public function request()
{
if (!\fpcm\classes\baseconfig::installerEnabled()) {
die('The FanPress CM installer is not enabled!');
trigger_error('Access to disabled installer from ip address ' . \fpcm\classes\http::getIp());
return false;
}
$this->step = !is_null($this->getRequestVar('step')) ? $this->getRequestVar('step', array(9)) : 1;
$this->langCode = !is_null($this->getRequestVar('language')) ? $this->getRequestVar('language') : FPCM_DEFAULT_LANGUAGE_CODE;
$this->lang = new \fpcm\classes\language($this->langCode);
$this->view = new \fpcm\model\view\installer('main', $this->langCode);
return true;
}
/**
* Prüft ob IP-Adresse gesperrt ist
* @param string $lockType
* @return bool
*/
public function ipIsLocked($lockType = 'noaccess')
{
$delim = strpos(\fpcm\classes\http::getIp(), ':') !== false ? ':' : '.';
$ipAddress = explode($delim, \fpcm\classes\http::getIp());
$adresses = array();
$adresses[] = implode($delim, $ipAddress);
$where = array('ipaddress ' . $this->dbcon->dbLike() . ' ?');
$counts = count($ipAddress) - 1;
for ($i = $counts; $i > 0; $i--) {
$ipAddress[$i] = '*';
$adresses[] = implode($delim, $ipAddress);
$where[] = 'ipaddress ' . $this->dbcon->dbLike() . ' ?';
}
$where = "(" . implode(' OR ', $where) . ") AND {$lockType} = 1";
$result = $this->dbcon->fetch($this->dbcon->select($this->table, 'count(id) AS counted', $where, $adresses));
return $result->counted ? true : false;
}
/**
* zusätzliche Prüfungen durchführen
* @return bool
*/
public function checkExtras()
{
$cdata = \fpcm\classes\http::get('newcomment');
if ($this->maxCommentTextLinks <= preg_match_all("#(https?)://\\S+[^\\s.,>)\\];'\"!?]#", $cdata['text'])) {
return true;
}
$comment = new \fpcm\model\comments\comment();
$commentList = new \fpcm\model\comments\commentList();
$comment->setEmail($cdata['email']);
$comment->setName($cdata['name']);
$comment->setWebsite($cdata['website']);
$comment->setIpaddress(\fpcm\classes\http::getIp());
if ($commentList->spamExistsbyCommentData($comment)) {
return true;
}
return false;
}
public function request()
{
if ($this->buttonClicked('ipSave') && !$this->checkPageToken()) {
$this->view->addErrorMessage('CSRF_INVALID');
return true;
}
if ($this->buttonClicked('ipSave')) {
$this->ipaddress->setIpaddress($this->getRequestVar('ipaddress'));
$this->ipaddress->setIptime(time());
$this->ipaddress->setUserid($this->session->getUserId());
$this->ipaddress->setNoaccess($this->getRequestVar('noaccess') ? true : false);
$this->ipaddress->setNocomments($this->getRequestVar('nocomments') ? true : false);
$this->ipaddress->setNologin($this->getRequestVar('nologin') ? true : false);
if ($this->getRequestVar('ipaddress') && $this->ipaddress->save() && $this->getRequestVar('ipaddress') != \fpcm\classes\http::getIp()) {
$this->redirect('ips/list', array('added' => 1));
} else {
$this->view->addErrorMessage('SAVE_FAILED_IPADDRESS');
}
}
return true;
}
/**
* Prüft ob Kombination Benutzer und Passwort existiert
* @param string $username
* @param string $password
* @return bool Ja, wenn Benutzer + Passwort vorhanden ist
*/
public function checkUser($username, $password)
{
$userList = new \fpcm\model\users\userList();
$userid = $userList->getUserIdByUsername($username);
if (!$userid) {
trigger_error('Login failed for username ' . $username . '! User not found. Request was made by ' . \fpcm\classes\http::getIp());
return false;
}
$user = new \fpcm\model\users\author($userid);
if ($user->getDisabled()) {
trigger_error('Login failed for username ' . $username . '! User is disabled. Request was made by ' . \fpcm\classes\http::getIp());
return \fpcm\model\users\author::AUTHOR_ERROR_DISABLED;
}
if (\fpcm\classes\security::createPasswordHash($password, $user->getPasswd()) == $user->getPasswd()) {
$timer = time();
$this->login = $timer;
$this->lastaction = $timer;
$this->logout = 0;
$this->userid = $userid;
$this->sessionid = \fpcm\classes\security::createSessionId();
$this->ip = \fpcm\classes\http::getIp();
$this->sessionExists = true;
return true;
}
trigger_error('Login failed for username ' . $username . '! Wrong username or password. Request was made by ' . \fpcm\classes\http::getIp());
return false;
}
/**
* Request-Handler
* @return boolean
*/
public function request()
{
if (!$this->maintenanceMode()) {
return false;
}
$this->isUtf8 = defined('FPCM_PUB_OUTPUT_UTF8') ? FPCM_PUB_OUTPUT_UTF8 : true;
$this->crons->registerCron('postponedArticles');
