public function handleSaveAnswer($request_method, $request_data)
{
$msg = NULL;
$error = FALSE;
switch ($request_method) {
case 'POST':
filter_all_post($request_data);
$request_data['answer'] = trim($request_data['answer']);
if (empty($request_data['answer'])) {
$msg = __('Answer can not be left blank');
$error = true;
} else {
$comment = new Comment();
// setting some variables
$usr = PA::$user;
$comment->comment = $comment->subject = $request_data['answer'];
$comment->parent_type = TYPE_ANSWER;
$id = $comment->parent_id = $comment->content_id = $request_data['id'];
$comment->user_id = $usr->user_id;
$comment->name = $usr->login_name;
$comment->email = $usr->email;
if ($comment->spam_check()) {
$msg = __('Sorry, your Answer cannot be posted as it looks like spam. Try removing any links to possibly suspect sites, and re-submitting.');
$error = true;
Logger::log('Comment rejected by spam filter', LOGGER_ACTION);
} else {
$msg = __('Your Answer has been posted successfully');
$comment->save_comment();
if ($comment->spam_state != SPAM_STATE_OK) {
$msg = __('Sorry, your answer cannot be posted as it was classified as spam by Akismet, or contained links to blacklisted sites. Please check the links in your post, and that your name and e-mail address are correct.');
$error = true;
} else {
unset($request_data);
//invalidate cache of content block as it is modified now
if (PA::$network_info) {
$nid = '_network_' . PA::$network_info->network_id;
} else {
$nid = '';
}
//unique name
$cache_id = 'content_' . $id . $nid;
CachedTemplate::invalidate_cache($cache_id);
}
}
}
break;
}
$msg_array = array();
$msg_array['failure_msg'] = $msg;
$msg_array['success_msg'] = NULL;
$redirect_url = NULL;
$query_str = NULL;
set_web_variables($msg_array, $redirect_url, $query_str);
}
private function handleAJAX_updateUserAnnouncement($request_data)
{
filter_all_post($request_data);
$msg = 'success';
$html = null;
try {
PA::$login_user->set_profile_field(GENERAL, "shoutout", $request_data['value']);
$html = PA::$login_user->get_profile_field(GENERAL, "shoutout");
} catch (Exception $e) {
$msg = $html = $e->getMessage();
}
echo json_encode(array("msg" => $msg, "result" => $html));
exit;
}
private function handleAJAX_addUserComment($request_data)
{
$msg = 'success';
$html = 'null';
filter_all_post($request_data);
if (!empty($request_data['content'])) {
$comment = new Comment();
$usr = PA::$login_user;
$comment->comment = $request_data['content'];
$comment->subject = $request_data['content'];
$comment->parent_type = TYPE_USER;
$comment->parent_id = PA::$page_uid;
$comment->content_id = PA::$page_uid;
$comment->user_id = $usr->user_id;
$comment->name = $usr->login_name;
$comment->email = $usr->email;
$id = PA::$page_uid;
if ($comment->spam_check()) {
Logger::log("Comment rejected by spam filter", LOGGER_ACTION);
$msg = $html = __("Comment rejected by spam filter");
} else {
try {
$comment->save_comment();
if ($comment->spam_state != SPAM_STATE_OK) {
$msg = $html = __("Comment rejected by spam filter");
}
$html = $this->render();
} catch (Exception $e) {
$msg = $html = $e->getMessage();
}
}
} else {
$msg = __("Comment can't be empty.");
}
echo json_encode(array("msg" => $msg, "result" => htmlspecialchars($html)));
exit;
}
private function handleAJAX_delRole($request_data)
{
$roles = new Roles();
filter_all_post($request_data);
try {
$role = $roles->get($request_data['role_id']);
if (is_object($role)) {
if (!$role->read_only) {
$roles->delete((int) $request_data['role_id']);
$msg = __('Role sucessfully deleted.');
} else {
$msg = __('This Role can\'t be deleted.');
}
}
} catch (CNException $e) {
$msg = "{$e->message}";
}
print $msg;
exit;
}
<?php
/** !
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* [filename] is a part of PeopleAggregator.
* [description including history]
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* @author [creator, or "Original Author"]
* @license http://bit.ly/aVWqRV PayAsYouGo License
* @copyright Copyright (c) 2010 Broadband Mechanics
* @package PeopleAggregator
*/
$error = FALSE;
filter_all_post($_form);
if (isset($_form['comment']) && empty($_form['comment'])) {
$error = TRUE;
$failure_message = 9024;
}
if ($_form && empty($error)) {
$comment = new Comment();
$usr = get_login_user();
$comment->comment = $_form['comment'];
$comment->subject = $_form['comment'];
$comment->parent_type = TYPE_USER;
$comment->parent_id = $_form['id'];
$comment->content_id = $_form['id'];
$comment->user_id = $usr->user_id;
$comment->name = $usr->login_name;
$comment->email = $usr->email;
$id = $_form['id'];
if ($comment->spam_check()) {
function edit_forum_topic($_form)
{
filter_all_post($_POST);
$error = FALSE;
$msg = '';
$title = trim($_POST['forum_title']);
$body = trim($_POST['forum_contents']);
if (empty($title)) {
$error = TRUE;
$msg .= "Please specify a title for the forum topic";
}
if (empty($body)) {
$error = TRUE;
$msg .= "Please enter small description of the topic";
}
if (!$error) {
$request_info = load_info();
$cat_obj = new MessageBoard();
$cat_obj->title = $title;
$cat_obj->body = $body;
$cat_obj->boardmessage_id = $_REQUEST['mid'];
if ($_POST['chk_allow_anonymous'] != ALLOW_ANONYMOUS) {
$cat_obj->allow_anonymous = 0;
} else {
$cat_obj->allow_anonymous = 1;
}
try {
$mid = $cat_obj->save($login_uid, NULL);
} catch (PAException $e) {
$msg = "Error occured in saving data";
$error = TRUE;
}
}
$msg_array = array();
$msg_array['failure_msg'] = $msg;
$msg_array['success_msg'] = NULL;
$return_array = array('msg' => $msg_array);
return $return_array;
}
public function handlePOST_GroupInvitationSubmit($request_data)
{
if (isset($request_data['submit'])) {
filter_all_post($request_data);
$gid = $request_data['groups'];
$self_invite = FALSE;
$error = FALSE;
// check if groups are there
if (empty($gid)) {
$error = TRUE;
$msg[] = __("Please select a group");
}
if (empty($error) && !empty($request_data['email_user_name'])) {
// if login name are supplied
$friend_user_name = trim($request_data['email_user_name']);
$friend_user_name_array = explode(',', $friend_user_name);
$cnt_usr_name = count($friend_user_name_array);
for ($counter = 0; $counter < $cnt_usr_name; $counter++) {
try {
$user_obj = new User();
$user_obj->load(trim($friend_user_name_array[$counter]));
if ($user_obj->email == PA::$login_user->email) {
$self_invite = TRUE;
//you can not invite your self
} else {
$valid_user_login_names[] = $user_obj->login_name;
$valid_usr_name_email[] = $user_obj->email;
}
} catch (PAException $e) {
if (!empty($friend_user_name_array[$counter])) {
$invalid_login_msg .= $friend_user_name_array[$counter] . ', ';
}
}
}
// end for
if (!empty($invalid_login_msg)) {
$invalid_login_msg = substr($invalid_login_msg, 0, -2);
$msg[] = sprintf(__('Invitation could not be sent to following login names- %s'), $invalid_login_msg);
}
}
// end if : if user names are supplied.
