本文整理汇总了PHP中COM_updateSpeedlimit函数的典型用法代码示例。如果您正苦于以下问题:PHP COM_updateSpeedlimit函数的具体用法?PHP COM_updateSpeedlimit怎么用?PHP COM_updateSpeedlimit使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了COM_updateSpeedlimit函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: MG_approveSubmission
function MG_approveSubmission($media_id)
{
global $_CONF, $_TABLES, $LANG_MG01;
$mid = addslashes($media_id);
$owner_uid = DB_getItem($_TABLES['mg_mediaqueue'], 'media_user_id', "media_id='" . $mid . "'");
DB_delete($_TABLES['mg_mediaqueue'], 'media_id', $mid);
$album_id = DB_getItem($_TABLES['mg_media_album_queue'], 'album_id', "media_id='" . $mid . "'");
DB_save($_TABLES['mg_media_albums'], 'album_id, media_id, media_order', "{$album_id}, '{$mid}', 0");
require_once $_CONF['path'] . 'plugins/mediagallery/include/sort.php';
MG_SortMedia($album_id);
DB_delete($_TABLES['mg_media_album_queue'], 'media_id', $mid);
$sql = "SELECT media_filename, media_type " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . $mid . "'";
$result = DB_query($sql);
list($media_filename, $media_type) = DB_fetchArray($result);
$media_count = DB_getItem($_TABLES['mg_albums'], 'media_count', 'album_id=' . $album_id);
$media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $media_count, 'album_id', $album_id);
MG_updateAlbumLastUpdate($album_id);
$album_cover = DB_getItem($_TABLES['mg_albums'], 'album_cover', 'album_id=' . $album_id);
if ($album_cover == -1 && $media_type == 0) {
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $media_filename, 'album_id', $album_id);
}
// email the owner / uploader that the item has been approved.
COM_clearSpeedlimit(600, 'mgapprove');
$last = COM_checkSpeedlimit('mgapprove');
if ($last == 0) {
$result2 = DB_query("SELECT username, fullname, email FROM {$_TABLES['users']} WHERE uid='" . $owner_uid . "'");
list($username, $fullname, $email) = DB_fetchArray($result2);
if ($email != '') {
$subject = $LANG_MG01['upload_approved'];
$body = $LANG_MG01['upload_approved'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $LANG_MG01['thanks_submit'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $_CONF['site_name'] . '<br' . XHTML . '>';
$body .= $_CONF['site_url'] . '<br' . XHTML . '>';
$to = array();
$from = array();
$to = COM_formatEmailAddress($username, $email);
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
if (!COM_mail($to, $subject, $body, $from, true)) {
COM_errorLog("Media Gallery Error - Unable to send queue notification email");
}
COM_updateSpeedlimit('mgapprove');
}
}
// PLG_itemSaved($media_id, 'mediagallery');
// COM_rdfUpToDateCheck();
// COM_olderStuff();
return;
}
示例2: CLASSIFIEDS_mailAd
/**
* Email ad to a friend
*
* @param string $ad id of ad to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the ad
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function CLASSIFIEDS_mailAd($ad, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
// check for correct $_CONF permission
if (COM_isAnonUser() && $_CONF['loginrequired'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
//Query ad
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
return $retval;
}
示例3: PNB_handlePingback
/**
* Handle a pingback for an entry.
* Also takes care of the speedlimit and spam. Assumes that the caller of this
* function has already checked permissions!
*
* @param string $id ID of entry that got pinged
* @param string $type type of that entry ('article' for stories, etc.)
