示例#1
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param  string $columnName The name of the database column whose value should get a new value
  * @param  mixed  $newValue   The new value that should be stored in the database field
  * @param  bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     if ($columnName === 'lnk_url' && $newValue !== '') {
         // Homepage darf nur gueltige Zeichen enthalten
         if (!strValidCharacters($newValue, 'url')) {
             return false;
         }
         // Homepage noch mit http vorbelegen
         if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
             $newValue = 'http://' . $newValue;
         }
     } elseif ($columnName === 'lnk_description') {
         return parent::setValue($columnName, $newValue, false);
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#2
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param  string $columnName The name of the database column whose value should get a new value
  * @param         $newValue   The new value that should be stored in the database field
  * @param  bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool   Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     // org_shortname shouldn't be edited
     if ($columnName == 'org_shortname' && $this->new_record == false) {
         return false;
     } elseif ($columnName == 'org_homepage' && $newValue !== '') {
         // Homepage darf nur gueltige Zeichen enthalten
         if (!strValidCharacters($newValue, 'url')) {
             return false;
         }
         // Homepage noch mit http vorbelegen
         if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
             $newValue = 'http://' . $newValue;
         }
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#3
0
文件: string.php 项目: bash-t/admidio
/**
 * Check if a filename contains invalid characters. The characters will be checked with strValidCharacters.
 * In addition the function checks if the name contains .. or a . at the beginning.
 * @param string $filename     Name of the file that should be checked.
 * @param bool $checkExtension If set to @b true then the extension will be checked against a blacklist of extensions:
 *                             php, php3, php4, php5, html, htm, htaccess, htpasswd, pl, js, vbs, asp, cgi, ssi
 * @return true Returns @true if filename contains only valid characters. Otherwise an AdmException is thrown
 * @throws AdmException SYS_FILENAME_EMPTY : Filename was empty
 *                      BAC_FILE_NAME_INVALID : Filename contains invalid characters
 *                      DOW_FILE_EXTENSION_INVALID : Filename contains invalid extension
 */
function admStrIsValidFileName($filename, $checkExtension = false)
{
    // If the filename was not empty
    if (trim($filename) !== '') {
        // filename should only contains valid characters and don't start with a dot
        if (strValidCharacters($filename, 'file') && substr($filename, 0, 1) !== '.') {
            if ($checkExtension) {
                // check if the extension is not blacklisted
                $extensionBlacklist = array('php', 'php3', 'php4', 'php5', 'html', 'htm', 'htaccess', 'htpasswd', 'pl', 'js', 'vbs', 'asp', 'cgi', 'ssi');
                $fileExtension = substr($filename, strrpos($filename, '.') + 1);
                if (in_array(strtolower($fileExtension), $extensionBlacklist, true)) {
                    throw new AdmException('DOW_FILE_EXTENSION_INVALID');
                }
            }
            return true;
        } else {
            throw new AdmException('BAC_FILE_NAME_INVALID');
        }
    } else {
        throw new AdmException('SYS_FILENAME_EMPTY');
    }
}
示例#4
0
    }
}
// nun alle Profilfelder pruefen
foreach ($gProfileFields->mProfileFields as $field) {
    $post_id = 'usf-' . $field->getValue('usf_id');
    // check and save only fields that aren't disabled
    if ($gCurrentUser->editUsers() == true || $field->getValue('usf_disabled') == 0 || $field->getValue('usf_disabled') == 1 && $getNewUser > 0) {
        if (isset($_POST[$post_id])) {
            // Pflichtfelder muessen gefuellt sein
            // E-Mail bei Registrierung immer !!!
