/**
* Save settings.
* @param $readPost Read values from post.
* @return ErrorLog object if there were errors.
*/
function saveSettings($readPost = true)
{
global $dbi, $login;
global $lSettings;
// Check if data is submitted from the form
checkSubmitter();
// Get values
if ($readPost) {
$this->activateWithEmail = getPostValue("activateWithEmail");
$this->adminMail = getPostValue("adminMail");
$this->allowUserRegistration = getPostValue("allowUserRegistration");
$this->cacheSize = getPostValue("cacheSize");
$this->commentBlacklist = getPostValue("commentBlacklist");
$this->commentsRequireValidation = getPostValue("commentsRequireValidation");
$this->defaultPage = getPostValue("defaultPage");
$this->defaultUploadFolder = getPostValue("defaultUploadFolder");
$this->description = getPostValue("description");
$this->enableCaching = getPostValue("enableCaching");
$this->enableRevisioning = getPostValue("enableRevisioning");
$this->iconTheme = getPostValue("iconTheme");
$this->keywords = getPostValue("keywords");
$this->language = getPostValue("language");
$this->linkType = getPostValue("linkType");
$this->maxNoOfLinksInComments = getPostValue("maxNoOfLinksInComments");
$this->requireValidation = getPostValue("requireValidation");
$this->showDirectLink = getPostValue("showDirectLink");
$this->showPrinterLink = getPostValue("showPrinterLink");
$this->showRecommendLink = getPostValue("showRecommendLink");
$this->subtheme = getPostValue("subtheme");
$this->theme = getPostValue("theme");
$this->themeHeaderUrl = getPostValue("themeHeaderUrl");
$this->themeWidth = getPostValue("themeWidth");
$this->title = getPostValue("title");
}
// Create ErrorLog object
$errorLog = new ErrorLog();
// Validate data
if (empty($this->title)) {
$errorLog->addError("title", $lSettings["MissingTitle"]);
}
if (empty($this->adminMail)) {
$errorLog->addError("adminMail", $lSettings["MissingAdminMail"]);
} else {
if (!checkEmail($this->adminMail)) {
$errorLog->addError("adminMail", $lSettings["InvalidAdminMail"]);
}
}
// Update database
if (!$errorLog->hasErrors()) {
// Check that row exists
$result = $dbi->query("SELECT id FROM " . settingsTableName);
if (!$result->rows()) {
$dbi->query("INSERT INTO " . settingsTableName . "(title) VALUES(" . $dbi->quote($this->title) . ")");
}
// Update settings
$dbi->query("UPDATE " . settingsTableName . " SET " . "activateWithEmail=" . $dbi->quote($this->activateWithEmail) . "," . "adminMail=" . $dbi->quote($this->adminMail) . "," . "allowUserRegistration=" . $dbi->quote($this->allowUserRegistration) . "," . "cacheSize=" . $dbi->quote($this->cacheSize) . "," . "commentBlacklist=" . $dbi->quote($this->commentBlacklist) . "," . "commentsRequireValidation=" . $dbi->quote($this->commentsRequireValidation) . "," . "defaultPage=" . $dbi->quote($this->defaultPage) . "," . "description=" . $dbi->quote($this->description) . "," . "enableCaching=" . $dbi->quote($this->enableCaching) . "," . "enableRevisioning=" . $dbi->quote($this->enableRevisioning) . "," . "iconTheme=" . $dbi->quote($this->iconTheme) . "," . "keywords=" . $dbi->quote($this->keywords) . "," . "language=" . $dbi->quote($this->language) . "," . "linkType=" . $dbi->quote($this->linkType) . "," . "maxNoOfLinksInComments=" . $dbi->quote($this->maxNoOfLinksInComments) . "," . "requireValidation=" . $dbi->quote($this->requireValidation) . "," . "showDirectLink=" . $dbi->quote($this->showDirectLink) . "," . "showPrinterLink=" . $dbi->quote($this->showPrinterLink) . "," . "showRecommendLink=" . $dbi->quote($this->showRecommendLink) . "," . "subtheme=" . $dbi->quote($this->subtheme) . "," . "theme=" . $dbi->quote($this->theme) . "," . "themeWidth=" . $dbi->quote($this->themeWidth) . "," . "themeHeaderUrl=" . $dbi->quote($this->themeHeaderUrl) . "," . "title=" . $dbi->quote($this->title));
}
// Return errors if any
return $errorLog;
}
/**
* Save category in database.
* @return ErrorLog containing errors if any.
