示例#1
0
 public function request()
 {
     if (!\fpcm\classes\baseconfig::installerEnabled()) {
         die('The FanPress CM installer is not enabled!');
         trigger_error('Access to disabled installer from ip address ' . \fpcm\classes\http::getIp());
         return false;
     }
     $this->step = !is_null($this->getRequestVar('step')) ? $this->getRequestVar('step', array(9)) : 1;
     $this->langCode = !is_null($this->getRequestVar('language')) ? $this->getRequestVar('language') : FPCM_DEFAULT_LANGUAGE_CODE;
     $this->lang = new \fpcm\classes\language($this->langCode);
     $this->view = new \fpcm\model\view\installer('main', $this->langCode);
     return true;
 }
示例#2
0
 /**
  * Prüft ob IP-Adresse gesperrt ist
  * @param string $lockType
  * @return bool
  */
 public function ipIsLocked($lockType = 'noaccess')
 {
     $delim = strpos(\fpcm\classes\http::getIp(), ':') !== false ? ':' : '.';
     $ipAddress = explode($delim, \fpcm\classes\http::getIp());
     $adresses = array();
     $adresses[] = implode($delim, $ipAddress);
     $where = array('ipaddress ' . $this->dbcon->dbLike() . ' ?');
     $counts = count($ipAddress) - 1;
     for ($i = $counts; $i > 0; $i--) {
         $ipAddress[$i] = '*';
         $adresses[] = implode($delim, $ipAddress);
         $where[] = 'ipaddress ' . $this->dbcon->dbLike() . ' ?';
     }
     $where = "(" . implode(' OR ', $where) . ") AND {$lockType} = 1";
     $result = $this->dbcon->fetch($this->dbcon->select($this->table, 'count(id) AS counted', $where, $adresses));
     return $result->counted ? true : false;
 }
示例#3
0
 /**
  * zusätzliche Prüfungen durchführen
  * @return bool
  */
 public function checkExtras()
 {
     $cdata = \fpcm\classes\http::get('newcomment');
     if ($this->maxCommentTextLinks <= preg_match_all("#(https?)://\\S+[^\\s.,>)\\];'\"!?]#", $cdata['text'])) {
         return true;
     }
     $comment = new \fpcm\model\comments\comment();
     $commentList = new \fpcm\model\comments\commentList();
     $comment->setEmail($cdata['email']);
     $comment->setName($cdata['name']);
     $comment->setWebsite($cdata['website']);
     $comment->setIpaddress(\fpcm\classes\http::getIp());
     if ($commentList->spamExistsbyCommentData($comment)) {
         return true;
     }
     return false;
 }
示例#4
0
 public function request()
 {
     if ($this->buttonClicked('ipSave') && !$this->checkPageToken()) {
         $this->view->addErrorMessage('CSRF_INVALID');
         return true;
     }
     if ($this->buttonClicked('ipSave')) {
         $this->ipaddress->setIpaddress($this->getRequestVar('ipaddress'));
         $this->ipaddress->setIptime(time());
         $this->ipaddress->setUserid($this->session->getUserId());
         $this->ipaddress->setNoaccess($this->getRequestVar('noaccess') ? true : false);
         $this->ipaddress->setNocomments($this->getRequestVar('nocomments') ? true : false);
         $this->ipaddress->setNologin($this->getRequestVar('nologin') ? true : false);
         if ($this->getRequestVar('ipaddress') && $this->ipaddress->save() && $this->getRequestVar('ipaddress') != \fpcm\classes\http::getIp()) {
             $this->redirect('ips/list', array('added' => 1));
         } else {
             $this->view->addErrorMessage('SAVE_FAILED_IPADDRESS');
         }
     }
     return true;
 }
示例#5
0
 /**
  * Prüft ob Kombination Benutzer und Passwort existiert
  * @param string $username
  * @param string $password
  * @return bool Ja, wenn Benutzer + Passwort vorhanden ist
  */
 public function checkUser($username, $password)
 {
     $userList = new \fpcm\model\users\userList();
     $userid = $userList->getUserIdByUsername($username);
     if (!$userid) {
         trigger_error('Login failed for username ' . $username . '! User not found. Request was made by ' . \fpcm\classes\http::getIp());
         return false;
     }
     $user = new \fpcm\model\users\author($userid);
     if ($user->getDisabled()) {
         trigger_error('Login failed for username ' . $username . '! User is disabled. Request was made by ' . \fpcm\classes\http::getIp());
         return \fpcm\model\users\author::AUTHOR_ERROR_DISABLED;
     }
     if (\fpcm\classes\security::createPasswordHash($password, $user->getPasswd()) == $user->getPasswd()) {
         $timer = time();
         $this->login = $timer;
         $this->lastaction = $timer;
         $this->logout = 0;
         $this->userid = $userid;
         $this->sessionid = \fpcm\classes\security::createSessionId();
         $this->ip = \fpcm\classes\http::getIp();
         $this->sessionExists = true;
         return true;
     }
     trigger_error('Login failed for username ' . $username . '! Wrong username or password. Request was made by ' . \fpcm\classes\http::getIp());
     return false;
 }
示例#6
0
 /**
  * Request-Handler
  * @return boolean
  */
 public function request()
 {
     if (!$this->maintenanceMode()) {
         return false;
     }
     $this->isUtf8 = defined('FPCM_PUB_OUTPUT_UTF8') ? FPCM_PUB_OUTPUT_UTF8 : true;
     $this->crons->registerCron('postponedArticles');
     if ($this->iplist->ipIsLocked()) {
         $this->view->addErrorMessage('ERROR_IP_LOCKED');
