function pseudo_exists($pseudo)
{
$query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE u_pseudo = \'' . insertBD(trim($pseudo)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
$query->free();
return $dn['count'] > 0;
}
function search_news_bytag($tag, $etat, $page = '', $element_par_page = 0)
{
$add_champs_sql = '';
$add_jointure_sql = '';
$list_news = array();
$end_rqt_sql = '';
$clause_etat = $etat != 0 ? 'n_etat = ' . intval($etat) . ' AND ' : '';
if (!empty($page) && is_numeric($page)) {
$premierMessageAafficher = ($page - 1) * $element_par_page;
$end_rqt_sql = ' LIMIT ' . $premierMessageAafficher . ', ' . $element_par_page . ' ';
}
// Si l'utilisateur est connecté
if (is_logged_in()) {
$add_champs_sql = ', f_id_membre, f_type, v_id_membre';
$add_jointure_sql = ' LEFT JOIN ' . Nw::$prefix_table . 'news_flags ON (n_id = f_id_news AND f_id_membre = ' . intval(Nw::$dn_mbr['u_id']) . ')';
$add_jointure_sql .= ' LEFT JOIN ' . Nw::$prefix_table . 'news_vote ON (n_id = v_id_news AND v_id_membre = ' . intval(Nw::$dn_mbr['u_id']) . ')';
}
// Rqt SQL
$rqt_list_news = Nw::$DB->query('SELECT t_tag AS first_tag, c_id, c_nom, c_rewrite, n_resume, n_nb_votes, n_nb_versions, n_id, n_id_auteur, n_id_cat, n_titre, n_etat, n_vues, n_private, n_nbr_coms, i_id, i_nom,
' . decalageh('n_date', 'date_news') . ', u_id, u_pseudo, u_alias, u_avatar' . $add_champs_sql . '
FROM ' . Nw::$prefix_table . 'news
LEFT JOIN ' . Nw::$prefix_table . 'members ON n_id_auteur = u_id' . $add_jointure_sql . '
LEFT JOIN ' . Nw::$prefix_table . 'categories ON c_id = n_id_cat
LEFT JOIN ' . Nw::$prefix_table . 'news_images ON i_id = n_id_image
LEFT JOIN ' . Nw::$prefix_table . 'tags ON t_id_news = n_id
WHERE ' . $clause_etat . 't_tag = \'' . insertBD(trim(urldecode($tag))) . '\' GROUP BY n_id ORDER BY n_date DESC' . $end_rqt_sql) or Nw::$DB->trigger(__LINE__, __FILE__);
while ($donnees_news = $rqt_list_news->fetch_assoc()) {
$list_news[] = $donnees_news;
}
return $list_news;
}
protected function main()
{
if (!is_logged_in()) {
redir(Nw::$lang['common']['need_login'], false, 'users-10.html');
}
$this->set_title(Nw::$lang['users']['item_mdp']);
$this->set_tpl('membres/options_pass.html');
$this->add_css('forms.css');
$this->set_filAriane(array(Nw::$lang['users']['mes_options_title'] => array('users-60.html'), Nw::$lang['users']['item_mdp'] => array('')));
if (isset($_POST['submit']) && !multi_empty(trim($_POST['old']), trim($_POST['nw_pass1']), trim($_POST['nw_pass2']))) {
$bf_token = 'jJ_=éZAç1l';
$ft_token = 'ù%*àè1ç0°dezf';
$pass_membre = insertBD(sha1($bf_token . trim($_POST['old']) . $ft_token));
if ($_POST['nw_pass1'] == $_POST['nw_pass2']) {
if (Nw::$dn_mbr['u_password'] == $pass_membre) {
inc_lib('users/chg_password');
chg_password($_POST['nw_pass1'], Nw::$dn_mbr['u_id']);
if (!empty($_COOKIE['nw_pass'])) {
$time_expire = time() + 10 * 365 * 24 * 3600;
setcookie('nw_ident', Nw::$dn_mbr['u_id'], $time_expire);
setcookie('nw_pass', $pass_membre, $time_expire);
}
redir(Nw::$lang['users']['mdp_change'], true, 'users-60.html');
} else {
redir(Nw::$lang['users']['not_root_password'], false, 'users-63.html');
}
} else {
redir(Nw::$lang['users']['sames_password'], false, 'users-63.html');
}
}
}
function add_ban_ip($ip, $id_modo, $duree, $motif, $motif_admin)
{
inc_lib('bbcode/parse');
$motif_admin = parse(insertBD(trim($motif_admin)));
$motif = insertBD(trim($motif_admin));
Nw::$DB->query("INSERT INTO " . Nw::$prefix_table . "ban_ip(ban_ip, ban_id_modo,\n ban_date, ban_date_end, ban_is_end, ban_motif, ban_motif_admin)\n VALUES(" . ip2long($ip) . ", " . intval($id_modo) . ", NOW(),\n NOW() + " . intval($duree) . " DAY, 0, '" . $motif . "', '" . $motif_admin . "'");
}
/**
* Un utilisateur tente de connecter avec les cookies
* @author Cam
* @param $id ID du membre
* @param $pass Mot de passe (crypté)
* @return integer
*/
public static function count_exit_cookies($id, $pass)
{