*/
function saveCategory()
{
// Initialize ErrorLog object
$errors = new ErrorLog();
// Check if user has edit permission
if ($this->hasEditPermission()) {
global $dbi, $log;
global $lCategoryEdit;
// Check if data is submitted from the form
checkSubmitter(scriptUrl);
// Save values
$this->title = getValue("title");
$this->description = getValue("description");
// Validate data
if (empty($this->title)) {
$errors->addError("title", $lCategoryEdit["MissingTitle"]);
} else {
if (empty($this->id)) {
$category = new Category("", $this->title);
if (!empty($category->id)) {
$errors->addError("title", $lCategoryEdit["CategoryExists"]);
}
}
}
if (!$errors->hasErrors()) {
if (!empty($this->id)) {
// Update category in database
$dbi->query("UPDATE " . categoryTableName . " SET title=" . $dbi->quote($this->title) . ",description=" . $dbi->quote($this->description) . " WHERE (id=" . $dbi->quote($this->id) . ")");
} else {
// Insert category into database
$dbi->query("INSERT INTO " . categoryTableName . "(title,description) VALUES(" . $dbi->quote($this->title) . "," . $dbi->quote($this->description) . ")");
// Get insert id
$this->id = $dbi->getInsertId();
}
// Log transaction
$log->logTransaction(categoryContentTypeId, $this->id);
}
}
return $errors;
}
/**
* Save comment in database
* @param $moduleId Module id to add comment to.
* @param $moduleContentTypeId Identifier of content type.
* @param $moduleContentId Identifier of content.
* @return List of errors if any.
*/
function saveComment($moduleId, $moduleContentTypeId, $moduleContentId)
{
global $dbi, $errors, $login, $referer, $settings, $spamFilter;
global $lComment, $lEditComment;
// Check if data is submitted from the form
checkSubmitter();
// Get user ip
$ip = getenv("REMOTE_ADDR");
// Get values
$this->moduleId = $moduleId;
$this->moduleContentTypeId = $moduleContentTypeId;
$this->moduleContentId = $moduleContentId;
$this->name = parseString(stripHtml(getValue("name")));
$this->mail = parseString(stripHtml(getValue("mail")));
$this->link = parseString(stripHtml(getValue("link")));
$this->subject = parseString(stripHtml(getValue("subject")));
$this->message = parseString(stripHtml(getValue("message")));
$this->spam = getValue("spam");
$this->userId = getValue("userId");
// Get default name
$defaultName = parseString(getPostValue("defaultName"));
// Validate comment data
if (empty($this->id)) {
if (!$this->hasCommentPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
}
if (!$login->isLoggedIn()) {
if ($settings->commentsRequireValidation) {
if (!audit()) {
$errors->addError("validation", $lComment["WrongValidation"]);
}
}
if (empty($this->name) || $this->name == $defaultName) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
} else {
if (!$this->hasEditPermission()) {
$errors->addError("permissions", $lEditComment["InsufficientPermissions"]);
} else {
if (empty($this->name) && empty($this->userId)) {
$errors->addError("name", $lEditComment["MissingName"]);
}
}
}
if (empty($this->subject)) {
$errors->addError("subject", $lEditComment["MissingSubject"]);
}
if (empty($this->message)) {
$errors->addError("message", $lEditComment["MissingText"]);
}
// Check if message could be classified as spam
$spam = $spamFilter->isSpam($this->name, $this->mail, $this->subject, $this->message);
// Check if this ip has been spam before
if (!$spam) {
$result = $dbi->query("SELECT COUNT(*) FROM " . commentTableName . " WHERE spam=1 AND ip=" . $dbi->quote($ip));
if ($result->rows()) {
list($count) = $result->fetchrow_array();
if ($count != 0) {
$spam = true;
}
}
}
// If there were no errors insert or update comment
if (!$errors->hasErrors()) {
if (empty($this->id)) {
// Insert into comment database
$dbi->query("INSERT INTO " . commentTableName . "(moduleId,moduleContentTypeId,moduleContentId,userId,name,mail,link,subject,message,ip,posted,spam,trash) VALUES(" . $dbi->quote($moduleId) . "," . $dbi->quote($moduleContentTypeId) . "," . $dbi->quote($moduleContentId) . "," . ($login->isLoggedIn() ? $login->id : 0) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->mail) . "," . $dbi->quote($this->link) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->message) . "," . $dbi->quote($ip) . ",NOW()," . $dbi->quote($spam) . ",0)");
