protected function callFunc($function, $permalink, $type, $author, $email, $url, $content, $info = array())
 {
     $ua = isset($info['HTTP_USER_AGENT']) ? $info['HTTP_USER_AGENT'] : '';
     $referer = isset($info['HTTP_REFERER']) ? $info['HTTP_REFERER'] : '';
     # Prepare comment data
     $data = array('blog' => $this->blog_url, 'user_ip' => http::realIP(), 'user_agent' => $ua, 'referrer' => $referer, 'permalink' => $permalink, 'comment_type' => $type, 'comment_author' => $author, 'comment_author_email' => $email, 'comment_author_url' => $url, 'comment_content' => $content);
     $data = array_merge($data, $info);
     $this->host = $this->ak_host;
     $path = sprintf($this->ak_path, $function);
     if (!$this->post($path, $data, 'UTF-8')) {
         throw new Exception('HTTP error: ' . $this->getError());
     }
     return $this->getContent() == 'true';
 }
示例#2
0
 private function addBacklink($post_id, $url, $blog_name, $title, $excerpt, &$comment)
 {
     if (empty($blog_name)) {
         $blog_name = 'Anonymous blog';
     }
     $comment = "<!-- TB -->\n" . '<p><strong>' . ($title ? $title : $blog_name) . "</strong></p>\n" . '<p>' . $excerpt . '</p>';
     $cur = $this->core->con->openCursor($this->core->prefix . 'comment');
     $cur->comment_author = (string) $blog_name;
     $cur->comment_site = (string) $url;
     $cur->comment_content = (string) $comment;
     $cur->post_id = $post_id;
     $cur->comment_trackback = 1;
     $cur->comment_status = $this->core->blog->settings->system->trackbacks_pub ? 1 : -1;
     $cur->comment_ip = http::realIP();
     # --BEHAVIOR-- publicBeforeTrackbackCreate
     $this->core->callBehavior('publicBeforeTrackbackCreate', $cur);
     if ($cur->post_id) {
         $comment_id = $this->core->blog->addComment($cur);
         # --BEHAVIOR-- publicAfterTrackbackCreate
         $this->core->callBehavior('publicAfterTrackbackCreate', $cur, $comment_id);
     }
 }
示例#3
0
 /**
 Creates a new comment. Takes a cursor as input and returns the new comment
 ID.
 
 @param	cur		<b>cursor</b>		Comment cursor
 @return	<b>integer</b>		New comment ID
 */
 public function addComment($cur)
 {
     $this->con->writeLock($this->prefix . 'comment');
     try {
         # Get ID
         $rs = $this->con->select('SELECT MAX(comment_id) ' . 'FROM ' . $this->prefix . 'comment ');
         $cur->comment_id = (int) $rs->f(0) + 1;
         $cur->comment_upddt = date('Y-m-d H:i:s');
         $offset = dt::getTimeOffset($this->settings->system->blog_timezone);
         $cur->comment_dt = date('Y-m-d H:i:s', time() + $offset);
         $cur->comment_tz = $this->settings->system->blog_timezone;
         $this->getCommentCursor($cur);
         if ($cur->comment_ip === null) {
             $cur->comment_ip = http::realIP();
         }
         # --BEHAVIOR-- coreBeforeCommentCreate
         $this->core->callBehavior('coreBeforeCommentCreate', $this, $cur);
         $cur->insert();
         $this->con->unlock();
     } catch (Exception $e) {
         $this->con->unlock();
         throw $e;
     }
     # --BEHAVIOR-- coreAfterCommentCreate
     $this->core->callBehavior('coreAfterCommentCreate', $this, $cur);
     $this->triggerComment($cur->comment_id);
     if ($cur->comment_status != -2) {
         $this->triggerBlog();
     }
     return $cur->comment_id;
 }
示例#4
0
 public static function post($args)
 {
     if ($args == '') {
         # No entry was specified.
         self::p404();
     } else {
         $_ctx =& $GLOBALS['_ctx'];
         $core =& $GLOBALS['core'];
         $core->blog->withoutPassword(false);
         $params = new ArrayObject();
         $params['post_url'] = $args;
         $_ctx->posts = $core->blog->getPosts($params);
         $_ctx->comment_preview = new ArrayObject();
         $_ctx->comment_preview['content'] = '';
         $_ctx->comment_preview['rawcontent'] = '';
         $_ctx->comment_preview['name'] = '';
         $_ctx->comment_preview['mail'] = '';
         $_ctx->comment_preview['site'] = '';
         $_ctx->comment_preview['preview'] = false;
         $_ctx->comment_preview['remember'] = false;
         $core->blog->withoutPassword(true);
