entry_id' => $data['entry_id'], 'entry_title' => $data['title'], 'entry_status' => $data['status'], 'weblog_id' => $data['weblog_id'], 'weblog_name' => $weblog_name); $email_tit = $FNS->var_swap($this->settings['email_tit_template'], $swap); $email_msg = $FNS->var_swap($this->settings['email_msg_template'], $swap); if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } }
/** ----------------------------------------- /** USAGE: Submit New Post. /** -----------------------------------------*/ function newPost($plist) { global $DB, $LANG, $FNS, $LOC, $PREFS, $REGX, $IN, $STAT; $parameters = $plist->output_parameters(); if (!$this->fetch_member_data($parameters['1'], $parameters['2'])) { return new XML_RPC_Response('0', '802', $LANG->line('invalid_access')); } /** --------------------------------------- /** Parse Out Weblog Information /** ---------------------------------------*/ $this->parse_weblog($parameters['0']); if ($this->entry_status != '' && $this->entry_status != 'null') { $this->status = $this->entry_status; } else { $this->status = $parameters['4'] == '0' ? 'closed' : 'open'; } /** --------------------------------------- /** Default Weblog Data for weblog_id /** ---------------------------------------*/ $query = $DB->query("SELECT deft_comments, deft_trackbacks, cat_group, deft_category,\n \t\t\t\t\t\t blog_title, blog_url, tb_return_url, trackback_field, trackback_system_enabled,\n \t\t\t\t\t\t weblog_notify_emails, weblog_notify, comment_url\n \t\t\t\t\t\t FROM exp_weblogs \n \t\t\t\t\t\t WHERE weblog_id = '{$this->weblog_id}'"); if ($query->num_rows == 0) { return new XML_RPC_Response('0', '804', $LANG->line('invalid_weblog')); } foreach ($query->row as $key => $value) { ${$key} = $value; } $notify_address = ($query->row['weblog_notify'] == 'y' and $query->row['weblog_notify_emails'] != '') ? $query->row['weblog_notify_emails'] : ''; /** --------------------------------------- /** Parse Data Struct /** ---------------------------------------*/ $this->title = $parameters['3']['title']; $ping_urls = !isset($parameters['3']['mt_tb_ping_urls']) ? '' : implode("\n", $parameters['3']['mt_tb_ping_urls']); $this->field_data['excerpt'] = !isset($parameters['3']['mt_excerpt']) ? '' : $parameters['3']['mt_excerpt']; $this->field_data['content'] = !isset($parameters['3']['description']) ? '' : $parameters['3']['description']; $this->field_data['more'] = !isset($parameters['3']['mt_text_more']) ? '' : $parameters['3']['mt_text_more']; $this->field_data['keywords'] = !isset($parameters['3']['mt_keywords']) ? '' : $parameters['3']['mt_keywords']; if (isset($parameters['3']['mt_allow_comments'])) { $deft_comments = $parameters['3']['mt_allow_comments'] == 1 ? 'y' : 'n'; } if (isset($parameters['3']['mt_allow_pings'])) { $deft_trackbacks = $parameters['3']['mt_allow_pings'] == 1 ? 'y' : 'n'; } if (isset($parameters['3']['categories']) && sizeof($parameters['3']['categories']) > 0) { $cats = array(); foreach ($parameters['3']['categories'] as $cat) { if (trim($cat) != '') { $cats[] = $cat; } } if (sizeof($cats) == 0 && !empty($deft_category)) { $cats = array($deft_category); } if (sizeof($cats) > 0) { $this->check_categories(array_unique($cats)); } } elseif (!empty($deft_category)) { $this->check_categories(array($deft_category)); } if (!empty($parameters['3']['dateCreated'])) { $entry_date = $this->iso8601_decode($parameters['3']['dateCreated']); } else { $entry_date = $LOC->now; } /** --------------------------------------- /** URL Title Unique? /** ---------------------------------------*/ $url_title = $REGX->create_url_title($this->title, TRUE); $sql = "SELECT count(*) AS count \n\t\t\t\tFROM exp_weblog_titles \n\t\t\t\tWHERE url_title = '" . $DB->escape_str($url_title) . "' \n\t\t\t\tAND weblog_id = '{$this->weblog_id}'"; $results = $DB->query($sql); // Already have default title if ($results->row['count'] > 0) { // Give it a moblog title $inbetween = $PREFS->ini('word_separator') == 'dash' ? '-' : '_'; $url_title .= $inbetween . 'api'; /** --------------------------------------- /** Multiple Title Find /** ---------------------------------------*/ $sql = "SELECT count(*) AS count \n\t\t\t\t\tFROM exp_weblog_titles \n\t\t\t\t\tWHERE url_title LIKE '" . $DB->escape_like_str($url_title) . "%' \n\t\t\t\t\tAND weblog_id = '{$this->weblog_id}'"; $results = $DB->query($sql); $url_title .= $results->row['count'] + 1; } /** --------------------------------- /** Build our query string /** --------------------------------*/ $metadata = array('entry_id' => '', 'weblog_id' => $this->weblog_id, 'author_id' => $this->userdata['member_id'], 'title' => $this->title, 'url_title' => $url_title, 'ip_address' => $IN->IP, 'entry_date' => $entry_date, 'edit_date' => gmdate("YmdHis", $entry_date), 'year' => gmdate('Y', $entry_date), 'month' => gmdate('m', $entry_date), 'day' => gmdate('d', $entry_date), 'status' => $this->status, 'allow_comments' => $deft_comments, 'allow_trackbacks' => $deft_trackbacks); /** --------------------------------------- /** Parse Weblog Field Data /** ---------------------------------------*/ $entry_data = array('weblog_id' => $this->weblog_id); // Default formatting for all of the weblog's fields... foreach ($this->fields as $field_id => $field_data) { $entry_data['field_ft_' . $field_id] = $field_data['1']; } $convert_breaks = !isset($parameters['3']['mt_convert_breaks']) ? '' : $parameters['3']['mt_convert_breaks']; if ($convert_breaks != '') { $plugins = $this->fetch_plugins(); if (!in_array($convert_breaks, $plugins)) { $convert_breaks = ''; } } if (isset($this->fields[$this->excerpt_field])) { if (isset($entry_data['field_id_' . $this->excerpt_field])) { $entry_data['field_id_' . $this->excerpt_field] .= $this->field_data['excerpt']; } else { $entry_data['field_id_' . $this->excerpt_field] = $this->field_data['excerpt']; } $entry_data['field_ft_' . $this->excerpt_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->excerpt_field]['1']; } if (isset($this->fields[$this->content_field])) { if (isset($entry_data['field_id_' . $this->content_field])) { $entry_data['field_id_' . $this->content_field] .= $this->field_data['content']; } else { $entry_data['field_id_' . $this->content_field] = $this->field_data['content']; } $entry_data['field_ft_' . $this->content_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->content_field]['1']; } if (isset($this->fields[$this->more_field])) { if (isset($entry_data['field_id_' . $this->more_field])) { $entry_data['field_id_' . $this->more_field] .= $this->field_data['more']; } else { $entry_data['field_id_' . $this->more_field] = $this->field_data['more']; } $entry_data['field_ft_' . $this->more_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->more_field]['1']; } if (isset($this->fields[$this->keywords_field])) { if (isset($entry_data['field_id_' . $this->keywords_field])) { $entry_data['field_id_' . $this->keywords_field] .