$sender_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $sender_email . ')</div>';
}
if (!$valid_recipient_email && $superCage->post->keyExists('sender_name')) {
$recipient_email_warning = '<div class="cpg_message_error">' . $lang_ecard_php['invalid_email'] . ' (' . $recipient_email . ')</div>';
}
$gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/');
pageheader($lang_ecard_php['title']);
if ($superCage->post->keyExists('submit')) {
//Check if the form token is valid
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
// Create and send the e-card
if ($superCage->post->keyExists('sender_name') && $valid_sender_email && $valid_recipient_email) {
if ($CONFIG['ecard_captcha'] == 1 || $CONFIG['ecard_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('ecard')) {
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
if ($CONFIG['log_mode'] != 0) {
log_write('Captcha authentication for ecard failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__);
}
} else {
CPGPluginAPI::action('captcha_ecard_validate', null);
}
}
require 'include/mailer.inc.php';
if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) {
$n_picname = get_pic_url($row, 'normal');
function reply()
{
include BASE_DIR . 'include' . DS . 'smilies.inc.php';
include BASE_DIR . 'include' . DS . 'mailer.inc.php';
$vars = array();
$errors = array();
$authorizer = check_model::getInstance();
$vars['topic_id'] = $this->validate->get->getInt('id');
if (!$authorizer->is_topic_id($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.wrong_topic_id'), __FILE__, __LINE__);
}
if (!$authorizer->can_reply($vars['topic_id'])) {
cpg_die(ERROR, Lang::item('error.perm_denied'), __FILE__, __LINE__);
}
$vars['nagavitor'] = $this->forum->get_nagavitor();
$vars['icons'] = $this->forum->get_icons();
$topic = $this->forum->get_topic_data($vars['topic_id'], 'board_id');
$messages = $this->forum->get_message($vars['topic_id'], 'subject', 'msg_id asc', '1');
$data = array('icon' => 'icon1', 'subject' => Lang::item('topic.re') . $messages[0]['subject']);
if ($this->validate->post->keyExists('submit')) {
$data = array('topic_id' => $vars['topic_id'], 'icon' => $this->validate->post->getRaw('icon'), 'subject' => $this->validate->post->getEscaped('subject'), 'body' => $this->validate->post->getRaw('body'), 'board_id' => $topic['board_id'], 'poster_time' => time(), 'poster_id' => USER_ID, 'poster_name' => USER_NAME, 'poster_ip' => Config::item('hdr_ip'), 'smileys_enabled' => 1);
if (Config::item('fr_msg_icons') == 0 && $data['icon'] == '') {
$data['icon'] = 'icon1';
}
if ($data['subject'] == '') {
$errors[] = Lang::item('error.empty_subject');
}
if ($data['icon'] == '') {
$errors[] = Lang::item('error.no_msg_icon');
}
if ($data['body'] == '') {
$errors[] = Lang::item('error.empty_body');
}
if (strlen($data['body']) > Config::item('fr_msg_max_size') && Config::item('fr_msg_max_size')) {
$data['body'] = substr($data['body'], 0, Config::item('fr_msg_max_size'));
}
global $CONFIG;
if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('comment')) {
global $lang_errors;
$superCage = Inspekt::makeSuperCage();
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
$errors[] = $lang_errors['captcha_error'];
}
} else {
CPGPluginAPI::action('captcha_comment_validate', null);
}
}
if (count($errors) == 0) {
if ($authorizer->double_post()) {
cpg_die(ERROR, Lang::item('error.already_post'), __FILE__, __LINE__);
} else {
$msg_id = $this->forum->insert_message($data);
// to-do: send notify email
$users = $this->forum->get_notify_user('', $vars['topic_id']);
foreach ($users as $user) {
if ($user['user_id'] == USER_ID) {
continue;
}
$user = $this->forum->get_user_data($user['user_id'], 'user_email');
// prepare email
$email_subject = Lang::item('topic.topic_reply') . $data['subject'];
$email_body = sprintf(Lang::item('topic.notify_email'), Config::item('fr_prefix_url') . 'profile.php?uid=' . USER_ID, USER_NAME, Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('message', '', $msg_id), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_prefix_url') . forum::link('topic', 'notify', $vars['topic_id']), Config::item('fr_title'));