         if ($_ctx->posts->isEmpty()) {
             # The specified entry does not exist.
             self::p404();
         } else {
             $post_id = $_ctx->posts->post_id;
             $post_password = $_ctx->posts->post_password;
             # Password protected entry
             if ($post_password != '' && !$_ctx->preview) {
                 # Get passwords cookie
                 if (isset($_COOKIE['dc_passwd'])) {
                     $pwd_cookie = unserialize($_COOKIE['dc_passwd']);
                 } else {
                     $pwd_cookie = array();
                 }
                 # Check for match
                 if (!empty($_POST['password']) && $_POST['password'] == $post_password || isset($pwd_cookie[$post_id]) && $pwd_cookie[$post_id] == $post_password) {
                     $pwd_cookie[$post_id] = $post_password;
                     setcookie('dc_passwd', serialize($pwd_cookie), 0, '/');
                 } else {
                     self::serveDocument('password-form.html', 'text/html', false);
                     return;
                 }
             }
             $post_comment = isset($_POST['c_name']) && isset($_POST['c_mail']) && isset($_POST['c_site']) && isset($_POST['c_content']) && $_ctx->posts->commentsActive();
             # Posting a comment
             if ($post_comment) {
                 # Spam trap
                 if (!empty($_POST['f_mail'])) {
                     http::head(412, 'Precondition Failed');
                     header('Content-Type: text/plain');
                     echo "So Long, and Thanks For All the Fish";
                     # Exits immediately the application to preserve the server.
                     exit;
                 }
                 $name = $_POST['c_name'];
                 $mail = $_POST['c_mail'];
                 $site = $_POST['c_site'];
                 $content = $_POST['c_content'];
                 $preview = !empty($_POST['preview']);
                 if ($content != '') {
                     if ($core->blog->settings->wiki_comments) {
                         $core->initWikiComment();
                     } else {
                         $core->initWikiSimpleComment();
                     }
                     $content = $core->wikiTransform($content);
                     $content = $core->HTMLfilter($content);
                 }
                 $_ctx->comment_preview['content'] = $content;
                 $_ctx->comment_preview['rawcontent'] = $_POST['c_content'];
                 $_ctx->comment_preview['name'] = $name;
                 $_ctx->comment_preview['mail'] = $mail;
                 $_ctx->comment_preview['site'] = $site;
                 if ($preview) {
                     # --BEHAVIOR-- publicBeforeCommentPreview
                     $core->callBehavior('publicBeforeCommentPreview', $_ctx->comment_preview);
                     $_ctx->comment_preview['preview'] = true;
                 } else {
                     # Post the comment
                     $cur = $core->con->openCursor($core->prefix . 'comment');
                     $cur->comment_author = $name;
                     $cur->comment_site = html::clean($site);
                     $cur->comment_email = html::clean($mail);
                     $cur->comment_content = $content;
                     $cur->post_id = $_ctx->posts->post_id;
                     $cur->comment_status = $core->blog->settings->comments_pub ? 1 : -1;
                     $cur->comment_ip = http::realIP();
                     $redir = $_ctx->posts->getURL();
                     $redir .= strpos($redir, '?') !== false ? '&' : '?';
                     try {
                         if (!text::isEmail($cur->comment_email)) {
                             throw new Exception(__('You must provide a valid email address.'));
                         }
                         # --BEHAVIOR-- publicBeforeCommentCreate
                         $core->callBehavior('publicBeforeCommentCreate', $cur);
                         if ($cur->post_id) {
                             $comment_id = $core->blog->addComment($cur);
                             # --BEHAVIOR-- publicAfterCommentCreate
                             $core->callBehavior('publicAfterCommentCreate', $cur, $comment_id);
                         }
                         if ($cur->comment_status == 1) {
                             $redir_arg = 'pub=1';
                         } else {
                             $redir_arg = 'pub=0';
                         }
                         header('Location: ' . $redir . $redir_arg);
                     } catch (Exception $e) {
                         $_ctx->form_error = $e->getMessage();
                         $_ctx->form_error;
                     }
                 }
             }
             # The entry
             self::serveDocument('post.html');
         }
     }
 }
示例#5
0
 private function getLogCursor($cur, $log_id = null)
 {
     if ($cur->log_msg === '') {
         throw new Exception(__('No log message'));
     }
     if ($cur->log_table === null) {
         $cur->log_table = 'none';
     }
     if ($cur->user_id === null) {
         $cur->user_id = 'unknown';
     }
     if ($cur->log_dt === '' || $cur->log_dt === null) {
         $cur->log_dt = date('Y-m-d H:i:s');
     }
     if ($cur->log_ip === null) {
         $cur->log_ip = http::realIP();
     }
     $log_id = is_int($log_id) ? $log_id : $cur->log_id;
 }
示例#6
0
 /**
 Receives a trackback and insert it as a comment of given post.
