function SendEmail($email_to, $subject, $message)
{
if (!CheckEmail($email_to)) {
return false;
}
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: BIS<*****@*****.**>\r\n";
$startbody = "<html><head><title></title></head><body><font face=\"Arial\" size=\"2\"><p>";
$endbody = "</p></font></body></html>";
mail($email_to, $subject, $startbody . $message . $endbody, $headers);
return true;
}
function getApi($api)
{
$data = new stdClass();
if ($api == 'send') {
$errors = array();
$sender_name = Request('sender_name');
$sender_email = CheckEmail(Request('sender_email')) == true ? Request('sender_email') : ($errors['sender_email'] = $this->getLanguage('error/sender'));
$reply_name = Request('reply_name');
$reply_email = CheckEmail(Request('reply_email')) == true ? Request('reply_email') : null;
$bcc_name = Request('bcc_name');
$bcc_email = CheckEmail(Request('bcc_email')) == true ? Request('bcc_email') : null;
$receiver_name = Request('receiver_name');
$receiver_email = CheckEmail(Request('receiver_email')) == true ? Request('receiver_email') : ($errors['receiver_email'] = $this->getLanguage('error/receiver'));
$subject = Request('subject') ? Request('subject') : ($errors['subject'] = $this->getLanguage('error/subject'));
$content = Request('content') ? Request('content') : ($errors['content'] = $this->getLanguage('error/content'));
$isHtml = Request('is_html') == 'true';
if (count($errors) == 0) {
$this->setFrom($sender_email, $sender_name);
$this->addTo($receiver_email, $receiver_name);
$this->setSubject($subject);
$this->setContent($content, $isHtml);
if ($reply_email == null) {
$reply_email = $sender_email;
$reply_name = $sender_name;
}
$this->setReplyTo($reply_email, $reply_name);
if ($bcc_email !== null) {
$this->addBcc($bcc_email, $bcc_name);
}
$this->send();
$data->success = true;
$data->message = $this->getLanguage('success');
} else {
$data->success = false;
$data->errors = $errors;
}
}
return $data;
}
if ($ucresult > 0) {
echo "<font color='#4E7504'><b>√可以使用</b></font>";
} elseif ($ucresult == -4) {
echo "<font color='red'><b>×Email 格式有误!</b></font>";
} elseif ($ucresult == -5) {
echo "<font color='red'><b>×Email 不允许注册!</b></font>";
} elseif ($ucresult == -6) {
echo "<font color='red'><b>×该 Email 已经被注册!</b></font>";
}
exit;
}
#/aip}}
if ($cfg_md_mailtest == 'N') {
$msg = "<font color='#4E7504'><b>√可以使用</b></font>";
} else {
if (!CheckEmail($email)) {
$msg = "<font color='#4E7504'><b>×Email格式有误</b></font>";
} else {
$row = $dsql->GetOne("SELECT mid FROM `#@__member` WHERE email LIKE '{$email}' LIMIT 1");
if (!is_array($row)) {
$msg = "<font color='#4E7504'><b>√可以使用</b></font>";
} else {
$msg = "<font color='red'><b>×Email已经被另一个帐号占用!</b></font>";
}
}
}
echo $msg;
exit;
} else {
if ($dopost == "regnew") {
$step = empty($step) ? 1 : intval(preg_replace("/[^\\d]/", '', $step));
public function SavePost($ObjectId, $Edit = false)
{
$errors = array();
if ($Edit) {
if (!isset($_GET['post_id'])) {
$errors[] = 'post_id не инициализирована в GET.';
} else {
$post_id = SafeEnv($_GET['post_id'], 11, int);
System::database()->Select($this->PostsTable, "`id`='{$post_id}'");
$post = System::database()->FetchRow();
}
} else {
if (!$this->AlloyComments) {
$errors[] = 'Обсуждение закрыто';
return;
}
if ($this->DisableComments) {
$errors[] = 'Система комментариев отключена. Вы не сможете добавить комментарий.';
}
}
$post_message = '';
$post_parent_id = 0;
if (System::user()->Auth) {
// Авторизованный пользователь, добавляет комментарий
if (!isset($_POST['post_message']) || !isset($_POST['parent_id'])) {
$errors[] = 'Данные не инициализированы.';
}
$user_id = System::user()->Get('u_id');
$user_name = System::user()->Get('u_name');
$user_email = System::user()->Get('u_email');
$user_hideemail = System::user()->Get('u_hideemail');
$user_homepage = System::user()->Get('u_homepage');
if ($Edit && !System::user()->isAdmin() && $post['user_id'] != System::user()->Get('u_id')) {
$errors[] = 'У вас недостаточно прав для редактирования этого сообщения.';
}
} else {
// Гость, добавляет или редактирует комментарий
if ($Edit && ($post['user_id'] != '0' || $post['user_ip'] != getip())) {
$errors[] = 'У вас недостаточно прав для редактирования этого сообщения.';
} else {
if ($this->GuestPost || $Edit) {
// Разрешено комментировать гостям?
if (!$Edit) {
if (!isset($_POST['user_name']) || !isset($_POST['user_email']) || !isset($_POST['user_homepage']) || !isset($_POST['post_message']) || !isset($_POST['parent_id'])) {
$errors[] = 'Данные не инициализированы.';
} else {
$user_id = 0;
$user_name = SafeEnv($_POST['user_name'], 255, str, true);
CheckNikname($user_name, $er, true);
System::user()->Def('u_name', $user_name);
$user_email = SafeEnv($_POST['user_email'], 255, str, true);
if ($user_email != '') {
if (!CheckEmail($user_email)) {
$errors[] = 'Формат E-mail не правильный. Он должен быть вида: <b>domain@host.ru</b> .';
}
}
System::user()->Def('u_email', $user_email);
if (isset($_POST['hideemail'])) {
$user_hideemail = '1';
} else {
$user_hideemail = '0';
}
System::user()->Def('u_hideemail', $user_hideemail);
$user_homepage = Url(SafeEnv($_POST['user_homepage'], 250, str, true));
System::user()->Def('u_homepage', $user_homepage);
}
} else {
if (!isset($_POST['post_message']) || !isset($_POST['parent_id'])) {
$errors[] = 'Данные не инициализированы.';
}
$user_id = SafeDB($post['user_id'], 11, int);
$user_name = SafeDB($post['user_name'], 255, str);
$user_email = SafeDB($post['user_email'], 255, str);
$user_hideemail = SafeDB($post['user_hideemail'], 1, int);
$user_homepage = SafeDB($post['user_homepage'], 255, str);
}
} else {
$errors[] = 'Чтобы оставлять сообщения, вам необходимо зарегистрироваться.';
}
}
}
if ($user_name == '') {
$errors[] = 'Вы не ввели имя.';
}
if ($user_email == '') {
$errors[] = 'Вы не указали ваш E-mail.';
}
$post_message = SafeEnv($_POST['post_message'], $this->PostMaxLength, str);
if (strlen($post_message) == 0) {
$errors[] = 'Вы не ввели текст сообщения.';
}
// Проверяем капчу
if (!System::user()->Auth || !System::user()->isAdmin() && $this->ShowKaptchaForMembers) {
if (!System::user()->isDef('captcha_keystring') || System::user()->Get('captcha_keystring') != $_POST['keystr']) {
$errors[] = 'Вы ошиблись при вводе кода с картинки.';
}
}
if (!isset($_POST['parent_id'])) {
$errors[] = 'parent_id не инициализирована в POST.';
} else {
if ($this->Answers == '1' || System::user()->isAdmin()) {
$parent = $_POST['parent_id'];
$parent = explode('_', $parent, 2);
$post_parent_id = SafeEnv($parent[1], 11, int);
} else {
$post_parent_id = '0';
}
}
if ($this->CheckFlood() && !$Edit) {
$errors[] = 'Флуд-защита, подождите немного.';
}
$this->LastSaveErrors = $errors;
if (count($errors) == 0) {
if (!$Edit) {
$vals = Values('', $ObjectId, $user_id, $user_name, $user_homepage, $user_email, $user_hideemail, getip(), time(), $post_message, $post_parent_id);
$cols = array('id', 'object_id', 'user_id', 'user_name', 'user_homepage', 'user_email', 'user_hideemail', 'user_ip', 'post_date', 'post_message', 'post_parent_id');
System::database()->Insert($this->PostsTable, $vals, $cols);
} else {
System::database()->Update($this->PostsTable, "`post_message`='{$post_message}'", "`id`='{$post_id}'");
if (System::user()->isAdmin()) {
Audit('Posts: Изменение комментария "' . $this->PostsTable . '"/"' . "(user: {$user_name}, object_id: {$ObjectId})" . '"');
}
}
return true;
} else {
return false;
}
}
function doProcess($action)
{
$results = new stdClass();
$values = new stdClass();
if ($action == 'check') {
$name = Request('name');
$value = Request('value');
if ($name == 'email') {
if (CheckEmail($value) == true) {
if ($this->db()->select($this->table->member)->where('email', $value)->has() == true) {
$results->success = false;
$results->message = $this->getLanguage('signup/help/email/duplicated');
} else {
$results->success = true;
}
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/email/error');
}
}
if ($name == 'name') {
if (strlen($value) > 0) {
$results->success = true;
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/name/error');
}
}
if ($name == 'nickname') {
if (CheckNickname($value) == true) {
if ($this->db()->select($this->table->member)->where('nickname', $value)->where('idx', $this->getLogged(), '!=')->has() == true) {
$results->success = false;
$results->message = $this->getLanguage('signup/help/nickname/duplicated');
} else {
$results->success = true;
}
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/nickname/error');
}
}
if ($name == 'old_password') {
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
} else {
$mHash = new Hash();
if ($mHash->password_validate($value, $this->getMember()->password) == true) {
$results->success = true;
$results->message = $this->getLanguage('password/help/old_password/success');
} else {
$results->success = false;
$results->message = $this->getLanguage('password/help/old_password/error');
}
}
}
}
if ($action == 'forceLogin') {
$code = Decoder(Request('code'));
if ($code === false) {
$results->success = false;
$results->message = $this->getLanguage('error/invalidCode');
} else {
$data = json_decode($code);
if ($data != null && $data->ip == $_SERVER['REMOTE_ADDR']) {
$this->login($data->idx);
$results->success = true;
} else {
$results->success = false;
$results->message = $this->getLanguage('error/invalidCode');
}
}
}
if ($action == 'login') {
$mHash = new Hash();
$email = Request('email');
$password = Request('password');
$results->errors = array();
