示例#1
0
function requestRecommendation($user_id, $author, $email, $message)
{
    if (!checkLock("peer")) {
        return 6;
    }
    $config = $GLOBALS['config'];
    $user_id = escape($user_id);
    $author = escape($author);
    $email = escape($email);
    if (!validEmail($email)) {
        return 1;
    }
    if (strlen($author) <= 3) {
        return 2;
    }
    //make sure there aren't too many recommendations already
    $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
    $row = mysql_fetch_row($result);
    if ($row[0] >= $config['max_recommend']) {
        return 4;
        //too many recommendations
    }
    //ensure this email hasn't been asked with this user already
    $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
    $row = mysql_fetch_row($result);
    if ($row[0] > 0) {
        return 5;
        //email address already asked
    }
    lockAction("peer");
    //first create an instance
    $instance_id = customCreate(customGetCategory('recommend', true), $user_id);
    //insert into recommendations table
    $auth = escape(uid(64));
    mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
    $recommend_id = mysql_insert_id();
    $userinfo = getUserInformation($user_id);
    //array (username, email address, name)
    //send email now
    $content = page_db("request_recommendation");
    $content = str_replace('$USERNAME$', $userinfo[0], $content);
    $content = str_replace('$USEREMAIL$', $userinfo[1], $content);
    $content = str_replace('$NAME$', $userinfo[2], $content);
    $content = str_replace('$AUTHOR$', $author, $content);
    $content = str_replace('$EMAIL$', $email, $content);
    $content = str_replace('$MESSAGE$', page_convert($message), $content);
    $content = str_replace('$AUTH$', $auth, $content);
    $content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
    $result = one_mail("Recommendation request", $content, $email);
    if ($result) {
        return 0;
    } else {
        return 3;
    }
}
示例#2
0
function sendMessage($sender, $receiver, $subject, $body)
{
    $config = $GLOBALS['config'];
    $sender = escape($sender);
    $receiver = escape($receiver);
    $escsubject = escape(htmlentities($subject));
    $escbody = escape(htmlentities($body));
    $time = time();
    //make sure receiver exists; at the same time, grab email address
    $receiver_email = "";
    $result = mysql_query("SELECT email FROM users WHERE id = '{$receiver}'");
    if ($row = mysql_fetch_array($result)) {
        $receiver_email = $row[0];
    } else {
        return 1;
    }
    //get sender information
    $sender_name = "";
    $sender_username = "";
    $result = mysql_query("SELECT name, username FROM users WHERE id = '{$sender}'");
    if ($row = mysql_fetch_array($result)) {
        $sender_name = $row[0];
        $sender_username = $row[1];
    } else {
        return 2;
    }
    //add message to database
    mysql_query("INSERT INTO messages (sender_id, receiver_id, subject, body, time) VALUES ('{$sender}', '{$receiver}', '{$escsubject}', '{$escbody}', '{$time}')");
    $message_id = mysql_insert_id();
    //now send an email to receiver if notifications are enabled
    // also check for inbox folder to use
    $notify_email = false;
    $inbox_folder = 0;
    $result = mysql_query("SELECT notify_email, save_inbox FROM message_prefs WHERE user_id = '{$receiver}'");
    if ($row = mysql_fetch_array($result)) {
        $notify_email = $row[0] == 1;
        $inbox_folder = $row[1];
    }
    if ($notify_email) {
        $email_body = page_db("message_notifyemail");
        $email_body = str_replace('$NAME$', $sender_name, $email_body);
        $email_body = str_replace('$USERNAME$', $sender_username, $email_body);
        $email_body = str_replace('$SUBJECT$', $subject, $email_body);
        $email_body = str_replace('$BODY$', page_convert($body), $email_body);
        $email_body = str_replace('$MESSAGE_URL$', $config['site_address'] . "/application/messaging.php?view=message&message_id={$message_id}&box_id={$inbox_folder}", $email_body);
        one_mail("New private message", $receiver_email, $email_body);
    }
    //add message to inbox
    if ($inbox_folder != 0) {
        mysql_query("INSERT INTO message_boxes_contents (box_id, message_id) VALUES ('{$inbox_folder}', '{$message_id}')");
    } else {
        //target user does not have inbox (incoming messages disabled?)