         $this->view->assign('showToolbars', false);
         $this->view->render();
         return false;
     }
     if (is_null($this->getRequestVar('id'))) {
         $this->view->addErrorMessage('LOAD_FAILED_ARTICLE');
         return true;
     }
     $this->articleId = $this->getRequestVar('id');
     $srcData = explode('-', $this->articleId, 2);
     $this->articleId = (int) $srcData[0];
     $this->article = new \fpcm\model\articles\article($this->articleId);
     if (!$this->article->exists()) {
         $this->view->addErrorMessage('LOAD_FAILED_ARTICLE');
         $this->article = false;
         return true;
     }
     $this->cache = new \fpcm\classes\cache(\fpcm\model\articles\article::CACHE_ARTICLE_SINGLE . $this->article, \fpcm\model\articles\article::CACHE_ARTICLE_MODULE);
     $this->articleTemplate = new \fpcm\model\pubtemplates\article($this->config->article_template_active);
     if ($this->config->system_comments_enabled && $this->article->getComments()) {
         $this->initSpamCaptcha();
         $this->newComment = new \fpcm\model\comments\comment();
         $this->commentTemplate = new \fpcm\model\pubtemplates\comment($this->config->comments_template_active);
         $this->commentFormTemplate = new \fpcm\model\pubtemplates\commentform();
         if ($this->buttonClicked('sendComment') && !is_null($this->getRequestVar('newcomment')) && !$this->iplist->ipIsLocked() && !$this->iplist->ipIsLocked('nocomments')) {
             $newCommentData = $this->getRequestVar('newcomment');
             $timer = time();
             if ($timer <= $this->commentList->getLastCommentTimeByIP() + $this->config->comments_flood) {
                 $this->view->addErrorMessage('PUBLIC_FAILED_FLOOD', array('{{seconds}}' => $this->config->comments_flood));
                 return true;
             }
             if (!$this->captcha->checkAnswer()) {
                 $this->view->addErrorMessage('PUBLIC_FAILED_CAPTCHA');
                 return true;
             }
             if (!$newCommentData['name']) {
                 $this->view->addErrorMessage('PUBLIC_FAILED_NAME');
                 return true;
             }
             $newCommentData['email'] = filter_var($newCommentData['email'], FILTER_VALIDATE_EMAIL);
             if ($this->config->comments_email_optional && !$newCommentData['email']) {
                 $this->view->addErrorMessage('PUBLIC_FAILED_EMAIL');
                 return true;
             }
             $newCommentData['website'] = filter_var($newCommentData['website'], FILTER_VALIDATE_URL);
             $newCommentData['website'] = $newCommentData['website'] ? $newCommentData['website'] : '';
             $this->newComment->setName($newCommentData['name']);
             $this->newComment->setEmail($newCommentData['email']);
             $this->newComment->setWebsite($newCommentData['website']);
             $this->newComment->setText(nl2br(strip_tags($newCommentData['text'], \fpcm\model\comments\comment::COMMENT_TEXT_HTMLTAGS_CHECK)));
             $this->newComment->setPrivate(isset($newCommentData['private']));
             $this->newComment->setIpaddress(\fpcm\classes\http::getIp());
             $this->newComment->setApproved($this->config->comments_confirm ? false : true);
             $this->newComment->setArticleid($this->articleId);
             $this->newComment->setCreatetime($timer);
             $this->newComment->setSpammer(!$this->session->exists() && $this->captcha->checkExtras() ? true : false);
             if (!$this->newComment->save()) {
                 $this->view->addErrorMessage('SAVE_FAILED_COMMENT');
                 return true;
             }
             $this->view->addNoticeMessage('SAVE_SUCCESS_COMMENT');
             $text = $this->lang->translate('PUBLIC_COMMENT_EMAIL_TEXT', array('{{name}}' => $this->newComment->getName(), '{{email}}' => $this->newComment->getEmail(), '{{commenttext}}' => strip_tags($this->newComment->getText()), '{{articleurl}}' => $this->article->getArticleLink(), '{{systemurl}}' => \fpcm\classes\baseconfig::$rootPath));
             $to = array();
             if ($this->config->comments_notify != 1) {
                 $to[] = $this->config->system_email;
             }
             if ($this->config->comments_notify > 0 && !$this->session->exists()) {
                 $to[] = $this->userList->getEmailByUserId($this->article->getCreateuser());
             }
             if (!count($to) || $this->session->exists()) {
                 return true;
             }
             $email = new \fpcm\classes\email(implode(',', array_unique($to)), $this->lang->translate('PUBLIC_COMMENT_EMAIL_SUBJECT'), $text);
             $email->submit();
         }
     }
     return true;
 }
示例#7
0
 /**
  * Gibt Zeit zurück, wenn von der aktuellen IP der letzte Kommentar geschrieben wurde
  * @return int
  */
 public function getLastCommentTimeByIP()
 {
     $res = $this->dbcon->fetch($this->dbcon->select($this->table, 'createtime', 'ipaddress ' . $this->dbcon->dbLike() . ' ?' . $this->dbcon->orderBy(array('createtime ASC')) . $this->dbcon->limitQuery(0, 1), array(\fpcm\classes\http::getIp())));
     return isset($res->createtime) ? $res->createtime : 0;
 }