$query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE u_id=' . intval($id) . ' AND u_password=\'' . insertBD($pass) . '\'');
$data = $query->fetch_assoc();
$query->free();
return $data['count'];
}
function delete_cmt_news($id_news, $id_comment)
{
// Le commentaire est juste remplacé par un message
if (Nw::$droits['can_del_all_comments'] && !empty($_POST['raison']) || !Nw::$droits['can_del_all_comments']) {
$message_masque = $_POST['raison'];
if (!Nw::$droits['can_del_all_comments']) {
$message_masque = Nw::$lang['news']['cmt_deletedby_himself'];
}
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news_commentaires SET c_masque = 1, c_masque_raison = \'' . insertBD(trim($message_masque)) . '\', c_masque_modo = ' . intval(Nw::$dn_mbr['u_id']) . ' WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
}
// Suppression définitive du commentaire
if (empty($_POST['raison']) && isset($_POST['rlly_delete'])) {
$add_sql = '';
$query = Nw::$DB->query('SELECT c_id FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id <> ' . intval($id_comment) . ' ORDER BY c_date DESC LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
$query_stats = Nw::$DB->query('SELECT c_id_membre FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
$dn_stats = $query->fetch_assoc();
if (!empty($dn['c_id'])) {
$add_sql = ', n_last_com = ' . intval($dn['c_id']);
}
Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'news_commentaires WHERE c_id_news = ' . intval($id_news) . ' AND c_id = ' . intval($id_comment)) or Nw::$DB->trigger(__LINE__, __FILE__);
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET n_nbr_coms = n_nbr_coms - 1' . $add_sql . ' WHERE n_id = ' . intval($id_news)) or Nw::$DB->trigger(__LINE__, __FILE__);
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats SET s_nb_coms = s_nb_coms - 1 WHERE s_id_membre = ' . intval($dn_stats['c_id_membre'])) or Nw::$DB->trigger(__LINE__, __FILE__);
}
}
protected function main()
{
if (!is_logged_in() && !check_auth('view_histo_all_news')) {
header('Location: ./');
}
$this->set_title(Nw::$lang['news']['historiques_news']);
$this->set_tpl('news/log_admin.html');
$this->add_css('code.css');
$this->set_filAriane(array(Nw::$lang['news']['news_section'] => array('news-70.html'), Nw::$lang['news']['historiques_news'] => array('')));
$get_param = '';
$param_tpl = '';
if (!empty($_GET['t'])) {
$get_param = 'l_titre LIKE "%' . insertBD(urldecode($_GET['t'])) . '%" OR l_texte LIKE "%' . insertBD(urldecode($_GET['t'])) . '%"';
$param_tpl = htmlspecialchars($_GET['t']);
}
inc_lib('news/count_news_logs');
$nombre_logs = count_news_logs($get_param);
// Pagination
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
$nombreDePages = ceil($nombre_logs / Nw::$pref['nb_logs_admin']);
// On vérifie que la page existe bien
if ($nombreDePages > 0 && $page > $nombreDePages) {
redir(Nw::$lang['common']['pg_not_exist'], false, 'news-21.html?t=' . $param_tpl);
}
/**
* Affichage du logo
**/
inc_lib('news/get_news_logs');
$donnees_logs = get_news_logs($get_param, 'l_date DESC', $page, Nw::$pref['nb_logs_admin']);
foreach ($donnees_logs as $donnees) {
Nw::$tpl->setBlock('log', array('ACTION' => $donnees['l_action'], 'ACTION_LOG' => isset(Nw::$lang['news']['log_news_' . $donnees['l_action']]) ? Nw::$lang['news']['log_news_' . $donnees['l_action']] : '', 'TEXTE' => nl2br($donnees['l_texte']), 'DATE' => date_sql($donnees['date'], $donnees['heures_date'], $donnees['jours_date']), 'AUTEUR' => $donnees['u_pseudo'], 'AUTEUR_ID' => $donnees['u_id'], 'AUTEUR_AVATAR' => $donnees['u_avatar'], 'AUTEUR_ALIAS' => $donnees['u_alias'], 'NEWS_ID' => $donnees['l_id_news'], 'NEWS_TITRE' => $donnees['n_titre'], 'TITRE_ACTU' => $donnees['l_titre'], 'IP' => long2ip($donnees['l_ip'])));
}
Nw::$tpl->set(array('TITRE' => urldecode($param_tpl), 'LIST_PG' => list_pg($nombreDePages, $page, 'news-21%s.html?t=' . $param_tpl)));
}
function get_info_mbr($res, $by = null)
{
if (is_null($by)) {
if (is_numeric($res)) {