        //delete the message first
        mysql_query("DELETE FROM messages WHERE id = '{$message_id}'");
        return 3;
    }
    //find outbox settings and add if needed
    $result = mysql_query("SELECT save_sent FROM message_prefs WHERE user_id = '{$sender}'");
    if ($row = mysql_fetch_array($result)) {
        $outbox_folder = $row[0];
        if ($outbox_folder != 0) {
            mysql_query("INSERT INTO message_boxes_contents (box_id, message_id) VALUES ('{$outbox_folder}', '{$message_id}')");
        }
    }
}
示例#3
0
		</div>
	</div>
	<div class="spacer"></div>
	</div>
	<div id="footer"><p><?php 
echo page_db("footertext");
?>
</p></div>
	</div>
</div>
</body>
示例#4
0
function register($username, $name, $email, $profile, $captcha)
{
    if (!checkLock("register")) {
        return 7;
    }
    //verify that fields have been properly entered
    if (strlen($username) == 0 || strlen($email) == 0) {
        return 1;
    }
    //verify name
    if (strlen($name) < 4) {
        return 9;
    }
    //check if registration is enabled
    $config = $GLOBALS['config'];
    if (!$config['app_enabled']) {
        return 8;
    }
    //make sure that there are not too many users
    if (isset($config['limits']) && isset($config['limits']['users']) && $config['limits']['users'] > 0) {
        $result = mysql_query("SELECT COUNT(*) FROM users");
        $row = mysql_fetch_array($result);
        if ($row[0] >= $config['limits']['users']) {
            return 8;
        }
    }
    $username = escape($username);
    $name = escape($name);
    $email = escape($email);
    $gen_salt = secure_random_bytes(20);
    $db_salt = escape(bin2hex($gen_salt));
    $gen_password = uid(12);
    $password = escape(chash2($gen_password, $gen_salt));
    //validate email address (after MySQL escaping...)
    if (!validEmail($email)) {
        return 3;
    }
    //verify that email and username are not in use
    // we check each one separately to respond with different error codes
    $result = mysql_query("SELECT id FROM users WHERE email='" . $email . "'");
    if (mysql_num_rows($result) > 0) {
        return 3;
    }
    $result = mysql_query("SELECT id FROM users WHERE username='******'");
    if (mysql_num_rows($result) > 0) {
        return 5;
    }
    //verify the captcha
    if ($config['captcha_enabled']) {
        include_once basePath() . '/securimage/securimage.php';
        $securimage = new Securimage();
        if ($securimage->check($captcha) == false) {
            // the code was incorrect
            return 2;
        }
    }
    $registerTime = time();
    //delete old accounts
    // these are accounts that have not been accessed (accessed=0 in oneapp.users) with register_time < time() - config[activation_time]
    $activeTime = $registerTime - $config['activation_time'];
    mysql_query("DELETE FROM users WHERE accessed = '0' AND register_time < '{$activeTime}'");
    lockAction("register");
    $result = mysql_query("INSERT INTO users (username, name, password, salt, email, register_time, accessed) VALUES ('{$username}', '{$name}', '{$password}', '{$db_salt}', '{$email}', '{$registerTime}', '0')");
    if ($result !== FALSE) {
        $user_id = mysql_insert_id();
        foreach ($profile as $var_id => $item) {
            $val = escape($item[1]);
            mysql_query("INSERT INTO profiles (user_id, var_id, val) VALUES ('{$user_id}', '{$var_id}', '{$val}')");
        }
        //initiate messaging default preferences
        initMessaging($user_id);
        //send email
        $content = page_db("registration");
        $content = str_replace('$USERNAME$', $username, $content);
        $content = str_replace('$NAME$', $name, $content);
        $content = str_replace('$PASSWORD$', $gen_password, $content);
