public function getDetailPage() { global $_ARRAYLANG, $objDatabase; $cx = \Cx\Core\Core\Controller\Cx::instanciate(); $file = str_replace($cx->getWebsiteOffsetPath(), '', $_GET["path"]) . $_GET["file"]; $objResult = $objDatabase->Execute("SELECT `id`, `file`, `source`, `hash`, `check`, `expiration_date` FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'"); $existing = $objResult !== false && $objResult->RecordCount() > 0; if ($_GET["switch"]) { if ($existing) { $objDatabase->Execute("DELETE FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'"); } else { $hash = FileSharingLib::createHash(); $check = FileSharingLib::createCheck($hash); $source = str_replace($cx->getWebsiteOffsetPath(), '', $_GET["path"]) . $_GET["file"]; $objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_filesharing (`file`, `source`, `hash`, `check`) VALUES ('" . contrexx_raw2db($source) . "', '" . contrexx_raw2db($source) . "', '" . contrexx_raw2db($hash) . "', '" . contrexx_raw2db($check) . "')"); } $existing = !$existing; } if ($existing) { $this->_objTpl->setVariable(array('FILE_STATUS' => $_ARRAYLANG["TXT_FILESHARING_SHARED"], 'FILE_STATUS_SWITCH' => $_ARRAYLANG["TXT_FILESHARING_STOP_SHARING"], 'FILE_STATUS_SWITCH_HREF' => 'index.php?cmd=Media&archive=FileSharing&act=filesharing&path=' . $_GET["path"] . '&file=' . $_GET["file"] . '&switch=1')); $this->_objTpl->touchBlock('shared'); } else { $this->_objTpl->setVariable(array('FILE_STATUS' => $_ARRAYLANG["TXT_FILESHARING_NOT_SHARED"], 'FILE_STATUS_SWITCH' => $_ARRAYLANG["TXT_FILESHARING_START_SHARING"], 'FILE_STATUS_SWITCH_HREF' => 'index.php?cmd=Media&archive=FileSharing&act=filesharing&path=' . $_GET["path"] . '&file=' . $_GET["file"] . '&switch=1')); $this->_objTpl->hideBlock('shared'); } if ($_POST["shareFiles"]) { $emails = array(); foreach (preg_split('/[;,\\s]+/', $_POST["email"]) as $email) { if (\FWValidator::isEmail($email)) { $emails[] = contrexx_input2raw($email); } } if (count($emails) > 0) { FileSharingLib::sendMail($objResult->fields["id"], $_POST["subject"], $emails, $_POST["message"]); } } elseif ($_POST["saveExpiration"]) { if ($_POST["expiration"]) { $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `expiration_date` = NULL WHERE `id` = " . $objResult->fields["id"]); } else { $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `expiration_date` = '" . date('Y-m-d H:i:s', strtotime($_POST["expirationDate"])) . "' WHERE `id` = " . $objResult->fields["id"]); } } $objResult = $objDatabase->Execute("SELECT `id`, `hash`, `check`, `expiration_date` FROM " . DBPREFIX . "module_filesharing WHERE `source` = '" . contrexx_raw2db($file) . "'"); $this->_objTpl->setVariable(array('FORM_ACTION' => 'index.php?cmd=Media&archive=FileSharing&act=filesharing&path=' . $_GET["path"] . '&file=' . $_GET["file"], 'FORM_METHOD' => 'POST', 'FILESHARING_INFO' => $_ARRAYLANG['TXT_FILESHARING_INFO'], 'FILESHARING_LINK_BACK_HREF' => 'index.php?cmd=Media&archive=FileSharing&path=' . $_GET["path"], 'FILESHARING_LINK_BACK' => $_ARRAYLANG['TXT_FILESHARING_LINK_BACK'], 'FILESHARING_DOWNLOAD_LINK' => $_ARRAYLANG['TXT_FILESHARING_DOWNLOAD_LINK'], 'FILE_DOWNLOAD_LINK_HREF' => FileSharingLib::getDownloadLink($objResult->fields["id"]), 'FILE_DELETE_LINK_HREF' => FileSharingLib::getDeleteLink($objResult->fields["id"]), 'FILESHARING_DELETE_LINK' => $_ARRAYLANG['TXT_FILESHARING_DELETE_LINK'], 'FILESHARING_STATUS' => $_ARRAYLANG['TXT_FILESHARING_STATUS'], 'FILESHARING_EXPIRATION' => $_ARRAYLANG['TXT_FILESHARING_EXPIRATION'], 'FILESHARING_NEVER' => $_ARRAYLANG['TXT_FILESHARING_NEVER'], 'FILESHARING_EXPIRATION_CHECKED' => htmlentities($objResult->fields["expiration_date"] == NULL ? 'checked="checked"' : '', ENT_QUOTES, CONTREXX_CHARSET), 'FILESHARING_EXPIRATION_DATE' => htmlentities($objResult->fields["expiration_date"] != NULL ? date('d.m.Y H:i', strtotime($objResult->fields["expiration_date"])) : date('d.m.Y H:i', time() + 3600 * 24 * 7), ENT_QUOTES, CONTREXX_CHARSET), 'FILESHARING_SEND_MAIL' => $_ARRAYLANG['TXT_FILESHARING_SEND_MAIL'], 'FILESHARING_EMAIL' => $_ARRAYLANG["TXT_FILESHARING_EMAIL"], 'FILESHARING_EMAIL_INFO' => $_ARRAYLANG["TXT_FILESHARING_EMAIL_INFO"], 'FILESHARING_SUBJECT' => $_ARRAYLANG["TXT_FILESHARING_SUBJECT"], 'FILESHARING_SUBJECT_INFO' => $_ARRAYLANG["TXT_FILESHARING_SUBJECT_INFO"], 'FILESHARING_MESSAGE' => $_ARRAYLANG["TXT_FILESHARING_MESSAGE"], 'FILESHARING_MESSAGE_INFO' => $_ARRAYLANG["TXT_FILESHARING_MESSAGE_INFO"], 'FILESHARING_SEND' => $_ARRAYLANG["TXT_FILESHARING_SEND"], 'FILESHARING_SAVE' => $_ARRAYLANG["TXT_FILESHARING_SAVE"], 'TXT_CORE_MAILTEMPLATE_NOTE_TO' => $_ARRAYLANG['TXT_CORE_MAILTEMPLATE_NOTE_TO'])); }
/** * Verifies the account data present in the session * @param boolean $silent If true, no messages are created. * Defaults to false * @return boolean True if the account data is complete * and valid, false otherwise */ static function verify_account($silent = false) { global $_ARRAYLANG; //\DBG::log("Verify account"); $status = true; //\DBG::log("POST: ". var_export($_POST, true)); if (isset($_POST) && !self::verifySessionAddress()) { if ($silent) { return false; } $status = \Message::error($_ARRAYLANG['TXT_FILL_OUT_ALL_REQUIRED_FIELDS']); } // Registered Customers are okay now if (self::$objCustomer) { return $status; } if (\Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_MANDATORY || \Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_OPTIONAL && empty($_SESSION['shop']['dont_register'])) { if (isset($_SESSION['shop']['password']) && !\User::isValidPassword($_SESSION['shop']['password'])) { if ($silent) { return false; } global $objInit; $objInit->loadLanguageData('Access'); $status = \Message::error(\Cx\Core_Modules\Access\Controller\AccessLib::getPasswordInfo()); } } else { // User is not trying to register, so she doesn't need a password. // Mind that this is necessary in order to avoid passwords filled // in automatically by the browser, which may be wrong, or // invalid, or both. $_SESSION['shop']['password'] = NULL; } if (isset($_SESSION['shop']['email']) && !\FWValidator::isEmail($_SESSION['shop']['email'])) { if ($silent) { return false; } $status = \Message::error($_ARRAYLANG['TXT_INVALID_EMAIL_ADDRESS']); } if (!$status) { return false; } if (isset($_SESSION['shop']['email'])) { // Ignore "unregistered" Customers. These will silently be updated if (Customer::getUnregisteredByEmail($_SESSION['shop']['email'])) { return true; } $objUser = new \User(); $objUser->setUsername($_SESSION['shop']['email']); $objUser->setEmail($_SESSION['shop']['email']); \Message::save(); // This method will set an error message we don't want here // (as soon as it uses the Message class, that is) if (!($objUser->validateUsername() && $objUser->validateEmail())) { //\DBG::log("Shop::verify_account(): Username or e-mail in use"); \Message::restore(); $_POST['email'] = $_SESSION['shop']['email'] = NULL; if ($silent) { return false; } return \Message::error(sprintf($_ARRAYLANG['TXT_EMAIL_USED_BY_OTHER_CUSTOMER'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'login') . '?redirect=' . base64_encode(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'account')))) || \Message::error(sprintf($_ARRAYLANG['TXT_SHOP_GOTO_SENDPASS'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'sendpass'))); } \Message::restore(); } return $status; }
/** * Validate user input data. * * @access private * @param array $arrUserData user input data from submitted form * @return array $arrFieldsToHighlight contains all fields which need to be highlighted */ private function validateUserData($arrUserData) { global $_ARRAYLANG; $arrFieldsToHighlight = array(); foreach ($arrUserData['numeric'] as $key => $field) { if (!empty($field['mandatory'])) { if (empty($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_EMPTY']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } if (strlen($field['value']) > $field['length']) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_LENGTH_EXCEEDED']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $msg = str_replace('{MAX_LENGTH}', $field['length'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } if (!empty($field['value']) && !is_numeric($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_NOT_NUMERIC']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } if (!empty($field['value']) && $field['value'] < 1) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_NOT_POSITIVE']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } foreach ($arrUserData['text'] as $key => $field) { if (!empty($field['mandatory'])) { if (empty($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_EMPTY']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } if (strlen($field['value']) > $field['length']) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_LENGTH_EXCEEDED']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $msg = str_replace('{MAX_LENGTH}', $field['length'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } foreach ($arrUserData['selection'] as $key => $field) { if (!empty($field['mandatory'])) { if (empty($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_SELECTION_EMPTY']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } if (!empty($field['value']) && !isset($field['options'][$field['value']])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_SELECTION_INVALID_OPTION']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } foreach ($arrUserData['email'] as $key => $field) { if (!empty($field['mandatory'])) { if (empty($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_EMPTY']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } if (strlen($field['value']) > $field['length']) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_FIELD_LENGTH_EXCEEDED']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $msg = str_replace('{MAX_LENGTH}', $field['length'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } if (!empty($field['value']) && !\FWValidator::isEmail($field['value'])) { $msg = $_ARRAYLANG['TXT_CHECKOUT_VALIDATION_INVALID_EMAIL']; $msg = str_replace('{FIELD_NAME}', $field['name'], $msg); $msg = str_replace('{MAX_LENGTH}', $field['length'], $msg); $this->arrStatusMessages['error'][] = $msg; $arrFieldsToHighlight[$key] = ''; continue; } } return $arrFieldsToHighlight; }
/** * Check that a string looks roughly like an email address should * Static so it can be used without instantiation * Tries to use PHP built-in validator in the filter extension (from PHP 5.2), falls back to a reasonably competent regex validator * Conforms approximately to RFC2822 * @link http://www.hexillion.com/samples/#Regex Original pattern found here * @param string $address The email address to check * @return boolean * @static * @access public */ public static function ValidateAddress($address) { return FWValidator::isEmail($address); /* if (function_exists('filter_var')) { //Introduced in PHP 5.2 */ /* if(filter_var($address, FILTER_VALIDATE_EMAIL) === FALSE) { */ /* return false; */ /* } else { */ /* return true; */ /* } */ /* } else { */ /* return preg_match('/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!\.)){0,61}[a-zA-Z0-9_-]?\.)+[a-zA-Z0-9_](?:[a-zA-Z0-9_\-](?!$)){0,61}[a-zA-Z0-9_]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/', $address); */ /* } */ }
/** * check the account id * * @global object $objFWUser * * @return json */ function checkAccountId() { global $objFWUser; $accountId = isset($_GET['id']) ? (int) $_GET['id'] : ''; $accountEmail = isset($_GET['email']) ? trim($_GET['email']) : ''; $show = !empty($accountId) || !empty($accountEmail) ? true : false; if (!empty($accountId)) { $objUsers = $objFWUser->objUser->getUsers($filter = array('id' => intval($accountId))); if ($objUsers) { $email = $objUsers->getEmail(); } } if (empty($accountId) && !empty($accountEmail) && \FWValidator::isEmail($accountEmail)) { $objFWUser = \FWUser::getFWUserObject(); $objUsers = $objFWUser->objUser->getUsers($filter = array('email' => addslashes($accountEmail))); if ($objUsers) { $id = $objUsers->getId(); $email = $objUsers->getEmail(); $company = trim($objUsers->getProfileAttribute('company')); $lastname = trim($objUsers->getProfileAttribute('lastname')); $firstname = trim($objUsers->getProfileAttribute('firstname')); $defaultUser = !empty($company) ? trim($company . ', ' . $firstname . ' ' . $lastname) : trim($firstname . ' ' . $lastname); $setDefaultUser = !empty($defaultUser) ? $defaultUser : '******'; } else { $sendLoginCheck = true; $email = $accountEmail; } } else { $email = $accountEmail; } $json[] = array('show' => $show, 'id' => $id, 'email' => $email, 'sendLoginCheck' => $sendLoginCheck, 'setDefaultUser' => $setDefaultUser); echo json_encode($json); exit; }
/** * Returns true if the given $username is valid * * @param string $username * * @return boolean */ protected function isValidUsername($username) { if (preg_match('/^[a-zA-Z0-9-_]+$/', $username)) { return true; } if (\FWValidator::isEmail($username)) { return true; } return false; }