$invalid = null;
if (empty($error) && !empty($request_data['email_id'])) {
// if email ids are supplied
$friend_email = trim($request_data['email_id']);
$friend_email_array = explode(',', $friend_email);
$cnt_email = count($friend_email_array);
// Check for valid-invalid email addresses start
for ($counter = 0; $counter < $cnt_email; $counter++) {
$email_validation = Validation::validate_email(trim($friend_email_array[$counter]));
if ($email_validation == '0') {
$invalid[] = trim($friend_email_array[$counter]);
} else {
if ($friend_email_array[$counter] == PA::$login_user->email) {
$self_invite = TRUE;
} else {
$valid_user_first_emails[] = $friend_email_array[$counter];
$valid_email[] = trim($friend_email_array[$counter]);
}
}
}
}
// Check for valid-invalid email addresses end
// Action for valid-invalid email addresses start
if (empty($friend_email) && empty($friend_user_name)) {
// if email field is left empty
$msg[] = MessagesHandler::get_message(6001);
$error = TRUE;
} else {
if (!empty($friend_email) && !empty($friend_user_name)) {
$msg = array();
$msg[] = MessagesHandler::get_message(7026);
$error = TRUE;
} else {
if (!empty($self_invite) || sizeof($invalid) > 0) {
// if self invitation is made
if (!empty($self_invite)) {
$msg[] = MessagesHandler::get_message(6002);
}
if (!empty($invalid)) {
// if invalid email addresses are supplied
$invalid_cnt = count($invalid);
$invalid_msg = '';
for ($counter = 0; $counter < $invalid_cnt; $counter++) {
if (!empty($invalid[$counter])) {
$invalid_msg .= $invalid[$counter] . ', ';
}
}
if (!empty($invalid_msg)) {
$invalid_msg = substr($invalid_msg, 0, -2);
$msg[] = sprintf(__('Invitation could not be sent to following email addresses- %s'), $invalid_msg);
}
}
}
}
}
if (empty($error)) {
// At this point invitation could be made
if (!empty($valid_email) && !empty($valid_usr_name_email)) {
$valid_email = array_merge($valid_email, $valid_usr_name_email);
$valid_user_first_emails = array_merge($valid_user_first_emails, $valid_user_login_names);
} else {
if (!empty($valid_usr_name_email)) {
$valid_email = $valid_usr_name_email;
$valid_user_first_emails = $valid_user_login_names;
}
}
if (!empty($valid_email)) {
$valid_cnt = count($valid_email);
$invitation_message = nl2br($request_data['message']);
for ($counter = 0; $counter < $valid_cnt; $counter++) {
$group = new Group();
$group->load((int) $gid);
$inv = new Invitation();
$inv->user_id = PA::$login_uid;
$inv->username = PA::$login_user->login_name;
// for invitation not for any group invitation collection id is -1
$inv->inv_collection_id = $gid;
$inv->inv_group_name = $group->title;
$inv->inv_status = INVITATION_PENDING;
$auth_token = get_invitation_token(LONG_EXPIRES, $valid_email[$counter]);
$token = '&token=' . $auth_token;
$link_desc = wordwrap(PA::$url . '/' . FILE_REGISTER . "?GInvID={$inv->inv_id}", 120, "<br>", 1);
$inv->register_url = "<a href=\"" . PA::$url . '/' . FILE_REGISTER . "?GInvID={$inv->inv_id}\">{$link_desc}</a>";
$acc_link_desc = wordwrap(PA::$url . "/" . FILE_LOGIN . "?action=accept&GInvID={$inv->inv_id}{$token}", 120, "<br>", 1);
$inv->accept_url = "<a href=\"" . PA::$url . "/" . FILE_LOGIN . "?action=accept&GInvID={$inv->inv_id}{$token}\">{$acc_link_desc}</a>";
$inv->inv_user_id = null;
$inv->inv_user_first_name = $valid_user_first_emails[$counter];
$inv->inv_email = $valid_email[$counter];
$inv->inv_summary = sprintf(__("Invitation from %s %s to join %s"), PA::$login_user->first_name, PA::$login_user->last_name, $inv->inv_group_name);
$inv->inv_message = !empty($invitation_message) ? $invitation_message : null;
$save_error = false;
try {
$inv->send();
} catch (PAException $e) {
$save_msg = "{$e->message}";
$save_error = true;
}
if ($save_error == true) {
$msg[] = sprintf(__('Sorry: you are unable to invite a friend. Reason: %s'), $sav_msg);
} else {
// invitation has been sent, now send email
$user_type = Group::get_user_type(PA::$login_uid, $gid);
if ($user_type == OWNER) {
$mail_type = 'invite_group';
$requester = $group;
} else {
if ($user_type == MEMBER) {
$mail_type = 'invite_group_by_member';
$requester = PA::$login_user;
}
}
PAMail::send($mail_type, $inv->inv_email, $requester, $inv);
$succ_msg .= $valid_user_first_emails[$counter] . ', ';
if ($counter == $valid_cnt - 1) {
$succ_msg = substr($succ_msg, 0, -2);
//$msg_1[] = "Invitation has been sent successfully to -" . $succ_msg;
}
}
}
// end for : invitation to multiple email
}
}
}
//..do invite
if (!empty($msg)) {
$msg = array_reverse($msg);
$message = NULL;
for ($counter = 0; $counter < count($msg); $counter++) {
$message .= $msg[$counter] . "<br />";
}
}
$msg_array = array();
$msg_array['failure_msg'] = $message;
$msg_array['success_msg'] = 6004;
$redirect_url = PA::$url . PA_ROUTE_GROUP;
if (!empty($request_data['groups'])) {
$query_str = "gid=" . $request_data['groups'];
}
set_web_variables($msg_array, $redirect_url, $query_str);
}
<?