* @param string $url URL of the page that pinged us
* @param string $oururl URL that got pinged on our site
* @return object XML-RPC response
*/
function PNB_handlePingback($id, $type, $url, $oururl)
{
global $_CONF, $_TABLES, $PNB_ERROR;
require_once 'HTTP/Request.php';
if (!isset($_CONF['check_trackback_link'])) {
$_CONF['check_trackback_link'] = 2;
}
// handle pingbacks to articles on our own site
$skip_speedlimit = false;
if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
if (!isset($_CONF['pingback_self'])) {
$_CONF['pingback_self'] = 0;
// default: skip self-pingbacks
}
if ($_CONF['pingback_self'] == 0) {
return new XML_RPC_Response(new XML_RPC_Value($PNB_ERROR['skipped']));
} elseif ($_CONF['pingback_self'] == 2) {
$skip_speedlimit = true;
}
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'pingback');
if (!$skip_speedlimit) {
$last = COM_checkSpeedlimit('pingback');
if ($last > 0) {
return new XML_RPC_Response(0, 49, sprintf($PNB_ERROR['speedlimit'], $last, $_CONF['commentspeedlimit']));
}
}
// update speed limit in any case
COM_updateSpeedlimit('pingback');
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
if ($_CONF['check_trackback_link'] & 4) {
$parts = parse_url($url);
if (empty($parts['host'])) {
TRB_logRejected('Pingback: No valid URL', $url);
return new XML_RPC_Response(0, 33, $PNB_ERROR['uri_invalid']);
} else {
$ip = gethostbyname($parts['host']);
if ($ip != $_SERVER['REMOTE_ADDR']) {
TRB_logRejected('Pingback: IP address mismatch', $url);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
}
}
// See if we can read the page linking to us and extract at least
// the page's title out of it ...
$title = '';
$excerpt = '';
$req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
$req->setHeader('User-Agent', 'Geeklog/' . VERSION);
try {
$response = $req->send();
$status = $response->getStatus();
if ($status == 200) {
$body = $response->getBody();
if ($_CONF['check_trackback_link'] & 3) {
if (!TRB_containsBacklink($body, $oururl)) {
TRB_logRejected('Pingback: No link to us', $url);
$comment = TRB_formatComment($url);
PLG_spamAction($comment, $_CONF['spamx']);
return new XML_RPC_Response(0, 49, $PNB_ERROR['spam']);
}
}
preg_match(':<title>(.*)</title>:i', $body, $content);
if (empty($content[1])) {
$title = '';
// no title found
} else {
$title = trim(COM_undoSpecialChars($content[1]));
}
if ($_CONF['pingback_excerpt']) {
// Check which character set the site that sent the Pingback
// is using
$charset = 'ISO-8859-1';
// default, see RFC 2616, 3.7.1
$ctype = $response->getHeader('content-type');
$c = explode(';', $ctype);
foreach ($c as $ct) {
$ch = explode('=', trim($ct));
if (count($ch) === 2) {
if (trim($ch[0]) === 'charset') {
$charset = trim($ch[1]);
break;
}
}
}
if (!empty($charset) && strcasecmp($charset, COM_getCharset()) !== 0) {
if (function_exists('mb_convert_encoding')) {
$body = @mb_convert_encoding($body, COM_getCharset(), $charset);
//.........这里部分代码省略.........
示例4: requesttoken
/**
* User request for a verification token - send email with a link and request id
*
* @param uid int userid of user who requested the new token
* @param msg int index of message to display (if any)
* @return string form or meta redirect
*
*/
function requesttoken($uid, $msg = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$retval = '';
$uid = (int) $uid;
$result = DB_query("SELECT uid,username,email,passwd,status FROM {$_TABLES['users']} WHERE uid = " . (int) $uid . " AND (account_type & " . LOCAL_USER . ")");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
}
$verification_id = USER_createActivationToken($uid, $A['username']);
$activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
$T = new Template($_CONF['path_layout'] . 'email/');
$T->set_file(array('html_msg' => 'newuser_template_html.thtml', 'text_msg' => 'newuser_template_text.thtml'));
$T->set_var(array('url' => $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid, 'lang_site_or_password' => $LANG04[171], 'site_link_url' => $_CONF['site_url'], 'lang_activation' => sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600), 'lang_button_text' => $LANG04[203], 'title' => $_CONF['site_name'] . ': ' . $LANG04[16], 'site_name' => $_CONF['site_name'], 'username' => $A['username']));