/** * Validate the email * * @param string $string * @return boolean result */ function isEmail($string) { return \FWValidator::isEmail($string); }
/** * Update guestbook * * @global ADONewConnection * @global array */ function _update() { global $objDatabase, $_ARRAYLANG; $guestbookId = intval($_GET['id']); $error = ""; if (!empty($guestbookId)) { $forename = contrexx_addslashes(strip_tags($_POST['forename'])); $name = contrexx_addslashes(strip_tags($_POST['name'])); $gender = contrexx_addslashes(strip_tags($_POST['malefemale'])); $mail = isset($_POST['email']) ? contrexx_addslashes(strip_tags($_POST['email'])) : ''; $url = isset($_POST['url']) && strlen($_POST['url']) > 7 ? contrexx_addslashes(strip_tags($_POST['url'])) : ""; $comment = contrexx_addslashes(strip_tags($_POST['comment'])); $location = contrexx_addslashes(strip_tags($_POST['location'])); $ip = contrexx_addslashes(strip_tags($_POST['ip'])); $date = contrexx_addslashes(strip_tags($_POST['datetime'])); $objValidator = new \FWValidator(); if (!empty($url)) { if (!$this->isUrl($url)) { $error .= $_ARRAYLANG['TXT_INVALID_INTERNET_ADDRESS'] . "<br />"; } } if (!$objValidator->isEmail($mail)) { $error .= $_ARRAYLANG['TXT_INVALID_EMAIL_ADDRESS'] . "<br />"; } if (!empty($forename) && !empty($name)) { $query = "UPDATE " . DBPREFIX . "module_guestbook\n SET forename='{$forename}',\n name='{$name}',\n gender='{$gender}',\n email='{$mail}',\n url='{$url}',\n comment='{$comment}',\n location='{$location}',\n ip='{$ip}',\n datetime='{$date}',\n lang_id='{$this->langId}'\n WHERE id={$guestbookId}"; $objDatabase->Execute($query); } } if (empty($error)) { $this->strOkMessage = $_ARRAYLANG['TXT_DATA_RECORD_UPDATED_SUCCESSFUL']; } else { $this->strErrMessage = $error; } }
/** * Import Users from a CSV file * * Sets up common User and Profile fields as well as * Newsletter list relations. * Fields and their mapping: * Anrede -> Titel * Vorname * Name * eMail * Firma * Strasse -> Zusammen mit Hausnummer in Adresse * Hausnummer -> Zusammen mit Strasse in Adresse * PLZ * Ort * Land * Bundesland -> Evtl in Ort? * Tel.-Vorwahl -> Zusammen mit Tel.-Nummer in phone_office * Tel.-Nummer -> Zusammen mit Tel.-Vorwahl in phone_office * Fax-Vorwahl -> Zusammen mit Fax.-Nummer in phone_fax * Fax-Nummer -> Zusammen mit Fax.-Vorwahl in phone_fax * Mobil-Vorwahl -> Zusammen mit Mobil-Nummer in phone_mobile * Mobil-Nummer -> Zusammen mit Mobil-Vorwahl in phone_mobile * P1 -> Interessen: Newsletter Listen, kommagetrennt * -> Nicht vorhandene Listen werden angelegt * P2 -> Antwort: ? * P3 -> ? * P4 -> Titel: ? * P5 -> ? * Ursprungsformular -> ? * Permission -> ? * Ausgetragen -> Wenn true, alle Listenzuordnungen entfernen, sonst fehlende anlegen * Anzahl Hard-Bounces -> Nicht vorhanden? * Status -> Bedeutung? * Sprache -> Wird die verwendet? * ID -> Bedeutung? * Eintragungsdatum -> regdate * Aenderungsdatum -> ? (Nur regdate) * Austragungsdatum -> ? (Nur regdate) * @param string $file_name The CSV file name */ static function import_csv($file_name) { global $_ARRAYLANG; \Env::get('ClassLoader')->loadFile(ASCMS_LIBRARY_PATH . '/importexport/lib/csv.class.php'); //DBG::activate(DBG_ADODB_ERROR|DBG_LOG_FIREPHP|DBG_PHP); $objUser = \FWUser::getFWUserObject()->objUser; $objCsv = new \CsvLib(); $arrCsv = $objCsv->parse($file_name); // $arrFields = $arrCsv['fieldnames']; $arrUsers = $arrCsv['data']; //DBG::log("Found ".count($arrUsers)." Users in the CSV file"); foreach ($arrUsers as $arrUser) { //echo(var_export($arrUser, true)."<br />");// var_export($objUser, true)."<hr />" $email = $arrUser['3']; //DBG::log("Found e-mail $email"); if (!\FWValidator::isEmail($email)) { self::$arrStatusMsg['error'][] = sprintf($_ARRAYLANG['TXT_ACCESS_IMPORT_MESSAGE_TEMPLATE'], $email, $_ARRAYLANG['TXT_ACCESS_IMPORT_ERROR_INVALID_EMAIL']); continue; } // TODO: I suppose that the imported file is ISO-8859-1 or so $title = utf8_encode($arrUser[0]); $gender = preg_match('//', $title) ? 'gender_male' : 'gender_female'; $firstname = utf8_encode($arrUser[1]); $lastname = utf8_encode($arrUser[2]); $company = utf8_encode($arrUser[4]); $address = utf8_encode($arrUser[5]) . ' ' . utf8_encode($arrUser[6]); $zip = utf8_encode($arrUser[7]); $city = utf8_encode($arrUser[8]); $country = utf8_encode($arrUser[9]); $state = utf8_encode($arrUser[10]); if ($state) { $city .= ", {$state}"; } $phone_office = utf8_encode($arrUser[11]) . ' ' . utf8_encode($arrUser[12]); $phone_fax = utf8_encode($arrUser[13]) . ' ' . utf8_encode($arrUser[14]); $phone_mobile = utf8_encode($arrUser[15]) . ' ' . utf8_encode($arrUser[16]); $p1_lists = utf8_encode($arrUser[17]); $unsubscribed = utf8_encode($arrUser[24]); $language = utf8_encode($arrUser[27]); // These are all unused for the time being // $p2_answer = $arrUser[18]; // $p3 = $arrUser[19]; // $p4_title = $arrUser[20]; // $p5 = $arrUser[21]; // $source = $arrUser[22]; // $permission = $arrUser[23]; // $bounces = $arrUser[25]; // $status = $arrUser[26]; // $id = $arrUser[28]; // $date_subscribed = $arrUser[29]; // $date_changed = $arrUser[30]; // $date_unsubscribe = $arrUser[31]; $objUser = new \User(); $objUser = $objUser->getUsers(array('email' => array($email))); $new_user = false; if (!$objUser) { $new_user = true; $objUser = new \User(); $objUser->setUsername(\User::makeUsername($lastname, $firstname)); $objUser->setPassword(\User::makePassword()); $objUser->setEmail($email); } // TODO: Make new Users active or inactive? // $objUser->setActiveStatus(0); // $objUser->setAdminStatus(0); $lang_id = \FWLanguage::getLanguageIdByCode($language); $objUser->setFrontendLanguage($lang_id); $objUser->setBackendLanguage($lang_id); $objUser->setProfile(array('gender' => array($gender), 'title' => array($title), 'firstname' => array($firstname), 'lastname' => array($lastname), 'company' => array($company), 'address' => array($address), 'city' => array($city), 'zip' => array($zip), 'country' => array($country), 'phone_office' => array($phone_office), 'phone_mobile' => array($phone_mobile), 'phone_fax' => array($phone_fax))); $arrLists = preg_split('/\\s*,\\s*/', $p1_lists, null, PREG_SPLIT_NO_EMPTY); $arrListId = array(); if (preg_match('/false/i', $unsubscribed)) { // User has not unsubscribed (yet), collect the List IDs foreach ($arrLists as $list_name) { $list_id = \Cx\Modules\Newsletter\Controller\NewsletterLib::getListIdByName($list_name); //DBG::log("List '$list_name' => ID $list_id"); if (!$list_id) { // TODO: Shall I do this? $list_id = \Cx\Modules\Newsletter\Controller\NewsletterLib::_addList(addslashes($list_name)); self::$arrStatusMsg['ok'][] = sprintf($_ARRAYLANG['TXT_ACCESS_IMPORT_MESSAGE_TEMPLATE'], $list_name, $_ARRAYLANG['TXT_ACCESS_IMPORT_SUCCESS_LIST_CREATED']); } $arrListId[$list_id] = $list_id; } } $objUser->setNewsletterCategories($arrListId); if ($objUser->store()) { self::$arrStatusMsg['ok'][] = sprintf($_ARRAYLANG['TXT_ACCESS_IMPORT_MESSAGE_TEMPLATE'], $email, $new_user ? $_ARRAYLANG['TXT_ACCESS_IMPORT_SUCCESS_USER_CREATED'] : $_ARRAYLANG['TXT_ACCESS_IMPORT_SUCCESS_USER_UPDATED']); } else { self::$arrStatusMsg['error'][] = sprintf($_ARRAYLANG['TXT_ACCESS_IMPORT_MESSAGE_TEMPLATE'], $email, $_ARRAYLANG['TXT_ACCESS_IMPORT_ERROR_CREATING_USER']); } } }
/** * Show current voting */ function votingShowCurrent($page_content) { global $objDatabase, $_CONFIG, $_ARRAYLANG, $_COOKIE; $paging = ''; $objTpl = new \Cx\Core\Html\Sigma('.'); \Cx\Core\Csrf\Controller\Csrf::add_placeholder($objTpl); $objTpl->setErrorHandling(PEAR_ERROR_DIE); $objTpl->setTemplate($page_content); if (!isset($_GET['vid'])) { $_GET['vid'] = ''; } if (!isset($_POST['votingemail'])) { $_POST['votingemail'] = ''; } $votingId = intval($_GET['vid']); $msg = ''; $voted = false; if ($_POST["votingoption"]) { $voteId = intval($_POST["votingoption"]); $query = "SELECT voting_system_id from " . DBPREFIX . "voting_results WHERE id=" . $voteId; $objResult = $objDatabase->SelectLimit($query, 1); if (!$objResult->EOF) { $votingId = $objResult->fields["voting_system_id"]; } $objVoting = $objDatabase->SelectLimit("SELECT submit_check FROM `" . DBPREFIX . "voting_system` WHERE `id`=" . $votingId, 1); if ($objVoting !== false && $objVoting->RecordCount() == 1) { if ($objVoting->fields['submit_check'] == 'email') { $email = contrexx_addslashes($_POST['votingemail']); $objValidator = new \FWValidator(); if ($objValidator->isEmail($email)) { if (!_alreadyVotedWithEmail($votingId, $email)) { if (($msg = VotingSubmitEmail($votingId, $voteId, $email)) === true) { $msg = ''; $voted = true; } else { $msg = $_ARRAYLANG['TXT_VOTING_NONEXISTENT_EMAIL'] . '<br /><br />'; } } else { $msg = $_ARRAYLANG['TXT_VOTING_ALREADY_VOTED'] . '<br /><br />'; } } else { $msg = $_ARRAYLANG['TXT_VOTING_INVALID_EMAIL_ERROR'] . '<br /><br />'; } } else { VotingSubmit(); $voted = true; } } } if ($_GET['vid'] != '' && $_GET['act'] != 'delete') { $query = "SELECT\n\t\t\tid, status,\n\t\t\tdate as datesec, question,\n\t\t\tvotes, submit_check,\n\t\t\tadditional_nickname, additional_forename,\n\t\t\tadditional_surname, additional_phone,\n\t\t\tadditional_street, additional_zip,\n additional_city, additional_email,\n additional_comment\n\n\t\t\tFROM " . DBPREFIX . "voting_system where id=" . intval($_GET['vid']); } else { $query = "SELECT\n\t\t\tid, status,\n\t\t\tdate as datesec, question,\n\t\t\tvotes, submit_check,\n\t\t\tadditional_nickname, additional_forename,\n\t\t\tadditional_surname, additional_phone,\n\t\t\tadditional_street, additional_zip,\n\t\t \tadditional_city, additional_email,\n additional_comment\n\n\t\t\tFROM " . DBPREFIX . "voting_system where status=1"; } $objResult = $objDatabase->Execute($query); if ($objResult->RecordCount() == 0) { // Only show old records when no voting is set available $objTpl->setVariable(array('VOTING_TITLE' => $_ARRAYLANG['TXT_VOTING_NOT_AVAILABLE'], 'VOTING_DATE' => '', 'VOTING_OLDER_TEXT' => '', 'VOTING_OLDER_DATE' => '', 'VOTING_PAGING' => '', 'TXT_DATE' => '', 'TXT_TITLE' => '', 'VOTING_RESULTS_TEXT' => '', 'VOTING_RESULTS_TOTAL_VOTES' => '', 'VOTING_OLDER_TITLE' => $_ARRAYLANG['TXT_VOTING_OLDER'], 'TXT_SUBMIT' => '')); /** start paging **/ $query = "SELECT id, date as datesec, title, votes FROM " . DBPREFIX . "voting_system order by id desc"; $objResult = $objDatabase->SelectLimit($query, 5); $count = $objResult->RecordCount(); $pos = intval($_GET[pos]); if ($count > intval($_CONFIG['corePagingLimit'])) { $paging = getPaging($count, $pos, "§ion=Voting", "<b>" . $_ARRAYLANG['TXT_VOTING_ENTRIES'] . "</b>", true); } /** end paging **/ $query = "SELECT id, date as datesec, title, votes FROM " . DBPREFIX . "voting_system order by id desc "; $objResult = $objDatabase->SelectLimit($query, $_CONFIG['corePagingLimit'], $pos); while (!$objResult->EOF) { $votingid = $objResult->fields['id']; $votingTitle = stripslashes($objResult->fields['title']); $votingVotes = $objResult->fields['votes']; $votingDate = strtotime($objResult->fields['datesec']); if ($i % 2 == 0) { $class = "row2"; } else { $class = "row1"; } $objTpl->setVariable(array('VOTING_OLDER_TEXT' => '<a href="index.php?section=Voting&vid=' . $votingid . '" title="' . $votingTitle . '">' . $votingTitle . '</a>', 'VOTING_OLDER_DATE' => showFormattedDate($votingDate), 'VOTING_VOTING_ID' => $votingid, 'VOTING_LIST_CLASS' => $class, 'VOTING_PAGING' => $paging)); $objTpl->parse("votingRow"); $i++; $objResult->MoveNext(); } } else { if (!$objResult->EOF) { $votingId = $objResult->fields['id']; $votingTitle = stripslashes($objResult->fields['question']); $votingVotes = $objResult->fields['votes']; $votingDate = strtotime($objResult->fields['datesec']); $votingStatus = $objResult->fields['status']; $votingMethod = $objResult->fields['submit_check']; $additional_fields = _create_additional_input_fields($objResult); $objResult->MoveNext(); } else { errorHandling(); return false; } $images = 1; $query = "SELECT id, question, votes FROM " . DBPREFIX . "voting_results WHERE voting_system_id='{$votingId}' ORDER BY id"; $objResult = $objDatabase->Execute($query); while (!$objResult->EOF) { if ($votingStatus == 1 && ($votingMethod == 'email' && !$voted || $votingMethod == 'cookie' && $_COOKIE['votingcookie'] != '1')) { $votingOptionText .= "<div><input type='radio' id='votingoption_" . $objResult->fields['id'] . "' name='votingoption' value='" . $objResult->fields['id'] . "' " . ($_POST["votingoption"] == $objResult->fields['id'] ? 'checked="checked"' : '') . " /> "; $votingOptionText .= "<label for='votingoption_" . $objResult->fields['id'] . "'>" . stripslashes($objResult->fields['question']) . "</label></div>"; } $objResult->MoveNext(); } $votingResultText = _vote_result_html($votingId); if ($votingStatus == 1 && ($votingMethod == 'email' && !