            if ($field->getValue('usf_mandatory') == 1 && strlen($_POST[$post_id]) == 0 || $getNewUser == 2 && $field->getValue('usf_name_intern') == 'EMAIL' && strlen($_POST[$post_id]) == 0) {
                $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $field->getValue('usf_name')));
            }
            // if social network then extract username from url
            if ($field->getValue('usf_name_intern') == 'FACEBOOK' || $field->getValue('usf_name_intern') == 'GOOGLE_PLUS' || $field->getValue('usf_name_intern') == 'TWITTER' || $field->getValue('usf_name_intern') == 'XING') {
                if (strValidCharacters($_POST[$post_id], 'url') && strpos($_POST[$post_id], '/') !== false) {
                    if (strrpos($_POST[$post_id], '/profile.php?id=') > 0) {
                        // extract facebook id (not facebook unique name) from url
                        $_POST[$post_id] = substr($_POST[$post_id], strrpos($_POST[$post_id], '/profile.php?id=') + 16);
                    } else {
                        if (strrpos($_POST[$post_id], '/posts') > 0) {
                            $_POST[$post_id] = substr($_POST[$post_id], 0, strrpos($_POST[$post_id], '/posts'));
                        }
                        $_POST[$post_id] = substr($_POST[$post_id], strrpos($_POST[$post_id], '/') + 1);
                        if (strrpos($_POST[$post_id], '?') > 0) {
                            $_POST[$post_id] = substr($_POST[$post_id], 0, strrpos($_POST[$post_id], '?'));
                        }
                    }
                }
            }
            // Wert aus Feld in das User-Klassenobjekt schreiben
示例#5
0
            // create and save new password and activation id
            $newPassword = PasswordHashing::genRandomPassword(8);
            $activationId = PasswordHashing::genRandomPassword(10);
            $user->setPassword($newPassword, true);
            $user->setValue('usr_activation_code', $activationId);
            $sysmail = new SystemMail($gDb);
            $sysmail->addRecipient($user->getValue('EMAIL'), $user->getValue('FIRST_NAME', 'database') . ' ' . $user->getValue('LAST_NAME', 'database'));
            $sysmail->setVariable(1, $newPassword);
            $sysmail->setVariable(2, $g_root_path . '/adm_program/system/password_activation.php?usr_id=' . $user->getValue('usr_id') . '&aid=' . $activationId);
            $sysmail->sendSystemMail('SYSMAIL_ACTIVATION_LINK', $user);
            $user->saveChangesWithoutRights();
            $user->save();
        }
        // always show a positive feedback to prevent hackers to validate an email-address or username
        $gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php');
        if (strValidCharacters($_POST['recipient_email'], 'email')) {
            $gMessage->show($gL10n->get('SYS_LOSTPW_SEND_EMAIL', $_POST['recipient_email']));
        } else {
            $gMessage->show($gL10n->get('SYS_LOSTPW_SEND_USERNAME', $_POST['recipient_email']));
        }
    } catch (AdmException $e) {
        $e->showHtml();
    }
} else {
    /*********************HTML_PART*******************************/
    // create html page object
    $page = new HtmlPage($headline);
    // add back link to module menu
    $lostPasswordMenu = $page->getMenu();
    $lostPasswordMenu->addItem('menu_item_back', $gNavigation->getPreviousUrl(), $gL10n->get('SYS_BACK'), 'back.png');
    $page->addHtml('<p class="lead">' . $gL10n->get('SYS_PASSWORD_FORGOTTEN_DESCRIPTION') . '</p>');
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param string $columnName The name of the database column whose value should get a new value
  * @param        $newValue   The new value that should be stored in the database field
  * @param bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     if ($newValue !== '') {
         if ($columnName === 'gbc_email') {
             $newValue = admStrToLower($newValue);
             if (!strValidCharacters($newValue, 'email')) {
                 // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt
                 return false;
             }
         }
     }
     if ($columnName === 'gbc_text') {
         return parent::setValue($columnName, $newValue, false);
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
 /**
  * Get the value of a column of the database table.
  * If the value was manipulated before with @b setValue than the manipulated value is returned.
  * @param string $columnName The name of the database column whose value should be read
  * @param string $format     For column @c usf_value_list the following format is accepted: @n
  *                           @b database returns database value of usf_value_list; @n
  *                           @b text extract only text from usf_value_list, image infos will be ignored @n
  *                           For date or timestamp columns the format should be the date/time format e.g. @b d.m.Y = '02.04.2011' @n
  *                           For text columns the format can be @b database that would be the database value without any transformations
  * @return Returns the value of the database column.
  *         If the value was manipulated before with @b setValue than the manipulated value is returned.