$T->parse('output', 'html_msg');
$mailhtml = $T->finish($T->get_var('output'));
$T->parse('output', 'text_msg');
$mailtext = $T->finish($T->get_var('output'));
$msgData['htmlmessage'] = $mailhtml;
$msgData['textmessage'] = $mailtext;
$msgData['subject'] = $_CONF['site_name'] . ': ' . $LANG04[16];
$to = array();
$from = array();
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['noreply_mail']);
$to = COM_formatEmailAddress('', $A['email']);
COM_mail($to, $msgData['subject'], $msgData['htmlmessage'], $from, true, 0, '', $msgData['textmessage']);
COM_updateSpeedlimit('verifytoken');
if ($msg) {
echo COM_refresh($_CONF['site_url'] . "/index.php?msg={$msg}");
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
COM_updateSpeedlimit('verifytoken');
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=getnewtoken');
}
return $retval;
}
示例5: savesubmission
/**
* This will save a submission
*
* @param string $type Type of submission we are dealing with
* @param array $A Data for that submission
*
*/
function savesubmission($type, $A)
{
global $_CONF, $_TABLES, $LANG12;
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
$retval = COM_createHTMLDocument($retval);
return $retval;
}
if (!empty($type) && $type !== 'story') {
// Update the submitspeedlimit for user - assuming Plugin approves
// submission record
COM_updateSpeedlimit('submit');
// see if this is a submission that needs to be handled by a plugin
// and should include its own redirect
$retval = PLG_saveSubmission($type, $A);
if ($retval === false) {
COM_errorLog("Could not save your submission. Bad type: {$type}");
} elseif (empty($retval)) {
// plugin should include its own redirect - but in case handle
// it here and redirect to the main page
PLG_submissionSaved($type);
COM_redirect($_CONF['site_url'] . '/index.php');
} else {
PLG_submissionSaved($type);
return $retval;
}
}
if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) {
$retval = savestory($A);
PLG_submissionSaved($type);
} else {
$retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type);
$retval = COM_createHTMLDocument($retval);
}
return $retval;
}
示例6: WS_authenticate
//.........这里部分代码省略.........
if ($pwdigest == $mydigest) {
$password = $pwd;
}
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
}
******************************************************************************/
} elseif (!empty($_SERVER['REMOTE_USER'])) {
/* PHP installed as CGI may not have access to authorization headers of
* Apache. In that case, use .htaccess to store the auth header as
* explained at
* http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
*/
list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
list($username, $password) = explode(':', base64_decode($auth_data));
$username = COM_applyBasicFilter($username);
if ($WS_VERBOSE) {
COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
}
} else {
if ($WS_VERBOSE) {
COM_errorLog("WS: No login given");
}
// fallthrough (see below)
}
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
}
if (!empty($username) && !empty($password)) {
if ($_CONF['user_login_method']['3rdparty']) {
// remote users will have to use username@servicename
$u = explode('@', $username);
if (count($u) > 1) {
$sv = $u[count($u) - 1];
if (!empty($sv)) {
$modules = SEC_collectRemoteAuthenticationModules();
foreach ($modules as $smod) {
if (strcasecmp($sv, $smod) == 0) {
array_pop($u);
// drop the service name
$uname = implode('@', $u);
$status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
break;
}
}
}
}
}
if ($status == -1 && $_CONF['user_login_method']['standard']) {
$status = SEC_authenticate($username, $password, $uid);
}
}
if ($status == USER_ACCOUNT_ACTIVE) {
$_USER = SESS_getUserDataFromId($uid);
PLG_loginUser($_USER['uid']);
// Global array of groups current user belongs to
$_GROUPS = SEC_getUserGroups($_USER['uid']);
// Global array of current user permissions [read,edit]
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_CONF['restrict_webservices']) {
if (!SEC_hasRights('webservices.atompub')) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
}
// reset user, groups, and rights, just in case ...