$voted || $votingMethod == 'cookie' && $_COOKIE['votingcookie'] != '1')) { $votingVotes = ''; if ($votingMethod == 'email') { $objTpl->setVariable('VOTING_EMAIL', !empty($_POST['votingemail']) ? htmlentities($_POST['votingemail'], ENT_QUOTES) : ''); $objTpl->parse('voting_email_input'); } else { if ($objTpl->blockExists('voting_email_input')) { $objTpl->hideBlock('voting_email_input'); } } $submitbutton = '<input type="submit" value="' . $_ARRAYLANG['TXT_SUBMIT'] . '" name="Submit" />'; } else { if ($objTpl->blockExists('voting_email_input')) { $objTpl->hideBlock('voting_email_input'); } if ($objTpl->blockExists('additional_fields')) { $objTpl->hideBlock('additional_fields'); } $votingVotes = $_ARRAYLANG['TXT_VOTING_TOTAL'] . ":\t" . $votingVotes; $submitbutton = ''; } if (sizeof($additional_fields)) { $objTpl->parse('additional_fields'); foreach ($additional_fields as $field) { list($name, $label, $tag) = $field; $objTpl->setVariable(array('VOTING_ADDITIONAL_INPUT_LABEL' => $label, 'VOTING_ADDITIONAL_INPUT' => $tag, 'VOTING_ADDITIONAL_NAME' => $name)); $objTpl->parse('additional_elements'); } } else { $objTpl->hideBlock('additional_fields'); } $objTpl->setVariable(array('VOTING_MSG' => $msg, 'VOTING_TITLE' => $votingTitle, 'VOTING_DATE' => showFormattedDate($votingDate), 'VOTING_OPTIONS_TEXT' => $votingOptionText, 'VOTING_RESULTS_TEXT' => $votingResultText, 'VOTING_RESULTS_TOTAL_VOTES' => $votingVotes, 'VOTING_OLDER_TITLE' => $_ARRAYLANG['TXT_VOTING_OLDER'], 'TXT_DATE' => $_ARRAYLANG['TXT_DATE'], 'TXT_TITLE' => $_ARRAYLANG['TXT_TITLE'], 'TXT_VOTES' => $_ARRAYLANG['TXT_VOTES'], 'TXT_SUBMIT' => $submitbutton)); // show other Poll entries /** start paging **/ $query = "SELECT id, date as datesec, title, votes FROM " . DBPREFIX . "voting_system WHERE id<>{$votingId} order by id desc"; $objResult = $objDatabase->SelectLimit($query, 5); $count = $objResult->RecordCount(); $pos = intval($_GET[pos]); if ($count > intval($_CONFIG['corePagingLimit'])) { $paging = getPaging($count, $pos, "§ion=Voting", "<b>" . $_ARRAYLANG['TXT_VOTING_ENTRIES'] . "</b>", true); } /** end paging **/ $query = "SELECT id, date as datesec, title, votes FROM " . DBPREFIX . "voting_system WHERE id<>{$votingId} order by id desc "; $objResult = $objDatabase->SelectLimit($query, $_CONFIG['corePagingLimit'], $pos); $objTpl->setVariable(array('VOTING_OLDER_TEXT' => '', 'VOTING_OLDER_DATE' => '', 'VOTING_VOTING_ID' => '', 'VOTING_PAGING' => '', 'TXT_DATE' => '', 'TXT_TITLE' => '')); while (!$objResult->EOF) { $votingid = $objResult->fields['id']; $votingTitle = stripslashes($objResult->fields['title']); $votingVotes = $objResult->fields['votes']; $votingDate = strtotime($objResult->fields['datesec']); if ($i % 2 == 0) { $class = "row2"; } else { $class = "row1"; } $objTpl->setVariable(array('VOTING_OLDER_TEXT' => '<a href="index.php?section=Voting&vid=' . $votingid . '" title="' . $votingTitle . '">' . $votingTitle . '</a>', 'VOTING_OLDER_DATE' => showFormattedDate($votingDate), 'VOTING_VOTING_ID' => $votingid, 'VOTING_LIST_CLASS' => $class, 'VOTING_PAGING' => $paging)); $objTpl->parse("votingRow"); $i++; $objResult->MoveNext(); } } return $objTpl->get(); }
function validateSenderMail() { global $_CORELANG; $objValidator = new FWValidator(); if ($objValidator->isEmail($this->sender_mail)) { return true; } else { $this->error_msg[] = $_CORELANG['TXT_ACCESS_INVALID_SENDER_ADDRESS']; return false; } }
/** * function handling protected link requests * @return void */ function _getPDF() { global $objDatabase, $_ARRAYLANG, $_CONFIG; $objValidator = new FWValidator(); $ids = explode('_', $_GET['id']); $immoID = intval($ids[0]); $fieldID = intval($ids[1]); if (isset($_POST['immo_id'])) { //form was sent $name = !empty($_POST['name']) ? contrexx_addslashes(strip_tags($_POST['name'])) : ''; $firstname = !empty($_POST['firstname']) ? contrexx_addslashes(strip_tags($_POST['firstname'])) : ''; $company = !empty($_POST['company']) ? contrexx_addslashes(strip_tags($_POST['company'])) : ''; $street = !empty($_POST['street']) ? contrexx_addslashes(strip_tags($_POST['street'])) : ''; $zip = !empty($_POST['zip']) ? intval($_POST['zip']) : ''; $location = !empty($_POST['location']) ? contrexx_addslashes(strip_tags($_POST['location'])) : ''; $telephone = !empty($_POST['telephone']) ? contrexx_addslashes(strip_tags($_POST['telephone'])) : ''; $telephone_office = !empty($_POST['telephone_office']) ? contrexx_addslashes(strip_tags($_POST['telephone_office'])) : ''; $telephone_mobile = !empty($_POST['telephone_mobile']) ? contrexx_addslashes(strip_tags($_POST['telephone_mobile'])) : ''; $purchase = isset($_POST['purchase']) ? 1 : 0; $funding = isset($_POST['funding']) ? 1 : 0; $email = !empty($_POST['email']) ? contrexx_addslashes(strip_tags($_POST['email'])) : ''; $comment = !empty($_POST['comment']) ? contrexx_addslashes(strip_tags($_POST['comment'])) : ''; $immoID = !empty($_POST['immo_id']) ? intval($_POST['immo_id']) : ''; $fieldID = !empty($_POST['field_id']) ? intval($_POST['field_id']) : ''; $error = 0; if ($objValidator->isEmail($email)) { if (!empty($name) && !empty($telephone) && !empty($email) && $immoID > 0 && $fieldID > 0) { require_once ASCMS_LIBRARY_PATH . DS . '/phpmailer' . DS . "class.phpmailer.php"; $objRS = $objDatabase->SelectLimit("SELECT email\n FROM " . DBPREFIX . "module_immo_contact\n WHERE immo_id = '{$immoID}'\n AND email = '{$email}'\n AND timestamp > " . (mktime() - 600), 1); if ($objRS->RecordCount() > 0) { $this->_objTpl->setVariable('TXT_IMMO_STATUS', '<span class="errmsg">' . $_ARRAYLANG['TXT_IMMO_ALREADY_SENT_RECENTLY'] . '</span>'); $this->_showContactForm($immoID, $fieldID); return false; } $objRS = $objDatabase->SelectLimit("SELECT fieldvalue\n FROM " . DBPREFIX . "module_immo_content\n WHERE immo_id = '{$immoID}'\n AND field_id = '{$fieldID}'\n AND lang_id = '" . $this->frontLang . "'", 1); if ($objRS) { $link = 'http://' . $_CONFIG['domainUrl'] . str_replace(" ", "%20", $objRS->fields['fieldvalue']); $mailer = new PHPMailer(); $objDatabase->Execute("INSERT INTO " . DBPREFIX . "module_immo_contact\n VALUES\n (NULL, '{$email}', '{$name}', '{$firstname}', '{$street}', '{$zip}', '{$location}', '{$company}', '{$telephone}', '{$telephone_office}', '{$telephone_mobile}', '{$purchase}', '{$funding}', '{$comment}', '{$immoID}', '{$fieldID}', " . mktime() . " )"); $mailer->CharSet = CONTREXX_CHARSET; $mailer->IsHTML(false); $mailer->SetFrom($this->arrSettings['sender_email'], $this->arrSettings['sender_name']); $mailer->Subject = $this->arrSettings['prot_link_message_subject']; $mailer->Body = str_replace('[[IMMO_PROTECTED_LINK]]', $link, $this->arrSettings['prot_link_message_body']) . "\n\n"; $mailer->AddAddress($email); $mailer->Send(); } else { $this->_objTpl->setVariable('TXT_IMMO_STATUS', '<span class="errmsg">DB error.</span>'); } } else { $error = 1; } } else { $error = 1; } if ($error == 1) { $this->_objTpl->setVariable('TXT_IMMO_STATUS', '<span class="errmsg">' . $_ARRAYLANG['TXT_IMMO_MISSIONG_OR_INVALID_FIELDS'] . '</span>'); } else { $this->_objTpl->setVariable('TXT_IMMO_STATUS', '<span class="okmsg">' . $_ARRAYLANG['TXT_IMMO_CONTACT_SUCCESSFUL'] . '</span>'); } } // else { //form was not sent } return $this->_showContactForm($immoID, $fieldID); }
/** * Insert a new comment for a message into database, if the function is activated. Furthermore, all input values are validated. * Sends also the notification mail to the administrator, if it is enabled in options. * * @global ADONewConnection * @global array * @global array */ function addComment() { global $objDatabase, $_ARRAYLANG, $_CONFIG; \Cx\Core\Csrf\Controller\Csrf::check_code(); $this->initUserId(); //Check for activated function if (!$this->_arrSettings['blog_comments_activated']) { $this->_strErrorMessage = $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_ERROR_ACTIVATED']; return; } if ($this->hasUserJustCommented()) { $this->_strErrorMessage = str_replace('[SECONDS]', intval($this->_arrSettings['blog_comments_timeout']), $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_ERROR_TIMEOUT']); return; } //Create validator-object $objValidator = new \FWValidator(); //Get general-input $intMessageId = intval($_POST['frmAddComment_MessageId']); $strSubject = contrexx_addslashes(strip_tags($_POST['frmAddComment_Subject'])); $strComment = \Cx\Core\Wysiwyg\Wysiwyg::prepareBBCodeForDb($_POST['frmAddComment_Comment']); //Get specified-input if ($this->_intCurrentUserId == 0) { $intUserId = 0; $strName = contrexx_addslashes(strip_tags($_POST['frmAddComment_Name'])); $strEMail = contrexx_addslashes(strip_tags($_POST['frmAddComment_EMail'])); $strWWW = contrexx_addslashes(strip_tags($objValidator->getUrl($_POST['frmAddComment_WWW']))); } else { $intUserId = $this->_intCurrentUserId; $strName = ''; $strEMail = ''; $strWWW = ''; } //Get options $intIsActive = intval($this->_arrSettings['blog_comments_autoactivate']); $intIsNotification = intval($this->_arrSettings['blog_comments_notification']); //Validate general-input if ($intMessageId <= 0) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MID']); } if (empty($strSubject)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_SUBJECT']); } if (empty($strComment)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_COMMENT']); } //Validate specified-input if ($this->_intCurrentUserId == 0) { if (empty($strName)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_NAME']); } if (!$objValidator->isEmail($strEMail)) { $this->_strErrorMessage .= $this->getFormError($_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_ADD_EMAIL']); } } $captchaCheck = true; if (!\FWUser::getFWUserObject()->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $captchaCheck = false; } //Now check error-string if (empty($this->_strErrorMessage) && $captchaCheck) { //No errors, insert entry $objDatabase->Execute(' INSERT INTO ' . DBPREFIX . 'module_blog_comments SET message_id = ' . $intMessageId . ', lang_id = ' . $this->_intLanguageId . ', is_active = "' . $intIsActive . '", time_created = ' . time() . ', ip_address = "' . $_SERVER['REMOTE_ADDR'] . '", user_id = ' . $intUserId . ', user_name = "' . $strName . '", user_mail = "' . $strEMail . '", user_www = "' . $strWWW . '", subject = "' . $strSubject . '", comment = "' . $strComment . '" '); //Set a cookie with the current timestamp. Avoids flooding. setcookie('BlogCommentLast', time(), 0, ASCMS_PATH_OFFSET . '/'); $this->_strStatusMessage = $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_SUCCESS']; $this->writeCommentRSS(); if ($intIsNotification) { //Send notification to administrator if (\Env::get('ClassLoader')->loadFile(ASCMS_LIBRARY_PATH . '/phpmailer/class.phpmailer.php')) { $objMail = new \phpmailer(); if ($_CONFIG['coreSmtpServer'] > 0) { if (($arrSmtp = \SmtpSettings::getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } if ($this->_intCurrentUserId > 0) { $objFWUser = \FWUser::getFWUserObject(); $strName = htmlentities($objFWUser->objUser->getUsername(), ENT_QUOTES, CONTREXX_CHARSET); } $strMailSubject = str_replace('[SUBJECT]', $strSubject, $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MAIL_SUBJECT']); $strMailBody = str_replace('[USERNAME]', $strName, $_ARRAYLANG['TXT_BLOG_FRONTEND_DETAILS_COMMENT_INSERT_MAIL_BODY']); $strMailBody = str_replace('[DOMAIN]', ASCMS_PROTOCOL . '://' . $_CONFIG['domainUrl'] . ASCMS_PATH_OFFSET, $strMailBody); $strMailBody = str_replace('[SUBJECT]', $strSubject, $strMailBody); $strMailBody = str_replace('[COMMENT]', $strComment, $strMailBody); $objMail->CharSet = CONTREXX_CHARSET; $objMail->SetFrom($_CONFIG['coreAdminEmail'], $_CONFIG['coreGlobalPageTitle']); $objMail->AddAddress($_CONFIG['coreAdminEmail']); $objMail->Subject = $strMailSubject; $objMail->IsHTML(false); $objMail->Body = $strMailBody; $objMail->Send(); } } } }