// send mail
cpg_mail($user['user_email'], $email_subject, $email_body, 'text/html', Config::item('fr_title'), Config::item('gallery_admin_email'));
// set send = 0
$this->forum->set_topic_notify($vars['topic_id'], 0, $user['user_id']);
}
if ($this->validate->post->getInt('notify') === 1) {
$this->forum->set_topic_notify($vars['topic_id'], $this->validate->post->getInt('notify'));
}
if ($this->validate->post->getInt('notify') === 0) {
$this->forum->unnotify_topic($vars['topic_id']);
}
forum::message(Lang::item('common.message'), sprintf(Lang::item('message.new_msg_success'), $data['subject']), 'forum.php?c=message&id=' . $msg_id);
}
}
}
$vars['errors'] = $errors;
$vars['form'] = $data;
$this->view->render('topic/reply', $vars);
}
} else {
$comment_data = mysql_fetch_assoc($result);
mysql_free_result($result);
$redirect = "displayimage.php?pid=" . $comment_data['pid'];
cpgRedirectPage($redirect, $lang_common['information'], $lang_db_input_php['com_updated'], 1);
}
break;
case 'comment':
if (!USER_CAN_POST_COMMENTS) {
if ($CONFIG['log_mode'] != 0) {
log_write('Denied privileged access to db_input.php (attempt to post a comment) for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
if ($CONFIG['comment_captcha'] == 1 || $CONFIG['comment_captcha'] == 2 && !USER_ID) {
if (!captcha_plugin_enabled('comment')) {
require "include/captcha.inc.php";
$matches = $superCage->post->getMatched('confirmCode', '/^[a-zA-Z0-9]+$/');
if (!$matches[0] || !PhpCaptcha::Validate($matches[0])) {
if ($CONFIG['log_mode'] != 0) {
log_write('Captcha authentication for comment failed for user ' . $USER_DATA['user_name'] . ' at ' . $hdr_ip, CPG_SECURITY_LOG);
}
cpg_die(ERROR, $lang_errors['captcha_error'], __FILE__, __LINE__);
}
} else {
CPGPluginAPI::action('captcha_comment_validate', null);
}
}
$spam = 'NO';
$msg_author = $superCage->post->getEscaped('msg_author');
$msg_body = $superCage->post->getEscaped('msg_body');
if (!checkFormToken()) {
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
// perform validity checks
$error = 0;
$user_name = $superCage->post->getEscaped('sender_name');
$email_address = $superCage->post->getEscaped('sender_email');
$subject = $superCage->post->getEscaped('subject');
$message = addslashes(htmlspecialchars($superCage->post->getRaw('message')));
$captcha = ($matches = $superCage->post->getMatched('captcha', '/^[a-zA-Z0-9]+$/')) ? $matches[0] : '';
// sanitize user-input
$html_message = str_replace('<', '<', $message);
$expand_array = array();
// check captcha
if (!USER_ID && $CONFIG['contact_form_guest_enable'] == 1 || USER_ID && $CONFIG['contact_form_registered_enable'] == 1) {
if (!captcha_plugin_enabled('contact')) {
require_once "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha)) {
$captcha_remark = $lang_errors['captcha_error'];
$expand_array[] = 'captcha_remark';
$error++;
}
} else {
CPGPluginAPI::action('captcha_contact_validate', null);
}
}
// check email address
if (!USER_ID && $CONFIG['contact_form_guest_email_field'] == 2) {
if (!Inspekt::isEmail($email_address)) {
$expand_array[] = 'email_remark';
$error++;
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
mysql_free_result($result);
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if (mysql_num_rows($result)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
mysql_free_result($result);
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
mysql_free_result($result);
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
$encpassword = md5($password);
$user_language = $CONFIG['lang'];
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = mysql_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = mysql_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = mysql_fetch_assoc($result)) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
