/** * Returns value if it is a valid email format, FALSE otherwise. * * @param mixed $key * @return mixed * * @tag validator */ function testEmail($key) { if (!$this->keyExists($key)) { return false; } if (Inspekt::isEmail($this->_getValue($key))) { return $this->_getValue($key); } return FALSE; }
<?php require_once "../lib/includes/session.php"; require_once "../lib/includes/sanitize-all.php"; if (!empty($_POST["email"]) && !empty($_POST["password"]) && !empty($_POST["javascript"])) { // Auto load the class when it is beeing created spl_autoload_register(function ($class) { require_once "../lib/classes/" . $class . ".class.php"; }); require_once "../lib/classes/Inspekt.php"; if (!Inspekt::isEmail($_POST["email"])) { die("Please write a correct Email address"); } $user = new User(); $login = $user->checkCredentials($_POST["email"], $_POST["password"], $_POST["javascript"], $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR'], session_id()); if ($login && isset($_SESSION['employee'])) { header("Location: dashboard.php"); } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content=""> <meta name="author" content=""> <!-- <link rel="shortcut icon" href="../../assets/ico/favicon.ico"> -->
} $pic_markup = <<<EOT <object id="SWFlash" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" type="application/x-shockwave-flash" width="{$thumb_size['width']}" height="{$thumb_size['height']}"> <param name="autostart" value="true" /> <param name="src" value="{$markup_picname}" /> </object> EOT; } else { if (!stristr($normal_pic_url, 'http:')) { $normal_pic_url = $gallery_url_prefix . $normal_pic_url; } $pic_markup = '<img src="' . $normal_pic_url . '" alt="" vspace="8" border="0" class="image" />'; } // Check supplied email address $valid_sender_email = Inspekt::isEmail($sender_email); $valid_recipient_email = Inspekt::isEmail($recipient_email); if (!$valid_sender_email && $superCage->post->keyExists('sender_name')) { $sender_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</div>'; } if (!$valid_recipient_email && $superCage->post->keyExists('sender_name')) { $recipient_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</div>'; } $gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/'); pageheader($lang_ecard_php['title']); if ($superCage->post->keyExists('submit')) { //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } // Create and send the e-card if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) {
/** * Generated from @assert ('webmaster') === FALSE. */ public function testIsEmail6() { $this->assertSame(FALSE, Inspekt::isEmail('webmaster')); }
if ($superCage->post->keyExists('change_profile') && USER_ID && UDB_INTEGRATION == 'coppermine') { //!defined('UDB_INTEGRATION')) { //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $error = false; if ($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) { $email = $superCage->post->getEscaped('email'); if (!Inspekt::isEmail($email)) { $error = $lang_register_php['email_warning2'] . ' [' . $email . ']'; //preg_match('#' . $adminDataValue['regex'] . '#i', $evaluate_value) == FALSE } elseif (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}' AND user_id <> " . USER_ID; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = $lang_register_php['err_duplicate_email']; } } } $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET user_profile1 = '{$profile1}', user_profile2 = '{$profile2}', user_profile3 = '{$profile3}', user_profile4 = '{$profile4}', user_profile5 = '{$profile5}', user_profile6 = '{$profile6}'" . (($CONFIG['allow_email_change'] || GALLERY_ADMIN_MODE) && !$error ? ", user_email = '{$email}'" : "") . " WHERE user_id = '" . USER_ID . "'"; $result = cpg_db_query($sql); CPGPluginAPI::action('profile_submit_form', null); $title = sprintf($lang_register_php['x_s_profile'], stripslashes(USER_NAME)); if (!$error) {
$row = $result->fetchArray(true); $comment = bb_decode($row['msg_body']); if ($CONFIG['enable_smilies']) { $comment = process_smilies($comment); } $msg_author = $row['msg_author']; $comment_field_name = sprintf($lang_report_php['comment_field_name'], $msg_author); $type = $lang_report_php['type_comment']; $template = $template_report_comment_email; $form_action = "{$CPG_PHP_SELF}?pid={$pid}&msg_id={$cid}&what=comment"; //template_extract_block($template_report_form, 'reason_missing'); //need help to toggle off reason(missing) since doesn't apply to comments } else { //template_extract_block($template_report_form, 'display_comment'); //need help remove comment preview when reporting picture } // Check supplied email address $valid_sender_email = Inspekt::isEmail($sender_email); $invalid_email = '<div class="cpg_message_error">' . $lang_report_php['invalid_email'] . '</div>'; if (!$valid_sender_email && $superCage->post->keyExists('subject')) { $sender_email_warning = $invalid_email; } // Create and send the e-card if ($superCage->post->keyExists('subject') && $valid_sender_email) { $gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/'); if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) { $n_picname = get_pic_url($row, 'normal'); } else { $n_picname = get_pic_url($row, 'fullsize'); } if (!stristr($n_picname, 'http:')) { $n_picname = $gallery_url_prefix . $n_picname; }
// check captcha if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) { if (!captcha_plugin_enabled('contact')) { require_once "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha)) { $captcha_remark = $lang_errors['captcha_error']; $expand_array[] = 'captcha_remark'; $error++; } } else { CPGPluginAPI::action('captcha_contact_validate', null); } } // check email address if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) { if (!Inspekt::isEmail($email_address)) { $expand_array[] = 'email_remark'; $error++; } } // check subject field if ($CONFIG['contact_form_subject_field'] >= 2 && $subject == '') { $expand_array[] = 'subject_remark'; $error++; } // check message field if ($message == '') { $expand_array[] = 'message_remark'; $error++; } // send the mail if no error occured
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } mysql_free_result($result); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } mysql_free_result($result); // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } mysql_free_result($result); } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } $encpassword = md5($password); $user_language = $CONFIG['lang']; $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = mysql_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = mysql_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = mysql_fetch_assoc($result)) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }
/** * Returns value if it is a valid email format, FALSE otherwise. * * @param mixed $key * @return mixed * @throws Exception * @tag validator */ public function testEmail($key) { $value = $this->getValueOrNull($key); if (!is_null($value) && Inspekt::isEmail($value)) { return $value; } return false; }