  */
 public function getValue($columnName, $format = '')
 {
     global $gL10n;
     if ($columnName === 'inf_description') {
         if (!isset($this->dbColumns['inf_description'])) {
             $value = '';
         } elseif ($format === 'database') {
             $value = html_entity_decode(strStripTags($this->dbColumns['inf_description']), ENT_QUOTES, 'UTF-8');
         } else {
             $value = $this->dbColumns['inf_description'];
         }
     } elseif ($columnName === 'inf_name_intern') {
         // internal name should be read with no conversion
         $value = parent::getValue($columnName, 'database');
     } else {
         $value = parent::getValue($columnName, $format);
     }
     if (($columnName === 'inf_name' || $columnName === 'cat_name') && $format !== 'database') {
         // if text is a translation-id then translate it
         if (strpos($value, '_') === 3) {
             $value = $gL10n->get(admStrToUpper($value));
         }
     } elseif ($columnName === 'inf_value_list' && $format !== 'database') {
         if ($this->dbColumns['inf_type'] === 'DROPDOWN' || $this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
             $arrListValues = explode("\r\n", $value);
             $arrListValuesWithKeys = array();
             // array with list values and keys that represents the internal value
             foreach ($arrListValues as $key => &$listValue) {
                 if ($this->dbColumns['inf_type'] === 'RADIO_BUTTON') {
                     // if value is imagefile or imageurl then show image
                     if (strpos(admStrToLower($listValue), '.png') > 0 || strpos(admStrToLower($listValue), '.jpg') > 0) {
                         // if there is imagefile and text separated by | then explode them
                         if (strpos($listValue, '|') > 0) {
                             $listValueImage = substr($listValue, 0, strpos($listValue, '|'));
                             $listValueText = substr($listValue, strpos($listValue, '|') + 1);
                         } else {
                             $listValueImage = $listValue;
                             $listValueText = $this->getValue('inf_name');
                         }
                         // if text is a translation-id then translate it
                         if (strpos($listValueText, '_') === 3) {
                             $listValueText = $gL10n->get(admStrToUpper($listValueText));
                         }
                         if ($format === 'text') {
                             // if no image is wanted then return the text part or only the position of the entry
                             if (strpos($listValue, '|') > 0) {
                                 $listValue = $listValueText;
                             } else {
                                 $listValue = $key + 1;
                             }
                         } else {
                             try {
                                 // create html for optionbox entry
                                 if (strpos(admStrToLower($listValueImage), 'http') === 0 && strValidCharacters($listValueImage, 'url')) {
                                     $listValue = '<img class="admidio-icon-info" src="' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                                 } elseif (admStrIsValidFileName($listValueImage, true)) {
                                     $listValue = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $listValueImage . '" title="' . $listValueText . '" alt="' . $listValueText . '" />';
                                 }
                             } catch (AdmException $e) {
                                 $e->showText();
                             }
                         }
                     }
                 }
                 // if text is a translation-id then translate it
                 if (strpos($listValue, '_') === 3) {
                     $listValue = $gL10n->get(admStrToUpper($listValue));
                 }
                 // save values in new array that starts with key = 1
                 $arrListValuesWithKeys[++$key] = $listValue;
             }
             $value = $arrListValuesWithKeys;
         }
     }
     return $value;
 }
示例#8
0
    $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
}
if ($gValidLogin && strlen($gCurrentUser->getValue('EMAIL')) === 0) {
    // der eingeloggte Benutzer hat in seinem Profil keine gueltige Mailadresse hinterlegt,
    // die als Absender genutzt werden kann...
    $gMessage->show($gL10n->get('SYS_CURRENT_USER_NO_EMAIL', '<a href="' . $g_root_path . '/adm_program/modules/profile/profile.php">', '</a>'));
}
if ($getUserId > 0) {
    // usr_id wurde uebergeben, dann Kontaktdaten des Users aus der DB fischen
    $user = new User($gDb, $gProfileFields, $getUserId);
    // darf auf die User-Id zugegriffen werden
    if (!$gCurrentUser->editUsers() && !isMember($user->getValue('usr_id')) || strlen($user->getValue('usr_id')) === 0) {
        $gMessage->show($gL10n->get('SYS_USER_ID_NOT_FOUND'));
    }
    // besitzt der User eine gueltige E-Mail-Adresse
    if (!strValidCharacters($user->getValue('EMAIL'), 'email')) {
        $gMessage->show($gL10n->get('SYS_USER_NO_EMAIL', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME')));
    }
}
if (isset($_SESSION['ecard_request'])) {
    // if user is returned to this form after he submit it,