= $this->field_data['keywords']; } else { $entry_data['field_id_' . $this->keywords_field] = $this->field_data['keywords']; } $entry_data['field_ft_' . $this->keywords_field] = $convert_breaks != '' ? $convert_breaks : $this->fields[$this->keywords_field]['1']; } /** --------------------------------- /** DST Setting /** ---------------------------------*/ if ($PREFS->ini('honor_entry_dst') == 'y') { $metadata['dst_enabled'] = $PREFS->ini('daylight_savings') == 'y' ? 'y' : 'n'; } /** --------------------------------- /** Insert the entry data /** ---------------------------------*/ $metadata['site_id'] = $this->site_id; $DB->query($DB->insert_string('exp_weblog_titles', $metadata)); $entry_data['entry_id'] = $DB->insert_id; $entry_data['site_id'] = $this->site_id; $DB->query($DB->insert_string('exp_weblog_data', $entry_data)); /** --------------------------------- /** Insert Categories, if any /** ---------------------------------*/ if (sizeof($this->categories) > 0) { foreach ($this->categories as $catid => $cat_name) { $DB->query("INSERT INTO exp_category_posts \n \t\t\t\t\t(entry_id, cat_id) \n \t\t\t\t\tVALUES \n \t\t\t\t\t('" . $entry_data['entry_id'] . "', '{$catid}')"); } } /** ------------------------------------ /** Send Pings - So Many Conditions... /** ------------------------------------*/ if (trim($ping_urls) != '' && $trackback_system_enabled == 'y' && isset($entry_data['field_id_' . $trackback_field]) && $entry_data['field_id_' . $trackback_field] != '' && $metadata['status'] != 'closed' && $entry_date < $LOC->now + 90) { $entry_link = $REGX->prep_query_string($tb_return_url == '' ? $blog_url : $tb_return_url); $entry_link = $FNS->remove_double_slashes($entry_link . '/' . $metadata['url_title'] . '/'); $tb_data = array('entry_id' => $entry_data['entry_id'], 'entry_link' => $FNS->remove_double_slashes($entry_link), 'entry_title' => $metadata['title'], 'entry_content' => $entry_data['field_id_' . $trackback_field], 'tb_format' => $entry_data['field_ft_' . $trackback_field], 'weblog_name' => $blog_title, 'trackback_url' => str_replace("\n", ',', $ping_urls)); require PATH_MOD . 'trackback/mcp.trackback' . EXT; $TB = new Trackback_CP(); $tb_res = $TB->send_trackback($tb_data); /** --------------------------------------- /** Update the "sent_trackbacks" field /** ---------------------------------------*/ // Fetch the URLs that were sent successfully and update the DB if (count($tb_res['0']) > 0) { foreach ($tb_res['0'] as $val) { $sent_trackbacks .= $val . "\n"; } $DB->query("UPDATE exp_weblog_titles SET sent_trackbacks = '{$sent_trackbacks}' WHERE entry_id = '" . $entry_data['entry_id'] . "'"); } $tb_errors = count($tb_res['1']) > 0 ? TRUE : FALSE; } /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $swap = array('name' => $this->userdata['screen_name'], 'email' => $this->userdata['email'], 'weblog_name' => $blog_title, 'entry_title' => $metadata['title'], 'entry_url' => $FNS->remove_double_slashes($blog_url . '/' . $metadata['url_title'] . '/'), 'comment_url' => $FNS->remove_double_slashes($comment_url . '/' . $metadata['url_title'] . '/')); $template = $FNS->fetch_email_template('admin_notify_entry'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); // We don't want to send a notification if the person // leaving the entry is in the notification list $notify_address = str_replace($this->userdata['email'], "", $notify_address); $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } /** --------------------------------- /** Clear caches if needed /** ---------------------------------*/ if ($PREFS->ini('new_posts_clear_caches') == 'y') { $FNS->clear_caching('all'); } else { $FNS->clear_caching('sql'); } /** --------------------------------- /** Update Those Sexy Stats, Baby! /** ---------------------------------*/ $STAT->update_weblog_stats($this->weblog_id); $query = $DB->query("SELECT total_entries FROM exp_members WHERE member_id = '" . $this->userdata['member_id'] . "'"); $total_entries = $query->row['total_entries'] + 1; $DB->query("UPDATE exp_members set total_entries = '{$total_entries}', last_entry_date = '{$entry_date}' WHERE member_id = '" . $this->userdata['member_id'] . "'"); /** --------------------------------- /** Return Entry ID of new entry /** ---------------------------------*/ return new XML_RPC_Response(new XML_RPC_Values($entry_data['entry_id'], 'string')); }
/** --------------------------------- /** Validate/Delete Selected Members /** ---------------------------------*/ function validate_members() { global $IN, $DSP, $DB, $LANG, $PREFS, $REGX, $FNS, $EXT, $STAT; if (!$DSP->allowed_group('can_admin_members')) { return $DSP->no_access_message(); } if (!$DSP->allowed_group('can_delete_members')) { if ($_POST['action'] == 'delete') { return $DSP->no_access_message(); } } if (!$IN->GBL('toggle', 'POST')) { return $this->member_validation(); } $send_email = isset($_POST['send_notification']) ? TRUE : FALSE; if ($send_email == TRUE) { if ($_POST['action'] == 'activate') { $template = $FNS->fetch_email_template('validated_member_notify'); } else { $template = $FNS->fetch_email_template('decline_member_validation'); } require PATH_CORE . 'core.email' . EXT; $email = new EEmail(); $email->wordwrap = true; } $group_id = $PREFS->ini('default_member_group'); foreach ($_POST as $key => $val) { if (strstr($key, 'toggle') and !is_array($val)) { if ($send_email == TRUE) { $query = $DB->query("SELECT username, screen_name, email FROM exp_members WHERE member_id = '{$val}'"); if ($query->num_rows == 1 and $query->row['email'] != "") { $swap = array('name' => $query->row['screen_name'] != '' ? $query->row['screen_name'] : $query->row['username'], 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url')); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($query->row['email']); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } if (isset($_POST['action']) && $_POST['action'] == 'activate') { $DB->query("UPDATE exp_members SET group_id = '{$group_id}' WHERE member_id = '" . $DB->escape_str($val) . "'"); } else { $DB->query("DELETE FROM exp_members WHERE member_id = '{$val}'"); $DB->query("DELETE FROM exp_member_data WHERE member_id = '{$val}'"); $DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$val}'"); $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$val}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$val}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$val}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$val}'"); if ($message_query->num_rows > 0) { foreach ($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '" . $row['recipient_id'] . "' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '" . $row['recipient_id'] . "'")); } } } } } $STAT->update_member_stats(); // ------------------------------------------- // 'cp_members_validate_members' hook. // - Additional processing when member(s) are validated in the CP // - Added 1.5.2, 2006-12-28 // $edata = $EXT->call_extension('cp_members_validate_members'); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- $title = $LANG->line('member_validation'); $DSP->title = $title; $DSP->crumb = $DSP->anchor(BASE . AMP . 'C=admin' . AMP . 'area=members_and_groups', $LANG->line('members_and_groups')) . $DSP->crumb_item($title); $DSP->body = $DSP->qdiv('tableHeading', $title); $msg = $_POST['action'] == 'activate' ? $LANG->line('members_are_validated') : $LANG->line('members_are_deleted'); $DSP->body .= $DSP->qdiv('box', $msg); }
