switch ($type) {
case 'news':
$id = $newsid;
$msgWriteComment = $PMF_LANG['newsWriteComment'];
break;
case 'faq':
default:
$id = $faqid;
$msgWriteComment = $PMF_LANG['msgWriteComment'];
break;
}
// If e-mail address is set to optional
if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($mail)) {
$mail = PMF_Configuration::getInstance()->get('main.administrationMail');
}
if (!is_null($user) && !is_null($mail) && !is_null($comment) && checkBannedWord(PMF_String::htmlspecialchars($comment)) && IPCheck($_SERVER['REMOTE_ADDR']) && $captcha->checkCaptchaCode($code) && !$faq->commentDisabled($id, $LANGCODE, $type)) {
$faqsession->userTracking("save_comment", $id);
$commentData = array('record_id' => $id, 'type' => $type, 'username' => $user, 'usermail' => $mail, 'comment' => nl2br($comment), 'date' => $_SERVER['REQUEST_TIME'], 'helped' => '');
if ($faq->addComment($commentData)) {
$emailTo = $faqconfig->get('main.administrationMail');
$urlToContent = '';
if ('faq' == $type) {
$faq->getRecord($id);
if ($faq->faqRecord['email'] != '') {
$emailTo = $faq->faqRecord['email'];
}
$_faqUrl = sprintf('%saction=artikel&cat=%d&id=%d&artlang=%s', $sids, 0, $faq->faqRecord['id'], $faq->faqRecord['lang']);
$oLink = new PMF_Link(PMF_Link::getSystemUri() . '?' . $_faqUrl);
$oLink->itemTitle = $faq->faqRecord['title'];
$urlToContent = $oLink->toString();
} else {
//
PMF_String::init($languageCode);
// Check captcha
$captcha = new PMF_Captcha($db, $Language);
//$captcha->setSessionId($sids);
// Send headers
$http = PMF_Helper_Http::getInstance();
$http->setContentType('application/json');
$http->addHeader();
// Set session
$faqsession = new PMF_Session($db, $Language);
$network = new PMF_Network();
if (!$network->checkIp($_SERVER['REMOTE_ADDR'])) {
$message = array('error' => $PMF_LANG['err_bannedIP']);
}
if ('savevoting' !== $action && !$captcha->checkCaptchaCode($code)) {
$message = array('error' => $PMF_LANG['msgCaptcha']);
}
if (isset($message['error'])) {
print json_encode($message);
exit;
}
// Save user generated content
switch ($action) {
// Comments
case 'savecomment':
$faq = new PMF_Faq();
$type = PMF_Filter::filterInput(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
$faqid = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT, 0);
$newsid = PMF_Filter::filterInput(INPUT_POST, 'newsid', FILTER_VALIDATE_INT);
$username = PMF_Filter::filterInput(INPUT_POST, 'user', FILTER_SANITIZE_STRING);
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
// Settings
$selectSize = 10;
$defaultUserAction = 'list';
$defaultUserStatus = 'blocked';
$loginMinLength = 4;
$loginInvalidRegExp = '/(^[^a-z]{1}|[\\W])/i';
$errorMessages = array('addUser_password' => $PMF_LANG['ad_user_error_password'], 'addUser_passwordsDontMatch' => $PMF_LANG['ad_user_error_passwordsDontMatch'], 'addUser_loginExists' => $PMF_LANG["ad_adus_exerr"], 'addUser_loginInvalid' => $PMF_LANG['ad_user_error_loginInvalid'], 'addUser_noEmail' => $PMF_LANG['ad_user_error_noEmail'], 'addUser_noRealName' => $PMF_LANG['ad_user_error_noRealName'], 'delUser' => $PMF_LANG['ad_user_error_delete'], 'delUser_noId' => $PMF_LANG['ad_user_error_noId'], 'delUser_protectedAccount' => $PMF_LANG['ad_user_error_protectedAccount'], 'updateUser' => $PMF_LANG['ad_msg_mysqlerr'], 'updateUser_noId' => $PMF_LANG['ad_user_error_noId'], 'updateRights' => $PMF_LANG['ad_msg_mysqlerr'], 'updateRights_noId' => $PMF_LANG['ad_user_error_noId']);
$captcha = new PMF_Captcha($sids);
$loginname = PMF_Filter::filterInput(INPUT_POST, 'loginname', FILTER_SANITIZE_STRING);