// Get new comment id
$this->id = $dbi->getInsertId();
} else {
// Update values in database
$dbi->query("UPDATE " . commentTableName . " SET name=" . $dbi->quote($this->name) . ",mail=" . $dbi->quote($this->mail) . ",link=" . $dbi->quote($this->link) . ",subject=" . $dbi->quote($this->subject) . ",message=" . $dbi->quote($this->message) . ",posted=posted,spam=" . $dbi->quote($spam) . " WHERE (id=" . $dbi->quote($this->id) . ")");
}
// Remember poster
$remember = getValue("remember");
if (!empty($remember)) {
$poster["name"] = stripslashes($this->name);
$poster["mail"] = stripslashes($this->mail);
$poster["link"] = stripslashes($this->link);
$poster["remember"] = stripslashes($remember);
setcookie("commentPoster", addslashes(serialize($poster)), time() + 31536000);
}
}
// Return errors if any
return $errors;
}
if (!empty($files)) {
for ($i = 0; $i < sizeof($files); $i++) {
if (!empty($files[$i])) {
$tmpFile = new File($files[$i]);
$tmpFile->deleteFile();
}
}
}
// Redirect
redirect(scriptUrl . "/" . folderFilesAdmin . "/" . fileFilesIndex . (!empty($folder->id) ? "?folderId=" . $folder->id : ""));
}
// Move files
$move = getPostValue("move");
if ($move) {
// Check if data is submitted from the form
checkSubmitter();
// Move folders
$folders = getPostValue("folders");
if (!empty($folders)) {
for ($i = 0; $i < sizeof($folders); $i++) {
$moveFolderId = getPostValue("moveFolderId");
if (!empty($folders[$i]) && !empty($moveFolderId)) {
$tmpFolder = new Folder($folders[$i]);
$tmpFolder->moveFolder($moveFolderId);
}
}
}
// Move files
$files = getPostValue("files");
if (!empty($files)) {
for ($i = 0; $i < sizeof($files); $i++) {
/**
* Save blog in database.
* @param $readPost Read values from post.
* @return ErrorLog if there were errors.
*/
function saveBlog($readPost = true)
{
// Create ErrorLog object
$errorLog = new ErrorLog();
if ($this->hasAdministerPermission()) {
global $dbi, $log, $login, $module;
// Check if data is submitted from the form
checkSubmitter();
// Include language
include scriptPath . "/include/language/" . pageLanguage . "/general.php";
include scriptPath . "/" . folderBlog . "/include/language/" . $this->language . "/general.php";
// Save values from post
if ($readPost) {
$this->category = parseHtml(getPostValue("category"), 0);
$this->description = parseHtml(getPostValue("description"), 1);
$this->language = getPostValue("language");
$this->postLimit = getPostValue("postLimit");
$this->showRSSLink = getPostValue("showRSSLink");
$this->showRSSCommentsLink = getPostValue("showRSSCommentsLink");
$this->subscribers = parseHtml(getPostValue("subscribers"), 0);
$this->title = parseHtml(getPostValue("title"), 0);
}
// Validate data
if (empty($this->language)) {
$this->language = pageDefaultLanguage;
}
if (empty($this->title)) {
$errorLog->addError("title", $lBlogEdit["MissingTitle"]);
} else {
if (empty($this->id)) {
$blog = new Blog("", $this->title);
if (!empty($blog->id)) {
$errorLog->addError("title", $lBlogEdit["BlogExists"]);
}
}
}
// If there were no errors update database
if (!$errorLog->hasErrors()) {
if (empty($this->id)) {
// Get max position
$result = $dbi->query("SELECT MAX(position) FROM " . blogTableName);
if ($result->rows()) {
list($position) = $result->fetchrow_array();
$position++;
} else {
$position = 0;
}
// Insert blog into database
$dbi->query("INSERT INTO " . blogTableName . "(title,category,description,subscribers,language,postLimit,showRSSLink,showRSSCommentsLink,position) VALUES(" . $dbi->quote($this->title) . "," . $dbi->quote($this->category) . "," . $dbi->quote($this->description) . "," . $dbi->quote($this->subscribers) . "," . $dbi->quote($this->language) . "," . $dbi->quote($this->postLimit) . "," . $dbi->quote($this->showRSSLink) . "," . $dbi->quote($this->showRSSCommentsLink) . "," . $dbi->quote($position) . ")");
// Get new blog id
$this->id = $dbi->getInsertId();
// Set default permissions
$login->setModuleContentPermissions(blogContentId, $this->id, "Visitors", 0, 0, 1, 0, 0, 0, 0, 1);