echo "This script has huge security problems, so has been disabled. It's also not used in the Beta theme, so you should never get here.";
exit;
$login_required = TRUE;
include "includes/page.php";
require_once "../api/MessageBoard/MessageBoard.php";
$back = $_REQUEST['back_page'];
//print_r($_REQUEST);exit;
$mid = trim($_REQUEST['message_id']);
if ($_REQUEST['do'] == 'edit') {
filter_all_post($_REQUEST);
$title = trim($_REQUEST['edit_title']);
$body = trim($_REQUEST['edit_body']);
$m = new MessageBoard();
$m->title = $title;
$m->body = $body;
$m->boardmessage_id = $mid;
$id = $m->save($uid=NULL,$is_insert=0);
}
if ($_REQUEST['do'] == 'delete') {
MessageBoard::delete_all_in_parent($mid,PARENT_TYPE_MESSAGE);
}
if ($_REQUEST['groupurl']) {
$url = $_REQUEST['groupurl'];
header("Location:$url"); exit;
}
header("location:$back");exit;
function handlePOST_submitAbuse($request_data)
{
global $error_msg;
if ($request_data['action'] == 'submitAbuse' && !empty(PA::$login_uid)) {
filter_all_post($request_data);
$abuse = trim($request_data['abuse']);
$type = isset($request_data['type']) && $request_data['type'] == 'comment' ? 'comment' : 'content';
$mail_type = $type == 'comment' ? "report_abuse_on_comment" : "report_abuse_on_content";
if (!empty($abuse)) {
$extra = $this->shared_data['extra'];
$network_info = $this->shared_data['network_info'];
$error_msg = "";
try {
// Saving the abuse report
$report_abuse_obj = new ReportAbuse();
$report_abuse_obj->parent_type = $type == 'comment' ? TYPE_COMMENT : TYPE_CONTENT;
$report_abuse_obj->parent_id = $request_data['cid'];
$report_abuse_obj->reporter_id = PA::$login_uid;
$report_abuse_obj->body = $request_data['abuse'];
$id = $report_abuse_obj->save();
} catch (PAException $e) {
$error_msg = $e->message;
}
$ccid_string = "";
PANotify::send($mail_type, PA::$network_info, PA::$login_user, $report_abuse_obj);
$error_msg = 9002;
/*
if(!empty($request_data['gid'])) {
$group = new Group();
$group->load((int)$request_data['gid']);
PANotify::send("report_abuse_grp_owner", $group, PA::$login_user, $report_abuse_obj);
}
*/
try {
if (!empty($this->shared_data['content']) && !empty($this->shared_data['collection'])) {
$content = $this->shared_data['content'];
$collection = $this->shared_data['collection'];
if ($content && $content->parent_collection_id != -1) {
if ($this->shared_data['is_group_content']) {
$mail_type = $type == 'comment' ? "report_abuse_on_comment_grp_owner" : "report_abuse_grp_owner";
PANotify::send($mail_type, $this->shared_data['collection'], PA::$login_user, $report_abuse_obj);
$error_msg = 9002;
}
}
}
} catch (PAException $e) {
$error_msg = $e->message;
}
} else {
$error_msg = 9004;
}
}
}
function saveEmail(&$err_msg, $save_to_file = false)
{
global $email_type;
$error = false;
$res = false;
filter_all_post($_POST);
$mandatory_fields = array('subject' => 'Caption', "description" => "Description", 'email_message' => 'Message');
foreach ($mandatory_fields as $key => $value) {
if (empty($_POST[$key])) {
$error = true;
$err_msg[] = $value . ' can\'t be empty.';
}
}
if (!$error) {
$res = true;
$err_msg = 13001;
$email = new EmailMessages();
$email->subject = $_POST['subject'];
$email->category = $_POST['category'];
$email->template = $_POST['template'];
$email->message = $_POST['email_message'];
$email->description = $_POST['description'];
$email->type = $email_type;
$email->update();
if ($save_to_file) {
try {
$email->saveToFile();
} catch (Exception $e) {
$error = true;
$err_msg = $e->getMessage();
$res = false;
}
}
}
return $res;
}
/** !!
* This handles the data that is POSTed back to the page upon
* submission of the form. There is a lot happening in here,
* but it basically looks at the submitted data, figures out
* what it is supposed to do with it (based on if the group is
* being created or modified), then creates a new group or
* updates the current data using the {@link handle_entity() } method.
*
* @param array $request_data All of the data POSTed back to the form.