    // then try to restore all values that he has entered before
    $template = $_SESSION['ecard_request']['ecard_template'];
    $recipients = $_SESSION['ecard_request']['ecard_recipients'];
    $message = $_SESSION['ecard_request']['ecard_message'];
} else {
    $template = $gPreferences['ecard_template'];
    $recipients = null;
    $message = '';
}
// create html page object
示例#9
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param  string $columnName The name of the database column whose value should get a new value
  * @param  mixed  $newValue The new value that should be stored in the database field
  * @param  bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     // name, category and type couldn't be edited if it's a system field
     if (($columnName === 'usf_cat_id' || $columnName === 'usf_type' || $columnName === 'usf_name') && $this->getValue('usf_system') == 1) {
         return false;
     } elseif ($columnName === 'usf_cat_id' && $this->getValue($columnName) !== $newValue) {
         // erst einmal die hoechste Reihenfolgennummer der Kategorie ermitteln
         $sql = 'SELECT COUNT(*) as count FROM ' . TBL_USER_FIELDS . '
                  WHERE usf_cat_id = ' . $newValue;
         $countUserFieldsStatement = $this->db->query($sql);
         $row = $countUserFieldsStatement->fetch();
         $this->setValue('usf_sequence', $row['count'] + 1);
     } elseif ($columnName === 'usf_description') {
         return parent::setValue($columnName, $newValue, false);
     } elseif ($columnName === 'usf_url' && $newValue !== '') {
         // Homepage darf nur gueltige Zeichen enthalten
         if (!strValidCharacters($newValue, 'url')) {
             return false;
         }
         // Homepage noch mit http vorbelegen
         if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
             $newValue = 'http://' . $newValue;
         }
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#10
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param string $columnName The name of the database column whose value should get a new value
  * @param mixed  $newValue   The new value that should be stored in the database field
  * @param bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     if ($columnName === 'usr_password' || $columnName === 'usr_new_password') {
         return false;
     } elseif ($columnName === 'usr_login_name') {
         if ($newValue === '' || !strValidCharacters($newValue, 'noSpecialChar')) {
             return false;
         }
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#11
0
     $_SESSION['user_last_name'] = strStripTags($_POST['user_last_name']);
     $_SESSION['user_first_name'] = strStripTags($_POST['user_first_name']);
     $_SESSION['user_email'] = strStripTags($_POST['user_email']);
     $_SESSION['user_login'] = strStripTags($_POST['user_login']);
     $_SESSION['user_password'] = $_POST['user_password'];
     $_SESSION['user_password_confirm'] = $_POST['user_password_confirm'];
     if ($_SESSION['user_last_name'] === '' || $_SESSION['user_first_name'] === '' || $_SESSION['user_email'] === '' || $_SESSION['user_login'] === '' || $_SESSION['user_password'] === '') {
         showNotice($gL10n->get('INS_ADMINISTRATOR_DATA_NOT_COMPLETELY'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
     }
     // username should only have valid chars
     if (!strValidCharacters($_SESSION['user_login'], 'noSpecialChar')) {
         showNotice($gL10n->get('SYS_FIELD_INVALID_CHAR', $gL10n->get('SYS_USERNAME')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
     }
     // email should only have valid chars
     $_SESSION['user_email'] = admStrToLower($_SESSION['user_email']);
     if (!strValidCharacters($_SESSION['user_email'], 'email')) {
         showNotice($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('SYS_EMAIL')), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
     }
     // password must be the same with password confirm
     if ($_SESSION['user_password'] !== $_SESSION['user_password_confirm']) {
         showNotice($gL10n->get('INS_PASSWORDS_NOT_EQUAL'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
     }
     if (strlen($_SESSION['user_password']) < 8 || strlen($_SESSION['user_password_confirm']) < 8) {
         showNotice($gL10n->get('PRO_PASSWORD_LENGTH'), 'installation.php?mode=5', $gL10n->get('SYS_BACK'), 'layout/back.png');
     }
 }
 // if config file exists than don't create a new one
 if ($_SESSION['create_config_file'] === false) {
     header('Location: installation.php?mode=8');
     exit;
 }
示例#12
0
                 // save position of combobox
                 $arrListValues = $field->getValue('usf_value_list', 'text');
                 $position = 1;
                 foreach ($arrListValues as $key => $value) {
                     if (strcmp(admStrToLower($columnValue), admStrToLower(trim($arrListValues[$position]))) == 0) {
                         // if col_value is text than save position if text is equal to text of position
                         $user->setValue($field->getValue('usf_name_intern'), $position);
                     } elseif (is_numeric($columnValue) && !is_numeric($arrListValues[$position]) && $columnValue > 0 && $columnValue < 1000) {
                         // if col_value is numeric than save position if col_value is equal to position
                         $user->setValue($field->getValue('usf_name_intern'), $columnValue);
                     }