$login->setModuleContentPermissions(blogContentId, $this->id, "Users", 0, 0, 1, 0, 0, 0, 0, 1);
} else {
// Update blog in database
$dbi->query("UPDATE " . blogTableName . " SET title=" . $dbi->quote($this->title) . ",category=" . $dbi->quote($this->category) . ",description=" . $dbi->quote($this->description) . ",subscribers=" . $dbi->quote($this->subscribers) . ",language=" . $dbi->quote($this->language) . ",postLimit=" . $dbi->quote($this->postLimit) . ",showRSSLink=" . $dbi->quote($this->showRSSLink) . ",showRSSCommentsLink=" . $dbi->quote($this->showRSSCommentsLink) . " WHERE id=" . $dbi->quote($this->id));
}
// Upload index picture
if (!empty($_FILES["img_0"])) {
uploadFile($_FILES["img_0"], "blog_" . $this->id, array("image/jpeg", "image/pjpeg", "image/gif"), 0, 50, 50);
}
// Log transaction
$log->logTransaction(blogContentId, $this->id);
} else {
if (!empty($_FILES["img_0"]["tmp_name"])) {
$errorLog->addError("upload", $lErrors["ReUploadImages"]);
}
}
}
return $errorLog;
}
/** Save folder. */
function saveFolder()
{
if (!empty($this->id)) {
global $errors;
global $lFileEditFolder;
// Check if data is submitted from the form
checkSubmitter();
// Get values
$this->name = getPostValue("folderName");
$this->parent = new Folder(getPostValue("folderId"));
// Validate
if (empty($this->name)) {
$errors->addError("folderName", $lFileEditFolder["MissingFoldername"]);
}
if (!$errors->hasErrors()) {
// Rename folder
$this->renameFolder($this->name);
}
return $errors;
}
}
/** Upload files to the website. */
function uploadFiles($folderId = 0)
{
// Check if comment is submitted from the form
checkSubmitter();
// Get number of files
$numberOfFiles = getPostValue("numberOfFiles");
// Upload files
for ($i = 1; $i < $numberOfFiles + 1; $i++) {
if (!empty($_FILES["file{$i}"]["tmp_name"])) {
$this->uploadFile($_FILES["file{$i}"], $folderId);
}
}
}
/** Save page bar to database. */
function savePageBar()
{
if (!empty($this->id)) {
if ($this->hasEditPermission()) {
global $dbi, $log;
// Check if data is submitted from the form
checkSubmitter();
// Get values
$this->leftTemplate = getPostValue("leftTemplate");
$this->leftText = getPostValue("leftText");
$this->rightTemplate = getPostValue("rightTemplate");
$this->rightText = getPostValue("rightText");
// Update page in database
$dbi->query("UPDATE " . pageTableName . " SET leftTemplate=" . $dbi->quote($this->leftTemplate) . ",rightTemplate=" . $dbi->quote($this->rightTemplate) . ",leftText=" . $dbi->quote($this->leftText) . ",rightText=" . $dbi->quote($this->rightText) . " WHERE id=" . $dbi->quote($this->id));
// Log transaction
$log->logTransaction(pageContentTypeId, $this->id);
}
}
}
/**
* Save user in database.
* @param $readPost Read values from post.
* @param $validate Validate input values.
* @return ErrorList object if there were errors.
*/
function saveUser($readPost = true, $validate = true)
{
global $dbi, $errors, $group, $log, $login, $module, $settings;
// Include language
include scriptPath . "/include/language/" . pageLanguage . "/admin.php";
include scriptPath . "/include/language/" . pageLanguage . "/general.php";
// Save values into this user object
if ($readPost) {
if (empty($this->id)) {
$this->username = getValue("u_username");
}
if ($login->isWebmaster()) {
$this->activated = getValue("u_activated");
$this->activated = !$this->activated;
}
$this->groupId = getValue("u_groupId");
$this->name = getValue("u_name");
$this->email = getValue("u_email");
$this->phone = getValue("u_phone");
$this->mobile = getValue("u_mobile");
$this->facebook = getValue("u_facebook");
$this->twitter = getValue("u_twitter");
$this->linkurl = getValue("u_linkurl");
$this->linkname = getValue("u_linkname");
$this->location = getValue("u_location");
$this->department = getValue("u_department");
$this->position = getValue("u_position");
$this->profileText = parseHtml(getValue("u_profileText"), 2);
$this->signature = getValue("u_signature");
$this->hideEmail = getValue("u_hideEmail");
$this->hideTelephone = getValue("u_hideTelephone");
$this->hideInUserlist = getValue("u_hideInUserlist");