$loginFail = Request('loginFail', 'session') != null && is_array(Request('loginFail', 'session')) == true ? Request('loginFail', 'session') : array('count' => 0, 'time' => 0);
if ($loginFail['time'] > time()) {
$results->success = false;
$results->message = $this->getLanguage('login/error/login');
} else {
$check = $this->db()->select($this->table->member)->where('email', $email)->getOne();
if ($check == null) {
$results->success = false;
$results->errors['email'] = $this->getLanguage('login/error/email');
$loginFail['count']++;
if ($loginFail['count'] == 5) {
$loginFail['count'] = 0;
$loginFail['time'] = time() + 60 * 60 * 5;
}
$values->email = $email;
$values->password = $password;
} elseif ($mHash->password_validate($password, $check->password) == false) {
$results->success = false;
$results->errors['password'] = $this->getLanguage('login/error/password');
$loginFail['count']++;
if ($loginFail['count'] == 5) {
$loginFail['count'] = 0;
$loginFail['time'] = time() + 60 * 60 * 5;
}
$values->email = $email;
$values->password = $password;
} else {
if ($check->status == 'ACTIVE') {
$this->db()->update($this->table->member, array('last_login' => time()))->where('idx', $check->idx)->execute();
$this->login($check->idx);
$results->success = true;
} elseif ($check->status == 'VERIFYING') {
$_SESSION['MEMBER_REGISTER_IDX'] = Encoder($check->idx);
$page = $this->getMemberPage('signup');
$results->success = false;
$results->redirect = $this->IM->getUrl($page->menu, $page->page, 'verify');
} else {
$results->success = false;
$results->message = $this->getLanguage('error/' . $check->status);
}
}
}
$_SESSION['loginFail'] = $loginFail;
}
if ($action == 'logout') {
unset($_SESSION['MEMBER_LOGGED']);
$results->success = true;
}
if ($action == 'cert') {
$results->success = true;
}
if ($action == 'signup') {
$errors = array();
$email = CheckEmail(Request('email')) == true ? Request('email') : ($errors['email'] = $this->getLanguage('signup/help/email/error'));
$password = strlen(Request('password')) >= 4 ? Request('password') : ($errors['password'] = $this->getLanguage('signup/help/password/error'));
if (strlen(Request('password')) < 4 || Request('password') != Request('password_confirm')) {
$errors['password_confirm'] = $this->getLanguage('signup/help/password_confirm/error');
}
$name = CheckNickname(Request('name')) == true ? Request('name') : ($errors['name'] = $this->getLanguage('signup/help/name/error'));
$nickname = CheckNickname(Request('nickname')) == true ? Request('nickname') : ($errors['nickname'] = $this->getLanguage('signup/help/nickname/error'));
if ($this->db()->select($this->table->member)->where('email', $email)->has() == true) {
$errors['email'] = $this->getLanguage('signup/help/email/duplicated');
}
if ($this->db()->select($this->table->member)->where('nickname', $nickname)->has() == true) {
$errors['nickname'] = $this->getLanguage('signup/help/nickname/duplicated');
}
if (empty($errors) == true) {
$mHash = new Hash();
$insert = array();
$insert['gidx'] = Request('registerGIDX', 'session');
$insert['email'] = $email;
$insert['password'] = $mHash->password_hash($password);
$insert['name'] = $name;
$insert['nickname'] = $nickname;
$insert['status'] = 'VERIFYING';
$idx = $this->db()->insert($this->table->member, $insert)->execute();
if ($idx !== false) {
$results->success = true;
$_SESSION['MEMBER_REGISTER_IDX'] = Encoder($idx);
$this->sendVerifyEmail($idx);
unset($_SESSION['registerGIDX']);
} else {
$results->success = false;
}
} else {
$results->success = false;
$results->errors = $errors;
}
}
if ($action == 'verifyEmail') {
$registerIDX = Request('registerIDX');
if ($registerIDX == null) {
$results->success = false;
} else {
$email = Request('email');
$email_verify_code = Request('email_verify_code');
$check = $this->db()->select($this->table->email)->where('midx', $registerIDX)->where('email', $email)->getOne();
if ($check == null) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('verifyEmail/help/email/notFound'));
} elseif ($check->code == $email_verify_code) {
$this->db()->update($this->table->email, array('status' => 'VERIFIED'))->where('midx', $registerIDX)->where('email', $email)->execute();
$this->db()->update($this->table->member, array('status' => 'ACTIVE'))->where('idx', $registerIDX)->execute();
$results->success = true;
} else {
$results->success = false;
$results->errors = array('email_verify_code' => $this->getLanguage('verifyEmail/help/email_verify_code/error'));
}
}
}
if ($action == 'sendVerifyEmail') {
$registerIDX = Request('registerIDX');
$email = Request('email');
if ($this->isLogged() == true) {
if (CheckEmail($email) == false) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('modifyEmail/help/email/error'));
} elseif ($this->db()->select($this->table->member)->where('email', $email)->count() == 1) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('modifyEmail/help/email/duplicated'));
} else {
$check = $this->db()->select($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->getOne();
if ($check == null || $check->status != 'SENDING' || $check->status == 'SENDING' && $check->reg_date + 300 < time()) {
$this->db()->delete($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->execute();
$status = $this->sendVerifyEmail($this->getLogged(), $email);
$results->success = true;
$results->message = $this->getLanguage('verifyEmail/sending');
} else {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/sending');
}
}
} elseif ($registerIDX != null) {
$member = $this->db()->select($this->table->member)->where('idx', $registerIDX)->getOne();
if ($member == null || $member->status != 'VERIFYING') {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/target');
} else {
if (CheckEmail($email) == false) {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/email');
} else {
$check = $this->db()->select($this->table->email)->where('midx', $registerIDX)->where('email', $email)->getOne();
if ($check->status == 'VERIFIED') {
$signupPage = $this->getMemberPage('signup');
$results->success = true;
$this->db()->update($this->table->member, array('status' => 'ACTIVE'))->where('idx', $registerIDX)->execute();
$results->redirect = $this->IM->getUrl($signupPage->menu, $signupPage->page, 'complete');
} elseif ($check == null || $check->status == 'CANCELED' || $check->status == 'SENDING' && $check->reg_date + 300 < time()) {
$this->db()->delete($this->table->email)->where('midx', $registerIDX)->where('email', $email)->execute();
$status = $this->sendVerifyEmail($registerIDX, $email);
$results->success = true;
$results->message = $this->getLanguage('verifyEmail/sending');
} else {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/sending');
}
}
}
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
if ($action == 'photoEdit') {
$templet = Request('templet');
if ($this->isLogged() == true) {
$results->success = true;
$results->modalHtml = $this->getPhotoEdit($templet);
$results->photo = $this->getMember()->photo;
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
if ($action == 'photoUpload') {
$photo = Request('photo');
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
} else {
if (preg_match('/^data:image\\/(.*?);base64,(.*?)$/', $photo, $match) == true) {
$bytes = base64_decode($match[2]);
file_put_contents($this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', $bytes);
$this->IM->getModule('attachment')->createThumbnail($this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', $this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', 250, 250, false, 'jpg');
$results->success = true;
$results->message = $this->getLanguage('photoEdit/success');
} else {
$results->success = false;
$results->message = $this->getLanguage('photoEdit/error');
}
}
}
if ($action == 'modifyEmail') {
$confirm = Request('confirm');
if ($confirm == 'TRUE') {
$email = Request('email');
$code = Request('code');
$check = $this->db()->select($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->getOne();
if ($check == null || $check->code != $code) {
$results->success = false;
$results->errors = array('code' => $this->getLanguage('modifyEmail/help/code/error'));
} else {
$this->db()->update($this->table->email, array('status' => 'VERIFIED'))->where('midx', $this->getLogged())->where('email', $email)->execute();
$this->db()->update($this->table->member, array('email' => $email))->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('modifyEmail/success');
}
} else {
$templet = Request('templet');
if ($this->isLogged() == true) {
$results->success = true;
$results->modalHtml = $this->getModifyEmail($templet);
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
}
if ($action == 'modify') {
$step = Request('step');
if ($step == 'verify') {
$member = $this->getMember();
$password = Request('password');
$mHash = new Hash();
if ($mHash->password_validate($password, $member->password) == true) {
$results->success = true;
$results->password = Encoder($password);
} else {
$results->success = false;
$results->errors = array('password' => $this->getLanguage('verify/help/password/error'));
}
}
if ($step == 'modify') {
$errors = array();
$values->name = Request('name') ? Request('name') : ($errors['name'] = $this->getLanguage('signup/help/name/error'));
$values->nickname = Request('nickname') ? Request('nickname') : ($errors['nickname'] = $this->getLanguage('signup/help/nickname/error'));
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLangauge('error/notLogged');
} elseif (count($errors) == 0) {
$insert = array();