/** * Verifies a name/value pair * * May change the value before returning it. * Use the value returned when adding to the form in any case. * @access private * @param string $name The name of the parameter * @param string $value The value of the parameter * @return boolean The verified value on success, * null otherwise */ static function verifyParameter($name, $value) { switch ($name) { // Mandatory case 'ORDERID': if ($value) { return $value; } break; case 'AMOUNT': // Fix cents, like "1.23" to "123" if (preg_match('/\\./', $value)) { $value = intval($value * 100); } if ($value === intval($value)) { return $value; } break; case 'CURRENCY': if (preg_match('/^\\w{3}$/', $value)) { return $value; } break; case 'PSPID': if (preg_match('/.+/', $value)) { return $value; } break; // The above four are needed to form the hash: // The above four are needed to form the hash: case 'SHASIGN': // 40 digit hexadecimal string, like // 4d0a445beac3561528dc26023e9ecb2d38fadc61 if (preg_match('/^[0-9a-f]{40}$/i', $value)) { return $value; } case 'LANGUAGE': if (preg_match('/^\\w{2}(?:_\\w{2})?$/', $value)) { return $value; } break; case 'OPERATION': if ($value == 'RES' || $value == 'SAL') { return $value; } break; case 'ACCEPTURL': case 'DECLINEURL': case 'EXCEPTIONURL': case 'CANCELURL': case 'BACKURL': // if (FWValidator::isUri($value)) return $value; // *SHOULD* verify the URIs, but the expression is not fit if ($value) { return $value; } break; // Optional // optional customer details, highly recommended for fraud prevention: see chapter 5.2 // Optional // optional customer details, highly recommended for fraud prevention: see chapter 5.2 case 'CN': case 'OWNERADDRESS': case 'OWNERCTY': case 'OWNERZIP': case 'OWNERTOWN': case 'OWNERTELNO': case 'COM': if (preg_match('/.*/', $value)) { return $value; } break; case 'EMAIL': if (FWValidator::isEmail($value)) { return $value; } break; case 'PMLIST': if (preg_match('/.*/', $value)) { return $value; } break; case 'WIN3DS': if ($value == 'MAINW' || ($value = 'POPUP')) { return $value; } break; // post payment parameters: see chapter 8.2 // post payment parameters: see chapter 8.2 case 'COMPLUS': if (preg_match('/.*/', $value)) { return $value; } break; case 'PARAMPLUS': if (preg_match('/.*/', $value)) { return $value; } break; // post payment parameters: see chapter 8.3 // post payment parameters: see chapter 8.3 case 'PARAMVAR': if (preg_match('/.*/', $value)) { return $value; } break; // optional operation field: see chapter 9.2 // optional operation field: see chapter 9.2 case 'operation': if ($value == 'RES' || $value == 'SAL') { return $value; } break; // layout information: see chapter 7.1 // layout information: see chapter 7.1 case 'TITLE': case 'BGCOLOR': case 'TXTCOLOR': case 'TBLBGCOLOR': case 'TBLTXTCOLOR': case 'BUTTONBGCOLOR': case 'BUTTONTXTCOLOR': case 'LOGO': case 'FONTTYPE': return $value; // dynamic template page: see chapter 7.2 // dynamic template page: see chapter 7.2 case 'TP': if (preg_match('/.+/', $value)) { return $value; } break; // Alias details: see Alias Management documentation // Alias details: see Alias Management documentation case 'ALIAS': if (strlen($value) <= 40) { return $value; } break; case 'ALIASUSAGE': if (strlen($value) <= 255) { return $value; } break; case 'ALIASOPERATION': // Valid values: BYMERCHANT (or empty), BYPSP if ($value == '' || $value == 'BYMERCHANT' || $value == 'BYPSP') { return $value; } break; // Contrexx does not yet supply nor support the following: // payment methods/page specifics: see chapter 9.1 // Contrexx does not yet supply nor support the following: // payment methods/page specifics: see chapter 9.1 case 'PM': case 'BRAND': case 'PMLISTTYPE': // link to your website: see chapter 8.1 // link to your website: see chapter 8.1 case 'HOMEURL': case 'CATALOGURL': // optional extra login field: see chapter 9.3 // optional extra login field: see chapter 9.3 case 'USERID': break; } self::$arrError[] = "Unknown or unsupported field '{$name}' (value '{$value}')"; return null; }
/** * checks input */ function checkInput() { global $_ARRAYLANG; $objValidator = new \FWValidator(); $captchaCheck = true; $_POST['forename'] = strip_tags(contrexx_stripslashes($_POST['forename'])); $_POST['name'] = strip_tags(contrexx_stripslashes($_POST['name'])); $_POST['comment'] = htmlentities(strip_tags(contrexx_stripslashes($_POST['comment'])), ENT_QUOTES, CONTREXX_CHARSET); $_POST['location'] = strip_tags(contrexx_stripslashes($_POST['location'])); $_POST['email'] = strip_tags(contrexx_stripslashes($_POST['email'])); $_POST['url'] = strip_tags(contrexx_stripslashes($_POST['url'])); if (!\FWUser::getFWUserObject()->objUser->login() && !\Cx\Core_Modules\Captcha\Controller\Captcha::getInstance()->check()) { $captchaCheck = false; } if (empty($_POST['name']) || empty($_POST['forename'])) { $this->makeError($_ARRAYLANG['TXT_NAME']); } if (empty($_POST['comment'])) { $this->makeError($_ARRAYLANG['TXT_COMMENT']); } if (empty($_POST['malefemale'])) { $this->makeError($_ARRAYLANG['TXT_SEX']); } if (empty($_POST['location'])) { $this->makeError($_ARRAYLANG['TXT_LOCATION']); } if (!$objValidator->isEmail($_POST['email'])) { $this->makeError($_ARRAYLANG['TXT_EMAIL']); } if (empty($this->error) && $captchaCheck) { return true; } else { return false; } }
/** * Save the registration * * @param array $data posted data from the form * * @return boolean true if the registration saved, false otherwise */ function save($data) { global $objDatabase, $objInit, $_LANGID; /* foreach ($this->form->inputfields as $key => $arrInputfield) { if($arrInputfield['type'] == 'selectBillingAddress') { $affiliationStatus = $data['registrationField'][$arrInputfield['id']]; } } */ foreach ($this->form->inputfields as $key => $arrInputfield) { /* if($affiliationStatus == 'sameAsContact') { if($arrInputfield['required'] == 1 && empty($data['registrationField'][$arrInputfield['id']]) && $arrInputfield['affiliation'] != 'billing') { return false; } if($arrInputfield['required'] == 1 && $arrInputfield['type'] == 'mail' && $arrInputfield['affiliation'] != 'billing') { $objValidator = new FWValidator(); if(!$objValidator->isEmail($data['registrationField'][$arrInputfield['id']])) { return false; } } } else { */ if ($arrInputfield['required'] == 1 && empty($data['registrationField'][$arrInputfield['id']])) { return false; } if ($arrInputfield['required'] == 1 && $arrInputfield['type'] == 'mail') { $objValidator = new \FWValidator(); if (!$objValidator->isEmail($data['registrationField'][$arrInputfield['id']])) { return false; } } /* } */ } $regId = intval($data['regid']); $eventId = intval($data['id']); $formId = intval($data['form']); $eventDate = intval($data['date']); $userId = intval($data['userid']); $objEvent = new \Cx\Modules\Calendar\Controller\CalendarEvent($eventId); if ($objEvent->seriesStatus && $objEvent->independentSeries) { $eventDate = isset($data['registrationEventDate']) ? contrexx_input2int($data['registrationEventDate']) : $eventDate; $endDate = new \DateTime(); $endDate->modify('+10 years'); $eventManager = new CalendarEventManager(null, $endDate); $eventManager->getEvent($objEvent, $eventDate, true); $objEvent = $eventManager->eventList[0]; if (empty($objEvent)) { return false; } } $query = ' SELECT `id` FROM `' . DBPREFIX . 'module_' . $this->moduleTablePrefix . '_registration_form_field` WHERE `form` = ' . $formId . ' AND `type` = "seating" LIMIT 1 '; $objResult = $objDatabase->Execute($query); $numSeating = intval($data['registrationField'][$objResult->fields['id']]); $type = empty($regId) && intval($objEvent->getFreePlaces() - $numSeating) < 0 ? 2 : (isset($data['registrationType']) ? intval($data['registrationType']) : 1); $this->saveIn = intval($type); $paymentMethod = intval($data['paymentMethod']); $paid = intval($data['paid']); $hostName = 0; $ipAddress = 0; $key = $this->generateKey(); if ($regId == 0) { $submissionDate = $this->getDbDateTimeFromIntern($this->getInternDateTimeFromUser()); $query = 'INSERT INTO ' . DBPREFIX . 'module_' . $this->moduleTablePrefix . '_registration SET `event_id` = ' . $eventId . ', `submission_date` = "' . $submissionDate->format('Y-m-d H:i:s') . '", `date` = ' . $eventDate . ', `host_name` = "' . $hostName . '", `ip_address` = "' . $ipAddress . '", `type` = ' . $type . ', `key` = "' . $key . '", `user_id` = ' . $userId . ', `lang_id` = ' . $_LANGID . ', `export` = 0, `payment_method` = ' . $paymentMethod . ', `paid` = ' . $paid . ' '; $objResult = $objDatabase->Execute($query); if ($objResult !== false) { $this->id = $objDatabase->Insert_ID(); } else { return false; } } else { $query = 'UPDATE `' . DBPREFIX . 'module_' . $this->moduleTablePrefix . '_registration` SET `event_id` = ' . $eventId . ', `date` = ' . $eventDate . ', `host_name` = ' . $hostName . ', `ip_address` = ' . $ipAddress . ', `key` = "' . $key . '", `user_id` = ' . $userId . ', `type` = ' . $type . ', `lang_id` = ' . $_LANGID . ', `payment_method` = ' . $paymentMethod . ', `paid` = ' . $paid . ' WHERE `id` = ' . $regId; $objResult = $objDatabase->Execute($query); if ($objResult === false) { return false; } } if ($regId != 0) { $this->id = $regId; $deleteQuery = 'DELETE FROM ' . DBPREFIX . 'module_' . $this->moduleTablePrefix . '_registration_form_field_value WHERE `reg_id` = ' . $this->id; $objDeleteResult = $objDatabase->Execute($deleteQuery); if ($objDeleteResult === false) { return false; } } foreach ($this->form->inputfields as $key => $arrInputfield) { $value = $data['registrationField'][$arrInputfield['id']]; $id = $arrInputfield['id']; if (is_array($value)) { $subvalue = array(); foreach ($value as $key => $element) { if (!empty($data['registrationFieldAdditional'][$id][$element - 1])) { $subvalue[] = $element . '[[' . $data['registrationFieldAdditional'][$id][$element - 1] . ']]'; } else { $subvalue[] = $element; } } $value = join(",", $subvalue); } else { if (isset($data['registrationFieldAdditional'][$id][$value - 1])) { $value = $value . "[[" . $data['registrationFieldAdditional'][$id][$value - 1] . "]]"; } } $query = 'INSERT INTO ' . DBPREFIX . 'module_' . $this->moduleTablePrefix . '_registration_form_field_value (`reg_id`, `field_id`, `value`) VALUES (' . $this->id . ', ' . $id . ', "' . contrexx_input2db($value) . '")'; $objResult = $objDatabase->Execute($query); if ($objResult === false) { return false; } } if ($objInit->mode == 'frontend') { $objMailManager = new \Cx\Modules\Calendar\Controller\CalendarMailManager(); $templateId = $objEvent->emailTemplate[FRONTEND_LANG_ID]; $objMailManager->sendMail($objEvent, \Cx\Modules\Calendar\Controller\CalendarMailManager::MAIL_CONFIRM_REG, $this->id, $templateId); $objMailManager->sendMail($objEvent, \Cx\Modules\Calendar\Controller\CalendarMailManager::MAIL_ALERT_REG, $this->id); } return true; }
function _profile() { global $_ARRAYLANG, $objDatabase; $this->_objTpl->setTemplate($this->pageContent); $showForm = true; $arrStatusMessage = array('ok' => array(), 'error' => array()); $isNewsletterRecipient = false; $isAccessRecipient = false; $recipientId = 0; $recipientEmail = ''; $recipientUri = ''; $recipientSex = ''; $recipientSalutation = 0; $recipientTitle = ''; $recipientPosition = ''; $recipientIndustrySector = ''; $recipientPhoneMobile = ''; $recipientPhonePrivate = ''; $recipientFax = ''; $recipientNotes = ''; $recipientLastname = ''; $recipientFirstname = ''; $recipientCompany = ''; $recipientAddress = ''; $recipientZip = ''; $recipientCity = ''; $recipientCountry = ''; $recipientPhoneOffice = ''; $recipientBirthday = ''; $recipientLanguage = ''; $recipientStatus = 0; $requestedMail = isset($_GET['mail']) ? contrexx_input2raw(urldecode($_GET['mail'])) : (isset($_POST['mail']) ? contrexx_input2raw($_POST['mail']) : ''); $arrAssociatedLists = array(); $arrPreAssociatedInactiveLists = array(); $code = isset($_REQUEST['code']) ? contrexx_addslashes($_REQUEST['code']) : ''; if (!empty($code) && !empty($requestedMail)) { $objRecipient = $objDatabase->SelectLimit("SELECT accessUserID\n FROM " . DBPREFIX . "module_newsletter_access_user AS nu\n INNER JOIN " . DBPREFIX . "access_users AS au ON au.id=nu.accessUserID\n WHERE nu.code='" . $code . "'\n AND email='" . contrexx_raw2db($requestedMail) . "'", 1); if ($objRecipient && $objRecipient->RecordCount() == 1) { $objUser = \FWUser::getFWUserObject()->objUser->getUser($objRecipient->fields['accessUserID']); if ($objUser) { $recipientId = $objUser->getId(); $isAccessRecipient = true; //$arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } else { $objRecipient = $objDatabase->SelectLimit("SELECT id FROM " . DBPREFIX . "module_newsletter_user WHERE status=1 AND code='" . $code . "' AND email='" . contrexx_raw2db($requestedMail) . "'", 1); if ($objRecipient && $objRecipient->RecordCount() == 1) { $recipientId = $objRecipient->fields['id']; $isNewsletterRecipient = true; } } } else { if (\FWUser::getFWUserObject()->objUser->login()) { $objUser = \FWUser::getFWUserObject()->objUser; $recipientId = $objUser->getId(); $isAccessRecipient = true; //$arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } // Get interface settings $objInterface = $objDatabase->Execute('SELECT `setvalue` FROM `' . DBPREFIX . 'module_newsletter_settings` WHERE `setname` = "recipient_attribute_status"'); $recipientAttributeStatus = json_decode($objInterface->fields['setvalue'], true); if (isset($_POST['recipient_save'])) { if (isset($_POST['email'])) { $recipientEmail = $_POST['email']; } if (isset($_POST['website'])) { $recipientUri = $_POST['website']; } if (isset($_POST['sex'])) { $recipientSex = in_array($_POST['sex'], array('f', 'm')) ? $_POST['sex'] : ''; } if (isset($_POST['salutation'])) { // TODO: use FWUSER $arrRecipientTitles = $this->_getRecipientTitles(); $recipientSalutation = in_array($_POST['salutation'], array_keys($arrRecipientTitles)) ? intval($_POST['salutation']) : 0; } if (isset($_POST['title'])) { $recipientTitle = $_POST['title']; } if (isset($_POST['lastname'])) { $recipientLastname = $_POST['lastname']; } if (isset($_POST['firstname'])) { $recipientFirstname = $_POST['firstname']; } if (isset($_POST['position'])) { $recipientPosition = $_POST['position']; } if (isset($_POST['company'])) { $recipientCompany = $_POST['company']; } if (isset($_POST['industry_sector'])) { $recipientIndustrySector = $_POST['industry_sector']; } if (isset($_POST['address'])) { $recipientAddress = $_POST['address']; } if (isset($_POST['zip'])) { $recipientZip = $_POST['zip']; } if (isset($_POST['city'])) { $recipientCity = $_POST['city']; } if (isset($_POST['newsletter_country_id'])) { $recipientCountry = $_POST['newsletter_country_id']; } if (isset($_POST['phone_office'])) { $recipientPhoneOffice = $_POST['phone_office']; } if (isset($_POST['phone_private'])) { $recipientPhonePrivate = $_POST['phone_private']; } if (isset($_POST['phone_mobile'])) { $recipientPhoneMobile = $_POST['phone_mobile']; } if (isset($_POST['fax'])) { $recipientFax = $_POST['fax']; } if (isset($_POST['day']) && isset($_POST['month']) && isset($_POST['year'])) { $recipientBirthday = str_pad(intval($_POST['day']), 2, '0', STR_PAD_LEFT) . '-' . str_pad(intval($_POST['month']), 2, '0', STR_PAD_LEFT) . '-' . intval($_POST['year']); } if (isset($_POST['language'])) { $recipientLanguage = $_POST['language']; } if (isset($_POST['notes'])) { $recipientNotes = $_POST['notes']; } if (isset($_POST['list'])) { foreach ($_POST['list'] as $listId => $status) { if (intval($status) == 1) { array_push($arrAssociatedLists, intval($listId)); } } } elseif (!