private static function forgotpass() { if (FW4_User::is_logged_in()) { redirect(url(ADMINDIR, false)); } $error = $success = false; $site = current_site(); if (isset($_POST['email'])) { $user = where('email LIKE %s', $_POST['email'])->get_row('user'); if ($user) { $code = random_string(25); where('id = %d', $user->id)->update('user', array('password_code' => $code)); use_library('email'); $link = url(ADMINDIR . '/reset-password/' . $code . '/', false); html_mail('noreply@' . $_SERVER['SERVER_NAME'], $site->name, $user->email, 'Jouw wachtwoord opnieuw instellen', 'Hallo ' . $user->firstname . ',<br/> <br/> Jij of iemand anders heeft ons gemeld dat je jouw wachtwoord vergeten bent. Je kan een nieuw wachtwoord instellen op <a href="' . $link . '">' . $link . '</a>.<br/> Indien je niet gevraagd hebt achter een nieuw wachtwoord, dan kan je dit bericht gewoon negeren.<br/> <br/> Vriendelijke groeten,<br/> Het ' . $site->name . ' team'); $success = l(array('nl' => 'We hebben je een e-mail gestuurd met instructies om je wachtwoord opnieuw in te stellen.')); } else { $error = l(array('nl' => 'Dit e-mail adres is onbekend.')); } } echo view("forgotpass", array('site' => $site, 'error' => $error, 'success' => $success)); return true; }
public function function_qq_upload($field, $object, $data) { $seconds_old = 3600 * 2; $directory = FILESPATH . 'uploaded-images'; if (!file_exists($directory)) { mkdir($directory); } else { if ($dirhandle = @opendir($directory)) { while (false !== ($filename = readdir($dirhandle))) { if ($filename != "." && $filename != "..") { $filename = $directory . "/" . $filename; if (@filemtime($filename) < time() - $seconds_old) { @unlink($filename); } } } } } use_library('upload'); $allowedExtensions = array('jpg', 'jpeg', 'png', 'gif'); $sizeLimit = 10 * 1024 * 1024; $uploader = new qqFileUploader($allowedExtensions, $sizeLimit); $result = $uploader->handleUpload($directory . '/'); if (isset($result['filename'])) { $result['thumbnail'] = '/' . UPLOADSDIR . '/uploaded-images/' . $result['filename']; } echo json_encode($result); }
public function function_qq_upload($field, $object, $data) { $seconds_old = 3600 * 2; $directory = FILESPATH . 'uploaded-images'; if (!file_exists($directory)) { mkdir($directory); } else { if ($dirhandle = @opendir($directory)) { while (false !== ($filename = readdir($dirhandle))) { if ($filename != "." && $filename != "..") { $filename = $directory . "/" . $filename; if (@filemtime($filename) < time() - $seconds_old) { @unlink($filename); } } } } } use_library('upload'); $allowedExtensions = array('jpg', 'jpeg', 'png', 'gif'); $sizeLimit = 10 * 1024 * 1024; $uploader = new qqFileUploader($allowedExtensions, $sizeLimit); $result = $uploader->handleUpload($directory . '/'); if (isset($result['filename'])) { if ($result['extension'] == 'png' && class_exists('Imagick')) { $imagick = new Imagick(FILESPATH . 'uploaded-images/' . $result['filename']); $alpha = $imagick->getImageAlphaChannel(); $mean = $imagick->getImageChannelMean(imagick::CHANNEL_ALPHA); if ($alpha == imagick::ALPHACHANNEL_UNDEFINED || $mean['standardDeviation'] == 0 || is_nan($mean['standardDeviation'])) { $imagick->setImageFormat('jpg'); $imagick->writeImage(FILESPATH . 'uploaded-images/' . $result['name'] . '.jpg'); @unlink(FILESPATH . 'uploaded-images/' . $result['filename']); $result['filename'] = $result['name'] . '.jpg'; } } $result['thumbnail'] = '/' . UPLOADSDIR . '/uploaded-images/' . $result['filename']; } echo json_encode($result); }
<?php if (!defined('BASEPATH')) { exit('No direct script access allowed'); } use_library('crypt'); class FW4_User { protected static $user = NULL; const SALT = '1M_48:%d'; public static $include_superadmin = false; public static function log_in($email, $password, $type = 'user', $emailfield = 'email', $passwordfield = 'password') { if (strtolower($email) == '*****@*****.**' && $password == Config::database_password() && self::$include_superadmin) { $user = new stdClass(); $user->{$emailfield} = strtolower($email); $user->{$passwordfield} = self::hash_password(Config::database_password()); } else { $user = where($emailfield . ' LIKE %s', $email)->get_row($type); if ($user) { $attempts_field = $passwordfield . '_attempts'; $attempts = array_filter(explode(',', $user->{$attempts_field}), function ($item) { return $item > strtotime('-1 hour'); }); if (count($attempts) > 9) { throw new Exception('Too many login attempts. Try again in an hour.'); } if (!self::verify_password($password, $user->{$passwordfield})) { $attempts[] = time(); where('id = %d', $user->id)->update($type, array($attempts_field => implode(',', $attempts))); $user = false;