$insert['name'] = $values->name;
$insert['nickname'] = $values->nickname;
$this->db()->update($this->table->member, $insert)->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('modify/success');
} else {
$results->success = false;
$results->errors = $errors;
}
}
}
if ($action == 'password') {
$errors = array();
$password = strlen(Request('password')) >= 4 ? Request('password') : ($errors['password'] = $this->getLanguage('signup/help/password/error'));
if (strlen(Request('password')) < 4 || Request('password') != Request('password_confirm')) {
$errors['password_confirm'] = $this->getLanguage('signup/help/password_confirm/error');
}
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLangauge('error/notLogged');
} else {
$mHash = new Hash();
if (strlen($this->getMember()->password) == 65) {
$old_password = Request('old_password');
if ($old_password == '' || $mHash->password_validate($old_password, $this->getMember()->password) == false) {
$errors['old_password'] = $this->getLanguage('password/help/old_password/error');
}
}
if (count($errors) == 0) {
$password = $mHash->password_hash($password);
$this->db()->update($this->table->member, array('password' => $password))->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('password/success');
} else {
$results->success = false;
$results->errors = $errors;
}
}
}
if ($action == 'facebook') {
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
if ($this->IM->domain == 'www.arzz.com') {
$CLIENT_ID = '985851538105124';
$CLIENT_SECRET = 'c6b74ae32d4786b440bb878c46ee2998';
} elseif ($this->IM->domain == 'www.minitalk.kr') {
$CLIENT_ID = '418845248317025';
$CLIENT_SECRET = '5850c198f8f4b0b254a53ae7f9049600';
} else {
$CLIENT_ID = '985851538105124';
$CLIENT_SECRET = 'c6b74ae32d4786b440bb878c46ee2998';
}
$AUTH_URL = 'https://graph.facebook.com/oauth/authorize';
$TOKEN_URL = 'https://graph.facebook.com/oauth/access_token';
$facebook = new OAuthClient();
$facebook->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('public_profile,email')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($facebook->authenticate($_GET['code']) == true) {
$redirectUrl = $facebook->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($facebook->getAccessToken() == null) {
$authUrl = $facebook->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $facebook->get('https://graph.facebook.com/me', array('fields' => 'id,email,name'));
if ($data === false || empty($data->email) == true) {
$this->IM->printError('API ERROR');
}
$accessToken = $facebook->getAccessToken();
$refreshToken = $facebook->getRefreshToken() == null ? '' : $facebook->getRefreshToken();
$this->socialLogin('facebook', $data->id, $data->name, $data->email, 'https://graph.facebook.com/' . $data->id . '/picture?width=250&height=250', $accessToken, $refreshToken);
}
if ($action == 'google') {
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
if ($this->IM->domain == 'www.arzz.com') {
$CLIENT_ID = '367657130146-m9ojilvf3kbsv6j24uieartls0ols8t8.apps.googleusercontent.com';
$CLIENT_SECRET = 'GVgWL29VdBiSQIuRTlL5RZDc';
} elseif ($this->IM->domain == 'www.minitalk.kr') {
$CLIENT_ID = '476101389490-mug55vcsit7af2sd095m3c8fhd3agssu.apps.googleusercontent.com';
$CLIENT_SECRET = 'CJKMFEkaWkiasXWIj42WY4HU';
} else {
$CLIENT_ID = '995059916144-2odfvfoh0h18fhfsid1lh25d1vpunm5n.apps.googleusercontent.com';
$CLIENT_SECRET = 'A3G-GgF_2rsWXUuvmU1hPLOv';
}
$AUTH_URL = 'https://accounts.google.com/o/oauth2/auth';
$TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
$google = new OAuthClient();
$google->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($google->authenticate($_GET['code']) == true) {
$redirectUrl = $google->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($google->getAccessToken() == null) {
$authUrl = $google->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $google->get('https://www.googleapis.com/plus/v1/people/me');
if ($data === false || empty($data->emails) == true) {
$this->IM->printError('API ERROR');
}
for ($i = 0, $loop = count($data->emails); $i < $loop; $i++) {
if ($data->emails[$i]->type == 'account') {
$data->email = $data->emails[$i]->value;
break;
}
}
$data->photo = str_replace('sz=50', 'sz=250', $data->image->url);
$accessToken = $google->getAccessToken();
$refreshToken = $google->getRefreshToken() == null ? '' : $google->getRefreshToken();
$this->socialLogin('google', $data->id, $data->displayName, $data->email, $data->photo, $accessToken, $refreshToken);
}
if ($action == 'youtube') {
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
if ($this->isLogged() == false) {
die($this->getError('NOT_LOGGED'));
}
$CLIENT_ID = '995059916144-2odfvfoh0h18fhfsid1lh25d1vpunm5n.apps.googleusercontent.com';
$CLIENT_SECRET = 'A3G-GgF_2rsWXUuvmU1hPLOv';
$AUTH_URL = 'https://accounts.google.com/o/oauth2/auth';
$TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
$youtube = new OAuthClient();
$youtube->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload https://www.googleapis.com/auth/youtubepartner https://www.googleapis.com/auth/youtube.force-ssl')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($youtube->authenticate($_GET['code']) == true) {
$redirectUrl = $youtube->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($youtube->getAccessToken() == null) {
$authUrl = $youtube->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $youtube->get('https://www.googleapis.com/plus/v1/people/me');
if ($data === false || empty($data->emails) == true) {
$this->IM->printError('API ERROR');
}
for ($i = 0, $loop = count($data->emails); $i < $loop; $i++) {
if ($data->emails[$i]->type == 'account') {
$data->email = $data->emails[$i]->value;
break;
}
}
$accessToken = $youtube->getAccessToken();
$refreshToken = $youtube->getRefreshToken() == null ? '' : $youtube->getRefreshToken();
$check = $this->db()->select($this->table->social)->where('midx', $this->getLogged())->where('code', 'youtube')->getOne();
if ($check == null) {
$this->db()->insert($this->table->social, array('midx' => $this->getLogged(), 'code' => 'youtube', 'user_id' => $data->id, 'email' => $data->email, 'access_token' => $accessToken, 'refresh_token' => $refreshToken))->execute();
} else {
$this->db()->update($this->table->social, array('user_id' => $data->id, 'email' => $data->email, 'access_token' => $accessToken, 'refresh_token' => $refreshToken))->where('midx', $this->getLogged())->where('code', 'youtube')->execute();
}
unset($_SESSION['OAUTH_ACCESS_TOKEN']);
unset($_SESSION['OAUTH_REFRESH_TOKEN']);
$redirectUrl = Request('SOCIAL_REDIRECT_URL', 'session') != null ? Request('SOCIAL_REDIRECT_URL', 'session') : '/';
unset($_SESSION['SOCIAL_REDIRECT_URL']);
header('location:' . $redirectUrl);
}
if ($action == 'github') {
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
if ($this->IM->domain == 'www.arzz.com') {
$CLIENT_ID = 'b3f954eccc5378afbacf';
$CLIENT_SECRET = '4507787bbac2f89382c5b29dc07017bbc776c218';
} elseif ($this->IM->domain == 'www.minitalk.kr') {
$CLIENT_ID = 'a5b5c360b237ed9de0c7';
$CLIENT_SECRET = '0f5e658a0d05f83ee918da13cfe070ff5bc42e60';
} else {
$CLIENT_ID = 'b3f954eccc5378afbacf';
$CLIENT_SECRET = '4507787bbac2f89382c5b29dc07017bbc776c218';
}
$AUTH_URL = 'https://github.com/login/oauth/authorize';
$TOKEN_URL = 'https://github.com/login/oauth/access_token';
$github = new OAuthClient();
$github->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setAuthUrl($AUTH_URL)->setScope('user')->setAccessType('offline')->setUserAgent('Awesome-Octocat-App')->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($github->authenticate($_GET['code']) == true) {
$redirectUrl = $github->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($github->getAccessToken() == null) {
$authUrl = $github->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $github->get('https://api.github.com/user');
if ($data === false || empty($data->email) == true) {
$this->IM->printError('API ERROR');
}
$accessToken = $github->getAccessToken();
$refreshToken = $github->getRefreshToken() == null ? '' : $github->getRefreshToken();
$this->socialLogin('github', $data->id, $data->name, $data->email, $data->avatar_url, $accessToken, $refreshToken);
}
$this->IM->fireEvent('afterDoProcess', 'member', $action, $values, $results);
return $results;
}
/**
* Сохраняет данные формы сгенерированной фукцией AdminUserEditor
*
* @param $back_link
* @param string $a
* @param int $id
* @param bool $IsAdmin
* @return void
*/
function AdminUserEditSave($back_link, $a = 'insert', $id = 0, $IsAdmin = false)
{
$SystemAdmin = System::user()->isSuperUser();
$edit = $a == 'update';
$editProfile = $edit && !$SystemAdmin && $id == System::user()->Get('u_id');
// Администратор редактирует свой профиль
$editStatus = false;
// Разрешено редактирование статуса
$editType = false;
// Разрешено редактировать тип пользователя
// Загружаем данные пользователя из БД
if ($edit) {
$user = System::database()->SelectOne('users', "`id`='{$id}'" . ($IsAdmin ? " and `type`='1'" : " and `type`='2'"));
if (!$user) {
AddTextBox('Ошибка', '<p align="center">Пользователь не найден, либо у вас не достаточно прав для редактирования администраторов.</p>');
return;
}
}
// Устанавливаем ограничения доступа
if ($IsAdmin) {
// Редактируем администратора
if ($SystemAdmin) {
// Только системные администраторы могут редактировать статус и тип администраторов
if (!$edit) {
$editStatus = true;
} elseif (!(groupIsSystem(SafeEnv($user['access'], 11, int)) && GetSystemAdminsCount() <= 1)) {