*/
public function handlePOST($request_data)
{
require_once "web/includes/classes/CNFileUploader.php";
require_once "api/CNActivities/CNActivities.php";
require_once "api/cnapi_constants.php";
if ($request_data['addgroup']) {
filter_all_post($request_data);
$groupname = trim($request_data['groupname']);
$body = trim($request_data['groupdesc']);
$tag_entry = trim($request_data['group_tags']);
$group_category = $request_data['group_category'];
$header_image = NULL;
$header_image_action = @$request_data['header_image_action'];
$display_header_image = @$request_data['display_header_image'];
$collection_id = NULL;
$this->extra = NULL;
if ($request_data['ccid']) {
$collection_id = (int) $request_data['ccid'];
$group = new Group();
$group->load($collection_id);
// preserve group info we are not editing in this module
// load group extra
$extra = $group->extra;
if (!empty($extra)) {
$this->extra = unserialize($extra);
}
$header_image = $group->header_image;
$header_image_action = $group->header_image_action;
$display_header_image = $group->display_header_image;
}
$access = 0;
// default access is 0 means public
$reg_type = $request_data['reg_type'];
if ($reg_type == REG_INVITE) {
// if reg. type = "Invite" access is PRIVATE
$access = ACCESS_PRIVATE;
}
$is_moderated = 0;
// is moderated is 0 means contents appear immediately
$group_tags = $request_data['group_tags'];
if (empty($request_data['groupname'])) {
$error_msg = 90222;
} else {
if (empty($group_category) && empty($error_msg)) {
$error_msg = 90224;
} else {
if (empty($error_msg)) {
try {
if (empty($_FILES['groupphoto']['name'])) {
$upfile = $request_data['file'];
} else {
$myUploadobj = new FileUploader();
//creating instance of file.
$image_type = 'image';
$file = $myUploadobj->upload_file(PA::$upload_path, 'groupphoto', true, true, $image_type);
if ($file == false) {
throw new CNException(GROUP_PARAMETER_ERROR, __("File upload error: ") . $myUploadobj->error);
}
$upfile = $file;
$avatar_uploaded = TRUE;
}
$exception_message = NULL;
$result = Group::save_new_group($collection_id, $_SESSION['user']['id'], $groupname, $body, $upfile, $group_tags, $group_category, $access, $reg_type, $is_moderated, $header_image, $header_image_action, $display_header_image, $this->extra);
$ccid = $result;
$exception_message = 'Group creation failed: ' . $result;
if (!is_numeric($result)) {
throw new CNException(GROUP_CREATION_FAILED, $exception_message);
} else {
if (@$avatar_uploaded) {
Storage::link($upfile, array("role" => "avatar", "group" => (int) $result));
}
if (@$header_uploaded) {
Storage::link($header_image, array("role" => "header", "group" => (int) $result));
}
$this->gid = $this->id = $result;
if (empty($request_data['gid'])) {
$mail_type = $activity = 'group_created';
$act_text = ' created a new group';
} else {
$mail_type = $activity = 'group_settings_updated';
$act_text = ' changed group settings ';
}
$group = new Group();
$group->load((int) $this->gid);
PANotify::send($mail_type, PA::$network_info, PA::$login_user, $group);
// notify network onwer
$_group_url = PA::$url . PA_ROUTE_GROUP . '/gid=' . $result;
$group_owner = new User();
$group_owner->load((int) $_SESSION['user']['id']);
$activity_extra['info'] = $group_owner->first_name . $act_text;
$activity_extra['group_name'] = $groupname;
$activity_extra['group_id'] = $result;
$activity_extra['group_url'] = $_group_url;
$extra = serialize($activity_extra);
$object = $result;
if ($reg_type != REG_INVITE) {
Activities::save($group_owner->user_id, $activity, $object, $extra);
}
// if we reached here than the group is created
if (empty($request_data['gid'])) {
// when a new group is created
// so, we need to assign group admin role to group owner now:
$role_extra = array('user' => false, 'network' => false, 'groups' => array($this->gid));
$user_roles[] = array('role_id' => GROUP_ADMIN_ROLE, 'extra' => serialize($role_extra));
$group_owner->set_user_role($user_roles);
}
if (!empty(PA::$config->useTypedGroups) && !empty($request_data['type'])) {
$this->gid = $this->id;
switch ($request_data['op']) {
case 'create_entity':
case 'edit_entity':
$this->handleEntity($request_data);
break;
}
}
}
} catch (CNException $e) {
if ($e->code == GROUP_PARAMETER_ERROR) {
$error_msg = $e->message;
if (empty($groupname)) {
$error_msg = 90222;
} else {
if (empty($group_category)) {
$error_msg = 90224;
}
}
} else {
$error_msg = $e->message;
}
}
}
}
}
}
//if form is posted
$msg_array = array();
$msg_array['failure_msg'] = @$error_msg;
$msg_array['success_msg'] = !empty($this->id) ? 90231 : 90221;
$redirect_url = PA::$url . PA_ROUTE_GROUP;
$query_str = "?gid=" . @$result;
set_web_variables($msg_array, $redirect_url, $query_str);
}
<?php
/* Function for Filtering the POST data Array
This is included file in post_content.php
Purpose : save structured blogging post
Author: tekriti
Bug fixes:
*/
require_once dirname(__FILE__) . "/../ext/BlogPost/BlogPost.php";
global $base_url, $network_info;
$user = get_login_user();
filter_all_post($_REQUEST);
filter_all_post($_POST, FALSE, TRUE);
// don't strip html *everywhere*, just strip bad tags - or we'll mutilate any html content.
// TO DO: This array should be populated from the database.
$sb_types = array('event' => array(array('caption' => 'Generic', 'sb_mc_type' => 'event/generic'), array('caption' => 'Conference', 'sb_mc_type' => 'event/conference'), array('caption' => 'Concert', 'sb_mc_type' => 'event/concert')), 'review' => array(array('caption' => 'Local Service', 'sb_mc_type' => 'review/localservice'), array('caption' => 'Event', 'sb_mc_type' => 'review/event'), array('caption' => 'Bar/Club', 'sb_mc_type' => 'review/club'), array('caption' => 'Restaurant', 'sb_mc_type' => 'review/restaurant'), array('caption' => 'Café', 'sb_mc_type' => 'review/cafe'), array('caption' => 'Hotel/Resort', 'sb_mc_type' => 'review/hotel'), array('caption' => 'Book', 'sb_mc_type' => 'review/book'), array('caption' => 'Album', 'sb_mc_type' => 'review/album'), array('caption' => 'Article', 'sb_mc_type' => 'review/article'), array('caption' => 'Magazine', 'sb_mc_type' => 'review/magazine'), array('caption' => 'Movie', 'sb_mc_type' => 'review/movie'), array('caption' => 'Software', 'sb_mc_type' => 'review/software'), array('caption' => 'Song', 'sb_mc_type' => 'review/song'), array('caption' => 'Website', 'sb_mc_type' => 'review/website')));
if ($_POST) {
$succ_msg = NULL;
// check to see if there are any errors
$SbHelper = new SbHelper();
$SbHelper->set_mc_type($_REQUEST['sb_mc_type']);
$error_array = $SbHelper->processForm();
// check for album creation
if (@$_POST['new_album']) {
// try to create new album
$save_alb = createalbum();
if ($save_alb['error'] == TRUE) {
array_push($error_array, $save_alb['msg']);
} else {
$created_album_id = $save_alb;
}
/** !!