                     $position++;
                 }
             } elseif ($field->getValue('usf_type') == 'EMAIL') {
                 $columnValue = admStrToLower($columnValue);
                 if (strValidCharacters($columnValue, 'email')) {
                     $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255));
                 }
             } elseif ($field->getValue('usf_type') == 'INTEGER') {
                 // number could contain dot and comma
                 if (is_numeric(strtr($columnValue, ',.', '00')) == true) {
                     $user->setValue($field->getValue('usf_name_intern'), $columnValue);
                 }
             } elseif ($field->getValue('usf_type') == 'TEXT') {
                 $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 50));
             } else {
                 $user->setValue($field->getValue('usf_name_intern'), substr($columnValue, 0, 255));
             }
         }
     }
 }
示例#13
0
 /**
  * set value for column usd_value of field
  * @param $fieldNameIntern
  * @param $fieldValue
  * @return bool
  */
 public function setValue($fieldNameIntern, $fieldValue)
 {
     global $gPreferences;
     $returnCode = false;
     if ($fieldValue !== '') {
         switch ($this->mInventoryFields[$fieldNameIntern]->getValue('inf_type')) {
             case 'CHECKBOX':
                 // Checkbox darf nur 1 oder 0 haben
                 if ($fieldValue != 0 && $fieldValue != 1 && !$this->noValueCheck) {
                     return false;
                 }
                 break;
             case 'DATE':
                 // Datum muss gueltig sein und formatiert werden
                 $date = new DateTimeExtended($fieldValue, $gPreferences['system_date']);
                 if (!$date->isValid()) {
                     if (!$this->noValueCheck) {
                         return false;
                     }
                 } else {
                     $fieldValue = $date->format('Y-m-d');
                 }
                 break;
             case 'EMAIL':
                 // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen
                 $fieldValue = admStrToLower($fieldValue);
                 if (!strValidCharacters($fieldValue, 'email') && !$this->noValueCheck) {
                     return false;
                 }
                 break;
             case 'NUMBER':
                 // A number must be numeric
                 if (!is_numeric($fieldValue) && !$this->noValueCheck) {
                     return false;
                 } else {
                     // numbers don't have leading zero
                     $fieldValue = ltrim($fieldValue, '0');
                 }
                 break;
             case 'DECIMAL':
                 // A number must be numeric
                 if (!is_numeric(strtr($fieldValue, ',.', '00')) && !$this->noValueCheck) {
                     return false;
                 } else {
                     // numbers don't have leading zero
                     $fieldValue = ltrim($fieldValue, '0');
                 }
                 break;
             case 'URL':
                 // Homepage darf nur gueltige Zeichen enthalten
                 if (!strValidCharacters($fieldValue, 'url') && !$this->noValueCheck) {
                     return false;
                 }
                 // Homepage noch mit http vorbelegen
                 if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) {
                     $fieldValue = 'http://' . $fieldValue;
                 }
                 break;
         }
     }
     $infId = $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id');
     // first check if user has a data object for this field and then set value of this user field
     if (array_key_exists($infId, $this->mInventoryData)) {
         $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue);
     } elseif (isset($this->mInventoryFields[$fieldNameIntern]) && $fieldValue !== '') {
         $this->mInventoryData[$infId] = new TableAccess($this->mDb, TBL_INVENT_DATA, 'ind');
         $this->mInventoryData[$infId]->setValue('ind_inf_id', $this->mInventoryFields[$fieldNameIntern]->getValue('inf_id'));
         $this->mInventoryData[$infId]->setValue('ind_itm_id', $this->mItemId);
         $returnCode = $this->mInventoryData[$infId]->setValue('ind_value', $fieldValue);
     }
     if ($returnCode && $this->mInventoryData[$infId]->hasColumnsValueChanged()) {
         $this->columnsValueChanged = true;
     }
     return $returnCode;
 }
                 if ($gPreferences['mail_sender_into_to'] == 1) {
                     // always fill recipient if preference is set to prevent problems with provider
                     $email->addRecipient($postFrom, $postName);
                 }
                 // all role members will be attached as BCC
                 while ($row = $statement->fetchObject()) {
                     if (strValidCharacters($row->email, 'email')) {
                         $receiver[] = array($row->email, $row->first_name . ' ' . $row->last_name);
                     }
                 }
             }
         } else {
             // create user object
             $user = new User($gDb, $gProfileFields, $value);
             // only send email to user if current user is allowed to view this user and he has a valid email address
             if ($gCurrentUser->hasRightViewProfile($user) && strValidCharacters($user->getValue('EMAIL'), 'email')) {
