function print_fact(WT_Fact $fact, WT_GedcomRecord $record) { global $HIDE_GEDCOM_ERRORS, $SHOW_FACT_ICONS; static $n_chil = 0, $n_gchi = 0; $parent = $fact->getParent(); // Some facts don't get printed here ... switch ($fact->getTag()) { case 'NOTE': print_main_notes($fact, 1); return; case 'SOUR': print_main_sources($fact, 1); return; case 'OBJE': print_main_media($fact, 1); return; case 'FAMC': case 'FAMS': case 'CHIL': case 'HUSB': case 'WIFE': // These are internal links, not facts return; case '_WT_OBJE_SORT': // These links are used internally to record the sort order. return; default: // Hide unrecognized/custom tags? if ($HIDE_GEDCOM_ERRORS && !WT_Gedcom_Tag::isTag($fact->getTag())) { return; } break; } // Who is this fact about? Need it to translate fact label correctly if ($parent instanceof WT_Family && $record instanceof WT_Individual) { // Family event $label_person = $fact->getParent()->getSpouse($record); } else { // Individual event $label_person = $parent; } // New or deleted facts need different styling $styleadd = ''; if ($fact->isNew()) { $styleadd = 'new'; } if ($fact->isOld()) { $styleadd = 'old'; } // Event of close relative if (preg_match('/^_[A-Z_]{3,5}_[A-Z0-9]{4}$/', $fact->getTag())) { $styleadd = trim($styleadd . ' rela'); } // Event of close associates if ($fact->getFactId() == 'asso') { $styleadd = trim($styleadd . ' rela'); } // historical facts if ($fact->getFactId() == 'histo') { $styleadd = trim($styleadd . ' histo'); } // Does this fact have a type? if (preg_match('/\\n2 TYPE (.+)/', $fact->getGedcom(), $match)) { $type = $match[1]; } else { $type = ''; } switch ($fact->getTag()) { case 'EVEN': case 'FACT': if (WT_Gedcom_Tag::isTag($type)) { // Some users (just Meliza?) use "1 EVEN/2 TYPE BIRT". Translate the TYPE. $label = WT_Gedcom_Tag::getLabel($type, $label_person); $type = ''; // Do not print this again } elseif ($type) { // We don't have a translation for $type - but a custom translation might exist. $label = WT_I18N::translate(WT_Filter::escapeHtml($type)); $type = ''; // Do not print this again } else { // An unspecified fact/event $label = $fact->getLabel(); } break; case 'MARR': // This is a hack for a proprietory extension. Is it still used/needed? $utype = strtoupper($type); if ($utype == 'CIVIL' || $utype == 'PARTNERS' || $utype == 'RELIGIOUS') { $label = WT_Gedcom_Tag::getLabel('MARR_' . $utype, $label_person); $type = ''; // Do not print this again } else { $label = $fact->getLabel(); } break; default: // Normal fact/event $label = $fact->getLabel(); break; } echo '<tr class="', $styleadd, '">'; echo '<td class="descriptionbox width20">'; if ($SHOW_FACT_ICONS) { echo $fact->Icon(), ' '; } if ($fact->getFactId() != 'histo' && $fact->canEdit()) { ?> <a href="#" title="<?php echo WT_I18N::translate('Edit'); ?> " onclick="return edit_record('<?php echo $parent->getXref(); ?> ', '<?php echo $fact->getFactId(); ?> ');" ><?php echo $label; ?> </a> <div class="editfacts"> <div class="editlink"> <a href="#" title="<?php echo WT_I18N::translate('Edit'); ?> " class="editicon" onclick="return edit_record('<?php echo $parent->getXref(); ?> ', '<?php echo $fact->getFactId(); ?> ');" ><span class="link_text"><?php echo WT_I18N::translate('Edit'); ?> </span></a> </div> <div class="copylink"> <a href="#" title="<?php echo WT_I18N::translate('Copy'); ?> " class="copyicon" onclick="return copy_fact('<?php echo $parent->getXref(); ?> ', '<?php echo $fact->getFactId(); ?> ');" ><span class="link_text"><?php echo WT_I18N::translate('Copy'); ?> </span></a> </div> <div class="deletelink"> <a href="#" title="<?php echo WT_I18N::translate('Delete'); ?> " class="deleteicon" onclick="return delete_fact('<?php echo WT_I18N::translate('Are you sure you want to delete this fact?'); ?> ', '<?php echo $parent->getXref(); ?> ', '<?php echo $fact->getFactId(); ?> ');" ><span class="link_text"><?php echo WT_I18N::translate('Delete'); ?> </span></a> </div> </div> <?php } else { echo $label; } switch ($fact->getTag()) { case '_BIRT_CHIL': echo '<br>', WT_I18N::translate('#%s', ++$n_chil); break; case '_BIRT_GCHI': case '_BIRT_GCH1': case '_BIRT_GCH2': echo '<br>', WT_I18N::translate('#%s', ++$n_gchi); break; } echo '</td><td class="optionbox ', $styleadd, ' wrap">'; // Event from another record? if ($parent !== $record) { if ($parent instanceof WT_Family) { foreach ($parent->getSpouses() as $spouse) { if ($record !