function mem_form($atts, $thing = '') { global $sitename, $prefs, $file_max_upload_size, $mem_form_error, $mem_form_submit, $mem_form, $mem_form_labels, $mem_form_values, $mem_form_default, $mem_form_type, $mem_form_thanks_form, $mem_glz_custom_fields_plugin; extract(mem_form_lAtts(array('form' => '', 'thanks_form' => '', 'thanks' => graf(mem_form_gTxt('submitted_thanks')), 'label' => '', 'type' => '', 'redirect' => '', 'redirect_form' => '', 'class' => 'memForm', 'file_accept' => '', 'max_file_size' => $file_max_upload_size, 'form_expired_msg' => mem_form_gTxt('form_expired'), 'show_error' => 1, 'show_input' => 1), $atts)); if (empty($type) or empty($form) && empty($thing)) { trigger_error('Argument not specified for mem_form tag', E_USER_WARNING); return ''; } $out = ''; $mem_form_type = $type; $mem_form_default = array(); callback_event('mem_form.defaults'); unset($atts['show_error'], $atts['show_input']); $mem_form_id = md5(serialize($atts) . preg_replace('/[\\t\\s\\r\\n]/', '', $thing)); $mem_form_submit = ps('mem_form_id') == $mem_form_id; $nonce = doSlash(ps('mem_form_nonce')); $renonce = false; if ($mem_form_submit) { safe_delete('txp_discuss_nonce', 'issue_time < date_sub(now(), interval 10 minute)'); if ($rs = safe_row('used', 'txp_discuss_nonce', "nonce = '{$nonce}'")) { if ($rs['used']) { unset($mem_form_error); $mem_form_error[] = mem_form_gTxt('form_used'); $renonce = true; $_POST['mem_form_submit'] = TRUE; $_POST['mem_form_id'] = $mem_form_id; $_POST['mem_form_nonce'] = $nonce; } } else { $mem_form_error[] = $form_expired_msg; $renonce = true; } } if ($mem_form_submit and $nonce and !$renonce) { $mem_form_nonce = $nonce; } elseif (!$show_error or $show_input) { $mem_form_nonce = md5(uniqid(rand(), true)); safe_insert('txp_discuss_nonce', "issue_time = now(), nonce = '{$mem_form_nonce}'"); } $form = $form ? fetch_form($form) : $thing; $form = parse($form); if (!$mem_form_submit) { # don't show errors or send mail } elseif (mem_form_error()) { if ($show_error or !$show_input) { $out .= mem_form_display_error(); if (!$show_input) { return $out; } } } elseif ($show_input and is_array($mem_form)) { if ($mem_glz_custom_fields_plugin) { // prep the values glz_custom_fields_before_save(); } callback_event('mem_form.spam'); /// load and check spam plugins/ $evaluator =& get_mem_form_evaluator(); $is_spam = $evaluator->is_spam(); if ($is_spam) { return mem_form_gTxt('spam'); } $mem_form_thanks_form = $thanks_form ? fetch_form($thanks_form) : $thanks; safe_update('txp_discuss_nonce', "used = '1', issue_time = now()", "nonce = '{$nonce}'"); $result = callback_event('mem_form.submit'); if (mem_form_error()) { $out .= mem_form_display_error(); $redirect = false; } $thanks_form = $mem_form_thanks_form; unset($mem_form_thanks_form); if (!empty($result)) { return $result; } if (mem_form_error() and $show_input) { // no-op, reshow form with errors } else { if ($redirect) { $_POST = array(); while (@ob_end_clean()) { } $uri = hu . ltrim($redirect, '/'); if (empty($_SERVER['FCGI_ROLE']) and empty($_ENV['FCGI_ROLE'])) { txp_status_header('303 See Other'); header('Location: ' . $uri); header('Connection: close'); header('Content-Length: 0'); } else { $uri = htmlspecialchars($uri); $refresh = mem_form_gTxt('refresh'); if (!empty($redirect_form)) { $redirect_form = fetch_form($redirect_form); echo str_replace('{uri}', $uri, $redirect_form); } if (empty($redirect_form)) { echo <<<END <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> \t<title>{$sitename}</title> \t<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> \t<meta http-equiv="refresh" content="0;url={$uri}" /> </head> <body> <a href="{$uri}">{$refresh}</a> </body> </html> END; } } exit; } else { return '<div class="memThanks" id="mem' . $mem_form_id . '">' . $thanks_form . '</div>'; } } } if ($show_input) { $file_accept = !empty($file_accept) ? ' accept="' . $file_accept . '"' : ''; $class = htmlspecialchars($class); return '<form method="post"' . ((!