                 $receiver[] = array($user->getValue('EMAIL'), $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'));
             }
         }
         $ReceiverString .= ' | ' . $value;
     }
     $ReceiverString = substr($ReceiverString, 3);
 } else {
     // message when no receiver is given
     $gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
 }
 // if no valid recipients exists show message
 if (count($receiver) === 0) {
     $gMessage->show($gL10n->get('MSG_NO_VALID_RECIPIENTS'));
 }
 // check if name is given
示例#15
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param string $columnName The name of the database column whose value should get a new value
  * @param        $newValue   The new value that should be stored in the database field
  * @param bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     if ($newValue !== '') {
         if ($columnName === 'gbo_email') {
             $newValue = admStrToLower($newValue);
             if (!strValidCharacters($newValue, 'email')) {
                 // falls die Email ein ungueltiges Format aufweist wird sie nicht gesetzt
                 return false;
             }
         } elseif ($columnName === 'gbo_homepage') {
             // Homepage darf nur gueltige Zeichen enthalten
             if (!strValidCharacters($newValue, 'url')) {
                 return false;
             }
             // Homepage noch mit http vorbelegen
             if (strpos(admStrToLower($newValue), 'http://') === false && strpos(admStrToLower($newValue), 'https://') === false) {
                 $newValue = 'http://' . $newValue;
             }
         }
     }
     if ($columnName === 'gbo_text') {
         return parent::setValue($columnName, $newValue, false);
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#16
0
 if ($return_code < 0) {
     $gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
 }
 if ($return_code == 0) {
     // Benachrichtigungs-Email für neue Einträge
     if (!$gValidLogin) {
         $gbo_name = $_POST['gbo_name'];
         $gbo_email = $_POST['gbo_email'];
         $gbo_text = $_POST['gbo_text'];
     } else {
         $gbo_name = $gCurrentUser->getValue('FIRST_NAME') . ' ' . $gCurrentUser->getValue('LAST_NAME');
         $gbo_email = $gCurrentUser->getValue('EMAIL');
         $gbo_text = $_POST['gbo_text'];
     }
     $sender_name = $gbo_name;
     if (!strValidCharacters($gbo_email, 'email')) {
         $gbo_email = $gPreferences['email_administrator'];
         $sender_name = 'Administrator ' . $gCurrentOrganization->getValue('org_homepage');
     }
     $notification = new Email();
     $notification->adminNotfication($gL10n->get('GBO_EMAIL_NOTIFICATION_TITLE'), $gL10n->get('GBO_EMAIL_NOTIFICATION_MESSAGE', $gCurrentOrganization->getValue('org_longname'), $gbo_text, $gbo_name, date($gPreferences['system_date'], time())), $sender_name, $gbo_email);
 }
 // Der Inhalt des Formulars wird bei erfolgreichem insert/update aus der Session geloescht
 unset($_SESSION['guestbook_entry_request']);
 $gNavigation->deleteLastUrl();
 // Der CaptchaCode wird bei erfolgreichem insert/update aus der Session geloescht
 if (isset($_SESSION['captchacode'])) {
     unset($_SESSION['captchacode']);
 }
 $url = $g_root_path . '/adm_program/modules/guestbook/guestbook.php?headline=' . $getHeadline;
 // Bei Moderation Hinweis ausgeben dass Nachricht erst noch geprüft werden muss
     $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_NAME')));
 }
 if ($userField->getValue('usf_system') == 0 && $_POST['usf_type'] === '') {
     $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_DATATYPE')));
 }
 if ($userField->getValue('usf_system') == 0 && $_POST['usf_cat_id'] == 0) {
     $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_CATEGORY')));
 }
 if (($_POST['usf_type'] === 'DROPDOWN' || $_POST['usf_type'] === 'RADIO_BUTTON') && $_POST['usf_value_list'] === '') {
     $gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('ORG_VALUE_LIST')));
 }
 // @ptabaden: Change Bugfix 3.1.2
 if ($_POST['usf_icon'] !== '' && !strValidCharacters($_POST['usf_icon'], 'url')) {
     $gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('SYS_ICON')));
 }
 if ($_POST['usf_url'] !== '' && !strValidCharacters($_POST['usf_url'], 'url')) {
     $gMessage->show($gL10n->get('SYS_URL_INVALID_CHAR', $gL10n->get('ORG_URL')));
 }
 // Nachname und Vorname sollen immer Pflichtfeld bleiben
 if ($userField->getValue('usf_name_intern') === 'LAST_NAME' || $userField->getValue('usf_name_intern') === 'FIRST_NAME') {
     $_POST['usf_mandatory'] = 1;
 }
 if (isset($_POST['usf_name']) && $userField->getValue('usf_name') !== $_POST['usf_name']) {
     // Schauen, ob das Feld bereits existiert
     $sql = 'SELECT COUNT(*) AS count
               FROM ' . TBL_USER_FIELDS . '
              WHERE usf_name LIKE \'' . $_POST['usf_name'] . '\'
                AND usf_cat_id  = ' . $_POST['usf_cat_id'] . '
                AND usf_id     <> ' . $getUsfId;
     $statement = $gDb->query($sql);
     $row = $statement->fetch();
示例#18
0
 public function setValue($fieldNameIntern, $fieldValue)
 {
     global $gPreferences;
     $returnCode = false;
     if ($fieldValue !== '') {
         if ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'CHECKBOX') {
             // Checkbox darf nur 1 oder 0 haben
             if ($fieldValue != 0 && $fieldValue != 1 && $this->noValueCheck != true) {
                 return false;