$recipientId) { // Signup request where no recipient list had been selected // check if the user didn't select any list or if there is non or just 1 recipient list visible and was therefore not visible for the user to select // only show newsletter-lists that are visible for new users (not yet registered ones) $excludeDisabledLists = 1; $arrLists = self::getLists($excludeDisabledLists); switch (count($arrLists)) { case 0: // no active lists > ok break; case 1: // only 1 list is active, therefore no list was visible for selection -> let's signup the new recipient to this very list $arrAssociatedLists = array_keys($arrLists); break; default: // more than one list is active, therefore the user would have been able to select his preferred lists. // however, the fact that we landed in this case is that the user didn't make any selection at all. // so lets be it like that > the user won't be subscribed to any list break; } } if (!$isAccessRecipient) { // add or update existing newsletter recipient (for access user see ELSE case) $arrPreAssociatedInactiveLists = $this->_getAssociatedListsOfRecipient($recipientId, false); $arrAssociatedInactiveLists = array_intersect($arrPreAssociatedInactiveLists, $arrAssociatedLists); $objValidator = new \FWValidator(); if ($objValidator->isEmail($recipientEmail)) { // Let's check if a user account with the provided email address is already present // Important: we must check only for active accounts (active => 1), otherwise we'll send a notification e-mail // to a user that won't be able to active himself due to his account's inactive state. // TODO: implement feature $objUser = null; //FWUser::getFWUserObject()->objUser->getUsers(array('email' => $recipientEmail, 'active' => 1)); if (false && $objUser) { // there is already a user account present by the same email address as the one submitted by the user // TODO: send notification e-mail about existing e-mail account // Important: We must output the same status message as if the user has been newly added! // This shall prevent email-address-crawling-bots from detecting existing e-mail accounts. array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { if ($this->_validateRecipientAttributes($recipientAttributeStatus, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientBirthday)) { if ($this->_isUniqueRecipientEmail($recipientEmail, $recipientId)) { if (!empty($arrAssociatedInactiveLists) || !empty($arrAssociatedLists) && ($objList = $objDatabase->SelectLimit('SELECT id FROM ' . DBPREFIX . 'module_newsletter_category WHERE status=1 AND (id=' . implode(' OR id=', $arrAssociatedLists) . ')', 1)) && $objList->RecordCount() > 0) { if ($recipientId > 0) { if ($this->_updateRecipient($recipientAttributeStatus, $recipientId, $recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, 1, $arrAssociatedLists, $recipientLanguage)) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_YOUR_DATE_SUCCESSFULLY_UPDATED']); $showForm = false; } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_UPDATE_YOUR_DATA']); } } else { if ($this->_addRecipient($recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, $recipientStatus, $arrAssociatedLists, $recipientLanguage)) { if ($this->_sendAuthorizeEmail($recipientEmail, $recipientSex, $recipientSalutation, $recipientFirstname, $recipientLastname)) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { $objDatabase->Execute("DELETE tblU, tblR FROM " . DBPREFIX . "module_newsletter_user AS tblU, " . DBPREFIX . "module_newsletter_rel_user_cat AS tblR WHERE tblU.email='" . contrexx_addslashes($recipientEmail) . "' AND tblR.user = tblU.id"); array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIPTION_CANCELED_BY_EMAIL']); } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_ADDING_YOU']); } } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_MUST_SELECT_LIST']); } } elseif (empty($recipientId)) { // We must send a new confirmation e-mail here // otherwise someone could reactivate someone else's e-mail address // It could be that a user who has unsubscribed himself from the newsletter system (recipient = deactivated) would like to subscribe the newsletter again. // Therefore, lets see if we can find a recipient by the specified e-mail address that has been deactivated (status=0) $objRecipient = $objDatabase->SelectLimit("SELECT id, language, notes FROM " . DBPREFIX . "module_newsletter_user WHERE email='" . contrexx_input2db($recipientEmail) . "' AND status=0", 1); if ($objRecipient && !$objRecipient->EOF) { $recipientId = $objRecipient->fields['id']; $recipientLanguage = $objRecipient->fields['language']; // Important: We intentionally do not load existing recipient list associations, due to the fact that the user most likely had // himself been unsubscribed from the newsletter system some time in the past. Therefore the user most likey does not want // to be subscribed to any lists more than to those he just selected $arrAssociatedLists = array_unique($arrAssociatedLists); $this->_setRecipientLists($recipientId, $arrAssociatedLists); // Important: We do not update the recipient's profile data here by the reason that we can't verify the recipient's identity at this point! if ($this->_sendAuthorizeEmail($recipientEmail, $recipientSex, $recipientSalutation, $recipientFirstname, $recipientLastname)) { // Important: We must output the same status message as if the user has been newly added! // This shall prevent email-address-crawling-bots from detecting existing e-mail accounts. array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBE_OK']); $showForm = false; } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_FAILED_ADDING_YOU']); array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIPTION_CANCELED_BY_EMAIL']); } } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_SUBSCRIBER_ALREADY_INSERTED']); } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_MANDATORY_FIELD_ERROR']); } } } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NOT_VALID_EMAIL']); } } else { // update subscribed lists of access user $arrAssociatedLists = array_unique($arrAssociatedLists); $objUser->setSubscribedNewsletterListIDs($arrAssociatedLists); if ($objUser->store()) { array_push($arrStatusMessage['ok'], $_ARRAYLANG['TXT_NEWSLETTER_YOUR_DATE_SUCCESSFULLY_UPDATED']); $showForm = false; } else { $arrStatusMessage['error'] = array_merge($arrStatusMessage['error'], $objUser->getErrorMsg()); } } } elseif ($isNewsletterRecipient) { $objRecipient = $objDatabase->SelectLimit("SELECT uri, sex, salutation, title, lastname, firstname, position, company, industry_sector, address, zip, city, country_id, phone_office, phone_private, phone_mobile, fax, notes, birthday, status, language FROM " . DBPREFIX . "module_newsletter_user WHERE id=" . $recipientId, 1); if ($objRecipient !== false && $objRecipient->RecordCount() == 1) { $recipientEmail = urldecode($_REQUEST['mail']); $recipientUri = $objRecipient->fields['uri']; $recipientSex = $objRecipient->fields['sex']; $recipientSalutation = $objRecipient->fields['salutation']; $recipientTitle = $objRecipient->fields['title']; $recipientLastname = $objRecipient->fields['lastname']; $recipientFirstname = $objRecipient->fields['firstname']; $recipientPosition = $objRecipient->fields['position']; $recipientCompany = $objRecipient->fields['company']; $recipientIndustrySector = $objRecipient->fields['industry_sector']; $recipientAddress = $objRecipient->fields['address']; $recipientZip = $objRecipient->fields['zip']; $recipientCity = $objRecipient->fields['city']; $recipientCountry = $objRecipient->fields['country_id']; $recipientPhoneOffice = $objRecipient->fields['phone_office']; $recipientPhonePrivate = $objRecipient->fields['phone_private']; $recipientPhoneMobile = $objRecipient->fields['phone_mobile']; $recipientFax = $objRecipient->fields['fax']; $recipientBirthday = $objRecipient->fields['birthday']; $recipientLanguage = $objRecipient->fields['language']; $recipientNotes = $objRecipient->fields['notes']; $arrAssociatedLists = $this->_getAssociatedListsOfRecipient($recipientId, false); $arrPreAssociatedInactiveLists = $this->_getAssociatedListsOfRecipient($recipientId, false); } else { array_push($arrStatusMessage['error'], $_ARRAYLANG['TXT_NEWSLETTER_AUTHENTICATION_FAILED']); $showForm = false; } } elseif ($isAccessRecipient) { $objUser = \FWUser::getFWUserObject()->objUser->getUser($recipientId); if ($objUser) { $arrAssociatedLists = $objUser->getSubscribedNewsletterListIDs(); $arrPreAssociatedInactiveLists = $objUser->getSubscribedNewsletterListIDs(); } } $this->_createDatesDropdown($recipientBirthday); if (count($arrStatusMessage['ok']) > 0) { $this->_objTpl->setVariable('NEWSLETTER_OK_MESSAGE', implode('<br />', $arrStatusMessage['ok'])); $this->_objTpl->parse('newsletter_ok_message'); } else { $this->_objTpl->hideBlock('newsletter_ok_message'); } if (count($arrStatusMessage['error']) > 0) { $this->_objTpl->setVariable('NEWSLETTER_ERROR_MESSAGE', implode('<br />', $arrStatusMessage['error'])); $this->_objTpl->parse('newsletter_error_message'); } else { $this->_objTpl->hideBlock('newsletter_error_message'); } $languages = '<select name="language" class="selectLanguage" id="language" >'; $objLanguage = $objDatabase->Execute("SELECT id, name FROM " . DBPREFIX . "languages WHERE frontend = 1 ORDER BY name"); $languages .= '<option value="0">' . $_ARRAYLANG['TXT_NEWSLETTER_LANGUAGE_PLEASE_CHOSE'] . '</option>'; while (!$objLanguage->EOF) { $selected = $objLanguage->fields['id'] == $recipientLanguage ? 'selected' : ''; $languages .= '<option value="' . $objLanguage->fields['id'] . '" ' . $selected . '>' . contrexx_raw2xhtml($objLanguage->fields['name']) . '</option>'; $objLanguage->MoveNext(); } $languages .= '</select>'; if ($showForm) { if ($isAccessRecipient) { if ($this->_objTpl->blockExists('recipient_profile')) { $this->_objTpl->hideBlock('recipient_profile'); } } else { //display settings recipient profile detials $recipientAttributesArray = array('recipient_sex', 'recipient_salutation', 'recipient_title', 'recipient_firstname', 'recipient_lastname', 'recipient_position', 'recipient_company', 'recipient_industry', 'recipient_address', 'recipient_city', 'recipient_zip', 'recipient_country', 'recipient_phone', 'recipient_private', 'recipient_mobile', 'recipient_fax', 'recipient_birthday', 'recipient_website'); foreach ($recipientAttributesArray as $attribute) { if ($this->_objTpl->blockExists($attribute)) { if ($recipientAttributeStatus[$attribute]['active']) { $this->_objTpl->touchBlock($attribute); $this->_objTpl->setVariable(array('NEWSLETTER_' . strtoupper($attribute) . '_MANDATORY' => $recipientAttributeStatus[$attribute]['required'] ? '*' : '')); } else { $this->_objTpl->hideBlock($attribute); } } } $this->_objTpl->setVariable(array('NEWSLETTER_EMAIL' => htmlentities($recipientEmail, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_WEBSITE' => htmlentities($recipientUri, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_SEX_F' => $recipientSex == 'f' ? 'checked="checked"' : '', 'NEWSLETTER_SEX_M' => $recipientSex == 'm' ? 