$this->hideOnlineStatus = getValue("u_hideOnlineStatus");
$this->notifyAboutChanges = getValue("u_notifyAboutChanges");
$this->categoryId = getValue("categoryId");
if (empty($this->id)) {
$this->password = getValue("u_passwd");
$repeatedPassword = getValue("u_repeated_passwd");
}
$groups = getValue("u_groups");
$profile = getValue("profile");
}
if ($validate) {
// Check submitter
checkSubmitter(scriptUrl);
if ($this->hasAdministerPermission() && !$profile) {
$userType = getValue("userType");
$this->administrator = 0;
$this->webmaster = 0;
if (!empty($userType)) {
switch ($userType) {
case 1:
// Webmaster
$this->webmaster = 1;
break;
case 2:
// Administrator
$this->administrator = 1;
break;
}
}
}
// Validate username
$this->validateUsername($this->username);
// Validate full name
if (empty($this->name)) {
$errors->addError("name", $lEditUser["MissingFullName"]);
}
// Validate email
if (!$login->isWebmaster()) {
if (empty($this->email)) {
$errors->addError("email", $lEditUser["MissingEmail"]);
}
}
// Validate email is valid and not already registered
if (!empty($this->email)) {
if (!checkEmail($this->email)) {
$errors->addError("email", $lEditUser["InvalidEmail"]);
} else {
$result = $dbi->query("SELECT id FROM " . userDataTableName . " WHERE " . (!empty($this->id) ? "id!=" . $dbi->quote($this->id) . " AND " : "") . "email=" . $dbi->quote($this->email));
if ($result->rows()) {
$errors->addError("email", $lEditUser["EmailExists"]);
}
}
}
// Validate password
if (empty($this->id)) {
$this->validatePassword($this->password, $repeatedPassword);
}
// Validate code
if (empty($this->id) && !$this->hasAdministerPermission() && $settings->requireValidation) {
if (!audit()) {
$errors->addError("validation", $lEditUser["WrongValidation"]);
}
}
}
// If no errors save user data
if (!$errors->hasErrors()) {
// Check if user category exists
if (!empty($this->categoryId)) {
$result = $dbi->query("SELECT Id FROM " . userCategoryTableName . " WHERE Id=" . $dbi->quote($this->categoryId) . " OR Title=" . $dbi->quote($this->categoryId));
if ($result->rows()) {
list($this->categoryId) = $result->fetchrow_array();
} else {
// Get max position
$position = 0;
$result = $dbi->query("SELECT MAX(Position) FROM " . userCategoryTableName);
if ($result->rows()) {
list($maxPosition) = $result->fetchrow_array();
$position = $maxPosition + 1;
}
// Insert the new category
$dbi->query("INSERT INTO " . userCategoryTableName . "(Title,Position) VALUES(" . $dbi->quote($this->categoryId) . "," . $dbi->quote($position) . ")");
$this->categoryId = $dbi->getInsertId();
}
}
if (!empty($this->id)) {
// Update basic user information
$dbi->query("UPDATE " . userTableName . " SET " . (!empty($this->username) ? "username="******"," : "") . "groupId=" . $dbi->quote($this->groupId) . ",registered=registered,lastLogged=lastLogged,lastUpdated=NOW()" . (!empty($this->password) ? ",password="******"") . ",administrator=" . $dbi->quote($this->administrator) . ",webmaster=" . $dbi->quote($this->webmaster) . ",activated=" . $dbi->quote($this->activated) . " WHERE id=" . $this->id);
// Update information about user
$dbi->query("UPDATE " . userDataTableName . " SET categoryId=" . $dbi->quote($this->categoryId) . ",name=" . $dbi->quote($this->name) . ",email=" . $dbi->quote($this->email) . ",phone=" . $dbi->quote($this->phone) . ",mobile=" . $dbi->quote($this->mobile) . ",linkurl=" . $dbi->quote($this->linkurl) . ",linkname=" . $dbi->quote($this->linkname) . ",facebook=" . $dbi->quote($this->facebook) . ",twitter=" . $dbi->quote($this->twitter) . ",location=" . $dbi->quote($this->location) . ",department=" . $dbi->quote($this->department) . ",position=" . $dbi->quote($this->position) . ",profileText=" . $dbi->quote($this->profileText) . ",signature=" . $dbi->quote($this->signature) . ",hideEmail=" . $dbi->quote($this->hideEmail) . ",hideTelephone=" . $dbi->quote($this->hideTelephone) . ",hideInUserlist=" . $dbi->quote($this->hideInUserlist) . ",hideOnlineStatus=" . $dbi->quote($this->hideOnlineStatus) . ",notifyAboutChanges=" . $dbi->quote($this->notifyAboutChanges) . " WHERE id=" . $this->id);