== $spouse) { echo '<a href="', $spouse->getHtmlUrl(), '">', $spouse->getFullName(), '</a> — '; } } echo '<a href="', $parent->getHtmlUrl(), '">', WT_I18N::translate('View family'), '</a><br>'; } elseif ($parent instanceof WT_Individual) { echo '<a href="', $parent->getHtmlUrl(), '">', $parent->getFullName(), '</a><br>'; } } // Print the value of this fact/event switch ($fact->getTag()) { case 'ADDR': echo $fact->getValue(); break; case 'AFN': echo '<div class="field"><a href="https://familysearch.org/search/tree/results#count=20&query=afn:', rawurlencode($fact->getValue()), '" target="new">', WT_Filter::escapeHtml($fact->getValue()), '</a></div>'; break; case 'ASSO': // we handle this later, in format_asso_rela_record() break; case 'EMAIL': case 'EMAI': case '_EMAIL': echo '<div class="field"><a href="mailto:', WT_Filter::escapeHtml($fact->getValue()), '">', WT_Filter::escapeHtml($fact->getValue()), '</a></div>'; break; case 'FILE': if (WT_USER_CAN_EDIT || WT_USER_CAN_ACCEPT) { echo '<div class="field">', WT_Filter::escapeHtml($fact->getValue()), '</div>'; } break; case 'RESN': echo '<div class="field">'; switch ($fact->getValue()) { case 'none': // Note: "1 RESN none" is not valid gedcom. // However, webtrees privacy rules will interpret it as "show an otherwise private record to public". echo '<i class="icon-resn-none"></i> ', WT_I18N::translate('Show to visitors'); break; case 'privacy': echo '<i class="icon-class-none"></i> ', WT_I18N::translate('Show to members'); break; case 'confidential': echo '<i class="icon-confidential-none"></i> ', WT_I18N::translate('Show to managers'); break; case 'locked': echo '<i class="icon-locked-none"></i> ', WT_I18N::translate('Only managers can edit'); break; default: echo WT_Filter::escapeHtml($fact->getValue()); break; } echo '</div>'; break; case 'PUBL': // Publication details might contain URLs. echo '<div class="field">', WT_Filter::expandUrls($fact->getValue()), '</div>'; break; case 'REPO': if (preg_match('/^@(' . WT_REGEX_XREF . ')@$/', $fact->getValue(), $match)) { print_repository_record($match[1]); } else { echo '<div class="error">', WT_Filter::escapeHtml($fact->getValue()), '</div>'; } break; case 'URL': case '_URL': case 'WWW': echo '<div class="field"><a href="', WT_Filter::escapeHtml($fact->getValue()), '">', WT_Filter::escapeHtml($fact->getValue()), '</a></div>'; break; case 'TEXT': // 0 SOUR / 1 TEXT echo '<div class="field">', nl2br(WT_Filter::escapeHtml($fact->getValue()), false), '</div>'; break; default: // Display the value for all other facts/events switch ($fact->getValue()) { case '': // Nothing to display break; case 'N': // Not valid GEDCOM echo '<div class="field">', WT_I18N::translate('No'), '</div>'; break; case 'Y': // Do not display "Yes". break; default: if (preg_match('/^@(' . WT_REGEX_XREF . ')@$/', $fact->getValue(), $match)) { $target = WT_GedcomRecord::getInstance($match[1]); if ($target) { echo '<div><a href="', $target->getHtmlUrl(), '">', $target->getFullName(), '</a></div>'; } else { echo '<div class="error">', WT_Filter::escapeHtml($fact->getValue()), '</div>'; } } else { echo '<div class="field"><span dir="auto">', WT_Filter::escapeHtml($fact->getValue()), '</span></div>'; } break; } break; } // Print the type of this fact/event if ($type) { $utype = strtoupper($type); // Events of close relatives, e.g. _MARR_CHIL if (substr($fact->getTag(), 0, 6) == '_MARR_' && ($utype == 'CIVIL' || $utype == 'PARTNERS' || $utype == 'RELIGIOUS')) { // Translate MARR/TYPE using the code that supports MARR_CIVIL, etc. tags $type = WT_Gedcom_Tag::getLabel('MARR_' . $utype); } else { // Allow (custom) translations for other types $type = WT_I18N::translate($type); } echo WT_Gedcom_Tag::getLabelValue('TYPE', WT_Filter::escapeHtml($type)); } // Print the date of this fact/event echo format_fact_date($fact, $record, true, true); // Print the place of this fact/event echo '<div class="place">', format_fact_place($fact, true, true, true), '</div>'; // A blank line between the primary attributes (value, date, place) and the secondary ones echo '<br>'; $addr = $fact->getAttribute('ADDR'); if ($addr) { echo WT_Gedcom_Tag::getLabelValue('ADDR', $addr); } // Print the associates of this fact/event echo format_asso_rela_record($fact); // Print any other "2 XXXX" attributes, in the order in which they appear. preg_match_all('/\\n2 (' . WT_REGEX_TAG . ') (.+)/', $fact->getGedcom(), $matches, PREG_SET_ORDER); foreach ($matches as $match) { switch ($match[1]) { case 'DATE': case 'TIME': case 'AGE': case 'PLAC': case 'ADDR': case 'ALIA': case 'ASSO': case '_ASSO': case 'DESC': case 'RELA': case 'STAT': case 'TEMP': case 'TYPE': case 'FAMS': case 'CONT': // These were already shown at the beginning break; case 'NOTE': case 'OBJE': case 'SOUR': // These will be shown at the end break; case 'EVEN': // 0 SOUR / 1 DATA / 2 EVEN / 3 DATE / 3 PLAC $events = array(); foreach (preg_split('/ *, */', $match[2]) as $event) { $events[] = WT_Gedcom_Tag::getLabel($event); } if (count($events) == 1) { echo WT_Gedcom_Tag::getLabelValue('EVEN', $event); } else { echo WT_Gedcom_Tag::getLabelValue('EVEN', implode(WT_I18N::$list_separator, $events)); } if (preg_match('/\\n3 DATE (.+)/', $fact->getGedcom(), $date_match)) { $date = new WT_Date($date_match[1]); echo WT_Gedcom_Tag::getLabelValue('DATE', $date->Display()); } if (preg_match('/\\n3 PLAC (.