$lastname = PMF_Filter::filterInput(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING);
if (!$captcha->checkCaptchaCode($code)) {
$captchaError = $PMF_LANG['captchaError'];
}
if (!is_null($loginname) && !is_null($lastname) && !is_null($email) && !isset($captchaError)) {
$user = new PMF_User();
$message = '';
$messages = array();
// check input data
$user_name = $loginname;
$user_realname = $lastname;
$user_password = '';
$user_email = $email;
// check login name
$user->setLoginMinLength($loginMinLength);
$user->setLoginInvalidRegExp($loginInvalidRegExp);
if (!$user->isValidLogin($user_name)) {
* @since 2002-09-17
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$faqsession->userTracking('sendmail_contact', 0);
$captcha = new PMF_Captcha($sids);
$name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRIPPED);
$code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING);
// If e-mail address is set to optional
if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($email)) {
$email = PMF_Configuration::getInstance()->get('main.administrationMail');
}
if (!is_null($name) && !is_null($email) && !is_null($question) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($question)) && $captcha->checkCaptchaCode($code)) {
$mail = new PMF_Mail();
$mail->unsetFrom();
$mail->setFrom($email, $name);
$mail->addTo($faqconfig->get('main.administrationMail'));
$mail->subject = 'Feedback: %sitename%';
$mail->message = $question;
$result = $mail->send();
unset($mail);
$message = $PMF_LANG['msgMailContact'];
} else {
$message = $PMF_LANG['err_sendMail'];
}
$tpl->processTemplate('writeContent', array('msgContact' => $PMF_LANG['msgContact'], 'Message' => $message));
$tpl->includeTemplate('writeContent', 'index');
* @link http://www.phpmyfaq.de
* @since 2002-09-16
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$faqsession->userTracking('sendmail_send2friend', 0);
$captcha = new PMF_Captcha($sids);
$name = PMF_Filter::filterInput(INPUT_POST, 'name', FILTER_SANITIZE_STRING);
$mailfrom = PMF_Filter::filterInput(INPUT_POST, 'mailfrom', FILTER_VALIDATE_EMAIL);
$mailto = PMF_Filter::filterInputArray(INPUT_POST, array('mailto' => array('filter' => FILTER_VALIDATE_EMAIL, 'flags' => FILTER_REQUIRE_ARRAY | FILTER_NULL_ON_FAILURE)));
$link = PMF_Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
$attached = PMF_Filter::filterInput(INPUT_POST, 'zusatz', FILTER_SANITIZE_STRIPPED);
$code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING);
if (!is_null($name) && !is_null($mailfrom) && is_array($mailto) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($attached)) && $captcha->checkCaptchaCode($code)) {
// Backward compatibility: extract article info from the link, no template change required
$cat = $id = $artlang = null;
preg_match('`index\\.php\\?action=artikel&cat=(?<cat>[\\d]+)&id=(?<id>[\\d]+)&artlang=(?<artlang>[^$]+)$`', $link, $matches);
if (isset($matches['cat'])) {
$cat = (int) $matches['cat'];
}
if (isset($matches['id'])) {
$id = (int) $matches['id'];
}
if (isset($matches['artlang'])) {
$artlang = $matches['artlang'];
}
// Sanity check
if (is_null($cat) || is_null($id) || is_null($artlang)) {
header('HTTP/1.1 403 Forbidden');
$thema = PMF_Filter::filterInput(INPUT_POST, 'thema', FILTER_SANITIZE_STRIPPED);
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_STRIPPED);
$tr_content = PMF_Filter::filterInput(INPUT_POST, 'translated_content', FILTER_SANITIZE_STRING);
$contentlink = PMF_Filter::filterInput(INPUT_POST, 'contentlink', FILTER_VALIDATE_URL);
$keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRIPPED);