$_USER = array();
$_GROUPS = array();
$_RIGHTS = array();
WS_error(PLG_RET_AUTH_FAILED);
}
}
if ($WS_VERBOSE) {
COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
}
// if there were less than 2 failed login attempts, reset speedlimit
if (COM_checkSpeedlimit('wsauth', 2) == 0) {
if ($WS_VERBOSE) {
COM_errorLog("WS: Successful login - resetting speedlimit");
}
COM_resetSpeedlimit('wsauth');
}
} else {
COM_updateSpeedlimit('wsauth');
if (!empty($username) && !empty($password)) {
COM_updateSpeedlimit('wsauth');
if ($WS_VERBOSE) {
COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
}
} elseif ($WS_VERBOSE) {
COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
}
WS_error(PLG_RET_AUTH_FAILED);
}
}
示例7: CONTACT_contactemail
/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param bool $cc Whether to send a copy of the message to the author
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function CONTACT_contactemail($uid, $cc, $author, $authoremail, $subject, $message)
{
global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12, $MESSAGE;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
$last = COM_checkSpeedlimit('mail');
if ($last > 0) {
$return .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG08[39] . $last . $LANG08[40] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $return;
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail) && strpos($author, '@') === false) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}");
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags(COM_stripslashes($sig));
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_stripslashes($subject);
$message = COM_stripslashes($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($msg, 2) . CONTACT_contactform($uid, $cc, $subject, $message);
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$message = strip_tags($message) . $sig;
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$sent = COM_mail($to, $subject, $message, $from);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname']));
$ccmessage .= "\n------------------------------------------------------------\n\n" . $message;
$sent = COM_mail($from, $subject, $ccmessage, $from);
}
COM_updateSpeedlimit('mail');
$retval .= COM_refresh($_CONF['site_url'] . '/' . $_CONTACT_CONF['folder_name'] . '/index.php?what=msg&msg=' . urlencode($sent ? $MESSAGE['27'] : $MESSAGE['85']));
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[3], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[4], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
return $retval;
}
示例8: MG_sendPostCard
//.........这里部分代码省略.........
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
示例9: handleEditSubmit
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd <wenerd87 AT gmail DOT com>
* @return string HTML (possibly a refresh)
*/
function handleEditSubmit()
{
global $_CONF, $_TABLES, $_USER, $LANG03, $_PLUGINS;
$type = COM_applyFilter($_POST['type']);
$sid = COM_sanitizeID(COM_applyFilter($_POST['sid']));
$cid = COM_applyFilter($_POST['cid'], true);
$postmode = COM_applyFilter($_POST['postmode']);
if ($type != 'article') {
if (!in_array($type, $_PLUGINS)) {
$type = '';
}
}
$commentuid = DB_getItem($_TABLES['comments'], 'uid', "cid = " . (int) $cid);
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
$comment = $_POST['comment_text'];
//check for bad input
if (empty($sid) || empty($_POST['title']) || empty($comment) || !is_numeric($cid) || $cid < 1) {
COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
} elseif ($uid != $commentuid && !SEC_inGroup('Root')) {
//check permissions
COM_errorLog("handleEditSubmit(): {{$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment without proper permission.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$comment = CMT_prepareText($comment, $postmode, true, $cid);
$title = COM_checkWords(strip_tags($_POST['title']));
if (!empty($title) && !empty($comment)) {
COM_updateSpeedlimit('comment');
$title = DB_escapeString($title);
$comment = DB_escapeString($comment);
// save the comment into the comment table
DB_query("UPDATE {$_TABLES['comments']} SET comment = '{$comment}', title = '{$title}'" . " WHERE cid=" . (int) $cid . " AND sid='" . DB_escapeString($sid) . "'");
if (DB_error()) {
//saving to non-existent comment or comment in wrong article
COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit to a non-existent comment or the cid/sid did not match');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$safecid = (int) $cid;
$safeuid = (int) $uid;
DB_save($_TABLES['commentedits'], 'cid,uid,time', "{$safecid},{$safeuid},NOW()");
} else {
COM_errorLog("handleEditSubmit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to submit a comment with invalid $title and/or $comment.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