$show_error and $mem_form_error) ? '' : ' id="mem' . $mem_form_id . '"') . ' class="' . $class . '" action="' . htmlspecialchars(serverSet('REQUEST_URI')) . '#mem' . $mem_form_id . '"' . $file_accept . '>' . ($label ? n . '<fieldset>' : n . '<div>') . ($label ? n . '<legend>' . htmlspecialchars($label) . '</legend>' : '') . $out . n . '<input type="hidden" name="mem_form_nonce" value="' . $mem_form_nonce . '" />' . n . '<input type="hidden" name="mem_form_id" value="' . $mem_form_id . '" />' . (!empty($max_file_size) ? n . '<input type="hidden" name="MAX_FILE_SIZE" value="' . $max_file_size . '" />' : '') . callback_event('mem_form.display', '', 1) . $form . callback_event('mem_form.display') . ($label ? n . '</fieldset>' : n . '</div>') . n . '</form>'; } return ''; }
function mem_self_password_form_submit() { global $prefs, $txp_user, $ign_user, $mem_form_type, $mem_form_values, $mem_form_thanks_form, $mem_self; if ($mem_form_type != 'mem_self_password') { return; } $verify_old = array_key_exists('old_password', $mem_form_values); $confirm = array_key_exists('password_confrim', $mem_form_values); $new_pass = $mem_form_values['password']; $old_pass = $mem_form_values['old_password']; $user = isset($ign_user) ? $ign_user : $txp_user; $where = "name = '" . doSlash($user) . "'"; $is_valid = $verify_old ? txp_validate($user, $old_pass) : true; if (!$is_valid) { return mem_form_error(mem_self_gTxt('password_invalid')); } if ($confirm and $new_pass != $mem_form_values['password_confirm']) { return mem_form_error(mem_self_gTxt('password_mismatch')); } $rs = safe_update(mem_get_user_table_name(), "pass = password(lower('{$new_pass}'))", $where); if (!$rs) { return mem_form_error(mem_self_gTxt('password_change_failed')); } // successful $mem_profile = safe_row('*', mem_get_user_table_name(), "name = '{$user}'"); if ($mem_profile) { $mem_profile['new_pass'] = $new_pass; $message = @fetch_form($mem_form_values['email_form']); if (!empty($message)) { $vals = $mem_form_values; $vals['sitename'] = $sitename; $vals['admin_name'] = $prefs['mem_self_admin_name']; $vals['admin_email'] = $vals['from']; $vals['password'] = $mem_profile['new_pass']; $vals['siteurl'] = hu; $vals['username'] = $vals['name']; foreach ($vals as $a => $b) { $message = str_replace('{' . $a . '}', $b, $message); $message = str_replace('<txp:mem_' . $a . ' />', $b, $message); } } else { $message = mem_self_gTxt('greeting', array('{name}' => $mem_form_values['RealName'])) . "\r\n" . mem_self_gTxt('your_password_is', array('{password}' => $new_pass)) . "\r\n" . mem_self_gTxt('log_in_at', array('{url}' => $mem_form_values['login_url'])); } $msg = parse($message); $to = $mem_profile['email']; $from = $mem_form_values['from']; $reply = $mem_form_values['reply']; $subject = $mem_form_values['subject']; if (mem_form_mail($from, $reply, $to, $subject, $msg)) { return mem_self_gTxt('password_changed'); } else { return mem_self_gTxt('password_changed_mail_failed'); } } else { // no email, fail silently } }