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DATE') {
             // Datum muss gueltig sein und formatiert werden
             $date = DateTime::createFromFormat($gPreferences['system_date'], $fieldValue);
             if ($date == false) {
                 if ($this->noValueCheck != true) {
                     return false;
                 }
             } else {
                 $fieldValue = $date->format('Y-m-d');
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'EMAIL') {
             // Email darf nur gueltige Zeichen enthalten und muss einem festen Schema entsprechen
             $fieldValue = admStrToLower($fieldValue);
             if (!strValidCharacters($fieldValue, 'email') && $this->noValueCheck != true) {
                 return false;
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'NUMBER') {
             // A number must be numeric
             if (is_numeric($fieldValue) == false && $this->noValueCheck != true) {
                 return false;
             } else {
                 // numbers don't have leading zero
                 $fieldValue = ltrim($fieldValue, '0');
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'DECIMAL_NUMBER') {
             // A number must be numeric
             if (is_numeric(strtr($fieldValue, ',.', '00')) == false && $this->noValueCheck != true) {
                 return false;
             } else {
                 // numbers don't have leading zero
                 $fieldValue = ltrim($fieldValue, '0');
             }
         } elseif ($this->mProfileFields[$fieldNameIntern]->getValue('usf_type') == 'URL') {
             // Homepage darf nur gueltige Zeichen enthalten
             if (!strValidCharacters($fieldValue, 'url') && $this->noValueCheck != true) {
                 return false;
             }
             // Homepage noch mit http vorbelegen
             if (strpos(admStrToLower($fieldValue), 'http://') === false && strpos(admStrToLower($fieldValue), 'https://') === false) {
                 $fieldValue = 'http://' . $fieldValue;
             }
         }
     }
     // first check if user has a data object for this field and then set value of this user field
     if (array_key_exists($this->mProfileFields[$fieldNameIntern]->getValue('usf_id'), $this->mUserData)) {
         $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue);
     } elseif (isset($this->mProfileFields[$fieldNameIntern]) == true && $fieldValue !== '') {
         $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')] = new TableAccess($this->mDb, TBL_USER_DATA, 'usd');
         $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usf_id', $this->mProfileFields[$fieldNameIntern]->getValue('usf_id'));
         $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_usr_id', $this->mUserId);
         $returnCode = $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->setValue('usd_value', $fieldValue);
     }
     if ($returnCode && $this->mUserData[$this->mProfileFields[$fieldNameIntern]->getValue('usf_id')]->hasColumnsValueChanged()) {
         $this->columnsValueChanged = true;
     }
     return $returnCode;
 }
示例#19
0
 /**
  * method adds BCC recipients to mail
  * Bcc Empfänger werden ersteinmal gesammelt, damit später Päckchen verschickt werden können
  * @param string $address
  * @param string $name
  * @return bool
  */
 public function addBlindCopy($address, $name = '')
 {
     $address = admStrToLower($address);
     // Blindcopy must be Ascii-US formated, so encode in MimeHeader
     $asciiName = stripslashes($name);
     if (strValidCharacters($address, 'email')) {
         //$this->emBccArray[] = '"'. $asciiName. '" <'. $address. '>';
         $this->emBccArray[] = array('name' => $asciiName, 'address' => $address);
         $this->emAddresses = $this->emAddresses . $name . "\r\n";
         return true;
     }
     return false;
 }
示例#20
0
 /**
  * Creates a html structure for a form field. This structure contains the label and the div for the form element.
  * After the form element is added the method closeControlStructure must be called.
  * @param string $id         The id of this field structure.
  * @param string $label      The label of the field. This string should already be translated.
  * @param int    $property   (optional) With this param you can set the following properties:
  *                           - @b FIELD_DEFAULT  : The field can accept an input.
  *                           - @b FIELD_REQUIRED : The field will be marked as a mandatory field where the user must insert a value.
  *                           - @b FIELD_DISABLED : The field will be disabled and could not accept an input.
  * @param string $helpTextId (optional) A unique text id from the translation xml files that should be shown e.g. SYS_ENTRY_MULTI_ORGA.
  *                           If set a help icon will be shown where the user can see the text if he hover over the icon.
  *                           If you need an additional parameter for the text you can add an array. The first entry
  *                           must be the unique text id and the second entry will be a parameter of the text id.
  * @param string $icon       (optional) An icon can be set. This will be placed in front of the label.
  * @param string $class      (optional) An additional css classname for the row. The class @b admFieldRow
  *                           is set as default and need not set with this parameter.