PLG_commentEditSave($type, $cid, $sid);
$urlArray = PLG_getCommentUrlId($type);
if (is_array($urlArray)) {
$url = $urlArray[0] . '?' . $urlArray[1] . '=' . $sid;
echo COM_refresh($url);
exit;
}
return COM_refresh($_CONF['site_url'] . '/index.php');
}
示例10: PLG_loginUser
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if (!empty($cooktime)) {
// They want their cookie to persist for some amount of time so set it now
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
}
}
if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) {
COM_redirect($_CONF['site_admin_url'] . '/index.php');
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
} elseif (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAccess()) {
COM_updateSpeedlimit('login');
$display .= COM_startBlock($LANG20[1]);
if (!$_CONF['user_login_method']['standard']) {
$display .= '<p>' . $LANG_LOGIN[2] . '</p>';
} else {
if (isset($_POST['warn'])) {
$display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
}
$display .= '<form action="' . $_CONF['site_admin_url'] . '/index.php" method="post">' . '<table cellspacing="0" cellpadding="3" border="0" width="100%">' . LB . '<tr><td class="alignright"><b><label for="loginname">' . $LANG20[4] . '</label></b></td>' . LB . '<td><input type="text" name="loginname" id="loginname" size="16" maxlength="16"' . XHTML . '></td>' . LB . '</tr>' . LB . '<tr>' . LB . '<td class="alignright"><b><label for="passwd">' . $LANG20[5] . '</label></b></td>' . LB . '<td><input type="password" name="passwd" id="passwd" size="16"' . XHTML . '></td>' . '</tr>' . LB . '<tr>' . LB . '<td colspan="2" align="center" class="warning">' . $LANG20[6] . '<input type="hidden" name="warn" value="1"' . XHTML . '>' . '<br' . XHTML . '><input type="submit" name="mode" value="' . $LANG20[7] . '"' . XHTML . '></td>' . LB . '</tr>' . LB . '</table></form>';
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
}
示例11: SESS_sessionCheck
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org). This checks the session
* cookie and long term cookie to get the users state.
*
* @return array returns $_USER array
*
*/
function SESS_sessionCheck()
{
global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
if ($_SESS_VERBOSE) {
COM_errorLog("***Inside SESS_sessionCheck***", 1);
}
unset($_USER);
// We MUST do this up here, so it's set even if the cookie's not present.
$user_logged_in = 0;
$logged_in = 0;
$userdata = array();
// Check for a cookie on the users's machine. If the cookie exists, build
// an array of the users info and setup the theme.
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
if ($_SESS_VERBOSE) {
COM_errorLog("got {$sessid} as the session id from lib-sessions.php", 1);
}
$userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the session ID", 1);
}
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
$user_logged_in = 1;
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
$userdata = SESS_getUserDataFromId($userid);
if ($_SESS_VERBOSE) {
COM_errorLog("Got " . count($userdata) . " pieces of data from userdata", 1);
COM_errorLog(COM_debug($userdata), 1);
}
$_USER = $userdata;
$_USER['auto_login'] = false;
}
} else {
// Session probably expired, now check permanent cookie
if (isset($_COOKIE[$_CONF['cookie_name']])) {
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid == 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
$cookie_password = '';
$userpass = '';
if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
$userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
}
if (empty($cookie_password) || $cookie_password != $userpass) {
// Invalid or manipulated cookie data
SEC_setCookie($_CONF['cookie_session'], '', time() - 10000);
SEC_setCookie($_CONF['cookie_password'], '', time() - 10000);
SEC_setCookie($_CONF['cookie_name'], '', time() - 10000);
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
if (!defined('XHTML')) {
define('XHTML', '');
}
COM_displayMessageAndAbort(82, '', 403, 'Access denied');
}
COM_updateSpeedlimit('login');
} else {
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
$user_logged_in = 1;
$sessid = SESS_newSession($userid, $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']);
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
$_USER['auto_login'] = true;
}
}
}
}
}
}
} else {
if ($_SESS_VERBOSE) {
COM_errorLog('session cookie not found from lib-sessions.php', 1);
}
// Check if the persistent cookie exists
if (isset($_COOKIE[$_CONF['cookie_name']])) {
// Session cookie doesn't exist but a permanent cookie does.
// Start a new session cookie;
if ($_SESS_VERBOSE) {
COM_errorLog('perm cookie found from lib-sessions.php', 1);
}
//.........这里部分代码省略.........