private function _notify_admin($email, $subject, $body) { if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($email); $email->subject($subject); $email->message($REGX->entities_to_ascii($body)); $email->Send(); }
/** ------------------------------------- /** Member self-delete /** -------------------------------------*/ function member_delete() { global $DB, $FNS, $IN, $LANG, $OUT, $PREFS, $REGX, $SESS, $STAT; /** ------------------------------------- /** Make sure they got here via a form /** -------------------------------------*/ if ( ! $IN->GBL('ACT', 'POST')) { // No output for you, Mr. URL Hax0r return FALSE; } $LANG->fetch_language_file('login'); /* ------------------------------------- /* No sneakiness - we'll do this in case the site administrator /* has foolishly turned off secure forms and some monkey is /* trying to delete their account from an off-site form or /* after logging out. /* -------------------------------------*/ if ($SESS->userdata['member_id'] == 0 OR $SESS->userdata['can_delete_self'] !== 'y') { return $OUT->show_user_error('general', $LANG->line('not_authorized')); } /** ------------------------------------- /** If the user is a SuperAdmin, then no deletion /** -------------------------------------*/ if ($SESS->userdata['group_id'] == 1) { return $OUT->show_user_error('general', $LANG->line('cannot_delete_super_admin')); } /** ---------------------------------------- /** Is IP and User Agent required for login? Then, same here. /** ----------------------------------------*/ if ($PREFS->ini('require_ip_for_login') == 'y') { if ($SESS->userdata['ip_address'] == '' || $SESS->userdata['user_agent'] == '') { return $OUT->show_user_error('general', $LANG->line('unauthorized_request')); } } /** ---------------------------------------- /** Check password lockout status /** ----------------------------------------*/ if ($SESS->check_password_lockout() === TRUE) { return $OUT->show_user_error('general', str_replace("%x", $PREFS->ini('password_lockout_interval'), $LANG->line('password_lockout_in_effect'))); } /* ------------------------------------- /* Are you who you say you are, or someone sitting at someone /* else's computer being mean?! /* -------------------------------------*/ $query = $DB->query("SELECT password FROM exp_members WHERE member_id = '".$SESS->userdata['member_id']."'"); $password = $FNS->hash(stripslashes($IN->GBL('password', 'POST'))); if ($query->row['password'] != $password) { $SESS->save_password_lockout(); return $OUT->show_user_error('general', $LANG->line('invalid_pw')); } /** ------------------------------------- /** No turning back, get to deletin'! /** -------------------------------------*/ $id = $SESS->userdata['member_id']; $DB->query("DELETE FROM exp_members WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_data WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_member_homepage WHERE member_id = '{$id}'"); $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '{$id}' AND message_read = 'n'"); $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_data WHERE sender_id = '{$id}'"); $DB->query("DELETE FROM exp_message_folders WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_message_listed WHERE member_id = '{$id}'"); if ($message_query->num_rows > 0) { foreach($message_query->result as $row) { $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'"); $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'")); } } /** ------------------------------------- /** Delete Forum Posts /** -------------------------------------*/ if ($PREFS->ini('forum_is_installed') == "y") { $DB->query("DELETE FROM exp_forum_subscriptions WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_pollvotes WHERE member_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_topics WHERE author_id = '{$id}'"); // Snag the affected topic id's before deleting the member for the update afterwards $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { $topic_ids = array(); foreach ($query->result as $row) { $topic_ids[] = $row['topic_id']; } $topic_ids = array_unique($topic_ids); } $DB->query("DELETE FROM exp_forum_posts WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_forum_polls WHERE author_id = '{$id}'"); // Update the forum stats $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'"); if ( ! class_exists('Forum')) { require PATH_MOD.'forum/mod.forum'.EXT; require PATH_MOD.'forum/mod.forum_core'.EXT; } $FRM = new Forum_Core; foreach ($query->result as $row) { $FRM->_update_post_stats($row['forum_id']); } if (isset($topic_ids)) { foreach ($topic_ids as $topic_id) { $FRM->_update_topic_stats($topic_id); } } } /** ------------------------------------- /** Va-poo-rize Weblog Entries and Comments /** -------------------------------------*/ $entry_ids = array(); $weblog_ids = array(); $recount_ids = array(); // Find Entry IDs and Weblog IDs, then delete $query = $DB->query("SELECT entry_id, weblog_id FROM exp_weblog_titles WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $entry_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $DB->query("DELETE FROM exp_weblog_titles WHERE author_id = '{$id}'"); $DB->query("DELETE FROM exp_weblog_data WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_comments WHERE entry_id IN ('".implode("','", $entry_ids)."')"); $DB->query("DELETE FROM exp_trackbacks WHERE entry_id IN ('".implode("','", $entry_ids)."')"); } // Find the affected entries AND weblog ids for author's comments $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE author_id = '{$id}'"); if ($query->num_rows > 0) { foreach ($query->result as $row) { $recount_ids[] = $row['entry_id']; $weblog_ids[] = $row['weblog_id']; } $recount_ids = array_diff($recount_ids, $entry_ids); } // Delete comments by member $DB->query("DELETE FROM exp_comments WHERE author_id = '{$id}'"); // Update stats on weblog entries that were NOT deleted AND had comments by author if (count($recount_ids) > 0) { foreach (array_unique($recount_ids) as $entry_id) { $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($entry_id)."'"); $comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$entry_id}' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date' WHERE entry_id = '{$entry_id}'"); } } if (count($weblog_ids) > 0) { foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_weblog_stats($weblog_id); $STAT->update_comment_stats($weblog_id); } } /** ------------------------------------- /** Email notification recipients /** -------------------------------------*/ if ($SESS->userdata['mbr_delete_notify_emails'] != '') { $notify_address = $SESS->userdata['mbr_delete_notify_emails']; $swap = array( 'name' => $SESS->userdata['screen_name'], 'email' => $SESS->userdata['email'], 'site_name' => stripslashes($PREFS->ini('site_name')) ); $email_tit = $FNS->var_swap($LANG->line('mbr_delete_notify_title'), $swap); $email_msg = $FNS->var_swap($LANG->line('mbr_delete_notify_message'), $swap); // No notification for the user themselves, if they're in the list if (eregi($SESS->userdata('email'), $notify_address)) { $notify_address = str_replace($SESS->userdata['email'], "", $notify_address); } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; foreach (explode(',', $notify_address) as $addy) { $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); } } } /** ------------------------------------- /** Trash the Session and cookies /** -------------------------------------*/ $DB->query("DELETE FROM exp_online_users WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' AND ip_address = '{$IN->IP}' AND member_id = '{$id}'"); $DB->query("DELETE FROM exp_sessions WHERE session_id = '".