/**
* set a permanent cookie
*
* @param string cookie name
* @param string cookie value
*/
public static function set_cookie($name, $value)
{
global $context;
// assign the cookie to this instance of yacs
Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, $context['url_to_root']);
// also set cookies used in leading index.php
if ($home = getenv('YACS_HOME')) {
Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, $home . '/');
}
if ($context['url_to_root'] == '/yacs/') {
Safe::setcookie($name, $value, time() + 60 * 60 * 24 * 500, '/');
}
}
Logger::error(i18n::s('This page has no overlay'));
// not a valid poll
} elseif (!@count($overlay->attributes['answers'])) {
Logger::error(i18n::s('Not a valid poll'));
// not a valid vote
} elseif ($vote < 1 || $vote > @count($overlay->attributes['answers'])) {
Logger::error(i18n::s('Not a valid vote'));
// a vote has already been registered
} elseif (isset($_COOKIE['poll_' . $item['id']])) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You have already voted'));
// record the vote
} else {
// set a cookie to remember the vote for 100 days
if ($id && $vote) {
Safe::setcookie('poll_' . $item['id'], $vote, time() + 60 * 60 * 24 * 100, $context['url_to_root']);
}
// increment answers
$vote--;
list($label, $count) = $overlay->attributes['answers'][$vote];
$overlay->attributes['answers'][$vote] = array($label, $count + 1);
// supports up to two levels arrays
foreach ($overlay->attributes as $name => $value) {
if (is_array($value)) {
foreach ($value as $sub_name => $sub_value) {
$overlay->attributes[$name][$sub_name] = str_replace('\\', '\\\\', $sub_value);
}
} else {
$overlay->attributes[$name] = str_replace('\\', '\\\\', $value);
}
}
<?php
/**
* break a session
*
* @author Bernard Paques
* @reference
* @license http://www.gnu.org/copyleft/lesser.txt GNU Lesser General Public License
*/
// common definitions and initial processing
include_once '../shared/global.php';
// if it was a HEAD request, stop here
if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'HEAD') {
return;
}
// clear permanent name
Safe::setcookie('surfer_name', '', time() + 60 * 60 * 24 * 500, '/');
// destroy surfer session
Surfer::reset();
// redirect to another page
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] && !preg_match('/login\\.php/i', $_SERVER['HTTP_REFERER'])) {
Safe::redirect($_SERVER['HTTP_REFERER']);
} else {
Safe::redirect($context['url_to_home'] . $context['url_to_root']);
}
// give a four
$context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="4" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Good') . ' </div> ';
// give a three
$context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="3" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Average') . ' </div> ';
// give a two
$context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="2" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Poor') . ' </div> ';
// give a one
$context['text'] .= '<div style="float: left;"><input name="rating" type="radio" value="1" onclick="$(\'#main_form\').submit()" /> ' . i18n::s('Forget it') . ' </div> ';
$context['text'] .= '<br style="clear: left;" />';
// end of the form
$context['text'] .= '</div></form>';
// record the rating
} else {
// set a cookie to remember the rating for 100 days
if ($rating) {
Safe::setcookie('rating_' . $item['id'], $rating, time() + 60 * 60 * 24 * 100, $context['url_to_root']);
}
// update the database
Articles::rate($item['id'], $rating);
// touch the related anchor
if (is_object($anchor)) {
$anchor->touch('article:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
}
// clear the cache
Articles::clear($item);
// return from rating
if (!headers_sent()) {
// go back to page referring to here
if (isset($_REQUEST['referer'])) {
Safe::redirect($_REQUEST['referer']);
} else {
$context['page_title'] = i18n::s('Validate your e-mail address');