示例12: SESS_sessionCheck
/**
* This gets the state for the user
*
* Much of this code if from phpBB (www.phpbb.org). This checks the session
* cookie and long term cookie to get the users state.
*
* @return void
*
*/
function SESS_sessionCheck()
{
global $_CONF, $_TABLES, $_USER, $_SESS_VERBOSE;
if ($_SESS_VERBOSE) {
COM_errorLog("*** Inside SESS_sessionCheck ***", 1);
}
$_USER = array();
// Check for a cookie on the users's machine. If the cookie exists, build
// an array of the users info and setup the theme.
// Flag indicates if session cookie and session data exist
$session_exists = true;
if (isset($_COOKIE[$_CONF['cookie_session']])) {
$sessid = COM_applyFilter($_COOKIE[$_CONF['cookie_session']]);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$sessid} as the session ID", 1);
}
$userid = SESS_getUserIdFromSession($sessid, $_CONF['session_cookie_timeout'], $_SERVER['REMOTE_ADDR'], $_CONF['cookie_ip']);
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the session ID", 1);
}
if ($userid > 1) {
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
$_USER = SESS_getUserDataFromId($userid);
if ($_SESS_VERBOSE) {
$str = "Got " . count($_USER) . " pieces of data from userdata \n";
foreach ($_USER as $k => $v) {
$str .= sprintf("%15s [%s] \n", $k, $v);
}
COM_errorLog($str, 1);
}
$_USER['auto_login'] = false;
}
} elseif ($userid == 1) {
// Anonymous User has session so update any information
SESS_updateSessionTime($sessid, $_CONF['cookie_ip']);
} else {
// Session probably expired
$session_exists = false;
}
} else {
if ($_SESS_VERBOSE) {
COM_errorLog("Session cookie not found", 1);
}
$session_exists = false;
}
if ($session_exists === false) {
// Check if the permanent cookie exists
$userid = '';
if (isset($_COOKIE[$_CONF['cookie_name']])) {
$userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']], true);
}
if (!empty($userid)) {
// Session cookie or session data don't exist, but a permanent cookie does.
// Start a new session cookie and session data;
if ($_SESS_VERBOSE) {
COM_errorLog("Got {$userid} as User ID from the permanent cookie", 1);
}
$cookie_password = '';
$userpass = '';
if ($userid > 1 && isset($_COOKIE[$_CONF['cookie_password']])) {
$cookie_password = $_COOKIE[$_CONF['cookie_password']];
$userpass = DB_getItem($_TABLES['users'], 'passwd', "uid = {$userid}");
}
if (empty($cookie_password) || $cookie_password != $userpass) {
if ($_SESS_VERBOSE) {
COM_errorLog("Password comparison failed or cookie password missing", 1);
}
// Invalid or manipulated cookie data
$ctime = time() - 10000;
SEC_setCookie($_CONF['cookie_session'], '', $ctime);
SEC_setCookie($_CONF['cookie_password'], '', $ctime);
SEC_setCookie($_CONF['cookie_name'], '', $ctime);
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login');
if (COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0) {
if (!defined('XHTML')) {
define('XHTML', '');
}
COM_displayMessageAndAbort(82, '', 403, 'Access denied');
}
COM_updateSpeedlimit('login');
} elseif ($userid > 1) {
if ($_SESS_VERBOSE) {
COM_errorLog("Password comparison passed", 1);
}
// Check user status
$status = SEC_checkUserStatus($userid);
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
if ($_SESS_VERBOSE) {
//.........这里部分代码省略.........
示例13: CMT_sendReport
/**
* Send report about abusive comment
*
* @param string $cid comment id
* @param string $type type of comment ('article', 'poll', ...)
