From a4aee625a95fcff60b0addc3ecd58b4d744dc571 Mon Sep 17 00:00:00 2001 From: ocoliver Date: Sat, 17 Nov 2012 18:04:35 +0100 Subject: [PATCH] - session id is now generated from truly random value, previous used mysql UUID() had weak randomness - added session id brute force prevention to old template engine (as used in new template engine) - forced login->verify() in old template engine - removed unused login/logout related codes from old template engine - uuid of new database records is now generated in before insert trigger --- htdocs/config2/settings-dist.inc.php | 9 +- htdocs/doc/sql/stored-proc/maintain.php | 42 +- htdocs/lib/auth.inc.php | 164 +- htdocs/lib/clicompatbase.inc.php | 14 - htdocs/lib/login.class.php | 397 ++--- htdocs/lib/settings-dist.inc.php | 5 + htdocs/lib2/logic/cache.class.php | 858 +++++----- htdocs/lib2/logic/cachedesc.class.php | 240 +-- htdocs/lib2/logic/cachelog.class.php | 448 +++--- htdocs/lib2/logic/const.inc.php | 96 +- htdocs/lib2/logic/picture.class.php | 628 ++++---- htdocs/lib2/logic/rowEditor.class.php | 14 +- htdocs/lib2/logic/user.class.php | 1562 +++++++++---------- htdocs/lib2/login.class.php | 637 ++++---- htdocs/log.php | 704 ++++----- htdocs/newcache.php | 1897 +++++++++++------------ htdocs/newdesc.php | 479 +++--- 17 files changed, 4048 insertions(+), 4146 deletions(-) diff --git a/htdocs/config2/settings-dist.inc.php b/htdocs/config2/settings-dist.inc.php index a958d96a..b0b546c1 100644 --- a/htdocs/config2/settings-dist.inc.php +++ b/htdocs/config2/settings-dist.inc.php @@ -179,10 +179,15 @@ $opt['page']['subtitle1'] = 'Geocaching with Opencaching'; $opt['page']['subtitle2'] = ''; $opt['page']['title'] = 'OPENCACHING'; - $opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri'] - $opt['page']['max_logins_per_hour'] = 25; $opt['page']['showdonations'] = false; // Show donations button + $opt['page']['absolute_url'] = 'http://devel.opencaching.de/'; // may be overwritten by $opt['domain'][...]['uri'] + + /* maximum number of failed logins per hour before that IP address is blocked + * (used to prevent brute-force-attacks) + */ + $opt['page']['max_logins_per_hour'] = 25; + /* Sponsoring advertisements * (plain HTML) */ diff --git a/htdocs/doc/sql/stored-proc/maintain.php b/htdocs/doc/sql/stored-proc/maintain.php index ee525abe..cc4d14c3 100644 --- a/htdocs/doc/sql/stored-proc/maintain.php +++ b/htdocs/doc/sql/stored-proc/maintain.php @@ -168,6 +168,19 @@ END;", $opt['logic']['waypoint_pool']['valid_chars']); + sql_dropFunction('CREATE_UUID'); + sql("CREATE FUNCTION `CREATE_UUID` () RETURNS VARCHAR(36) DETERMINISTIC SQL SECURITY INVOKER + BEGIN + SET @LAST_UUID = UUID(); + RETURN @LAST_UUID; + END;"); + + sql_dropFunction('GET_LAST_UUID'); + sql("CREATE FUNCTION `GET_LAST_UUID` () RETURNS VARCHAR(36) DETERMINISTIC SQL SECURITY INVOKER + BEGIN + RETURN @LAST_UUID; + END;"); + /* Stored procedures containing database logic */ @@ -504,6 +517,10 @@ SET NEW.`is_publishdate`=1; END IF; SET NEW.`need_npa_recalc`=1; + + IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN + SET NEW.`uuid`=CREATE_UUID(); + END IF; END;"); sql_dropTrigger('cachesAfterInsert'); @@ -612,6 +629,10 @@ SET NEW.`date_created`=NOW(); SET NEW.`last_modified`=NOW(); END IF; + + IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN + SET NEW.`uuid`=CREATE_UUID(); + END IF; END;"); sql_dropTrigger('cacheDescAfterInsert'); @@ -698,6 +719,10 @@ SET NEW.`date_created`=NOW(); SET NEW.`last_modified`=NOW(); END IF; + + IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN + SET NEW.`uuid`=CREATE_UUID(); + END IF; END;"); sql_dropTrigger('cacheLogsAfterInsert'); @@ -709,7 +734,7 @@ DECLARE cur1 CURSOR FOR SELECT `cache_watches`.`user_id` FROM `cache_watches` INNER JOIN `caches` ON `cache_watches`.`cache_id`=`caches`.`cache_id` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `cache_watches`.`cache_id`=NEW.cache_id AND `cache_status`.`allow_user_view`=1; DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1; - CALL sp_update_logstat(NEW.`cache_id`, NEW.`user_id`, NEW.`type`, FALSE); + CALL sp_update_logstat(NEW.`cache_id`, NEW.`user_id`, NEW.`type`, FALSE); OPEN cur1; REPEAT @@ -863,6 +888,10 @@ SET NEW.`date_created`=NOW(); SET NEW.`last_modified`=NOW(); END IF; + + IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN + SET NEW.`uuid`=CREATE_UUID(); + END IF; END;"); sql_dropTrigger('picturesAfterInsert'); @@ -1002,6 +1031,10 @@ SET NEW.`date_created`=NOW(); SET NEW.`last_modified`=NOW(); END IF; + + IF ISNULL(NEW.`uuid`) OR NEW.`uuid`='' THEN + SET NEW.`uuid`=CREATE_UUID(); + END IF; END;"); sql_dropTrigger('userBeforeUpdate'); @@ -1085,6 +1118,13 @@ SET NEW.`date_created`=NOW(); END;"); + sql_dropTrigger('sysSessionsBeforeInsert'); + sql("CREATE TRIGGER `sysSessionsBeforeInsert` BEFORE INSERT ON `sys_sessions` + FOR EACH ROW + BEGIN + SET NEW.`last_login`=NOW(); + END;"); + sql_dropTrigger('sysSessionsAfterInsert'); sql("CREATE TRIGGER `sysSessionsAfterInsert` AFTER INSERT ON `sys_sessions` FOR EACH ROW diff --git a/htdocs/lib/auth.inc.php b/htdocs/lib/auth.inc.php index c7404289..4f827cdc 100644 --- a/htdocs/lib/auth.inc.php +++ b/htdocs/lib/auth.inc.php @@ -1,117 +1,49 @@ - 0) - { - $record = sql_fetch_array($rs); - return $record['username']; - } - else - { - //user not exists - return false; - } - } - - /* auth_user - fills usr[] - * no return value - */ - function auth_user() - { - global $usr, $login; - $login->verify(); - - if ($login->userid != 0) - { - //set up $usr array - $usr['userid'] = $login->userid; - $usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", ''); - $usr['username'] = $login->username; - } - else - $usr = false; - - return; - } - - /* auth_login - try to log in a user - * returns the userid on success, otherwise false - */ - function auth_login($user, $password) - { - global $login, $autherr; - $retval = $login->try_login($user, $password, null); - - switch ($retval) - { - case LOGIN_TOOMUCHLOGINS: - $autherr = AUTHERR_TOOMUCHLOGINS; - return false; - - case LOGIN_USERNOTACTIVE: - $autherr = AUTHERR_USERNOTACTIVE; - return false; - - case LOGIN_BADUSERPW: - $autherr = AUTHERR_WRONGAUTHINFO; - return false; - - case LOGIN_OK: - $autherr = AUTHERR_NOERROR; - return $login->userid; - - default: - $autherr = AUTHERR_WRONGAUTHINFO; - return false; - } - } - - /* auth_logout - log out the user - * returns false if the user wasn't logged in, true if success - */ - function auth_logout() - { - global $login, $usr; - if ($login->userid != 0) - { - $login->logout(); - return true; - } - else - { - $usr = false; - return false; - } - } +verify(); + + if ($login->userid != 0) + { + //set up $usr array + $usr['userid'] = $login->userid; + $usr['email'] = sqlValue("SELECT `email` FROM `user` WHERE `user_id`='" . sql_escape($login->userid) . "'", ''); + $usr['username'] = $login->username; + } + else + $usr = false; + + return; + } ?> \ No newline at end of file diff --git a/htdocs/lib/clicompatbase.inc.php b/htdocs/lib/clicompatbase.inc.php index a58f4373..f7dc816b 100644 --- a/htdocs/lib/clicompatbase.inc.php +++ b/htdocs/lib/clicompatbase.inc.php @@ -69,20 +69,6 @@ $module, $eventid, $userid, $objectid1, $objectid2, $logtext, serialize($details)); } - //create a "universal unique" replication "identifier" - function create_uuid() - { - $uuid = mb_strtoupper(md5(uniqid(rand(), true))); - - //split into XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (type VARCHAR 36, case insensitiv) - $uuid = mb_substr($uuid, 0, 8) . '-' . mb_substr($uuid, -24); - $uuid = mb_substr($uuid, 0, 13) . '-' . mb_substr($uuid, -20); - $uuid = mb_substr($uuid, 0, 18) . '-' . mb_substr($uuid, -16); - $uuid = mb_substr($uuid, 0, 23) . '-' . mb_substr($uuid, -12); - - return $uuid; - } - // set a unique waypoint to this cache function setCacheWaypoint($cacheid) { diff --git a/htdocs/lib/login.class.php b/htdocs/lib/login.class.php index 943fd8bc..2bc41f68 100644 --- a/htdocs/lib/login.class.php +++ b/htdocs/lib/login.class.php @@ -1,232 +1,167 @@ -is_set('userid') && $cookie->is_set('username')) - { - $this->userid = $cookie->get('userid')+0; - $this->username = $cookie->get('username'); - $this->permanent = (($cookie->get('permanent')+0) == 1); - $this->lastlogin = $cookie->get('lastlogin'); - $this->sessionid = $cookie->get('sessionid'); - $this->admin = (($cookie->get('admin')+0) == 1); - $this->verified = false; - - // wenn lastlogin zu 50% abgelaufen, verify() - // permanent = 90 Tage, sonst 60 Minuten - if ((($this->permanent == true) && (strtotime($this->lastlogin) + LOGIN_TIME/2 < time())) || - (($this->permanent == false) && (strtotime($this->lastlogin) + LOGIN_TIME_PERMANENT/2 < time()))) - $this->verify(); - - if ($this->admin != false) - $this->verify(); - } - else - $this->pClear(); - } - - function pClear() - { - // set to no valid login - $this->userid = 0; - $this->username = ''; - $this->permanent = false; - $this->lastlogin = ''; - $this->sessionid = ''; - $this->admin = false; - $this->verified = true; - - $this->pStoreCookie(); - } - - function pStoreCookie() - { - global $cookie; - $cookie->set('userid', $this->userid); - $cookie->set('username', $this->username); - $cookie->set('permanent', ($this->permanent==true ? 1 : 0)); - $cookie->set('lastlogin', $this->lastlogin); - $cookie->set('sessionid', $this->sessionid); - $cookie->set('admin', ($this->admin==true ? 1 : 0)); - } - - function verify() - { - if ($this->verified == true) - return; - - if ($this->userid == 0) - { - $this->pClear(); - return; - } - - $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); - $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); - - $rs = sql("SELECT `sys_sessions`.`last_login`, `user`.`admin` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin); - if ($rUser = sql_fetch_assoc($rs)) - { - if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) || - (($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time()))) - { - sql("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid); - $rUser['last_login'] = date('Y-m-d H:i:s'); - } - - // user.last_login is used for statics, so we keep it up2date - sql("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid); - - $this->lastlogin = $rUser['last_login']; - $this->admin = ($rUser['admin'] == 1); - $this->verified = true; - } - else - { - // prevent bruteforce - sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); - - $this->pClear(); - } - sql_free_result($rs); - - $this->pStoreCookie(); - return; - } - - function try_login($user, $password, $permanent) - { - global $opt; - - $this->pClear(); - - // check the number of logins in the last hour ... - sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600)); - $logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0); - if ($logins_count > 24) - return LOGIN_TOOMUCHLOGINS; - - // delete old sessions - $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); - sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent); - - $pwmd5 = md5($password); - if ($opt['login']['hash']) - $pwmd5 = hash('sha512', $pwmd5); - - // compare $user with email and username, if both matches use email - $rsUser = sql("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION - SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5); - $rUser = sql_fetch_assoc($rsUser); - sql_free_result($rsUser); - - if ($permanent == null) - $permanent = ($rUser['permanent_login_flag'] == 1); - - if ($rUser) - { - // ok, there is a valid login - if ($rUser['is_active_flag'] != 0) - { - // begin session - $uuid = sqlValue('SELECT UUID()', ''); - sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0)); - $this->userid = $rUser['user_id']; - $this->username = $rUser['username']; - $this->permanent = $permanent; - $this->lastlogin = date('Y-m-d H:i:s'); - $this->sessionid = $uuid; - $this->admin = ($rUser['admin'] == 1); - $this->verified = true; - - $retval = LOGIN_OK; - } - else - $retval = LOGIN_USERNOTACTIVE; - } - else - { - // sorry, bad login - $retval = LOGIN_BADUSERPW; - } - - sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1)); - - // store to cookie - $this->pStoreCookie(); - - return $retval; - } - - function logout() - { - sql("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid); - $this->pClear(); - } - - public function hasAdminPriv($privilege = false) - { - global $cookie; - - $this->verify(); - - if ($privilege === false) - return $this->admin != 0; - - return ($this->admin & $privilege) == $privilege; - } -} +is_set('userid') && $cookie->is_set('username')) + { + $this->userid = $cookie->get('userid')+0; + $this->username = $cookie->get('username'); + $this->permanent = (($cookie->get('permanent')+0) == 1); + $this->lastlogin = $cookie->get('lastlogin'); + $this->sessionid = $cookie->get('sessionid'); + $this->admin = (($cookie->get('admin')+0) == 1); + $this->verified = false; + + $this->verify(); + } + else + $this->pClear(); + } + + function pClear() + { + // set to no valid login + $this->userid = 0; + $this->username = ''; + $this->permanent = false; + $this->lastlogin = ''; + $this->sessionid = ''; + $this->admin = false; + $this->verified = true; + + $this->pStoreCookie(); + } + + function pStoreCookie() + { + global $cookie; + $cookie->set('userid', $this->userid); + $cookie->set('username', $this->username); + $cookie->set('permanent', ($this->permanent==true ? 1 : 0)); + $cookie->set('lastlogin', $this->lastlogin); + $cookie->set('sessionid', $this->sessionid); + $cookie->set('admin', ($this->admin==true ? 1 : 0)); + } + + function verify() + { + if ($this->verified == true) + return; + + if ($this->userid == 0) + { + $this->pClear(); + return; + } + + if ($this->checkLoginsCount() == false) + { + $this->pClear(); + return; + } + + $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); + $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); + + $rs = sql("SELECT `sys_sessions`.`last_login`, `user`.`admin` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin); + if ($rUser = sql_fetch_assoc($rs)) + { + if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) || + (($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time()))) + { + sql("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid); + $rUser['last_login'] = date('Y-m-d H:i:s'); + } + + // user.last_login is used for statics, so we keep it up2date + sql("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid); + + $this->lastlogin = $rUser['last_login']; + $this->admin = ($rUser['admin'] == 1); + $this->verified = true; + } + else + { + // prevent bruteforce + sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); + + $this->pClear(); + } + sql_free_result($rs); + + $this->pStoreCookie(); + return; + } + + public function hasAdminPriv($privilege = false) + { + global $cookie; + + $this->verify(); + + if ($privilege === false) + return $this->admin != 0; + + return ($this->admin & $privilege) == $privilege; + } + + function checkLoginsCount() + { + global $opt; + + // cleanup old entries + // (execute only every 50 search calls) + if (rand(1, 50) == 1) + sql("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600)); + + // check the number of logins in the last hour ... + $logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "' AND `date_created`>'" . sql_escape(date('Y-m-d H:i:s', time() - 3600)) . "'", 0); + if ($logins_count > $opt['page']['max_logins_per_hour']) + return false; + else + return true; + } +} ?> \ No newline at end of file diff --git a/htdocs/lib/settings-dist.inc.php b/htdocs/lib/settings-dist.inc.php index 2b10ad50..04759348 100644 --- a/htdocs/lib/settings-dist.inc.php +++ b/htdocs/lib/settings-dist.inc.php @@ -117,6 +117,11 @@ $cachemap_dir = $rootpath . $cachemap_url; $opt['translate']['debug'] = false; + + /* maximum number of failed logins per hour before that IP address is blocked + * (used to prevent brute-force-attacks) + */ + $opt['page']['max_logins_per_hour'] = 25; // copy of config2/settings-dist.inc.php /* pregenerated waypoint list for new caches diff --git a/htdocs/lib2/logic/cache.class.php b/htdocs/lib2/logic/cache.class.php index eba300dc..31da2020 100644 --- a/htdocs/lib2/logic/cache.class.php +++ b/htdocs/lib2/logic/cache.class.php @@ -1,430 +1,430 @@ -reCache = new rowEditor('caches'); - $this->reCache->addPKInt('cache_id', null, false, RE_INSERT_AUTOINCREMENT); - $this->reCache->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID); - $this->reCache->addInt('node', 0, false); - $this->reCache->addDate('date_created', time(), true, RE_INSERT_IGNORE); - $this->reCache->addDate('last_modified', time(), true, RE_INSERT_IGNORE); - $this->reCache->addInt('user_id', 0, false); - $this->reCache->addString('name', '', false); - $this->reCache->addDouble('longitude', 0, false); - $this->reCache->addDouble('latitude', 0, false); - $this->reCache->addInt('type', 1, false); - $this->reCache->addInt('status', 5, false); - $this->reCache->addString('country', '', false); - $this->reCache->addDate('date_hidden', time(), false); - $this->reCache->addInt('size', 1, false); - $this->reCache->addFloat('difficulty', 1, false); - $this->reCache->addFloat('terrain', 1, false); - $this->reCache->addString('logpw', '', false); - $this->reCache->addFloat('search_time', 0, false); - $this->reCache->addFloat('way_length', 0, false); - $this->reCache->addString('wp_oc', null, true); - $this->reCache->addString('wp_gc', '', false); - $this->reCache->addString('wp_nc', '', false); - $this->reCache->addString('desc_languages', '', false, RE_INSERT_IGNORE); - $this->reCache->addString('default_desclang', '', false); - $this->reCache->addDate('date_activate', null, true); - $this->reCache->addInt('need_npa_recalc', 1, false, RE_INSERT_IGNORE); - - $this->nCacheId = $nNewCacheId+0; - - if ($nNewCacheId == ID_NEW) - { - $this->reCache->addNew(null); - } - else - { - $this->reCache->load($this->nCacheId); - } - } - - function exist() - { - return $this->reCache->exist(); - } - - function getCacheId() - { - return $this->nCacheId; - } - function getStatus() - { - return $this->reCache->getValue('status'); - } - function getType() - { - return $this->reCache->getValue('type'); - } - function getName() - { - return $this->reCache->getValue('name'); - } - function getLongitude() - { - return $this->reCache->getValue('longitude'); - } - function getLatitude() - { - return $this->reCache->getValue('latitude'); - } - function getUserId() - { - return $this->reCache->getValue('user_id'); - } - function getUsername() - { - return sql_value("SELECT `username` FROM `user` WHERE `user_id`='&1'", '', $this->getUserId()); - } - function getWPOC() - { - return $this->reCache->getValue('wp_oc'); - } - function getWPGC() - { - return $this->reCache->getValue('wp_gc'); - } - function getWPNC() - { - return $this->reCache->getValue('wp_nc'); - } - - function getUUID() - { - return $this->reCache->getValue('uuid'); - } - function getLastModified() - { - return $this->reCache->getValue('last_modified'); - } - function getDateCreated() - { - return $this->reCache->getValue('date_created'); - } - function getNode() - { - return $this->reCache->getValue('node'); - } - function setNode($value) - { - return $this->reCache->setValue('node', $value); - } - function setStatus($value) - { - if (sql_value("SELECT COUNT(*) FROM `cache_status` WHERE `id`='&1'", 0, $value) == 1) - { - return $this->reCache->setValue('status', $value); - } - else - { - return false; - } - } - - function getAnyChanged() - { - return $this->reCache->getAnyChanged(); - } - - // return if successfull (with insert) - function save() - { - if ($this->reCache->save()) - { - sql_slave_exclude(); - return true; - } - else - return false; - } - - function requireLogPW() - { - return $this->reCache->getValue('logpw') != ''; - } - - // TODO: use prepared one way hash - function validateLogPW($nLogType, $sLogPW) - { - if ($sLogPW == '') - return true; - - if (sql_value("SELECT `require_password` FROM `log_types` WHERE `id`='&1'", 0, $nLogType) == 0) - return true; - - return ($sLogPW == $this->reCache->getValue('logpw')); - } - - static function visitCounter($nVisitUserId, $sRemoteAddr, $nCacheId) - { - // delete cache_visits older 1 day 60*60*24 = 86400 - sql("DELETE FROM `cache_visits` WHERE `cache_id`='&1' AND `user_id_ip`!