// stop crawlers
if (Surfer::is_crawler()) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// not found
} elseif (!isset($item['id'])) {
include '../error.php';
// bad handle
} elseif ($id != $item['handle']) {
include '../error.php';
} elseif (Users::validate($item['id'])) {
// congratulations
$context['text'] .= sprintf(i18n::s('<p>%s,</p><p>Your e-mail address has been validated, and you are now an active member of this community.</p>'), ucfirst($item['nick_name']));
// set permanent name shown from top level
Safe::setcookie('surfer_name', $item['nick_name'], time() + 60 * 60 * 24 * 500, '/');
// save surfer profile in session context
Surfer::set($item);
// follow-up commands
$follow_up = i18n::s('Where do you want to go now?');
$menu = array();
$menu = array_merge($menu, array(Users::get_permalink($item) => i18n::s('My profile')));
$menu = array_merge($menu, array($context['url_to_root'] => i18n::s('Front page')));
$follow_up .= Skin::build_list($menu, 'menu_bar');
$context['text'] .= Skin::build_block($follow_up, 'bottom');
// failed operation
} else {
$context['text'] .= '<p>' . i18n::s('Your e-mail address has not been validated.') . "</p>\n";
}
// render the skin
render_skin();
// extra panel
//
// user profile aside
$context['components']['profile'] = Skin::build_profile($user, 'extra');
// navigation links, in an extra box
$links = array();
$links = array_merge($links, array($context['url_to_root'] => i18n::s('Front page')));
$links = array_merge($links, array('sections/' => i18n::s('Site map')));
$links = array_merge($links, array('users/' => i18n::s('People')));
$links = array_merge($links, array('categories/' => i18n::s('Categories')));
$links = array_merge($links, array('search.php' => i18n::s('Search')));
$context['components']['boxes'] .= Skin::build_box(i18n::s('Navigate'), Skin::build_list($links, 'compact'), 'boxes');
// failed authentication
} else {
// set permanent name shown from top level
Safe::setcookie('surfer_name', preg_replace('/(@.+)$/', '', $name), time() + 60 * 60 * 24 * 500, '/');
// reset the current session
Surfer::reset();
// share status
Logger::error(i18n::s('Failed authentication'), FALSE);
// help surfer to recover
if ($items =& Users::search($name, 1.0, 7, 'password')) {
// display candidate profiles
if (is_array($items)) {
$items =& Skin::build_list($items, 'decorated');
}
$context['text'] .= Skin::build_box(i18n::s('Have you lost your password?'), $items);
}
// ask for support
$context['text'] .= Skin::build_box(i18n::s('Do you need more help?'), '<p>' . sprintf(i18n::s('Use the %s to ask for help'), Skin::build_link('query.php', i18n::s('query form'), 'shortcut')) . '</p>');
}
/**
* put an updated user profile in the database
*
* If present, only the password is changed. Or other fields except the password are modified.
*
* To change a password, set fields 'id', 'password' and 'confirm'
*
* @param array an array of fields
* @return TRUE on success, FALSE otherwise
*
* @see users/edit.php
* @see users/password.php
* @see users/select_avatar.php
**/
public static function put(&$fields)
{
global $context;
// load the record
$item = Users::get($fields['id']);
if (!isset($item['id']) || !$item['id']) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// remember who is changing this record
Surfer::check_default_editor($fields);
// if a password change
if (isset($fields['password'])) {
// ensure that the password has been provided twice
if (!isset($fields['confirm']) || $fields['confirm'] != $fields['password']) {
Logger::error(i18n::s('New password has to be confirmed.'));
return FALSE;
}
// hash password, we are coming from an interactive form
$fields['password'] = md5($fields['password']);
// else if a regular profile update
} else {
// nick_name is required
if (!isset($fields['nick_name']) || !trim($fields['nick_name'])) {
Logger::error(i18n::s('Please indicate a nick name.'));