 
 @param	post_id		<b>integer</b>		Post ID
 */
 public function receive($post_id)
 {
     header('Content-Type: text/xml; charset=UTF-8');
     if (empty($_POST)) {
         http::head(405, 'Method Not Allowed');
         echo '<?xml version="1.0" encoding="utf-8"?>' . "\n" . "<response>\n" . "  <error>1</error>\n" . "  <message>POST request needed</message>\n" . "</response>";
         return;
     }
     $post_id = (int) $post_id;
     $title = !empty($_POST['title']) ? $_POST['title'] : '';
     $excerpt = !empty($_POST['excerpt']) ? $_POST['excerpt'] : '';
     $url = !empty($_POST['url']) ? $_POST['url'] : '';
     $blog_name = !empty($_POST['blog_name']) ? $_POST['blog_name'] : '';
     $charset = '';
     $comment = '';
     $err = false;
     $msg = '';
     if ($this->core->blog === null) {
         $err = true;
         $msg = 'No blog.';
     } elseif ($url == '') {
         $err = true;
         $msg = 'URL parameter is required.';
     } elseif ($blog_name == '') {
         $err = true;
         $msg = 'Blog name is required.';
     }
     if (!$err) {
         $post = $this->core->blog->getPosts(array('post_id' => $post_id, 'post_type' => ''));
         if ($post->isEmpty()) {
             $err = true;
             $msg = 'No such post.';
         } elseif (!$post->trackbacksActive()) {
             $err = true;
             $msg = 'Trackbacks are not allowed for this post or weblog.';
         }
     }
     if (!$err) {
         $charset = self::getCharsetFromRequest();
         if (!$charset) {
             $charset = mb_detect_encoding($title . ' ' . $excerpt . ' ' . $blog_name, 'UTF-8,ISO-8859-1,ISO-8859-2,ISO-8859-3,' . 'ISO-8859-4,ISO-8859-5,ISO-8859-6,ISO-8859-7,ISO-8859-8,' . 'ISO-8859-9,ISO-8859-10,ISO-8859-13,ISO-8859-14,ISO-8859-15');
         }
         if (strtolower($charset) != 'utf-8') {
             $title = iconv($charset, 'UTF-8', $title);
             $excerpt = iconv($charset, 'UTF-8', $excerpt);
             $blog_name = iconv($charset, 'UTF-8', $blog_name);
         }
         $title = trim(html::clean($title));
         $title = html::decodeEntities($title);
         $title = html::escapeHTML($title);
         $title = text::cutString($title, 60);
         $excerpt = trim(html::clean($excerpt));
         $excerpt = html::decodeEntities($excerpt);
         $excerpt = preg_replace('/\\s+/ms', ' ', $excerpt);
         $excerpt = text::cutString($excerpt, 252);
         $excerpt = html::escapeHTML($excerpt) . '...';
         $blog_name = trim(html::clean($blog_name));
         $blog_name = html::decodeEntities($blog_name);
         $blog_name = html::escapeHTML($blog_name);
         $blog_name = text::cutString($blog_name, 60);
         $url = trim(html::clean($url));
         if (!$blog_name) {
             $blog_name = 'Anonymous blog';
         }
         $comment = "<!-- TB -->\n" . '<p><strong>' . ($title ? $title : $blog_name) . "</strong></p>\n" . '<p>' . $excerpt . '</p>';
         $cur = $this->core->con->openCursor($this->core->prefix . 'comment');
         $cur->comment_author = (string) $blog_name;
         $cur->comment_site = (string) $url;
         $cur->comment_content = (string) $comment;
         $cur->post_id = $post_id;
         $cur->comment_trackback = 1;
         $cur->comment_status = $this->core->blog->settings->trackbacks_pub ? 1 : -1;
         $cur->comment_ip = http::realIP();
         try {
             # --BEHAVIOR-- publicBeforeTrackbackCreate
             $this->core->callBehavior('publicBeforeTrackbackCreate', $cur);
             if ($cur->post_id) {