='0' AND NOW()-`last_modified`>86400", $nCacheId); - - if ($nVisitUserId==0) - $sIdentifier = $sRemoteAddr; - else - $sIdentifier = $nVisitUserId; - - // note the visit of this user - sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '&2', 1) - ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId, $sIdentifier); - - // if the previous statement does an INSERT, it was the first visit for this user - if (sql_affected_rows() == 1) - { - if ($nVisitUserId != sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $nCacheId)) - { - // increment the counter for this cache - sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '0', 1) - ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId); - } - } - } - - static function getLogsCount($cacheid) - { - //prepare the logs - $rsLogs = sql("SELECT COUNT(*) FROM `cache_logs` WHERE `cache_id`='&1'", $cacheid); - $rLog = sql_fetch_assoc($rsLogs); - sql_free_result($rsLogs); - - return $rLog; - } - - - static function getLogsArray($cacheid, $start, $count) - { - //prepare the logs - $rsLogs = sql(" - SELECT `cache_logs`.`user_id` AS `userid`, - `cache_logs`.`id` AS `id`, - `cache_logs`.`uuid` AS `uuid`, - `cache_logs`.`date` AS `date`, - `cache_logs`.`type` AS `type`, - `cache_logs`.`text` AS `text`, - `cache_logs`.`text_html` AS `texthtml`, - `cache_logs`.`picture`, - `user`.`username` AS `username`, - IF(ISNULL(`cache_rating`.`cache_id`), 0, `cache_logs`.`type` IN (1,7)) AS `recommended` - FROM `cache_logs` - INNER JOIN `user` ON `user`.`user_id` = `cache_logs`.`user_id` - LEFT JOIN `cache_rating` ON `cache_logs`.`cache_id`=`cache_rating`.`cache_id` AND `cache_logs`.`user_id`=`cache_rating`.`user_id` - WHERE `cache_logs`.`cache_id`='&1' - ORDER BY `cache_logs`.`date` DESC, `cache_logs`.`Id` DESC LIMIT &2, &3", $cacheid, $start+0, $count+0); - - $logs = array(); - while ($rLog = sql_fetch_assoc($rsLogs)) - { - $pictures = array(); - $rsPictures = sql("SELECT `url`, `title`, `uuid` FROM `pictures` WHERE `object_id`='&1' AND `object_type`=1", $rLog['id']); - while ($rPicture = sql_fetch_assoc($rsPictures)) - $pictures[] = $rPicture; - sql_free_result($rsPictures); - $rLog['pictures'] = $pictures; - - $logs[] = $rLog; - } - sql_free_result($rsLogs); - - return $logs; - } - - function report($userid, $reportreason, $reportnote) - { - sql("INSERT INTO cache_reports (`cacheid`, `userid`, `reason`, `note`) - VALUES(&1, &2, &3, '&4')", - $this->nCacheId, $userid, $reportreason, $reportnote); - - return true; - } - - function addAdoption($userid) - { - if ($this->allowEdit() == false) - return false; - - if (sql_value("SELECT COUNT(*) FROM `user` WHERE `user_id`='&1' AND `is_active_flag`=1", 0, $userid) == 0) - return false; - - // same user? - if ($this->getUserId() == $userid) - return false; - - sql("INSERT IGNORE INTO `cache_adoption` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $userid); - - return true; - } - - function cancelAdoption($userid) - { - global $login; - - if ($this->allowEdit() == false && $login->userid != $userid) - return false; - - sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1' AND `cache_id`='&2'", $userid, $this->nCacheId); - - return true; - } - - function commitAdoption($userid) - { - global $login; - - // cache_adoption exists? - if (sql_value("SELECT COUNT(*) FROM `cache_adoption` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $userid) == 0) - return false; - - // new user active? - if (sql_value("SELECT `is_active_flag` FROM `user` WHERE `user_id`='&1'", 0, $userid) != 1) - return false; - - sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`) - VALUES ('cache', 5, '&1', '&2', '&3', '&4')", - $login->userid, $this->nCacheId, 0, - 'Cache ' . sql_escape($this->nCacheId) . ' has changed the owner from userid ' . sql_escape($this->getUserId()) . ' to ' . sql_escape($userid) . ' by ' . sql_escape($login->userid)); - sql("UPDATE `caches` SET `user_id`='&1' WHERE `cache_id`='&2'", $userid, $this->nCacheId); - sql("DELETE FROM `cache_adoption` WHERE `cache_id`='&1'", $this->nCacheId); - - $this->reCache->setValue('user_id', $userid); - - return true; - } - - // true if anyone can view the cache - function isPublic() - { - return (sql_value("SELECT `allow_user_view` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1); - } - function allowView() - { - global $login; - - if ($this->isPublic()) - return true; - - $login->verify(); - - if (($login->admin & ADMIN_USER) == ADMIN_USER) - return true; - else if ($this->getUserId() == $login->userid) - return true; - - return false; - } - function allowEdit() - { - global $login; - - $login->verify(); - if ($this->getUserId() == $login->userid) - return true; - - return false; - } - function allowLog() - { - global $login; - - $login->verify(); - if ($this->getUserId() == $login->userid) - return true; - - return (sql_value("SELECT `allow_user_log` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1); - } - - function isRecommendedByUser($nUserId) - { - return (sql_value("SELECT COUNT(*) FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $nUserId) > 0); - } - function addRecommendation($nUserId) - { - // rating_date will be set to NOW() by Insert-trigger - sql("INSERT IGNORE INTO `cache_rating` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $nUserId); - } - function removeRecommendation($nUserId) - { - sql("DELETE FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", $this->nCacheId, $nUserId); - } -} +reCache = new rowEditor('caches'); + $this->reCache->addPKInt('cache_id', null, false, RE_INSERT_AUTOINCREMENT); + $this->reCache->addString('uuid', '', false, RE_INSERT_AUTOUUID); + $this->reCache->addInt('node', 0, false); + $this->reCache->addDate('date_created', time(), true, RE_INSERT_IGNORE); + $this->reCache->addDate('last_modified', time(), true, RE_INSERT_IGNORE); + $this->reCache->addInt('user_id', 0, false); + $this->reCache->addString('name', '', false); + $this->reCache->addDouble('longitude', 0, false); + $this->reCache->addDouble('latitude', 0, false); + $this->reCache->addInt('type', 1, false); + $this->reCache->addInt('status', 5, false); + $this->reCache->addString('country', '', false); + $this->reCache->addDate('date_hidden', time(), false); + $this->reCache->addInt('size', 1, false); + $this->reCache->addFloat('difficulty', 1, false); + $this->reCache->addFloat('terrain', 1, false); + $this->reCache->addString('logpw', '', false); + $this->reCache->addFloat('search_time', 0, false); + $this->reCache->addFloat('way_length', 0, false); + $this->reCache->addString('wp_oc', null, true); + $this->reCache->addString('wp_gc', '', false); + $this->reCache->addString('wp_nc', '', false); + $this->reCache->addString('desc_languages', '', false, RE_INSERT_IGNORE); + $this->reCache->addString('default_desclang', '', false); + $this->reCache->addDate('date_activate', null, true); + $this->reCache->addInt('need_npa_recalc', 1, false, RE_INSERT_IGNORE); + + $this->nCacheId = $nNewCacheId+0; + + if ($nNewCacheId == ID_NEW) + { + $this->reCache->addNew(null); + } + else + { + $this->reCache->load($this->nCacheId); + } + } + + function exist() + { + return $this->reCache->exist(); + } + + function getCacheId() + { + return $this->nCacheId; + } + function getStatus() + { + return $this->reCache->getValue('status'); + } + function getType() + { + return $this->reCache->getValue('type'); + } + function getName() + { + return $this->reCache->getValue('name'); + } + function getLongitude() + { + return $this->reCache->getValue('longitude'); + } + function getLatitude() + { + return $this->reCache->getValue('latitude'); + } + function getUserId() + { + return $this->reCache->getValue('user_id'); + } + function getUsername() + { + return sql_value("SELECT `username` FROM `user` WHERE `user_id`='&1'", '', $this->getUserId()); + } + function getWPOC() + { + return $this->reCache->getValue('wp_oc'); + } + function getWPGC() + { + return $this->reCache->getValue('wp_gc'); + } + function getWPNC() + { + return $this->reCache->getValue('wp_nc'); + } + + function getUUID() + { + return $this->reCache->getValue('uuid'); + } + function getLastModified() + { + return $this->reCache->getValue('last_modified'); + } + function getDateCreated() + { + return $this->reCache->getValue('date_created'); + } + function getNode() + { + return $this->reCache->getValue('node'); + } + function setNode($value) + { + return $this->reCache->setValue('node', $value); + } + function setStatus($value) + { + if (sql_value("SELECT COUNT(*) FROM `cache_status` WHERE `id`='&1'", 0, $value) == 1) + { + return $this->reCache->setValue('status', $value); + } + else + { + return false; + } + } + + function getAnyChanged() + { + return $this->reCache->getAnyChanged(); + } + + // return if successfull (with insert) + function save() + { + if ($this->reCache->save()) + { + sql_slave_exclude(); + return true; + } + else + return false; + } + + function requireLogPW() + { + return $this->reCache->getValue('logpw') != ''; + } + + // TODO: use prepared one way hash + function validateLogPW($nLogType, $sLogPW) + { + if ($sLogPW == '') + return true; + + if (sql_value("SELECT `require_password` FROM `log_types` WHERE `id`='&1'", 0, $nLogType) == 0) + return true; + + return ($sLogPW == $this->reCache->getValue('logpw')); + } + + static function visitCounter($nVisitUserId, $sRemoteAddr, $nCacheId) + { + // delete cache_visits older 1 day 60*60*24 = 86400 + sql("DELETE FROM `cache_visits` WHERE `cache_id`='&1' AND `user_id_ip`!='0' AND NOW()-`last_modified`>86400", $nCacheId); + + if ($nVisitUserId==0) + $sIdentifier = $sRemoteAddr; + else + $sIdentifier = $nVisitUserId; + + // note the visit of this user + sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '&2', 1) + ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId, $sIdentifier); + + // if the previous statement does an INSERT, it was the first visit for this user + if (sql_affected_rows() == 1) + { + if ($nVisitUserId != sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $nCacheId)) + { + // increment the counter for this cache + sql("INSERT INTO `cache_visits` (`cache_id`, `user_id_ip`, `count`) VALUES (&1, '0', 1) + ON DUPLICATE KEY UPDATE `count`=`count`+1", $nCacheId); + } + } + } + + static function getLogsCount($cacheid) + { + //prepare the logs + $rsLogs = sql("SELECT COUNT(*) FROM `cache_logs` WHERE `cache_id`='&1'", $cacheid); + $rLog = sql_fetch_assoc($rsLogs); + sql_free_result($rsLogs); + + return $rLog; + } + + + static function getLogsArray($cacheid, $start, $count) + { + //prepare the logs + $rsLogs = sql(" + SELECT `cache_logs`.`user_id` AS `userid`, + `cache_logs`.`id` AS `id`, + `cache_logs`.`uuid` AS `uuid`, + `cache_logs`.`date` AS `date`, + `cache_logs`.`type` AS `type`, + `cache_logs`.`text` AS `text`, + `cache_logs`.`text_html` AS `texthtml`, + `cache_logs`.`picture`, + `user`.`username` AS `username`, + IF(ISNULL(`cache_rating`.`cache_id`), 0, `cache_logs`.`type` IN (1,7)) AS `recommended` + FROM `cache_logs` + INNER JOIN `user` ON `user`.`user_id` = `cache_logs`.`user_id` + LEFT JOIN `cache_rating` ON `cache_logs`.`cache_id`=`cache_rating`.`cache_id` AND `cache_logs`.`user_id`=`cache_rating`.`user_id` + WHERE `cache_logs`.`cache_id`='&1' + ORDER BY `cache_logs`.`date` DESC, `cache_logs`.`Id` DESC LIMIT &2, &3", $cacheid, $start+0, $count+0); + + $logs = array(); + while ($rLog = sql_fetch_assoc($rsLogs)) + { + $pictures = array(); + $rsPictures = sql("SELECT `url`, `title`, `uuid` FROM `pictures` WHERE `object_id`='&1' AND `object_type`=1", $rLog['id']); + while ($rPicture = sql_fetch_assoc($rsPictures)) + $pictures[] = $rPicture; + sql_free_result($rsPictures); + $rLog['pictures'] = $pictures; + + $logs[] = $rLog; + } + sql_free_result($rsLogs); + + return $logs; + } + + function report($userid, $reportreason, $reportnote) + { + sql("INSERT INTO cache_reports (`cacheid`, `userid`, `reason`, `note`) + VALUES(&1, &2, &3, '&4')", + $this->nCacheId, $userid, $reportreason, $reportnote); + + return true; + } + + function addAdoption($userid) + { + if ($this->allowEdit() == false) + return false; + + if (sql_value("SELECT COUNT(*) FROM `user` WHERE `user_id`='&1' AND `is_active_flag`=1", 0, $userid) == 0) + return false; + + // same user? + if ($this->getUserId() == $userid) + return false; + + sql("INSERT IGNORE INTO `cache_adoption` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $userid); + + return true; + } + + function cancelAdoption($userid) + { + global $login; + + if ($this->allowEdit() == false && $login->userid != $userid) + return false; + + sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1' AND `cache_id`='&2'", $userid, $this->nCacheId); + + return true; + } + + function commitAdoption($userid) + { + global $login; + + // cache_adoption exists? + if (sql_value("SELECT COUNT(*) FROM `cache_adoption` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $userid) == 0) + return false; + + // new user active? + if (sql_value("SELECT `is_active_flag` FROM `user` WHERE `user_id`='&1'", 0, $userid) != 1) + return false; + + sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`) + VALUES ('cache', 5, '&1', '&2', '&3', '&4')", + $login->userid, $this->nCacheId, 0, + 'Cache ' . sql_escape($this->nCacheId) . ' has changed the owner from userid ' . sql_escape($this->getUserId()) . ' to ' . sql_escape($userid) . ' by ' . sql_escape($login->userid)); + sql("UPDATE `caches` SET `user_id`='&1' WHERE `cache_id`='&2'", $userid, $this->nCacheId); + sql("DELETE FROM `cache_adoption` WHERE `cache_id`='&1'", $this->nCacheId); + + $this->reCache->setValue('user_id', $userid); + + return true; + } + + // true if anyone can view the cache + function isPublic() + { + return (sql_value("SELECT `allow_user_view` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1); + } + function allowView() + { + global $login; + + if ($this->isPublic()) + return true; + + $login->verify(); + + if (($login->admin & ADMIN_USER) == ADMIN_USER) + return true; + else if ($this->getUserId() == $login->userid) + return true; + + return false; + } + function allowEdit() + { + global $login; + + $login->verify(); + if ($this->getUserId() == $login->userid) + return true; + + return false; + } + function allowLog() + { + global $login; + + $login->verify(); + if ($this->getUserId() == $login->userid) + return true; + + return (sql_value("SELECT `allow_user_log` FROM `cache_status` WHERE `id`='&1'", 0, $this->getStatus()) == 1); + } + + function isRecommendedByUser($nUserId) + { + return (sql_value("SELECT COUNT(*) FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", 0, $this->nCacheId, $nUserId) > 0); + } + function addRecommendation($nUserId) + { + // rating_date will be set to NOW() by Insert-trigger + sql("INSERT IGNORE INTO `cache_rating` (`cache_id`, `user_id`) VALUES ('&1', '&2')", $this->nCacheId, $nUserId); + } + function removeRecommendation($nUserId) + { + sql("DELETE FROM `cache_rating` WHERE `cache_id`='&1' AND `user_id`='&2'", $this->nCacheId, $nUserId); + } +} ?> \ No newline at end of file diff --git a/htdocs/lib2/logic/cachedesc.class.php b/htdocs/lib2/logic/cachedesc.class.php index 46697967..f41764b6 100644 --- a/htdocs/lib2/logic/cachedesc.class.php +++ b/htdocs/lib2/logic/cachedesc.class.php @@ -1,121 +1,121 @@ -reUser = new rowEditor('cache_desc'); - $this->reUser->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); - $this->reUser->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID); - $this->reUser->addInt('node', 0, false); - $this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE); - $this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE); - $this->reUser->addInt('cache_id', 0, false); - $this->reUser->addString('language', '', false); - $this->reUser->addString('desc', '', false); - $this->reUser->addInt('desc_html', 0, false); - $this->reUser->addInt('desc_htmledit', 0, false); - $this->reUser->addString('hint', '', false); - $this->reUser->addString('short_desc', '', false); - - $this->nCacheDescId = $nNewCacheDescId+0; - - if ($nNewCacheDescId == ID_NEW) - { - $this->reCacheDesc->addNew(null); - } - else - { - $this->reCacheDesc->load($this->nCacheDescId); - } - } - - function exist() - { - return $this->reCacheDesc->exist(); - } - - function getId() - { - return $this->reCacheDesc->getValue('id'); - } - function getUUID() - { - return $this->reCacheDesc->getValue('uuid'); - } - function getNode() - { - return $this->reCacheDesc->getValue('node'); - } - function setNode($value) - { - return $this->reCacheDesc->setValue('node', $value); - } - function getDateCreated() - { - return $this->reCacheDesc->getValue('date_created'); - } - function getLastModified() - { - return $this->reCacheDesc->getValue('last_modified'); - } - function getCacheId() - { - return $this->reCacheDesc->getValue('cache_id'); - } - function getLanguage() - { - return $this->reCacheDesc->getValue('language'); - } - function getDescAsHtml() - { - return $this->reCacheDesc->getValue('desc'); - } - function getIsDescHtml() - { - return ($this->reCacheDesc->getValue('desc_html')!=0); - } - function getDescHtmlEdit() - { - return ($this->reCacheDesc->getValue('desc_htmledit')!=0); - } - function getHint() - { - return $this->reCacheDesc->getValue('hint'); - } - function getShortDesc() - { - return $this->reCacheDesc->getValue('short_desc'); - } - - function getAnyChanged() - { - return $this->reCacheDesc->getAnyChanged(); - } - - // return if successfull (with insert) - function save() - { - sql_slave_exclude(); - return $this->reCacheDesc->save(); - } - - function reload() - { - $this->reCacheDesc->reload(); - } -} +reUser = new rowEditor('cache_desc'); + $this->reUser->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); + $this->reUser->addString('uuid', '', false, RE_INSERT_AUTOUUID); + $this->reUser->addInt('node', 0, false); + $this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE); + $this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE); + $this->reUser->addInt('cache_id', 0, false); + $this->reUser->addString('language', '', false); + $this->reUser->addString('desc', '', false); + $this->reUser->addInt('desc_html', 0, false); + $this->reUser->addInt('desc_htmledit', 0, false); + $this->reUser->addString('hint', '', false); + $this->reUser->addString('short_desc', '', false); + + $this->nCacheDescId = $nNewCacheDescId+0; + + if ($nNewCacheDescId == ID_NEW) + { + $this->reCacheDesc->addNew(null); + } + else + { + $this->reCacheDesc->load($this->nCacheDescId); + } + } + + function exist() + { + return $this->reCacheDesc->exist(); + } + + function getId() + { + return $this->reCacheDesc->getValue('id'); + } + function getUUID() + { + return $this->reCacheDesc->getValue('uuid'); + } + function getNode() + { + return $this->reCacheDesc->getValue('node'); + } + function setNode($value) + { + return $this->reCacheDesc->setValue('node', $value); + } + function getDateCreated() + { + return $this->reCacheDesc->getValue('date_created'); + } + function getLastModified() + { + return $this->reCacheDesc->getValue('last_modified'); + } + function getCacheId() + { + return $this->reCacheDesc->getValue('cache_id'); + } + function getLanguage() + { + return $this->reCacheDesc->getValue('language'); + } + function getDescAsHtml() + { + return $this->reCacheDesc->getValue('desc'); + } + function getIsDescHtml() + { + return ($this->reCacheDesc->getValue('desc_html')!=0); + } + function getDescHtmlEdit() + { + return ($this->reCacheDesc->getValue('desc_htmledit')!=0); + } + function getHint() + { + return $this->reCacheDesc->getValue('hint'); + } + function getShortDesc() + { + return $this->reCacheDesc->getValue('short_desc'); + } + + function getAnyChanged() + { + return $this->reCacheDesc->getAnyChanged(); + } + + // return if successfull (with insert) + function save() + { + sql_slave_exclude(); + return $this->reCacheDesc->save(); + } + + function reload() + { + $this->reCacheDesc->reload(); + } +} ?