} else {
// Generate cookie
$cookie = $login->generateCookie();
if (!$login->isLoggedIn()) {
// Generate random string
if ($settings->activateWithEmail) {
$activationKey = generateRandomString(32);
}
// Insert data into database
$dbi->query("INSERT INTO " . userTableName . " (username,password,groupId,cookie,webmaster,administrator,activated,activationKey) VALUES(" . $dbi->quote(trim($this->username)) . "," . $dbi->quote(md5(trim($this->password))) . "," . $dbi->quote($this->groupId) . "," . $dbi->quote($cookie) . ",0,0," . ($settings->activateWithEmail && !$this->activated ? 0 : 1) . "," . ($settings->activateWithEmail ? $dbi->quote($activationKey) : "''") . ")");
} else {
// Insert data into database
$dbi->query("INSERT INTO " . userTableName . " (username,password,groupId,cookie,webmaster,administrator,activated) VALUES(" . $dbi->quote(trim($this->username)) . "," . $dbi->quote(md5(trim($this->password))) . "," . $dbi->quote($this->groupId) . "," . $dbi->quote($cookie) . "," . $dbi->quote($this->webmaster) . "," . $dbi->quote($this->administrator) . ",1)");
}
// Get new id of user
$this->id = $dbi->getInsertId();
// Insert user information
$dbi->query("INSERT INTO " . userDataTableName . "(id,categoryId,name,email,phone,mobile,linkurl,linkname,facebook,twitter,location,department,position,profileText,signature,hideEmail,hideTelephone,hideOnlineStatus,notifyAboutChanges) VALUES(" . $this->id . "," . $dbi->quote($this->categoryId) . "," . $dbi->quote($this->name) . "," . $dbi->quote($this->email) . "," . $dbi->quote($this->phone) . "," . $dbi->quote($this->mobile) . "," . $dbi->quote($this->linkurl) . "," . $dbi->quote($this->linkname) . "," . $dbi->quote($this->facebook) . "," . $dbi->quote($this->twitter) . "," . $dbi->quote($this->location) . "," . $dbi->quote($this->department) . "," . $dbi->quote($this->position) . "," . $dbi->quote($this->profileText) . "," . $dbi->quote($this->signature) . "," . $dbi->quote($this->hideEmail) . "," . $dbi->quote($this->hideTelephone) . "," . $dbi->quote($this->hideOnlineStatus) . "," . $dbi->quote($this->notifyAboutChanges) . ")");
// Send mail to registered user
if (!$login->isLoggedIn() && $settings->activateWithEmail) {
// Send registration email
$mail = new phpmailer();
$mail->CharSet = "UTF-8";
$mail->From = pageAdminMail;
$mail->Sender = pageAdminMail;
$mail->FromName = pageTitle;
$mail->Subject = sprintf($lEditUser["WelcomeEmailSubject"], pageTitle);
$mail->Body = sprintf($lEditUser["WelcomeEmailText"], $this->name, scriptUrl . "/" . fileProfileActivate . "?id=" . $this->id . "&activate=1&activationKey=" . $activationKey);
$mail->IsHTML(false);
$mail->AddAddress($this->email);
$mail->Send();
}
// Notify listeners that user was inserted
if (function_exists("userInserted")) {
userInserted($this->id);
}
}
// Set permissions for user
if ($this->hasAdministerPermission() && !$profile) {
if (!empty($userType)) {
// Remove permissions if any
$dbi->query("DELETE FROM " . permissionTableName . " WHERE moduleContentTypeId='' AND moduleContentId='' AND type='User' AND typeId=" . $dbi->quote($this->id));
// If module administrator set permissions
if ($userType == 3) {
$permissions = getValue("permissions");
$result = $dbi->query("SELECT Id FROM " . moduleTableName);
if ($result->rows()) {
for ($i = 0; list($moduleId) = $result->fetchrow_array(); $i++) {
if (!empty($permissions[$moduleId])) {
// Initialize values
$administrator = 0;
$comment = 0;
$create = 0;
$delete = 0;
$edit = 0;
$grant = 0;
$publish = 0;
$read = 0;
// Get permission type
switch ($permissions[$moduleId]) {
case 1:
$read = 1;
break;
case 2:
$read = 1;
$comment = 1;
break;
case 3:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
break;
case 4:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
$publish = 1;
break;
case 5:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
$publish = 1;
$delete = 1;
break;
case 6:
$read = 1;
$comment = 1;
$create = 1;
$edit = 2;
$publish = 1;
$delete = 2;
break;
case 7:
$administrator = 1;
break;
}
// Check if any permissions have been set