  */
 protected function openControlStructure($id, $label, $property = FIELD_DEFAULT, $helpTextId = '', $icon = '', $class = '')
 {
     $cssClassRow = '';
     $htmlIcon = '';
     $htmlHelpIcon = '';
     $htmlIdFor = '';
     // set specific css class for this row
     if ($class !== '') {
         $cssClassRow .= ' ' . $class;
     }
     // if necessary set css class for a mandatory element
     if ($property === FIELD_REQUIRED && $this->showRequiredFields) {
         $cssClassMandatory = ' admidio-form-group-required';
         $cssClassRow .= $cssClassMandatory;
         $this->flagRequiredFields = true;
     }
     if ($id !== '') {
         $htmlIdFor = ' for="' . $id . '"';
         $this->addHtml('<div id="' . $id . '_group" class="form-group' . $cssClassRow . '">');
     } else {
         $this->addHtml('<div class="form-group' . $cssClassRow . '">');
     }
     if (strlen($icon) > 0) {
         // create html for icon
         if (strpos(admStrToLower($icon), 'http') === 0 && strValidCharacters($icon, 'url')) {
             $htmlIcon = '<img class="admidio-icon-info" src="' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
         } elseif (admStrIsValidFileName($icon, true)) {
             $htmlIcon = '<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/' . $icon . '" title="' . $label . '" alt="' . $label . '" />';
         }
     }
     if ($helpTextId !== '') {
         $htmlHelpIcon = $this->getHelpTextIcon($helpTextId);
     }
     // add label element
     if ($this->type === 'vertical' || $this->type === 'navbar') {
         if ($label !== '') {
             $this->addHtml('<label' . $htmlIdFor . '>' . $htmlIcon . $label . $htmlHelpIcon . '</label>');
         }
     } else {
         if ($label !== '') {
             $this->addHtml('<label' . $htmlIdFor . ' class="col-sm-3 control-label">' . $htmlIcon . $label . $htmlHelpIcon . '</label>
                 <div class="col-sm-9">');
         } else {
             $this->addHtml('<div class="col-sm-offset-3 col-sm-9">');
         }
     }
 }
示例#21
0
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param  string $columnName The name of the database column whose value should get a new value
  * @param  mixed  $newValue   The new value that should be stored in the database field
  * @param  bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool   Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     // encode Password with phpAss
     if (($columnName === 'usr_password' || $columnName === 'usr_new_password') && strlen($newValue) < 30) {
         $checkValue = false;
         $passwordHasher = new PasswordHash(9, true);
         // only use private hash because of compatibility
         $newValue = $passwordHasher->HashPassword($newValue);
     } elseif ($columnName === 'usr_login_name') {
         if ($newValue === '' || !strValidCharacters($newValue, 'noSpecialChar')) {
             return false;
         }
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }
示例#22
0
     $checkboxes = array('enable_download_module');
     break;
 case 'guestbook':
     $checkboxes = array('enable_guestbook_captcha', 'enable_gbook_comments4all', 'enable_intial_comments_loading');
     break;
 case 'ecards':
     $checkboxes = array('enable_ecard_module');
     break;
 case 'lists':
     $checkboxes = array('lists_hide_overview_details');
     break;
 case 'messages':
     $checkboxes = array('enable_mail_module', 'enable_pm_module', 'enable_chat_module', 'enable_mail_captcha', 'mail_html_registered_users', 'mail_into_to', 'mail_show_former');
     if ($_POST['mail_sendmail_address'] !== '') {
         $_POST['mail_sendmail_address'] = admStrToLower($_POST['mail_sendmail_address']);
         if (!strValidCharacters($_POST['mail_sendmail_address'], 'email')) {
             $gMessage->show($gL10n->get('SYS_EMAIL_INVALID', $gL10n->get('MAI_SENDER_EMAIL')));
         }
     }
     break;
 case 'photos':
     $checkboxes = array('photo_download_enabled', 'photo_keep_original');
     break;
 case 'profile':
     $checkboxes = array('profile_log_edit_fields', 'profile_show_map_link', 'profile_show_roles', 'profile_show_former_roles', 'profile_show_extern_roles');
     break;
 case 'events':
     $checkboxes = array('enable_dates_ical', 'dates_show_map_link', 'dates_show_rooms');
     break;
 case 'links':
     if (!is_numeric($_POST['weblinks_redirect_seconds']) || $_POST['weblinks_redirect_seconds'] < 0) {
 /**
  * Set a new value for a column of the database table.
  * The value is only saved in the object. You must call the method @b save to store the new value to the database
  * @param string $columnName The name of the database column whose value should get a new value
  * @param mixed  $newValue   The new value that should be stored in the database field
  * @param bool   $checkValue The value will be checked if it's valid. If set to @b false than the value will not be checked.
  * @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
  */
 public function setValue($columnName, $newValue, $checkValue = true)
 {
     if ($columnName === 'usr_password' || $columnName === 'usr_new_password') {
         return false;
     } elseif ($columnName === 'usr_login_name') {
         // @ptabaden: Change in reference to 3.1.2
         if ($newValue !== '' && !strValidCharacters($newValue, 'noSpecialChar')) {
             return false;
         }
     }
     return parent::setValue($columnName, $newValue, $checkValue);
 }