> \ No newline at end of file diff --git a/htdocs/lib2/logic/cachelog.class.php b/htdocs/lib2/logic/cachelog.class.php index c5582a63..9b2ec1d8 100644 --- a/htdocs/lib2/logic/cachelog.class.php +++ b/htdocs/lib2/logic/cachelog.class.php @@ -1,225 +1,225 @@ -exist() == false) - return false; - if ($cache->allowLog() == false) - return false; - - $oCacheLog = new cachelog(ID_NEW); - $oCacheLog->setUserId($nUserId); - $oCacheLog->setCacheId($nCacheId); - return $oCacheLog; - } - - function __construct($nNewLogId=ID_NEW) - { - $this->reCacheLog = new rowEditor('cache_logs'); - $this->reCacheLog->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); - $this->reCacheLog->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID); - $this->reCacheLog->addInt('node', 0, false); - $this->reCacheLog->addDate('date_created', time(), true, RE_INSERT_IGNORE); - $this->reCacheLog->addDate('last_modified', time(), true, RE_INSERT_IGNORE); - $this->reCacheLog->addInt('cache_id', 0, false); - $this->reCacheLog->addInt('user_id', 0, false); - $this->reCacheLog->addInt('type', 0, false); - $this->reCacheLog->addDate('date', time(), false); - $this->reCacheLog->addString('text', '', false); - $this->reCacheLog->addInt('text_html', 0, false); - $this->reCacheLog->addInt('text_htmledit', 0, false); - $this->reCacheLog->addInt('owner_notified', 0, false); - $this->reCacheLog->addInt('picture', 0, false); - - $this->nLogId = $nNewLogId+0; - - if ($nNewLogId == ID_NEW) - { - $this->reCacheLog->addNew(null); - } - else - { - $this->reCacheLog->load($this->nLogId); - } - } - - function exist() - { - return $this->reCacheLog->exist(); - } - - function getLogId() - { - return $this->nLogId; - } - function getUserId() - { - return $this->reCacheLog->getValue('user_id'); - } - function setUserId($value) - { - return $this->reCacheLog->setValue('user_id', $value); - } - function getCacheId() - { - return $this->reCacheLog->getValue('cache_id'); - } - function setCacheId($value) - { - return $this->reCacheLog->setValue('cache_id', $value); - } - function getType() - { - return $this->reCacheLog->getValue('type'); - } - function setType($value) - { - $nValidLogTypes = $this->getValidLogTypes(); - if (array_search($value, $nValidLogTypes) === false) - return false; - - return $this->reCacheLog->setValue('type', $value); - } - function getDate() - { - return $this->reCacheLog->getValue('date'); - } - function setDate($value) - { - return $this->reCacheLog->setValue('date', $value); - } - function getText() - { - return $this->reCacheLog->getValue('text'); - } - function setText($value) - { - return $this->reCacheLog->setValue('text', $value); - } - function getTextHtml() - { - return $this->reCacheLog->getValue('text_html'); - } - function setTextHtml($value) - { - return $this->reCacheLog->setValue('text_html', $value); - } - function getTextHtmlEdit() - { - return $this->reCacheLog->getValue('text_html'); - } - function setTextHtmlEdit($value) - { - return $this->reCacheLog->setValue('text_htmledit', $value); - } - - function getUUID() - { - return $this->reCacheLog->getValue('uuid'); - } - function getLastModified() - { - return $this->reCacheLog->getValue('last_modified'); - } - function getDateCreated() - { - return $this->reCacheLog->getValue('date_created'); - } - function getNode() - { - return $this->reCacheLog->getValue('node'); - } - function setNode($value) - { - return $this->reCacheLog->setValue('node', $value); - } - - function getAnyChanged() - { - return $this->reCacheLog->getAnyChanged(); - } - - // return if successfull (with insert) - function save() - { - sql_slave_exclude(); - return $this->reCacheLog->save(); - } - - function allowView() - { - global $login; - - $login->verify(); - if (sql_value("SELECT `cache_status`.`allow_user_view` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `caches`.`cache_id`='&1'", 0, $this->getCacheId()) == 1) - return true; - else if ($login->userid == sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $this->getCacheId())) - return true; - - return false; - } - - function allowEdit() - { - global $login; - - $login->verify(); - if ($this->getUserId() == $login->userid) - return true; - - return false; - } - - /* will depend on userid in future e.g. maintainance-logs etc. */ - function getValidLogTypes() - { - $cache = new cache($this->getCacheId()); - if ($cache->exist() == false) - return array(); - if ($cache->allowLog() == false) - return array(); - - $nTypes = array(); - $rs = sql("SELECT `log_type_id` FROM `cache_logtype` WHERE `cache_type_id`='&1'", $cache->getType()); - while ($r = sql_fetch_assoc($rs)) - $nTypes[] = $r['log_type_id']; - sql_free_result($rs); - - return $nTypes; - } -} +exist() == false) + return false; + if ($cache->allowLog() == false) + return false; + + $oCacheLog = new cachelog(ID_NEW); + $oCacheLog->setUserId($nUserId); + $oCacheLog->setCacheId($nCacheId); + return $oCacheLog; + } + + function __construct($nNewLogId=ID_NEW) + { + $this->reCacheLog = new rowEditor('cache_logs'); + $this->reCacheLog->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); + $this->reCacheLog->addString('uuid', '', false, RE_INSERT_AUTOUUID); + $this->reCacheLog->addInt('node', 0, false); + $this->reCacheLog->addDate('date_created', time(), true, RE_INSERT_IGNORE); + $this->reCacheLog->addDate('last_modified', time(), true, RE_INSERT_IGNORE); + $this->reCacheLog->addInt('cache_id', 0, false); + $this->reCacheLog->addInt('user_id', 0, false); + $this->reCacheLog->addInt('type', 0, false); + $this->reCacheLog->addDate('date', time(), false); + $this->reCacheLog->addString('text', '', false); + $this->reCacheLog->addInt('text_html', 0, false); + $this->reCacheLog->addInt('text_htmledit', 0, false); + $this->reCacheLog->addInt('owner_notified', 0, false); + $this->reCacheLog->addInt('picture', 0, false); + + $this->nLogId = $nNewLogId+0; + + if ($nNewLogId == ID_NEW) + { + $this->reCacheLog->addNew(null); + } + else + { + $this->reCacheLog->load($this->nLogId); + } + } + + function exist() + { + return $this->reCacheLog->exist(); + } + + function getLogId() + { + return $this->nLogId; + } + function getUserId() + { + return $this->reCacheLog->getValue('user_id'); + } + function setUserId($value) + { + return $this->reCacheLog->setValue('user_id', $value); + } + function getCacheId() + { + return $this->reCacheLog->getValue('cache_id'); + } + function setCacheId($value) + { + return $this->reCacheLog->setValue('cache_id', $value); + } + function getType() + { + return $this->reCacheLog->getValue('type'); + } + function setType($value) + { + $nValidLogTypes = $this->getValidLogTypes(); + if (array_search($value, $nValidLogTypes) === false) + return false; + + return $this->reCacheLog->setValue('type', $value); + } + function getDate() + { + return $this->reCacheLog->getValue('date'); + } + function setDate($value) + { + return $this->reCacheLog->setValue('date', $value); + } + function getText() + { + return $this->reCacheLog->getValue('text'); + } + function setText($value) + { + return $this->reCacheLog->setValue('text', $value); + } + function getTextHtml() + { + return $this->reCacheLog->getValue('text_html'); + } + function setTextHtml($value) + { + return $this->reCacheLog->setValue('text_html', $value); + } + function getTextHtmlEdit() + { + return $this->reCacheLog->getValue('text_html'); + } + function setTextHtmlEdit($value) + { + return $this->reCacheLog->setValue('text_htmledit', $value); + } + + function getUUID() + { + return $this->reCacheLog->getValue('uuid'); + } + function getLastModified() + { + return $this->reCacheLog->getValue('last_modified'); + } + function getDateCreated() + { + return $this->reCacheLog->getValue('date_created'); + } + function getNode() + { + return $this->reCacheLog->getValue('node'); + } + function setNode($value) + { + return $this->reCacheLog->setValue('node', $value); + } + + function getAnyChanged() + { + return $this->reCacheLog->getAnyChanged(); + } + + // return if successfull (with insert) + function save() + { + sql_slave_exclude(); + return $this->reCacheLog->save(); + } + + function allowView() + { + global $login; + + $login->verify(); + if (sql_value("SELECT `cache_status`.`allow_user_view` FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE `caches`.`cache_id`='&1'", 0, $this->getCacheId()) == 1) + return true; + else if ($login->userid == sql_value("SELECT `user_id` FROM `caches` WHERE `cache_id`='&1'", 0, $this->getCacheId())) + return true; + + return false; + } + + function allowEdit() + { + global $login; + + $login->verify(); + if ($this->getUserId() == $login->userid) + return true; + + return false; + } + + /* will depend on userid in future e.g. maintainance-logs etc. */ + function getValidLogTypes() + { + $cache = new cache($this->getCacheId()); + if ($cache->exist() == false) + return array(); + if ($cache->allowLog() == false) + return array(); + + $nTypes = array(); + $rs = sql("SELECT `log_type_id` FROM `cache_logtype` WHERE `cache_type_id`='&1'", $cache->getType()); + while ($r = sql_fetch_assoc($rs)) + $nTypes[] = $r['log_type_id']; + sql_free_result($rs); + + return $nTypes; + } +} ?> \ No newline at end of file diff --git a/htdocs/lib2/logic/const.inc.php b/htdocs/lib2/logic/const.inc.php index c3e448f3..400f9010 100644 --- a/htdocs/lib2/logic/const.inc.php +++ b/htdocs/lib2/logic/const.inc.php @@ -1,49 +1,49 @@ - 3 chars -- following 2012-8-6 - define('REGEX_PASSWORD', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{3,60}$'); - define('REGEX_LAST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$'); - define('REGEX_FIRST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$'); - define('REGEX_STATPIC_TEXT', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖß=)(\/\\\&*\$+~#!§%;,-?:\[\]{}¹²³\'\"`\|µ°\%]{0,30}$'); - - define('ADMIN_TRANSLATE', 1); // edit translation - define('ADMIN_MAINTAINANCE', 2); // check table etc. - define('ADMIN_USER', 4); // drop users, caches etc. - define('ADMIN_NEWS', 8); // approve news entries - define('ADMIN_ROOT', 128 | 127); // root + all previous rights - - define('ATTRIB_SELECTED', 1); - define('ATTRIB_UNSELECTED', 2); - define('ATTRIB_UNDEF', 3); - - define('OBJECT_CACHELOG', 1); - define('OBJECT_CACHE', 2); - define('OBJECT_CACHEDESC', 3); - define('OBJECT_USER', 4); - define('OBJECT_TRAVELER', 5); - define('OBJECT_PICTURE', 6); - define('OBJECT_REMOVEDOBJECT', 7); + 3 chars -- following 2012-8-6 + define('REGEX_PASSWORD', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖ=)(\/\\\&*+~#]{3,60}$'); + define('REGEX_LAST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$'); + define('REGEX_FIRST_NAME', '^[a-zA-Z][a-zA-Z0-9\.\- äüöÄÜÖ]{1,59}$'); + define('REGEX_STATPIC_TEXT', '^[a-zA-Z0-9\.\-_ @äüöÄÜÖß=)(\/\\\&*\$+~#!§%;,-?:\[\]{}¹²³\'\"`\|µ°\%]{0,30}$'); + + define('ADMIN_TRANSLATE', 1); // edit translation + define('ADMIN_MAINTAINANCE', 2); // check table etc. + define('ADMIN_USER', 4); // drop users, caches etc. + define('ADMIN_NEWS', 8); // approve news entries + define('ADMIN_ROOT', 128 | 127); // root + all previous rights + + define('ATTRIB_SELECTED', 1); + define('ATTRIB_UNSELECTED', 2); + define('ATTRIB_UNDEF', 3); + + define('OBJECT_CACHELOG', 1); + define('OBJECT_CACHE', 2); + define('OBJECT_CACHEDESC', 3); + define('OBJECT_USER', 4); + define('OBJECT_TRAVELER', 5); + define('OBJECT_PICTURE', 6); + define('OBJECT_REMOVEDOBJECT', 7); ?> \ No newline at end of file diff --git a/htdocs/lib2/logic/picture.class.php b/htdocs/lib2/logic/picture.class.php index 92a2d611..c419d9b3 100644 --- a/htdocs/lib2/logic/picture.class.php +++ b/htdocs/lib2/logic/picture.class.php @@ -1,315 +1,315 @@ -rePicture = new rowEditor('pictures'); - $this->rePicture->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); - $this->rePicture->addString('uuid', '', false); - $this->rePicture->addInt('node', 0, false); - $this->rePicture->addDate('date_created', time(), true, RE_INSERT_IGNORE); - $this->rePicture->addDate('last_modified', time(), true, RE_INSERT_IGNORE); - $this->rePicture->addString('url', '', false); - $this->rePicture->addString('title', '', false); - $this->rePicture->addDate('last_url_check', 0, true); - $this->rePicture->addInt('object_id', null, false); - $this->rePicture->addInt('object_type', null, false); - $this->rePicture->addString('thumb_url', '', false); - $this->rePicture->addDate('thumb_last_generated', 0, false); - $this->rePicture->addInt('spoiler', 0, false); - $this->rePicture->addInt('local', 0, false); - $this->rePicture->addInt('unknown_format', 0, false); - $this->rePicture->addInt('display', 1, false); - - $this->nPictureId = $nNewPictureId+0; - - if ($nNewPictureId == ID_NEW) - { - $this->rePicture->addNew(null); - - $sUUID = mb_strtoupper(sql_value("SELECT UUID()", '')); - $this->rePicture->setValue('uuid', $sUUID); - $this->rePicture->setValue('node', $opt['logic']['node']['id']); - } - else - { - $this->rePicture->load($this->nPictureId); - - $sFilename = $this->getFilename(); - $fna = mb_split('\\.', $sFilename); - $this->sFileExtension = mb_strtolower($fna[count($fna) - 1]); - - $this->bFilenamesSet = true; - } - } - - function exist() - { - return $this->rePicture->exist(); - } - - static function allowedExtension($sFilename) - { - global $opt; - - if (strpos($sFilename, ';') !== false) - return false; - if (strpos($sFilename, '.') === false) - return false; - - $sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1)); - - if (strpos(';' . $opt['logic']['pictures']['extensions'] . ';', ';' . $sExtension . ';') !== false) - return true; - else - return false; - } - - function setFilenames($sFilename) - { - global $opt; - - if ($this->bFilenamesSet == true) - return; - if (strpos($sFilename, '.') === false) - return; - $sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1)); - - $sUUID = $this->getUUID(); - - $this->sFileExtension = $sExtension; - $this->setUrl($opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension); - //$this->setThumbUrl($opt['logic']['pictures']['thumb_url'] . substr($sUUID, 0, 1) . '/' . substr($sUUID, 1, 1) . '/' . $sUUID . '.' . $sExtension); - $this->bFilenamesSet = true; - } - - function getPictureId() - { - return $this->nPictureId; - } - - function delete() - { - global $opt; - - // delete record, image and thumb - @unlink($this->getFilename()); - @unlink($this->getThumbFilename()); - - sql("DELETE FROM `pictures` WHERE `id`='&1'", $this->nPictureId); - - return true; - } - - function getUrl() - { - return $this->rePicture->getValue('url'); - } - function setUrl($value) - { - return $this->rePicture->setValue('url', $value); - } - function getThumbUrl() - { - return $this->rePicture->getValue('thumb_url'); - } - function setThumbUrl($value) - { - return $this->rePicture->setValue('thumb_url', $value); - } - function getTitle() - { - return $this->rePicture->getValue('title'); - } - function setTitle($value) - { - if ($value != '') - return $this->rePicture->setValue('title', $value); - else - return false; - } - function getSpoiler() - { - return $this->rePicture->getValue('spoiler')!=0; - } - function setSpoiler($value) - { - return $this->rePicture->setValue('spoiler', $value ? 1 : 0); - } - function getLocal() - { - return $this->rePicture->getValue('local')!=0; - } - function setLocal($value) - { - return $this->rePicture->setValue('local', $value ? 1 : 0); - } - function getDisplay() - { - return $this->rePicture->getValue('display')!=0; - } - function setDisplay($value) - { - return $this->rePicture->setValue('display', $value ? 1 : 0); - } - function getFilename() - { - global $opt; - - if (mb_substr($opt['logic']['pictures']['dir'], -1, 1) != '/') - $opt['logic']['pictures']['dir'] .= '/'; - - $uuid = $this->getUUID(); - $url = $this->getUrl(); - $fna = mb_split('\\.', $url); - $extension = mb_strtolower($fna[count($fna) - 1]); - - return $opt['logic']['pictures']['dir'] . $uuid . '.' . $extension; - } - function getThumbFilename() - { - global $opt; - - if (mb_substr($opt['logic']['pictures']['thumb_dir'], -1, 1) != '/') - $opt['logic']['pictures']['thumb_dir'] .= '/'; - - $uuid = $this->getUUID(); - $url = $this->getUrl(); - $fna = mb_split('\\.', $url); - $extension = mb_strtolower($fna[count($fna) - 1]); - - $dir1 = mb_strtoupper(mb_substr($uuid, 0, 1)); - $dir2 = mb_strtoupper(mb_substr($uuid, 1, 1)); - - return $opt['logic']['pictures']['thumb_dir'] . $dir1 . '/' . $dir2 . '/' . $uuid . '.' . $extension; - } - function getLogId() - { - if ($this->getObjectType() == OBJECT_CACHELOG) - return $this->getObjectId(); - else - return false; - } - function getCacheId() - { - if ($this->getObjectType() == OBJECT_CACHELOG) - return sql_value("SELECT `cache_id` FROM `cache_logs` WHERE `id`='&1'", false, $this->getObjectId()); - else if ($this->getObjectType() == OBJECT_CACHE) - return $this->getObjectId(); - else - return false; - } - function getObjectId() - { - return $this->rePicture->getValue('object_id'); - } - function setObjectId($value) - { - return $this->rePicture->setValue('object_id', $value+0); - } - function getObjectType() - { - return $this->rePicture->getValue('object_type'); - } - function setObjectType($value) - { - return $this->rePicture->setValue('object_type', $value+0); - } - function getUserId() - { - if ($this->getObjectType() == OBJECT_CACHE) - return sql_value("SELECT `caches`.`user_id` FROM `caches` WHERE `caches`.`cache_id`='&1'", false, $this->getObjectId()); - else if ($this->getObjectType() == OBJECT_CACHELOG) - return sql_value("SELECT `cache_logs`.`user_id` FROM `cache_logs` WHERE `cache_logs`.`id`='&1'", false, $this->getObjectId()); - else - return false; - } - - function getNode() - { - return $this->rePicture->getValue('node'); - } - function setNode($value) - { - return $this->rePicture->setValue('node', $value); - } - function getUUID() - { - return $this->rePicture->getValue('uuid'); - } - function getLastModified() - { - return $this->rePicture->getValue('last_modified'); - } - function getDateCreated() - { - return $this->rePicture->getValue('date_created'); - } - function getAnyChanged() - { - return $this->rePicture->getAnyChanged(); - } - - // return if successfull (with insert) - function save() - { - if ($this->bFilenamesSet == false) - return false; - - $bRetVal = $this->rePicture->save(); - - if ($bRetVal) - sql_slave_exclude(); - - return $bRetVal; - } - - function allowEdit() - { - global $login; - - $login->verify(); - - if (sql_value("SELECT COUNT(*) FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_view`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", 0, $login->userid, $this->getCacheId()) == 0) - return false; - else if ($this->getUserId() == $login->userid) - return true; - - return false; - } -} +rePicture = new rowEditor('pictures'); + $this->rePicture->addPKInt('id', null, false, RE_INSERT_AUTOINCREMENT); + $this->rePicture->addString('uuid', '', false, RE_INSERT_AUTOUUID); + $this->rePicture->addInt('node', 0, false); + $this->rePicture->addDate('date_created', time(), true, RE_INSERT_IGNORE); + $this->rePicture->addDate('last_modified', time(), true, RE_INSERT_IGNORE); + $this->rePicture->addString('url', '', false); + $this->rePicture->addString('title', '', false); + $this->rePicture->addDate('last_url_check', 0, true); + $this->rePicture->addInt('object_id', null, false); + $this->rePicture->addInt('object_type', null, false); + $this->rePicture->addString('thumb_url', '', false); + $this->rePicture->addDate('thumb_last_generated', 0, false); + $this->rePicture->addInt('spoiler', 0, false); + $this->rePicture->addInt('local', 0, false); + $this->rePicture->addInt('unknown_format', 0, false); + $this->rePicture->addInt('display', 1, false); + + $this->nPictureId = $nNewPictureId+0; + + if ($nNewPictureId == ID_NEW) + { + $this->rePicture->addNew(null); + + $sUUID = mb_strtoupper(sql_value("SELECT UUID()", '')); + $this->rePicture->setValue('uuid', $sUUID); + $this->rePicture->setValue('node', $opt['logic']['node']['id']); + } + else + { + $this->rePicture->load($this->nPictureId); + + $sFilename = $this->getFilename(); + $fna = mb_split('\\.', $sFilename); + $this->sFileExtension = mb_strtolower($fna[count($fna) - 1]); + + $this->bFilenamesSet = true; + } + } + + function exist() + { + return $this->rePicture->exist(); + } + + static function allowedExtension($sFilename) + { + global $opt; + + if (strpos($sFilename, ';') !== false) + return false; + if (strpos($sFilename, '.') === false) + return false; + + $sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1)); + + if (strpos(';' . $opt['logic']['pictures']['extensions'] . ';', ';' . $sExtension . ';') !== false) + return true; + else + return false; + } + + function setFilenames($sFilename) + { + global $opt; + + if ($this->bFilenamesSet == true) + return; + if (strpos($sFilename, '.') === false) + return; + $sExtension = mb_strtolower(substr($sFilename, strrpos($sFilename, '.') + 1)); + + $sUUID = $this->getUUID(); + + $this->sFileExtension = $sExtension; + $this->setUrl($opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension); + //$this->setThumbUrl($opt['logic']['pictures']['thumb_url'] . substr($sUUID, 0, 1) . '/' . substr($sUUID, 1, 1) . '/' . $sUUID . '.' . $sExtension); + $this->bFilenamesSet = true; + } + + function getPictureId() + { + return $this->nPictureId; + } + + function delete() + { + global $opt; + + // delete record, image and thumb + @unlink($this->getFilename()); + @unlink($this->getThumbFilename()); + + sql("DELETE FROM `pictures` WHERE `id`='&1'", $this->nPictureId); + + return true; + } + + function getUrl() + { + return $this->rePicture->getValue('url'); + } + function setUrl($value) + { + return $this->rePicture->setValue('url', $value); + } + function getThumbUrl() + { + return $this->rePicture->getValue('thumb_url'); + } + function setThumbUrl($value) + { + return $this->rePicture->setValue('thumb_url', $value); + } + function getTitle() + { + return $this->rePicture->getValue('title'); + } + function setTitle($value) + { + if ($value != '') + return $this->rePicture->setValue('title', $value); + else + return false; + } + function getSpoiler() + { + return $this->rePicture->getValue('spoiler')!