+)/', $fact->getGedcom(), $plac_match)) { echo WT_Gedcom_Tag::getLabelValue('PLAC', $plac_match[1]); } break; case 'FAMC': // 0 INDI / 1 ADOP / 2 FAMC / 3 ADOP $family = WT_Family::getInstance(str_replace('@', '', $match[2])); if ($family) { // May be a pointer to a non-existant record echo WT_Gedcom_Tag::getLabelValue('FAM', '<a href="' . $family->getHtmlUrl() . '">' . $family->getFullName() . '</a>'); if (preg_match('/\\n3 ADOP (HUSB|WIFE|BOTH)/', $fact->getGedcom(), $match)) { echo WT_Gedcom_Tag::getLabelValue('ADOP', WT_Gedcom_Code_Adop::getValue($match[1], $label_person)); } } else { echo WT_Gedcom_Tag::getLabelValue('FAM', '<span class="error">' . $match[2] . '</span>'); } break; case '_WT_USER': $user = User::findByIdentifier($match[2]); // may not exist if ($user) { echo WT_Gedcom_Tag::getLabelValue('_WT_USER', WT_Filter::escapeHtml($user->getRealName())); } else { echo WT_Gedcom_Tag::getLabelValue('_WT_USER', WT_Filter::escapeHtml($match[2])); } break; case 'RESN': switch ($match[2]) { case 'none': // Note: "2 RESN none" is not valid gedcom. // However, webtrees privacy rules will interpret it as "show an otherwise private fact to public". echo WT_Gedcom_Tag::getLabelValue('RESN', '<i class="icon-resn-none"></i> ' . WT_I18N::translate('Show to visitors')); break; case 'privacy': echo WT_Gedcom_Tag::getLabelValue('RESN', '<i class="icon-resn-privacy"></i> ' . WT_I18N::translate('Show to members')); break; case 'confidential': echo WT_Gedcom_Tag::getLabelValue('RESN', '<i class="icon-resn-confidential"></i> ' . WT_I18N::translate('Show to managers')); break; case 'locked': echo WT_Gedcom_Tag::getLabelValue('RESN', '<i class="icon-resn-locked"></i> ' . WT_I18N::translate('Only managers can edit')); break; default: echo WT_Gedcom_Tag::getLabelValue('RESN', WT_Filter::escapeHtml($match[2])); break; } break; case 'CALN': echo WT_Gedcom_Tag::getLabelValue('CALN', WT_Filter::expandUrls($match[2])); break; case 'FORM': // 0 OBJE / 1 FILE / 2 FORM / 3 TYPE echo WT_Gedcom_Tag::getLabelValue('FORM', $match[2]); if (preg_match('/\\n3 TYPE (.+)/', $fact->getGedcom(), $type_match)) { echo WT_Gedcom_Tag::getLabelValue('TYPE', WT_Gedcom_Tag::getFileFormTypeValue($type_match[1])); } break; case 'URL': case '_URL': case 'WWW': $link = '<a href="' . WT_Filter::escapeHtml($match[2]) . '">' . WT_Filter::escapeHtml($match[2]) . '</a>'; echo WT_Gedcom_Tag::getLabelValue($fact->getTag() . ':' . $match[1], $link); break; default: if (!$HIDE_GEDCOM_ERRORS || WT_Gedcom_Tag::isTag($match[1])) { if (preg_match('/^@(' . WT_REGEX_XREF . ')@$/', $match[2], $xmatch)) { // Links $linked_record = WT_GedcomRecord::getInstance($xmatch[1]); if ($linked_record) { $link = '<a href="' . $linked_record->getHtmlUrl() . '">' . $linked_record->getFullName() . '</a>'; echo WT_Gedcom_Tag::getLabelValue($fact->getTag() . ':' . $match[1], $link); } else { echo WT_Gedcom_Tag::getLabelValue($fact->getTag() . ':' . $match[1], WT_Filter::escapeHtml($match[2])); } } else { // Non links echo WT_Gedcom_Tag::getLabelValue($fact->getTag() . ':' . $match[1], WT_Filter::escapeHtml($match[2])); } } break; } } echo print_fact_sources($fact->getGedcom(), 2); echo print_fact_notes($fact->getGedcom(), 2); print_media_links($fact->getGedcom(), 2); echo '</td></tr>'; }
} echo '</dl>'; // Column One - details echo '<div id="access">', '<h2>', WT_I18N::translate('Family tree access and settings'), '</h2>', '<table><tr>', '<th>', WT_I18N::translate('Family tree'), '</th>', '<th>', WT_I18N::translate('Default individual'), help_link('default_individual'), '</th>', '<th>', WT_I18N::translate('Individual record'), help_link('useradmin_gedcomid'), '</th>', '<th>', WT_I18N::translate('Role'), help_link('role'), '</th>', '<th>', WT_I18N::translate('Restrict to immediate family'), help_link('RELATIONSHIP_PATH_LENGTH'), '</th>', '</tr>'; foreach (WT_Tree::getAll() as $tree) { echo '<tr><td>', $tree->tree_title_html, '</td><td>', edit_field_inline('user_gedcom_setting-' . $user_id . '-' . $tree->tree_id . '-rootid', $tree->userPreference($user_id, 'rootid')), '</td><td>', edit_field_inline('user_gedcom_setting-' . $user_id . '-' . $tree->tree_id . '-gedcomid', $tree->userPreference($user_id, 'gedcomid')), '</td><td>', select_edit_control_inline('user_gedcom_setting-' . $user_id . '-' . $tree->tree_id . '-canedit', $ALL_EDIT_OPTIONS, null, $tree->userPreference($user_id, 'canedit')), '</td><td>', select_edit_control_inline('user_gedcom_setting-' . $user_id . '-' . $tree->tree_id . '-RELATIONSHIP_PATH_LENGTH', array(0 => WT_I18N::translate('no'), 1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10), null, $tree->userPreference($user_id, 'RELATIONSHIP_PATH_LENGTH')), '</td></tr>'; } echo '</table>'; exit; case 'createuser': if (!WT_Filter::checkCsrf()) { $action = 'createform'; } elseif (User::findByIdentifier($username)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); $action = 'createform'; } elseif (User::findByIdentifier($emailaddress)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.')); $action = 'createform'; } elseif ($pass1 != $pass2) { WT_FlashMessages::addMessage(WT_I18N::translate('Passwords do not match.')); $action = 'createform'; } else { $user = User::create($username, $realname, $emailaddress, $pass1); $user->setSetting('reg_timestamp', date('U'))->setSetting('sessiontime', '0')->setSetting('theme', $user_theme)->setSetting('language', $user_language)->setSetting('contactmethod', $new_contact_method)->setSetting('comment', $new_comment)->setSetting('auto_accept', $new_auto_accept)->setSetting('canadmin', $canadmin)->setSetting('visibleonline', $visibleonline)->setSetting('editaccount', $editaccount)->setSetting('verified', $verified)->setSetting('verified_by_admin', $verified_by_admin); foreach (WT_Tree::getAll() as $tree) { $tree->userPreference($user->getUserId(), 'gedcomid', WT_Filter::post('gedcomid' . $tree->tree_id, WT_REGEX_XREF)); $tree->userPreference($user->getUserId(), 'rootid', WT_Filter::post('rootid' . $tree->tree_id, WT_REGEX_XREF)); $tree->userPreference($user->getUserId(), 'canedit', WT_Filter::post('canedit' . $tree->tree_id, implode('|', array_keys($ALL_EDIT_OPTIONS)))); if (WT_Filter::post('gedcomid' . $tree->tree_id, WT_REGEX_XREF)) { $tree->userPreference($user->getUserId(), 'RELATIONSHIP_PATH_LENGTH', WT_Filter::postInteger('RELATIONSHIP_PATH_LENGTH' . $tree->tree_id, 0, 10, 0)); } else {
function addMessage($message) { global $WT_TREE, $WT_REQUEST; $success = true; $sender = User::findByIdentifier($message['from']); $recipient = User::findByIdentifier($message['to']); // Sender may not be a webtrees user if ($sender) { $sender_email = $sender->getEmail(); $sender_real_name = $sender->getRealName(); } else { $sender_email = $message['from']; $sender_real_name = $message['from_name']; } // Send a copy of the copy message back to the sender. if ($message['method'] != 'messaging') { // Switch to the sender’s language. if ($sender) { WT_I18N::init($sender->getSetting('language')); } $copy_email = $message['body']; if (!empty($message['url'])) { $copy_email .= WT_Mail::EOL . WT_Mail::EOL . '--------------------------------------' . WT_Mail::EOL . WT_I18N::translate('This message was sent while viewing the following URL: ') . $message['url'] . WT_Mail::EOL; } $copy_email .= WT_Mail::auditFooter(); if ($sender) { // Message from a logged-in user $copy_email = WT_I18N::translate('You sent the following message to a webtrees user:'******' ' . $recipient->getRealName() . WT_Mail::EOL . WT_Mail::EOL . $copy_email; } else { // Message from a visitor $copy_email = WT_I18N::translate('You sent the following message to a webtrees administrator:') . WT_Mail::EOL . WT_Mail::EOL . WT_Mail::EOL . $copy_email; } $success = $success && WT_Mail::send($WT_TREE, $sender_email, $sender_real_name, WT_Site::preference('SMTP_FROM_NAME'), $WT_TREE->preference('title'), WT_I18N::translate('webtrees message') . ' - ' . $message['subject'], $copy_email); } // Switch to the recipient’s language. WT_I18N::init($recipient->getSetting('language')); if (isset($message['from_name'])) { $message['body'] = WT_I18N::translate('Your name:') . ' ' . $message['from_name'] . WT_Mail::EOL . WT_I18N::translate('Email address:') . ' ' . $message['from_email'] . WT_Mail::EOL . WT_Mail::EOL . $message['body']; } // Add another footer - unless we are an admin if (!Auth::isAdmin()) { if (!empty($message['url'])) { $message['body'] .= WT_Mail::EOL . WT_Mail::EOL . '--------------------------------------' . WT_Mail::EOL . WT_I18N::translate('This message was sent while viewing the following URL: ') . $message['url'] . WT_Mail::EOL; } $message['body'] .= WT_Mail::auditFooter(); } if (empty($message['created'])) { $message['created'] = gmdate("D, d M Y H:i:s T"); } if ($message['method'] != 'messaging3' && $message['method'] != 'mailto' && $message['method'] != 'none') { WT_DB::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")->execute(array($message['from'], $WT_REQUEST->getClientIp(), $recipient->getUserId(), $message['subject'], str_replace('<br>', '', $message['body']))); } if ($message['method'] != 'messaging') { if ($sender) { $original_email = WT_I18N::translate('The following message has been sent to your webtrees user account from '); $original_email .= $sender->getRealName(); } else { $original_email = WT_I18N::translate('The following message has been sent to your webtrees user account from '); if (!empty($message['from_name'])) { $original_email .= $message['from_name']; } else { $original_email .= $message['from']; } } $original_email .= WT_Mail::EOL . WT_Mail::EOL . $message['body']; $success = $success && WT_Mail::send($WT_TREE, $recipient->getEmail(), $recipient->getRealName(), $sender_email, $sender_real_name, WT_I18N::translate('webtrees message') . ' - ' . $message['subject'], $original_email); } WT_I18N::init(WT_LOCALE); // restore language settings if needed return $success; }
