function create() { global $gorumuser, $gorumroll, $gorumrecognised; if (!isset($this->cid)) { $this->cid = $gorumroll->rollid; } hasAdminRights($isAdm); if (!$gorumrecognised && !$this->email) { return Roll::setFormInvalid("emailMandatory"); } if (!$gorumrecognised && $this->email) { if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->email)) { return Roll::setFormInvalid("invalidEmail"); } $this->unsub = FALSE; $this->subscribeAction(); if (!$isAdm) { return Roll::setInfoText("subscribed"); } } elseif (!$isAdm) { $this->uid = $gorumuser->id; create($this); $this->rollBackNum = 1; return Roll::setInfoText("subscribed"); } else { ini_set("max_execution_time", 0); $this->unsub = FALSE; $emails = array_unique(array_map(create_function('$v', 'return trim(strtolower($v));'), explode("\n", $this->email))); foreach ($emails as $this->email) { $this->subscribeAction(); } } }
function create() { global $gorumroll; $class = strstr($gorumroll->list, "user") ? "user" : "item"; $this->valid(); if (Roll::isFormInvalid()) { return; } if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->youremail) || !preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}$/i', $this->friendsemail)) { return Roll::setFormInvalid("invalidEmail"); } G::load($n, Notification_adToAFriend, "notification"); if ($n->active) { $obj = new $class(); $obj->id = $gorumroll->rollid; $obj->getEmailParams($params); $params["message"] = $this->mess; $params["name"] = $this->yourname; $sp = new SendingParameters(); $sp->to = $this->friendsemail; $sp->from = $this->youremail; $sp->replyTo = $this->youremail; $sp->replyToName = $this->yourname; $n->send($sp, $params); } //TODO: respnum increase Roll::setInfoText("mail_fr_sent_{$class}"); }
function checkForPostMaxSizeError() { if (!isset($_SERVER['CONTENT_LENGTH'])) { return; } $POST_MAX_SIZE = byteStr2num(ini_get('post_max_size')); if ($POST_MAX_SIZE && $_SERVER['CONTENT_LENGTH'] > $POST_MAX_SIZE) { Roll::setFormInvalid("postMaxSizeExceeded", $POST_MAX_SIZE); LocationHistory::saveInfoText(); LocationHistory::rollBack(2); } }
function validateCaptcha() { if ($this->hasCaptcha()) { include_once GORUM_DIR . '/captcha/php-captcha.inc.php'; if (!PhpCaptcha::Validate($_POST['captchaField'])) { return Roll::setFormInvalid("invalidCaptcha"); } } return TRUE; }
function validMedia($attr) { if (!isset($_FILES[$attr]["name"]) || $_FILES[$attr]["name"] == "") { return; } if ($_FILES[$attr]["size"] == 0) { return Roll::setFormInvalid("picFileSizeNull"); } if ($_FILES[$attr]["tmp_name"] == "none") { return Roll::setFormInvalid("picFileSizeToLarge1"); } $_S =& new AppSettings(); if ($_S->maxMediaSize && $_FILES[$attr]["size"] > $_S->maxMediaSize) { return Roll::setFormInvalid("picFileSizeToLarge2", $_S->maxMediaSize); } if (!is_uploaded_file($_FILES[$attr]["tmp_name"])) { handleError("Possible attack"); } }
function checkAndSetExpirationDays() { if (!$this->expirationAppearsInForm()) { $this->expiration = $this->getDefaultExpiration(); } elseif ($defaultExpiration = $this->getDefaultExpiration()) { // ha uresen hagytak az expirationt, a default lep ervenybe: if (empty($this->expiration)) { $this->expiration = $defaultExpiration; } elseif ($this->expiration > $defaultExpiration) { return Roll::setFormInvalid("item_expiration_expl_2", $defaultExpiration); } } return TRUE; }
function validLogin() { $user = new User(); $user->setUniqueValue($this->getUniqueValue()); if (load($user, array($this->getUniqueAttr())) || $user->id == $user->name) { Roll::setFormInvalid(); } else { if (getPassword($this->password) != $user->password && $user->newPassword) { if (getPassword($this->password) == $user->newPassword) { executeQuery(array("UPDATE @user SET password='******', newPassword='' WHERE id=#id#", $user->id)); } else { Roll::setFormInvalid(); } } elseif (getPassword($this->password) != $user->password) { Roll::setFormInvalid(); } $this->id = $user->id; $this->lastClickTime = $user->lastClickTime; } if (Roll::isFormInvalid()) { Roll::setInfoText("loginInvalid"); } return !Roll::isFormInvalid(); }
function valid() { if (!isset($_FILES["picture"]["name"]) || $_FILES["picture"]["name"] == "") { return Category::valid(); } if (isset($_FILES["picture"]["name"]) && strstr($_FILES["picture"]["name"], " ")) { return Roll::setFormInvalid("spacenoatt"); } if ($_FILES["picture"]["size"] == 0) { return Roll::setFormInvalid("picFileSizeNull"); } if ($_FILES["picture"]["tmp_name"] == "none") { return Roll::setFormInvalid("picFileSizeToLarge1"); } if (!is_uploaded_file($_FILES["picture"]["tmp_name"])) { handleError("Possible attack"); } $fname = $_FILES["picture"]["tmp_name"]; $size = getimagesize($fname); if (!$size) { return Roll::setFormInvalid("notValidImageFile"); } return Category::valid(); }