// Если он не системный или системных больше 1
$editStatus = true;
}
$editType = $editStatus;
}
} else {
// Если пользователь
$editStatus = true;
// Все администраторы с доступом могут редактировать статус пользователя
$editType = $SystemAdmin;
// Только системные администраторы могут создавать администраторов
}
// Обрабатываем данные
$errors = array();
// Логин
if (isset($_POST['login']) && CheckLogin($_POST['login'], $errors, !$edit)) {
$login = SafeEnv($_POST['login'], 30, str);
} else {
$login = '';
}
// Пароль
$pass = '';
if (!$edit || $_POST['pass'] != '') {
$pass_generate_message = '';
if (isset($_POST['pass']) && CheckPass($_POST['pass'], $errors)) {
$pass = SafeEnv($_POST['pass'], 30, str);
if (!isset($_POST['rpass']) || SafeEnv($_POST['rpass'], 30, str) != $pass) {
$errors[] = 'Пароли не совпадают.';
}
} else {
$pass = '';
}
if (isset($_POST['pass']) && $_POST['pass'] == '') {
srand(time());
$pass = GenBPass(rand(System::config('user/pass_min_length'), 15));
$pass_generate_message = '<br />Так как вы не указали пароль, он был сгенерирован автоматически и выслан на указанный E-mail пользователя.';
}
$pass2 = md5($pass);
}
// e-mail
if (isset($_POST['email']) && $_POST['email'] != '') {
if (!CheckEmail($_POST['email'])) {
$errors[] = 'Не правильный формат E-mail. Он должен быть вида: <b>domain@host.ru</b> .';
}
$email = SafeEnv($_POST['email'], 50, str, true);
} else {
$email = '';
$errors[] = 'Вы не ввели E-mail.';
}
// Скрыть e-mail
if (isset($_POST['hideemail'])) {
$hide_email = '1';
} else {
$hide_email = '0';
}
// Имя пользователя на сайте
if (isset($_POST['nikname']) && CheckNikname($_POST['nikname'], $errors, !$edit)) {
$nik_name = SafeEnv($_POST['nikname'], 50, str, true);
} else {
$nik_name = '';
}
// Полное имя
if (isset($_POST['realname'])) {
$real_name = SafeEnv($_POST['realname'], 250, str, true);
} else {
$real_name = '';
}
// Возраст
if (isset($_POST['age'])) {
if ($_POST['age'] == '' || is_numeric($_POST['age'])) {
$age = SafeEnv($_POST['age'], 3, int);
} else {
$errors[] = 'Ваш возраст должен быть числом!';
}
} else {
$age = '';
}
// Домашняя страница
if (isset($_POST['homepage'])) {
if ($_POST['homepage'] != '' && substr($_POST['homepage'], 0, 7) == 'http://') {
$_POST['homepage'] = substr($_POST['homepage'], 7);
}
$homepage = SafeEnv($_POST['homepage'], 250, str, true);
} else {
$homepage = '';
}
// Номер ICQ
if (isset($_POST['icq'])) {
if ($_POST['icq'] == '' || is_numeric($_POST['icq'])) {
$icq = SafeEnv($_POST['icq'], 15, str, true);
} else {
$errors[] = 'Номер ICQ должен содержать только числа!';
}
} else {
$icq = '';
}
// Город
if (isset($_POST['city'])) {
$city = SafeEnv($_POST['city'], 100, str, true);
} else {
$city = '';
}
// Часовой пояс
if (isset($_POST['gmt'])) {
$gmt = SafeEnv($_POST['gmt'], 255, str);
} else {
$gmt = System::config('general/default_timezone');
}
// О себе
if (isset($_POST['about'])) {
$about = SafeEnv($_POST['about'], System::config('user/about_max_length'), str, true);
} else {
$about = '';
}
// Подписка на новости
if (isset($_POST['snews'])) {
$server_news = '1';
} else {
$server_news = '0';
}
//Обрабатываем аватар
$updateAvatar = true;
if (isset($_POST['avatar'])) {
if (System::config('user/avatar_transfer') == '1' && isset($_FILES['upavatar']) && file_exists($_FILES['upavatar']['tmp_name'])) {
if ($edit) {
$avatar = $user['avatar'];
$a_personal = $user['a_personal'];
} else {
$avatar = '';
$a_personal = '0';
}
UserLoadAvatar($errors, $avatar, $a_personal, $avatar, $a_personal, $edit);
} elseif ($_POST['avatar'] == '') {
$updateAvatar = false;
} elseif (file_exists(RealPath2(System::config('general/avatars_dir') . $_POST['avatar']))) {
if ($edit) {
if ($user['a_personal'] == '1') {
UnlinkUserAvatarFiles($user['avatar']);
}
}
$a_personal = '0';
$avatar = $_POST['avatar'];
} else {
$avatar = '';
$a_personal = '0';
}
} else {
$avatar = '';
$a_personal = '0';
}
$SendActivation = false;
if ($edit) {
$active = SafeEnv($user['active'], 11, int);
$code = SafeEnv($user['activate'], 11, int);
} else {
$active = '1';
$code = '';
}
if ($editStatus) {
$activate = $_POST['activate'];
$lastactivate = 'manual';
if ($active == '0' && $code != '') {
$lastactivate = 'mail';
} elseif ($active == '1' && $code == '') {
$lastactivate = 'auto';
}
if ($activate != $lastactivate) {
switch ($activate) {
case 'manual':
$active = '0';
$code = '';
$SendActivation = false;
break;
case 'auto':
$active = '1';
$code = '';
$SendActivation = false;
break;
case 'mail':
$active = '0';
$code = GenRandomString(8, 'qwertyuiopasdfghjklzxcvbnm');
$SendActivation = true;
break;
}
}
}
if ($edit) {
$access = SafeEnv($user['type'], 11, int);
$user_type = SafeEnv($user['access'], 11, int);
} else {
$access = '2';
$user_type = '-1';
}
if ($editType && $_POST['status'] != 'member') {
$access = '1';
$user_type = SafeEnv($_POST['status'], 11, int);
}
$reg_date = time();
$last_visit = time();
$ip = getip();
$points = 0;
$visits = 0;
if ($SendActivation) {
UserSendActivationMail($nik_name, $email, $login, $pass, $code, $reg_date);
} elseif (!$edit) {
UserSendEndRegMail($email, $nik_name, $login, $pass, $reg_date);
}
if (!$edit) {
$values = Values('', $login, $pass2, $nik_name, $real_name, $age, $email, $hide_email, $city, $icq, $homepage, $gmt, $avatar, $about, $server_news, $reg_date, $last_visit, $ip, $points, $visits, $active, $code, $access, $user_type, $a_personal, serialize(array()));
System::database()->Insert('users', $values);
} else {
$set = "`login`='{$login}',`email`='{$email}',`hideemail`='{$hide_email}',`name`='{$nik_name}'," . "`truename`='{$real_name}',`age`='{$age}',`url`='{$homepage}',`icq`='{$icq}',`city`='{$city}'," . "`timezone`='{$gmt}'" . ($updateAvatar == true ? ",`avatar`='{$avatar}',`a_personal`='{$a_personal}'" : '') . "," . "`about`='{$about}',`servernews`='{$server_news}'" . ($pass != '' ? ",`pass`='{$pass2}'" : '') . ",`type`='{$access}'," . "`access`='{$user_type}',`active`='{$active}',`activate`='{$code}'";
System::database()->Update('users', $set, "`id`='" . $id . "'");
System::user()->UpdateMemberSession();
UpdateUserComments($id, $id, $nik_name, $email, $hide_email, $homepage);
}
if (count($errors) > 0) {
$text = 'Аккаунт сохранен, но имели место следующие ошибки:<br /><ul>';
foreach ($errors as $error) {
$text .= '<li>' . $error;
}
$text .= '</ul>';
AddTextBox('Внимание', $text);
} else {
// Очищаем кэш пользователей
System::cache()->Delete(system_cache, 'users');
if (!$editProfile) {
GO(ADMIN_FILE . '?exe=' . $back_link);
} else {
System::admin()->AddCenterBox('Редактирование профиля');
System::admin()->Highlight('Ваш профиль сохранён, обновите страницу.');
}
}
}
if (isset($_POST['insert'])) {
$name = $_POST['name'];
$grade = $_POST['grade'];
$age = $_POST['age'];
$email = $_POST['email'];
$telph = $_POST['telph'];
if (!CheckName($name)) {
$fail_msg_name = "U dient een geldige voor- en achternaam op te geven. Let op: de apostrof (') wordt niet geaccepteerd.";
}
if (!$telph && !$email) {
$fail_msg_contact = "U dient of een telefoonnummer, of een e-mailadres in te vullen.";
} else {
if ($telph && !check_phone_dutch($telph)) {
$fail_msg_telph = "U dient een 10-cijferig telefoonnummer met streepje in te vullen.";
}
if ($email && !CheckEmail($email)) {
$fail_msg_email = "U dient een geldig e-mailadres in te voeren.";
}
}
if (isset($fail_msg_name) || isset($fail_msg_contact) || isset($fail_msg_telph) || isset($fail_msg_email)) {
$fail = true;
}
if (!isset($fail) || $fail == false) {
$hash = 0;
while ($hash == 0) {
$hash = generateHash();
}
$query = "INSERT INTO `examen_inschrijvingen` (Naam, Graad, Leeftijd, Ex_ID, Email, TelNr, UniekeHash) VALUES ('{$name}', '{$grade}', '{$age}', '{$id}', '{$email}', '{$telph}', '{$hash}');";
$result = mysql_query($query);
if (!$result) {
die("Inschrijven voor examen mislukt." . mysql_error());
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$clientIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$clientIP = $_SERVER['REMOTE_ADDR'];
}
$FTGname = DoStripSlashes($_REQUEST['name']);
$FTGemail = DoStripSlashes($_REQUEST['email']);
$FTGmessage = DoStripSlashes($_REQUEST['message']);
$FTGsubmit = DoStripSlashes($_REQUEST['submit']);
$validationFailed = false;
# Fields Validations
if (!CheckString($FTGname, 2, 0, kStringRangeFrom, kNo, kNo, kNo, '', kMandatory)) {
$FTGErrorMessage['name'] = 'Please insert a valid name';
$validationFailed = true;
}
if (!CheckEmail($FTGemail, kMandatory)) {
$FTGErrorMessage['email'] = 'Please insert a valid email address';
$validationFailed = true;
}
if (!CheckString($FTGmessage, 10, 0, kStringRangeFrom, kNo, kNo, kNo, '', kMandatory)) {
$FTGErrorMessage['message'] = 'This field is required';
$validationFailed = true;
}
# Include message in error page and dump it to the browser
if ($validationFailed === true) {
$errorPage = '<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><title>Error</title></head><body><div id="errors" class="padd">Errors found: <!--VALIDATIONERROR--></div></body></html>';
$errorPage = str_replace('<!--FIELDVALUE:name-->', $FTGname, $errorPage);
$errorPage = str_replace('<!--FIELDVALUE:email-->', $FTGemail, $errorPage);
$errorPage = str_replace('<!--FIELDVALUE:message-->', $FTGmessage, $errorPage);
$errorPage = str_replace('<!--FIELDVALUE:submit-->', $FTGsubmit, $errorPage);
$errorPage = str_replace('<!--ERRORMSG:name-->', $FTGErrorMessage['name'], $errorPage);
$_SESSION['changyan'] = 0;
$_SESSION['user'] = '';
unset($_SESSION['changyan']);
unset($_SESSION['user']);