$where_clause = 'u_id = ' . intval($res);
} else {
$where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
}
} elseif ($by == 'alias') {
$where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
} elseif ($by == 'id') {
$where_clause = 'u_id = ' . intval($res);
} elseif ($by == 'mail') {
$where_clause = 'u_email = \'' . insertBD($res) . '\'';
} elseif ($by == 'identifier') {
$where_clause = 'u_identifier = \'' . insertBD($res) . '\'';
} elseif ($by == 'pseudo') {
$where_clause = 'u_pseudo = \'' . insertBD($res) . '\'';
}
$query = Nw::$DB->query('SELECT u_id, u_alias, u_avatar, u_pseudo, u_group,
u_localisation, u_ident_unique, u_bio, ' . decalageh('u_date_register', 'date_register') . ',
' . decalageh('u_last_visit', 'last_visit') . ', u_password, u_code_act, u_active,
u_email, u_decalage, DATE_FORMAT(u_date_naissance, "%d/%m/%Y") AS date_naissance,
g_titre, g_icone
FROM ' . Nw::$prefix_table . 'members
LEFT JOIN ' . Nw::$prefix_table . 'groups ON g_id = u_group
WHERE ' . $where_clause) or Nw::$DB->trigger(__LINE__, __FILE__);
return $query->fetch_assoc();
}
function add_mbr($pseudo, $password, $email, $identifier = '', $valide = 0)
{
$bf_token = 'jJ_=éZAç1l';
$ft_token = 'ù%*àè1ç0°dezf';
$key_alea_code_activate = md5(uniqid(mt_rand()));
// Enregistrement de l'utilisateur dans la base de données
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'members (u_pseudo, u_alias, u_identifier, u_password, u_email, u_group, u_date_register, u_active, u_code_act, u_ip)
VALUES(\'' . insertBD(trim($pseudo)) . '\', \'' . rewrite(trim($pseudo)) . '\', \'' . insertBD(trim($identifier)) . '\', \'' . insertBD(sha1($bf_token . trim($password) . $ft_token)) . '\', \'' . insertBD(trim($email)) . '\',
4, NOW(), ' . intval($valide) . ', \'' . insertBD($key_alea_code_activate) . '\', \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
$id_new_membre = Nw::$DB->insert_id;
$identifiant_unique = md5($id_new_membre . uniqid(rand(), true));
$lien_activation = Nw::$site_url . 'users-32.html?mid=' . $id_new_membre . '&ca=' . $key_alea_code_activate;
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members SET u_ident_unique = \'' . Nw::$DB->real_escape_string($identifiant_unique) . '\' WHERE u_id = ' . intval($id_new_membre)) or Nw::$DB->trigger(__LINE__, __FILE__);
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'members_stats (s_id_membre) VALUES(' . intval($id_new_membre) . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
inc_lib('users/mail2gd');
mail2gd($identifiant_unique, trim($email));
inc_lib('newsletter/add_abonnement');
add_abonnement(trim($email), $id_new_membre);
// Envoie d'email de validation
if ($valide == 0) {
$txt_mail = sprintf(Nw::$lang['users']['mail_confirm_insc'], $pseudo, Nw::$site_url, Nw::$site_name, $lien_activation, $lien_activation, $lien_activation);
@envoi_mail(trim($email), sprintf(Nw::$lang['users']['confirm_inscription'], Nw::$site_name), $txt_mail);
} else {
// Le compte est confirmé, on met à jour le nbr de membres
inc_lib('admin/gen_cachefile_nb_members');
gen_cachefile_nb_members();
generate_members_sitemap();
}
return $id_new_membre;
}
function mbr_act_exists($idm, $code_act)
{
$query = Nw::$DB->query('SELECT COUNT(*) as count
FROM ' . Nw::$prefix_table . 'members WHERE u_id=' . intval($idm) . ' AND u_code_act=\'' . insertBD($code_act) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
$query->free();
return $dn['count'] > 0;
}
function insertRecurso($recurso, $bd)
{
//$bd = openBD();
$sql_insert = "INSERT INTO recurso (id, tipo, fecha_publicacion, usuario_id, ubicacion)\n VALUES (NULL, '" . mysqli_real_escape_string($bd, $recurso->getTipo()) . "',\n '" . mysqli_real_escape_string($bd, $recurso->getFechaPublicacion()) . "',\n '" . mysqli_real_escape_string($bd, $recurso->getUsuario()) . "',\n '" . mysqli_real_escape_string($bd, $recurso->getUbicacion()) . "');";
$resultado = insertBD($sql_insert, $bd);
//var_dump($resultado);