* Takes the data submitted in the form and gets all of the useful data
* necessary to send a message. It takes the name that is being sent to and
* gets the id, email, and other assorted data. It then sends the message and
* tells the user what the outcome of that process is. It also makes sure the
* message is within the correct length.
*
* @param array $request_data The data to be operated on.
*/
public function handlePOSTPageSubmit($request_data)
{
$error = false;
if (!empty($request_data)) {
if (isset($request_data['send'])) {
$message = NULL;
filter_all_post($request_data, TRUE);
// applying input filter to the post data, this function is define in function.php
$subject = $request_data['subject'];
$body = $request_data['body'];
$in_reply_to = $request_data['in_reply_to'];
if (empty($request_data['to'])) {
$message = 8003;
$error = true;
}
if (strlen($body) > MAX_MESSAGE_LENGTH) {
$message = 8002;
$error = true;
}
if (!$error) {
if (empty($subject)) {
$subject = '[none]';
}
$login_names = preg_split("/,\\s*/", $request_data['to']);
$valid_recipients = array();
//login name of all the valid login names.
$invalid_recipients = array();
// names of all the invalid recipients.
foreach ($login_names as $login_name) {
try {
$User = new User();
$User->load($login_name);
$valid_recipients['id'][] = $User->user_id;
$valid_recipients['name'][] = $User->login_name;
$valid_recipients['display_name'][] = $User->display_name;
$valid_recipients['fname'][] = $User->first_name;
$valid_recipients['email'][] = $User->email;
$valid_recipients['user'][] = $User;
$notif_settings = null;
$recipient_profile = User::load_user_profile($User->user_id, $User->user_id, 'notifications');
if (!empty($recipient_profile)) {
$notif_settings = unserialize($recipient_profile[0]['value']);
}
$valid_recipients['notifications'][] = $notif_settings;
} catch (PAException $e) {
$invalid_recipients[] = $login_name;
}
}
$message = null;
if (count($valid_recipients)) {
$is_draft = FALSE;
// actually 'send' the message
Message::add_message(PA::$login_uid, $valid_recipients['id'], $valid_recipients['name'], $subject, $body, $is_draft, $in_reply_to);
// handle 'also send to email' and 'message_waiting_blink'
$valid_recipients_count = count($valid_recipients['id']);
for ($counter = 0; $counter < $valid_recipients_count; $counter++) {
if (!empty($valid_recipients['notifications'][$counter])) {
$rec_notif_settings = $valid_recipients['notifications'][$counter];
$as_email = false;
if (!empty($rec_notif_settings['user_send_message']['value'])) {
switch ($rec_notif_settings['user_send_message']['value']) {
case NET_EMAIL:
case NET_BOTH:
$as_email = true;
PAMail::send("user_send_message", $valid_recipients['user'][$counter], PA::$login_user, array('subject' => $subject, 'message' => $body));
break;
default:
break;
}
}
// if they are not getting it in email already
if (empty($as_email) && !empty($rec_notif_settings['msg_waiting_blink']) && $rec_notif_settings['msg_waiting_blink'] == NET_EMAIL) {
PAMail::send("msg_waiting_blink", $valid_recipients['email'][$counter], PA::$login_user, array());
}
}
}
$message = sprintf(__("Message sent successfully to %s"), implode(", ", $valid_recipients['display_name']));
}
if (count($invalid_recipients)) {
//some of the recipients are invalid. So displaying the error message for them.
$message .= sprintf(__("Message sending failed for %s as user(s) doesn't exist"), implode(", ", $invalid_recipients));
$error = true;
} else {
// message sent successfully to all the recipients. Redirecting user to inbox
header('Location: ' . PA::$url . PA_ROUTE_MYMESSAGE . "/msg={$message}");
exit;
}
}
if (!empty($message)) {
$msg_array = array();
$msg_array['failure_msg'] = $message;
$msg_array['success_msg'] = NULL;
$redirect_url = NULL;
$query_str = NULL;
set_web_variables($msg_array, $redirect_url, $query_str);
}
}
}
}
private function handlePOST_addChild($request_data)
{
global $error_msg;
$error = FALSE;
$login_name = trim($_POST['login_name']);
$first_name = stripslashes(trim($_POST['first_name']));
$last_name = stripslashes(trim($_POST['last_name']));
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$use_parent_email = $_POST['use_parent_email'];
//echo "<pre>".print_r($_POST, 1)."</pre>"; die();
if (!isset($_POST['state'])) {
if (isset($_POST['stateOther'])) {
$_POST['state'] = $_POST['stateOther'];
}
}
if (isset($_POST['stateOther'])) {
unset($_POST['stateOther']);
}
$msg = NULL;
if (!Validation::validate_email($email) && !empty($_POST['email'])) {
$email_invalid = TRUE;
$error = TRUE;
$msg .= '<br> Email address is not valid';
}
if (User::user_exist($login_name)) {
$msg = "Username {$login_name} is already taken";
$error = TRUE;
}
if ($error == FALSE) {
$newuser = new User();
$newuser->login_name = $login_name;
$newuser->password = $password;
$newuser->first_name = $first_name;
$newuser->last_name = $last_name;
$newuser->email = $email;
$newuser->is_active = ACTIVE;
if (!empty($_FILES['userfile']['name'])) {
$myUploadobj = new FileUploader();
//creating instance of file.