if ($this->iplist->ipIsLocked()) {
$this->view->addErrorMessage('ERROR_IP_LOCKED');
$this->view->assign('showToolbars', false);
$this->view->render();
return false;
}
if (is_null($this->getRequestVar('id'))) {
$this->view->addErrorMessage('LOAD_FAILED_ARTICLE');
return true;
}
$this->articleId = $this->getRequestVar('id');
$srcData = explode('-', $this->articleId, 2);
$this->articleId = (int) $srcData[0];
$this->article = new \fpcm\model\articles\article($this->articleId);
if (!$this->article->exists()) {
$this->view->addErrorMessage('LOAD_FAILED_ARTICLE');
$this->article = false;
return true;
}
$this->cache = new \fpcm\classes\cache(\fpcm\model\articles\article::CACHE_ARTICLE_SINGLE . $this->article, \fpcm\model\articles\article::CACHE_ARTICLE_MODULE);
$this->articleTemplate = new \fpcm\model\pubtemplates\article($this->config->article_template_active);
if ($this->config->system_comments_enabled && $this->article->getComments()) {
$this->initSpamCaptcha();
$this->newComment = new \fpcm\model\comments\comment();
$this->commentTemplate = new \fpcm\model\pubtemplates\comment($this->config->comments_template_active);
$this->commentFormTemplate = new \fpcm\model\pubtemplates\commentform();
if ($this->buttonClicked('sendComment') && !is_null($this->getRequestVar('newcomment')) && !$this->iplist->ipIsLocked() && !$this->iplist->ipIsLocked('nocomments')) {
$newCommentData = $this->getRequestVar('newcomment');
$timer = time();
if ($timer <= $this->commentList->getLastCommentTimeByIP() + $this->config->comments_flood) {
$this->view->addErrorMessage('PUBLIC_FAILED_FLOOD', array('{{seconds}}' => $this->config->comments_flood));
return true;
}
if (!$this->captcha->checkAnswer()) {
$this->view->addErrorMessage('PUBLIC_FAILED_CAPTCHA');
return true;
}
if (!$newCommentData['name']) {
$this->view->addErrorMessage('PUBLIC_FAILED_NAME');
return true;
}
$newCommentData['email'] = filter_var($newCommentData['email'], FILTER_VALIDATE_EMAIL);
if ($this->config->comments_email_optional && !$newCommentData['email']) {
$this->view->addErrorMessage('PUBLIC_FAILED_EMAIL');
return true;
}
$newCommentData['website'] = filter_var($newCommentData['website'], FILTER_VALIDATE_URL);
$newCommentData['website'] = $newCommentData['website'] ? $newCommentData['website'] : '';
$this->newComment->setName($newCommentData['name']);
$this->newComment->setEmail($newCommentData['email']);
$this->newComment->setWebsite($newCommentData['website']);
$this->newComment->setText(nl2br(strip_tags($newCommentData['text'], \fpcm\model\comments\comment::COMMENT_TEXT_HTMLTAGS_CHECK)));
$this->newComment->setPrivate(isset($newCommentData['private']));
$this->newComment->setIpaddress(\fpcm\classes\http::getIp());
$this->newComment->setApproved($this->config->comments_confirm ? false : true);
$this->newComment->setArticleid($this->articleId);
$this->newComment->setCreatetime($timer);
$this->newComment->setSpammer(!$this->session->exists() && $this->captcha->checkExtras() ? true : false);
if (!$this->newComment->save()) {
$this->view->addErrorMessage('SAVE_FAILED_COMMENT');
return true;
}
$this->view->addNoticeMessage('SAVE_SUCCESS_COMMENT');
$text = $this->lang->translate('PUBLIC_COMMENT_EMAIL_TEXT', array('{{name}}' => $this->newComment->getName(), '{{email}}' => $this->newComment->getEmail(), '{{commenttext}}' => strip_tags($this->newComment->getText()), '{{articleurl}}' => $this->article->getArticleLink(), '{{systemurl}}' => \fpcm\classes\baseconfig::$rootPath));
$to = array();
if ($this->config->comments_notify != 1) {
$to[] = $this->config->system_email;
}
if ($this->config->comments_notify > 0 && !$this->session->exists()) {
$to[] = $this->userList->getEmailByUserId($this->article->getCreateuser());
}
if (!count($to) || $this->session->exists()) {
return true;
}
$email = new \fpcm\classes\email(implode(',', array_unique($to)), $this->lang->translate('PUBLIC_COMMENT_EMAIL_SUBJECT'), $text);
$email->submit();
}
}
return true;
}
/**
* Gibt Zeit zurück, wenn von der aktuellen IP der letzte Kommentar geschrieben wurde
* @return int
*/
public function getLastCommentTimeByIP()
{
$res = $this->dbcon->fetch($this->dbcon->select($this->table, 'createtime', 'ipaddress ' . $this->dbcon->dbLike() . ' ?' . $this->dbcon->orderBy(array('createtime ASC')) . $this->dbcon->limitQuery(0, 1), array(\fpcm\classes\http::getIp())));
return isset($res->createtime) ? $res->createtime : 0;
}