=0; + } + function setSpoiler($value) + { + return $this->rePicture->setValue('spoiler', $value ? 1 : 0); + } + function getLocal() + { + return $this->rePicture->getValue('local')!=0; + } + function setLocal($value) + { + return $this->rePicture->setValue('local', $value ? 1 : 0); + } + function getDisplay() + { + return $this->rePicture->getValue('display')!=0; + } + function setDisplay($value) + { + return $this->rePicture->setValue('display', $value ? 1 : 0); + } + function getFilename() + { + global $opt; + + if (mb_substr($opt['logic']['pictures']['dir'], -1, 1) != '/') + $opt['logic']['pictures']['dir'] .= '/'; + + $uuid = $this->getUUID(); + $url = $this->getUrl(); + $fna = mb_split('\\.', $url); + $extension = mb_strtolower($fna[count($fna) - 1]); + + return $opt['logic']['pictures']['dir'] . $uuid . '.' . $extension; + } + function getThumbFilename() + { + global $opt; + + if (mb_substr($opt['logic']['pictures']['thumb_dir'], -1, 1) != '/') + $opt['logic']['pictures']['thumb_dir'] .= '/'; + + $uuid = $this->getUUID(); + $url = $this->getUrl(); + $fna = mb_split('\\.', $url); + $extension = mb_strtolower($fna[count($fna) - 1]); + + $dir1 = mb_strtoupper(mb_substr($uuid, 0, 1)); + $dir2 = mb_strtoupper(mb_substr($uuid, 1, 1)); + + return $opt['logic']['pictures']['thumb_dir'] . $dir1 . '/' . $dir2 . '/' . $uuid . '.' . $extension; + } + function getLogId() + { + if ($this->getObjectType() == OBJECT_CACHELOG) + return $this->getObjectId(); + else + return false; + } + function getCacheId() + { + if ($this->getObjectType() == OBJECT_CACHELOG) + return sql_value("SELECT `cache_id` FROM `cache_logs` WHERE `id`='&1'", false, $this->getObjectId()); + else if ($this->getObjectType() == OBJECT_CACHE) + return $this->getObjectId(); + else + return false; + } + function getObjectId() + { + return $this->rePicture->getValue('object_id'); + } + function setObjectId($value) + { + return $this->rePicture->setValue('object_id', $value+0); + } + function getObjectType() + { + return $this->rePicture->getValue('object_type'); + } + function setObjectType($value) + { + return $this->rePicture->setValue('object_type', $value+0); + } + function getUserId() + { + if ($this->getObjectType() == OBJECT_CACHE) + return sql_value("SELECT `caches`.`user_id` FROM `caches` WHERE `caches`.`cache_id`='&1'", false, $this->getObjectId()); + else if ($this->getObjectType() == OBJECT_CACHELOG) + return sql_value("SELECT `cache_logs`.`user_id` FROM `cache_logs` WHERE `cache_logs`.`id`='&1'", false, $this->getObjectId()); + else + return false; + } + + function getNode() + { + return $this->rePicture->getValue('node'); + } + function setNode($value) + { + return $this->rePicture->setValue('node', $value); + } + function getUUID() + { + return $this->rePicture->getValue('uuid'); + } + function getLastModified() + { + return $this->rePicture->getValue('last_modified'); + } + function getDateCreated() + { + return $this->rePicture->getValue('date_created'); + } + function getAnyChanged() + { + return $this->rePicture->getAnyChanged(); + } + + // return if successfull (with insert) + function save() + { + if ($this->bFilenamesSet == false) + return false; + + $bRetVal = $this->rePicture->save(); + + if ($bRetVal) + sql_slave_exclude(); + + return $bRetVal; + } + + function allowEdit() + { + global $login; + + $login->verify(); + + if (sql_value("SELECT COUNT(*) FROM `caches` INNER JOIN `cache_status` ON `caches`.`status`=`cache_status`.`id` WHERE (`cache_status`.`allow_user_view`=1 OR `caches`.`user_id`='&1') AND `caches`.`cache_id`='&2'", 0, $login->userid, $this->getCacheId()) == 0) + return false; + else if ($this->getUserId() == $login->userid) + return true; + + return false; + } +} ?> \ No newline at end of file diff --git a/htdocs/lib2/logic/rowEditor.class.php b/htdocs/lib2/logic/rowEditor.class.php index dda8d26a..73f88f64 100644 --- a/htdocs/lib2/logic/rowEditor.class.php +++ b/htdocs/lib2/logic/rowEditor.class.php @@ -58,6 +58,9 @@ class rowEditor function addPKString($sField, $sDefault, $bNullable, $nInsertFunction=RE_INSERT_NOTHING) { + if (($nInsertFunction & RE_INSERT_AUTOUUID) == RE_INSERT_AUTOUUID) + die('rowEditor: RE_INSERT_AUTOUUID not supported for primary key fields'); + $this->pk[$sField] = array('type' => RE_TYPE_STRING, 'default' => $sDefault, 'nullable' => $bNullable, @@ -390,6 +393,9 @@ class rowEditor $this->fields[$this->sAutoIncrementField]['value'] = $nInsertId; } + /* reload the record to get the actual stored values + * (inserted values maybe truncated by mysql or trigger could modify values) + */ $pkv = array(); foreach ($this->pk AS $k => $v) { @@ -454,9 +460,7 @@ class rowEditor if ((($field['insertfunction'] & RE_INSERT_OVERWRITE) == RE_INSERT_OVERWRITE) || (($field['changed'] == false) && ($field['insertfunction'] != RE_INSERT_NOTHING))) { - if (($field['insertfunction'] & RE_INSERT_UUID) == RE_INSERT_UUID) - $sValues[] = 'UUID()'; - else if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW) + if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW) $sValues[] = 'NOW()'; else $sValues[] = 'NULL'; @@ -479,9 +483,7 @@ class rowEditor if ((($field['insertfunction'] & RE_INSERT_OVERWRITE) == RE_INSERT_OVERWRITE) || (($field['changed'] == false) && ($field['insertfunction'] != RE_INSERT_NOTHING))) { - if (($field['insertfunction'] & RE_INSERT_UUID) == RE_INSERT_UUID) - $sValues[] = 'UUID()'; - else if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW) + if (($field['insertfunction'] & RE_INSERT_NOW) == RE_INSERT_NOW) $sValues[] = 'NOW()'; else $sValues[] = 'NULL'; diff --git a/htdocs/lib2/logic/user.class.php b/htdocs/lib2/logic/user.class.php index 2d87864c..8da6d895 100644 --- a/htdocs/lib2/logic/user.class.php +++ b/htdocs/lib2/logic/user.class.php @@ -1,782 +1,782 @@ -reUser = new rowEditor('user'); - $this->reUser->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT); - $this->reUser->addString('username', '', false); - $this->reUser->addString('password', null, true); - $this->reUser->addString('email', null, true); - $this->reUser->addFloat('latitude', 0, false); - $this->reUser->addFloat('longitude', 0, false); - $this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE); - $this->reUser->addBoolean('is_active_flag', false, false); - $this->reUser->addString('last_name', '', false); - $this->reUser->addString('first_name', '', false); - $this->reUser->addString('country', null, true); - $this->reUser->addBoolean('pmr_flag', false, false); - $this->reUser->addString('new_pw_code', null, true); - $this->reUser->addDate('new_pw_date', null, true); - $this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE); - $this->reUser->addString('new_email_code', null, true); - $this->reUser->addDate('new_email_date', null, true); - $this->reUser->addString('new_email', null, true); - $this->reUser->addString('uuid', '', false, RE_INSERT_OVERWRITE|RE_INSERT_UUID); - $this->reUser->addBoolean('permanent_login_flag', false, false); - $this->reUser->addInt('watchmail_mode', 1, false); - $this->reUser->addInt('watchmail_hour', 0, false); - $this->reUser->addDate('watchmail_nextmail', time(), false); - $this->reUser->addInt('watchmail_day', 0, false); - $this->reUser->addString('activation_code', '', false); - $this->reUser->addBoolean('no_htmledit_flag', false, false); - $this->reUser->addInt('notify_radius', 0, false); - $this->reUser->addInt('admin', 0, false); - $this->reUser->addInt('node', 0, false); - - $this->reUserStat = new rowEditor('stat_user'); - $this->reUserStat->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT); - $this->reUserStat->addInt('found', 0, false); - $this->reUserStat->addInt('notfound', 0, false); - $this->reUserStat->addInt('note', 0, false); - $this->reUserStat->addInt('hidden', 0, false); - - $this->nUserId = $nNewUserId+0; - - if ($nNewUserId == ID_NEW) - { - $this->reUser->addNew(null); - } - else - { - $this->reUser->load($this->nUserId); - } - } - - function exist() - { - return $this->reUser->exist(); - } - - static function existUsername($username) - { - return (sql_value("SELECT COUNT(*) FROM `user` WHERE `username`='&1'", 0, $username) != 0); - } - - static function existEMail($email) - { - return (sql_value("SELECT COUNT(*) FROM `user` WHERE `email`='&1'", 0, $email) != 0); - } - - function getUserId() - { - return $this->nUserId; - } - - function getUsername() - { - return $this->reUser->getValue('username'); - } - function setUsername($value) - { - if (!mb_ereg_match(REGEX_USERNAME, $value)) - return false; - - if (is_valid_email_address($value)) - return false; - - return $this->reUser->setValue('username', $value); - } - function getUsernameChanged() - { - return $this->reUser->getChanged('username'); - } - function getEMail() - { - return $this->reUser->getValue('email'); - } - function setEMail($value) - { - if (!is_valid_email_address($value)) - return false; - - return $this->reUser->setValue('email', $value); - } - function getPassword() - { - return $this->reUser->getValue('password'); - } - function setPassword($value) - { - global $opt; - - if (!mb_ereg_match(REGEX_PASSWORD, $value)) - return false; - - if (cracklib_checkPW($value, array('open', 'caching', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false) - return false; - - $pwmd5 = md5($value); - if ($opt['logic']['password_hash']) - $pwmd5 = hash('sha512', $pwmd5); - - return $this->reUser->setValue('password', $pwmd5); - } - function getFirstName() - { - return $this->reUser->getValue('first_name'); - } - function setFirstName($value) - { - if ($value != '') - if (!mb_ereg_match(REGEX_FIRST_NAME, $value)) - return false; - - return $this->reUser->setValue('first_name', $value); - } - function getLastName() - { - return $this->reUser->getValue('last_name'); - } - function setLastName($value) - { - if ($value != '') - if (!mb_ereg_match(REGEX_LAST_NAME, $value)) - return false; - - return $this->reUser->setValue('last_name', $value); - } - function getCountry() - { - global $opt; - return countriesList::getCountryLocaleName($this->reUser->getValue('country')); - } - function getCountryCode() - { - return $this->reUser->getValue('country'); - } - function setCountryCode($value) - { - if ($value !== null && (sql_value("SELECT COUNT(*) FROM countries WHERE short='&1'", 0, $value) == 0)) - return false; - - return $this->reUser->setValue('country', $value); - } - function getLatitude() - { - return $this->reUser->getValue('latitude'); - } - function setLatitude($value) - { - if (($value+0) > 90 || ($value+0) < -90) - return false; - - return $this->reUser->setValue('latitude', $value+0); - } - function getLongitude() - { - return $this->reUser->getValue('longitude'); - } - function setLongitude($value) - { - if (($value+0) > 180 || ($value+0) < -180) - return false; - - return $this->reUser->setValue('longitude', $value+0); - } - function getNotifyRadius() - { - return $this->reUser->getValue('notify_radius'); - } - function setNotifyRadius($value) - { - if (($value+0) < 0 || ($value+0) > 150) - return false; - return $this->reUser->setValue('notify_radius', $value+0); - } - function getPermanentLogin() - { - return $this->reUser->getValue('permanent_login_flag'); - } - function setPermanentLogin($value) - { - return $this->reUser->setValue('permanent_login_flag', $value); - } - function getNoHTMLEditor() - { - return $this->reUser->getValue('no_htmledit_flag'); - } - function setNoHTMLEditor($value) - { - return $this->reUser->setValue('no_htmledit_flag', $value); - } - function getUsePMR() - { - return $this->reUser->getValue('pmr_flag'); - } - function setUsePMR($value) - { - return $this->reUser->setValue('pmr_flag', $value); - } - function getIsActive() - { - return $this->reUser->getValue('is_active_flag'); - } - function setIsActive($value) - { - return $this->reUser->setValue('is_active_flag', $value); - } - function getActivationCode() - { - return $this->reUser->getValue('activation_code'); - } - function setActivationCode($value) - { - return $this->reUser->setValue('activation_code', $value); - } - function getNewPWCode() - { - return $this->reUser->getValue('new_pw_code'); - } - function setNewPWCode($value) - { - return $this->reUser->setValue('new_pw_code', $value); - } - function getNewPWDate() - { - return $this->reUser->getValue('new_pw_date'); - } - function setNewPWDate($value) - { - return $this->reUser->setValue('new_pw_date', $value); - } - function getNewEMailCode() - { - return $this->reUser->getValue('new_email_code'); - } - function setNewEMailCode($value) - { - return $this->reUser->setValue('new_email_code', $value); - } - function getNewEMailDate() - { - return $this->reUser->getValue('new_email_date'); - } - function setNewEMailDate($value) - { - return $this->reUser->setValue('new_email_date', $value); - } - function getNewEMail() - { - return $this->reUser->getValue('new_email'); - } - function setNewEMail($value) - { - if ($value !== null) - { - if (!is_valid_email_address($value)) - return false; - - if (user::existEMail($value)) - return false; - } - - return $this->reUser->setValue('new_email', $value); - } - function getWatchmailMode() - { - return $this->reUser->getValue('watchmail_mode'); - } - function setWatchmailMode($value) - { - $this->setWatchmailNext('0000-00-00 00:00:00'); - return $this->reUser->setValue('watchmail_mode', $value); - } - function getWatchmailHour() - { - return $this->reUser->getValue('watchmail_hour'); - } - function setWatchmailHour($value) - { - $this->setWatchmailNext('0000-00-00 00:00:00'); - return $this->reUser->setValue('watchmail_hour', $value); - } - function getWatchmailDay() - { - return $this->reUser->getValue('watchmail_day'); - } - function setWatchmailDay($value) - { - $this->setWatchmailNext('0000-00-00 00:00:00'); - return $this->reUser->setValue('watchmail_day', $value); - } - function getWatchmailNext() - { - return $this->reUser->getValue('watchmail_nextmail'); - } - function setWatchmailNext() - { - return $this->reUser->setValue('watchmail_nextmail', $value); - } - - function getStatFound() - { - if ($this->reUserStat->exist()) - return $this->reUserStat->getValue('found'); - else - return 0; - } - function getStatNotFound() - { - if ($this->reUserStat->exist()) - return $this->reUserStat->getValue('notfound'); - else - return 0; - } - function getStatNote() - { - if ($this->reUserStat->exist()) - return $this->reUserStat->getValue('note'); - else - return 0; - } - function getStatHidden() - { - if ($this->reUserStat->exist()) - return $this->reUserStat->getValue('hidden'); - else - return 0; - } - function getDateRegistered() - { - return $this->reUser->getValue('date_created'); - } - function getUUID() - { - return $this->reUser->getValue('uuid'); - } - function getLastModified() - { - return $this->reUser->getValue('last_modified'); - } - function getDateCreated() - { - return $this->reUser->getValue('date_created'); - } - function getAdmin() - { - return $this->reUser->getValue('admin'); - } - function getNode() - { - return $this->reUser->getValue('node'); - } - function setNode($value) - { - return $this->reUser->setValue('node', $value); - } - - function getAnyChanged() - { - return $this->reUser->getAnyChanged(); - } - - // return if successfull (with insert) - function save() - { - $bNeedStatpicClear = $this->reUser->getChanged('username'); - - if ($this->reUser->save()) - { - $this->getStatpic()->invalidate(); - sql_slave_exclude(); - return true; - } - else - return false; - } - - function getStatpic() - { - return new statpic($this->nUserId); - } - - static function createCode() - { - return mb_strtoupper(mb_substr(md5(uniqid('')), 0, 13)); - } - - function requestNewPWCode() - { - global $translate; - - if (!$this->exist()) - return false; - - $email = $this->getEMail(); - if ($email === null || $email == '') - return false; - - if (!$this->getIsActive()) - return false; - - $this->setNewPWCode($this->createCode()); - if (!$this->reUser->saveField('new_pw_code')) - return false; - - $this->setNewPWDate(time()); - if (!$this->reUser->saveField('new_pw_date')) - return false; - - // send confirmation - $mail = new mail(); - $mail->name = 'newpw'; - $mail->to = $email; - $mail->subject = $translate->t('New password code', '', basename(__FILE__), __LINE__); - $mail->assign('code', $this->getNewPWCode()); - $mail->send(); - - return true; - } - - function clearNewPWCode() - { - $this->setNewPWCode(null); - if (!$this->reUser->saveField('new_pw_code')) - return false; - - $this->setNewPWDate(null); - if (!$this->reUser->saveField('new_pw_date')) - return false; - - return true; - } - - function requestNewEMail($email) - { - global $translate; - - if (!$this->exist()) - return false; - - if (mb_strtolower($this->getEMail()) == mb_strtolower($email)) - return false; - - if ($this->getEMail() === null || $this->getEMail() == '') - return false; - - if (!$this->getIsActive()) - return false; - - $this->setNewEMailCode($this->createCode()); - if (!$this->reUser->saveField('new_email_code')) - return false; - - $this->setNewEMailDate(time()); - if (!$this->reUser->saveField('new_email_date')) - return false; - - $this->setNewEMail($email); - if (!$this->reUser->saveField('new_email')) - return false; - - // send confirmation - $mail = new mail(); - $mail->name = 'newemail'; - $mail->to = $email; - $mail->subject = $translate->t('New email code', '', basename(__FILE__), __LINE__); - $mail->assign('code', $this->getNewEMailCode()); - $mail->send(); - - return true; - } - - function clearNewEMailCode() - { - $this->setNewEMailCode(null); - if (!$this->reUser->saveField('new_email_code')) - return false; - - $this->setNewEMailDate(null); - if (!$this->reUser->saveField('new_email_date')) - return false; - - $this->setNewEMail(null); - if (!$this->reUser->saveField('new_email')) - return false; - - return true; - } - - function remindEMail() - { - global $translate; - - if (!$this->exist()) - return false; - - $email = $this->getEMail(); - if ($email === null || $email == '') - return false; - - if (!$this->getIsActive()) - return false; - - // send confirmation - $mail = new mail(); - $mail->name = 'remindemail'; - $mail->to = $email; - $mail->subject = $translate->t('Reminder to your E-Mail-Address', '', basename(__FILE__), __LINE__); - $mail->assign('username', $this->getUsername()); - $mail->assign('email', $email); - $mail->send(); - - return true; - } - - function sendRegistrationCode() - { - global $translate; - - $countriesList = new countriesList(); - - $mail = new mail(); - $mail->name = 'register'; - $mail->to = $this->getEMail(); - $mail->subject = $translate->t('Registration confirmation', '', basename(__FILE__), __LINE__); - $mail->assign('username', $this->getUsername()); - $mail->assign('last_name', $this->getLastName()); - $mail->assign('first_name', $this->getFirstName()); - $mail->assign('country', $countriesList->getCountryLocaleName($this->getCountryCode())); - $mail->assign('code', $this->getActivationCode()); - - if ($mail->send()) - return true; - else - return false; - } - - function sendEMail($nFromUserId, $sSubject, $sText, $bSendEMailAddress) - { - global $opt, $translate; - - if ($this->exist() == false) - return false; - - if ($this->getIsActive() == false) - return false; - - if ($this->getEMail() === null || $this->getEMail() == '') - return false; - - if ($sSubject == '') - return false; - - if ($sText == '') - return false; - - if (mb_strpos($sSubject, "\n") !