$SESS->userdata['session_id']."'"); $FNS->set_cookie($SESS->c_uniqueid); $FNS->set_cookie($SESS->c_password); $FNS->set_cookie($SESS->c_session); $FNS->set_cookie($SESS->c_expire); $FNS->set_cookie($SESS->c_anon); $FNS->set_cookie('read_topics'); $FNS->set_cookie('tracker'); /** ------------------------------------- /** Update global member stats /** -------------------------------------*/ $STAT->update_member_stats(); /** ------------------------------------- /** Build Success Message /** -------------------------------------*/ $url = $PREFS->ini('site_url'); $name = stripslashes($PREFS->ini('site_name')); $data = array( 'title' => $LANG->line('mbr_delete'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('mbr_account_deleted'), 'redirect' => '', 'link' => array($url, $name) ); $OUT->show_message($data); }
/** ---------------------------------------- /** Insert new comment /** ----------------------------------------*/ function insert_new_comment() { global $IN, $SESS, $PREFS, $DB, $FNS, $OUT, $LANG, $REGX, $LOC, $STAT, $EXT; $default = array('name', 'email', 'url', 'comment', 'location', 'entry_id'); foreach ($default as $val) { if (!isset($_POST[$val])) { $_POST[$val] = ''; } } // No entry ID? What the heck are they doing? if (!is_numeric($_POST['entry_id'])) { return false; } // If the comment is empty, bounce them back if ($_POST['comment'] == '') { if (!isset($_POST['RET']) or $_POST['RET'] == '') { return false; } $FNS->redirect($_POST['RET']); } /** ---------------------------------------- /** Fetch the comment language pack /** ----------------------------------------*/ $LANG->fetch_language_file('comment'); /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] == TRUE) { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } /** ---------------------------------------- /** Is the IP address and User Agent required? /** ----------------------------------------*/ if ($PREFS->ini('require_ip_for_posting') == 'y') { if ($IN->IP == '0.0.0.0' || $SESS->userdata['user_agent'] == "") { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } } /** ---------------------------------------- /** Is the nation of the user banend? /** ----------------------------------------*/ $SESS->nation_ban_check(); /** ---------------------------------------- /** Can the user post comments? /** ----------------------------------------*/ if ($SESS->userdata['can_post_comments'] == 'n') { $error[] = $LANG->line('cmt_no_authorized_for_comments'); return $OUT->show_user_error('general', $error); } /** ---------------------------------------- /** Blacklist/Whitelist Check /** ----------------------------------------*/ if ($IN->blacklisted == 'y' && $IN->whitelisted == 'n') { return $OUT->show_user_error('general', array($LANG->line('not_authorized'))); } /** ---------------------------------------- /** Is this a preview request? /** ----------------------------------------*/ if (isset($_POST['preview'])) { return $this->preview_handler(); } // ------------------------------------------- // 'insert_comment_start' hook. // - Allows complete rewrite of comment submission routine. // - Or could be used to modify the POST data before processing // $edata = $EXT->call_extension('insert_comment_start'); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- /** ---------------------------------------- /** Fetch weblog preferences /** ----------------------------------------*/ $sql = "SELECT exp_weblog_titles.title, \n exp_weblog_titles.url_title,\n exp_weblog_titles.weblog_id,\n exp_weblog_titles.author_id,\n exp_weblog_titles.comment_total,\n exp_weblog_titles.allow_comments,\n exp_weblog_titles.entry_date,\n exp_weblog_titles.comment_expiration_date,\n exp_weblogs.blog_title,\n exp_weblogs.comment_system_enabled,\n exp_weblogs.comment_max_chars,\n exp_weblogs.comment_use_captcha,\n exp_weblogs.comment_timelock,\n exp_weblogs.comment_require_membership,\n exp_weblogs.comment_moderate,\n exp_weblogs.comment_require_email,\n exp_weblogs.comment_notify,\n exp_weblogs.comment_notify_authors,\n exp_weblogs.comment_notify_emails,\n exp_weblogs.comment_expiration\n FROM exp_weblog_titles, exp_weblogs\n WHERE exp_weblog_titles.weblog_id = exp_weblogs.weblog_id\n AND exp_weblog_titles.entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'\n\t\t\t\tAND exp_weblog_titles.status != 'closed' "; // ------------------------------------------- // 'insert_comment_preferences_sql' hook. // - Rewrite or add to the comment preference sql query // - Could be handy for comment/weblog restrictions // if ($EXT->active_hook('insert_comment_preferences_sql') === TRUE) { $sql = $EXT->call_extension('insert_comment_preferences_sql', $sql); if ($EXT->end_script === TRUE) { return $edata; } } // // ------------------------------------------- $query = $DB->query($sql); unset($sql); if ($query->num_rows == 0) { return false; } /** ---------------------------------------- /** Are comments allowed? /** ----------------------------------------*/ if ($query->row['allow_comments'] == 'n' || $query->row['comment_system_enabled'] == 'n') { return $OUT->show_user_error('submission', $LANG->line('cmt_comments_not_allowed')); } /** ---------------------------------------- /** Has commenting expired? /** ----------------------------------------*/ if ($this->comment_expiration_mode == 0) { if ($query->row['comment_expiration_date'] > 0) { if ($LOC->now > $query->row['comment_expiration_date']) { return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired')); } } } else { if ($query->row['comment_expiration'] > 0) { $days = $query->row['entry_date'] + $query->row['comment_expiration'] * 86400; if ($LOC->now > $days) { return $OUT->show_user_error('submission', $LANG->line('cmt_commenting_has_expired')); } } } /** ---------------------------------------- /** Is there a comment timelock? /** ----------------------------------------*/ if ($query->row['comment_timelock'] != '' and $query->row['comment_timelock'] > 0) { if ($SESS->userdata['group_id'] != 1) { $time = $LOC->now - $query->row['comment_timelock']; $result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment_date > '{$time}' AND ip_address = '{$IN->IP}' "); if ($result->row['count'] > 0) { return $OUT->show_user_error('submission', str_replace("%s", $query->row['comment_timelock'], $LANG->line('cmt_comments_timelock'))); } } } /** ---------------------------------------- /** Do we allow duplicate data? /** ----------------------------------------*/ if ($PREFS->ini('deny_duplicate_data') == 'y') { if ($SESS->userdata['group_id'] != 1) { $result = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE comment = '" . $DB->escape_str($_POST['comment']) . "' "); if ($result->row['count'] > 0) { return $OUT->show_user_error('submission', $LANG->line('cmt_duplicate_comment_warning')); } } } /** ---------------------------------------- /** Assign data /** ----------------------------------------*/ $author_id = $query->row['author_id']; $entry_title = $query->row['title']; $url_title = $query->row['url_title']; $blog_title = $query->row['blog_title']; $weblog_id = $query->row['weblog_id']; $comment_total = $query->row['comment_total'] + 1; $require_membership = $query->row['comment_require_membership']; $comment_moderate = ($SESS->userdata['group_id'] == 1 or $SESS->userdata['exclude_from_moderation'] == 'y') ? 