if ($administrator || $comment != 0 || $create != 0 || $delete != 0 || $edit != 0 || $grant != 0 || $publish != 0 || $read != 0) {
// Set permissions for module content
$login->setModulePermissions($moduleId, "User", $this->id, $administrator, $comment, $create, $delete, $edit, $publish, $read);
}
}
}
}
}
}
// Add to groups
$group->deleteGroupRefs($this->id);
if (!empty($groups)) {
for ($i = 0; $i < sizeof($groups); $i++) {
$group->addToGroup($groups[$i], $this->id);
}
}
}
// Upload index picture
if (!empty($_FILES["img_0"]["tmp_name"])) {
$size = getImageDimensions($_FILES["img_0"]["tmp_name"]);
$height = $size[1] * (150 / $size[0]);
resizeToFile($_FILES["img_0"]["tmp_name"], 150, $height, scriptPath . "/" . folderUploadedFiles . "/user_" . $this->id . ".jpg", 100);
}
// Call any custom sections
global $site;
if (!empty($site->editUserSections)) {
for ($i = 0; $i < sizeof($site->editUserSections); $i++) {
if (function_exists($site->editUserSections[$i]["saveFunction"])) {
$site->editUserSections[$i]["saveFunction"]($this->id);
}
}
}
// Log transaction
$log->logTransaction(userContentTypeId, $this->id);
} else {
if (!empty($this->password)) {
$errors->addError("reenterPassword", $lEditUser["ReenterPasswords"]);
}
if (!empty($_FILES["img_0"]["tmp_name"])) {
$errors->addError("upload", $lErrors["ReUploadImages"]);
}
}
// Return list of errors
return $errors;
}
/** Save group in database. */
function saveGroup()
{
global $errors;
if ($this->hasEditPermission()) {
global $dbi, $log, $login;
// Check if data is submitted from the form
checkSubmitter();
// Include language
include scriptPath . "/include/language/" . pageLanguage . "/admin.php";
// Get values
$this->name = getValue("groupName");
$this->description = getValue("groupDescription");
// Validate user data
if (empty($this->name)) {
$errors->addError("name", $lEditGroup["MissingName"]);
}
if (empty($this->id)) {
if ($this->groupExists($this->name)) {
$errors->addError("name", $lEditGroup["GroupExists"]);
}
}
// If no errors insert/update database */
if (!$errors->hasErrors()) {
if (!empty($this->id)) {
$dbi->query("UPDATE `" . groupTableName . "` SET name=" . $dbi->quote($this->name) . ",description=" . $dbi->quote($this->description) . " WHERE id=" . $this->id);
} else {
$dbi->query("INSERT INTO `" . groupTableName . "`(name,description) VALUES(" . $dbi->quote($this->name) . "," . $dbi->quote($this->description) . ")");
// Get new id
$this->id = $dbi->getInsertId();
}
// Set permissions for group
if ($login->isWebmaster()) {
// Remove permissions if any
$dbi->query("DELETE FROM " . permissionTableName . " WHERE type='Group' AND typeId=" . $dbi->quote($this->id));
// If module administrator set permissions
$permissions = getValue("permissions");
$result = $dbi->query("SELECT Id FROM " . moduleTableName);
if ($result->rows()) {
for ($i = 0; list($moduleId) = $result->fetchrow_array(); $i++) {
if (!empty($permissions[$moduleId])) {
// Initialize values
$administrator = 0;
$comment = 0;
$create = 0;
$delete = 0;
$edit = 0;
$grant = 0;
$publish = 0;
$read = 0;
// Get permission type
switch ($permissions[$moduleId]) {
case 1:
$read = 1;
break;
case 2:
$read = 1;
$comment = 1;
break;
case 3:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
break;
case 4:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
$publish = 1;
break;
case 5:
$read = 1;
$comment = 1;
$create = 1;
$edit = 1;
$publish = 1;
$delete = 1;
break;
case 6:
$read = 1;
$comment = 1;
$create = 1;
$edit = 2;
$publish = 1;
$delete = 2;
break;
case 7:
$administrator = 1;
break;
}
// Check if any permissions have been set
if ($administrator || $comment != 0 || $create != 0 || $delete != 0 || $edit != 0 || $grant != 0 || $publish != 0 || $read != 0) {
// Set permissions for module content
$login->setModulePermissions($moduleId, "Group", $this->id, $administrator, $comment, $create, $delete, $edit, $grant, $publish, $read);
}
}
}
}
}
// Log transaction
$log->logTransaction(groupContentTypeId, $this->id);
}
}
// Return errors if any
return $errors;
}
/**
* Save blog post.
* @param $readPost Read values from post.
* @return ErrorLog object if there were errors.