//closeBD($bd);
}
function edit_grp($id)
{
$couleur = isset($_POST['couleur']) ? 1 : 0;
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'groups
SET g_nom = \'' . insertBD(trim($_POST['nom'])) . '\', g_titre = \'' . insertBD(trim($_POST['titre'])) . '\',
g_icone = \'' . insertBD(trim($_POST['icone'])) . '\', g_couleur = ' . $couleur . '
WHERE g_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
}
function count_search_results($tag, $etat)
{
$clause_etat = $etat != 0 ? 'n_etat = ' . intval($etat) . ' AND ' : '';
$query = Nw::$DB->query('SELECT COUNT(*) AS count FROM ' . Nw::$prefix_table . 'news
LEFT JOIN ' . Nw::$prefix_table . 'tags ON t_id_news = n_id
WHERE ' . $clause_etat . 't_tag = \'' . insertBD(trim(urldecode($tag))) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
return $dn['count'];
}
function add_grp()
{
$couleur = isset($_POST['couleur']) ? 1 : 0;
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'groups (g_nom, g_titre,
g_icone, g_couleur) VALUES(\'' . insertBD(trim($_POST['nom'])) . '\',
\'' . insertBD(trim($_POST['titre'])) . '\', \'' . insertBD(trim($_POST['icone'])) . '\',
' . $couleur . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
return Nw::$DB->insert_id;
}
function chg_password($pass, $idm, $code_act = '')
{
$bf_token = 'jJ_=éZAç1l';
$ft_token = 'ù%*àè1ç0°dezf';
$sql_code_act = !empty($code_act) ? ' AND u_code_act=\'' . insertBD($code_act) . '\'' : '';
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members
SET u_password=\'' . insertBD(sha1($bf_token . $pass . $ft_token)) . '\'
WHERE u_id=' . intval($idm) . $sql_code_act) or Nw::$DB->trigger(__LINE__, __FILE__);
}
function tag_news_exists($id_news, $tag)
{
$query = Nw::$DB->query('SELECT COUNT(*) as count
FROM ' . Nw::$prefix_table . 'tags
WHERE t_id_news = ' . intval($id_news) . ' AND t_tag = \'' . insertBD(trim($tag)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
$query->free();
return $dn['count'] > 0;
}
function get_info_account($pseudo, $password)
{
$bf_token = 'jJ_=éZAç1l';
$ft_token = 'ù%*àè1ç0°dezf';
//On s'assure que le compte existe, et on récupère les infos
$query = Nw::$DB->query('SELECT u_id, u_active
FROM ' . Nw::$prefix_table . 'members
WHERE u_pseudo=\'' . insertBD(trim($pseudo)) . '\'
AND u_password=\'' . insertBD(sha1($bf_token . $password . $ft_token)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
return $query->fetch_assoc();
}
function get_info_cat($id, $type = 'id')
{
if ($type == 'id') {
$where_type = 'c_id=' . intval($id);
} else {
$where_type = 'c_rewrite=\'' . insertBD(trim($id)) . '\'';
}
$query = Nw::$DB->query('SELECT c_id, c_nom, c_rewrite, c_nbr_news, c_desc
FROM ' . Nw::$prefix_table . 'categories
WHERE ' . $where_type) or Nw::$DB->trigger(__LINE__, __FILE__);
return $query->fetch_assoc();
}
function edit_profile_mbr()
{
inc_lib('bbcode/parse');
$contenu_bio = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($_POST['biographie']))));
$explode_date_naissance = explode('/', $_POST['date_naissance']);
$new_dn = $explode_date_naissance[2] . '-' . $explode_date_naissance[1] . '-' . $explode_date_naissance[0];
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members SET
u_decalage = \'' . insertBD($_POST['decalage_horaire']) . '\',
u_bio = \'' . $contenu_bio . '\',
u_date_naissance = \'' . insertBD($new_dn) . '\',
u_localisation = \'' . insertBD($_POST['localisation']) . '\'
WHERE u_id = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
}
protected function main()
{
$this->set_title('hey');
$this->set_tpl('invit/programme.html');
Nw::$tpl->set('RPX_URL_INVIT', urlencode(Nw::$site_url . 'users-40.html?invit'));
if (isset($_POST['submit_invit']) && !empty($_POST['code'])) {
$query = Nw::$DB->query('SELECT COUNT(*) as count, i_id, i_nb_max_auth, i_nb_auth FROM invits WHERE i_code = \'' . insertBD(trim($_POST['code'])) . '\' GROUP BY i_id') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
if ($dn['count'] > 0) {