'n' : $query->row['comment_moderate']; $author_notify = $query->row['comment_notify_authors']; $notify_address = ($query->row['comment_notify'] == 'y' and $query->row['comment_notify_emails'] != '') ? $query->row['comment_notify_emails'] : ''; /** ---------------------------------------- /** Start error trapping /** ----------------------------------------*/ $error = array(); if ($SESS->userdata('member_id') != 0) { // If the user is logged in we'll reassign the POST variables with the user data $_POST['name'] = $SESS->userdata['screen_name'] != '' ? $SESS->userdata['screen_name'] : $SESS->userdata['username']; $_POST['email'] = $SESS->userdata['email']; $_POST['url'] = $SESS->userdata['url']; $_POST['location'] = $SESS->userdata['location']; } /** ---------------------------------------- /** Is membership is required to post... /** ----------------------------------------*/ if ($require_membership == 'y') { // Not logged in if ($SESS->userdata('member_id') == 0) { return $OUT->show_user_error('submission', $LANG->line('cmt_must_be_member')); } // Membership is pending if ($SESS->userdata['group_id'] == 4) { return $OUT->show_user_error('general', $LANG->line('cmt_account_not_active')); } } else { /** ---------------------------------------- /** Missing name? /** ----------------------------------------*/ if ($_POST['name'] == '') { $error[] = $LANG->line('cmt_missing_name'); } /** ------------------------------------- /** Is name banned? /** -------------------------------------*/ if ($SESS->ban_check('screen_name', $_POST['name'])) { $error[] = $LANG->line('cmt_name_not_allowed'); } /** ---------------------------------------- /** Missing or invalid email address /** ----------------------------------------*/ if ($query->row['comment_require_email'] == 'y') { if ($_POST['email'] == '') { $error[] = $LANG->line('cmt_missing_email'); } elseif (!$REGX->valid_email($_POST['email'])) { $error[] = $LANG->line('cmt_invalid_email'); } } } /** ------------------------------------- /** Is email banned? /** -------------------------------------*/ if ($_POST['email'] != '') { if ($SESS->ban_check('email', $_POST['email'])) { $error[] = $LANG->line('cmt_banned_email'); } } /** ---------------------------------------- /** Is comment too big? /** ----------------------------------------*/ if ($query->row['comment_max_chars'] != '' and $query->row['comment_max_chars'] != 0) { if (strlen($_POST['comment']) > $query->row['comment_max_chars']) { $str = str_replace("%n", strlen($_POST['comment']), $LANG->line('cmt_too_large')); $str = str_replace("%x", $query->row['comment_max_chars'], $str); $error[] = $str; } } /** ---------------------------------------- /** Do we have errors to display? /** ----------------------------------------*/ if (count($error) > 0) { return $OUT->show_user_error('submission', $error); } /** ---------------------------------------- /** Do we require captcha? /** ----------------------------------------*/ if ($query->row['comment_use_captcha'] == 'y') { if ($PREFS->ini('captcha_require_members') == 'y' || ($PREFS->ini('captcha_require_members') == 'n' and $SESS->userdata('member_id') == 0)) { if (!isset($_POST['captcha']) || $_POST['captcha'] == '') { return $OUT->show_user_error('submission', $LANG->line('captcha_required')); } else { $res = $DB->query("SELECT COUNT(*) AS count FROM exp_captcha WHERE word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200"); if ($res->row['count'] == 0) { return $OUT->show_user_error('submission', $LANG->line('captcha_incorrect')); } $DB->query("DELETE FROM exp_captcha WHERE (word='" . $DB->escape_str($_POST['captcha']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200"); } } } /** ---------------------------------------- /** Build the data array /** ----------------------------------------*/ $notify = $IN->GBL('notify_me', 'POST') ? 'y' : 'n'; $cmtr_name = $REGX->xss_clean($_POST['name']); $cmtr_email = $_POST['email']; $cmtr_url = $REGX->xss_clean($REGX->prep_url($_POST['url'])); $cmtr_loc = $REGX->xss_clean($_POST['location']); $data = array('weblog_id' => $weblog_id, 'entry_id' => $_POST['entry_id'], 'author_id' => $SESS->userdata('member_id'), 'name' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'comment' => $REGX->xss_clean($_POST['comment']), 'comment_date' => $LOC->now, 'ip_address' => $IN->IP, 'notify' => $notify, 'status' => $comment_moderate == 'y' ? 'c' : 'o', 'site_id' => $PREFS->ini('site_id')); // ------------------------------------------- // 'insert_comment_insert_array' hook. // - Modify any of the soon to be inserted values // if ($EXT->active_hook('insert_comment_insert_array') === TRUE) { $data = $EXT->call_extension('insert_comment_insert_array', $data); if ($EXT->end_script === TRUE) { return $edata; } } // // ------------------------------------------- /** ---------------------------------------- /** Insert data /** ----------------------------------------*/ if ($PREFS->ini('secure_forms') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row['count'] > 0) { $sql = $DB->insert_string('exp_comments', $data); $DB->query($sql); $comment_id = $DB->insert_id; $DB->query("DELETE FROM exp_security_hashes WHERE (hash='" . $DB->escape_str($_POST['XID']) . "' AND ip_address = '" . $IN->IP . "') OR date < UNIX_TIMESTAMP()-7200"); } else { $FNS->redirect(stripslashes($_POST['RET'])); } } else { $sql = $DB->insert_string('exp_comments', $data); $DB->query($sql); $comment_id = $DB->insert_id; } if ($comment_moderate == 'n') { /** ------------------------------------------------ /** Update comment total and "recent comment" date /** ------------------------------------------------*/ $DB->query("UPDATE exp_weblog_titles SET comment_total = '{$comment_total}', recent_comment_date = '" . $LOC->now . "' WHERE entry_id = '" . $DB->escape_str($_POST['entry_id']) . "'"); /** ---------------------------------------- /** Update member comment total and date /** ----------------------------------------*/ if ($SESS->userdata('member_id') != 0) { $query = $DB->query("SELECT total_comments FROM exp_members WHERE member_id = '" . $SESS->userdata('member_id') . "'"); $DB->query("UPDATE exp_members SET total_comments = '" . ($query->row['total_comments'] + 1) . "', last_comment_date = '" . $LOC->now . "' WHERE member_id = '" . $SESS->userdata('member_id') . "'"); } /** ---------------------------------------- /** Update comment stats /** ----------------------------------------*/ $STAT->update_comment_stats($weblog_id, $LOC->now); /** ---------------------------------------- /** Fetch email notification addresses /** ----------------------------------------*/ $query = $DB->query("SELECT DISTINCT(email), name, comment_id, author_id FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($_POST['entry_id']) . "' AND notify = 'y'"); $recipients = array(); if ($query->num_rows > 0) { foreach ($query->result as $row) { if ($row['email'] == "" and $row['author_id'] != 0) { $result = $DB->query("SELECT email, screen_name FROM exp_members WHERE member_id = '" . $DB->escape_str($row['author_id']) . "'"); if ($result->num_rows == 1) { $recipients[] = array($result->row['email'], $row['comment_id'], $result->row['screen_name']); } } elseif ($row['email'] != "") { $recipients[] = array($row['email'], $row['comment_id'], $row['name']); } } } } /** ---------------------------------------- /** Fetch Author Notification /** ----------------------------------------*/ if ($author_notify == 'y') { $result = $DB->query("SELECT email FROM exp_members WHERE member_id = '" . $DB->escape_str($author_id) . "'"); $notify_address .= ',' . $result->row['email']; } /** ---------------------------------------- /** Instantiate Typography class /** ----------------------------------------*/ if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(FALSE, FALSE); $TYPE->smileys = FALSE; $comment = $REGX->xss_clean($_POST['comment']); $comment = $TYPE->parse_type($comment, array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); /** ---------------------------- /** Send admin notification /** ----------------------------*/ if ($notify_address != '') { $swap = array('name' => $cmtr_name, 'name_of_commenter' => $cmtr_name, 'email' => $cmtr_email, 'url' => $cmtr_url, 'location' => $cmtr_loc, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'comment_id' => $comment_id, 'comment' => $comment, 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'delete_link' => $PREFS->ini('cp_url') . '?S=0&C=edit' . '&M=del_comment_conf' . '&weblog_id=' . $weblog_id . '&entry_id=' . $_POST['entry_id'] . '&comment_id=' . $comment_id); $template = $FNS->fetch_email_template('admin_notify_comment'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); // We don't want to send an admin notification if the person // leaving the comment is an admin in the notification list if ($_POST['email'] != '') { if (strpos($notify_address, $_POST['email']) !== FALSE) { $notify_address = str_replace($_POST['email'], "", $notify_address); } } $notify_address = $REGX->remove_extra_commas($notify_address); if ($notify_address != '') { /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $replyto = $data['email'] == '' ? $PREFS->ini('webmaster_email') : $data['email']; $email = new EEmail(); $sent = array(); foreach (explode(',', $notify_address) as $addy) { if (in_array($addy, $sent)) { continue; } $email->initialize(); $email->wordwrap = false; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($addy); $email->reply_to($replyto); $email->subject($email_tit); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); $sent[] = $addy; } } } /** ---------------------------------------- /** Send user notifications /** ----------------------------------------*/ if ($comment_moderate == 'n') { $email_msg = ''; if (count($recipients) > 0) { $qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?'; $action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification'); $swap = array('name_of_commenter' => $cmtr_name, 'weblog_name' => $blog_title, 'entry_title' => $entry_title, 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment_url' => $FNS->remove_session_id($_POST['RET']), 'comment_id' => $comment_id, 'comment' => $comment); $template = $FNS->fetch_email_template('comment_notification'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $cur_email = $_POST['email'] == '' ? FALSE : $_POST['email']; if (!isset($sent)) { $sent = array(); } foreach ($recipients as $val) { // We don't notify the person currently commenting. That would be silly. if ($val['0'] != $cur_email and !in_array($val['0'], $sent)) { $title = $email_tit; $message = $email_msg; $title = str_replace('{name_of_recipient}', $val['2'], $title); $message = str_replace('{name_of_recipient}', $val['2'], $message); $title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title); $message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message); $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($val['0']); $email->subject($title); $email->message($REGX->entities_to_ascii($message)); $email->Send(); $sent[] = $val['0']; } } } /** ---------------------------------------- /** Clear cache files /** ----------------------------------------*/ $FNS->clear_caching('all', $FNS->fetch_site_index() . $_POST['URI']); // clear out the entry_id version if the url_title is in the URI, and vice versa if (preg_match("#\\/" . preg_quote($url_title) . "\\/#", $_POST['URI'], $matches)) { $FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#" . preg_quote($matches['0']) . "#", "/{$data['entry_id']}/", $_POST['URI'])); } else { $FNS->clear_caching('all', $FNS->fetch_site_index() . preg_replace("#{$data['entry_id']}#", $url_title, $_POST['URI'])); } } /** ---------------------------------------- /** Set cookies /** ----------------------------------------*/ if ($notify == 'y') { $FNS->set_cookie('notify_me', 'yes', 60 * 60 * 24 * 365); } else { $FNS->set_cookie('notify_me', 'no', 60 * 60 * 24 * 365); } if ($IN->GBL('save_info', 'POST')) { $FNS->set_cookie('save_info', 'yes', 60 * 60 * 24 * 365); $FNS->set_cookie('my_name', $_POST['name'], 60 * 60 * 24 * 365); $FNS->set_cookie('my_email', $_POST['email'], 60 * 60 * 24 * 365); $FNS->set_cookie('my_url', $_POST['url'], 60 * 60 * 24 * 365); $FNS->set_cookie('my_location', $_POST['location'], 60 * 60 * 24 * 365); } else { $FNS->set_cookie('save_info', 'no', 60 * 60 * 24 * 365); $FNS->set_cookie('my_name', ''); $FNS->set_cookie('my_email', ''); $FNS->set_cookie('my_url', ''); $FNS->set_cookie('my_location', ''); } // ------------------------------------------- // 'insert_comment_end' hook. // - More emails, more processing, different redirect // - $comment_id added 1.6.1 // $edata = $EXT->call_extension('insert_comment_end', $data, $comment_moderate, $comment_id); if ($EXT->end_script === TRUE) { return; } // // ------------------------------------------- /** ------------------------------------------- /** Bounce user back to the comment page /** -------------------------------------------*/ if ($comment_moderate == 'y') { $data = array('title' => $LANG->line('cmt_comment_accepted'), 'heading' => $LANG->line('thank_you'), 'content' => $LANG->line('cmt_will_be_reviewed'), 'redirect' => $_POST['RET'], 'link' => array($_POST['RET'], $LANG->line('cmt_return_to_comments')), 'rate' => 3); $OUT->show_message($data); } else { $FNS->redirect($_POST['RET']); } }