$image_type = 'image';
$file = $myUploadobj->upload_file(PA::$upload_path, 'userfile', true, true, $image_type);
if ($file == false) {
$msg = $myUploadobj->error;
$error = TRUE;
} else {
$newuser->picture = $file;
}
}
if ($error == FALSE) {
try {
if ($use_parent_email) {
$newuser->save($check_unique_email = false);
} else {
$newuser->save($check_unique_email = true);
}
if (!empty($file)) {
Storage::link($file, array("role" => "avatar", "user" => $newuser->user_id));
}
// creating message basic folders
Message::create_basic_folders($newuser->user_id);
// adding default relation
if ($newuser->user_id != SUPER_USER_ID) {
User_Registration::add_default_relation($newuser->user_id, PA::$network_info);
}
// adding default media as well as album
User_Registration::add_default_media($newuser->user_id, '', PA::$network_info);
User_Registration::add_default_media($newuser->user_id, '_audio', PA::$network_info);
User_Registration::add_default_media($newuser->user_id, '_video', PA::$network_info);
User_Registration::add_default_blog($newuser->user_id);
//adding default link categories & links
User_Registration::add_default_links($newuser->user_id);
// code for adding default desktop image for user
$desk_img = uihelper_add_default_desktopimage($newuser->user_id);
if (empty($desk_img)) {
$desktop_images = array('bay.jpg', 'everglade.jpg', 'bay_boat.jpg', 'delhi.jpg');
$rand_key = array_rand($desktop_images);
$desk_img = $desktop_images[$rand_key];
}
$states = array_values(PA::getStatesList());
$countries = array_values(PA::getCountryList());
$profile_keys = array('dob_day', 'dob_month', 'dob_year', 'homeAddress1', 'homeAddress2', 'city', 'state', 'country', 'postal_code', 'phone', 'use_parent_email');
$profile_data = array();
filter_all_post($_POST);
//filters all data of html
foreach ($profile_keys as $k => $pkey) {
if (!empty($_POST[$pkey])) {
if ($pkey == 'state' && $_POST[$pkey] >= 0) {
$prof_rec = array('uid' => $newuser->user_id, 'name' => $pkey, 'value' => $states[$_POST[$pkey]], 'type' => GENERAL, 'perm' => 1);
} else {
if ($pkey == 'country' && $_POST[$pkey] >= 0) {
$prof_rec = array('uid' => $newuser->user_id, 'name' => $pkey, 'value' => $countries[$_POST[$pkey]], 'type' => GENERAL, 'perm' => 1);
} else {
$prof_rec = array('uid' => $newuser->user_id, 'name' => $pkey, 'value' => $_POST[$pkey], 'type' => GENERAL, 'perm' => 1);
}
}
$profile_data[] = $prof_rec;
}
}
$profile_data[] = array('uid' => $newuser->user_id, 'name' => 'user_caption_image', 'value' => $desk_img, 'type' => GENERAL, 'perm' => 1);
// echo "<pre>".print_r($profile_data,1)."</pre>";
$newuser->save_user_profile($profile_data, GENERAL);
//if new user is created in a network then he must set as a joined user
if (!empty(PA::$network_info)) {
$by_admin = true;
Network::join(PA::$network_info->network_id, $newuser->user_id, NETWORK_MEMBER, $by_admin);
// $by_admin = true overrides the
// user_waiting status if it would get set
// this is an admin action, so we want it to happen in any case
}
$user_joined = $this->family->join((int) $newuser->user_id, $newuser->email, null);
if ($user_joined) {
// deal with TypedGroup Relations
require_once "api/Entity/TypedGroupEntityRelation.php";
$type = 'child';
TypedGroupEntityRelation::set_relation($newuser->user_id, $this->family->collection_id, $type);
if ($type == 'child') {
// if user type == child remove LoginUser and GroupMember roles
$newuser->delete_user_role();
// then assign 'Child' role only
$_extra = serialize(array('user' => false, 'network' => false, 'groups' => array($this->family->collection_id)));
$user_roles[] = array('role_id' => CHILD_MEMBER_ROLE, 'extra' => $_extra);
$newuser->set_user_role($user_roles);
}
}
$msg = __("Child's account was successfully created");
} catch (PAException $e) {
$msg = $e->message;
}
}
// end if
}
//end if
$error_msg = $msg;
}
$is_active = ACTIVE;
if ($extra['network_content_moderation'] == NET_YES) {
$content = Content::load_all_content_for_moderation(NULL, $condition);
if (!empty($content)) {
$is_active = $content[0]['is_active'];
}
}
$new_save->is_active = $is_active;
$new_save->save();
$tag_array = Tag::split_tags($_POST['tags']);
Tag::add_tags_to_content($new_save->content_id, $tag_array);
header("Location:group_media_gallery.php?gid=" . $_POST['group_id'] . '&type=' . $module);
}
if (isset($_POST['submit'])) {
/* Function for Filtering the POST data Array */
filter_all_post($_POST, TRUE);
if ($_POST['media_type'] == 'image') {
$module = 'Images';
$new_save = new Image();
if (isset($_POST['image_perm'])) {
$new_save->file_perm = $_POST['image_perm'];
}
} else {
if ($_POST['media_type'] == 'audio') {
$module = 'Audios';
$new_save = new Audio();
if (isset($_POST['audio_perm'])) {
$new_save->file_perm = $_POST['audio_perm'];
}
} else {
if ($_POST['media_type'] == 'video') {
/** !!
* Upon post, this method calls a method defined later in this file,
* one with a name like {$section_name}ProfileSave, where $section_name
* is basic,general,professional,etc.
* @param string $request_method Should be POST.
* @param array $request_data Profile data to save. Will be passed to its respective method.