if ($dn['i_nb_auth'] < $dn['i_nb_max_auth']) {
Nw::$DB->query('UPDATE invits SET i_nb_auth = i_nb_auth + 1 WHERE i_id = ' . intval($dn['i_id']));
$_SESSION['nw_invit'] = true;
redir('Bienvenue sur la version bêta privée de Nouweo.', true, './');
} else {
redir('Ce code d\'invitation a expiré.', false, './');
}
} else {
redir('Ce code d\'invitation n\'existe pas.', false, './');
}
}
if (isset($_POST['submit_request']) && !empty($_POST['pseudo']) && !empty($_POST['email'])) {
// L'email est bien sous la bonne forme (name@domain.tld)
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$query = Nw::$DB->query('SELECT COUNT(*) as count FROM invits_request WHERE r_email = \'' . insertBD(trim($_POST['email'])) . '\' GROUP BY r_email') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
if ($dn['count'] == 0) {
Nw::$DB->query('INSERT INTO invits_request (r_pseudo, r_email, r_date, r_ip) VALUES(\'' . insertBD(trim($_POST['pseudo'])) . '\', \'' . insertBD(trim($_POST['email'])) . '\', NOW(), \'' . get_ip() . '\')');
redir('Vous avez bien été noté sur la liste d\'attente.', true, './');
} else {
redir('Cette adresse email est déjà utilisée.', false, './');
}
} else {
redir('Cette adresse email n\'est pas valide.', false, './');
}
}
if (isset($_POST['submit_login']) && !empty($_POST['pseudo']) && !empty($_POST['mdp'])) {
inc_lib('users/get_info_account');
if ($dn_info_account = get_info_account($_POST['pseudo'], $_POST['mdp'])) {
if ($dn_info_account['u_active'] == 1) {
inc_lib('users/connect_auto_user');
connect_auto_user($dn_info_account['u_id'], $_POST['mdp'], true);
$_SESSION['nw_invit'] = true;
redir('Bienvenue sur la version bêta privée de Nouweo.', true, './');
} else {
redir('Votre compte n\'est pas activé, il ne peut être utilisé.', false, './');
}
} else {
redir('Aucun compte ne correspond à ce pseudo et mot de passe.', false, './');
}
}
}
function add_tag_news($id_news, $tag, $position = 0)
{
if ($position == 0) {
$rqt_dn_tags = Nw::$DB->query('SELECT t_position
FROM ' . Nw::$prefix_table . 'tags
WHERE t_id_news = ' . intval($id_news) . '
ORDER BY t_position DESC LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
$donnees_last_tag = $rqt_dn_tags->fetch_assoc();
if (isset($donnees_last_tag['t_position'])) {
$position = $donnees_last_tag['t_position'] + 1;
}
}
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'tags (t_id_news, t_tag, t_position)
VALUES(' . intval($id_news) . ', \'' . insertBD(trim($tag)) . '\', ' . intval($position) . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
function connect_auto_user($id_membre, $pass, $connexion_auto = false, $hash_pass = True)
{
//Si on a coché "Se souvenir de moi", on crée les cookies
if ($connexion_auto) {
$bf_token = 'jJ_=éZAç1l';
$ft_token = 'ù%*àè1ç0°dezf';
$pass = (bool) $hash_pass ? sha1($bf_token . $pass . $ft_token) : $pass;
$time_expire = time() + 10 * 365 * 24 * 3600;
setcookie('nw_ident', $id_membre, $time_expire);
setcookie('nw_pass', insertBD($pass), $time_expire);
}
$_SESSION['ident_session'] = $id_membre;
$_SESSION['nw_invit'] = true;
$_SESSION['logged'] = true;
}
protected function main()
{
if (empty($_GET['e']) || empty($_GET['t'])) {
header('Location: ./');
}
inc_lib('newsletter/count_abonnement');
$count_abonne = count_abonnement('a_email = \'' . insertBD(trim($_GET['e'])) . '\' AND a_token = \'' . insertBD(trim($_GET['t'])) . '\'');
if ($count_abonne == 1) {
inc_lib('newsletter/remove_abonnement');
remove_abonnement($_GET['e']);
redir(Nw::$lang['newsletter']['desinscription_r'], true, 'newsletter.html');
} else {
redir(Nw::$lang['newsletter']['abo_dont_exist'], false, 'newsletter.html');
}
}
function valid_news_direct($id)
{
inc_lib('admin/post_twitt_news');
$return_alias = post_twitt_news($id);
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news
SET n_date = NOW(), n_last_mod = NOW(), n_private = 0, n_etat = 3, n_vues = 0, n_miniurl = \'' . insertBD($return_alias) . '\'
WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
inc_lib('news/delete_all_cmt');
delete_all_cmt($id);
generate_news_sitemap();
generate_categories_sitemap();
$rqt_dn_news = Nw::$DB->query('SELECT n_id, n_titre FROM ' . Nw::$prefix_table . 'news WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
$dn_news = $rqt_dn_news->fetch_assoc();
// Log
$texte_log = sprintf(Nw::$lang['news']['log_publication_votes'], Nw::$pref['nb_votes_valid_news']);
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_titre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . insertBD($dn_news['n_titre']) . '\', 13, \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
function mbr_exists($res, $by = null)
{
if (is_null($by)) {
if (is_numeric($res)) {
$where_clause = 'u_id = ' . intval($res);
} else {
$where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
}
} elseif ($by == 'alias') {
$where_clause = 'u_alias = \'' . insertBD(trim($res)) . '\'';
} else {
$where_clause = 'u_id = ' . intval($res);
}
$query = Nw::$DB->query('SELECT COUNT(*) as count FROM ' . Nw::$prefix_table . 'members WHERE ' . $where_clause) or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
$query->free();
return $dn['count'] > 0;
}
function track_externs($type)
{
$id_membre_tracker = is_logged_in() ? intval(Nw::$dn_mbr['u_id']) : 0;
$ip_membre_tracker = get_ip();
$nb_clics_tracker = 1;
$referer = isset($_SERVER['HTTP_REFERER']) ? explode('/', $_SERVER['HTTP_REFERER']) : array();
$referer_domain = count($referer) > 0 ? $referer[2] : '';
$clause_where = is_logged_in() ? 't_id_membre = ' . intval(Nw::$dn_mbr['u_id']) : 't_ip = \'' . $ip_membre_tracker . '\'';
$query = Nw::$DB->query('SELECT COUNT(*) as count, t_nb_clics, r_referer
FROM ' . Nw::$prefix_table . 'extern_tracker
WHERE ' . $clause_where . ' AND t_type = \'' . insertBD($type) . '\' GROUP BY t_id') or Nw::$DB->trigger(__LINE__, __FILE__);
$dn = $query->fetch_assoc();
if ($dn['count'] > 0) {
$nb_clics_tracker = $dn['t_nb_clics'] + 1;
}
Nw::$DB->query('REPLACE INTO ' . Nw::$prefix_table . 'extern_tracker (t_id_membre, t_type, t_date, t_ip, t_nb_clics, r_referer)
VALUES (' . $id_membre_tracker . ', \'' . insertBD($type) . '\', NOW(), \'' . $ip_membre_tracker . '\', ' . $nb_clics_tracker . ', \'' . insertBD($referer_domain) . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
function get_tags_search($tag, $masque = 0, $etat = 3, $hide_var = 0)
{
$list_tags = array();
$clause_etat = $etat != 0 ? ' AND n_etat = ' . intval($etat) : '';
$hide_var_sql = $hide_var != 0 ? ' AND t_tag <> \'' . insertBD(trim(urldecode($tag))) . '\'' : '';
$type_masque = '\'%' . insertBD(trim($tag)) . '%\'' . $clause_etat;
if ($masque != 0) {
$type_masque = '\'' . insertBD(trim($tag)) . '%\'' . $clause_etat;
}
$query = Nw::$DB->query('SELECT t_tag, COUNT(t_tag) AS nb_news FROM ' . Nw::$prefix_table . 'tags
LEFT JOIN ' . Nw::$prefix_table . 'news ON t_id_news = n_id
WHERE t_tag LIKE ' . $type_masque . $hide_var_sql . '
GROUP BY t_tag ORDER BY nb_news DESC, t_tag ASC
LIMIT 10') or Nw::$DB->trigger(__LINE__, __FILE__);
while ($donnees = $query->fetch_assoc()) {
$donnees['rewrite'] = urlencode($donnees['t_tag']);
$list_tags[] = $donnees;
}
return $list_tags;
}
protected function main()
{
$this->set_title(Nw::$lang['newsletter']['sabonner']);
$this->add_css('code.css');
$this->set_tpl('newsletter/abonnement.html');
$this->set_filAriane(Nw::$lang['newsletter']['sabonner']);
$this->load_lang_file('users');
$is_already_abonne = false;
$id_membre_login = is_logged_in() ? Nw::$dn_mbr['u_id'] : 0;
$phrase_abonne = '';
$token_url = '';
$email_url = '';
if (is_logged_in()) {
inc_lib('newsletter/count_abonnement');
$is_already_abonne = count_abonnement('a_id_membre = ' . intval(Nw::$dn_mbr['u_id']));
if ($is_already_abonne == 1) {
inc_lib('newsletter/get_info_abonnement');
$donnees_abo = get_info_abonnement('a_id_membre = ' . intval(Nw::$dn_mbr['u_id']));