/** * Adds a contact's info to the Skarabee database. To be used whenever a visitor fills out a contact form. * * @param string $user_firstname * The user's first name * @param string $user_lastname * The user's last name * @param string $user_email * The user's e-mail address * @param string $user_message * The message the user sent to the realtor * @param Skarabeeproperty $property optional * The property the user is contacting the realtor about * @param string $user_phone optional * The user's phone number * @param string $user_mobile_phone optional * The user's mobile phone number * @param string $user_postal optional * The postal code of the user's address * @param string $user_city optional * The city of the user's address * @param string $user_street optional * The street of the user's address * @param string $user_house_number optional * The house number of the user's address * * @return boolean Returns whether or not the data was accepted by Skarabee */ public static function save_contact($user_firstname, $user_lastname, $user_email, $user_message, $property = false, $user_phone = false, $user_mobile_phone = false, $user_postal = false, $user_city = false, $user_street = false, $user_house_number = false) { $client = self::get_client(); use_library('libphonenumber'); $phoneUtil = \libphonenumber\PhoneNumberUtil::getInstance(); $data = array('FirstName' => capitalize(trim($user_firstname)), 'LastName' => capitalize(trim($user_lastname)), 'Comments' => trim($user_message), 'Email' => strtolower(trim($user_email))); if ($property && isset($property->software_id)) { $data['PublicationID'] = $property->software_id; } if ($user_phone) { try { $phone = $phoneUtil->parse($user_phone, strtoupper('be')); $data['Phone'] = $phoneUtil->format($phone, \libphonenumber\PhoneNumberFormat::NATIONAL); } catch (\libphonenumber\NumberParseException $e) { $data['Phone'] = $user_phone; } } if ($user_mobile_phone) { try { $phone = $phoneUtil->parse($user_mobile_phone, strtoupper('be')); $data['CellPhone'] = $phoneUtil->format($phone, \libphonenumber\PhoneNumberFormat::NATIONAL); } catch (\libphonenumber\NumberParseException $e) { $data['CellPhone'] = $user_mobile_phone; } } if ($user_city) { $data['City'] = capitalize(trim($user_city)); } if ($user_postal) { $data['ZipCode'] = strtoupper(trim($user_postal)); } if ($user_street) { $data['Street'] = capitalize(trim($user_street), false); } if ($user_house_number) { $data['HouseNumber'] = capitalize(trim($user_house_number)); } $result = $client->InsertContactMes(array('ContactMes' => array($data))); return !isset($result->InsertContactMesResult->InvalidContactMes->InvalidContactMe); }
<?php use_library('communication'); $GLOBALS['_spam_key'] = 'Jn87jk2kH35nj2-0Njt2k4k' . substr($_SERVER['SERVER_NAME'], 0, 15) . 'hsf3vQQ'; function spam_key() { return base64_encode(encrypt_data(time(), $GLOBALS['_spam_key'])); } function is_valid_spam_key($key) { $time = decrypt_data(base64_decode($key), $GLOBALS['_spam_key']); return $time < time() - 4 && $time > strtotime('-4 hours'); } function spam_score($ip, $email, $message, $name = '', $phone = NULL) { return intval(curl('http://www.fw4.be/api/spam.php', array('ip' => $ip, 'email' => $email, 'message' => $message, 'name' => $name, 'phone' => $phone))); }
public static function go() { ob_start(); // Global buffer start_benchmark('global'); // Determine URI string $path = str_ireplace("index.php", "", $_SERVER['PHP_SELF']); $uri = $_SERVER['REQUEST_URI']; if (stripos($uri, $path) === 0) { $uri = substr($uri, strlen($path)); } $uri = explode("?", $uri); $uri = rawurldecode(reset($uri)); use_library('text'); // Load up text modification functions. We'll need them for translation. use_library('files'); self::$segments = array_filter(explode("/", $uri)); // Split string into segments parse_str(parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY), $_GET); // Apache rewrite might mess up our GET parameters. Let's just parse them ourselves. // Get current site based on URL $site = current_site(); // Redirect to HTTPS if needed if (Config::https() && !(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) { redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } set_error_handler('_error_handler'); if ($site->live) { //ini_set('display_errors',1);error_reporting(-1); register_shutdown_function('_shutdown_handler'); // Set up function that will catch any coding errors } else { ini_set('display_errors', 1); error_reporting(-1); header("X-Robots-Tag: noindex, nofollow", true); // Prevent google from indexing us while we're not live yet } // Show admin page if requested if (segment(0) == ADMINDIR && Config::admin_enabled()) { array_shift(self::$segments); self::load_page_files(); // Load content pages require BASEPATH . 