*/
public function handleSaveProfile($request_method, $request_data)
{
global $error_msg;
$error_msg = null;
switch ($request_method) {
case 'POST':
filter_all_post(&$request_data);
if (!empty($request_data['profile_type'])) {
$saveHandler = $request_data['profile_type'] . 'ProfileSave';
if (method_exists($this, $saveHandler)) {
$this->{$saveHandler}($request_data);
} else {
$error_msg = __("EditProfileModule::handleSaveProfile() - Unknown save handler!");
}
}
break;
}
// $this->setWebPageMessage();
}
function create_new_network($_form)
{
// function checks initial settings for network creation
$can_network_be_created = Network::can_network_be_created();
if ($can_network_be_created['error'] == TRUE) {
$config_error = TRUE;
$error = TRUE;
$error_msg = $can_network_be_created['error_msg'];
} else {
if (!PA::$login_uid) {
$config_error = TRUE;
}
}
//form_data is array used for form fields
// its initialized by $_form
$temp_data['action'] = 'add';
$vartoset = array('address', 'name', 'tagline', 'category', 'desc', 'header_image', 'header_image_option', 'action', 'type', 'network_group_title', 'network_content_moderation');
for ($i = 0; $i < count($vartoset); $i += 1) {
$var = $vartoset[$i];
if (!empty($_form[$var])) {
$temp_data[$var] = trim($_form[$var]);
}
if ($var == 'type') {
if (isset($_form[$var])) {
$temp_data[$var] = $_form[$var];
}
}
}
if (empty($config_error)) {
filter_all_post($_form);
//filters all data of html
$error_post = check_error();
//validation check
if ($error_post['error'] == TRUE) {
$error = TRUE;
$error_msg = $error_post['error_msg'];
}
if (!$error_post) {
//upload file
if (!empty($_FILES['network_image']['name'])) {
$file_upload_result = do_file_upload();
if ($file_upload_result['error']) {
$error = TRUE;
$error_msg = $file_upload_result['error_msg'];
} else {
$header_image = $network_image = $file_upload_result['file'];
}
} else {
//image hidden
$header_image = $network_image = @$temp_data['header_image'];
}
//code to upload the icon image
if (!empty($_FILES['inner_logo_image']['name'])) {
$uploadfile = PA::$upload_path . basename($_FILES['inner_logo_image']['name']);
$myUploadobj = new FileUploader();
//creating instance of file.
$image_type = 'image';
$file = $myUploadobj->upload_file(PA::$upload_path, 'inner_logo_image', true, true, $image_type);
if ($file == false) {
$error = TRUE;
$error_msg = $file_upload_result['error_msg'];
unset($data_icon_image);
} else {
$data_icon_image = array('inner_logo_image' => $file);
}
} else {
unset($data_icon_image);
}
//...code to upload the icon image
$network_basic_controls = PA::$network_defaults;
$network_basic_controls['basic']['header_image']['name'] = $header_image;
$network_basic_controls['basic']['header_image']['option'] = @$_form['header_image_option'] ? $_form['header_image_option'] : DESKTOP_IMAGE_ACTION_STRETCH;
// for title of network group
$network_basic_controls['network_group_title'] = '';
$network_basic_controls['network_group_title'] = $_form['network_group_title'];
$network_basic_controls['network_content_moderation'] = @$_form['network_content_moderation'];
$temp_data['address'] = strtolower($temp_data['address']);
$data = array('user_id' => $_SESSION['user']['id'], 'name' => strip_tags($temp_data['name']), 'address' => $temp_data['address'], 'tagline' => strip_tags($temp_data['tagline']), 'category_id' => $temp_data['category'], 'type' => $temp_data['type'], 'description' => $temp_data['desc'], 'extra' => serialize($network_basic_controls), 'created' => time(), 'changed' => time());
//add icon image
if (!empty($data_icon_image['inner_logo_image'])) {
$data = array_merge($data, $data_icon_image);
$temp_data['inner_logo_image'] = $data_icon_image['inner_logo_image'];
}
$network = new Network();
$network->set_params($data);
try {
$nid = $network->save();
//default_page_setting($network->address); // populate page_default setting
} catch (PAException $e) {
$error = TRUE;
$error_msg = "{$e->message}";
}
if (!empty($nid)) {
$_extra = serialize(array('user' => true, 'network' => true, 'groups' => array()));
Roles::set_user_role_for_network($network->user_id, ADMINISTRATOR_ROLE, $network->address, $_extra);
$location = "http://" . $temp_data['address'] . '.' . PA::$domain_suffix . BASE_URL_REL . PA_ROUTE_CONFIGURE_NETWORK;
}
}
$msg_array = array();
$msg_array['failure_msg'] = @$error_msg;
$msg_array['success_msg'] = 7006;
$return_array = @array('msg' => $msg_array, 'redirection_url' => $location, 'query_str' => $query_str);
}
return $return_array;
}
/** !!
* This is called by the template to organize the feed based on the page type and
* the type of feed.
*
* @param array $request_data Information to determine which group page it is on
*/
private function handleAJAX_sort($request_data)
{
$types = array('network', 'group', 'user_friends', 'user_public');
filter_all_post($request_data);
if (isset($request_data['sort_by'])) {
$this->selected = $request_data['sort_by'];
$this->page_type = $types[$this->selected];
switch ($this->page_type) {
case 'user_public':
$this->subject = PA::$login_uid;
break;
case 'group':
if (empty($request_data['gid'])) {
if (PA::$login_uid) {
$user_groups = Group::get_user_groups((int) PA::$login_uid, FALSE, 1, 1, 'created', 'DESC', 'public');
if (count($user_groups) > 0) {
// echo "<pre>" . print_r($user_groups, 1) . "</pre>";
$this->subject = $user_groups[0]['gid'];
} else {
print '<div style="margin:8px">No Feeds</div>';
exit;
}
} else {
print '<div style="margin:8px">No Feeds</div>';
exit;
}
} else {
$this->subject = $request_data['gid'];
}
break;
default:
//by default network activity will be shown on all the pages.