/** ----------------------------------------- /** Change Comment Status /** -----------------------------------------*/ function change_comment_status($status = '') { global $IN, $DSP, $DB, $LANG, $PREFS, $REGX, $FNS, $SESS, $STAT; $weblog_id = $IN->GBL('weblog_id'); $entry_id = $IN->GBL('entry_id'); $current_page = $IN->GBL('current_page'); $comments = array(); $trackbacks = array(); foreach ($_POST as $key => $val) { if (strstr($key, 'toggle') and !is_array($val)) { if (substr($val, 0, 1) == 'c') { $comments[] = $DB->escape_str(substr($val, 1)); } } } if ($IN->GBL('comment_id') !== FALSE && is_numeric($IN->GBL('comment_id'))) { $comments[] = $DB->escape_str($IN->GBL('comment_id')); } if (sizeof($comments) == 0) { return $DSP->no_access_message(); } if (!$DSP->allowed_group('can_moderate_comments') && !$DSP->allowed_group('can_edit_all_comments')) { return $DSP->no_access_message(); } if ($DSP->allowed_group('can_edit_all_comments')) { // Can Edit All Comments $sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "')"; } else { // Can Moderate Comments, but only from non-USER blogs. $sql = "SELECT exp_comments.entry_id, exp_comments.weblog_id, exp_comments.author_id\n\t\t\t\t\tFROM exp_comments, exp_weblogs\n\t\t\t\t\tWHERE exp_comments.comment_id IN ('" . implode("','", $comments) . "') \n\t\t\t\t\tAND exp_comments.weblog_id = exp_weblogs.weblog_id "; $sql .= USER_BLOG !== FALSE ? "AND exp_weblogs.weblog_id = '" . UB_BLOG_ID . "' " : "AND exp_weblogs.is_user_blog = 'n' "; } /** ------------------------------- /** Retrieve Our Results /** -------------------------------*/ $query = $DB->query($sql); if ($query->num_rows == 0) { return $DSP->no_access_message(); } $entry_ids = array(); $author_ids = array(); $weblog_ids = array(); foreach ($query->result as $row) { $entry_ids[] = $row['entry_id']; $author_ids[] = $row['author_id']; $weblog_ids[] = $row['weblog_id']; } $entry_ids = array_unique($entry_ids); $author_ids = array_unique($author_ids); $weblog_ids = array_unique($weblog_ids); /** ------------------------------- /** Change Status /** -------------------------------*/ $status = ($status == 'close' or isset($_GET['status']) and $_GET['status'] == 'close') ? 'c' : 'o'; $DB->query("UPDATE exp_comments SET status = '{$status}' WHERE comment_id IN ('" . implode("','", $comments) . "') "); foreach (array_unique($entry_ids) as $entry_id) { $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '" . $DB->escape_str($entry_id) . "'"); $comment_date = ($query->num_rows == 0 or !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date']; $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '" . $DB->escape_str($entry_id) . "' AND status = 'o'"); $DB->query("UPDATE exp_weblog_titles SET comment_total = '" . $query->row['count'] . "', recent_comment_date = '{$comment_date}' WHERE entry_id = '" . $DB->escape_str($entry_id) . "'"); } // Quicker and updates just the weblogs foreach (array_unique($weblog_ids) as $weblog_id) { $STAT->update_comment_stats($weblog_id, '', FALSE); } // Updates the total stats $STAT->update_comment_stats(); foreach (array_unique($author_ids) as $author_id) { $res = $DB->query("SELECT COUNT(comment_id) AS comment_total, MAX(comment_date) AS comment_date FROM exp_comments WHERE author_id = '{$author_id}'"); $comment_total = $res->row['comment_total']; $comment_date = !empty($res->row['comment_date']) ? $res->row['comment_date'] : 0; $DB->query($DB->update_string('exp_members', array('total_comments' => $comment_total, 'last_comment_date' => $comment_date), "member_id = '{$author_id}'")); } /** ---------------------------------------- /** Send email notification /** ----------------------------------------*/ if ($status == 'o') { /** ---------------------------------------- /** Instantiate Typography class /** ----------------------------------------*/ if (!class_exists('Typography')) { require PATH_CORE . 'core.typography' . EXT; } $TYPE = new Typography(0); /** ---------------------------------------- /** Go Through Array of Entries /** ----------------------------------------*/ foreach ($comments as $comment_id) { $query = $DB->query("SELECT comment, name, email, comment_date, entry_id\n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE comment_id = '" . $DB->escape_str($comment_id) . "'"); /* Find all of the unique commenters for this entry that have notification turned on, posted at/before this comment and do not have the same email address as this comment. */ $results = $DB->query("SELECT DISTINCT(email), name, comment_id \n\t\t\t\t\t\t\t\t\t FROM exp_comments \n\t\t\t\t\t\t\t\t\t WHERE status = 'o' \n\t\t\t\t\t\t\t\t\t AND entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t AND notify = 'y'\n\t\t\t\t\t\t\t\t\t AND email != '" . $DB->escape_str($query->row['email']) . "'\n\t\t\t\t\t\t\t\t\t AND comment_date <= '" . $DB->escape_str($query->row['comment_date']) . "'"); $recipients = array(); if ($results->num_rows > 0) { foreach ($results->result as $row) { $recipients[] = array($row['email'], $row['comment_id'], $row['name']); } } $email_msg = ''; if (count($recipients) > 0) { $comment = $TYPE->parse_type($query->row['comment'], array('text_format' => 'none', 'html_format' => 'none', 'auto_links' => 'n', 'allow_img_url' => 'n')); $qs = $PREFS->ini('force_query_string') == 'y' ? '' : '?'; $action_id = $FNS->fetch_action_id('Comment_CP', 'delete_comment_notification'); $results = $DB->query("SELECT wt.title, wt.url_title, w.blog_title, w.comment_url, w.blog_url\n\t\t\t\t\t\t\t\t\t\t FROM exp_weblog_titles wt, exp_weblogs w \n\t\t\t\t\t\t\t\t\t\t WHERE wt.entry_id = '" . $DB->escape_str($query->row['entry_id']) . "'\n\t\t\t\t\t\t\t\t\t\t AND wt.weblog_id = w.weblog_id"); $com_url = $results->row['comment_url'] == '' ? $results->row['blog_url'] : $results->row['comment_url']; $swap = array('name_of_commenter' => $query->row['name'], 'name' => $query->row['name'], 'weblog_name' => $results->row['blog_title'], 'entry_title' => $results->row['title'], 'site_name' => stripslashes($PREFS->ini('site_name')), 'site_url' => $PREFS->ini('site_url'), 'comment' => $comment, 'comment_id' => $comment_id, 'comment_url' => $FNS->remove_double_slashes($com_url . '/' . $results->row['url_title'] . '/')); $template = $FNS->fetch_email_template('comment_notification'); $email_tit = $FNS->var_swap($template['title'], $swap); $email_msg = $FNS->var_swap($template['data'], $swap); /** ---------------------------- /** Send email /** ----------------------------*/ if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email = new EEmail(); $email->wordwrap = true; $sent = array(); foreach ($recipients as $val) { if (!in_array($val['0'], $sent)) { $title = $email_tit; $message = $email_msg; // Deprecate the {name} variable at some point $title = str_replace('{name}', $val['2'], $title); $message = str_replace('{name}', $val['2'], $message); $title = str_replace('{name_of_recipient}', $val['2'], $title); $message = str_replace('{name_of_recipient}', $val['2'], $message); $title = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $title); $message = str_replace('{notification_removal_url}', $FNS->fetch_site_index(0, 0) . $qs . 