if ($nomsg) {
header('Location:?forward=' . $forward);
exit;
} else {
changyan_set_setting('pwd', '');
}
ShowMsg("成功退出畅言!", '?');
exit;
} elseif ($dopost == 'forget-pwd') {
if ($action == 'do') {
$user = empty($user) ? '' : $user;
if (empty($user) and !CheckEmail($user)) {
ShowMsg("请填写正确格式的E-mail!", -1);
exit;
}
$error_msg = '';
if (changyan_forget_pwd($user, $error_msg)) {
ShowMsg("<p>成功发送密码找回邮件,请登录[{$user}]查收!</p><p><a href='?' >返回上一页</a></p>", 'javascript:;');
} else {
ShowMsg("密码找回错误:{$error_msg}!", -1);
}
exit;
}
$user = changyan_get_setting('user');
$msg = <<<EOT
<html>
<head>
function doProcess($action)
{
$results = new stdClass();
$values = new stdClass();
if ($action == 'check') {
$name = Request('name');
$value = Request('value');
if ($name == 'email') {
$siteType = $this->IM->getSites($this->IM->domain)->member;
if (CheckEmail($value) == true) {
if ($this->db()->select($this->table->member)->where('email', $value)->where('idx', $this->getLogged(), '!=')->where('domain', $siteType == 'MERGE' ? '*' : $this->IM->domain)->has() == true || $this->db()->select($this->table->member)->where('email', $value)->where('idx', $this->getLogged(), '!=')->where('type', 'ADMINISTRATOR')->has() == true) {
$results->success = false;
$results->message = $this->getLanguage('signup/help/email/duplicated');
} else {
$results->success = true;
}
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/email/error');
}
}
if ($name == 'name') {
if (strlen($value) > 0) {
$results->success = true;
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/name/error');
}
}
if ($name == 'nickname') {
$siteType = $this->IM->getSites($this->IM->domain)->member;
if (CheckNickname($value) == true) {
if ($this->db()->select($this->table->member)->where('nickname', $value)->where('idx', $this->getLogged(), '!=')->where('domain', $siteType == 'MERGE' ? '*' : $this->IM->domain)->has() == true || $this->db()->select($this->table->member)->where('nickname', $value)->where('idx', $this->getLogged(), '!=')->where('type', 'ADMINISTRATOR')->has() == true) {
$results->success = false;
$results->message = $this->getLanguage('signup/help/nickname/duplicated');
} else {
$results->success = true;
}
} else {
$results->success = false;
$results->message = $this->getLanguage('signup/help/nickname/error');
}
}
if ($name == 'old_password') {
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
} else {
$mHash = new Hash();
if ($mHash->password_validate($value, $this->getMember()->password) == true) {
$results->success = true;
$results->message = $this->getLanguage('password/help/old_password/success');
} else {
$results->success = false;
$results->message = $this->getLanguage('password/help/old_password/error');
}
}
}
}
if ($action == 'forceLogin') {
$code = Decoder(Request('code'));
if ($code === false) {
$results->success = false;
$results->message = $this->getLanguage('error/invalidCode');
} else {
$data = json_decode($code);
if ($data != null && $data->ip == $_SERVER['REMOTE_ADDR']) {
$this->login($data->idx);
$results->success = true;
} else {
$results->success = false;
$results->message = $this->getLanguage('error/invalidCode');
}
}
}
if ($action == 'login') {
$mHash = new Hash();
$email = Request('email');
$password = Request('password');
$results->errors = array();
$loginFail = Request('loginFail', 'session') != null && is_array(Request('loginFail', 'session')) == true ? Request('loginFail', 'session') : array('count' => 0, 'time' => 0);
if ($loginFail['time'] > time()) {
$results->success = false;
$results->message = $this->getLanguage('login/error/login');
} else {
$siteType = $this->IM->getSites($this->IM->domain)->member;
if ($siteType == 'MERGE') {
$check = $this->db()->select($this->table->member)->where('email', $email)->where('domain', '*')->getOne();
} else {
$check = $this->db()->select($this->table->member)->where('email', $email)->where('domain', $this->IM->domain)->getOne();
}
// not found member, search ADMINISTRATOR
if ($check == null) {
$check = $this->db()->select($this->table->member)->where('email', $email)->where('type', 'ADMINISTRATOR')->getOne();
}
if ($check == null) {
$results->success = false;
$results->errors['email'] = $this->getLanguage('login/error/email');
$loginFail['count']++;
if ($loginFail['count'] == 5) {
$loginFail['count'] = 0;
$loginFail['time'] = time() + 60 * 60 * 5;
}
$values->email = $email;
$values->password = $password;
} elseif ($mHash->password_validate($password, $check->password) == false) {
$results->success = false;
$results->errors['password'] = $this->getLanguage('login/error/password');
$loginFail['count']++;
if ($loginFail['count'] == 5) {
$loginFail['count'] = 0;
$loginFail['time'] = time() + 60 * 60 * 5;
}
$values->email = $email;
$values->password = $password;
} else {
if ($check->status == 'ACTIVE') {
$this->db()->update($this->table->member, array('last_login' => time()))->where('idx', $check->idx)->execute();
$this->login($check->idx);
$results->success = true;
} elseif ($check->status == 'VERIFYING') {
$_SESSION['MEMBER_REGISTER_IDX'] = Encoder($check->idx);
$page = $this->getMemberPage('signup');
$results->success = false;
$results->redirect = $this->IM->getUrl($page->menu, $page->page, 'verify');
} else {
$results->success = false;
$results->message = $this->getLanguage('error/' . $check->status);
}
}
}
$_SESSION['loginFail'] = $loginFail;
}
if ($action == 'logout') {
unset($_SESSION['MEMBER_LOGGED']);
$results->success = true;
}
if ($action == 'cert') {
$results->success = true;
}
if ($action == 'signup') {
$siteType = $this->IM->getSites($this->IM->domain)->member;
$errors = array();
$email = CheckEmail(Request('email')) == true ? Request('email') : ($errors['email'] = $this->getLanguage('signup/help/email/error'));
$password = strlen(Request('password')) >= 4 ? Request('password') : ($errors['password'] = $this->getLanguage('signup/help/password/error'));
if (strlen(Request('password')) < 4 || Request('password') != Request('password_confirm')) {
$errors['password_confirm'] = $this->getLanguage('signup/help/password_confirm/error');
}
$name = CheckNickname(Request('name')) == true ? Request('name') : ($errors['name'] = $this->getLanguage('signup/help/name/error'));
$nickname = CheckNickname(Request('nickname')) == true ? Request('nickname') : ($errors['nickname'] = $this->getLanguage('signup/help/nickname/error'));
if ($this->db()->select($this->table->member)->where('email', $email)->where('domain', $siteType == 'MERGE' ? '*' : $this->IM->domain)->has() == true || $this->db()->select($this->table->member)->where('email', $email)->where('type', 'ADMINISTRATOR')->has() == true) {
$errors['email'] = $this->getLanguage('signup/help/email/duplicated');
}
if ($this->db()->select($this->table->member)->where('nickname', $nickname)->where('domain', $siteType == 'MERGE' ? '*' : $this->IM->domain)->has() == true || $this->db()->select($this->table->member)->where('nickname', $nickname)->where('type', 'ADMINISTRATOR')->has() == true) {
$errors['nickname'] = $this->getLanguage('signup/help/nickname/duplicated');
}
if (empty($errors) == true) {
$mHash = new Hash();
$insert = array();
$insert['email'] = $email;
$insert['domain'] = $siteType == 'MERGE' ? '*' : $this->IM->domain;
$insert['password'] = $mHash->password_hash($password);
$insert['name'] = $name;
$insert['nickname'] = $nickname;
$insert['status'] = 'VERIFYING';
$insert['reg_date'] = time();
$idx = $this->db()->insert($this->table->member, $insert)->execute();
if ($idx !== false) {
$results->success = true;
$_SESSION['MEMBER_REGISTER_IDX'] = Encoder($idx);
$this->sendVerifyEmail($idx);
unset($_SESSION['registerGIDX']);
} else {
$results->success = false;
}
} else {
$results->success = false;
$results->errors = $errors;
}
}
if ($action == 'verifyEmail') {
$registerIDX = Request('registerIDX');
if ($registerIDX == null) {
$results->success = false;
} else {
$email = Request('email');
$email_verify_code = Request('email_verify_code');
$check = $this->db()->select($this->table->email)->where('midx', $registerIDX)->where('email', $email)->getOne();
if ($check == null) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('verifyEmail/help/email/notFound'));
} elseif ($check->code == $email_verify_code) {
$this->db()->update($this->table->email, array('status' => 'VERIFIED'))->where('midx', $registerIDX)->where('email', $email)->execute();
$this->db()->update($this->table->member, array('status' => 'ACTIVE'))->where('idx', $registerIDX)->execute();
$results->success = true;
} else {
$results->success = false;
$results->errors = array('email_verify_code' => $this->getLanguage('verifyEmail/help/email_verify_code/error'));
}
}
}
if ($action == 'sendVerifyEmail') {
$registerIDX = Request('registerIDX');
$email = Request('email');
if ($this->isLogged() == true) {
if (CheckEmail($email) == false) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('modifyEmail/help/email/error'));
} elseif ($this->db()->select($this->table->member)->where('email', $email)->count() == 1) {
$results->success = false;
$results->errors = array('email' => $this->getLanguage('modifyEmail/help/email/duplicated'));
} else {
$check = $this->db()->select($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->getOne();
if ($check == null || $check->status != 'SENDING' || $check->status == 'SENDING' && $check->reg_date + 300 < time()) {
$this->db()->delete($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->execute();
$status = $this->sendVerifyEmail($this->getLogged(), $email);