/** * Create a new user. * * The calling code needs to check for duplicates identifiers before calling * this function. * * @param string $user_name * @param string $real_name * @param string $email * @param string $password * * @return User */ public static function create($user_name, $real_name, $email, $password) { WT_DB::prepare("INSERT INTO `##user` (user_name, real_name, email, password) VALUES (?, ?, ?, ?)")->execute(array($user_name, $real_name, $email, password_hash($password, PASSWORD_DEFAULT))); return User::findByIdentifier($user_name); }
case 'themes/simplygreen/': case 'themes/simplyred/': $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'THEME_DIR', 'colors')); break; case 'themes/xenea/': $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'THEME_DIR', 'xenea')); break; default: $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'THEME_DIR', 'webtrees')); break; } $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'THUMBNAIL_WIDTH', $THUMBNAIL_WIDTH)); $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'USE_RELATIONSHIP_PRIVACY', $USE_RELATIONSHIP_PRIVACY)); $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'USE_RIN', $USE_RIN)); $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'WATERMARK_THUMB', $WATERMARK_THUMB)); @$stmt_gedcom_setting->execute(array($GED_DATA['id'], 'WEBMASTER_USER_ID', User::findByIdentifier($WEBMASTER_EMAIL)->getUserId())); $stmt_gedcom_setting->execute(array($GED_DATA['id'], 'WORD_WRAPPED_NOTES', $WORD_WRAPPED_NOTES)); } WT_DB::prepare("DELETE FROM `##gedcom_setting` WHERE setting_name in ('config', 'privacy', 'path', 'pgv_ver', 'imported')")->execute(); // webtrees 1.0.5 combines user and gedcom settings for relationship privacy // into a combined user-gedcom setting, for more granular control WT_DB::exec("INSERT IGNORE INTO `##user_gedcom_setting` (user_id, gedcom_id, setting_name, setting_value)" . " SELECT u.user_id, g.gedcom_id, 'RELATIONSHIP_PATH_LENGTH', LEAST(us1.setting_value, gs1.setting_value)" . " FROM `##user` u" . " CROSS JOIN `##gedcom` g" . " LEFT JOIN `##user_setting` us1 ON (u.user_id =us1.user_id AND us1.setting_name='max_relation_path')" . " LEFT JOIN `##user_setting` us2 ON (u.user_id =us2.user_id AND us2.setting_name='relationship_privacy')" . " LEFT JOIN `##gedcom_setting` gs1 ON (g.gedcom_id=gs1.gedcom_id AND gs1.setting_name='MAX_RELATION_PATH_LENGTH')" . " LEFT JOIN `##gedcom_setting` gs2 ON (g.gedcom_id=gs2.gedcom_id AND gs2.setting_name='USE_RELATIONSHIP_PRIVACY')" . " WHERE us2.setting_value AND gs2.setting_value"); WT_DB::exec("DELETE FROM `##gedcom_setting` WHERE setting_name IN ('MAX_RELATION_PATH_LENGTH', 'USE_RELATIONSHIP_PRIVACY')"); WT_DB::exec("DELETE FROM `##user_setting` WHERE setting_name IN ('relationship_privacy', 'max_relation_path_length')"); //////////////////////////////////////////////////////////////////////////////// // The PGV blocks don't migrate easily. // Just give everybody and every tree default blocks //////////////////////////////////////////////////////////////////////////////// WT_DB::prepare("INSERT INTO `##block` (user_id, location, block_order, module_name)" . " SELECT `##user`.user_id, location, block_order, module_name" . " FROM `##block`" . " JOIN `##user`" . " WHERE `##block`.user_id = -1" . " AND `##user`.user_id > 0")->execute(); WT_DB::prepare("INSERT INTO `##block` (gedcom_id, location, block_order, module_name)" . " SELECT `##gedcom`.gedcom_id, location, block_order, module_name" . " FROM `##block`" . " JOIN `##gedcom`" . " WHERE `##block`.gedcom_id = -1" . " AND `##gedcom`.gedcom_id > 0")->execute(); ////////////////////////////////////////////////////////////////////////////////
</div> <div> <input type="submit" value="', WT_I18N::translate('Send'), '"> </div> </form> </div>'; break; case 'verify_hash': if (!WT_Site::preference('USE_REGISTRATION_MODULE')) { header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH); exit; } // switch language to webmaster settings $webmaster = User::find(get_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID')); WT_I18N::init($webmaster->getSetting('language')); $user = User::findByIdentifier($user_name); $mail1_body = WT_I18N::translate('Hello administrator…') . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealName(), $user->getUserName(), $user->getEmail()) . WT_Mail::EOL . WT_Mail::EOL; if ($REQUIRE_ADMIN_AUTH_REGISTRATION && !$user->getSetting('verified_by_admin')) { $mail1_body .= WT_I18N::translate('You now need to review the account details, and set the “approved” status to “yes”.'); } else { $mail1_body .= WT_I18N::translate('You do not have to take any action; the user can now login.'); } $mail1_body .= WT_Mail::EOL . '<a href="' . WT_SERVER_NAME . WT_SCRIPT_PATH . "admin_users.php?filter=" . rawurlencode($user->getUserName()) . '">' . WT_SERVER_NAME . WT_SCRIPT_PATH . "admin_users.php?filter=" . rawurlencode($user->getUserName()) . '</a>' . WT_Mail::auditFooter(); $mail1_subject = WT_I18N::translate('New user at %s', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title); // Change to the new user’s language WT_I18N::init($user->getSetting('language')); $controller->setPageTitle(WT_I18N::translate('User verification')); $controller->pageHeader(); echo '<div id="login-register-page">'; echo '<h2>' . WT_I18N::translate('User verification') . '</h2>'; echo '<div id="user-verify">';