$phrase_abonne = sprintf(Nw::$lang['newsletter']['already_register'], $donnees_abo['a_email']);
$token_url = $donnees_abo['a_token'];
$email_url = urlencode($donnees_abo['a_email']);
}
}
// S'enregistrer à la newsletter
if (isset($_POST['submit']) && !empty($_POST['email_newsletter']) && filter_var($_POST['email_newsletter'], FILTER_VALIDATE_EMAIL)) {
inc_lib('newsletter/count_abonnement');
$is_already_abonne = count_abonnement('a_email = \'' . insertBD(trim($_POST['email_newsletter'])) . '\'');
// Cette adresse email n'est pas déjà enregistrée dans la bdd
if ($is_already_abonne == 0) {
inc_lib('newsletter/add_abonnement');
add_abonnement($_POST['email_newsletter'], $id_membre_login);
redir(Nw::$lang['newsletter']['register_r_ok'], true, 'newsletter.html');
} else {
redir(Nw::$lang['newsletter']['email_used'], false, 'newsletter.html');
}
}
Nw::$tpl->set(array('IS_ABONNE' => $is_already_abonne, 'PHRASE_ABO' => $phrase_abonne, 'TOKEN' => $token_url, 'EMAIL' => $email_url));
}
function edit_news($id, $author = false)
{
inc_lib('bbcode/parse');
inc_lib('bbcode/clearer');
$add_champs_sql = array();
$content_news = $_POST['contenu'];
$requete_news = Nw::$DB->query('SELECT n_etat, n_titre FROM ' . Nw::$prefix_table . 'news WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
$donnees_news = $requete_news->fetch_assoc();
/**
* Le membre peut-il changer l'état de la news et mettre à jour sa date ?
**/
if (Nw::$droits['mod_news_status']) {
if (isset($_POST['maj_dat'])) {
$add_champs_sql[] = 'n_date = NOW()';
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 3, NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
// Si on change l'état
if ($_POST['etat'] != $donnees_news['n_etat']) {
$texte_log = sprintf(Nw::$lang['news']['log_chg_etat'], Nw::$lang['news']['log_etat_' . $donnees_news['n_etat']], Nw::$lang['news']['log_etat_' . $_POST['etat']]);
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 1' . intval($_POST['etat']) . ', \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
$add_champs_sql[] = 'n_etat = ' . intval($_POST['etat']);
}
if (isset($_POST['maj_dat']) && $_POST['etat'] != $donnees_news['n_etat'] && $_POST['etat'] == 3) {
inc_lib('admin/post_twitt_news');
$return_alias = post_twitt_news($id);
if (!empty($return_alias) && strlen(trim($return_alias)) > 0) {
$add_champs_sql[] = 'n_miniurl = \'' . insertBD($return_alias) . '\'';
}
}
// Suppression des commentaires
if (isset($_POST['delete_comments'])) {
inc_lib('news/delete_all_cmt');
delete_all_cmt($id);
}
}
/**
* Si c'est l'auteur, le membre peut modifier le titre, la catégorie et
* les tags
**/
if ($author) {
$news_private = isset($_POST['private_news']) ? 1 : 0;
// Si on change le titre
if ($_POST['titre_news'] != $donnees_news['n_titre']) {
$texte_log = Nw::$DB->real_escape_string(sprintf(Nw::$lang['news']['log_chg_titre'], $donnees_news['n_titre'], $_POST['titre_news']));
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_logs (l_id_news, l_id_membre, l_action, l_texte, l_date, l_ip) VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 4, \'' . $texte_log . '\', NOW(), \'' . get_ip() . '\')') or Nw::$DB->trigger(__LINE__, __FILE__);
$add_champs_sql[] = 'n_titre = \'' . insertBD(trim($_POST['titre_news'])) . '\'';
}
$add_champs_sql[] = 'n_id_cat = ' . intval($_POST['cat']);
$add_champs_sql[] = 'n_private = ' . $news_private;
/**
* Sources
**/
$nbr_sources = 0;
Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'news_src WHERE src_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
if (count($_POST['sources']) > 0) {
foreach ($_POST['sources'] as $id_src => $value) {
if (!multi_empty(trim($_POST['sources_nom'][$id_src]), trim($_POST['sources'][$id_src]))) {
++$nbr_sources;
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_src (src_id_news, src_media, src_url, src_order) VALUES(' . intval($id) . ', \'' . insertBD(trim($_POST['sources_nom'][$id_src])) . '\', \'' . insertBD(trim($_POST['sources'][$id_src])) . '\', ' . $nbr_sources . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