'ACT=' . $action_id . '&id=' . $val['1'], $message); $email->initialize(); $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to($val['0']); $email->subject($title); $email->message($REGX->entities_to_ascii($message)); $email->Send(); $sent[] = $val['0']; } } } } } $FNS->clear_caching('all'); $val = $IN->GBL('validate') == 1 ? AMP . 'validate=1' : ''; if ($IN->GBL('search_in') !== FALSE) { $url = BASE . AMP . 'C=edit' . AMP . 'M=view_entries' . AMP . 'search_in=comments' . AMP . 'rownum=' . $IN->GBL('current_page') . AMP . 'order=desc' . AMP . 'keywords=' . $IN->GBL('keywords'); } else { $url = BASE . AMP . 'C=edit' . AMP . 'M=view_comments' . AMP . 'weblog_id=' . $weblog_id . AMP . 'entry_id=' . $entry_id . AMP . 'current_page=' . $current_page . AMP . 'U=1' . $val; } $FNS->redirect($url); exit; }
/** * Sends an email to either the site administrator or the author of the entry / comment. * * @param string $to_who author or admin * @param string $emails comma separated list of emails * @since version 1.0.0 */ private function send_notifications($to_who, $emails, $data) { global $DSP, $PREFS; // grab the template $settings = $this->settings['addon'][$PREFS->ini('site_id')]; $template = $this->parse_template($settings["{$to_who}_{$this->quarantinable_type}_notification_template"], $data); $subject = $this->parse_template($settings["{$to_who}_{$this->quarantinable_type}_notification_subject"], $data); /** ---------------------------- /** Send email /** ----------------------------*/ // get the email class if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } // create a new email object $E = new EEmail(); $E->wordwrap = $PREFS->ini('word_wrap'); $E->mailtype = $PREFS->ini('mail_format'); $E->priority = 3; // set the prefs // im sending it to myself $E->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $E->to($emails); // create a subject line $E->subject($subject); // add the message to the email object $E->message($template); if ($E->Send() === FALSE) { return $DSP->error_message($LANG->line('error_sending_email'), 0); } }
function test_email() { global $IN, $DB, $REGX, $LANG, $TMPL, $FNS, $PREFS, $LOC; if (!class_exists('EEmail')) { require PATH_CORE . 'core.email' . EXT; } $email_msg = 'Cron executed at ' . date("M d, Y H:i", $LOC->server_now); $email = new EEmail(); $email->initialize(); $email->wordwrap = true; $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name')); $email->to('*****@*****.**'); $email->reply_to($PREFS->ini('webmaster_email')); $email->subject('cron works'); $email->message($REGX->entities_to_ascii($email_msg)); $email->Send(); }
/** ---------------------------------- /** Send Member Email /** ----------------------------------*/ function send_email() { global $DB, $IN, $FNS, $OUT, $LANG, $PREFS, $LOC, $SESS; if ( ! $member_id = $IN->GBL('MID', 'POST')) { return false; } /** ---------------------------------------- /** Is the user banned? /** ----------------------------------------*/ if ($SESS->userdata['is_banned'] == TRUE) { return false; } /** --------------------------------- /** Is the user logged in? /** ---------------------------------*/ if ($SESS->userdata('member_id') == 0) { return $this->profile_login_form($this->_member_path('email_console/'.$member_id)); } /** --------------------------------- /** Are we missing data? /** ---------------------------------*/ if ( ! $member_id = $IN->GBL('MID', 'POST')) { return false; } if ( ! isset($_POST['subject']) || ! isset($_POST['message'])) { return false; } if ($_POST['subject'] == '' OR $_POST['message'] == '') { return $OUT->show_user_error('submission', array($LANG->line('mbr_missing_fields'))); } /** ---------------------------------------- /** Check Email Timelock /** ----------------------------------------*/ if ($SESS->userdata['group_id'] != 1) { $lock = $PREFS->ini('email_console_timelock'); if (is_numeric($lock) AND $lock != 0) { if (($SESS->userdata['last_email_date'] + ($lock*60)) > $LOC->now) { return $this->_var_swap($this->_load_element('email_user_message'), array( 'lang:message' => str_replace("%x", $lock, $LANG->line('mbr_email_timelock_not_expired')), 'css_class' => 'highlight', 'lang:close_window' => $LANG->line('mbr_close_window') ) ); } } } /** --------------------------------- /** Do we have a secure hash? /** ---------------------------------*/ if ($PREFS->ini('secure_forms') == 'y') { $query = $DB->query("SELECT COUNT(*) AS count FROM exp_security_hashes WHERE hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."' AND date > UNIX_TIMESTAMP()-7200"); if ($query->row['count'] == 0) { return false; } $DB->query("DELETE FROM exp_security_hashes WHERE (hash='".$DB->escape_str($_POST['XID'])."' AND ip_address = '".$IN->IP."') OR date < UNIX_TIMESTAMP()-7200"); } /** --------------------------------- /** Does the recipient accept email? /** ---------------------------------*/ $query = $DB->query("SELECT email, screen_name, accept_user_email FROM exp_members WHERE member_id = '{$member_id}'"); if ($query->num_rows == 0) { return false; } if ($query->row['accept_user_email'] != 'y') { return $this->_var_swap($this->_load_element('email_user_message'), array( 'lang:message' => $LANG->line('mbr_email_not_accepted'), 'css_class' => 'highlight' ) ); } $message = stripslashes($_POST['message'])."\n\n"; $message .= $LANG->line('mbr_email_forwarding')."\n"; $message .= $PREFS->ini('site_url')."\n"; $message .= $LANG->line('mbr_email_forwarding_cont'); /** ---------------------------- /** Send email /** ----------------------------*/ if ( ! class_exists('EEmail')) { require PATH_CORE.'core.email'.EXT; } $email = new EEmail; $email->wordwrap = true; $email->from($SESS->userdata['email']); $email->subject(stripslashes($_POST['subject'])); $email->message($message); if (isset($_POST['self_copy'])) { /* If CC'ing the send, they get the email and the recipient is BCC'ed Because Rick says his filter blocks emails without a To: field */ $email->to($SESS->userdata['email']); $email->bcc($query->row['email']); } else { $email->to($query->row['email']); } $swap['lang:close_window'] = $LANG->line('mbr_close_window'); if ( ! $email->Send()) { $swap['lang:message'] = $LANG->line('mbr_email_error'); $swap['css_class'] = 'alert'; } else { $this->log_email($query->row['email'], $query->row['screen_name'], $_POST['subject'], $_POST['message']); $swap['lang:message'] = $LANG->line('mbr_good_email'); $swap['css_class'] = 'success'; $DB->query("UPDATE exp_members SET last_email_date = '{$LOC->now}' WHERE member_id = '".$SESS->userdata('member_id')."'"); } $this->_set_page_title($LANG->line('email_console')); return $this->_var_swap($this->_load_element('email_user_message'), $swap); }