$form_action = WT_Filter::post('form_action'); $form_username = WT_Filter::post('form_username'); $form_realname = WT_Filter::post('form_realname'); $form_pass1 = WT_Filter::post('form_pass1', WT_REGEX_PASSWORD); $form_pass2 = WT_Filter::post('form_pass2', WT_REGEX_PASSWORD); $form_email = WT_Filter::postEmail('form_email'); $form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF); $form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS)); $form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); $form_contact_method = WT_Filter::post('form_contact_method'); $form_visible_online = WT_Filter::postBool('form_visible_online'); // Respond to form action if ($form_action == 'update' && WT_Filter::checkCsrf()) { if ($form_username != Auth::user()->getUserName() && User::findByIdentifier($form_username)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif ($form_email != Auth::user()->getEmail() && User::findByIdentifier($form_email)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.')); } else { // Change username if ($form_username != WT_USER_NAME) { Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username); Auth::user()->setUserName($form_username); } // Change password if ($form_pass1 && $form_pass1 == $form_pass2) { Auth::user()->setPassword($form_pass1); } // Change other settings Auth::user()->setRealName($form_realname)->setEmail($form_email)->setSetting('theme', $form_theme)->setSetting('language', $form_language)->setSetting('contactmethod', $form_contact_method)->setSetting('visibleonline', $form_visible_online); $WT_TREE->userPreference(WT_USER_ID, 'rootid', $form_rootid); // Reload page to pick up changes such as theme and user_id
public function getBlock($block_id, $template = true, $cfg = null) { global $ctype; require_once WT_ROOT . 'includes/functions/functions_print_facts.php'; // Block actions $action = WT_Filter::get('action'); $message_id = WT_Filter::getArray('message_id'); if ($action == 'deletemessage') { foreach ($message_id as $msg_id) { deleteMessage($msg_id); } } $block = get_block_setting($block_id, 'block', true); if ($cfg) { foreach (array('block') as $name) { if (array_key_exists($name, $cfg)) { ${$name} = $cfg[$name]; } } } $messages = getUserMessages(WT_USER_ID); $id = $this->getName() . $block_id; $class = $this->getName() . '_block'; $title = WT_I18N::plural('%s message', '%s messages', count($messages), WT_I18N::number(count($messages))); $content = '<form name="messageform" action="index.php?ctype=' . $ctype . '" method="get" onsubmit="return confirm(\'' . WT_I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\');">'; if (count(User::all()) > 1) { $content .= '<br>' . WT_I18N::translate('Send message') . " <select name=\"touser\">"; $content .= '<option value="">' . WT_I18N::translate('<select>') . '</option>'; foreach (User::all() as $user) { if ($user->getUserId() != WT_USER_ID && $user->getSetting('verified_by_admin') && $user->getSetting('contactmethod') != 'none') { $content .= '<option value="' . WT_Filter::escapeHtml($user->getUserName()) . '">'; $content .= '<span dir="auto">' . WT_Filter::escapeHtml($user->getRealName()) . '</span> - <span dir="auto">' . WT_Filter::escapeHtml($user->getUserName()) . '</span>'; $content .= '</option>'; } } $content .= '</select> <input type="button" value="' . WT_I18N::translate('Send') . '" onclick="message(document.messageform.touser.options[document.messageform.touser.selectedIndex].value, \'messaging2\', \'\'); return false;"><br><br>'; } if (count($messages) == 0) { $content .= WT_I18N::translate('You have no pending messages.') . "<br>"; } else { $content .= '<input type="hidden" name="action" value="deletemessage">'; $content .= '<table class="list_table"><tr>'; $content .= '<td class="list_label">' . WT_I18N::translate('Delete') . '<br><a href="#" onclick="jQuery(\'#' . $this->getName() . $block_id . ' :checkbox\').prop(\'checked\', true); return false;">' . WT_I18N::translate('All') . '</a></td>'; $content .= '<td class="list_label">' . WT_I18N::translate('Subject:') . '</td>'; $content .= '<td class="list_label">' . WT_I18N::translate('Date sent:') . '</td>'; $content .= '<td class="list_label">' . WT_I18N::translate('Email address:') . '</td>'; $content .= '</tr>'; foreach ($messages as $message) { $content .= '<tr>'; $content .= '<td class="list_value_wrap"><input type="checkbox" id="cb_message' . $message->message_id . '" name="message_id[]" value="' . $message->message_id . '"></td>'; $content .= '<td class="list_value_wrap"><a href="#" onclick="return expand_layer(\'message' . $message->message_id . '\');"><i id="message' . $message->message_id . '_img" class="icon-plus"></i> <b dir="auto">' . WT_Filter::escapeHtml($message->subject) . '</b></a></td>'; $content .= '<td class="list_value_wrap">' . format_timestamp($message->created) . '</td>'; $content .