'checked="checked"' : '', 'NEWSLETTER_SALUTATION' => $this->_getRecipientTitleMenu($recipientSalutation, 'name="salutation" size="1"'), 'NEWSLETTER_TITLE' => htmlentities($recipientTitle, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_LASTNAME' => htmlentities($recipientLastname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_FIRSTNAME' => htmlentities($recipientFirstname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_POSITION' => htmlentities($recipientPosition, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_COMPANY' => htmlentities($recipientCompany, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_INDUSTRY_SECTOR' => htmlentities($recipientIndustrySector, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_ADDRESS' => htmlentities($recipientAddress, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_ZIP' => htmlentities($recipientZip, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_CITY' => htmlentities($recipientCity, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_COUNTRY' => $this->getCountryMenu($recipientCountry, $recipientAttributeStatus['recipient_country']['active'] && $recipientAttributeStatus['recipient_country']['required']), 'NEWSLETTER_PHONE' => htmlentities($recipientPhoneOffice, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_PHONE_PRIVATE' => htmlentities($recipientPhonePrivate, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_PHONE_MOBILE' => htmlentities($recipientPhoneMobile, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_FAX' => htmlentities($recipientFax, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_NOTES' => htmlentities($recipientNotes, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_LANGUAGE' => $languages)); $this->_objTpl->setVariable(array('TXT_NEWSLETTER_EMAIL_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_EMAIL_ADDRESS'], 'TXT_NEWSLETTER_SALUTATION' => $_ARRAYLANG['TXT_NEWSLETTER_SALUTATION'], 'TXT_NEWSLETTER_SEX' => $_ARRAYLANG['TXT_NEWSLETTER_SEX'], 'TXT_NEWSLETTER_FEMALE' => $_ARRAYLANG['TXT_NEWSLETTER_FEMALE'], 'TXT_NEWSLETTER_MALE' => $_ARRAYLANG['TXT_NEWSLETTER_MALE'], 'TXT_NEWSLETTER_TITLE' => $_ARRAYLANG['TXT_NEWSLETTER_TITLE'], 'TXT_NEWSLETTER_LASTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_LASTNAME'], 'TXT_NEWSLETTER_FIRSTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_FIRSTNAME'], 'TXT_NEWSLETTER_POSITION' => $_ARRAYLANG['TXT_NEWSLETTER_POSITION'], 'TXT_NEWSLETTER_COMPANY' => $_ARRAYLANG['TXT_NEWSLETTER_COMPANY'], 'TXT_NEWSLETTER_INDUSTRY_SECTOR' => $_ARRAYLANG['TXT_NEWSLETTER_INDUSTRY_SECTOR'], 'TXT_NEWSLETTER_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_ADDRESS'], 'TXT_NEWSLETTER_ZIP' => $_ARRAYLANG['TXT_NEWSLETTER_ZIP'], 'TXT_NEWSLETTER_CITY' => $_ARRAYLANG['TXT_NEWSLETTER_CITY'], 'TXT_NEWSLETTER_COUNTRY' => $_ARRAYLANG['TXT_NEWSLETTER_COUNTRY'], 'TXT_NEWSLETTER_PHONE_PRIVATE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_PRIVATE'], 'TXT_NEWSLETTER_PHONE_MOBILE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_MOBILE'], 'TXT_NEWSLETTER_FAX' => $_ARRAYLANG['TXT_NEWSLETTER_FAX'], 'TXT_NEWSLETTER_PHONE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE'], 'TXT_NEWSLETTER_NOTES' => $_ARRAYLANG['TXT_NEWSLETTER_NOTES'], 'TXT_NEWSLETTER_BIRTHDAY' => $_ARRAYLANG['TXT_NEWSLETTER_BIRTHDAY'], 'TXT_NEWSLETTER_LANGUAGE' => $_ARRAYLANG['TXT_NEWSLETTER_LANGUAGE'], 'TXT_NEWSLETTER_WEBSITE' => $_ARRAYLANG['TXT_NEWSLETTER_WEBSITE'], 'TXT_NEWSLETTER_RECIPIENT_DATE' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_DATE'], 'TXT_NEWSLETTER_RECIPIENT_MONTH' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_MONTH'], 'TXT_NEWSLETTER_RECIPIENT_YEAR' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_YEAR'])); if ($this->_objTpl->blockExists('recipient_profile')) { $this->_objTpl->parse('recipient_profile'); } } // only show newsletter-lists that are visible for new users (not yet registered ones) $excludeDisabledLists = $recipientId == 0; $arrLists = self::getLists($excludeDisabledLists); if ($this->_objTpl->blockExists('newsletter_lists')) { switch (count($arrLists)) { case 0: // no lists are active, therefore we shall not try to parse any non existing list // no lists are active, therefore we shall not try to parse any non existing list case 1: // only one list is active, therefore we will not parse any list and will automatically subscribe the user to this very list if (!$isAccessRecipient) { $this->_objTpl->hideBlock('newsletter_lists'); break; } default: foreach ($arrLists as $listId => $arrList) { if ($arrList['status'] || in_array($listId, $arrPreAssociatedInactiveLists)) { $this->_objTpl->setVariable(array('NEWSLETTER_LIST_ID' => $listId, 'NEWSLETTER_LIST_NAME' => contrexx_raw2xhtml($arrList['name']), 'NEWSLETTER_LIST_SELECTED' => in_array($listId, $arrAssociatedLists) ? 'checked="checked"' : '')); $this->_objTpl->parse('newsletter_list'); } } $this->_objTpl->setVariable(array('TXT_NEWSLETTER_LISTS' => $_ARRAYLANG['TXT_NEWSLETTER_LISTS'])); $this->_objTpl->parse('newsletter_lists'); break; } } $this->_objTpl->setVariable(array('NEWSLETTER_PROFILE_MAIL' => contrexx_raw2xhtml($requestedMail), 'NEWSLETTER_USER_CODE' => $code, 'TXT_NEWSLETTER_SAVE' => $_ARRAYLANG['TXT_NEWSLETTER_SAVE'])); $this->_objTpl->parse('newsletterForm'); } else { $this->_objTpl->hideBlock('newsletterForm'); } }
function _editUser() { global $objDatabase, $_ARRAYLANG, $_CORELANG; $activeFrontendlang = \FWLanguage::getActiveFrontendLanguages(); $copy = isset($_REQUEST['copy']) && $_REQUEST['copy'] == 1; $recipientId = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; $recipientEmail = ''; $recipientUri = ''; $recipientSex = ''; $recipientSalutation = 0; $recipientTitle = ''; $recipientPosition = ''; $recipientIndustrySector = ''; $recipientPhoneMobile = ''; $recipientPhonePrivate = ''; $recipientFax = ''; $recipientNotes = ''; $recipientLastname = ''; $recipientFirstname = ''; $recipientCompany = ''; $recipientAddress = ''; $recipientZip = ''; $recipientCity = ''; $recipientCountry = ''; $recipientPhoneOffice = ''; $recipientBirthday = ''; $recipientLanguage = count($activeFrontendlang) == 1 ? key($activeFrontendlang) : ''; $recipientStatus = isset($_POST['newsletter_recipient_status']) ? 1 : (empty($_POST) ? 1 : 0); $arrAssociatedLists = array(); $recipientSendEmailId = isset($_POST['sendEmail']) ? intval($_POST['sendEmail']) : 0; $recipientSendMailDisplay = false; if (isset($_POST['newsletter_recipient_email'])) { $recipientEmail = $_POST['newsletter_recipient_email']; } if (isset($_POST['newsletter_recipient_uri'])) { $recipientUri = $_POST['newsletter_recipient_uri']; } if (isset($_POST['newsletter_recipient_sex'])) { $recipientSex = in_array($_POST['newsletter_recipient_sex'], array('f', 'm')) ? $_POST['newsletter_recipient_sex'] : ''; } if (isset($_POST['newsletter_recipient_salutation'])) { // TODO: use FWUSER $arrRecipientSalutation = $this->_getRecipientTitles(); $recipientSalutation = in_array($_POST['newsletter_recipient_salutation'], array_keys($arrRecipientSalutation)) ? intval($_POST['newsletter_recipient_salutation']) : 0; } if (isset($_POST['newsletter_recipient_lastname'])) { $recipientLastname = $_POST['newsletter_recipient_lastname']; } if (isset($_POST['newsletter_recipient_firstname'])) { $recipientFirstname = $_POST['newsletter_recipient_firstname']; } if (isset($_POST['newsletter_recipient_company'])) { $recipientCompany = $_POST['newsletter_recipient_company']; } if (isset($_POST['newsletter_recipient_address'])) { $recipientAddress = $_POST['newsletter_recipient_address']; } if (isset($_POST['newsletter_recipient_zip'])) { $recipientZip = $_POST['newsletter_recipient_zip']; } if (isset($_POST['newsletter_recipient_city'])) { $recipientCity = $_POST['newsletter_recipient_city']; } if (isset($_POST['newsletter_country_id'])) { $recipientCountry = $_POST['newsletter_country_id']; } if (isset($_POST['newsletter_recipient_phone_office'])) { $recipientPhoneOffice = $_POST['newsletter_recipient_phone_office']; } if (isset($_POST['newsletter_recipient_notes'])) { $recipientNotes = $_POST['newsletter_recipient_notes']; } if (isset($_POST['day']) && isset($_POST['month']) && isset($_POST['year'])) { $recipientBirthday = str_pad(intval($_POST['day']), 2, '0', STR_PAD_LEFT) . '-' . str_pad(intval($_POST['month']), 2, '0', STR_PAD_LEFT) . '-' . intval($_POST['year']); } if (isset($_POST['newsletter_recipient_title'])) { $recipientTitle = $_POST['newsletter_recipient_title']; } if (isset($_POST['newsletter_recipient_position'])) { $recipientPosition = $_POST['newsletter_recipient_position']; } if (isset($_POST['newsletter_recipient_industry_sector'])) { $recipientIndustrySector = $_POST['newsletter_recipient_industry_sector']; } if (isset($_POST['newsletter_recipient_phone_mobile'])) { $recipientPhoneMobile = $_POST['newsletter_recipient_phone_mobile']; } if (isset($_POST['newsletter_recipient_phone_private'])) { $recipientPhonePrivate = $_POST['newsletter_recipient_phone_private']; } if (isset($_POST['newsletter_recipient_fax'])) { $recipientFax = $_POST['newsletter_recipient_fax']; } if (isset($_POST['language'])) { $recipientLanguage = $_POST['language']; } if (isset($_POST['newsletter_recipient_associated_list'])) { foreach ($_POST['newsletter_recipient_associated_list'] as $listId => $status) { if (intval($status) == 1) { array_push($arrAssociatedLists, intval($listId)); } } } // Get interface settings $objInterface = $objDatabase->Execute('SELECT `setvalue` FROM `' . DBPREFIX . 'module_newsletter_settings` WHERE `setname` = "recipient_attribute_status"'); $recipientAttributeStatus = json_decode($objInterface->fields['setvalue'], true); if (isset($_POST['newsletter_recipient_save'])) { $objValidator = new \FWValidator(); if ($objValidator->isEmail($recipientEmail)) { if ($this->_validateRecipientAttributes($recipientAttributeStatus, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientBirthday)) { if ($this->_isUniqueRecipientEmail($recipientEmail, $recipientId, $copy)) { //reset the $recipientId on copy function $recipientId = $copy ? 0 : $recipientId; if ($recipientId > 0) { if ($this->_updateRecipient($recipientAttributeStatus, $recipientId, $recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, $recipientStatus, $arrAssociatedLists, $recipientLanguage)) { self::$strOkMessage .= $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_UPDATED_SUCCESSFULLY']; return $this->_userList(); } else { // fall back to old recipient id, if any error occurs on copy $recipientId = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; self::$strErrMessage .= $_ARRAYLANG['TXT_NEWSLETTER_ERROR_UPDATE_RECIPIENT']; } } else { if ($this->_addRecipient($recipientEmail, $recipientUri, $recipientSex, $recipientSalutation, $recipientTitle, $recipientLastname, $recipientFirstname, $recipientPosition, $recipientCompany, $recipientIndustrySector, $recipientAddress, $recipientZip, $recipientCity, $recipientCountry, $recipientPhoneOffice, $recipientPhonePrivate, $recipientPhoneMobile, $recipientFax, $recipientNotes, $recipientBirthday, $recipientStatus, $arrAssociatedLists, $recipientLanguage)) { if (!empty($recipientSendEmailId)) { $objRecipient = $objDatabase->SelectLimit("SELECT id FROM " . DBPREFIX . "module_newsletter_user WHERE email='" . contrexx_input2db($recipientEmail) . "'", 1); $recipientId = $objRecipient->fields['id']; $this->insertTmpEmail($recipientSendEmailId, $recipientEmail, self::USER_TYPE_NEWSLETTER); // setting TmpEntry=1 will set the newsletter status=1, this will force an imediate stop in the newsletter send procedere. if ($this->SendEmail($recipientId, $recipientSendEmailId, $recipientEmail, 1, self::USER_TYPE_NEWSLETTER) == false) { // fall back to old recipient id, if any error occurs on copy $recipientId = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; self::$strErrMessage .= $_ARRAYLANG['TXT_SENDING_MESSAGE_ERROR']; } else { $objRecipientCount = $objDatabase->execute('SELECT subject FROM ' . DBPREFIX . 'module_newsletter WHERE id=' . intval($recipientSendEmailId)); $newsTitle = $objRecipientCount->fields['subject']; // TODO: Unused // $objUpdateCount = $objDatabase->execute(' UPDATE ' . DBPREFIX . 'module_newsletter SET recipient_count = recipient_count+1 WHERE id=' . intval($recipientSendEmailId)); self::$strOkMessage .= sprintf($_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_MAIL_SEND_SUCCESSFULLY'] . '<br />', '<strong>' . $newsTitle . '</strong>'); } } self::$strOkMessage .= $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_SAVED_SUCCESSFULLY']; return $this->_userList(); } else { // fall back to old recipient id, if any error occurs on copy $recipientId = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; self::$strErrMessage .= $_ARRAYLANG['TXT_NEWSLETTER_ERROR_SAVE_RECIPIENT']; } } } elseif (empty($recipientId)) { $objRecipient = $objDatabase->SelectLimit("SELECT id, language, status, notes FROM " . DBPREFIX . "module_newsletter_user WHERE email='" . contrexx_input2db($recipientEmail) . "'", 1); $recipientId = $objRecipient->fields['id']; $recipientLanguage = $objRecipient->fields['language']; $recipientStatus = $objRecipient->fields['status']; $recipientNotes = !empty($objRecipient->fields['notes']) ? $objRecipient->fields['notes'] . ' ' . $recipientNotes : $recipientNotes; $objList = $objDatabase->Execute("SELECT category FROM " . DBPREFIX . "module_newsletter_rel_user_cat WHERE user="******"SELECT id FROM " . DBPREFIX . "module_newsletter_user WHERE email='" . contrexx_input2db($recipientEmail) . "' AND id!=" . ($copy ? 0 : $recipientId), 1); self::$strErrMessage .= sprintf($_ARRAYLANG['TXT_NEWSLETTER_ERROR_EMAIL_ALREADY_EXISTS'], '<a href="index.php?cmd=Newsletter&act=users&tpl=edit&id=' . $objResult->fields['id'] . '" target="_blank">' . $_ARRAYLANG['TXT_NEWSLETTER_ERROR_EMAIL_ALREADY_EXISTS_CLICK_HERE'] . '</a>'); } } else { self::$strErrMessage .= $_ARRAYLANG['TXT_NEWSLETTER_MANDATORY_FIELD_ERROR']; } } else { self::$strErrMessage .