                 $comment_id = $this->core->blog->addComment($cur);
                 # --BEHAVIOR-- publicAfterTrackbackCreate
                 $this->core->callBehavior('publicAfterTrackbackCreate', $cur, $comment_id);
             }
         } catch (Exception $e) {
             $err = 1;
             $msg = 'Something went wrong : ' . $e->getMessage();
         }
     }
     $debug_trace = "  <debug>\n" . '    <title>' . $title . "</title>\n" . '    <excerpt>' . $excerpt . "</excerpt>\n" . '    <url>' . $url . "</url>\n" . '    <blog_name>' . $blog_name . "</blog_name>\n" . '    <charset>' . $charset . "</charset>\n" . '    <comment>' . $comment . "</comment>\n" . "  </debug>\n";
     $resp = '<?xml version="1.0" encoding="utf-8"?>' . "\n" . "<response>\n" . '  <error>' . (int) $err . "</error>\n";
     if ($msg) {
         $resp .= '  <message>' . $msg . "</message>\n";
     }
     if (!empty($_POST['__debug'])) {
         $resp .= $debug_trace;
     }
     echo $resp . "</response>";
 }
示例#7
0
文件: list.php 项目: jewelhuq/okatea
require_once __DIR__ . '/../../../../oktInc/public/prepend.php';
# est-ce qu'on demande une langue bien précise ?
$sUserLanguage = !empty($_GET['language']) ? $_GET['language'] : $okt->user->language;
if (empty($_GET['language']) || $sUserLanguage != $okt->user->language) {
    $okt->user->setUserLang($sUserLanguage);
    http::redirect($okt->page->getBaseUrl($sUserLanguage) . $okt->guestbook->config->public_url[$sUserLanguage]);
}
# module actuel
$okt->page->module = 'guestbook';
$okt->page->action = 'list';
# -- CORE TRIGGER : publicModuleGuestbookControllerStart
$okt->triggers->callTrigger('publicModuleGuestbookControllerStart', $okt, $okt->guestbook->config->captcha);
$aSigData = array('language' => $okt->user->language, 'message' => '', 'nom' => '', 'email' => '', 'url' => 'http://', 'note' => 'nc');
# formulaire envoyé
if (!empty($_POST['sign'])) {
    $aSigData = array('language' => isset($_POST['language']) ? $_POST['language'] : $okt->user->language, 'message' => isset($_POST['msg']) ? $_POST['msg'] : null, 'nom' => isset($_POST['nom']) ? $_POST['nom'] : null, 'email' => isset($_POST['email']) ? $_POST['email'] : null, 'url' => isset($_POST['url']) ? $_POST['url'] : 'http://', 'note' => isset($_POST['note']) ? $_POST['note'] : null, 'ip' => http::realIP(), 'visible' => $okt->guestbook->config->validation ? 0 : 1);
    $aSigData = $okt->guestbook->handleUserData($aSigData);
    # -- CORE TRIGGER : publicModuleGuestbookControllerFormCheckValues
    $okt->triggers->callTrigger('publicModuleGuestbookControllerFormCheckValues', $okt);
    if (!$okt->error->hasError()) {
        if ($okt->guestbook->addSig($aSigData)) {
            if ($okt->guestbook->config->emails_list != '') {
                $oMail = new oktMail($okt);
                $oMail->setFrom();
                $oMail->message->setSubject('Nouveau message sur le livre d’or de ' . util::getSiteTitle());
                $mail_body = 'Bonjour,' . "\n\n" . 'Un utilisateur a laissé un nouveau message ' . 'sur le livre d’or de "' . util::getSiteTitle() . '".' . "\n\n";
                if ($okt->guestbook->config->validation) {
                    $mail_body .= 'Ce nouveau message peut être validé ' . 'en vous rendant sur l’administration.' . "\n\n";
                }
                $mail_body .= 'Cordialement' . PHP_EOL . PHP_EOL . '--' . PHP_EOL . 'Email automatique,' . PHP_EOL . 'ne repondez pas à ce message';
                $oMail->message->setBody($mail_body);
示例#8
0
 /**
  * Vérifie qu'il n'y a pas de flood à l'inscription en vérifiant l'IP.