}
}
}
$add_champs_sql[] = 'n_nb_src = ' . $nbr_sources;
// Tags
if (!empty($_POST['tags']) && strlen(trim($_POST['tags'])) > 0) {
Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'tags
WHERE t_id_news = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
$tags_news = explode(',', $_POST['tags']);
$num_tag = 0;
inc_lib('news/add_tag_news');
foreach ($tags_news as $tag) {
if (!empty($tag) && strlen(trim($tag)) > 0) {
++$num_tag;
add_tag_news($id, $tag, $num_tag);
}
}
}
/**
* Associer une image à la news (si celle -ci est remplie)
**/
if (!empty($_FILES['file']['name'])) {
inc_lib('news/add_img_news');
$id_last_image = add_img_news($id);
if ($id_last_image) {
$add_champs_sql[] = 'n_id_image = ' . intval($id_last_image);
}
}
}
$count_flag = Nw::$DB->query('SELECT f_type
FROM ' . Nw::$prefix_table . 'news_flags
WHERE f_id_news = ' . intval($id) . ' AND f_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
$donnees_count = $count_flag->fetch_assoc();
// Si le membre n'a pas déjà contribé à la news, on lui met le flag
if ($donnees_count['f_type'] != 3 && $donnees_count['f_type'] != 2) {
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_flags (f_id_news, f_id_membre, f_type)
VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', 2)') or Nw::$DB->trigger(__LINE__, __FILE__);
}
$contenu_version = Nw::$DB->real_escape_string(parse(htmlspecialchars(trim($content_news))));
/**
* On recherche la dernière version de la news
**/
$donnees_version = Nw::$DB->query('SELECT v_texte, v_nb_mots, v_number
FROM ' . Nw::$prefix_table . 'news_versions
WHERE v_id_news = ' . intval($id) . '
ORDER BY v_date DESC
LIMIT 1') or Nw::$DB->trigger(__LINE__, __FILE__);
$last_version = $donnees_version->fetch_assoc();
// Si le texte de l'ancienne version n'est pas le même que celui proposé
if ($last_version['v_texte'] != parse(htmlspecialchars(trim($content_news)))) {
$raison_edition = Nw::$DB->real_escape_string(htmlspecialchars($_POST['raison']));
$version_mineure = isset($_POST['mini_contrib']) ? 1 : 0;
$nb_mots = strlen(htmlspecialchars(trim($content_news)));
$diff_mots = $nb_mots - $last_version['v_nb_mots'];
// On créé une entrée dans la table des versions
Nw::$DB->query('INSERT INTO ' . Nw::$prefix_table . 'news_versions (v_id_news,
v_id_membre, v_texte, v_date, v_ip, v_raison, v_nb_mots, v_diff_mots, v_number, v_mineure)
VALUES(' . intval($id) . ', ' . intval(Nw::$dn_mbr['u_id']) . ', \'' . $contenu_version . '\',
NOW(), \'' . get_ip() . '\', \'' . $raison_edition . '\', \'' . $nb_mots . '\', \'' . $diff_mots . '\', ' . ($last_version['v_number'] + 1) . ', ' . $version_mineure . ')') or Nw::$DB->trigger(__LINE__, __FILE__);
$id_version_news = Nw::$DB->insert_id;
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'members_stats
SET s_nb_contrib = s_nb_contrib + 1
WHERE s_id_membre = ' . intval(Nw::$dn_mbr['u_id'])) or Nw::$DB->trigger(__LINE__, __FILE__);
$contenu_extrait = Nw::$DB->real_escape_string(CoupeChar(clearer(parse(htmlspecialchars(trim($content_news)))), '...', Nw::$pref['long_intro_news']));
//die('<br />'.$contenu_extrait);
$add_champs_sql[] = 'n_resume = \'' . $contenu_extrait . '\'';
$add_champs_sql[] = 'n_last_version = ' . intval($id_version_news);
$add_champs_sql[] = 'n_last_mod = NOW()';
$add_champs_sql[] = 'n_nb_versions = n_nb_versions + 1';
}
if (count($add_champs_sql) > 0) {
// On met à jour l'entrée de la news avec l'id de la version
Nw::$DB->query('UPDATE ' . Nw::$prefix_table . 'news SET ' . implode(', ', $add_champs_sql) . ' WHERE n_id = ' . intval($id)) or Nw::$DB->trigger(__LINE__, __FILE__);
if ($donnees_news['n_etat'] == 3 || $_POST['etat'] == 3) {
generate_news_sitemap();
generate_categories_sitemap();
}
}
}
function remove_abonnement($email)
{
Nw::$DB->query('DELETE FROM ' . Nw::$prefix_table . 'abonnes WHERE a_email = \'' . insertBD(trim($email)) . '\'') or Nw::$DB->trigger(__LINE__, __FILE__);
}