*/
function savePost($readPost = true)
{
global $category, $dbi, $log, $login;
// Check if data is submitted from the form
if ($readPost) {
checkSubmitter();
}
// Create ErrorLog object
$errorLog = new ErrorLog();
// Get blog id and create blog object
$this->blog = new Blog(getValue("blogId"));
// Check if blog exists
if (!empty($this->blog->id)) {
if ($this->hasEditPermission()) {
// Include language
include scriptPath . "/" . folderBlog . "/include/language/" . $this->blog->language . "/general.php";
// Save if post was draft before
$draftBefore = $this->draft;
// Save blog post values
if ($readPost) {
$this->categories = explode(",", getPostValue("categories"));
$this->disableComments = getPostValue("disableComments");
$this->draft = getPostValue("draft");
$this->showComments = getPostValue("showComments");
$this->subject = parseHtml(getPostValue("subject"), 1);
$this->summary = parseThumbnailImages(parseHtml(getPostValue("summary"), 4));
$this->text = parseThumbnailImages(parseHtml(getPostValue("text"), 4));
$userId = getPostValue("userId");
// Get publication time
$day = getPostValue("day");
$month = getPostValue("month");
$year = getPostValue("year");
$hour = getPostValue("hour");
$minute = getPostValue("minute");
// Process input
if (!empty($day) && !empty($month) && !empty($year)) {
$this->posted = mktime($hour, $minute, 0, $month, $day, $year);
}
if (!empty($userId)) {
$this->user = new User($userId);
}
}
// Validate post data
if (empty($this->posted)) {
$this->posted = mktime();
}
if (empty($userId)) {
$this->user = new User($login->id);
}
if (empty($this->subject)) {
$errorLog->addError("subject", $lBlogEditPost["MissingSubject"]);
}
// Check if post has been modified
$lastUpdated = getValue("lastUpdated");
if ($lastUpdated != $this->getLastUpdated()) {
$errorLog->addError("postModified", $lBlogEditPost["PostModified"]);
}
// Prepare values for notification
$subject = "[" . $this->blog->title . "] " . $this->subject;
$message = "<p>" . $lBlogEditPost["NotifyInsert"] . " '" . $this->blog->title . "'.</p>" . "<p><b>" . $lBlogEditPost["Name"] . "</b></p><p>" . $login->name . "</p>" . "<p><b>" . $lBlogEditPost["Subject"] . "</b></p><p>" . $this->subject . "</p>" . "<p><b>" . $lBlogEditPost["Summary"] . "</b></p>" . parseString(!empty($this->summary) ? $this->summary : (!empty($this->text) ? $this->text : "")) . "<p>--<br />" . $lBlogEditPost["ReadPost"] . ": " . $this->getPostLink() . "<br />" . $lBlogEditPost["VisitBlog"] . ": " . $this->blog->getBlogLink() . "</p>";
$sender = $login->name;
// If no errors proceed, otherwise return errors
if (!$errorLog->hasErrors()) {
if (empty($this->id)) {
// Insert into database
$dbi->query("INSERT INTO " . blogPostTableName . "(blogId,userId,subject,summary,text,posted,lastUpdated,showComments,disableComments,draft) VALUES(" . $dbi->quote($this->blog->id) . "," . $dbi->quote($this->user->id) . "," . $dbi->quote($this->subject) . "," . $dbi->quote($this->summary) . "," . $dbi->quote($this->text) . ",FROM_UNIXTIME(" . $dbi->quote($this->posted) . "),NOW()," . $dbi->quote($this->showComments) . "," . $dbi->quote($this->disableComments) . "," . $dbi->quote($this->draft) . ")");
// Get new post id
$this->id = $dbi->getInsertId();
// Notify subscribers about the new post
if (!$this->draft) {
$this->notifySubscribers($sender, $subject, $message);
}
} else {
// Update values in database
$dbi->query("UPDATE " . blogPostTableName . " SET blogId=" . $dbi->quote($this->blog->id) . ",userId=" . $dbi->quote($this->user->id) . ",subject=" . $dbi->quote($this->subject) . ",summary=" . $dbi->quote($this->summary) . ",text=" . $dbi->quote($this->text) . ",posted=FROM_UNIXTIME(" . $dbi->quote($this->posted) . "),lastUpdated=lastUpdated,showComments=" . $dbi->quote($this->showComments) . ",disableComments=" . $dbi->quote($this->disableComments) . ",draft=" . $dbi->quote($this->draft) . " WHERE id=" . $dbi->quote($this->id));
// Notify subscribers if the post was a draft previously
if (!$this->draft && $draftBefore) {
$this->notifySubscribers($sender, $subject, $message);
}
}
// Associate categories with this post
$category->addCategoryReferences(blogModuleId, blogPostContentId, $this->id, $this->categories);
// Log transaction
$log->logTransaction(blogPostContentId, $this->id);
// Delete cached files
if (!empty($this->blog)) {
$this->blog->deleteCache();
}
}
}
}
return $errorLog;
}