  * @return boolean
  */
 public function checkRegistrationFlood()
 {
     $sQuery = 'SELECT 1 FROM ' . $this->t_users . ' AS u ' . 'WHERE u.registration_ip=\'' . $this->db->escapeStr(http::realIP()) . '\' ' . 'AND u.registered>' . (time() - 3600);
     if (($rs = $this->db->select($sQuery)) === false) {
         return false;
     }
     if (!$rs->isEmpty()) {
         return false;
     }
     return true;
 }
示例#9
0
 public static function pages($args)
 {
     if ($args == '') {
         # No page was specified.
         self::p404();
     } else {
         $_ctx =& $GLOBALS['_ctx'];
         $core =& $GLOBALS['core'];
         $core->blog->withoutPassword(false);
         $params = new ArrayObject(array('post_type' => 'page', 'post_url' => $args));
         $core->callBehavior('publicPagesBeforeGetPosts', $params, $args);
         $_ctx->posts = $core->blog->getPosts($params);
         $_ctx->comment_preview = new ArrayObject();
         $_ctx->comment_preview['content'] = '';
         $_ctx->comment_preview['rawcontent'] = '';
         $_ctx->comment_preview['name'] = '';
         $_ctx->comment_preview['mail'] = '';
         $_ctx->comment_preview['site'] = '';
         $_ctx->comment_preview['preview'] = false;
         $_ctx->comment_preview['remember'] = false;
         $core->blog->withoutPassword(true);
         if ($_ctx->posts->isEmpty()) {
             # The specified page does not exist.
             self::p404();
         } else {
             $post_id = $_ctx->posts->post_id;
             $post_password = $_ctx->posts->post_password;
             # Password protected entry
             if ($post_password != '' && !$_ctx->preview) {
                 # Get passwords cookie
                 if (isset($_COOKIE['dc_passwd'])) {
                     $pwd_cookie = json_decode($_COOKIE['dc_passwd']);
                     if ($pwd_cookie === NULL) {
                         $pwd_cookie = array();
                     } else {
                         $pwd_cookie = (array) $pwd_cookie;
                     }
                 } else {
                     $pwd_cookie = array();
                 }
                 # Check for match
                 # Note: We must prefix post_id key with '#'' in pwd_cookie array in order to avoid integer conversion
                 # because MyArray["12345"] is treated as MyArray[12345]
                 if (!empty($_POST['password']) && $_POST['password'] == $post_password || isset($pwd_cookie['#' . $post_id]) && $pwd_cookie['#' . $post_id] == $post_password) {
                     $pwd_cookie['#' . $post_id] = $post_password;
                     setcookie('dc_passwd', json_encode($pwd_cookie), 0, '/');
                 } else {
                     self::serveDocument('password-form.html', 'text/html', false);
                     return;
                 }
             }
             $post_comment = isset($_POST['c_name']) && isset($_POST['c_mail']) && isset($_POST['c_site']) && isset($_POST['c_content']) && $_ctx->posts->commentsActive();
             # Posting a comment
             if ($post_comment) {
                 # Spam trap
                 if (!empty($_POST['f_mail'])) {
                     http::head(412, 'Precondition Failed');
                     header('Content-Type: text/plain');
                     echo "So Long, and Thanks For All the Fish";