= '<td class="list_value_wrap">'; $user = User::findByIdentifier($message->sender); if ($user) { $content .= '<span dir="auto">' . $user->getRealName() . '</span>'; $content .= ' - <span dir="auto">' . $user->getEmail() . '</span>'; } else { $content .= '<a href="mailto:' . WT_Filter::escapeHtml($message->sender) . '">' . WT_Filter::escapeHtml($message->sender) . '</a>'; } $content .= '</td>'; $content .= '</tr>'; $content .= '<tr><td class="list_value_wrap" colspan="5"><div id="message' . $message->message_id . '" style="display:none;">'; $content .= '<div dir="auto" style="white-space: pre-wrap;">' . WT_Filter::expandUrls($message->body) . '</div><br>'; if (strpos($message->subject, WT_I18N::translate('RE: ')) !== 0) { $message->subject = WT_I18N::translate('RE: ') . $message->subject; } if ($user) { $content .= '<a href="#" onclick="reply(\'' . WT_Filter::escapeJs($message->sender) . '\', \'' . WT_Filter::escapeJs($message->subject) . '\'); return false;">' . WT_I18N::translate('Reply') . '</a> | '; } $content .= '<a href="index.php?action=deletemessage&message_id[]=' . $message->message_id . '" onclick="return confirm(\'' . WT_I18N::translate('Are you sure you want to delete this message? It cannot be retrieved later.') . '\');">' . WT_I18N::translate('Delete') . '</a></div></td></tr>'; } $content .= '</table>'; $content .= '<input type="submit" value="' . WT_I18N::translate('Delete selected messages') . '"><br>'; } $content .= '</form>'; if ($template) { if ($block) { require WT_THEME_DIR . 'templates/block_small_temp.php'; } else { require WT_THEME_DIR . 'templates/block_main_temp.php'; } } else { return $content; } }
/** * If the Facebook username or email is associated with an account, login to it. Otherwise, register a new account. * * @param object $facebookUser Facebook user * @param string $url (optional) URL to redirect to afterwards. */ private function login_or_register(&$facebookUser, $url = '') { $REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::getPreference('REQUIRE_ADMIN_AUTH_REGISTRATION'); if ($this->getSetting('require_verified', 1) && empty($facebookUser->verified)) { $this->error_page(WT_I18N::translate('Only verified Facebook accounts are authorized. Please verify your account on Facebook and then try again')); } if (empty($facebookUser->username)) { $facebookUser->username = $facebookUser->id; } $user_id = $this->get_user_id_from_facebook_username($facebookUser->username); if (!$user_id) { if (!isset($facebookUser->email)) { $this->error_page(WT_I18N::translate('You must grant access to your email address via Facebook in order to use this website. Please uninstall the application on Facebook and try again.')); } $user = User::findByIdentifier($facebookUser->email); if ($user) { $user_id = $user->getUserId(); } } if ($user_id) { // This is an existing user so log them in if they are approved $login_result = $this->login($user_id); $message = ''; switch ($login_result) { case -1: // not validated $message = WT_I18N::translate('This account has not been verified. Please check your email for a verification message.'); break; case -2: // not approved $message = WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.'); break; default: $user = User::find($user_id); $user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username)); // redirect to the homepage/$url header('Location: ' . WT_SCRIPT_PATH . $url); return; } $this->error_page($message); } else { // This is a new Facebook user who may or may not already have a manual account if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) { $this->error_page('<p>' . WT_I18N::translate('The administrator has disabled registrations.') . '</p>'); } // check if the username is already in use $username = $this->cleanseFacebookUsername($facebookUser->username); $wt_username = substr($username, 0, 32); // Truncate the username to 32 characters to match the DB. if (User::findByIdentifier($wt_username)) { // fallback to email as username since we checked above that a user with the email didn't exist. $wt_username = $facebookUser->email; $wt_username = substr($wt_username, 0, 32); // Truncate the username to 32 characters to match the DB. } // Generate a random password since the user shouldn't need it and can always reset it. $password = md5(uniqid(rand(), TRUE)); $hashcode = md5(uniqid(rand(), true)); $preApproved = unserialize($this->getSetting('preapproved')); // From login.php: Log::addAuthenticationLog('User registration requested for: ' . $wt_username); if ($user = User::create($wt_username, $facebookUser->name, $facebookUser->email, $password)) { $verifiedByAdmin = !