$results->success = true;
$results->message = $this->getLanguage('verifyEmail/sending');
} else {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/sending');
}
}
} elseif ($registerIDX != null) {
$member = $this->db()->select($this->table->member)->where('idx', $registerIDX)->getOne();
if ($member == null || $member->status != 'VERIFYING') {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/target');
} else {
if (CheckEmail($email) == false) {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/email');
} else {
$check = $this->db()->select($this->table->email)->where('midx', $registerIDX)->where('email', $email)->getOne();
if ($check->status == 'VERIFIED') {
$signupPage = $this->getMemberPage('signup');
$results->success = true;
$this->db()->update($this->table->member, array('status' => 'ACTIVE'))->where('idx', $registerIDX)->execute();
$results->redirect = $this->IM->getUrl($signupPage->menu, $signupPage->page, 'complete');
} elseif ($check == null || $check->status == 'CANCELED' || $check->status == 'SENDING' && $check->reg_date + 300 < time()) {
$this->db()->delete($this->table->email)->where('midx', $registerIDX)->where('email', $email)->execute();
$status = $this->sendVerifyEmail($registerIDX, $email);
$results->success = true;
$results->message = $this->getLanguage('verifyEmail/sending');
} else {
$results->success = false;
$results->message = $this->getLanguage('verifyEmail/error/sending');
}
}
}
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
if ($action == 'photoEdit') {
$templet = Request('templet');
if ($this->isLogged() == true) {
$results->success = true;
$results->modalHtml = $this->getPhotoEdit($templet);
$results->photo = $this->getMember()->photo;
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
if ($action == 'photoUpload') {
$photo = Request('photo');
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
} else {
if (preg_match('/^data:image\\/(.*?);base64,(.*?)$/', $photo, $match) == true) {
$bytes = base64_decode($match[2]);
file_put_contents($this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', $bytes);
$this->IM->getModule('attachment')->createThumbnail($this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', $this->IM->getAttachmentPath() . '/member/' . $this->getLogged() . '.jpg', 250, 250, false, 'jpg');
$results->success = true;
$results->message = $this->getLanguage('photoEdit/success');
} else {
$results->success = false;
$results->message = $this->getLanguage('photoEdit/error');
}
}
}
if ($action == 'modifyEmail') {
$confirm = Request('confirm');
if ($confirm == 'TRUE') {
$email = Request('email');
$code = Request('code');
$check = $this->db()->select($this->table->email)->where('midx', $this->getLogged())->where('email', $email)->getOne();
if ($check == null || $check->code != $code) {
$results->success = false;
$results->errors = array('code' => $this->getLanguage('modifyEmail/help/code/error'));
} else {
$this->db()->update($this->table->email, array('status' => 'VERIFIED'))->where('midx', $this->getLogged())->where('email', $email)->execute();
$this->db()->update($this->table->member, array('email' => $email))->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('modifyEmail/success');
}
} else {
$templet = Request('templet');
if ($this->isLogged() == true) {
$results->success = true;
$results->modalHtml = $this->getModifyEmail($templet);
} else {
$results->success = false;
$results->message = $this->getLanguage('error/notLogged');
}
}
}
if ($action == 'modify') {
$step = Request('step');
if ($step == 'verify') {
$member = $this->getMember();
$password = Request('password');
$mHash = new Hash();
if ($mHash->password_validate($password, $member->password) == true) {
$results->success = true;
$results->password = Encoder($password);
} else {
$results->success = false;
$results->errors = array('password' => $this->getLanguage('verify/help/password/error'));
}
}
if ($step == 'modify') {
$errors = array();
$values->name = Request('name') ? Request('name') : ($errors['name'] = $this->getLanguage('signup/help/name/error'));
$values->nickname = Request('nickname') ? Request('nickname') : ($errors['nickname'] = $this->getLanguage('signup/help/nickname/error'));
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLangauge('error/notLogged');
} elseif (count($errors) == 0) {
$insert = array();
$insert['name'] = $values->name;
$insert['nickname'] = $values->nickname;
$this->db()->update($this->table->member, $insert)->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('modify/success');
} else {
$results->success = false;
$results->errors = $errors;
}
}
}
if ($action == 'password') {
$errors = array();
$password = strlen(Request('password')) >= 4 ? Request('password') : ($errors['password'] = $this->getLanguage('signup/help/password/error'));
if (strlen(Request('password')) < 4 || Request('password') != Request('password_confirm')) {
$errors['password_confirm'] = $this->getLanguage('signup/help/password_confirm/error');
}
if ($this->isLogged() == false) {
$results->success = false;
$results->message = $this->getLangauge('error/notLogged');
} else {
$mHash = new Hash();
if (strlen($this->getMember()->password) == 65) {
$old_password = Request('old_password');
if ($old_password == '' || $mHash->password_validate($old_password, $this->getMember()->password) == false) {
$errors['old_password'] = $this->getLanguage('password/help/old_password/error');
}
}
if (count($errors) == 0) {
$password = $mHash->password_hash($password);
$this->db()->update($this->table->member, array('password' => $password))->where('idx', $this->getLogged())->execute();
$results->success = true;
$results->message = $this->getLanguage('password/success');
} else {
$results->success = false;
$results->errors = $errors;
}
}
}
if ($action == 'facebook') {
$OAUTH = $this->db()->select($this->table->social_oauth)->where('domain', $this->IM->domain)->where('code', $action)->getOne();
if ($OAUTH == null) {
$this->IM->printError('OAUTH_DOMAIN_ERROR');
}
$CLIENT_ID = $OAUTH->client_id;
$CLIENT_SECRET = $OAUTH->client_secret;
$AUTH_URL = 'https://graph.facebook.com/oauth/authorize';
$TOKEN_URL = 'https://graph.facebook.com/oauth/access_token';
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
$facebook = new OAuthClient();
$facebook->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('public_profile,email')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($facebook->authenticate($_GET['code']) == true) {
$redirectUrl = $facebook->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($facebook->getAccessToken() == null) {
$authUrl = $facebook->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $facebook->get('https://graph.facebook.com/me', array('fields' => 'id,email,name'));
if ($data === false || empty($data->email) == true) {
$this->IM->printError('OAUTH_API_ERROR');
}
$accessToken = $facebook->getAccessToken();
$refreshToken = $facebook->getRefreshToken() == null ? '' : $facebook->getRefreshToken();
$this->socialLogin('facebook', $data->id, $data->name, $data->email, 'https://graph.facebook.com/' . $data->id . '/picture?width=250&height=250', $accessToken, $refreshToken);
}
if ($action == 'google') {
$OAUTH = $this->db()->select($this->table->social_oauth)->where('domain', $this->IM->domain)->where('code', $action)->getOne();
if ($OAUTH == null) {
$this->IM->printError('OAUTH_DOMAIN_ERROR');
}
$CLIENT_ID = $OAUTH->client_id;
$CLIENT_SECRET = $OAUTH->client_secret;
$AUTH_URL = 'https://accounts.google.com/o/oauth2/auth';
$TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
$google = new OAuthClient();
$google->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($google->authenticate($_GET['code']) == true) {
$redirectUrl = $google->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($google->getAccessToken() == null) {
$authUrl = $google->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $google->get('https://www.googleapis.com/plus/v1/people/me');
if ($data === false || empty($data->emails) == true) {
$this->IM->printError('OAUTH_API_ERROR');
}
for ($i = 0, $loop = count($data->emails); $i < $loop; $i++) {
if ($data->emails[$i]->type == 'account') {
$data->email = $data->emails[$i]->value;
break;
}
}
$data->photo = str_replace('sz=50', 'sz=250', $data->image->url);
$accessToken = $google->getAccessToken();
$refreshToken = $google->getRefreshToken() == null ? '' : $google->getRefreshToken();
$this->socialLogin('google', $data->id, $data->displayName, $data->email, $data->photo, $accessToken, $refreshToken);
}
if ($action == 'youtube') {
$OAUTH = $this->db()->select($this->table->social_oauth)->where('domain', $this->IM->domain)->where('code', $action)->getOne();
if ($OAUTH == null) {
$this->IM->printError('OAUTH_DOMAIN_ERROR');
}
$CLIENT_ID = $OAUTH->client_id;
$CLIENT_SECRET = $OAUTH->client_secret;
$AUTH_URL = 'https://accounts.google.com/o/oauth2/auth';
$TOKEN_URL = 'https://accounts.google.com/o/oauth2/token';
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
if ($this->isLogged() == false) {
die($this->getError('NOT_LOGGED'));
}
$youtube = new OAuthClient();
$youtube->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setScope('https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/youtube https://www.googleapis.com/auth/youtube.upload https://www.googleapis.com/auth/youtubepartner https://www.googleapis.com/auth/youtube.force-ssl')->setAccessType('offline')->setAuthUrl($AUTH_URL)->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($youtube->authenticate($_GET['code']) == true) {