                     # Exits immediately the application to preserve the server.
                     exit;
                 }
                 $name = $_POST['c_name'];
                 $mail = $_POST['c_mail'];
                 $site = $_POST['c_site'];
                 $content = $_POST['c_content'];
                 $preview = !empty($_POST['preview']);
                 if ($content != '') {
                     # --BEHAVIOR-- publicBeforeCommentTransform
                     $buffer = $core->callBehavior('publicBeforeCommentTransform', $content);
                     if ($buffer != '') {
                         $content = $buffer;
                     } else {
                         if ($core->blog->settings->system->wiki_comments) {
                             $core->initWikiComment();
                         } else {
                             $core->initWikiSimpleComment();
                         }
                         $content = $core->wikiTransform($content);
                     }
                     $content = $core->HTMLfilter($content);
                 }
                 $_ctx->comment_preview['content'] = $content;
                 $_ctx->comment_preview['rawcontent'] = $_POST['c_content'];
                 $_ctx->comment_preview['name'] = $name;
                 $_ctx->comment_preview['mail'] = $mail;
                 $_ctx->comment_preview['site'] = $site;
                 if ($preview) {
                     # --BEHAVIOR-- publicBeforeCommentPreview
                     $core->callBehavior('publicBeforeCommentPreview', $_ctx->comment_preview);
                     $_ctx->comment_preview['preview'] = true;
                 } else {
                     # Post the comment
                     $cur = $core->con->openCursor($core->prefix . 'comment');
                     $cur->comment_author = $name;
                     $cur->comment_site = html::clean($site);
                     $cur->comment_email = html::clean($mail);
                     $cur->comment_content = $content;
                     $cur->post_id = $_ctx->posts->post_id;
                     $cur->comment_status = $core->blog->settings->system->comments_pub ? 1 : -1;
                     $cur->comment_ip = http::realIP();
                     $redir = $_ctx->posts->getURL();
                     $redir .= $core->blog->settings->system->url_scan == 'query_string' ? '&' : '?';
                     try {
                         if (!text::isEmail($cur->comment_email)) {
                             throw new Exception(__('You must provide a valid email address.'));
                         }
                         # --BEHAVIOR-- publicBeforeCommentCreate
                         $core->callBehavior('publicBeforeCommentCreate', $cur);
                         if ($cur->post_id) {
                             $comment_id = $core->blog->addComment($cur);
                             # --BEHAVIOR-- publicAfterCommentCreate
                             $core->callBehavior('publicAfterCommentCreate', $cur, $comment_id);
                         }
                         if ($cur->comment_status == 1) {
                             $redir_arg = 'pub=1';
                         } else {
                             $redir_arg = 'pub=0';
                         }
                         header('Location: ' . $redir . $redir_arg);
                     } catch (Exception $e) {
                         $_ctx->form_error = $e->getMessage();
                         $_ctx->form_error;
                     }
                 }
             }
             # The entry
             if ($_ctx->posts->trackbacksActive()) {
                 header('X-Pingback: ' . $core->blog->url . $core->url->getURLFor("xmlrpc", $core->blog->id));
             }
             $tplset = $core->themes->moduleInfo($core->blog->settings->system->theme, 'tplset');
             if (!empty($tplset) && is_dir(dirname(__FILE__) . '/default-templates/' . $tplset)) {
                 $core->tpl->setPath($core->tpl->getPath(), dirname(__FILE__) . '/default-templates/' . $tplset);
             } else {
                 $core->tpl->setPath($core->tpl->getPath(), dirname(__FILE__) . '/default-templates/' . DC_DEFAULT_TPLSET);
             }
             self::serveDocument('page.html');
         }
     }
 }
示例#10
0
 /**
  * Ajout d'un log admin.
  *
  * @param array $aParams
  * @return boolean
  */
 public function add($aParams = array())
 {
     if (empty($aParams['user_id'])) {
         $aParams['user_id'] = $this->okt->user->infos->f('id');
     }
     if (empty($aParams['username'])) {
         $aParams['username'] = $this->okt->user->infos->f('username');
     }
     if (empty($aParams['component'])) {
         $aParams['component'] = 'core';
     }
     if (empty($aParams['ip'])) {
         $aParams['ip'] = http::realIP();
     }
     if (empty($aParams['type'])) {
         $aParams['type'] = 0;
     }
     if (empty($aParams['code'])) {
         $aParams['code'] = 0;
     }
     if (empty($aParams['message'])) {
         $aParams['message'] = '';
     }
     $query = 'INSERT INTO ' . $this->t_log . ' ( ' . 'user_id, username, ip, date, type, component, code, message ' . ' ) VALUES ( ' . (int) $aParams['user_id'] . ', ' . '\'' . $this->db->escapeStr($aParams['username']) . '\', ' . '\'' . $this->db->escapeStr($aParams['ip']) . '\', ' . 'NOW(), ' . (int) $aParams['type'] . ', ' . '\'' . $this->db->escapeStr($aParams['component']) . '\', ' . (int) $aParams['code'] . ', ' . '\'' . $this->db->escapeStr($aParams['message']) . '\' ' . '); ';
     if (!$this->db->execute($query)) {
         return false;
     }
     return true;
 }
示例#11
0
 /**
  * Perform login.