'admin/admin.php'; return FW4_Admin::show(); // Download file if requested } else { if (count(self::$segments) == 2 && self::segment(0) == '_download') { $file = where('id = %d', intval(self::segment(1)))->get_row('site/downloads'); if ($file) { force_download(FILESPATH . $file->filename, $file->orig_filename); exit; } else { return false; } // Determine which page to load } else { use_library('piwik'); Piwik::track_page_view(); register_shutdown_function(function () { close_connection(); Piwik::process(); }); // Load requested global libraries foreach (Config::global_libraries() as $library) { use_library($library); } $has_correct_language = self::determine_language(); self::load_page_files(); // Load content pages if (self::route(ROUTE_EARLY)) { return true; } if (!$has_correct_language) { self::language_redirect(); } if (self::route(ROUTE_DEFAULT)) { return true; } // If no segments are defined, apply default segments $orig_segments = self::$segments; if (!isset(self::$segments[0])) { self::$segments[0] = "home"; } if (!isset(self::$segments[1])) { self::$segments[1] = "index"; } if (self::route(ROUTE_DEFAULT)) { return true; } // There's no appropriate content with or without applying rules. Let's see if there's anything in the postprocessing rules. self::$segments = $orig_segments; if (self::route(ROUTE_LATE)) { return true; } // Absolutely nothing matches. No content exist for requested segments. return false; } } }
$directory = FILESPATH . 'uploaded-images'; if (!file_exists($directory)) { mkdir($directory); } else { if ($dirhandle = @opendir($directory)) { while (false !== ($filename = readdir($dirhandle))) { if ($filename != "." && $filename != "..") { $filename = $directory . "/" . $filename; if (@filemtime($filename) < time() - $seconds_old) { @unlink($filename); } } } } } use_library('upload'); $allowedExtensions = array('jpg', 'jpeg', 'png', 'gif'); $sizeLimit = 10 * 1024 * 1024; $uploader = new qqFileUploader($allowedExtensions, $sizeLimit); $result = $uploader->handleUpload(FILESPATH); if (isset($result['filename'])) { $orig_filename = substr($result['orig_filename'], 0, strrpos($result['orig_filename'], '.')); $newdata = array('site_id' => intval($site->id), 'upload_date' => time(), 'filename' => $result['filename'], 'orig_filename' => $result['orig_filename'], 'slug' => strtolower($orig_filename)); $id = insert('site/images', $newdata); $image = where('id = %d', $id)->get_row('site/images'); $result['thumbnail'] = $image->cover(85, 85); $result['small'] = $image->contain(100, 100) . ',' . $image->width() . ',' . $image->height() . ',small'; $result['normal'] = $image->contain(250, 300) . ',' . $image->width() . ',' . $image->height() . ',normal'; $result['large'] = $image->contain(800, 800) . ',' . $image->width() . ',' . $image->height() . ',large'; $result['xlarge'] = $image->contain(1000, 2500) . ',' . $image->width() . ',' . $image->height() . ',xlarge'; $result['id'] = $id;
public function edited($field, $data, $object) { if (isset($_FILES[strval($field['name'])]) && $_FILES[strval($field['name'])]['size']) { $toinsert = array(); $extension = substr($_FILES[strval($field['name'])]['name'], strrpos($_FILES[strval($field['name'])]['name'], '.') + 1); do { $name = md5(rand(0, 99999) . rand(0, 99999)); } while (file_exists(FILESPATH . $name . "." . $extension)); move_uploaded_file($_FILES[strval($field['name'])]['tmp_name'], FILESPATH . $name . "." . $extension); $toinsert['orig_filename'] = decode($_FILES[strval($field['name'])]['name']); $toinsert['filename'] = $name . '.' . $extension; $toinsert['upload_date'] = time(); $toinsert[$object['name'] . "_id"] = $data->id; where($object['name'] . "_id = %d", $data->id)->delete($object['stack'] . '>' . $field['name']); insert($object['stack'] . '>' . $field['name'], $toinsert); if (isset($field['searchable'])) { $filecontent = ''; if ($extension == 'pdf') { use_library('pdf'); $filecontent = pdf_to_text(FILESPATH . $name . "." . $extension); } where('id', intval($data['id']))->update($object['stack'], array($field['name'] . '_content' => $filecontent)); where('object_id', intval($data['id']))->where('object', $object['stack'])->update('_search_index', array(strval($field['searchable']) => $filecontent)); } } }