function uploadImages() { global $siteDemo; if (!class_exists('rss') || $siteDemo) { return; } $err = ""; //$pattern = "{(\\<div id='header'\\>\\<img src='\\<\\?php echo \\\$this->imagesDir \\?\\>)(/[^']+)('\\>\\</div\\>)}ms"; $pattern = '{(/.+\\?logoImage)|(/headpic\\.gif)}'; $this->uploadImagesCore("logoImage", TEMPLATE_DIR . "/layout.tpl.php", $pattern, $err); if ($err) { return Roll::setFormInvalid($err); } $pattern = '{(/[^/]+\\?headerBackground)|(/top_shadow\\.jpg)}'; $this->uploadImagesCore("headerBackground", CSS_DIR . "/layout.css", $pattern, $err); if ($err) { return Roll::setFormInvalid($err); } }
function init($queryString) { global $allowedMethods; $_S =& new AppSettings(); if (!count($queryPieces = AppController::getQueryPieces($queryString))) { $_GS =& new GlobalStat(); if ($_GS->defPageConf) { $this->Controller("checkconf", "show"); } elseif (!empty($_S->homeLocation) && $_S->homeLocation != "/") { $this->Controller($_S->homeLocation); } else { $this->Controller("appcategory", "showhtmllist", 0); } // default application home } elseif (is_numeric($queryPieces[0])) { // Pl: /123 /123/attr1/val1/attr2/val2 $this->Controller("item", "showdetails", array_shift($queryPieces), $queryPieces); } elseif ($queryPieces[0] == "list") { array_shift($queryPieces); if (is_numeric($queryPieces[0]) || $queryPieces[0] == '*') { // Pl: /list/23 /list/23/attr1/val1/attr2/val2 // ha nincs ilyen category id, de van olyan user, aminek ez a neve: if (G::load($obj, $queryPieces[0], "appcategory") && !loadSQL($obj = new User(), array("SELECT id FROM @user WHERE name=#name# LIMIT 1", $queryPieces[0]))) { $this->Controller("item_my", "showhtmllist", array_shift($queryPieces), $queryPieces); } else { $this->Controller("appcategory", "showhtmllist", array_shift($queryPieces), $queryPieces); } } else { // Egy user osszes iteme: Pl: /list/henry $this->Controller("item_my", "showhtmllist", urldecode(array_shift($queryPieces)), $queryPieces); } } elseif ($queryPieces[0] == "rss") { // Pl: /rss/category/10/latest/20/days/3 array_shift($queryPieces); if ($queryPieces[0] == "modify_form") { $this->Controller("rss", "modify_form", "1"); } else { $this->Controller("rss", "get", "0", $queryPieces); } } elseif (count($queryPieces) == 1) { if ($queryPieces[0] == "control_panel") { $this->Controller("controlpanel", "showhtmllist"); } elseif ($queryPieces[0] == "purchaseitem" && class_exists("purchaseitem")) { $this->Controller("purchaseitem", "showhtmllist"); } elseif (!$_S->permaLinksEnabled() || !$this->validPermaLink($queryPieces)) { $this->Controller("staticpage", "show", $queryPieces[0]); // Pl: /faqpage $template = "{$queryPieces['0']}.tpl.php"; if (!file_exists(GORUM_TEMPLATE_DIR . "/{$template}") && !file_exists(TEMPLATE_DIR . "/{$template}") && !file_exists(COMMON_TEMPLATES . "/{$template}")) { return Roll::setFormInvalid("nonExistentStaticPage", $queryPieces[0]); } } } elseif (is_numeric($queryPieces[1]) || $queryPieces[1] == '*') { // Pl: /item/123 /item/123/attr1/val1/attr2/val2 $this->Controller(array_shift($queryPieces), "showdetails", array_shift($queryPieces), $queryPieces); } elseif ($_S->permaLinksEnabled() && !$this->isExistingMethod($queryPieces[1])) { if (!$this->validPermaLink($queryPieces)) { trigger_error("Invalid query string: {$queryString}", E_USER_ERROR); return Roll::setFormInvalid("invalidInternalLink", $queryString); } } elseif (count($queryPieces) == 2) { // Pl: /user/create_form/ $this->Controller(array_shift($queryPieces), array_shift($queryPieces), 0); } elseif (count($queryPieces) >= 3) { if ($queryPieces[2] == "off") { $this->Controller(array_shift($queryPieces), array_shift($queryPieces), 0, $queryPieces); } else { $this->Controller(array_shift($queryPieces), array_shift($queryPieces), array_shift($queryPieces), $queryPieces); } } else { trigger_error("Invalid query string: {$queryString}", E_USER_ERROR); return Roll::setFormInvalid("invalidInternalLink", $queryString); } return TRUE; }
function commonFieldAlreadyExists() { $id = isset($this->id) ? $this->id : 0; $query = "SELECT COUNT(*) FROM @customfield WHERE isCommon=1 AND columnIndex LIKE 'col_%' AND id!=#id# AND\n ((name!='' AND name=#name# AND type=#type#) OR (name='' AND userField!=0 AND userField=#uf#))"; getDbCount($count, array($query, $id, $this->name, $this->type, $this->userField)); if ($count) { Roll::setFormInvalid("commonFieldAlreadyExists"); } return $count; }