== false) - $sSubject = mb_substr($sSubject, 0, mb_strpos($sSubject, "\n")); - $sSubject = mb_trim($sSubject); - - $fromUser = new user($nFromUserId); - if ($fromUser->exist() == false) - return false; - if ($fromUser->getIsActive() == false) - return false; - if ($fromUser->getEMail() === null || $fromUser->getEMail() == '') - return false; - - // ok, we can send ... - $mail = new mail(); - $mail->name = 'usercontactmail'; - $mail->to = $this->getEMail(); - - $mail->from = $opt['mail']['usermail']; - - if ($bSendEMailAddress == true) - { - $mail->replyTo = $fromUser->getEMail(); - $mail->returnPath = $fromUser->getEMail(); - } - - $mail->subject = $translate->t('E-Mail from', '', basename(__FILE__), __LINE__) . ' ' . $fromUser->getUsername() . ': ' . $sSubject; - $mail->assign('usersubject', $sSubject); - $mail->assign('text', $sText); - $mail->assign('username', $this->getUsername()); - $mail->assign('sendemailaddress', $bSendEMailAddress); - $mail->assign('fromusername', $fromUser->getUsername()); - $mail->assign('fromuserid', $fromUser->getUserId()); - $mail->assign('fromuseremail', $fromUser->getEMail()); - - if ($mail->send()) - { - // send copy to fromUser - $mail->assign('copy', true); - $mail->to = $fromUser->getEMail(); - $mail->send(); - - // log - sql("INSERT INTO `email_user` (`ipaddress`, - `from_user_id`, - `from_email`, - `to_user_id`, - `to_email`) - VALUES ('&1', '&2', '&3', '&4', '&5')", - $_SERVER["REMOTE_ADDR"], - $fromUser->getUserId(), - $fromUser->getEMail(), - $this->getUserId(), - $this->getEMail()); - return true; - } - else - return false; - } - - function canDisable() - { - global $login; - $login->verify(); - - if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) - return false; - - if ($this->getIsActive() != 0) - return true; - else - return false; - } - - function disable() - { - global $login; - - if ($this->canDisable() == false) - return false; - - // write old record to log - $backup = array(); - $backup['username'] = $this->getUsername(); - $backup['email'] = $this->getEMail(); - $backup['last_name'] = $this->getLastName(); - $backup['first_name'] = $this->getFirstName(); - - sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`) - VALUES ('user', 6, '&1', '&2', '&3', '&4', '&5')", - $login->userid, $this->nUserId, 0, - 'User ' . sql_escape($this->getUsername()) . ' disabled', - serialize($backup)); - - sql("UPDATE `caches` SET `status`=6 WHERE `user_id`='&1' AND `status` IN (1, 2, 3)", $this->nUserId); - sql("UPDATE `user` SET `password`=NULL, `email`=NULL, - `is_active_flag`=0, - `latitude`=0, `longitude`=0, - `last_name`='', `first_name`='', - `country`=NULL, `new_pw_code`=NULL, - `new_pw_date`=NULL, `new_email`=NULL, - `new_email_code`=NULL, `activation_code`='', - `notify_radius`=0, `statpic_text`='' - WHERE `user_id`='&1'", $this->nUserId); - $this->reload(); - - return true; - } - - function canDelete() - { - global $login; - $login->verify(); - - if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) - return false; - - if (sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $this->nUserId) > 0) - return false; - - if (sql_value("SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`='&1'", 0, $this->nUserId) > 0) - return false; - - return true; - } - - function delete() - { - global $login; - - if ($this->canDelete() == false) - return false; - - // write old record to log - $backup = array(); - $backup['username'] = $this->getUsername(); - $backup['email'] = $this->getEMail(); - $backup['last_name'] = $this->getLastName(); - $backup['first_name'] = $this->getFirstName(); - - sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`) - VALUES ('user', 7, '&1', '&2', '&3', '&4', '&5')", - $login->userid, $this->nUserId, 0, - 'User ' . sql_escape($this->getUsername()) . ' deleted', - serialize($backup)); - - sql("DELETE FROM `user` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `cache_ignore` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `cache_rating` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `cache_watches` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `stat_user` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `user_options` WHERE `user_id`='&1'", $this->nUserId); - sql("DELETE FROM `watches_waiting` WHERE `user_id`='&1'", $this->nUserId); - - $this->reload(); - - return true; - } - - function reload() - { - $this->reUser->reload(); - $this->reUserStat->reload(); - } -} +reUser = new rowEditor('user'); + $this->reUser->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT); + $this->reUser->addString('username', '', false); + $this->reUser->addString('password', null, true); + $this->reUser->addString('email', null, true); + $this->reUser->addFloat('latitude', 0, false); + $this->reUser->addFloat('longitude', 0, false); + $this->reUser->addDate('last_modified', time(), true, RE_INSERT_IGNORE); + $this->reUser->addBoolean('is_active_flag', false, false); + $this->reUser->addString('last_name', '', false); + $this->reUser->addString('first_name', '', false); + $this->reUser->addString('country', null, true); + $this->reUser->addBoolean('pmr_flag', false, false); + $this->reUser->addString('new_pw_code', null, true); + $this->reUser->addDate('new_pw_date', null, true); + $this->reUser->addDate('date_created', time(), true, RE_INSERT_IGNORE); + $this->reUser->addString('new_email_code', null, true); + $this->reUser->addDate('new_email_date', null, true); + $this->reUser->addString('new_email', null, true); + $this->reUser->addString('uuid', '', false, RE_INSERT_AUTOUUID); + $this->reUser->addBoolean('permanent_login_flag', false, false); + $this->reUser->addInt('watchmail_mode', 1, false); + $this->reUser->addInt('watchmail_hour', 0, false); + $this->reUser->addDate('watchmail_nextmail', time(), false); + $this->reUser->addInt('watchmail_day', 0, false); + $this->reUser->addString('activation_code', '', false); + $this->reUser->addBoolean('no_htmledit_flag', false, false); + $this->reUser->addInt('notify_radius', 0, false); + $this->reUser->addInt('admin', 0, false); + $this->reUser->addInt('node', 0, false); + + $this->reUserStat = new rowEditor('stat_user'); + $this->reUserStat->addPKInt('user_id', null, false, RE_INSERT_AUTOINCREMENT); + $this->reUserStat->addInt('found', 0, false); + $this->reUserStat->addInt('notfound', 0, false); + $this->reUserStat->addInt('note', 0, false); + $this->reUserStat->addInt('hidden', 0, false); + + $this->nUserId = $nNewUserId+0; + + if ($nNewUserId == ID_NEW) + { + $this->reUser->addNew(null); + } + else + { + $this->reUser->load($this->nUserId); + } + } + + function exist() + { + return $this->reUser->exist(); + } + + static function existUsername($username) + { + return (sql_value("SELECT COUNT(*) FROM `user` WHERE `username`='&1'", 0, $username) != 0); + } + + static function existEMail($email) + { + return (sql_value("SELECT COUNT(*) FROM `user` WHERE `email`='&1'", 0, $email) != 0); + } + + function getUserId() + { + return $this->nUserId; + } + + function getUsername() + { + return $this->reUser->getValue('username'); + } + function setUsername($value) + { + if (!mb_ereg_match(REGEX_USERNAME, $value)) + return false; + + if (is_valid_email_address($value)) + return false; + + return $this->reUser->setValue('username', $value); + } + function getUsernameChanged() + { + return $this->reUser->getChanged('username'); + } + function getEMail() + { + return $this->reUser->getValue('email'); + } + function setEMail($value) + { + if (!is_valid_email_address($value)) + return false; + + return $this->reUser->setValue('email', $value); + } + function getPassword() + { + return $this->reUser->getValue('password'); + } + function setPassword($value) + { + global $opt; + + if (!mb_ereg_match(REGEX_PASSWORD, $value)) + return false; + + if (cracklib_checkPW($value, array('open', 'caching', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false) + return false; + + $pwmd5 = md5($value); + if ($opt['logic']['password_hash']) + $pwmd5 = hash('sha512', $pwmd5); + + return $this->reUser->setValue('password', $pwmd5); + } + function getFirstName() + { + return $this->reUser->getValue('first_name'); + } + function setFirstName($value) + { + if ($value != '') + if (!mb_ereg_match(REGEX_FIRST_NAME, $value)) + return false; + + return $this->reUser->setValue('first_name', $value); + } + function getLastName() + { + return $this->reUser->getValue('last_name'); + } + function setLastName($value) + { + if ($value != '') + if (!mb_ereg_match(REGEX_LAST_NAME, $value)) + return false; + + return $this->reUser->setValue('last_name', $value); + } + function getCountry() + { + global $opt; + return countriesList::getCountryLocaleName($this->reUser->getValue('country')); + } + function getCountryCode() + { + return $this->reUser->getValue('country'); + } + function setCountryCode($value) + { + if ($value !== null && (sql_value("SELECT COUNT(*) FROM countries WHERE short='&1'", 0, $value) == 0)) + return false; + + return $this->reUser->setValue('country', $value); + } + function getLatitude() + { + return $this->reUser->getValue('latitude'); + } + function setLatitude($value) + { + if (($value+0) > 90 || ($value+0) < -90) + return false; + + return $this->reUser->setValue('latitude', $value+0); + } + function getLongitude() + { + return $this->reUser->getValue('longitude'); + } + function setLongitude($value) + { + if (($value+0) > 180 || ($value+0) < -180) + return false; + + return $this->reUser->setValue('longitude', $value+0); + } + function getNotifyRadius() + { + return $this->reUser->getValue('notify_radius'); + } + function setNotifyRadius($value) + { + if (($value+0) < 0 || ($value+0) > 150) + return false; + return $this->reUser->setValue('notify_radius', $value+0); + } + function getPermanentLogin() + { + return $this->reUser->getValue('permanent_login_flag'); + } + function setPermanentLogin($value) + { + return $this->reUser->setValue('permanent_login_flag', $value); + } + function getNoHTMLEditor() + { + return $this->reUser->getValue('no_htmledit_flag'); + } + function setNoHTMLEditor($value) + { + return $this->reUser->setValue('no_htmledit_flag', $value); + } + function getUsePMR() + { + return $this->reUser->getValue('pmr_flag'); + } + function setUsePMR($value) + { + return $this->reUser->setValue('pmr_flag', $value); + } + function getIsActive() + { + return $this->reUser->getValue('is_active_flag'); + } + function setIsActive($value) + { + return $this->reUser->setValue('is_active_flag', $value); + } + function getActivationCode() + { + return $this->reUser->getValue('activation_code'); + } + function setActivationCode($value) + { + return $this->reUser->setValue('activation_code', $value); + } + function getNewPWCode() + { + return $this->reUser->getValue('new_pw_code'); + } + function setNewPWCode($value) + { + return $this->reUser->setValue('new_pw_code', $value); + } + function getNewPWDate() + { + return $this->reUser->getValue('new_pw_date'); + } + function setNewPWDate($value) + { + return $this->reUser->setValue('new_pw_date', $value); + } + function getNewEMailCode() + { + return $this->reUser->getValue('new_email_code'); + } + function setNewEMailCode($value) + { + return $this->reUser->setValue('new_email_code', $value); + } + function getNewEMailDate() + { + return $this->reUser->getValue('new_email_date'); + } + function setNewEMailDate($value) + { + return $this->reUser->setValue('new_email_date', $value); + } + function getNewEMail() + { + return $this->reUser->getValue('new_email'); + } + function setNewEMail($value) + { + if ($value !== null) + { + if (!is_valid_email_address($value)) + return false; + + if (user::existEMail($value)) + return false; + } + + return $this->reUser->setValue('new_email', $value); + } + function getWatchmailMode() + { + return $this->reUser->getValue('watchmail_mode'); + } + function setWatchmailMode($value) + { + $this->setWatchmailNext('0000-00-00 00:00:00'); + return $this->reUser->setValue('watchmail_mode', $value); + } + function getWatchmailHour() + { + return $this->reUser->getValue('watchmail_hour'); + } + function setWatchmailHour($value) + { + $this->setWatchmailNext('0000-00-00 00:00:00'); + return $this->reUser->setValue('watchmail_hour', $value); + } + function getWatchmailDay() + { + return $this->reUser->getValue('watchmail_day'); + } + function setWatchmailDay($value) + { + $this->setWatchmailNext('0000-00-00 00:00:00'); + return $this->reUser->setValue('watchmail_day', $value); + } + function getWatchmailNext() + { + return $this->reUser->getValue('watchmail_nextmail'); + } + function setWatchmailNext() + { + return $this->reUser->setValue('watchmail_nextmail', $value); + } + + function getStatFound() + { + if ($this->reUserStat->exist()) + return $this->reUserStat->getValue('found'); + else + return 0; + } + function getStatNotFound() + { + if ($this->reUserStat->exist()) + return $this->reUserStat->getValue('notfound'); + else + return 0; + } + function getStatNote() + { + if ($this->reUserStat->exist()) + return $this->reUserStat->getValue('note'); + else + return 0; + } + function getStatHidden() + { + if ($this->reUserStat->exist()) + return $this->reUserStat->getValue('hidden'); + else + return 0; + } + function getDateRegistered() + { + return $this->reUser->getValue('date_created'); + } + function getUUID() + { + return $this->reUser->getValue('uuid'); + } + function getLastModified() + { + return $this->reUser->getValue('last_modified'); + } + function getDateCreated() + { + return $this->reUser->getValue('date_created'); + } + function getAdmin() + { + return $this->reUser->getValue('admin'); + } + function getNode() + { + return $this->reUser->getValue('node'); + } + function setNode($value) + { + return $this->reUser->setValue('node', $value); + } + + function getAnyChanged() + { + return $this->reUser->getAnyChanged(); + } + + // return if successfull (with insert) + function save() + { + $bNeedStatpicClear = $this->reUser->getChanged('username'); + + if ($this->reUser->save()) + { + $this->getStatpic()->invalidate(); + sql_slave_exclude(); + return true; + } + else + return false; + } + + function getStatpic() + { + return new statpic($this->nUserId); + } + + static function createCode() + { + return mb_strtoupper(mb_substr(md5(uniqid('')), 0, 13)); + } + + function requestNewPWCode() + { + global $translate; + + if (!$this->exist()) + return false; + + $email = $this->getEMail(); + if ($email === null || $email == '') + return false; + + if (!$this->getIsActive()) + return false; + + $this->setNewPWCode($this->createCode()); + if (!$this->reUser->saveField('new_pw_code')) + return false; + + $this->setNewPWDate(time()); + if (!$this->reUser->saveField('new_pw_date')) + return false; + + // send confirmation + $mail = new mail(); + $mail->name = 'newpw'; + $mail->to = $email; + $mail->subject = $translate->t('New password code', '', basename(__FILE__), __LINE__); + $mail->assign('code', $this->getNewPWCode()); + $mail->send(); + + return true; + } + + function clearNewPWCode() + { + $this->setNewPWCode(null); + if (!$this->reUser->saveField('new_pw_code')) + return false; + + $this->setNewPWDate(null); + if (!$this->reUser->saveField('new_pw_date')) + return false; + + return true; + } + + function requestNewEMail($email) + { + global $translate; + + if (!$this->exist()) + return false; + + if (mb_strtolower($this->getEMail()) == mb_strtolower($email)) + return false; + + if ($this->getEMail() === null || $this->getEMail() == '') + return false; + + if (!$this->getIsActive()) + return false; + + $this->setNewEMailCode($this->createCode()); + if (!$this->reUser->saveField('new_email_code')) + return false; + + $this->setNewEMailDate(time()); + if (!$this->reUser->saveField('new_email_date')) + return false; + + $this->setNewEMail($email); + if (!$this->reUser->saveField('new_email')) + return false; + + // send confirmation + $mail = new mail(); + $mail->name = 'newemail'; + $mail->to = $email; + $mail->subject = $translate->t('New email code', '', basename(__FILE__), __LINE__); + $mail->assign('code', $this->getNewEMailCode()); + $mail->send(); + + return true; + } + + function clearNewEMailCode() + { + $this->setNewEMailCode(null); + if (!$this->reUser->saveField('new_email_code')) + return false; + + $this->setNewEMailDate(null); + if (!$this->reUser->saveField('new_email_date')) + return false; + + $this->setNewEMail(null); + if (!$this->reUser->saveField('new_email')) + return false; + + return true; + } + + function remindEMail() + { + global $translate; + + if (!$this->exist()) + return false; + + $email = $this->getEMail(); + if ($email === null || $email == '') + return false; + + if (!$this->getIsActive()) + return false; + + // send confirmation + $mail = new mail(); + $mail->name = 'remindemail'; + $mail->to = $email; + $mail->subject = $translate->t('Reminder to your E-Mail-Address', '', basename(__FILE__), __LINE__); + $mail->assign('username', $this->getUsername()); + $mail->assign('email', $email); + $mail->send(); + + return true; + } + + function sendRegistrationCode() + { + global $translate; + + $countriesList = new countriesList(); + + $mail = new mail(); + $mail->name = 'register'; + $mail->to = $this->getEMail(); + $mail->subject = $translate->t('Registration confirmation', '', basename(__FILE__), __LINE__); + $mail->assign('username', $this->getUsername()); + $mail->assign('last_name', $this->getLastName()); + $mail->assign('first_name', $this->getFirstName()); + $mail->assign('country', $countriesList->getCountryLocaleName($this->getCountryCode())); + $mail->assign('code', $this->getActivationCode()); + + if ($mail->send()) + return true; + else + return false; + } + + function sendEMail($nFromUserId, $sSubject, $sText, $bSendEMailAddress) + { + global $opt, $translate; + + if ($this->exist() == false) + return false; + + if ($this->getIsActive() == false) + return false; + + if ($this->getEMail() === null || $this->getEMail() == '') + return false; + + if ($sSubject == '') + return false; + + if ($sText == '') + return false; + + if (mb_strpos($sSubject, "\n") !== false) + $sSubject = mb_substr($sSubject, 0, mb_strpos($sSubject, "\n")); + $sSubject = mb_trim($sSubject); + + $fromUser = new user($nFromUserId); + if ($fromUser->exist() == false) + return false; + if ($fromUser->getIsActive() == false) + return false; + if ($fromUser->getEMail() === null || $fromUser->getEMail() == '') + return false; + + // ok, we can send ... + $mail = new mail(); + $mail->name = 'usercontactmail'; + $mail->to = $this->getEMail(); + + $mail->from = $opt['mail']['usermail']; + + if ($bSendEMailAddress == true) + { + $mail->replyTo = $fromUser->getEMail(); + $mail->returnPath = $fromUser->getEMail(); + } + + $mail->subject = $translate->t('E-Mail from', '', basename(__FILE__), __LINE__) . ' ' . $fromUser->getUsername() . ': ' . $sSubject; + $mail->assign('usersubject', $sSubject); + $mail->assign('text', $sText); + $mail->assign('username', $this->getUsername()); + $mail->assign('sendemailaddress', $bSendEMailAddress); + $mail->assign('fromusername', $fromUser->getUsername()); + $mail->assign('fromuserid', $fromUser->getUserId()); + $mail->assign('fromuseremail', $fromUser->getEMail()); + + if ($mail->send()) + { + // send copy to fromUser + $mail->assign('copy', true); + $mail->to = $fromUser->getEMail(); + $mail->send(); + + // log + sql("INSERT INTO `email_user` (`ipaddress`, + `from_user_id`, + `from_email`, + `to_user_id`, + `to_email`) + VALUES ('&1', '&2', '&3', '&4', '&5')", + $_SERVER["REMOTE_ADDR"], + $fromUser->getUserId(), + $fromUser->getEMail(), + $this->getUserId(), + $this->getEMail()); + return true; + } + else + return false; + } + + function canDisable() + { + global $login; + $login->verify(); + + if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) + return false; + + if ($this->getIsActive() != 0) + return true; + else + return false; + } + + function disable() + { + global $login; + + if ($this->canDisable() == false) + return false; + + // write old record to log + $backup = array(); + $backup['username'] = $this->getUsername(); + $backup['email'] = $this->getEMail(); + $backup['last_name'] = $this->getLastName(); + $backup['first_name'] = $this->getFirstName(); + + sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`) + VALUES ('user', 6, '&1', '&2', '&3', '&4', '&5')", + $login->userid, $this->nUserId, 0, + 'User ' . sql_escape($this->getUsername()) . ' disabled', + serialize($backup)); + + sql("UPDATE `caches` SET `status`=6 WHERE `user_id`='&1' AND `status` IN (1, 2, 3)", $this->nUserId); + sql("UPDATE `user` SET `password`=NULL, `email`=NULL, + `is_active_flag`=0, + `latitude`=0, `longitude`=0, + `last_name`='', `first_name`='', + `country`=NULL, `new_pw_code`=NULL, + `new_pw_date`=NULL, `new_email`=NULL, + `new_email_code`=NULL, `activation_code`='', + `notify_radius`=0, `statpic_text`='' + WHERE `user_id`='&1'", $this->nUserId); + $this->reload(); + + return true; + } + + function canDelete() + { + global $login; + $login->verify(); + + if ($login->userid != $this->nUserId && ($login->admin & ADMIN_USER) != ADMIN_USER) + return false; + + if (sql_value("SELECT COUNT(*) FROM `caches` WHERE `user_id`='&1'", 0, $this->nUserId) > 0) + return false; + + if (sql_value("SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`='&1'", 0, $this->nUserId) > 0) + return false; + + return true; + } + + function delete() + { + global $login; + + if ($this->canDelete() == false) + return false; + + // write old record to log + $backup = array(); + $backup['username'] = $this->getUsername(); + $backup['email'] = $this->getEMail(); + $backup['last_name'] = $this->getLastName(); + $backup['first_name'] = $this->getFirstName(); + + sql("INSERT INTO `logentries` (`module`, `eventid`, `userid`, `objectid1`, `objectid2`, `logtext`, `details`) + VALUES ('user', 7, '&1', '&2', '&3', '&4', '&5')", + $login->userid, $this->nUserId, 0, + 'User ' . sql_escape($this->getUsername()) . ' deleted', + serialize($backup)); + + sql("DELETE FROM `user` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `cache_adoption` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `cache_ignore` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `cache_rating` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `cache_watches` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `stat_user` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `user_options` WHERE `user_id`='&1'", $this->nUserId); + sql("DELETE FROM `watches_waiting` WHERE `user_id`='&1'", $this->nUserId); + + $this->reload(); + + return true; + } + + function reload() + { + $this->reUser->reload(); + $this->reUserStat->reload(); + } +} ?