$redirectUrl = $youtube->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($youtube->getAccessToken() == null) {
$authUrl = $youtube->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $youtube->get('https://www.googleapis.com/plus/v1/people/me');
if ($data === false || empty($data->emails) == true) {
$this->IM->printError('OAUTH_API_ERROR');
}
for ($i = 0, $loop = count($data->emails); $i < $loop; $i++) {
if ($data->emails[$i]->type == 'account') {
$data->email = $data->emails[$i]->value;
break;
}
}
$accessToken = $youtube->getAccessToken();
$refreshToken = $youtube->getRefreshToken() == null ? '' : $youtube->getRefreshToken();
$check = $this->db()->select($this->table->social_token)->where('midx', $this->getLogged())->where('code', 'youtube')->getOne();
if ($check == null) {
$this->db()->insert($this->table->social_token, array('midx' => $this->getLogged(), 'code' => 'youtube', 'user_id' => $data->id, 'email' => $data->email, 'access_token' => $accessToken, 'refresh_token' => $refreshToken))->execute();
} else {
$this->db()->update($this->table->social_token, array('user_id' => $data->id, 'email' => $data->email, 'access_token' => $accessToken, 'refresh_token' => $refreshToken))->where('midx', $this->getLogged())->where('code', 'youtube')->execute();
}
unset($_SESSION['OAUTH_ACCESS_TOKEN']);
unset($_SESSION['OAUTH_REFRESH_TOKEN']);
$redirectUrl = Request('SOCIAL_REDIRECT_URL', 'session') != null ? Request('SOCIAL_REDIRECT_URL', 'session') : '/';
unset($_SESSION['SOCIAL_REDIRECT_URL']);
header('location:' . $redirectUrl);
}
if ($action == 'github') {
$OAUTH = $this->db()->select($this->table->social_oauth)->where('domain', $this->IM->domain)->where('code', $action)->getOne();
if ($OAUTH == null) {
$this->IM->printError('OAUTH_DOMAIN_ERROR');
}
$CLIENT_ID = $OAUTH->client_id;
$CLIENT_SECRET = $OAUTH->client_secret;
$AUTH_URL = 'https://github.com/login/oauth/authorize';
$TOKEN_URL = 'https://github.com/login/oauth/access_token';
if (Request('SOCIAL_REDIRECT_URL', 'session') == null) {
$_SESSION['SOCIAL_REDIRECT_URL'] = $_SERVER['HTTP_REFERER'];
}
$github = new OAuthClient();
$github->setClientId($CLIENT_ID)->setClientSecret($CLIENT_SECRET)->setAuthUrl($AUTH_URL)->setScope('user')->setAccessType('offline')->setUserAgent('Awesome-Octocat-App')->setTokenUrl($TOKEN_URL);
if (isset($_GET['code']) == true) {
if ($github->authenticate($_GET['code']) == true) {
$redirectUrl = $github->getRedirectUrl();
header('location:' . $redirectUrl);
}
exit;
} elseif ($github->getAccessToken() == null) {
$authUrl = $github->getAuthenticationUrl();
header('location:' . $authUrl);
exit;
}
$data = $github->get('https://api.github.com/user');
if ($data === false || empty($data->email) == true) {
$this->IM->printError('OAUTH_API_ERROR');
}
$accessToken = $github->getAccessToken();
$refreshToken = $github->getRefreshToken() == null ? '' : $github->getRefreshToken();
$this->socialLogin('github', $data->id, $data->name, $data->email, $data->avatar_url, $accessToken, $refreshToken);
}
$this->IM->fireEvent('afterDoProcess', 'member', $action, $values, $results);
return $results;
}
System::site()->AddTemplatedBox('Рассылки', 'module/mail.html');
System::site()->AddBlock('mail');
$vars['message'] = $message;
$vars['form_action'] = Ufu('index.php?name=mail&op=topics', 'mail/{op}/');
$vars['lemail'] = 'Ваш e-mail';
$vars['lsubmit'] = 'Далее';
System::site()->Blocks['mail']['vars'] = $vars;
}
if (isset($_POST['mail_block_form'])) {
System::user()->UnDef('mail_selected');
}
global $mail_selected;
if (!IndexMailIsSelected()) {
if (isset($_POST['mail_form']) || isset($_POST['mail_block_form'])) {
$mail_selected = SafeEnv($_POST['email'], 50, str);
if (!CheckEmail($mail_selected)) {
IndexMailEnterMail('E-mail указан в неверном формате.');
return;
} elseif (MailIsSetEmail($mail_selected)) {
System::site()->Login('Адрес <b>' . $mail_selected . '</b> уже используется, пожалуйста авторизируйтесь.');
return;
} else {
System::user()->Def('mail_selected', $mail_selected);
}
} elseif (System::user()->Auth && System::user()->Get('u_email') != '') {
$mail_selected = System::user()->Get('u_email');
System::user()->Def('mail_selected', $mail_selected);
} else {
IndexMailEnterMail();
System::site()->Login();
return;
case 2:
$errors = array();
$admin_login = $_POST['login'];
$admin_pass = $_POST['pass'];
$admin_email = $_POST['email'];
// Сохраняем данные в сессии
System::user()->Session('admin_login', $admin_login);
System::user()->Session('admin_pass', $admin_pass);
System::user()->Session('admin_email', $admin_email);
// Проверки
CheckLogin($admin_login, $errors, false, 0);
CheckPass($admin_pass, $errors);
// Email
if ($admin_email == '') {
$errors[] = 'Вы не ввели E-mail.';
} elseif (!CheckEmail($admin_email)) {
$errors[] = 'Формат E-mail не правильный. Он должен быть вида: <b>domain@host.ru</b> .';
}
if (count($errors) > 0) {
$this->SetTitle("Создание учетной записи Главного администратора");
$text = 'Ошибки:<br /><ul>';
foreach ($errors as $error) {
$text .= '<li>' . $error;
}
$text .= '</ul>';
$this->SetContent($text);
$this->AddButton('Назад', 'admin&p=1');
} else {
// Изменяем главного администратора
$login = SafeEnv($admin_login, 255, str);
$pass2 = md5($admin_pass);
function AdminMailAddEmail()
{
if (!isset($_GET['topic_id'])) {
GO(ADMIN_FILE . '?exe=mail');
}
$topic_id = SafeEnv($_GET['topic_id'], 11, int);
if (!isset($_POST['email'])) {
GO(ADMIN_FILE . '?exe=mail');
}
if (CheckEmail($_POST['email'])) {
$email = SafeEnv($_POST['email'], 50, str, true);
} else {
$text = 'Не правильный формат E-mail. Он должен быть вида: <b>domain@host.ru</b>.<br />' . '<a href="javascript:history.go(-1)">Назад</a>';
AddTextBox("Внимание!", $text);
return;
}
System::database()->Select('mail_topics', "`id`='{$topic_id}'");
$topic = System::database()->FetchRow();
$html = SafeEnv($_POST['html'], 1, int);
$vals = Values('0', $topic_id, $email, $html);
System::database()->Insert('mail_list', $vals);
Audit('Рассылки: Добавление адреса ' . $email . ' в список рассылки темы "' . $topic['title'] . '"');
CalcListCounter($topic_id, true);
GO(ADMIN_FILE . '?exe=mail&a=list&topic_id=' . $topic_id);
}
function makeReservation($id, $boat_id, $name, $team_name, $email, $mpb, $date, $start_time_hrs, $start_time_mins, $end_time_hrs, $end_time_mins, $ergo_lo = 0, $ergo_hi = 0)
{
global $database_host;
global $database_user;
global $database_pass;
global $database;
global $opzoektabel;
global $koudwaterprotocol;
global $today_db;
global $thehour;
global $theminute;
global $themonth;
$NR_OF_CONCEPTS = 8;
// LET OP: aanpassen als het aantal Concept-ergo's verandert! (ivm blokinschrijving)
$bisdblink = mysql_connect($database_host, $database_user, $database_pass);
if (!mysql_select_db($database, $bisdblink)) {
$messages[] = "Fout: database niet gevonden.";
$returnArray = array("success" => false, "messages" => $messages);
return $returnArray;
}
$messages = array();
// check persoonsnaam
if (!CheckName($name)) {
$messages[] = "• U dient een geldige voor- en achternaam op te geven. Let op: de apostrof (') wordt niet geaccepteerd.";
}
// email is niet verplicht, maar moet wel correct zijn
if ($email && !CheckEmail($email)) {
$messages[] = "• U dient een geldig e-mailadres op te geven.";
}
// check date
$date_db = 0;
if (!$date || !CheckTheDate($date) || $mpb != "Societeit" && !InRange($date, 10)) {
$messages[] = "• U dient een (geldige) inschrijfdatum op te geven, van vandaag tot over maximaal 10 dagen.";
} else {
$date_db = DateToDBdate($date);
if (strtotime($date_db) < strtotime($today_db)) {
$messages[] = "Een inschrijving kan niet in het verleden plaatsvinden.";
}
}
// check time
if (!is_numeric($start_time_hrs) || $start_time_hrs < 6 || $start_time_hrs > 23) {
$messages[] = "Ongeldig start-uur.";
}
if (!is_numeric($end_time_hrs) || $end_time_hrs < 6 || $end_time_hrs > 23) {
$messages[] = "Ongeldig eind-uur.";
}
if ($start_time_mins != "00" && $start_time_mins != "0" && $start_time_mins != "15" && $start_time_mins != "30" && $start_time_mins != "45") {
$messages[] = "Ongeldige start-minuten.";
}
if ($end_time_mins != "00" && $end_time_mins != "0" && $end_time_mins != "15" && $end_time_mins != "30" && $end_time_mins != "45") {
$messages[] = "Ongeldige eind-minuten.";
}
$start_time = $start_time_hrs . ":" . $start_time_mins;
$end_time = $end_time_hrs . ":" . $end_time_mins;
$duration = ($end_time_hrs - $start_time_hrs) * 60 + ($end_time_mins - $start_time_mins);
if ($duration <= 0) {
$messages[] = "De eindtijd van een inschrijving dient later dan de begintijd te zijn.";
}
if ($date_db == $today_db && ($start_time_hrs < $thehour || $start_time_hrs == $thehour && $start_time_mins < $theminute)) {
$messages[] = "Een inschrijving kan niet in het verleden beginnen.";
}
// check ergo-blok
if (!is_numeric($ergo_lo) || !is_numeric($ergo_hi) || $ergo_lo < 0 || $ergo_lo > $NR_OF_CONCEPTS || $ergo_hi < 0 || $ergo_hi > $NR_OF_CONCEPTS) {
$messages[] = "Nummering van de Concept-ergometers klopt niet.";
}
$ergo_range = $ergo_hi - $ergo_lo;
if ($ergo_range < 0) {
$messages[] = "Het blok moet lopen van de laagst- t/m de hoogst-genummerde Concept-ergometer.";
$ergo_lo = 0;
$ergo_hi = 0;
}
// check boat
if (!is_numeric($boat_id) || $boat_id == 0) {
$boat = "";
$messages[] = "U heeft geen boot geselecteerd.";
} else {
$query_bootnaam = "SELECT Naam FROM boten WHERE ID={$boat_id};";
$result_bootnaam = mysql_query($query_bootnaam);