* @return string Meta refresh or HTML for error message
*
*/
function CMT_sendReport($cid, $type)
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG08, $LANG09, $LANG_LOGIN;
if (COM_isAnonUser()) {
$retval = COM_siteHeader('menu', $LANG_LOGIN[1]);
$retval .= SEC_loginRequiredForm();
$retval .= COM_siteFooter();
return $retval;
}
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$username = DB_getItem($_TABLES['users'], 'username', "uid = {$_USER['uid']}");
$result = DB_query("SELECT uid,title,comment,sid,ipaddress FROM {$_TABLES['comments']} WHERE cid = " . (int) $cid . " AND type = '" . DB_escapeString($type) . "'");
$A = DB_fetchArray($result);
$title = $A['title'];
$comment = $A['comment'];
// strip HTML if posted in HTML mode
if (preg_match('/<.*>/', $comment) != 0) {
$comment = strip_tags($comment);
}
$author = COM_getDisplayName($A['uid']);
if ($A['uid'] <= 1 && !empty($A['ipaddress'])) {
// add IP address for anonymous posters
$author .= ' (' . $A['ipaddress'] . ')';
}
$mailbody = sprintf($LANG03[26], $username);
$mailbody .= "\n\n" . "{$LANG03['16']}: {$title}\n" . "{$LANG03['5']}: {$author}\n";
if ($type != 'article' && $type != 'poll') {
$mailbody .= "{$LANG09['5']}: {$type}\n";
}
if ($_CONF['emailstorieslength'] > 0) {
if ($_CONF['emailstorieslength'] > 1) {
$comment = MBYTE_substr($comment, 0, $_CONF['emailstorieslength']) . '...';
}
$mailbody .= $comment . "\n\n";
}
$mailbody .= $LANG08[33] . ' <' . $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . ">\n\n";
$mailbody .= "\n------------------------------\n";
$mailbody .= "\n{$LANG08['34']}\n";
$mailbody .= "\n------------------------------\n";
$mailsubject = $_CONF['site_name'] . ' ' . $LANG03[27];
$to = array();
$to = COM_formatEmailAddress('', $_CONF['site_mail']);
COM_mail($to, $mailsubject, $mailbody);
COM_updateSpeedlimit('mail');
return COM_refresh($_CONF['site_url'] . '/index.php?msg=27');
}
示例14: MG_notifyModerators
function MG_notifyModerators($aid)
{
global $LANG_DIRECTION, $LANG_CHARSET, $_USER, $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $LANG_MG01;
$to = array();
if ($MG_albums[$aid]->moderate != 1 || $MG_albums[0]->owner_id) {
return true;
}
$body = '';
$media_user_id = $_USER['uid'];
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
COM_clearSpeedlimit(600, 'mgnotify');
$last = COM_checkSpeedlimit('mgnotify');
if ($last == 0) {
$subject = $LANG_MG01['new_upload_subject'] . $_CONF['site_name'];
if (COM_isAnonUser()) {
$uname = 'Anonymous';
} else {
$uname = DB_getItem($_TABLES['users'], 'username', 'uid=' . $media_user_id);
}
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('email', 'modemail.thtml');
$T->set_var(array('direction' => $direction, 'charset' => $charset, 'lang_new_upload' => $LANG_MG01['new_upload_body'], 'lang_details' => $LANG_MG01['details'], 'lang_album_title' => 'Album', 'lang_uploaded_by' => $LANG_MG01['uploaded_by'], 'username' => $uname, 'album_title' => strip_tags($MG_albums[$aid]->title), 'url_moderate' => '<a href="' . $_MG_CONF['site_url'] . '/admin.php?album_id=' . $aid . '&mode=moderate">Click here to view</a>', 'site_name' => $_CONF['site_name'] . ' - ' . $_CONF['site_slogan'], 'site_url' => $_CONF['site_url']));
$T->parse('output', 'email');
$body .= $T->finish($T->get_var('output'));
$altbody = $LANG_MG01['new_upload_body'] . $MG_albums[$aid]->title;
$altbody .= "\n\r\n\r";
$altbody .= $LANG_MG01['details'];
$altbody .= "\n\r";
$altbody .= $LANG_MG01['uploaded_by'] . ' ' . $uname . "\n\r";
$altbody .= "\n\r\n\r";
$altbody .= $_CONF['site_name'] . "\n\r";
$altbody .= $_CONF['site_url'] . "\n\r";
$groups = MG_getGroupList($MG_albums[$aid]->mod_group_id);
$groupList = implode(',', $groups);
$sql = "SELECT DISTINCT {$_TABLES['users']}.uid,username,fullname,email " . "FROM {$_TABLES['group_assignments']},{$_TABLES['users']} " . "WHERE {$_TABLES['users']}.uid > 1 " . "AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid " . "AND ({$_TABLES['group_assignments']}.ug_main_grp_id IN ({$groupList}))";