}
$this->inner_HTML = $this->generate_inner_html();
print $this->inner_HTML;
}
exit;
}
}
//unique name
$cache_id = 'content_' . $id . $nid;
CachedTemplate::invalidate_cache($cache_id);
}
}
}
}
// Code for submit comments
// parent_type = ? it can be "user", "contant_collection", "content", "network" ..etc
// parent_id = ? this is relative to parent_type if type = user than id will be user id if it content than id will be content_id .....
if (!empty($_POST['submit'])) {
$login_required = TRUE;
include "includes/page.php";
$error_msg = NULL;
filter_all_post($_POST);
if (strlen(trim(strip_tags($_POST['comment']))) == 0) {
$error_message = "Your comment contains some illegal characters. Please try again.<br>";
}
if (trim($_POST['comment']) == '') {
$error_message = "Comment can not be left blank<br>";
}
if (empty($error_message)) {
$comment = new Comment();
// setting some variables
$usr = get_user();
$comment->comment = $_POST['comment'];
$comment->subject = $_POST['comment'];
$comment->parent_type = TYPE_CONTENT;
$comment->parent_id = $_POST['id'];
$comment->content_id = $_POST['id'];
public function handlePOSTPageSubmit($request_data)
{
if (!empty($request_data['submit'])) {
filter_all_post($request_data);
if (!empty($request_data['email_user_name'])) {
$msg = NULL;
$friend_user_name = trim($request_data['email_user_name']);
$friend_user_name_array = explode(',', $friend_user_name);
$cnt_usr_name = count($friend_user_name_array);
for ($counter = 0; $counter < $cnt_usr_name; $counter++) {
try {
$user_obj = new User();
$user_obj->load(trim($friend_user_name_array[$counter]));
if ($user_obj->email == PA::$login_user->email) {
$msg = 6002;
//you can not invite your self
} else {
$valid_user_login_names[] = $user_obj->login_name;
$valid_usr_name_email[] = $user_obj->email;
}
} catch (PAException $e) {
if (!empty($friend_user_name_array[$counter])) {
$msg .= '<br />' . $friend_user_name_array[$counter];
}
}
}
// end for
if (!empty($msg) && !is_int($msg)) {
$msg = sprintf(__('Following user names are not valid %s'), $msg);
}
}
// end if : if user names are supplied.
$invalid = array();
if (!empty($request_data['email_id'])) {
$friend_email = trim($request_data['email_id']);
$friend_email_array = explode(',', $friend_email);
$cnt_email = count($friend_email_array);
$self_invite = FALSE;
$error = FALSE;
// Check for valid-invalid email addresses start
for ($counter = 0; $counter < $cnt_email; $counter++) {
$email_validation = Validation::validate_email(trim($friend_email_array[$counter]));
if ($email_validation == '0') {
$invalid[] = trim($friend_email_array[$counter]);
} else {
if ($friend_email_array[$counter] == PA::$login_user->email) {
$self_invite = TRUE;
} else {
$valid_user_first_emails[] = $friend_email_array[$counter];
$valid_email[] = trim($friend_email_array[$counter]);
}
}
}
}
// Check for valid-invalid email addresses end
// Action for valid-invalid email addresses start
if (empty($friend_email) && empty($friend_user_name)) {
// if email field is left empty
if (PA::$network_info->type == MOTHER_NETWORK_TYPE) {
$msg = 6003;
} else {
$msg = 6001;
}
$error_email = TRUE;
$error = TRUE;
} else {
if (!empty($friend_email) && !empty($friend_user_name)) {
$msg = 7026;
$error = TRUE;
} else {
if (!empty($self_invite)) {
// if self invitation is made
$msg = 6002;
$error_email = TRUE;
$error = TRUE;
} else {
if (sizeof($invalid) > 0) {
// if invalid email addresses are supplied
$invalid_cnt = count($invalid);
$msg = '';
for ($counter = 0; $counter < $invalid_cnt; $counter++) {
if (!empty($invalid[$counter])) {
$msg .= '<br />' . $invalid[$counter];
}
}
if (!empty($msg)) {
$msg = sprintf(__('Following email addresses are not valid: %s'), $msg);
} else {
$msg = __(' Invalid Email addresses');
}
$error_email = TRUE;
$error = TRUE;
} else {
if (empty($msg)) {
// At this point invitation could be made
$msg = '';
if (!empty($valid_email) && !empty($valid_usr_name_email)) {
$valid_email = array_merge($valid_email, $valid_usr_name_email);
$valid_user_first_emails = array_merge($valid_user_first_emails, $valid_user_login_names);
} else {
if (!empty($valid_usr_name_email)) {
$valid_email = $valid_usr_name_email;
$valid_user_first_emails = $valid_user_login_names;
}
}
$valid_cnt = count($valid_email);
$message = nl2br($request_data['message']);
for ($counter = 0; $counter < $valid_cnt; $counter++) {
$inv = new Invitation();
$inv->user_id = PA::$login_user->user_id;
$inv->username = PA::$login_user->login_name;
// for invitation not for any group invitation collection id is -1
$inv->inv_collection_id = -1;
$inv->inv_status = INVITATION_PENDING;
$auth_token = get_invitation_token(LONG_EXPIRES, $valid_email[$counter]);
$token = '&token=' . $auth_token;
$inv->register_url = PA::$url . "/" . FILE_REGISTER . "?InvID={$inv->inv_id}";
$inv->accept_url = PA::$url . "/" . FILE_LOGIN . "?action=accept&InvID={$inv->inv_id}{$token}";
$inv->inv_user_id = NULL;
$inv->inv_user_first_name = $valid_user_first_emails[$counter];
$inv->inv_email = $valid_email[$counter];
$inv->inv_summary = 'Invitation from' . PA::$login_user->first_name . ' ' . PA::$login_user->last_name . ' to join ' . PA::$site_name;
if ($message != CUSTOM_INVITATION_MESSAGE) {
$inv->inv_message = !empty($message) ? $message : NULL;
}
if (empty($error)) {
try {
$inv->send();
} catch (PAException $e) {
$msg = "{$e->message}";
$save_error = TRUE;
}
}
if (isset($save_error) && $save_error == TRUE) {
$msg = sprintf(__('Sorry: you are unable to invite a friend. Reason: %s'), $msg);
} else {
// invitation has been sent, now send mail
PAMail::send('invite_pa', $inv->inv_email, PA::$login_user, $inv);
$msg .= $valid_user_first_emails[$counter];
if ($counter == $valid_cnt - 1) {
$msg = sprintf(__('An Invitation has been sent to - %s'), $msg);
}
}
}
// end for : invitation to multiple email
}
}
}
}
}
$this->message = $msg;
$this->redirect2 = NULL;
$this->queryString = NULL;
$this->isError = TRUE;
$this->setWebPageMessage();
}
}