> \ No newline at end of file diff --git a/htdocs/lib2/login.class.php b/htdocs/lib2/login.class.php index 59548440..7e4aa2ee 100644 --- a/htdocs/lib2/login.class.php +++ b/htdocs/lib2/login.class.php @@ -1,313 +1,324 @@ -is_set('userid') && $cookie->is_set('username')) - { - $this->userid = $cookie->get('userid')+0; - $this->username = $cookie->get('username'); - $this->permanent = (($cookie->get('permanent')+0) == 1); - $this->lastlogin = $cookie->get('lastlogin'); - $this->sessionid = $cookie->get('sessionid'); - $this->admin = $cookie->get('admin')+0; - $this->verified = false; - - $this->verify(); - } - else - $this->pClear(); - } - - // return true on success - function restoreSession($sid) - { - $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); - - if ($this->checkLoginsCount() == false) - { - $this->pClear(); - return false; - } - - $rs = sqlf("SELECT `sys_sessions`.`uuid` `sid`, `user`.`user_id`, `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&2'", $sid, $min_lastlogin); - $r = sql_fetch_assoc($rs); - sql_free_result($rs); - - if ($r) - { - sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $r['sid'], $r['user_id']); - sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $r['user_id']); - - $this->userid = $r['user_id']; - $this->username = $r['username']; - $this->permanent = false; - $this->lastlogin = $r['last_login']; - $this->sessionid = $r['sid']; - $this->admin = $r['admin']; - $this->verified = true; - - return true; - } - else - { - // prevent bruteforce - sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); - return false; - } - } - - function pClear() - { - // set to no valid login - $this->userid = 0; - $this->username = ''; - $this->permanent = false; - $this->lastlogin = ''; - $this->sessionid = ''; - $this->admin = 0; - $this->verified = true; - - $this->pStoreCookie(); - } - - function pStoreCookie() - { - global $cookie; - $cookie->set('userid', $this->userid); - $cookie->set('username', $this->username); - $cookie->set('permanent', ($this->permanent==true ? 1 : 0)); - $cookie->set('lastlogin', $this->lastlogin); - $cookie->set('sessionid', $this->sessionid); - $cookie->set('admin', $this->admin); - } - - function verify() - { - if ($this->verified == true) - return; - - if ($this->userid == 0) - { - $this->pClear(); - return; - } - - if ($this->checkLoginsCount() == false) - { - $this->pClear(); - return; - } - - $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); - $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); - - $rs = sqlf("SELECT `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin); - if ($rUser = sql_fetch_assoc($rs)) - { - if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) || - (($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time()))) - { - sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid); - $rUser['last_login'] = date('Y-m-d H:i:s'); - } - - // user.last_login is used for statics, so we keep it up2date - sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid); - - $this->lastlogin = $rUser['last_login']; - $this->username = $rUser['username']; - $this->admin = $rUser['admin']; - $this->verified = true; - } - else - { - // prevent bruteforce - sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); - - $this->pClear(); - } - sql_free_result($rs); - - $this->pStoreCookie(); - return; - } - - function try_login($user, $password, $permanent) - { - global $opt; - - if ($password == '') - return LOGIN_EMPTY_USERPASSWORD; - - $pwmd5 = md5($password); - if ($opt['logic']['password_hash']) - $pwmd5 = hash('sha512', $pwmd5); - - return $this->try_login_md5($user, $pwmd5, $permanent); - } - - function checkLoginsCount() - { - global $opt; - - // cleanup old entries - // (execute only every 50 search calls) - if (rand(1, 50) == 1) - sqlf("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600)); - - // check the number of logins in the last hour ... - $logins_count = sqlf_value("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='&1' AND `date_created`>'&2'", 0, $_SERVER['REMOTE_ADDR'], date('Y-m-d H:i:s', time() - 3600)); - if ($logins_count > $opt['page']['max_logins_per_hour']) - return false; - else - return true; - } - - function try_login_md5($user, $pwmd5, $permanent) - { - global $opt; - $this->pClear(); - - if ($user == '' || $pwmd5 == '') - return LOGIN_EMPTY_USERPASSWORD; - - if ($this->checkLoginsCount() == false) - return LOGIN_TOOMUCHLOGINS; - - // delete old sessions - $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); - sqlf("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent); - - // compare $user with email and username, if both matches use email - $rsUser = sqlf("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION - SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5); - $rUser = sql_fetch_assoc($rsUser); - sql_free_result($rsUser); - - if ($permanent == null) - $permanent = ($rUser['permanent_login_flag'] == 1); - - if ($rUser) - { - // ok, there is a valid login - if ($rUser['is_active_flag'] != 0) - { - // begin session - $uuid = sqlf_value('SELECT UUID()', ''); - sqlf("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0)); - $this->userid = $rUser['user_id']; - $this->username = $rUser['username']; - $this->permanent = $permanent; - $this->lastlogin = date('Y-m-d H:i:s'); - $this->sessionid = $uuid; - $this->admin = $rUser['admin']; - $this->verified = true; - - $retval = LOGIN_OK; - } - else - $retval = LOGIN_USERNOTACTIVE; - } - else - { - // sorry, bad login - $retval = LOGIN_BADUSERPW; - } - - sqlf("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', '&2')", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1)); - - // store to cookie - $this->pStoreCookie(); - - return $retval; - } - - function getUserCountry() - { - global $opt, $cookie; - - // language specified in cookie? - if ($cookie->is_set('usercountry')) - { - $sCountry = $cookie->get('usercountry', null); - if ($sCountry != null) - return $sCountry; - } - - // user specified a language? - if ($this->userid != 0) - { - $sCountry = sql_value("SELECT `country` FROM `user` WHERE `user_id`='&1'", null, $this->userid); - if ($sCountry != null) - return $sCountry; - } - - // default country of this language - if (isset($opt['locale'][$opt['template']['locale']]['country'])) - return $opt['locale'][$opt['template']['locale']]['country']; - - // default country of installation (or domain) - return $opt['template']['default']['country']; - } - - function logout() - { - if ($this->userid != 0) - sqlf("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid); - - $this->pClear(); - } - - public function hasAdminPriv($privilege = false) - { - if ($privilege === false) - return $this->admin != 0; - - return ($this->admin & $privilege) == $privilege; - } -} -?> +is_set('userid') && $cookie->is_set('username')) + { + $this->userid = $cookie->get('userid')+0; + $this->username = $cookie->get('username'); + $this->permanent = (($cookie->get('permanent')+0) == 1); + $this->lastlogin = $cookie->get('lastlogin'); + $this->sessionid = $cookie->get('sessionid'); + $this->admin = $cookie->get('admin')+0; + $this->verified = false; + + $this->verify(); + } + else + $this->pClear(); + } + + // return true on success + function restoreSession($sid) + { + $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); + + if ($this->checkLoginsCount() == false) + { + $this->pClear(); + return false; + } + + $rs = sqlf("SELECT `sys_sessions`.`uuid` `sid`, `user`.`user_id`, `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&2'", $sid, $min_lastlogin); + $r = sql_fetch_assoc($rs); + sql_free_result($rs); + + if ($r) + { + sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $r['sid'], $r['user_id']); + sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $r['user_id']); + + $this->userid = $r['user_id']; + $this->username = $r['username']; + $this->permanent = false; + $this->lastlogin = $r['last_login']; + $this->sessionid = $r['sid']; + $this->admin = $r['admin']; + $this->verified = true; + + return true; + } + else + { + // prevent bruteforce + sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); + return false; + } + } + + function pClear() + { + // set to no valid login + $this->userid = 0; + $this->username = ''; + $this->permanent = false; + $this->lastlogin = ''; + $this->sessionid = ''; + $this->admin = 0; + $this->verified = true; + + $this->pStoreCookie(); + } + + function pStoreCookie() + { + global $cookie; + $cookie->set('userid', $this->userid); + $cookie->set('username', $this->username); + $cookie->set('permanent', ($this->permanent==true ? 1 : 0)); + $cookie->set('lastlogin', $this->lastlogin); + $cookie->set('sessionid', $this->sessionid); + $cookie->set('admin', $this->admin); + } + + function verify() + { + if ($this->verified == true) + return; + + if ($this->userid == 0) + { + $this->pClear(); + return; + } + + if ($this->checkLoginsCount() == false) + { + $this->pClear(); + return; + } + + $min_lastlogin = date('Y-m-d H:i:s', time() - LOGIN_TIME); + $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); + + $rs = sqlf("SELECT `sys_sessions`.`last_login`, `user`.`admin`, `user`.`username` FROM &db.`sys_sessions`, &db.`user` WHERE `sys_sessions`.`user_id`=`user`.`user_id` AND `user`.`is_active_flag`=1 AND `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2' AND ((`sys_sessions`.`permanent`=1 AND `sys_sessions`.`last_login`>'&3') OR (`sys_sessions`.`permanent`=0 AND `sys_sessions`.`last_login`>'&4'))", $this->sessionid, $this->userid, $min_lastlogin_permanent, $min_lastlogin); + if ($rUser = sql_fetch_assoc($rs)) + { + if ((($this->permanent == true) && (strtotime($rUser['last_login']) + LOGIN_TIME/2 < time())) || + (($this->permanent == false) && (strtotime($rUser['last_login']) + LOGIN_TIME_PERMANENT/2 < time()))) + { + sqlf("UPDATE `sys_sessions` SET `sys_sessions`.`last_login`=NOW() WHERE `sys_sessions`.`uuid`='&1' AND `sys_sessions`.`user_id`='&2'", $this->sessionid, $this->userid); + $rUser['last_login'] = date('Y-m-d H:i:s'); + } + + // user.last_login is used for statics, so we keep it up2date + sqlf("UPDATE `user` SET `user`.`last_login`=NOW() WHERE `user`.`user_id`='&1'", $this->userid); + + $this->lastlogin = $rUser['last_login']; + $this->username = $rUser['username']; + $this->admin = $rUser['admin']; + $this->verified = true; + } + else + { + // prevent bruteforce + sql("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', 0)", $_SERVER['REMOTE_ADDR']); + + $this->pClear(); + } + sql_free_result($rs); + + $this->pStoreCookie(); + return; + } + + function try_login($user, $password, $permanent) + { + global $opt; + + if ($password == '') + return LOGIN_EMPTY_USERPASSWORD; + + $pwmd5 = md5($password); + if ($opt['logic']['password_hash']) + $pwmd5 = hash('sha512', $pwmd5); + + return $this->try_login_md5($user, $pwmd5, $permanent); + } + + function checkLoginsCount() + { + global $opt; + + // cleanup old entries + // (execute only every 50 search calls) + if (rand(1, 50) == 1) + sqlf("DELETE FROM `sys_logins` WHERE `date_created`<'&1'", date('Y-m-d H:i:s', time() - 3600)); + + // check the number of logins in the last hour ... + $logins_count = sqlf_value("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='&1' AND `date_created`>'&2'", 0, $_SERVER['REMOTE_ADDR'], date('Y-m-d H:i:s', time() - 3600)); + if ($logins_count > $opt['page']['max_logins_per_hour']) + return false; + else + return true; + } + + function try_login_md5($user, $pwmd5, $permanent) + { + global $opt; + $this->pClear(); + + if ($user == '' || $pwmd5 == '') + return LOGIN_EMPTY_USERPASSWORD; + + if ($this->checkLoginsCount() == false) + return LOGIN_TOOMUCHLOGINS; + + // delete old sessions + $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); + sqlf("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent); + + // compare $user with email and username, if both matches use email + $rsUser = sqlf("SELECT `user_id`, `username`, 2 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `username`='&1' AND `password`='&2' UNION + SELECT `user_id`, `username`, 1 AS `prio`, `is_active_flag`, `permanent_login_flag`, `admin` FROM `user` WHERE `email`='&1' AND `password`='&2' ORDER BY `prio` ASC LIMIT 1", $user, $pwmd5); + $rUser = sql_fetch_assoc($rsUser); + sql_free_result($rsUser); + + if ($permanent == null) + $permanent = ($rUser['permanent_login_flag'] == 1); + + if ($rUser) + { + // ok, there is a valid login + if ($rUser['is_active_flag'] != 0) + { + // begin session + $uuid = self::create_sessionid(); + sqlf("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`) VALUES ('&1', '&2', '&3')", $uuid, $rUser['user_id'], ($permanent!=false ? 1 : 0)); + $this->userid = $rUser['user_id']; + $this->username = $rUser['username']; + $this->permanent = $permanent; + $this->lastlogin = date('Y-m-d H:i:s'); + $this->sessionid = $uuid; + $this->admin = $rUser['admin']; + $this->verified = true; + + $retval = LOGIN_OK; + } + else + $retval = LOGIN_USERNOTACTIVE; + } + else + { + // sorry, bad login + $retval = LOGIN_BADUSERPW; + } + + sqlf("INSERT INTO `sys_logins` (`remote_addr`, `success`) VALUES ('&1', '&2')", $_SERVER['REMOTE_ADDR'], ($rUser===false ? 0 : 1)); + + // store to cookie + $this->pStoreCookie(); + + return $retval; + } + + private static function create_sessionid() + { + return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x', + mt_rand(0, 0xffff), mt_rand(0, 0xffff), + mt_rand(0, 0xffff), + mt_rand(0, 0xffff), + mt_rand(0, 0xffff), + mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff) + ); + } + + function getUserCountry() + { + global $opt, $cookie; + + // language specified in cookie? + if ($cookie->is_set('usercountry')) + { + $sCountry = $cookie->get('usercountry', null); + if ($sCountry != null) + return $sCountry; + } + + // user specified a language? + if ($this->userid != 0) + { + $sCountry = sql_value("SELECT `country` FROM `user` WHERE `user_id`='&1'", null, $this->userid); + if ($sCountry != null) + return $sCountry; + } + + // default country of this language + if (isset($opt['locale'][$opt['template']['locale']]['country'])) + return $opt['locale'][$opt['template']['locale']]['country']; + + // default country of installation (or domain) + return $opt['template']['default']['country']; + } + + function logout() + { + if ($this->userid != 0) + sqlf("DELETE FROM `sys_sessions` WHERE `uuid`='&1' AND `user_id`='&2'", $this->sessionid, $this->userid); + + $this->pClear(); + } + + public function hasAdminPriv($privilege = false) + { + if ($privilege === false) + return $this->admin != 0; + + return ($this->admin & $privilege) == $privilege; + } +} +?> diff --git a/htdocs/log.php b/htdocs/log.php index 530e3784..5a48913d 100644 --- a/htdocs/log.php +++ b/htdocs/log.php @@ -1,352 +1,352 @@ -'.$rating_stat); - $rating_msg = mb_ereg_replace('{max}', floor($user_founds * rating_percentage/100), $rating_msg); - $rating_msg = mb_ereg_replace('{curr}', $user_tops, $rating_msg); - } - else - { - $anzahl = ($user_tops + 1 - ($user_founds * rating_percentage/100)) / (rating_percentage/100); - if ($anzahl > 1) - $rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds); - else - $rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds); - if ($user_tops) - $rating_msg .= '
'.$rating_maywithdraw; - } - tpl_set_var('rating_message', mb_ereg_replace('{rating_msg}', $rating_msg, $rating_tpl)); - - // descMode auslesen, falls nicht gesetzt aus dem Profil laden - if (isset($_POST['descMode'])) - $descMode = $_POST['descMode']+0; - else - { - if (sqlValue("SELECT `no_htmledit_flag` FROM `user` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 1) == 1) - $descMode = 1; - else - $descMode = 3; - } - if (($descMode < 1) || ($descMode > 3)) $descMode = 3; - - // fuer alte Versionen von OCProp - if ((isset($_POST['submit']) || isset($_POST['submitform'])) && !isset($_POST['version3'])) - { - die('Your client may be outdated!'); - } - - if ($descMode != 1) - { - // Filter Input - $purifier = new HTMLPurifier(); - $log_text = $purifier->purify($log_text); - } - else - { - // escape text - $log_text = nl2br(htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8')); - } - - //validate data - if (is_numeric($log_date_month) && is_numeric($log_date_day) && is_numeric($log_date_year)) - { - $date_ok = checkdate($log_date_month, $log_date_day, $log_date_year) - && ($log_date_year >= 2000); - if ($date_ok) - if (isset($_POST['submitform'])) - if (mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year) >= mktime()) - $date_ok = false; - } - else - $date_ok = false; - - $logtype_ok = sqlValue("SELECT COUNT(*) FROM cache_logtype WHERE cache_type_id='" . sql_escape($cache_type) . "' AND log_type_id='" . sql_escape($log_type) . "'", 0) > 0; - - // not a found log? then ignore the rating - if ($log_type != 1 && $log_type != 7) - $top_option = 0; - - $pw_ok = true; - if (isset($_POST['submitform'])) - { - $all_ok = $date_ok && $logtype_ok; - - if ($all_ok && $use_log_pw && $log_type == 1) - if (!isset($_POST['log_pw']) || - mb_strtolower($log_pw) != mb_strtolower($_POST['log_pw'])) - { - $pw_ok = false; - $all_ok = false; - } - } - - if (isset($_POST['submitform']) && ($all_ok == true)) - { - $log_date = date('Y-m-d', mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year)); - - //add logentry to db - sql("INSERT INTO `cache_logs` (`id`, `cache_id`, `user_id`, `type`, `date`, `text`, `text_html`, `text_htmledit`, `uuid`, `node`) - VALUES ('', '&1', '&2', '&3', '&4', '&5', '&6', '&7', UUID(), '&8')", - $cache_id, $usr['userid'], $log_type, $log_date, $log_text, (($descMode != 1) ? 1 : 0), (($descMode == 3) ? 1 : 0), $oc_nodeid); - - // do not use slave server for the next time ... - db_slave_exclude(); - - // update cache_status - $rs = sql("SELECT `log_types`.`cache_status` FROM `log_types` WHERE `id`='&1'", $log_type); - if ($record = sql_fetch_array($rs)) - { - $cache_status = $record['cache_status']; - if ($cache_status != 0) - { - $rs = sql("UPDATE `caches` SET `status`='&1' WHERE `cache_id`='&2'", $cache_status, $cache_id); - } - } - else - { - die("OPS!"); - } - - // update top-list - if ($top_option) - if ($top_cache) - sql("INSERT IGNORE INTO `cache_rating` (`user_id`, `cache_id`, `rating_date`) VALUES('&1', '&2', '&3')", $usr['userid'], $cache_id, $log_date); - else - sql("DELETE FROM `cache_rating` WHERE `user_id`='&1' AND `cache_id`='&2'", $usr['userid'], $cache_id); - - //call eventhandler - require_once($rootpath . 'lib/eventhandler.inc.php'); - event_new_log($cache_id, $usr['userid']+0); - - //redirect to viewcache - $no_tpl_build = true; - //include('viewcache.php'); - tpl_redirect('viewcache.php?cacheid=' . $cache_id); - } - else - { - //build logtypeoptions - $logtypeoptions = ''; - if ($cache_type == 6) // event - $logtypeorder = 'DESC'; - else - $logtypeorder = 'ASC'; - $rsLogTypes = sql("SELECT `log_types`.