$REQUIRE_ADMIN_AUTH_REGISTRATION || isset($preApproved[$username]); $user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username))->setPreference('language', WT_LOCALE)->setPreference('verified', '1')->setPreference('verified_by_admin', $verifiedByAdmin ? '1' : '0')->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', $hashcode)->setPreference('contactmethod', 'messaging2')->setPreference('visibleonline', '1')->setPreference('editaccount', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', $verifiedByAdmin ? WT_TIMESTAMP : '0')->setPreference('comment', @$facebookUser->birthday . "\n " . "https://www.facebook.com/" . $this->cleanseFacebookUsername($facebookUser->username)); // Apply pre-approval settings if (isset($preApproved[$username])) { $userSettings = $preApproved[$username]; foreach ($userSettings as $gedcom => $userGedcomSettings) { foreach (array('gedcomid', 'rootid', 'canedit') as $userPref) { if (empty($userGedcomSettings[$userPref])) { continue; } // Use a direct DB query instead of $tree->setUserPreference since we // can't get a reference to the WT_Tree since it checks permissions but // we are trying to give the permissions. WT_DB::prepare("REPLACE INTO `##user_gedcom_setting` (user_id, gedcom_id, setting_name, setting_value) VALUES (?, ?, ?, LEFT(?, 255))")->execute(array($user->getUserId(), $gedcom, $userPref, $userGedcomSettings[$userPref])); } } // Remove the pre-approval record unset($preApproved[$username]); $this->setSetting('preapproved', serialize($preApproved)); } // We need jQuery below global $controller; $controller = new WT_Controller_Page(); $controller->setPageTitle($this->getTitle())->pageHeader(); echo '<form id="verify-form" name="verify-form" method="post" action="', WT_LOGIN_URL, '" class="ui-autocomplete-loading" style="width:16px;height:16px;padding:0">'; echo $this->hidden_input("action", "verify_hash"); echo $this->hidden_input("user_name", $wt_username); echo $this->hidden_input("user_password", $password); echo $this->hidden_input("user_hashcode", $hashcode); echo WT_Filter::getCsrf(); echo '</form>'; if ($verifiedByAdmin) { $controller->addInlineJavaScript(' function verify_hash_success() { // now the account is approved but not logged in. Now actually login for the user. window.location = "' . $this->getConnectURL($url) . '"; } function verify_hash_failure() { alert("' . WT_I18N::translate("There was an error verifying your account. Contact the site administrator if you are unable to access the site.") . '"); window.location = "' . WT_SCRIPT_PATH . '"; } $(document).ready(function() { $.post("' . WT_LOGIN_URL . '", $("#verify-form").serialize(), verify_hash_success).fail(verify_hash_failure); }); '); } else { echo '<script>document.getElementById("verify-form").submit()</script>'; } } else { Log::addErrorLog("Facebook: Couldn't create the user account"); $this->error_page('<p>' . WT_I18N::translate('Unable to create your account. Please try again.') . '</p>' . '<div class="back"><a href="javascript:history.back()">' . WT_I18N::translate('Back') . '</a></div>'); } } }
private static function _getHitCount($page_name, $params) { if (is_array($params) && isset($params[0]) && $params[0] != '') { $page_parameter = $params[0]; } else { $page_parameter = ''; } if ($page_name === null) { // index.php?ctype=gedcom $page_name = 'index.php'; $page_parameter = 'gedcom:' . get_id_from_gedcom($page_parameter ? $page_parameter : WT_GEDCOM); } elseif ($page_name == 'index.php') { // index.php?ctype=user $user = User::findByIdentifier($page_parameter); $page_parameter = 'user:'******'<span class="hit-counter">' . WT_I18N::number($count) . '</span>'; }
use WT\User; define('WT_SCRIPT_NAME', 'message.php'); require './includes/session.php'; // Some variables are initialised from GET (so we can set initial values in URLs), // but are submitted in POST so we can have long body text. $subject = WT_Filter::post('subject', null, WT_Filter::get('subject')); $body = WT_Filter::post('body'); $from_name = WT_Filter::post('from_name'); $from_email = WT_Filter::post('from_email'); $action = WT_Filter::post('action', 'compose|send', 'compose'); $to = WT_Filter::post('to', null, WT_Filter::get('to')); $method = WT_Filter::post('method', 'messaging|messaging2|messaging3|mailto|none', WT_Filter::get('method', 'messaging|messaging2|messaging3|mailto|none', 'messaging2')); $url = WT_Filter::postUrl('url', WT_Filter::getUrl('url')); $controller = new WT_Controller_Simple(); $controller->setPageTitle(WT_I18N::translate('webtrees message')); $to_user = User::findByIdentifier($to); // Only admins can send broadcast messages if ((!$to_user || $to == 'all' || $to == 'last_6mo' || $to == 'never_logged') && !Auth::isAdmin()) { // TODO, what if we have a user called "all" or "last_6mo" or "never_logged" ??? WT_FlashMessages::addMessage(WT_I18N::translate('Message was not sent')); $controller->pageHeader(); $controller->addInlineJavascript('window.opener.location.reload(); window.close();'); exit; } $errors = ''; // Is this message from a member or a visitor? if (WT_USER_ID) { $from = WT_USER_NAME; } else { // Visitors must provide a valid email address if ($from_email && (!preg_match("/(.+)@(.+)/", $from_email, $match) || function_exists('checkdnsrr') && checkdnsrr($match[2]) === false)) {