return FALSE;
}
// some weird users put spaces around
$fields['nick_name'] = trim($fields['nick_name']);
// nick_name may be already used
if (($used = Users::get($fields['nick_name'])) && $used['id'] != $fields['id']) {
Logger::error(i18n::s('Another member already has this nick name. Please select a different one.'));
return FALSE;
}
// ensure we have a full name
if (!isset($fields['full_name']) || !trim($fields['full_name'])) {
$fields['full_name'] = $fields['nick_name'];
}
// protect from hackers
if (isset($fields['avatar_url'])) {
$fields['avatar_url'] = encode_link($fields['avatar_url']);
}
// set default values
if (!isset($fields['active']) || !$fields['active']) {
$fields['active'] = 'Y';
}
if (isset($fields['selected_editor'])) {
$fields['editor'] = $fields['selected_editor'];
} elseif (isset($context['users_default_editor'])) {
$fields['editor'] = $context['users_default_editor'];
} else {
$fields['editor'] = 'yacs';
}
if (!isset($fields['interface']) || $fields['interface'] != 'C') {
$fields['interface'] = 'I';
}
if (!isset($fields['with_newsletters']) || $fields['with_newsletters'] != 'Y') {
$fields['with_newsletters'] = 'N';
}
if (!isset($fields['without_alerts']) || $fields['without_alerts'] != 'N') {
$fields['without_alerts'] = 'Y';
}
if (!isset($fields['without_confirmations']) || $fields['without_confirmations'] != 'N') {
$fields['without_confirmations'] = 'Y';
}
if (!isset($fields['without_messages']) || $fields['without_messages'] != 'N') {
$fields['without_messages'] = 'Y';
}
if (!isset($fields['birth_date']) || !$fields['birth_date']) {
$fields['birth_date'] = NULL_DATE;
}
// clean provided tags
if (isset($fields['tags'])) {
$fields['tags'] = trim($fields['tags'], " \t.:,!?");
}
// save new settings in session and in cookie
if (Surfer::is($fields['id'])) {
// change preferred editor
$_SESSION['surfer_editor'] = $fields['editor'];
Safe::setcookie('surfer_editor', $fields['editor'], NULL, '/');
// change preferred language
if (isset($fields['language']) && $_SESSION['surfer_language'] != $fields['language']) {
$_SESSION['surfer_language'] = $fields['language'];
$_SESSION['l10n_modules'] = array();
}
}
}
// update an existing record
$query = "UPDATE " . SQL::table_name('users') . " SET ";
// change only the password
if (isset($fields['password'])) {
$query .= "password='******'password']) . "'";
} else {
$query .= "email='" . SQL::escape(isset($fields['email']) ? $fields['email'] : '') . "', " . "aim_address='" . SQL::escape(isset($fields['aim_address']) ? $fields['aim_address'] : '') . "', " . "alternate_number='" . SQL::escape(isset($fields['alternate_number']) ? $fields['alternate_number'] : '') . "', " . "avatar_url='" . SQL::escape(isset($fields['avatar_url']) ? $fields['avatar_url'] : '') . "', " . "birth_date='" . SQL::escape($fields['birth_date']) . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "editor='" . SQL::escape($fields['editor']) . "', " . "from_where='" . SQL::escape(isset($fields['from_where']) ? $fields['from_where'] : '') . "', " . "full_name='" . SQL::escape(isset($fields['full_name']) ? $fields['full_name'] : '') . "', " . "icq_address='" . SQL::escape(isset($fields['icq_address']) ? $fields['icq_address'] : '') . "', " . "interface='" . SQL::escape($fields['interface']) . "', " . "introduction='" . SQL::escape(isset($fields['introduction']) ? $fields['introduction'] : '') . "', " . "irc_address='" . SQL::escape(isset($fields['irc_address']) ? $fields['irc_address'] : '') . "', " . "jabber_address='" . SQL::escape(isset($fields['jabber_address']) ? $fields['jabber_address'] : '') . "', " . "language='" . SQL::escape(isset($fields['language']) ? $fields['language'] : 