  *
  * @param string $sUsername
  * @param string $sPassword
  * @param bollean $save_pass
  * @return boolean
  */
 public function login($sUsername, $sPassword, $save_pass = false)
 {
     $sQuery = 'SELECT id, group_id, password, salt ' . 'FROM ' . $this->t_users . ' ' . 'WHERE username=\'' . $this->oDb->escapeStr($sUsername) . '\' ';
     if (($rs = $this->oDb->select($sQuery)) === false) {
         return false;
     }
     if ($rs->isEmpty()) {
         $this->oError->set(__('c_c_auth_unknown_user'));
         return false;
     }
     $sPasswordHash = $rs->password;
     if (!password::verify($sPassword, $sPasswordHash)) {
         $this->oError->set(__('c_c_auth_wrong_password'));
         return false;
     } elseif (password::needs_rehash($sPasswordHash, PASSWORD_DEFAULT)) {
         $sPasswordHash = password::hash($sPassword, PASSWORD_DEFAULT);
         $sQuery = 'UPDATE ' . $this->t_users . ' SET ' . 'password=\'' . $this->oDb->escapeStr($sPasswordHash) . '\' ' . 'WHERE id=' . $rs->id;
         if (!$this->oDb->execute($sQuery)) {
             return false;
         }
     }
     if ($rs->group_id == self::unverified_group_id) {
         $this->oError->set(__('c_c_auth_account_awaiting_validation'));
         return false;
     }
     # Remove this user's guest entry from the online list
     $sQuery = 'DELETE FROM ' . $this->t_online . ' ' . 'WHERE ident=\'' . $this->oDb->escapeStr(http::realIP()) . '\'';
     if (!$this->oDb->execute($sQuery)) {
         return false;
     }
     $iTsExpire = $save_pass ? time() + $this->iVisitRememberTime : time() + $this->iVisitTimeout;
     $this->setAuthCookie(base64_encode($rs->id . '|' . $sPasswordHash . '|' . $iTsExpire . '|' . sha1($rs->salt . $sPasswordHash . util::hash($iTsExpire, $rs->salt))), $iTsExpire);
     # log admin
     if (isset($this->okt->logAdmin)) {
         $this->okt->logAdmin->add(array('user_id' => $rs->id, 'username' => $sUsername, 'code' => 10, 'message' => __('c_c_log_admin_message_by_form')));
     }
     # -- CORE TRIGGER : userLogin
     $this->okt->triggers->callTrigger('userLogin', $this->okt, $rs);
     return true;
 }
 /**
  * Affichage de la page guestbook.
  *
  */
 public function guestbookPage()
 {
     # module actuel
     $this->okt->page->module = 'guestbook';
     $this->okt->page->action = 'list';
     # -- CORE TRIGGER : publicModuleGuestbookControllerStart
     $this->okt->triggers->callTrigger('publicModuleGuestbookControllerStart', $this->okt, $this->okt->guestbook->config->captcha);
     $aSigData = array('language' => $this->okt->user->language, 'message' => '', 'nom' => '', 'email' => '', 'url' => 'http://', 'note' => 'nc');
     # formulaire envoyé
     if (!empty($_POST['sign'])) {
         $aSigData = array('language' => isset($_POST['language']) ? $_POST['language'] : $this->okt->user->language, 'message' => isset($_POST['msg']) ? $_POST['msg'] : null, 'nom' => isset($_POST['nom']) ? $_POST['nom'] : null, 'email' => isset($_POST['email']) ? $_POST['email'] : null, 'url' => isset($_POST['url']) ? $_POST['url'] : 'http://', 'note' => isset($_POST['note']) ? $_POST['note'] : null, 'ip' => http::realIP(), 'visible' => $this->okt->guestbook->config->validation ? 0 : 1);
         $aSigData = $this->okt->guestbook->handleUserData($aSigData);
         # -- CORE TRIGGER : publicModuleGuestbookControllerFormCheckValues
         $this->okt->triggers->callTrigger('publicModuleGuestbookControllerFormCheckValues', $this->okt, $this->okt->guestbook->config->captcha);
         if (!$this->okt->error->hasError()) {
             if ($this->okt->guestbook->addSig($aSigData)) {
                 if ($this->okt->guestbook->config->emails_list != '') {
                     $oMail = new oktMail($this->okt);
                     $oMail->setFrom();
                     $oMail->message->setSubject('Nouveau message sur le livre d’or de ' . util::getSiteTitle());