$row_bootnaam = mysql_fetch_assoc($result_bootnaam);
$boat = $row_bootnaam['Naam'];
}
// cat. & grade bepalen n.a.v. boot die wordt ingeschreven
$query = "SELECT Roeigraad, `Type` FROM boten WHERE ID='" . $boat_id . "';";
$result = mysql_query($query);
if ($result) {
$row = mysql_fetch_assoc($result);
$grade = $row['Roeigraad'];
$type = $row['Type'];
$query2 = "SELECT Categorie FROM types WHERE `Type`='" . $type . "';";
$result2 = mysql_query($query2);
if ($result2) {
$row2 = mysql_fetch_assoc($result2);
$cat = $row2['Categorie'];
}
}
// check op uit de vaart
$query = "SELECT * \r\t\tFROM uitdevaart \r\t\tWHERE Verwijderd=0 \r\t\tAND Boot_ID='{$boat_id}' \r\t\tAND Startdatum<='{$date_db}' \r\t\tAND (Einddatum='0' OR Einddatum='0000-00-00' OR Einddatum IS NULL OR Einddatum>='{$date_db}');";
$result = mysql_query($query);
if (!$result) {
$messages[] = "Ophalen van uit de vaart-informatie mislukt.";
} else {
$rows_aff = mysql_affected_rows($bisdblink);
if ($rows_aff > 0) {
$messages[] = "Deze boot is op deze dag uit de vaart.";
}
}
// check MPB
// stop eerst alle MPB-gevende bestuursleden in een array
$mpb_array = array();
$query = "SELECT Functie FROM bestuursleden WHERE MPB=1;";
$result = mysql_query($query);
if (!$result) {
$messages[] = "Ophalen van bestuursleden mislukt.";
}
while ($row = mysql_fetch_assoc($result)) {
array_push($mpb_array, $row['Functie']);
}
if ($mpb != "" && !in_array($mpb, $mpb_array)) {
$messages[] = "Onjuiste MPB-gever opgegeven.";
}
$controle = 0;
if ($duration > 120) {
if ($mpb == "") {
$messages[] = "• U schrijft voor langer dan 2 uur in. Hiervoor is MPB benodigd.";
}
$controle = 1;
}
if (!InRange($date, 3)) {
if ($mpb == "") {
$messages[] = "• U schrijft meer dan 3 dagen vantevoren in. Hiervoor is MPB benodigd.";
}
$controle = 2;
}
if ($grade == "MPB") {
if ($mpb == "") {
$messages[] = "• U schrijft een MPB-boot in. Hiervoor is MPB benodigd.";
}
$controle = 3;
}
$action = "make";
if ($id > 0) {
$action = "alter";
}
// If one or more errors were made, return already
if (sizeof($messages) > 0) {
// $messages[] = "<strong>Uw inschrijving is mislukt vanwege de genoemde fouten</strong>";
$returnArray = array("success" => false, "messages" => $messages, "category" => $cat, "grade" => $grade, "action" => $action);
return $returnArray;
}
$success = false;
$fail_cnt = 0;
for ($e = $ergo_lo; $e <= $ergo_hi; $e++) {
// T.b.v. blokinschrijving ergometers (with normal reservation, ergo_lo = ergo_hi = e = 0)
$fail = false;
if ($e > 0) {
$boat = "Concept " . $e;
$query_ergonaam = "SELECT ID FROM boten WHERE Naam='" . $boat . "';";
$result_ergonaam = mysql_query($query_ergonaam);
$row_ergonaam = mysql_fetch_assoc($result_ergonaam);
$boat_id = $row_ergonaam['ID'];
}
// Check inschrijving tegen de database
$query = "SELECT * FROM " . $opzoektabel . " WHERE Verwijderd=0 AND Volgnummer <> '{$id}' AND ((Begintijd >= '{$start_time}' AND Begintijd < '{$end_time}') OR (Eindtijd > '{$start_time}' AND Eindtijd <= '{$end_time}') OR (Begintijd <= '{$start_time}' AND Eindtijd >= '{$end_time}')) AND Datum = '{$date_db}' AND Boot_ID = '{$boat_id}';";
$result = mysql_query($query);
if (!$result) {
$messages[] = "Het controleren van uw inschrijving is mislukt.";
$fail = true;
} else {
$rows_aff = mysql_affected_rows($bisdblink);
if ($rows_aff > 0) {
$messages[] = "Uw inschrijving van " . $boat . " is mislukt omdat deze conflicteert met een al bestaande inschrijving.";
$fail = true;
}
}
// Ingeval van het bewerken van een bestaande inschrijving, eerst oude uit DB verwijderen
$mail_gestuurd = false;
if ($id > 0 && $fail == false) {
$email_to = "";
// haal gegevens niet uit form maar uit DB, om fraude te voorkomen
$query2 = "SELECT Email, Boot_ID, Datum, Begintijd, Spits FROM " . $opzoektabel . " WHERE Volgnummer = " . $id . ";";
$result2 = mysql_query($query2);
if ($result2) {
$row = mysql_fetch_assoc($result2);
$email_to = $row['Email'];
$boot_id = $row['Boot_ID'];
// retrieve boat name
$query_bootnaam = "SELECT Naam FROM boten WHERE ID=" . $boot_id . ";";
$result_bootnaam = mysql_query($query_bootnaam);
$row_bootnaam = mysql_fetch_assoc($result_bootnaam);
$boot = $row_bootnaam['Naam'];
//
$db_datum = $row['Datum'];
$date_tmp = strtotime($db_datum);
$date_sh = strftime('%A %d-%m-%Y', $date_tmp);
$starttijd = $row['Begintijd'];
$spitsnr = $row['Spits'];
if ($spitsnr > 0) {
$mail_message = "Uw spitsblok van '{$boot}' op {$date_sh} vanaf " . substr($starttijd, 0, 5) . " is zojuist bevestigd.";
} else {
$mail_message = "Uw inschrijving van '{$boot}' op {$date_sh} vanaf " . substr($starttijd, 0, 5) . " is zojuist gewijzigd.";
}
}
$query = "UPDATE " . $opzoektabel . " SET Verwijderd = 1 WHERE Volgnummer = " . $id . ";";
$result = mysql_query($query);
if (!$result) {
$messages[] = "Het verwijderen van de oude inschrijving is mislukt.";
$fail = true;
} else {
if (SendEmail($email_to, "Wijziging of bevestiging inschrijving", $mail_message)) {
$mail_gestuurd = true;
}
}
}
// Het inserten
if ($fail == false) {
// current (ergo) reservation is OK
// inschrijving wordt ingevoerd of gewijzigd
$today_db = date('Y-m-d');
$team_name = addslashes($team_name);
// speciale tekens in ploegnaam "redden"
$team_name = preg_replace("/\"/", "'", $team_name);
// dubbele quotes omzetten naar enkele, omdat anders het tooltip-scriptje gek wordt
$query = "INSERT INTO " . $opzoektabel . " (Datum, Inschrijfdatum, Begintijd, Eindtijd, Boot_ID, Pnaam, Ploegnaam, Email, MPB, Spits, Controle) VALUES ('{$date_db}', '{$today_db}', '{$start_time}', '{$end_time}', '{$boat_id}', '{$name}', \"{$team_name}\", '{$email}', '{$mpb}', '0', '{$controle}');";
$result = mysql_query($query);
if (!$result) {
$messages[] = "Uw inschrijving is mislukt.";
} else {
$success = true;
$date_tmp = strtotime($date_db);
$date_sh = strftime('%A %d-%m-%Y', $date_tmp);
$messages[] = "Uw inschrijving van '" . $boat . "' op " . $date_sh . " van " . substr($start_time, 0, 5) . " tot " . substr($end_time, 0, 5) . " is gelukt.";
if ($controle) {
$messages[] = "NB: uw inschrijving is vanwege MPB gelogd en zal door het opgegeven bestuurslid worden gecontroleerd.";
}
if ($mail_gestuurd) {
$messages[] = "NB: er is ter controle een e-mail gestuurd aan de oorspronkelijke inschrijver.";
}
if ($koudwaterprotocol && ($themonth < 4 || $themonth > 9) && $cat != "Ergometers en bak") {
// Mind: this is the only message that contains HTML formatting
$messages[] = "<strong>LET OP! Wees in de winter voorzichtig i.v.m. het koude water. Het <a href='https://www.hunze.nl/wp-content/uploads/2015/08/Koudwaterprotocol.pdf' target='_blank'>koudwater-protocol</a> geldt van 15 november - 1 mei.";
}
}
} else {
if ($e == 0) {
$messages[] = "<strong>Uw inschrijving is mislukt vanwege de genoemde fouten</strong>";
} else {
$fail_cnt++;
}
}
}
// end for-loop ergo_lo - ergo_hi
if ($fail_cnt > 0) {
$messages[] = "Let op: één of meer van de inschrijvingen in uw blok zijn mislukt.";
}
mysql_close($bisdblink);
$returnArray = array("success" => $success, "messages" => $messages, "category" => $cat, "grade" => $grade, "action" => $action);
return $returnArray;
}
function IndexGBAddMsgSave()
{
$r = array();
$er = array();
if (!isset($_GET['name']) || !isset($_POST['email']) || !isset($_POST['site']) || !isset($_POST['icq']) || !isset($_POST['text'])) {
$er[] = 'Данные не инициализированы.';
}
if (GBCheckFlood()) {
$er[] = 'Флуд защита, подождите немного.';
}
if (strlen($_POST['name']) == 0) {
$er[] = 'Вы не ввели имя.';
}
if (strlen($_POST['email']) == 0) {
$er[] = 'Вы не ввели свой e-mail.';
} elseif (!CheckEmail($_POST['email'])) {
$er[] = 'Вы совершили ошибку при вводе e-mail.';
}
if (strlen($_POST['text']) == 0) {
$er[] = 'Вы не ввели текст сообщения, либо сообщение слишком короткое.';
}
if ($_POST['icq'] != '') {
if (!is_numeric($_POST['icq'])) {
$er[] = 'Ваш номер ICQ должен состоять только из чисел.';
}
}
// Проверяем капчу
if (!System::user()->Auth || !System::user()->isAdmin() && System::config('gb/show_captcha')) {
if (!System::user()->isDef('captcha_keystring') || System::user()->Get('captcha_keystring') != $_POST['keystr']) {
$er[] = 'Вы ошиблись при вводе кода с картинки.';
}
}
if (count($er) == 0) {
if (isset($_POST['hideemail'])) {
$hideemail = '1';
} else {
$hideemail = '0';
}
if (System::user()->isAdmin() || !System::config('gb/moderation')) {
$moderated = 1;
} else {
$moderated = 0;
}
$name = SafeEnv($_POST['name'], 50, str, true);
$email = SafeEnv($_POST['email'], 50, str, true);
$_site = SafeEnv(Url($_POST['site']), 250, str, true);
$icq = SafeEnv($_POST['icq'], 15, str, true);
$text = SafeEnv($_POST['text'], System::config('gb/msgmaxlen'), str, true);
$vals = Values('', $name, $email, $hideemail, $_site, $icq, $text, '', time(), getip(), $moderated);
System::database()->Insert('guestbook', $vals);
System::user()->ChargePoints(System::config('points/gb_public'));
if (System::user()->isAdmin() || !System::config('gb/moderation')) {
GO(GetSiteUrl() . Ufu('index.php?name=guestbook', '{name}/'));
} else {
$text = '<p align="center"><br>Спасибо! Ваше сообщение будет добавлено после модерации.<br><br>';
$text .= '<input type="button" value="Назад" onclick="history.back();"><br></p>';
System::site()->AddTextBox('', $text);
}
} else {
$text = 'Ваше сообщение не добавлено по следующим причинам:<br><ul>';
foreach ($er as $error) {
$text .= '<li>' . $error;
}
$text .= '</ul><p align="center"><input type="button" value="Назад" onclick="history.back();"></p>';
System::site()->AddTextBox('', $text);
}
}