'none') . "', " . "msn_address='" . SQL::escape(isset($fields['msn_address']) ? $fields['msn_address'] : '') . "', " . "nick_name='" . SQL::escape($fields['nick_name']) . "', " . "options='" . SQL::escape(isset($fields['options']) ? $fields['options'] : '') . "', " . "overlay='" . SQL::escape(isset($fields['overlay']) ? $fields['overlay'] : '') . "'," . "overlay_id='" . SQL::escape(isset($fields['overlay_id']) ? $fields['overlay_id'] : '') . "'," . "pgp_key='" . SQL::escape(isset($fields['pgp_key']) ? $fields['pgp_key'] : '') . "', " . "phone_number='" . SQL::escape(isset($fields['phone_number']) ? $fields['phone_number'] : '') . "', " . "signature='" . SQL::escape(isset($fields['signature']) ? $fields['signature'] : '') . "', " . "skype_address='" . SQL::escape(isset($fields['skype_address']) ? $fields['skype_address'] : '') . "', " . "tags='" . SQL::escape(isset($fields['tags']) ? $fields['tags'] : '') . "', " . "twitter_address='" . SQL::escape(isset($fields['twitter_address']) ? $fields['twitter_address'] : '') . "', " . "vcard_agent='" . SQL::escape(isset($fields['vcard_agent']) ? $fields['vcard_agent'] : '') . "', " . "vcard_label='" . SQL::escape(isset($fields['vcard_label']) ? $fields['vcard_label'] : '') . "', " . "vcard_organization='" . SQL::escape(isset($fields['vcard_organization']) ? $fields['vcard_organization'] : '') . "', " . "vcard_title='" . SQL::escape(isset($fields['vcard_title']) ? $fields['vcard_title'] : '') . "', " . "web_address='" . SQL::escape(isset($fields['web_address']) ? $fields['web_address'] : '') . "', " . "with_newsletters='" . $fields['with_newsletters'] . "', " . "without_alerts='" . $fields['without_alerts'] . "', " . "without_confirmations='" . $fields['without_confirmations'] . "', " . "without_messages='" . $fields['without_messages'] . "', " . "yahoo_address='" . SQL::escape(isset($fields['yahoo_address']) ? $fields['yahoo_address'] : '') . "'";
// fields set only by associates -- see users/edit.php
if (Surfer::is_associate()) {
$query .= ", " . "capability='" . SQL::escape($fields['capability']) . "', " . "active='" . SQL::escape($fields['active']) . "'";
}
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_action='user:update', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query .= " WHERE id = " . SQL::escape($item['id']);
SQL::query($query, FALSE, $context['users_connection']);
// list the user in categories
if (isset($fields['tags']) && $fields['tags']) {
Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']);
}
// clear all the cache on profile update, because of avatars, etc.
$fields['id'] = $item['id'];
Users::clear($fields);
// send a confirmation message on password change
if (isset($context['with_email']) && $context['with_email'] == 'Y' && isset($fields['confirm']) && $item['email'] && $item['without_confirmations'] != 'Y') {
// message title
$subject = sprintf(i18n::s('Your account at %s'), strip_tags($context['site_name']));
// message body
$message = '<p>' . sprintf(i18n::s('This message has been automatically sent to you to confirm a change of your profile at %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Your nick name is %s'), $item['nick_name']) . BR . sprintf(i18n::s('Authenticate with password %s'), $fields['confirm']) . '</p>' . '<p>' . sprintf(i18n::s('On-line help is available at %s'), '<a href="' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '">' . $context['url_to_home'] . $context['url_to_root'] . 'help/' . '</a>') . '</p>' . '<p>' . sprintf(i18n::s('Thank you for your interest into %s.'), '<a href="' . $context['url_to_master'] . $context['url_to_root'] . '">' . strip_tags($context['site_name']) . '</a>') . '</p>';
// enable threading
$headers = Mailer::set_thread('user:'******'id']);
// post the confirmation message
Mailer::notify(NULL, $item['email'], $subject, $message, $headers);
}
// update user session
if (isset($fields['nick_name']) && Surfer::get_id() && $fields['id'] == Surfer::get_id() && is_callable(array('Surfer', 'set'))) {
Surfer::set($fields);
}
// end of job
return TRUE;
}