$code = PMF_Filter::filterInput(INPUT_POST, 'captcha', FILTER_SANITIZE_STRING);
$categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
// If e-mail address is set to optional
if (!PMF_Configuration::getInstance()->get('main.optionalMailAddress') && is_null($usermail)) {
$usermail = PMF_Configuration::getInstance()->get('main.administrationMail');
}
// Check on translation
if (is_null($content) && !is_null($tr_content)) {
$content = $tr_content;
}
if (!is_null($username) && !is_null($usermail) && !is_null($thema) && !is_null($content) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($thema)) && checkBannedWord(PMF_String::htmlspecialchars($content)) && $captcha->checkCaptchaCode($code) && (is_null($faqid) && !is_null($categories) || !is_null($faqid) && !is_null($faqlanguage) && PMF_Language::isASupportedLanguage($faqlanguage))) {
$isNew = true;
if (!is_null($faqid)) {
$isNew = false;
$faqsession->userTracking('save_new_translation_entry', 0);
} else {
$faqsession->userTracking('save_new_entry', 0);
}
$isTranslation = false;
if (!is_null($faqlanguage)) {
$isTranslation = true;
$newLanguage = $faqlanguage;
}
if (PMF_String::substr($contentlink, 7) != "") {
$content = $content . "<br />" . $PMF_LANG["msgInfo"] . "<a href=\"http://" . PMF_String::substr($contentlink, 7) . "\" target=\"_blank\">" . $contentlink . "</a>";
}
$mainAdminEmail = $faqconfig->get('main.administrationMail');
$mail = new PMF_Mail();
$mail->unsetFrom();
$mail->setFrom($questionData['email'], $questionData['username']);
$mail->addTo($mainAdminEmail);
// Let the category owner get a copy of the message
if ($userEmail && $mainAdminEmail != $userEmail) {
$mail->addCc($userEmail);
}
$mail->subject = '%sitename%';
$mail->message = $questionMail;
$retval = $mail->send();
}
return $retval;
}
if (!is_null($username) && !empty($usermail) && !empty($content) && IPCheck($_SERVER['REMOTE_ADDR']) && checkBannedWord(PMF_String::htmlspecialchars($content)) && $captcha->checkCaptchaCode($code)) {
$pmf_sw = PMF_Stopwords::getInstance();
$search_stuff = $pmf_sw->clean($content);
$search = new PMF_Search($db, $Language);
$search_result = array();
$counter = 0;
foreach ($search_stuff as $word) {
$tmp = $search->search($word);
foreach ($tmp as $foundItem) {
if (!isset($foundItem->id, $search_result[$foundItem->category_id])) {
$counter++;
$foundItem->searchterm = PMF_String::htmlspecialchars(stripslashes($word), ENT_QUOTES, 'utf-8');
$search_result[$foundItem->category_id][$foundItem->id] = $foundItem;
}
}
}
$responseWrapper->addCommonHeaders();
// Set session
$faqsession = new PMF_Session($faqConfig);
$network = new PMF_Network($faqConfig);
$stopwords = new PMF_Stopwords($faqConfig);
if (!$network->checkIp($_SERVER['REMOTE_ADDR'])) {
$message = array('error' => $PMF_LANG['err_bannedIP']);
}
// Check, if user is logged in
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
if ($user instanceof PMF_User_CurrentUser) {
$isLoggedIn = true;
} else {
$isLoggedIn = false;
}
if ('savevoting' !== $action && 'saveuserdata' !== $action && 'changepassword' !== $action && !$captcha->checkCaptchaCode($code) && !$isLoggedIn) {
$message = array('error' => $PMF_LANG['msgCaptcha']);
}
if (isset($message['error'])) {
$response->setData($message)->send();
exit;
}
// Save user generated content
switch ($action) {
// Comments
case 'savecomment':
if (!$faqConfig->get('records.allowCommentsForGuests') && $user->perm->checkRight($user->getUserId(), 'addcomment')) {
$message = array('error' => $PMF_LANG['err_NotAuth']);
break;
}
$faq = new PMF_Faq($faqConfig);