= $_ARRAYLANG['TXT_NEWSLETTER_INVALIDE_EMAIL_ADDRESS']; } } elseif ($recipientId > 0) { $objRecipient = $objDatabase->SelectLimit("SELECT email, uri, sex, salutation, title, lastname, firstname, position, company, industry_sector, address, zip, city, country_id, phone_office, phone_private, phone_mobile, fax, notes, birthday, status, language FROM " . DBPREFIX . "module_newsletter_user WHERE id=" . $recipientId, 1); if ($objRecipient !== false && $objRecipient->RecordCount() == 1) { $recipientEmail = $objRecipient->fields['email']; $recipientUri = $objRecipient->fields['uri']; $recipientSex = $objRecipient->fields['sex']; $recipientSalutation = $objRecipient->fields['salutation']; $recipientTitle = $objRecipient->fields['title']; $recipientLastname = $objRecipient->fields['lastname']; $recipientFirstname = $objRecipient->fields['firstname']; $recipientPosition = $objRecipient->fields['position']; $recipientCompany = $objRecipient->fields['company']; $recipientIndustrySector = $objRecipient->fields['industry_sector']; $recipientAddress = $objRecipient->fields['address']; $recipientZip = $objRecipient->fields['zip']; $recipientCity = $objRecipient->fields['city']; $recipientCountry = $objRecipient->fields['country_id']; $recipientPhoneOffice = $objRecipient->fields['phone_office']; $recipientPhonePrivate = $objRecipient->fields['phone_private']; $recipientPhoneMobile = $objRecipient->fields['phone_mobile']; $recipientFax = $objRecipient->fields['fax']; $recipientBirthday = $objRecipient->fields['birthday']; $recipientLanguage = $objRecipient->fields['language']; $recipientStatus = $objRecipient->fields['status']; $recipientNotes = $objRecipient->fields['notes']; $objList = $objDatabase->Execute("SELECT category FROM " . DBPREFIX . "module_newsletter_rel_user_cat WHERE user="******"checked"' : '')); $this->_objTpl->parse('newsletter_mail_associated_list_' . $column); $listNr++; } if (count($activeFrontendlang) > 1) { foreach ($activeFrontendlang as $lang) { $selected = $lang['id'] == $recipientLanguage ? 'selected="selected"' : ''; $this->_objTpl->setVariable(array('NEWSLETTER_LANGUAGE_ID' => contrexx_raw2xhtml($lang['id']), 'NEWSLETTER_LANGUAGE_NAME' => contrexx_raw2xhtml($lang['name']), 'NEWSLETTER_LANGUAGES_SELECTED' => $selected)); $this->_objTpl->parse('languages'); } $languageOptionDisplay = true; } else { $this->_objTpl->hideBlock('languageOption'); } if (empty($recipientId) || $copy) { $objNewsletterMails = $objDatabase->Execute('SELECT id, subject FROM ' . DBPREFIX . 'module_newsletter ORDER BY status, id DESC'); while (!$objNewsletterMails->EOF) { $selected = $recipientSendEmailId == $objNewsletterMails->fields['id'] ? 'selected="selected"' : ''; $this->_objTpl->setVariable(array('NEWSLETTER_EMAIL_ID' => contrexx_raw2xhtml($objNewsletterMails->fields['id']), 'NEWSLETTER_EMAIL_NAME' => contrexx_raw2xhtml($objNewsletterMails->fields['subject']), 'NEWSLETTER_EMAIL_SELECTED' => $selected)); $this->_objTpl->parse('allMails'); $objNewsletterMails->MoveNext(); } $recipientSendMailDisplay = true; } else { $this->_objTpl->hideBlock('sendEmail'); } // Display settings recipient general attributes $sendMailRowClass = $languageOptionDisplay ? 'row2' : 'row1'; if ($languageOptionDisplay && $recipientSendMailDisplay) { $associatedListRowClass = 'row1'; } elseif ($languageOptionDisplay || $recipientSendMailDisplay) { $associatedListRowClass = 'row2'; } else { $associatedListRowClass = 'row1'; } $recipientNotesRowClass = $associatedListRowClass == 'row1' ? 'row2' : 'row1'; $this->_objTpl->setVariable(array('NEWSLETTER_SEND_EMAIL_ROWCLASS' => $sendMailRowClass, 'NEWSLETTER_ASSOCIATED_LISTS_ROWCLASS' => $associatedListRowClass, 'NEWSLETTER_NOTES_ROWCLASS' => $recipientNotesRowClass)); //display settings recipient profile detials $recipientAttributeDisplay = false; foreach ($recipientAttributeStatus as $value) { if ($value['active']) { $recipientAttributeDisplay = true; break; } } $profileRowCount = 0; $recipientAttributesArray = array('recipient_sex', 'recipient_salutation', 'recipient_title', 'recipient_firstname', 'recipient_lastname', 'recipient_position', 'recipient_company', 'recipient_industry', 'recipient_address', 'recipient_city', 'recipient_zip', 'recipient_country', 'recipient_phone', 'recipient_private', 'recipient_mobile', 'recipient_fax', 'recipient_birthday', 'recipient_website'); if ($recipientAttributeDisplay) { foreach ($recipientAttributesArray as $attribute) { if ($recipientAttributeStatus[$attribute]['active'] && $this->_objTpl->blockExists($attribute)) { $this->_objTpl->touchBlock($attribute); $this->_objTpl->setVariable(array('NEWSLETTER_' . strtoupper($attribute) . '_ROW_CLASS' => $profileRowCount % 2 == 0 ? 'row2' : 'row1', 'NEWSLETTER_' . strtoupper($attribute) . '_MANDATORY' => $recipientAttributeStatus[$attribute]['required'] ? '*' : '')); $profileRowCount++; } else { $this->_objTpl->hideBlock($attribute); } } } else { $this->_objTpl->hideBlock('recipientProfileAttributes'); } $filterParams = (!empty($_GET['newsletterListId']) ? '&newsletterListId=' . contrexx_input2raw($_GET['newsletterListId']) : '') . (!empty($_GET['filterkeyword']) ? '&filterkeyword=' . contrexx_input2raw($_GET['filterkeyword']) : '') . (!empty($_GET['filterattribute']) ? '&filterattribute=' . contrexx_input2raw($_GET['filterattribute']) : '') . (!empty($_GET['filterStatus']) ? '&filterStatus=' . contrexx_input2raw($_GET['filterStatus']) : ''); $this->_objTpl->setVariable(array('NEWSLETTER_RECIPIENT_ID' => $recipientId, 'NEWSLETTER_RECIPIENT_EMAIL' => htmlentities($recipientEmail, ENT_QUOTES, CONTREXX_CHARSET), 'TXT_NEWSLETTER_STATUS' => $_ARRAYLANG['TXT_NEWSLETTER_STATUS'], 'TXT_NEWSLETTER_LANGUAGE' => $_ARRAYLANG['TXT_NEWSLETTER_LANGUAGE'], 'TXT_NEWSLETTER_SEND_EMAIL' => $_ARRAYLANG['TXT_NEWSLETTER_SEND_EMAIL'], 'TXT_NEWSLETTER_ASSOCIATED_LISTS' => $_ARRAYLANG['TXT_NEWSLETTER_ASSOCIATED_LISTS'], 'TXT_NEWSLETTER_NOTES' => $_ARRAYLANG['TXT_NEWSLETTER_NOTES'], 'TXT_NEWSLETTER_PROFILE' => $_ARRAYLANG['TXT_NEWSLETTER_PROFILE'], 'TXT_NEWSLETTER_POSITION' => $_ARRAYLANG['TXT_NEWSLETTER_POSITION'], 'TXT_NEWSLETTER_INDUSTRY_SECTOR' => $_ARRAYLANG['TXT_NEWSLETTER_INDUSTRY_SECTOR'], 'TXT_NEWSLETTER_PHONE_MOBILE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_MOBILE'], 'TXT_NEWSLETTER_PHONE_PRIVATE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE_PRIVATE'], 'TXT_NEWSLETTER_FAX' => $_ARRAYLANG['TXT_NEWSLETTER_FAX'], 'NEWSLETTER_RECIPIENT_STATUS' => $recipientStatus == '1' ? 'checked="checked"' : '', 'NEWSLETTER_RECIPIENT_NOTES' => htmlentities($recipientNotes, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_URI' => htmlentities($recipientUri, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_FEMALE' => $recipientSex == 'f' ? 'checked="checked"' : '', 'NEWSLETTER_RECIPIENT_MALE' => $recipientSex == 'm' ? 'checked="checked"' : '', 'NEWSLETTER_RECIPIENT_SALUTATION' => $this->_getRecipientTitleMenu($recipientSalutation, 'name="newsletter_recipient_salutation" style="width:296px" size="1"'), 'NEWSLETTER_RECIPIENT_TITLE' => htmlentities($recipientTitle, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_FIRSTNAME' => htmlentities($recipientFirstname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_LASTNAME' => htmlentities($recipientLastname, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_POSITION' => htmlentities($recipientPosition, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_COMPANY' => htmlentities($recipientCompany, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_INDUSTRY_SECTOR' => htmlentities($recipientIndustrySector, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_ADDRESS' => htmlentities($recipientAddress, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_ZIP' => htmlentities($recipientZip, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_CITY' => htmlentities($recipientCity, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_COUNTRY' => $this->getCountryMenu($recipientCountry, $recipientAttributeStatus['recipient_country']['active'] && $recipientAttributeStatus['recipient_country']['required']), 'NEWSLETTER_RECIPIENT_PHONE' => htmlentities($recipientPhoneOffice, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_PHONE_MOBILE' => htmlentities($recipientPhoneMobile, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_PHONE_PRIVATE' => htmlentities($recipientPhonePrivate, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_FAX' => htmlentities($recipientFax, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_BIRTHDAY' => htmlentities($recipientBirthday, ENT_QUOTES, CONTREXX_CHARSET), 'NEWSLETTER_RECIPIENT_COPY' => $copy ? 1 : 0, 'TXT_NEWSLETTER_EMAIL_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_EMAIL_ADDRESS'], 'TXT_NEWSLETTER_WEBSITE' => $_ARRAYLANG['TXT_NEWSLETTER_WEBSITE'], 'TXT_NEWSLETTER_SALUTATION' => $_ARRAYLANG['TXT_NEWSLETTER_SALUTATION'], 'TXT_NEWSLETTER_TITLE' => $_ARRAYLANG['TXT_NEWSLETTER_TITLE'], 'TXT_NEWSLETTER_SEX' => $_ARRAYLANG['TXT_NEWSLETTER_SEX'], 'TXT_NEWSLETTER_FEMALE' => $_ARRAYLANG['TXT_NEWSLETTER_FEMALE'], 'TXT_NEWSLETTER_MALE' => $_ARRAYLANG['TXT_NEWSLETTER_MALE'], 'TXT_NEWSLETTER_LASTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_LASTNAME'], 'TXT_NEWSLETTER_FIRSTNAME' => $_ARRAYLANG['TXT_NEWSLETTER_FIRSTNAME'], 'TXT_NEWSLETTER_COMPANY' => $_ARRAYLANG['TXT_NEWSLETTER_COMPANY'], 'TXT_NEWSLETTER_ADDRESS' => $_ARRAYLANG['TXT_NEWSLETTER_ADDRESS'], 'TXT_NEWSLETTER_ZIP' => $_ARRAYLANG['TXT_NEWSLETTER_ZIP'], 'TXT_NEWSLETTER_CITY' => $_ARRAYLANG['TXT_NEWSLETTER_CITY'], 'TXT_NEWSLETTER_COUNTRY' => $_ARRAYLANG['TXT_NEWSLETTER_COUNTRY'], 'TXT_NEWSLETTER_PHONE' => $_ARRAYLANG['TXT_NEWSLETTER_PHONE'], 'TXT_NEWSLETTER_BIRTHDAY' => $_ARRAYLANG['TXT_NEWSLETTER_BIRTHDAY'], 'TXT_NEWSLETTER_SAVE' => $_ARRAYLANG['TXT_NEWSLETTER_SAVE'], 'TXT_CANCEL' => $_CORELANG['TXT_CANCEL'], 'TXT_NEWSLETTER_DO_NOT_SEND_EMAIL' => $_ARRAYLANG['TXT_NEWSLETTER_DO_NOT_SEND_EMAIL'], 'TXT_NEWSLETTER_INFO_ABOUT_SEND_EMAIL' => $_ARRAYLANG['TXT_NEWSLETTER_INFO_ABOUT_SEND_EMAIL'], 'TXT_NEWSLETTER_RECIPIENT_DATE' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_DATE'], 'TXT_NEWSLETTER_RECIPIENT_MONTH' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_MONTH'], 'TXT_NEWSLETTER_RECIPIENT_YEAR' => $_ARRAYLANG['TXT_NEWSLETTER_RECIPIENT_YEAR'], 'NEWSLETTER_FILTER_PARAMS' => $filterParams)); $this->_objTpl->parse('module_newsletter_user_edit'); return true; }
function send() { global $objDatabase, $_ARRAYLANG, $_CONFIG; $this->_objTpl->setTemplate($this->pageContent); // Initialize variables $code = substr(md5(rand()), 1, 10); $url = \Cx\Core\Routing\Url::fromModuleAndCmd('Ecard', 'show', '', array('code' => $code))->toString(); // Initialize POST variables $id = intval($_POST['selectedEcard']); $message = contrexx_addslashes($_POST['ecardMessage']); $recipientSalutation = contrexx_stripslashes($_POST['ecardRecipientSalutation']); $senderName = contrexx_stripslashes($_POST['ecardSenderName']); $senderEmail = \FWValidator::isEmail($_POST['ecardSenderEmail']) ? $_POST['ecardSenderEmail'] : ''; $recipientName = contrexx_stripslashes($_POST['ecardRecipientName']); $recipientEmail = \FWValidator::isEmail($_POST['ecardRecipientEmail']) ? $_POST['ecardRecipientEmail'] : ''; if (empty($senderEmail) || empty($recipientEmail)) { $this->_objTpl->setVariable(array('STATUS_MESSAGE' => $_ARRAYLANG['TXT_ECARD_SENDING_ERROR'])); return false; } $query = "\n SELECT `setting_name`, `setting_value`\n FROM " . DBPREFIX . "module_ecard_settings"; $objResult = $objDatabase->Execute($query); while (!$objResult->EOF) { switch ($objResult->fields['setting_name']) { case 'validdays': $validdays = $objResult->fields['setting_value']; break; // Never used // case 'greetings': // $greetings = $objResult->fields['setting_value']; // break; // Never used // case 'greetings': // $greetings = $objResult->fields['setting_value']; // break; case 'subject': $subject = $objResult->fields['setting_value']; break; case 'emailText': $emailText = strip_tags($objResult->fields['setting_value']); break; } $objResult->MoveNext(); } $timeToLife = $validdays * 86400; // Replace placeholders with used in notification mail with user data $emailText = str_replace('[[ECARD_RECIPIENT_SALUTATION]]', $recipientSalutation, $emailText); $emailText = str_replace('[[ECARD_RECIPIENT_NAME]]', $recipientName, $emailText); $emailText = str_replace('[[ECARD_RECIPIENT_EMAIL]]', $recipientEmail, $emailText); $emailText = str_replace('[[ECARD_SENDER_NAME]]', $senderName, $emailText); $emailText = str_replace('[[ECARD_SENDER_EMAIL]]', $senderEmail, $emailText); $emailText = str_replace('[[ECARD_VALID_DAYS]]', $validdays, $emailText); $emailText = str_replace('[[ECARD_URL]]', $url, $emailText); $body = $emailText; // Insert ecard to DB $query = "\n INSERT INTO `" . DBPREFIX . "module_ecard_ecards` (\n code, date, TTL, salutation,\n senderName, senderEmail,\n recipientName, recipientEmail,\n message\n ) VALUES (\n '" . $code . "',\n '" . time() . "',\n '" . $timeToLife . "',\n '" . addslashes($recipientSalutation) . "',\n '" . addslashes($senderName) . "',\n '" . $senderEmail . "',\n '" . addslashes($recipientName) . "',\n '" . $recipientEmail . "',\n '" . $message . "');"; if ($objDatabase->Execute($query)) { $query = "\n SELECT setting_value\n FROM " . DBPREFIX . "module_ecard_settings\n WHERE setting_name='motive_{$id}'"; $objResult = $objDatabase->SelectLimit($query, 1); // Copy motive to new file with $code as filename $fileExtension = preg_replace('/^.+(\\.[^\\.]+)$/', '$1', $objResult->fields['setting_value']); $fileName = $objResult->fields['setting_value']; $objFile = new \File(); if ($objFile->copyFile(ASCMS_ECARD_OPTIMIZED_PATH . '/', $fileName, ASCMS_ECARD_SEND_ECARDS_PATH . '/', $code . $fileExtension)) { $objMail = new \phpmailer(); // Check e-mail settings if ($_CONFIG['coreSmtpServer'] > 0 && @(include_once ASCMS_CORE_PATH . '/SmtpSettings.class.php')) { $objSmtpSettings = new \SmtpSettings(); if (($arrSmtp = $objSmtpSettings->getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } // Send notification mail to ecard-recipient $objMail->CharSet = CONTREXX_CHARSET; $objMail->SetFrom($senderEmail, $senderName); $objMail->Subject = $subject; $objMail->IsHTML(false); $objMail->Body = $body; $objMail->AddAddress($recipientEmail); if ($objMail->Send()) { $this->_objTpl->setVariable(array('STATUS_MESSAGE' => $_ARRAYLANG['TXT_ECARD_HAS_BEEN_SENT'])); } else { $this->_objTpl->setVariable(array('STATUS_MESSAGE' => $_ARRAYLANG['TXT_ECARD_MAIL_SENDING_ERROR'])); } } } else { $this->_objTpl->setVariable(array('STATUS_MESSAGE' => $_ARRAYLANG['TXT_ECARD_SENDING_ERROR'])); } }