`id`, IFNULL(`sys_trans_text`.`text`, `log_types`.`name`) AS `name` - FROM `caches` - INNER JOIN `cache_type` ON `caches`.`type`=`cache_type`.`id` - INNER JOIN `cache_logtype` ON `cache_type`.`id`=`cache_logtype`.`cache_type_id` - INNER JOIN `log_types` ON `cache_logtype`.`log_type_id`=`log_types`.`id` - LEFT JOIN `sys_trans` ON `log_types`.`trans_id`=`sys_trans`.`id` - LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='" . sql_escape($locale) . "' - WHERE `caches`.`cache_id`='" . ($cache_id+0) . "' - ORDER BY `log_types`.`id` " . $logtypeorder); - while ($rLogTypes = sql_fetch_assoc($rsLogTypes)) - { - $sSelected = ($rLogTypes['id'] == $log_type) ? ' selected="selected"' : ''; - $logtypeoptions .= '' . "\n"; - } - sql_free_result($rsLogTypes); - - //set tpl vars - tpl_set_var('cachename', htmlspecialchars($cachename, ENT_COMPAT, 'UTF-8')); - tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8')); - tpl_set_var('logday', htmlspecialchars($log_date_day, ENT_COMPAT, 'UTF-8')); - tpl_set_var('logmonth', htmlspecialchars($log_date_month, ENT_COMPAT, 'UTF-8')); - tpl_set_var('logyear', htmlspecialchars($log_date_year, ENT_COMPAT, 'UTF-8')); - tpl_set_var('logtypeoptions', $logtypeoptions); - tpl_set_var('reset', $reset); - tpl_set_var('submit', $submit); - tpl_set_var('date_message', ''); - - // Text / normal HTML / HTML editor - tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); - - if ($descMode == 1) - tpl_set_var('descMode', 1); - else if ($descMode == 2) - tpl_set_var('descMode', 2); - else - { - // TinyMCE - $headers = tpl_get_var('htmlheaders') . "\n"; - $headers .= '' . "\n"; - $headers .= '' . "\n"; - tpl_set_var('htmlheaders', $headers); - - tpl_set_var('descMode', 3); - } - - if ($descMode != 1) - tpl_set_var('logtext', htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'), true); - else - tpl_set_var('logtext', $log_text); - - $listed_on = array(); - if ($wp_gc > "") - $listed_on[] = 'geocaching.com (loggen)'; - if ($wp_nc > "") - $listed_on[] = 'navicache.com'; - - if (sizeof($listed_on)) - { - tpl_set_var('listed_start', ""); - tpl_set_var('listed_end', ""); - tpl_set_var('listed_on', sizeof($listed_on) == 0 ? $listed_only_oc : implode(", ", $listed_on)); - } - else - { - tpl_set_var('listed_start', ""); - } - - if ($use_log_pw == true) - if (!$pw_ok == true) - tpl_set_var('log_pw_field', $log_pw_field_pw_not_ok); - else - tpl_set_var('log_pw_field', $log_pw_field); - else - tpl_set_var('log_pw_field', ''); - - if (!$date_ok) - tpl_set_var('date_message', $date_message); - - // build smilies - $smilies = ''; - if ($descMode != 3) - { - for ($i=0; $i +'.$rating_stat); + $rating_msg = mb_ereg_replace('{max}', floor($user_founds * rating_percentage/100), $rating_msg); + $rating_msg = mb_ereg_replace('{curr}', $user_tops, $rating_msg); + } + else + { + $anzahl = ($user_tops + 1 - ($user_founds * rating_percentage/100)) / (rating_percentage/100); + if ($anzahl > 1) + $rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds); + else + $rating_msg = mb_ereg_replace('{anzahl}', $anzahl, $rating_too_few_founds); + if ($user_tops) + $rating_msg .= '
'.$rating_maywithdraw; + } + tpl_set_var('rating_message', mb_ereg_replace('{rating_msg}', $rating_msg, $rating_tpl)); + + // descMode auslesen, falls nicht gesetzt aus dem Profil laden + if (isset($_POST['descMode'])) + $descMode = $_POST['descMode']+0; + else + { + if (sqlValue("SELECT `no_htmledit_flag` FROM `user` WHERE `user_id`='" . sql_escape($usr['userid']) . "'", 1) == 1) + $descMode = 1; + else + $descMode = 3; + } + if (($descMode < 1) || ($descMode > 3)) $descMode = 3; + + // fuer alte Versionen von OCProp + if ((isset($_POST['submit']) || isset($_POST['submitform'])) && !isset($_POST['version3'])) + { + die('Your client may be outdated!'); + } + + if ($descMode != 1) + { + // Filter Input + $purifier = new HTMLPurifier(); + $log_text = $purifier->purify($log_text); + } + else + { + // escape text + $log_text = nl2br(htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8')); + } + + //validate data + if (is_numeric($log_date_month) && is_numeric($log_date_day) && is_numeric($log_date_year)) + { + $date_ok = checkdate($log_date_month, $log_date_day, $log_date_year) + && ($log_date_year >= 2000); + if ($date_ok) + if (isset($_POST['submitform'])) + if (mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year) >= mktime()) + $date_ok = false; + } + else + $date_ok = false; + + $logtype_ok = sqlValue("SELECT COUNT(*) FROM cache_logtype WHERE cache_type_id='" . sql_escape($cache_type) . "' AND log_type_id='" . sql_escape($log_type) . "'", 0) > 0; + + // not a found log? then ignore the rating + if ($log_type != 1 && $log_type != 7) + $top_option = 0; + + $pw_ok = true; + if (isset($_POST['submitform'])) + { + $all_ok = $date_ok && $logtype_ok; + + if ($all_ok && $use_log_pw && $log_type == 1) + if (!isset($_POST['log_pw']) || + mb_strtolower($log_pw) != mb_strtolower($_POST['log_pw'])) + { + $pw_ok = false; + $all_ok = false; + } + } + + if (isset($_POST['submitform']) && ($all_ok == true)) + { + $log_date = date('Y-m-d', mktime(0, 0, 0, $log_date_month, $log_date_day, $log_date_year)); + + //add logentry to db + sql("INSERT INTO `cache_logs` (`id`, `cache_id`, `user_id`, `type`, `date`, `text`, `text_html`, `text_htmledit`, `node`) + VALUES ('', '&1', '&2', '&3', '&4', '&5', '&6', '&7', '&8')", + $cache_id, $usr['userid'], $log_type, $log_date, $log_text, (($descMode != 1) ? 1 : 0), (($descMode == 3) ? 1 : 0), $oc_nodeid); + + // do not use slave server for the next time ... + db_slave_exclude(); + + // update cache_status + $rs = sql("SELECT `log_types`.`cache_status` FROM `log_types` WHERE `id`='&1'", $log_type); + if ($record = sql_fetch_array($rs)) + { + $cache_status = $record['cache_status']; + if ($cache_status != 0) + { + $rs = sql("UPDATE `caches` SET `status`='&1' WHERE `cache_id`='&2'", $cache_status, $cache_id); + } + } + else + { + die("OPS!"); + } + + // update top-list + if ($top_option) + if ($top_cache) + sql("INSERT IGNORE INTO `cache_rating` (`user_id`, `cache_id`, `rating_date`) VALUES('&1', '&2', '&3')", $usr['userid'], $cache_id, $log_date); + else + sql("DELETE FROM `cache_rating` WHERE `user_id`='&1' AND `cache_id`='&2'", $usr['userid'], $cache_id); + + //call eventhandler + require_once($rootpath . 'lib/eventhandler.inc.php'); + event_new_log($cache_id, $usr['userid']+0); + + //redirect to viewcache + $no_tpl_build = true; + //include('viewcache.php'); + tpl_redirect('viewcache.php?cacheid=' . $cache_id); + } + else + { + //build logtypeoptions + $logtypeoptions = ''; + if ($cache_type == 6) // event + $logtypeorder = 'DESC'; + else + $logtypeorder = 'ASC'; + $rsLogTypes = sql("SELECT `log_types`.`id`, IFNULL(`sys_trans_text`.`text`, `log_types`.`name`) AS `name` + FROM `caches` + INNER JOIN `cache_type` ON `caches`.`type`=`cache_type`.`id` + INNER JOIN `cache_logtype` ON `cache_type`.`id`=`cache_logtype`.`cache_type_id` + INNER JOIN `log_types` ON `cache_logtype`.`log_type_id`=`log_types`.`id` + LEFT JOIN `sys_trans` ON `log_types`.`trans_id`=`sys_trans`.`id` + LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='" . sql_escape($locale) . "' + WHERE `caches`.`cache_id`='" . ($cache_id+0) . "' + ORDER BY `log_types`.`id` " . $logtypeorder); + while ($rLogTypes = sql_fetch_assoc($rsLogTypes)) + { + $sSelected = ($rLogTypes['id'] == $log_type) ? ' selected="selected"' : ''; + $logtypeoptions .= '' . "\n"; + } + sql_free_result($rsLogTypes); + + //set tpl vars + tpl_set_var('cachename', htmlspecialchars($cachename, ENT_COMPAT, 'UTF-8')); + tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8')); + tpl_set_var('logday', htmlspecialchars($log_date_day, ENT_COMPAT, 'UTF-8')); + tpl_set_var('logmonth', htmlspecialchars($log_date_month, ENT_COMPAT, 'UTF-8')); + tpl_set_var('logyear', htmlspecialchars($log_date_year, ENT_COMPAT, 'UTF-8')); + tpl_set_var('logtypeoptions', $logtypeoptions); + tpl_set_var('reset', $reset); + tpl_set_var('submit', $submit); + tpl_set_var('date_message', ''); + + // Text / normal HTML / HTML editor + tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); + + if ($descMode == 1) + tpl_set_var('descMode', 1); + else if ($descMode == 2) + tpl_set_var('descMode', 2); + else + { + // TinyMCE + $headers = tpl_get_var('htmlheaders') . "\n"; + $headers .= '' . "\n"; + $headers .= '' . "\n"; + tpl_set_var('htmlheaders', $headers); + + tpl_set_var('descMode', 3); + } + + if ($descMode != 1) + tpl_set_var('logtext', htmlspecialchars($log_text, ENT_COMPAT, 'UTF-8'), true); + else + tpl_set_var('logtext', $log_text); + + $listed_on = array(); + if ($wp_gc > "") + $listed_on[] = 'geocaching.com (loggen)'; + if ($wp_nc > "") + $listed_on[] = 'navicache.com'; + + if (sizeof($listed_on)) + { + tpl_set_var('listed_start', ""); + tpl_set_var('listed_end', ""); + tpl_set_var('listed_on', sizeof($listed_on) == 0 ? $listed_only_oc : implode(", ", $listed_on)); + } + else + { + tpl_set_var('listed_start', ""); + } + + if ($use_log_pw == true) + if (!$pw_ok == true) + tpl_set_var('log_pw_field', $log_pw_field_pw_not_ok); + else + tpl_set_var('log_pw_field', $log_pw_field); + else + tpl_set_var('log_pw_field', ''); + + if (!$date_ok) + tpl_set_var('date_message', $date_message); + + // build smilies + $smilies = ''; + if ($descMode != 3) + { + for ($i=0; $i diff --git a/htdocs/newcache.php b/htdocs/newcache.php index 13757b22..51f6a83f 100644 --- a/htdocs/newcache.php +++ b/htdocs/newcache.php @@ -1,955 +1,946 @@ - 3)) $descMode = 3; - - // fuer alte Versionen von OCProp - if (isset($_POST['submit']) && !isset($_POST['version2'])) - { - $descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1; - $_POST['submitform'] = $_POST['submit']; - - $short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc); - $desc = iconv("ISO-8859-1", "UTF-8", $desc); - $name = iconv("ISO-8859-1", "UTF-8", $name); - } - - // Text / normal HTML / HTML editor - tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); - - if ($descMode == 1) - tpl_set_var('descMode', 1); - else if ($descMode == 2) - tpl_set_var('descMode', 2); - else - { - // TinyMCE - $headers = tpl_get_var('htmlheaders') . "\n"; - $headers .= '' . "\n"; - $headers .= '' . "\n"; - tpl_set_var('htmlheaders', $headers); - - tpl_set_var('descMode', 3); - } - - //effort - $search_time = isset($_POST['search_time']) ? $_POST['search_time'] : '0'; - $way_length = isset($_POST['way_length']) ? $_POST['way_length'] : '0'; - - $search_time = mb_ereg_replace(',', '.', $search_time); - $way_length = mb_ereg_replace(',', '.', $way_length); - - if (mb_strpos($search_time, ':') == mb_strlen($search_time) - 3) - { - $st_hours = mb_substr($search_time, 0, mb_strpos($search_time, ':')); - $st_minutes = mb_substr($search_time, mb_strlen($st_hours) + 1); - - if (is_numeric($st_hours) && is_numeric($st_minutes)) - { - if (($st_minutes >= 0) && ($st_minutes < 60)) - { - $search_time = $st_hours + $st_minutes / 60; - } - } - } - - $st_hours = floor($search_time); - $st_minutes = sprintf('%02.0F', ($search_time - $st_hours) * 60); - - tpl_set_var('search_time', $st_hours . ':' . $st_minutes); - tpl_set_var('way_length', $way_length); - - - //hints - $hints = isset($_POST['hints']) ? $_POST['hints'] : ''; - tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')); - - // fuer alte Versionen von OCProp - if (isset($_POST['submit']) && !isset($_POST['version2'])) - { - $hints = iconv("ISO-8859-1", "UTF-8", $hints); - } - - //tos - $tos = isset($_POST['TOS']) ? 1 : 0; - if ($tos == 1) - tpl_set_var('toschecked', ' checked="checked"'); - else - tpl_set_var('toschecked', ''); - - //hidden_since - $hidden_day = isset($_POST['hidden_day']) ? $_POST['hidden_day'] : date('d'); - $hidden_month = isset($_POST['hidden_month']) ? $_POST['hidden_month'] : date('m'); - $hidden_year = isset($_POST['hidden_year']) ? $_POST['hidden_year'] : date('Y'); - tpl_set_var('hidden_day', htmlspecialchars($hidden_day, ENT_COMPAT, 'UTF-8')); - tpl_set_var('hidden_month', htmlspecialchars($hidden_month, ENT_COMPAT, 'UTF-8')); - tpl_set_var('hidden_year', htmlspecialchars($hidden_year, ENT_COMPAT, 'UTF-8')); - - //activation date - $activate_day = isset($_POST['activate_day']) ? $_POST['activate_day'] : date('d'); - $activate_month = isset($_POST['activate_month']) ? $_POST['activate_month'] : date('m'); - $activate_year = isset($_POST['activate_year']) ? $_POST['activate_year'] : date('Y'); - tpl_set_var('activate_day', htmlspecialchars($activate_day, ENT_COMPAT, 'UTF-8')); - tpl_set_var('activate_month', htmlspecialchars($activate_month, ENT_COMPAT, 'UTF-8')); - tpl_set_var('activate_year', htmlspecialchars($activate_year, ENT_COMPAT, 'UTF-8')); - - tpl_set_var('publish_now_checked', ''); - tpl_set_var('publish_later_checked', ''); - tpl_set_var('publish_notnow_checked', ''); - - $publish = isset($_POST['publish']) ? $_POST['publish'] : 'now2'; - if($publish == 'now2') - { - tpl_set_var('publish_now_checked', 'checked'); - } - else if($publish == 'later') - { - tpl_set_var('publish_later_checked', 'checked'); - } - else // notnow - { - $publish = 'notnow'; - tpl_set_var('publish_notnow_checked', 'checked'); - } - - // fill activate hours - $activate_hour = isset($_POST['activate_hour']) ? $_POST['activate_hour'] + 0 : date('H') + 0; - $activation_hours = ''; - for ($i = 0; $i <= 23; $i++) - { - if ($activate_hour == $i) - { - $activation_hours .= ''; - for ($i = 2; $i <= 10; $i++) - { - if ($difficulty == $i) - { - $difficulty_options .= '';; - for ($i = 2; $i <= 10; $i++) - { - if ($terrain == $i) - { - $terrain_options .= ''; - $rsSizes = sql("SELECT `cache_size`.`id`, IFNULL(`sys_trans_text`.`text`, `cache_size`.`name`) AS `name` - FROM `cache_size` - LEFT JOIN `sys_trans` ON `cache_size`.`trans_id`=`sys_trans`.`id` - LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND - `sys_trans_text`.`lang`='" . sql_escape($locale) . "' - ORDER BY `cache_size`.`ordinal` ASC"); - while ($rSize = sql_fetch_assoc($rsSizes)) - { - $sSelected = ($rSize['id'] == $sel_size) ? ' selected="selected"' : ''; - $sizes .= ''; - } - sql_free_result($rsSizes); - tpl_set_var('sizeoptions', $sizes); - - //typeoptions - $sSelected = ($sel_type == -1) ? ' selected="selected"' : ''; - $types = ''; - $rsTypes = sql("SELECT `cache_type`.`id`, IFNULL(`sys_trans_text`.`text`, `cache_type`.`name`) AS `name` - FROM `cache_type` - LEFT JOIN `sys_trans` ON `cache_type`.`trans_id`=`sys_trans`.`id` - LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND - `sys_trans_text`.`lang`='" . sql_escape($locale) . "' - ORDER BY `cache_type`.`ordinal` ASC"); - while ($rType = sql_fetch_assoc($rsTypes)) - { - $sSelected = ($rType['id'] == $sel_type) ? ' selected="selected"' : ''; - $types .= ''; - } - sql_free_result($rsTypes); - tpl_set_var('typeoptions', $types); - - if (isset($_POST['show_all_countries_submit'])) - { - $show_all_countries = 1; - } - elseif (isset($_POST['show_all_langs_submit'])) - { - $show_all_langs = 1; - } - - //langoptions - $langsoptions = ''; - - //check if selected country is in list_default - if ($show_all_langs == 0) - { - $rs = sql("SELECT `show` FROM `languages_list_default` WHERE `show`='&1' AND `lang`='&2'", $sel_lang, $locale); - if (mysql_num_rows($rs) == 0) $show_all_langs = 1; - sql_free_result($rs); - } - - if ($show_all_langs == 0) - { - tpl_set_var('show_all_langs', '0'); - tpl_set_var('show_all_langs_submit', ''); - - $rs = sql("SELECT `languages`.`short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` FROM `languages` INNER JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' WHERE `languages_list_default`.`lang`='&1' ORDER BY `name` ASC", $locale); - } - else - { - tpl_set_var('show_all_langs', '1'); - tpl_set_var('show_all_langs_submit', ''); - - $rs = sql("SELECT `languages`.`short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` FROM `languages` LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' ORDER BY `name` ASC", $locale); - } - - while ($record = sql_fetch_assoc($rs)) - { - $sSelected = ($record['short'] == $sel_lang) ? ' selected="selected"' : ''; - $langsoptions .= '' . "\n"; - } - - tpl_set_var('langoptions', $langsoptions); - - //countryoptions - $countriesoptions = ''; - - //check if selected country is in list_default - if ($show_all_countries == 0) - { - $rs = sql("SELECT `show` FROM `countries_list_default` WHERE `show`='&1' AND `lang`='&2'", $sel_country, $locale); - if (mysql_num_rows($rs) == 0) $show_all_countries = 1; - sql_free_result($rs); - } - - if ($show_all_countries == 0) - { - tpl_set_var('show_all_countries', '0'); - tpl_set_var('show_all_countries_submit', ''); - - $rs = sql("SELECT `countries`.`short`, IFNULL(`sys_trans_text`.`text`, `countries`.`name`) AS `name` FROM `countries` INNER JOIN `countries_list_default` ON `countries_list_default`.`show`=`countries`.`short` LEFT JOIN `sys_trans` ON `countries`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' WHERE `countries_list_default`.`lang`='&1' ORDER BY `name` ASC", $locale); - } - else - { - tpl_set_var('show_all_countries', '1'); - tpl_set_var('show_all_countries_submit', ''); - - $rs = sql("SELECT `countries`.`short`, IFNULL(`sys_trans_text`.`text`, `countries`.`name`) AS `name` FROM `countries` LEFT JOIN `sys_trans` ON `countries`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' ORDER BY `name` ASC", $locale); - } - - // $opt['locale'][$locale]['country'] would give country of chosen langugage - // build the "country" dropdown list, preselect $sel_country - while ($record = sql_fetch_array($rs)) - { - $sSelected = ($record['short'] == $sel_country) ? ' selected="selected"' : ''; - $countriesoptions .= '' . "\n"; - } - sql_free_result($rs); - - tpl_set_var('countryoptions', $countriesoptions); - - // cache-attributes - $cache_attribs = isset($_POST['cache_attribs']) ? mb_split(';', $_POST['cache_attribs']) : array(); - - // cache-attributes - $bBeginLine = true; - $nPrevLineAttrCount = 0; - $nLineAttrCount = 0; - - $cache_attrib_list = ''; - $cache_attrib_array = ''; - $cache_attribs_string = ''; - - $rsAttrGroup = sql("SELECT `attribute_groups`.`id`, IFNULL(`sys_trans_text`.`text`, `attribute_groups`.`name`) AS `name`, `attribute_categories`.`color` - FROM `attribute_groups` - INNER JOIN `attribute_categories` ON `attribute_groups`.`category_id`=`attribute_categories`.`id` - LEFT JOIN `sys_trans` ON `attribute_groups`.`trans_id`=`sys_trans`.`id` - LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' - ORDER BY `attribute_groups`.`category_id` ASC, `attribute_groups`.`id` ASC", $locale); - while ($rAttrGroup = sql_fetch_assoc($rsAttrGroup)) - { - $group_line = ''; - - $rs = sql("SELECT `cache_attrib`.`id`, IFNULL(`ttname`.`text`, `cache_attrib`.`name`) AS `name`, `cache_attrib`.`icon_undef`, `cache_attrib`.`icon_large`, IFNULL(`ttdesc`.`text`, `cache_attrib`.`html_desc`) AS `html_desc` - FROM `cache_attrib` - LEFT JOIN `sys_trans` AS `tname` ON `cache_attrib`.`trans_id`=`tname`.`id` AND `cache_attrib`.`name`=`tname`.`text` - LEFT JOIN `sys_trans_text` AS `ttname` ON `tname`.`id`=`ttname`.`trans_id` AND `ttname`.`lang`='&1' - LEFT JOIN `sys_trans` AS `tdesc` ON `cache_attrib`.`html_desc_trans_id`=`tdesc`.`id` AND `cache_attrib`.`html_desc`=`tdesc`.`text` - LEFT JOIN `sys_trans_text` AS `ttdesc` ON `tdesc`.`id`=`ttdesc`.`trans_id` AND `ttdesc`.`lang`='&1' - WHERE `cache_attrib`.`group_id`=" . ($rAttrGroup['id']+0) . " AND - NOT IFNULL(`cache_attrib`.`hidden`, 0)=1 AND - `cache_attrib`.`selectable`!=0 ORDER BY `cache_attrib`.`group_id`, `cache_attrib`.`id`", $locale); - while($record = sql_fetch_array($rs)) - { - $line = $cache_attrib_pic; - - $line = mb_ereg_replace('{attrib_id}', $record['id'], $line); - $line = mb_ereg_replace('{attrib_text}', escape_javascript($record['name']), $line); - if (in_array($record['id'], $cache_attribs)) - $line = mb_ereg_replace('{attrib_pic}', $record['icon_large'], $line); - else - $line = mb_ereg_replace('{attrib_pic}', $record['icon_undef'], $line); - $line = mb_ereg_replace('{html_desc}', escape_javascript($record['html_desc']), $line); - $line = mb_ereg_replace('{name}', escape_javascript($record['name']), $line); - $line = mb_ereg_replace('{color}', $rAttrGroup['color'], $line); - $group_line .= $line; - $nLineAttrCount++; - - $line = $cache_attrib_js; - $line = mb_ereg_replace('{id}', $record['id'], $line); - if (in_array($record['id'], $cache_attribs)) - $line = mb_ereg_replace('{selected}', 1, $line); - else - $line = mb_ereg_replace('{selected}', 0, $line); - $line = mb_ereg_replace('{img_undef}', $record['icon_undef'], $line); - $line = mb_ereg_replace('{img_large}', $record['icon_large'], $line); - if ($cache_attrib_array != '') $cache_attrib_array .= ','; - $cache_attrib_array .= $line; - - if (in_array($record['id'], $cache_attribs)) - { - if ($cache_attribs_string != '') $cache_attribs_string .= ';'; - $cache_attribs_string .= $record['id']; - } - } - sql_free_result($rs); - - if ($group_line != '') - { - $group_img = $cache_attrib_group; - $group_img = mb_ereg_replace('{color}', $rAttrGroup['color'], $group_img); - $group_img = mb_ereg_replace('{attribs}', $group_line, $group_img); - $group_img = mb_ereg_replace('{name}', htmlspecialchars($rAttrGroup['name'], ENT_COMPAT, 'UTF-8'), $group_img); - - if ($bBeginLine == true) - { - $cache_attrib_list .= '