$result = DB_query($sql);
$nRows = DB_numRows($result);
$toCount = 0;
for ($i = 0; $i < $nRows; $i++) {
$row = DB_fetchArray($result);
if ($row['email'] != '') {
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Sending notification email to: " . $row['email'] . " - " . $row['username']);
}
$toCount++;
$to[] = array('email' => $row['email'], 'name' => $row['username']);
}
}
if ($toCount > 0) {
$msgData['htmlmessage'] = $body;
$msgData['textmessage'] = $altBody;
$msgData['subject'] = $subject;
$msgData['from']['email'] = $_CONF['site_mail'];
$msgData['from']['name'] = $_CONF['site_name'];
$msgData['to'] = $to;
COM_emailNotification($msgData);
} else {
COM_errorLog("MG Upload: Error - Did not find any moderators to email");
}
COM_updateSpeedlimit('mgnotify');
}
return true;
}
示例15: USER_mergeAccounts
/**
* Merge User Accounts
*
* This validates the entered password and then merges a remote
* account with a local account.
*
* @return string HTML merge form if error, redirect on success
*
*/
function USER_mergeAccounts()
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20;
$retval = '';
$remoteUID = COM_applyFilter($_POST['remoteuid'], true);
$localUID = COM_applyFilter($_POST['localuid'], true);
$localpwd = $_POST['localp'];
$localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID);
$localRow = DB_fetchArray($localResult);
if (SEC_check_hash($localpwd, $localRow['passwd'])) {
// password is valid
$sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows == 1) {
$remoteRow = DB_fetchArray($result);
if ($remoteUID == $remoteRow['uid']) {
$remoteUID = (int) $remoteRow['uid'];
$remoteService = substr($remoteRow['remoteservice'], 6);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "UPDATE {$_TABLES['users']} SET remoteusername='" . DB_escapeString($remoteRow['remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID;
DB_query($sql);
$_USER['uid'] = $localRow['uid'];
$local_login = true;
SESS_completeLogin($localUID);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
COM_resetSpeedlimit('login');
// log the user out
SESS_endUserSession($remoteUID);
// Let plugins know a user is being merged
PLG_moveUser($remoteUID, $_USER['uid']);
// Ok, now delete everything related to this user
// let plugins update their data for this user
PLG_deleteUser($remoteUID);
if (function_exists('CUSTOM_userDeleteHook')) {
CUSTOM_userDeleteHook($remoteUID);
}
// Call custom account profile delete function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) {
CUSTOM_userDelete($remoteUID);
}
// remove from all security groups
DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID);
// remove user information and preferences
DB_delete($_TABLES['userprefs'], 'uid', $remoteUID);
DB_delete($_TABLES['userindex'], 'uid', $remoteUID);
DB_delete($_TABLES['usercomment'], 'uid', $remoteUID);
DB_delete($_TABLES['userinfo'], 'uid', $remoteUID);
// delete user photo, if enabled & exists
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}");
USER_deletePhoto($photo, false);
}
// delete subscriptions
DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID);
// in case the user owned any objects that require Admin access, assign
// them to the Root user with the lowest uid
$rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
$result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1");
$A = DB_fetchArray($result);
$rootuser = $A['ug_uid'];
if ($rootuser == '' || $rootuser < 2) {
$rootuser = 2;
}
DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
// now delete the user itself
DB_delete($_TABLES['users'], 'uid', $remoteUID);
} else {
// invalid password - let's try one more time
// need to set speed limit and give them 3 tries
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge');
$last = COM_checkSpeedlimit('merge', 4);
if ($last > 0) {
COM_setMsg($LANG04[190], 'error');
echo COM_refresh($_CONF['site_url'] . '/users.php');
} else {
COM_updateSpeedlimit('merge');
USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]);
//.........这里部分代码省略.........