        $content = str_replace('$EMAIL$', $email, $content);
        $content = str_replace('$LOGIN_ADDRESS$', $config['site_address'] . "/login.php", $content);
        $result = one_mail($config['site_name'] . " Registration", $content, $email);
        if ($result) {
            return 0;
        } else {
            return 6;
        }
    } else {
        return 4;
    }
}
示例#5
0
文件: index.php 项目: uakfdotb/oneapp
<?php

echo page_db("a_index");
示例#6
0
文件: reset.php 项目: uakfdotb/oneapp
function resetRequest($username, $email, $reset_password = true)
{
    if (!lockAction('reset')) {
        return 3;
    }
    $config = $GLOBALS['config'];
    $username = escape($username);
    $email = escape($email);
    //find user id
    if ($reset_password) {
        $result = mysql_query("SELECT id FROM users WHERE username='******' AND email='{$email}'");
    } else {
        $result = mysql_query("SELECT id, username FROM users WHERE email = '{$email}'");
    }
    if ($row = mysql_fetch_array($result)) {
        $user_id = escape($row[0]);
        if (!$reset_password) {
            $username = $row[1];
        }
    } else {
        return 1;
    }
    //make sure they haven't tried resetting their password recently
    $result = mysql_query("SELECT time FROM reset WHERE user_id = '{$user_id}'");
    if ($row = mysql_fetch_array($result)) {
        if (time() - $row[0] > $config['reset_time']) {
            //previous reset has expired, so it's okay
            mysql_query("DELETE FROM reset WHERE user_id = '{$user_id}'");
        } else {
            return 2;
        }
    }
    //add to database
    if ($reset_password) {
        $auth = uid(64);
    } else {
        $auth = '';
    }
    $time = time();
    mysql_query("INSERT INTO reset (user_id, time, auth) VALUES ('{$user_id}', '{$time}', '{$auth}')");
    //email the user
    if ($reset_password) {
        $content = page_db("reset");
        $content = str_replace('$USERNAME$', $username, $content);
        $content = str_replace('$EMAIL$', $email, $content);
        $content = str_replace('$USERID$', $user_id, $content);
        $content = str_replace('$AUTH$', $auth, $content);
        $content = str_replace('$RESET_ADDRESS$', $config['site_address'] . "/reset.php?username={$username}&email={$email}&user_id={$user_id}&auth={$auth}", $content);
        $emailResult = one_mail("Password reset", $content, $email);
    } else {
        $content = page_db("forgotusername");
        $content = str_replace('$USERNAME$', $username, $content);
        $content = str_replace('$EMAIL$', $email, $content);
        $content = str_replace('$USERID$', $user_id, $content);
        $emailResult = one_mail("Your application system username", $content, $email);
    }
    if ($emailResult) {
        return 0;
    } else {
        return 3;
    }
}
示例#7
0
文件: index.php 项目: uakfdotb/oneapp
<?php

echo page_db("index");
示例#8
0
文件: about.php 项目: uakfdotb/oneapp
<h2 class="separate">About us</h2>
<div class="div_col2-4">
<div class="col2-4" style="margin-right:30px"">
	<h3><?php 
echo $config['organization_name'];
?>
</h3>
<?php 
echo page_db($dbpage);
?>
</div>
<div class="col2-4">
	<h3>OneApp</h3>
	<p>OneApp, initially designed in 2011, began as an online-application system with the intent to curb skewed executive selection processes. Whereas a standard application pool would have cronyism play a role in selection, a blind selection process with only qualifying traits displayed would act in benefit of the club. Additionally, an automated online system would be able to standardize the process from year-to-year and additionally save resources from avoiding excess printing. After receiving positive feedback from our school, we redesigned the application for a more general audience, leading to the OneApp.</p>
</div>
</div>