/** * creates the upload page for the frontend */ private function uploadPage() { global $_ARRAYLANG, $objDatabase, $_CONFIG; $params = $this->objUrl->getParamArray(); // the upload is finished and the script has to send a mail and assign the expiration dates if (!empty($this->files) && $_POST["accept_terms"]) { // set expiration time $cmd = \Env::get("Resolver")->getCmd(); if ($cmd != "downloads") { $expiration_date = date("Y-m-d H:i:s", time() + $_POST["expiration"]); $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `expiration_date` = '" . contrexx_raw2db($expiration_date) . "' WHERE `upload_id` = '" . intval($params["uploadId"]) . "'"); } // send the mail to the reciever if (\FWValidator::isEmail($_POST["email"])) { parent::sendMail($params["uploadId"], $_POST["subject"], array($_POST["email"]), $_POST["message"]); } // send the mail to the administrator parent::sendMail($params["uploadId"], null, array($_CONFIG['coreAdminEmail']), $_POST["message"]); // reset the upload id so the uploads are invisible now $objDatabase->Execute("UPDATE " . DBPREFIX . "module_filesharing SET `upload_id` = NULL WHERE `upload_id` = " . intval($params["uploadId"])); $this->getFileList(); } else { $this->getForm(); } // set the template-variables for the expiration dates foreach ($_ARRAYLANG["TXT_FILESHARING_EXPIRATION_DATES"] as $placeholder => $value) { $this->objTemplate->setVariable(strtoupper($placeholder), $value); } }
/** * Validate an E-mail address * * @param string unvalidated email string * @return boolean * @access public */ function isEmail($email) { require_once ASCMS_FRAMEWORK_PATH . '/Validator.class.php'; return FWValidator::isEmail($email); }
/** * Sends an email with the contact details to the responsible persons * * This methode sends an email to all email addresses that are defined in the * option "Receiver address(es)" of the requested contact form. * @access private * @global array * @global array * @param array Details of the contact request * @see _getEmailAdressOfString(), phpmailer::From, phpmailer::FromName, phpmailer::AddReplyTo(), phpmailer::Subject, phpmailer::IsHTML(), phpmailer::Body, phpmailer::AddAddress(), phpmailer::Send(), phpmailer::ClearAddresses() */ private function sendMail($arrFormData) { global $_ARRAYLANG, $_CONFIG; $plaintextBody = ''; $replyAddress = ''; $firstname = ''; $lastname = ''; $senderName = ''; $isHtml = $arrFormData['htmlMail'] == 1 ? true : false; // stop send process in case no real data had been submitted if (!isset($arrFormData['data']) && !isset($arrFormData['uploadedFiles'])) { return false; } // check if we shall send the email as multipart (text/html) if ($isHtml) { // setup html mail template $objTemplate = new \Cx\Core\Html\Sigma('.'); $objTemplate->setErrorHandling(PEAR_ERROR_DIE); $objTemplate->setTemplate($arrFormData['mailTemplate']); $objTemplate->setVariable(array('DATE' => date(ASCMS_DATE_FORMAT, $arrFormData['meta']['time']), 'HOSTNAME' => contrexx_raw2xhtml($arrFormData['meta']['host']), 'IP_ADDRESS' => contrexx_raw2xhtml($arrFormData['meta']['ipaddress']), 'BROWSER_LANGUAGE' => contrexx_raw2xhtml($arrFormData['meta']['lang']), 'BROWSER_VERSION' => contrexx_raw2xhtml($arrFormData['meta']['browser']))); } // TODO: check if we have to excape $arrRecipients later in the code $arrRecipients = $this->getRecipients(intval($_GET['cmd'])); // calculate the longest field label. // this will be used to correctly align all user submitted data in the plaintext e-mail // TODO: check if the label of upload-fields are taken into account as well $maxlength = 0; foreach ($arrFormData['fields'] as $arrField) { $length = strlen($arrField['lang'][FRONTEND_LANG_ID]['name']); $maxlength = $maxlength < $length ? $length : $maxlength; } // try to fetch a user submitted e-mail address to which we will send a copy to if (!empty($arrFormData['fields'])) { foreach ($arrFormData['fields'] as $fieldId => $arrField) { // check if field validation is set to e-mail if ($arrField['check_type'] == '2') { $mail = trim($arrFormData['data'][$fieldId]); if (\FWValidator::isEmail($mail)) { $replyAddress = $mail; break; } } if ($arrField['type'] == 'special') { switch ($arrField['special_type']) { case 'access_firstname': $firstname = trim($arrFormData['data'][$fieldId]); break; case 'access_lastname': $lastname = trim($arrFormData['data'][$fieldId]); break; default: break; } } } } if ($arrFormData['useEmailOfSender'] == 1 && (!empty($firstname) || !empty($lastname))) { $senderName = trim($firstname . ' ' . $lastname); } else { $senderName = $_CONFIG['coreGlobalPageTitle']; } // a recipient mail address which has been picked by sender $chosenMailRecipient = null; // fill the html and plaintext body with the submitted form data foreach ($arrFormData['fields'] as $fieldId => $arrField) { if ($fieldId == 'unique_id') { //generated for uploader. no interesting mail content. continue; } $htmlValue = ''; $plaintextValue = ''; $textAreaKeys = array(); switch ($arrField['type']) { case 'label': case 'fieldset': // TODO: parse TH row instead // TODO: parse TH row instead case 'horizontalLine': // TODO: add visual horizontal line // we need to use a 'continue 2' here to first break out of the switch and then move over to the next iteration of the foreach loop continue 2; break; case 'file': case 'multi_file': $htmlValue = ""; $plaintextValue = ""; if (isset($arrFormData['uploadedFiles'][$fieldId])) { $htmlValue = "<ul>"; foreach ($arrFormData['uploadedFiles'][$fieldId] as $file) { $htmlValue .= "<li><a href='" . ASCMS_PROTOCOL . "://" . $_CONFIG['domainUrl'] . \Env::get('cx')->getWebsiteOffsetPath() . contrexx_raw2xhtml($file['path']) . "' >" . contrexx_raw2xhtml($file['name']) . "</a></li>"; $plaintextValue .= ASCMS_PROTOCOL . "://" . $_CONFIG['domainUrl'] . \Env::get('cx')->getWebsiteOffsetPath() . $file['path'] . "\r\n"; } $htmlValue .= "</ul>"; } break; case 'checkbox': $plaintextValue = !empty($arrFormData['data'][$fieldId]) ? $_ARRAYLANG['TXT_CONTACT_YES'] : $_ARRAYLANG['TXT_CONTACT_NO']; $htmlValue = $plaintextValue; break; case 'recipient': // TODO: check for XSS $plaintextValue = $arrRecipients[$arrFormData['data'][$fieldId]]['lang'][FRONTEND_LANG_ID]; $htmlValue = $plaintextValue; $chosenMailRecipient = $arrRecipients[$arrFormData['data'][$fieldId]]['email']; break; case 'textarea': //we need to know all textareas - they're indented differently then the rest of the other field types $textAreaKeys[] = $fieldId; default: $plaintextValue = isset($arrFormData['data'][$fieldId]) ? $arrFormData['data'][$fieldId] : ''; $htmlValue = contrexx_raw2xhtml($plaintextValue); break; } $fieldLabel = $arrField['lang'][FRONTEND_LANG_ID]['name']; // try to fetch an e-mail address from submitted form date in case we were unable to fetch one from an input type with e-mail validation if (empty($replyAddress)) { $mail = $this->_getEmailAdressOfString($plaintextValue); if (\FWValidator::isEmail($mail)) { $replyAddress = $mail; } } // parse html body if ($isHtml) { if (!empty($htmlValue)) { if ($objTemplate->blockExists('field_' . $fieldId)) { // parse field specific template block $objTemplate->setVariable(array('FIELD_' . $fieldId . '_LABEL' => contrexx_raw2xhtml($fieldLabel), 'FIELD_' . $fieldId . '_VALUE' => $htmlValue)); $objTemplate->parse('field_' . $fieldId); } elseif ($objTemplate->blockExists('form_field')) { // parse regular field template block $objTemplate->setVariable(array('FIELD_LABEL' => contrexx_raw2xhtml($fieldLabel), 'FIELD_VALUE' => $htmlValue)); $objTemplate->parse('form_field'); } } elseif ($objTemplate->blockExists('field_' . $fieldId)) { // hide field specific template block, if present $objTemplate->hideBlock('field_' . $fieldId); } } // parse plaintext body $tabCount = $maxlength - strlen($fieldLabel); $tabs = $tabCount == 0 ? 1 : $tabCount + 1; // TODO: what is this all about? - $value is undefined if ($arrFormData['fields'][$fieldId]['type'] == 'recipient') { $value = $arrRecipients[$value]['lang'][FRONTEND_LANG_ID]; } if (in_array($fieldId, $textAreaKeys)) { // we're dealing with a textarea, don't indent value $plaintextBody .= $fieldLabel . ":\n" . $plaintextValue . "\n"; } else { $plaintextBody .= $fieldLabel . str_repeat(" ", $tabs) . ": " . $plaintextValue . "\n"; } } $arrSettings = $this->getSettings(); // TODO: this is some fixed plaintext message data -> must be ported to html body $message = $_ARRAYLANG['TXT_CONTACT_TRANSFERED_DATA_FROM'] . " " . $_CONFIG['domainUrl'] . "\n\n"; if ($arrSettings['fieldMetaDate']) { $message .= $_ARRAYLANG['TXT_CONTACT_DATE'] . " " . date(ASCMS_DATE_FORMAT, $arrFormData['meta']['time']) . "\n\n"; } $message .= $plaintextBody . "\n\n"; if ($arrSettings['fieldMetaHost']) { $message .= $_ARRAYLANG['TXT_CONTACT_HOSTNAME'] . " : " . contrexx_raw2xhtml($arrFormData['meta']['host']) . "\n"; } if ($arrSettings['fieldMetaIP']) { $message .= $_ARRAYLANG['TXT_CONTACT_IP_ADDRESS'] . " : " . contrexx_raw2xhtml($arrFormData['meta']['ipaddress']) . "\n"; } if ($arrSettings['fieldMetaLang']) { $message .= $_ARRAYLANG['TXT_CONTACT_BROWSER_LANGUAGE'] . " : " . contrexx_raw2xhtml($arrFormData['meta']['lang']) . "\n"; } $message .= $_ARRAYLANG['TXT_CONTACT_BROWSER_VERSION'] . " : " . contrexx_raw2xhtml($arrFormData['meta']['browser']) . "\n"; if (@(include_once \Env::get('cx')->getCodeBaseLibraryPath() . '/phpmailer/class.phpmailer.php')) { $objMail = new \phpmailer(); if ($_CONFIG['coreSmtpServer'] > 0 && @(include_once \Env::get('cx')->getCodeBaseCorePath() . '/SmtpSettings.class.php')) { if (($arrSmtp = \SmtpSettings::getSmtpAccount($_CONFIG['coreSmtpServer'])) !== false) { $objMail->IsSMTP(); $objMail->Host = $arrSmtp['hostname']; $objMail->Port = $arrSmtp['port']; $objMail->SMTPAuth = true; $objMail->Username = $arrSmtp['username']; $objMail->Password = $arrSmtp['password']; } } $objMail->CharSet = CONTREXX_CHARSET; $objMail->From = $_CONFIG['coreAdminEmail']; $objMail->FromName = $senderName; if (!empty($replyAddress)) { $objMail->AddReplyTo($replyAddress); if ($arrFormData['sendCopy'] == 1) { $objMail->AddAddress($replyAddress); } if ($arrFormData['useEmailOfSender'] == 1) { $objMail->From = $replyAddress; } } $objMail->Subject = $arrFormData['subject']; if ($isHtml) { $objMail->Body = $objTemplate->get(); $objMail->AltBody = $message; } else { $objMail->IsHTML(false); $objMail->Body = $message; } // attach submitted files to email if (count($arrFormData['uploadedFiles']) > 0 && $arrFormData['sendAttachment'] == 1) { foreach ($arrFormData['uploadedFiles'] as $arrFilesOfField) { foreach ($arrFilesOfField as $file) { $objMail->AddAttachment(\Env::get('cx')->getWebsiteDocumentRootPath() . $file['path'], $file['name']); } } } if ($chosenMailRecipient !== null) { if (!empty($chosenMailRecipient)) { $objMail->AddAddress($chosenMailRecipient); $objMail->Send(); $objMail->ClearAddresses(); } } else { foreach ($arrFormData['emails'] as $sendTo) { if (!empty($sendTo)) { $objMail->AddAddress($sendTo); $objMail->Send(); $objMail->ClearAddresses(); } } } } return true; }
/** * Returns true if the given $username is valid * @param string $username * @return boolean * @static */ public static function isValidUsername($username) { if (preg_match('/^[a-zA-Z0-9-_]*$/', $username)) { return true; } // For version 2.3, inspired by migrating Shop Customers to Users: // In addition to the above, also accept usernames that look like valid // e-mail addresses // TODO: Maybe this should be restricted to MODULE_ID == 16 (Shop)? if (FWValidator::isEmail($username)) { return true; } return false; }