                     $mail_body = 'Bonjour,' . "\n\n" . 'Un utilisateur a laissé un nouveau message ' . 'sur le livre d’or de "' . util::getSiteTitle() . '".' . "\n\n";
                     if ($this->okt->guestbook->config->validation) {
                         $mail_body .= 'Ce nouveau message peut être validé ' . 'en vous rendant sur l’administration.' . "\n\n";
                     }
                     $mail_body .= 'Cordialement' . PHP_EOL . PHP_EOL . '--' . PHP_EOL . 'Email automatique,' . PHP_EOL . 'ne repondez pas à ce message';
                     $oMail->message->setBody($mail_body);
                     $dests = array_map('trim', explode(',', $this->okt->guestbook->config->emails_list));
                     $oMail->message->setTo($dests);
                     $oMail->send();
                 }
                 http::redirect($this->okt->guestbook->config->url . '?added=1');
             }
         }
     }
     # signatures à afficher
     $aGuestbookParams = array('is_not_spam' => true, 'is_visible' => true, 'language' => $this->okt->user->language);
     # initialisation de la pagination
     $iPage = !empty($_GET['page']) ? intval($_GET['page']) : 1;
     $oGuestbookPager = new publicPager($iPage, $this->okt->guestbook->getSig($aGuestbookParams, true), $this->okt->guestbook->config->nbparpage_public);
     $iNumPages = $oGuestbookPager->getNbPages();
     # récupération des signatures
     $aGuestbookParams['limit'] = ($iPage - 1) * $this->okt->guestbook->config->nbparpage_public . ',' . $this->okt->guestbook->config->nbparpage_public;
     $signaturesList = $this->okt->guestbook->getSig($aGuestbookParams);
     $aLanguages = array();
     foreach ($this->okt->languages->list as $aLanguage) {
         if (isset($this->okt->guestbook->config->public_url[$aLanguage['code']])) {
             $aLanguages[$aLanguage['title']] = $aLanguage['code'];
         }
     }
     # formatage des données
     $num_sig = 0;
     while ($signaturesList->fetch()) {
         $signaturesList->number = ++$num_sig;
         # note
         if ($this->okt->guestbook->config->chp_note) {
             if (!is_numeric($signaturesList->note)) {
                 $signaturesList->note = 'nc';
             } else {
                 $signaturesList->note = ceil($signaturesList->note) . '/20';
             }
         } else {
             $signaturesList->note = null;
         }
     }
     # meta description
     if ($this->okt->guestbook->config->meta_description[$this->okt->user->language] != '') {
         $this->okt->page->meta_description = $this->okt->guestbook->config->meta_description[$this->okt->user->language];
     } else {
         $this->okt->page->meta_description = util::getSiteMetaDesc();
     }
     # meta keywords
     if ($this->okt->guestbook->config->meta_keywords[$this->okt->user->language] != '') {
         $this->okt->page->meta_keywords = $this->okt->guestbook->config->meta_keywords[$this->okt->user->language];
     } else {
         $this->okt->page->meta_keywords = util::getSiteMetaKeywords();
     }
     # ajout du numéro de page au title
     if ($iPage > 1) {
         $this->okt->page->addTitleTag(sprintf(__('c_c_Page_%s'), $iPage));
     }
     # title tag
     $this->okt->page->addTitleTag($this->okt->guestbook->getTitle());
     # titre de la page
     $this->okt->page->setTitle($this->okt->guestbook->getName());
     # titre SEO de la page
     $this->okt->page->setTitleSeo($this->okt->guestbook->getNameSeo());
     # fil d'ariane de la page
     if (!$this->isDefaultRoute(__CLASS__, __FUNCTION__)) {
         $this->okt->page->breadcrumb->add($this->okt->guestbook->getName(), $this->okt->guestbook->config->url);
     }
     # raccourcis
     $signaturesList->numPages = $iNumPages;
     $signaturesList->pager = $oGuestbookPager;
     # affichage du template
     echo $this->okt->tpl->render('guestbook_tpl', array('aSigData' => $aSigData, 'signaturesList' => $signaturesList, 'aLanguages' => $aLanguages));
 }