'; - $bBeginLine = false; - } - - $cache_attrib_list .= $group_img; - $nPrevLineAttrCount += $nLineAttrCount; - - $nLineAttrCount = 0; - } - } - sql_free_result($rsAttrGroup); - if ($bBeginLine == false) - $cache_attrib_list .= '
'; - - tpl_set_var('cache_attrib_list', $cache_attrib_list); - tpl_set_var('jsattributes_array', $cache_attrib_array); - tpl_set_var('cache_attribs', $cache_attribs_string); - - if (isset($_POST['submitform'])) - { - //check the entered data - - //check coordinates - if ($lat_h!='' || $lat_min!='') - { - if (!mb_ereg_match('^[0-9]{1,2}$', $lat_h)) - { - tpl_set_var('lat_message', $error_coords_not_ok); - $error = true; - $lat_h_not_ok = true; - } - else - { - if (($lat_h >= 0) && ($lat_h < 90)) - { - $lat_h_not_ok = false; - } - else - { - tpl_set_var('lat_message', $error_coords_not_ok); - $error = true; - $lat_h_not_ok = true; - } - } - - if (is_numeric($lat_min)) - { - if (($lat_min >= 0) && ($lat_min < 60)) - { - $lat_min_not_ok = false; - } - else - { - tpl_set_var('lat_message', $error_coords_not_ok); - $error = true; - $lat_min_not_ok = true; - } - } - else - { - tpl_set_var('lat_message', $error_coords_not_ok); - $error = true; - $lat_min_not_ok = true; - } - - $latitude = $lat_h + $lat_min / 60; - if ($latNS == 'S') $latitude = -$latitude; - - if ($latitude == 0) - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lat_min_not_ok = true; - } - } - else - { - $latitude = NULL; - $lat_h_not_ok = false; - $lat_min_not_ok = false; - } - - if ($lon_h!='' || $lon_min!='') - { - if (!mb_ereg_match('^[0-9]{1,3}$', $lon_h)) - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lon_h_not_ok = true; - } - else - { - if (($lon_h >= 0) && ($lon_h < 180)) - { - $lon_h_not_ok = false; - } - else - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lon_h_not_ok = true; - } - } - - if (is_numeric($lon_min)) - { - if (($lon_min >= 0) && ($lon_min < 60)) - { - $lon_min_not_ok = false; - } - else - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lon_min_not_ok = true; - } - } - else - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lon_min_not_ok = true; - } - - $longitude = $lon_h + $lon_min / 60; - if ($lonEW == 'W') $longitude = -$longitude; - - if ($longitude == 0) - { - tpl_set_var('lon_message', $error_coords_not_ok); - $error = true; - $lon_min_not_ok = true; - } - } - else - { - $longitude = NULL; - $lon_h_not_ok = false; - $lon_min_not_ok = false; - } - - $lon_not_ok = $lon_min_not_ok || $lon_h_not_ok; - $lat_not_ok = $lat_min_not_ok || $lat_h_not_ok; - - //check effort - $time_not_ok = true; - if (is_numeric($search_time) || ($search_time == '')) - { - $time_not_ok = false; - } - if ($time_not_ok) - { - tpl_set_var('effort_message', $time_not_ok_message); - $error = true; - } - $way_length_not_ok =true; - if (is_numeric($way_length) || ($search_time == '')) - { - $way_length_not_ok = false; - } - if ($way_length_not_ok) - { - tpl_set_var('effort_message', $way_length_not_ok_message); - $error = true; - } - - - //check hidden_since - $hidden_date_not_ok = true; - if (is_numeric($hidden_day) && is_numeric($hidden_month) && is_numeric($hidden_year)) - { - $hidden_date_not_ok = (checkdate($hidden_month, $hidden_day, $hidden_year) == false); - } - if ($hidden_date_not_ok) - { - tpl_set_var('hidden_since_message', $date_not_ok_message); - $error = true; - } - - //check date_activate - $activation_date_not_ok = true; - if (is_numeric($activate_day) && is_numeric($activate_month) && is_numeric($activate_year) && is_numeric($activate_hour)) - { - $activation_date_not_ok = ((checkdate($activate_month, $activate_day, $activate_year) == false) || $activate_hour < 0 || $activate_hour > 23); - } - if ($activation_date_not_ok == false) - { - if(!($publish == 'now2' || $publish == 'later' || $publish == 'notnow')) - { - $activation_date_not_ok = true; - } - } - if ($activation_date_not_ok) - { - tpl_set_var('activate_on_message', $date_not_ok_message); - $error = true; - } - - //name - if ($name == '') - { - tpl_set_var('name_message', $name_not_ok_message); - $error = true; - $name_not_ok = true; - } - else - { - $name_not_ok = false; - } - - //tos - if ($tos != 1) - { - tpl_set_var('tos_message', $tos_not_ok_message); - $error = true; - $tos_not_ok = true; - } - else - { - $tos_not_ok = false; - } - - //html-desc? - $desc_html_not_ok = false; - if ($descMode != 1) - { - // Filter Input - $purifier = new HTMLPurifier(); - $desc = $purifier->purify($desc); - - tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')); - - $desc_html_not_ok = false; - - if ($desc_html_not_ok == true) - { - tpl_set_var('desc_message', mb_ereg_replace('%text%', $errmsg, $html_desc_errbox)); - $error = true; - } - } - - //cache-size - $size_not_ok = false; - if ($sel_size == -1) - { - tpl_set_var('size_message', $size_not_ok_message); - $error = true; - $size_not_ok = true; - } - - //cache-type - $type_not_ok = false; - if ($sel_type == -1) - { - tpl_set_var('type_message', $type_not_ok_message); - $error = true; - $type_not_ok = true; - } - - if ($sel_size != 7 && ($sel_type == 4 || $sel_type == 5)) - { - if (!$size_not_ok) tpl_set_var('size_message', $sizemismatch_message); - $error = true; - $size_not_ok = true; - } - - //difficulty / terrain - $diff_not_ok = false; - if ($difficulty < 2 || $difficulty > 10 || $terrain < 2 || $terrain > 10) - { - tpl_set_var('diff_message', $diff_not_ok_message); - $error = true; - $diff_not_ok = true; - } - - //no errors? - if (!($tos_not_ok || $name_not_ok || $hidden_date_not_ok || $activation_date_not_ok || $lon_not_ok || $lat_not_ok || $desc_html_not_ok || $time_not_ok || $way_length_not_ok || $size_not_ok || $type_not_ok || $diff_not_ok)) - { - //sel_status - $now = getdate(); - $today = mktime(0, 0, 0, $now['mon'], $now['mday'], $now['year']); - $hidden_date = mktime(0, 0, 0, $hidden_month, $hidden_day, $hidden_year); - - if (($hidden_date > $today) && ($sel_type != 6)) - { - $sel_status = 2; //currently not available - } - else - { - $sel_status = 1; //available - } - - if($publish == 'now2') - { - $activation_date = 'NULL'; - $activation_column = ' '; - } - elseif($publish == 'later') - { - $sel_status = 5; - $activation_date = "'".date('Y-m-d H:i:s', mktime($activate_hour, 0, 0, $activate_month, $activate_day, $activate_year))."'"; - } - elseif($publish == 'notnow') - { - $sel_status = 5; - $activation_date = 'NULL'; - } - else - { - // should never happen - $activation_date = 'NULL'; - } - - $cache_uuid = create_uuid(); - //add record to caches table - sql("INSERT INTO `caches` ( - `cache_id`, - `user_id`, - `name`, - `longitude`, - `latitude`, - `type` , - `status` , - `country` , - `date_hidden` , - `date_activate` , - `size` , - `difficulty` , - `terrain`, - `uuid`, - `logpw`, - `search_time`, - `way_length`, - `wp_gc`, - `wp_nc`, - `node` - ) VALUES ( - '', '&1', '&2', '&3', '&4', '&5', '&6', '&7', '&8', $activation_date, - '&9', '&10', '&11', '&12', '&13', '&14', '&15', '&16', '&17', '&18')", - $usr['userid'], - $name, - $longitude, - $latitude, - $sel_type, - $sel_status, - $sel_country, - date('Y-m-d', $hidden_date), - $sel_size, - $difficulty, - $terrain, - $cache_uuid, - $log_pw, - $search_time, - $way_length, - $wp_gc, - $wp_nc, - $oc_nodeid); - $cache_id = mysql_insert_id($dblink); - - // do not use slave server for the next time ... - db_slave_exclude(); - + 3)) $descMode = 3; + + // fuer alte Versionen von OCProp + if (isset($_POST['submit']) && !isset($_POST['version2'])) + { + $descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1; + $_POST['submitform'] = $_POST['submit']; + + $short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc); + $desc = iconv("ISO-8859-1", "UTF-8", $desc); + $name = iconv("ISO-8859-1", "UTF-8", $name); + } + + // Text / normal HTML / HTML editor + tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); + + if ($descMode == 1) + tpl_set_var('descMode', 1); + else if ($descMode == 2) + tpl_set_var('descMode', 2); + else + { + // TinyMCE + $headers = tpl_get_var('htmlheaders') . "\n"; + $headers .= '' . "\n"; + $headers .= '' . "\n"; + tpl_set_var('htmlheaders', $headers); + + tpl_set_var('descMode', 3); + } + + //effort + $search_time = isset($_POST['search_time']) ? $_POST['search_time'] : '0'; + $way_length = isset($_POST['way_length']) ? $_POST['way_length'] : '0'; + + $search_time = mb_ereg_replace(',', '.', $search_time); + $way_length = mb_ereg_replace(',', '.', $way_length); + + if (mb_strpos($search_time, ':') == mb_strlen($search_time) - 3) + { + $st_hours = mb_substr($search_time, 0, mb_strpos($search_time, ':')); + $st_minutes = mb_substr($search_time, mb_strlen($st_hours) + 1); + + if (is_numeric($st_hours) && is_numeric($st_minutes)) + { + if (($st_minutes >= 0) && ($st_minutes < 60)) + { + $search_time = $st_hours + $st_minutes / 60; + } + } + } + + $st_hours = floor($search_time); + $st_minutes = sprintf('%02.0F', ($search_time - $st_hours) * 60); + + tpl_set_var('search_time', $st_hours . ':' . $st_minutes); + tpl_set_var('way_length', $way_length); + + + //hints + $hints = isset($_POST['hints']) ? $_POST['hints'] : ''; + tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')); + + // fuer alte Versionen von OCProp + if (isset($_POST['submit']) && !isset($_POST['version2'])) + { + $hints = iconv("ISO-8859-1", "UTF-8", $hints); + } + + //tos + $tos = isset($_POST['TOS']) ? 1 : 0; + if ($tos == 1) + tpl_set_var('toschecked', ' checked="checked"'); + else + tpl_set_var('toschecked', ''); + + //hidden_since + $hidden_day = isset($_POST['hidden_day']) ? $_POST['hidden_day'] : date('d'); + $hidden_month = isset($_POST['hidden_month']) ? $_POST['hidden_month'] : date('m'); + $hidden_year = isset($_POST['hidden_year']) ? $_POST['hidden_year'] : date('Y'); + tpl_set_var('hidden_day', htmlspecialchars($hidden_day, ENT_COMPAT, 'UTF-8')); + tpl_set_var('hidden_month', htmlspecialchars($hidden_month, ENT_COMPAT, 'UTF-8')); + tpl_set_var('hidden_year', htmlspecialchars($hidden_year, ENT_COMPAT, 'UTF-8')); + + //activation date + $activate_day = isset($_POST['activate_day']) ? $_POST['activate_day'] : date('d'); + $activate_month = isset($_POST['activate_month']) ? $_POST['activate_month'] : date('m'); + $activate_year = isset($_POST['activate_year']) ? $_POST['activate_year'] : date('Y'); + tpl_set_var('activate_day', htmlspecialchars($activate_day, ENT_COMPAT, 'UTF-8')); + tpl_set_var('activate_month', htmlspecialchars($activate_month, ENT_COMPAT, 'UTF-8')); + tpl_set_var('activate_year', htmlspecialchars($activate_year, ENT_COMPAT, 'UTF-8')); + + tpl_set_var('publish_now_checked', ''); + tpl_set_var('publish_later_checked', ''); + tpl_set_var('publish_notnow_checked', ''); + + $publish = isset($_POST['publish']) ? $_POST['publish'] : 'now2'; + if($publish == 'now2') + { + tpl_set_var('publish_now_checked', 'checked'); + } + else if($publish == 'later') + { + tpl_set_var('publish_later_checked', 'checked'); + } + else // notnow + { + $publish = 'notnow'; + tpl_set_var('publish_notnow_checked', 'checked'); + } + + // fill activate hours + $activate_hour = isset($_POST['activate_hour']) ? $_POST['activate_hour'] + 0 : date('H') + 0; + $activation_hours = ''; + for ($i = 0; $i <= 23; $i++) + { + if ($activate_hour == $i) + { + $activation_hours .= ''; + for ($i = 2; $i <= 10; $i++) + { + if ($difficulty == $i) + { + $difficulty_options .= '';; + for ($i = 2; $i <= 10; $i++) + { + if ($terrain == $i) + { + $terrain_options .= ''; + $rsSizes = sql("SELECT `cache_size`.`id`, IFNULL(`sys_trans_text`.`text`, `cache_size`.`name`) AS `name` + FROM `cache_size` + LEFT JOIN `sys_trans` ON `cache_size`.`trans_id`=`sys_trans`.`id` + LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND + `sys_trans_text`.`lang`='" . sql_escape($locale) . "' + ORDER BY `cache_size`.`ordinal` ASC"); + while ($rSize = sql_fetch_assoc($rsSizes)) + { + $sSelected = ($rSize['id'] == $sel_size) ? ' selected="selected"' : ''; + $sizes .= ''; + } + sql_free_result($rsSizes); + tpl_set_var('sizeoptions', $sizes); + + //typeoptions + $sSelected = ($sel_type == -1) ? ' selected="selected"' : ''; + $types = ''; + $rsTypes = sql("SELECT `cache_type`.`id`, IFNULL(`sys_trans_text`.`text`, `cache_type`.`name`) AS `name` + FROM `cache_type` + LEFT JOIN `sys_trans` ON `cache_type`.`trans_id`=`sys_trans`.`id` + LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND + `sys_trans_text`.`lang`='" . sql_escape($locale) . "' + ORDER BY `cache_type`.`ordinal` ASC"); + while ($rType = sql_fetch_assoc($rsTypes)) + { + $sSelected = ($rType['id'] == $sel_type) ? ' selected="selected"' : ''; + $types .= ''; + } + sql_free_result($rsTypes); + tpl_set_var('typeoptions', $types); + + if (isset($_POST['show_all_countries_submit'])) + { + $show_all_countries = 1; + } + elseif (isset($_POST['show_all_langs_submit'])) + { + $show_all_langs = 1; + } + + //langoptions + $langsoptions = ''; + + //check if selected country is in list_default + if ($show_all_langs == 0) + { + $rs = sql("SELECT `show` FROM `languages_list_default` WHERE `show`='&1' AND `lang`='&2'", $sel_lang, $locale); + if (mysql_num_rows($rs) == 0) $show_all_langs = 1; + sql_free_result($rs); + } + + if ($show_all_langs == 0) + { + tpl_set_var('show_all_langs', '0'); + tpl_set_var('show_all_langs_submit', ''); + + $rs = sql("SELECT `languages`.`short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` FROM `languages` INNER JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' WHERE `languages_list_default`.`lang`='&1' ORDER BY `name` ASC", $locale); + } + else + { + tpl_set_var('show_all_langs', '1'); + tpl_set_var('show_all_langs_submit', ''); + + $rs = sql("SELECT `languages`.`short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` FROM `languages` LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' ORDER BY `name` ASC", $locale); + } + + while ($record = sql_fetch_assoc($rs)) + { + $sSelected = ($record['short'] == $sel_lang) ? ' selected="selected"' : ''; + $langsoptions .= '' . "\n"; + } + + tpl_set_var('langoptions', $langsoptions); + + //countryoptions + $countriesoptions = ''; + + //check if selected country is in list_default + if ($show_all_countries == 0) + { + $rs = sql("SELECT `show` FROM `countries_list_default` WHERE `show`='&1' AND `lang`='&2'", $sel_country, $locale); + if (mysql_num_rows($rs) == 0) $show_all_countries = 1; + sql_free_result($rs); + } + + if ($show_all_countries == 0) + { + tpl_set_var('show_all_countries', '0'); + tpl_set_var('show_all_countries_submit', ''); + + $rs = sql("SELECT `countries`.`short`, IFNULL(`sys_trans_text`.`text`, `countries`.`name`) AS `name` FROM `countries` INNER JOIN `countries_list_default` ON `countries_list_default`.`show`=`countries`.`short` LEFT JOIN `sys_trans` ON `countries`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' WHERE `countries_list_default`.`lang`='&1' ORDER BY `name` ASC", $locale); + } + else + { + tpl_set_var('show_all_countries', '1'); + tpl_set_var('show_all_countries_submit', ''); + + $rs = sql("SELECT `countries`.`short`, IFNULL(`sys_trans_text`.`text`, `countries`.`name`) AS `name` FROM `countries` LEFT JOIN `sys_trans` ON `countries`.`trans_id`=`sys_trans`.`id` LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' ORDER BY `name` ASC", $locale); + } + + // $opt['locale'][$locale]['country'] would give country of chosen langugage + // build the "country" dropdown list, preselect $sel_country + while ($record = sql_fetch_array($rs)) + { + $sSelected = ($record['short'] == $sel_country) ? ' selected="selected"' : ''; + $countriesoptions .= '' . "\n"; + } + sql_free_result($rs); + + tpl_set_var('countryoptions', $countriesoptions); + + // cache-attributes + $cache_attribs = isset($_POST['cache_attribs']) ? mb_split(';', $_POST['cache_attribs']) : array(); + + // cache-attributes + $bBeginLine = true; + $nPrevLineAttrCount = 0; + $nLineAttrCount = 0; + + $cache_attrib_list = ''; + $cache_attrib_array = ''; + $cache_attribs_string = ''; + + $rsAttrGroup = sql("SELECT `attribute_groups`.`id`, IFNULL(`sys_trans_text`.`text`, `attribute_groups`.`name`) AS `name`, `attribute_categories`.`color` + FROM `attribute_groups` + INNER JOIN `attribute_categories` ON `attribute_groups`.`category_id`=`attribute_categories`.`id` + LEFT JOIN `sys_trans` ON `attribute_groups`.`trans_id`=`sys_trans`.`id` + LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' + ORDER BY `attribute_groups`.`category_id` ASC, `attribute_groups`.`id` ASC", $locale); + while ($rAttrGroup = sql_fetch_assoc($rsAttrGroup)) + { + $group_line = ''; + + $rs = sql("SELECT `cache_attrib`.`id`, IFNULL(`ttname`.`text`, `cache_attrib`.`name`) AS `name`, `cache_attrib`.`icon_undef`, `cache_attrib`.`icon_large`, IFNULL(`ttdesc`.`text`, `cache_attrib`.`html_desc`) AS `html_desc` + FROM `cache_attrib` + LEFT JOIN `sys_trans` AS `tname` ON `cache_attrib`.`trans_id`=`tname`.`id` AND `cache_attrib`.`name`=`tname`.`text` + LEFT JOIN `sys_trans_text` AS `ttname` ON `tname`.`id`=`ttname`.`trans_id` AND `ttname`.`lang`='&1' + LEFT JOIN `sys_trans` AS `tdesc` ON `cache_attrib`.`html_desc_trans_id`=`tdesc`.`id` AND `cache_attrib`.`html_desc`=`tdesc`.`text` + LEFT JOIN `sys_trans_text` AS `ttdesc` ON `tdesc`.`id`=`ttdesc`.`trans_id` AND `ttdesc`.`lang`='&1' + WHERE `cache_attrib`.`group_id`=" . ($rAttrGroup['id']+0) . " AND + NOT IFNULL(`cache_attrib`.`hidden`, 0)=1 AND + `cache_attrib`.`selectable`!=0 ORDER BY `cache_attrib`.`group_id`, `cache_attrib`.`id`", $locale); + while($record = sql_fetch_array($rs)) + { + $line = $cache_attrib_pic; + + $line = mb_ereg_replace('{attrib_id}', $record['id'], $line); + $line = mb_ereg_replace('{attrib_text}', escape_javascript($record['name']), $line); + if (in_array($record['id'], $cache_attribs)) + $line = mb_ereg_replace('{attrib_pic}', $record['icon_large'], $line); + else + $line = mb_ereg_replace('{attrib_pic}', $record['icon_undef'], $line); + $line = mb_ereg_replace('{html_desc}', escape_javascript($record['html_desc']), $line); + $line = mb_ereg_replace('{name}', escape_javascript($record['name']), $line); + $line = mb_ereg_replace('{color}', $rAttrGroup['color'], $line); + $group_line .= $line; + $nLineAttrCount++; + + $line = $cache_attrib_js; + $line = mb_ereg_replace('{id}', $record['id'], $line); + if (in_array($record['id'], $cache_attribs)) + $line = mb_ereg_replace('{selected}', 1, $line); + else + $line = mb_ereg_replace('{selected}', 0, $line); + $line = mb_ereg_replace('{img_undef}', $record['icon_undef'], $line); + $line = mb_ereg_replace('{img_large}', $record['icon_large'], $line); + if ($cache_attrib_array != '') $cache_attrib_array .= ','; + $cache_attrib_array .= $line; + + if (in_array($record['id'], $cache_attribs)) + { + if ($cache_attribs_string != '') $cache_attribs_string .= ';'; + $cache_attribs_string .= $record['id']; + } + } + sql_free_result($rs); + + if ($group_line != '') + { + $group_img = $cache_attrib_group; + $group_img = mb_ereg_replace('{color}', $rAttrGroup['color'], $group_img); + $group_img = mb_ereg_replace('{attribs}', $group_line, $group_img); + $group_img = mb_ereg_replace('{name}', htmlspecialchars($rAttrGroup['name'], ENT_COMPAT, 'UTF-8'), $group_img); + + if ($bBeginLine == true) + { + $cache_attrib_list .= '
'; + $bBeginLine = false; + } + + $cache_attrib_list .= $group_img; + $nPrevLineAttrCount += $nLineAttrCount; + + $nLineAttrCount = 0; + } + } + sql_free_result($rsAttrGroup); + if ($bBeginLine == false) + $cache_attrib_list .= '
'; + + tpl_set_var('cache_attrib_list', $cache_attrib_list); + tpl_set_var('jsattributes_array', $cache_attrib_array); + tpl_set_var('cache_attribs', $cache_attribs_string); + + if (isset($_POST['submitform'])) + { + //check the entered data + + //check coordinates + if ($lat_h!='' || $lat_min!='') + { + if (!mb_ereg_match('^[0-9]{1,2}$', $lat_h)) + { + tpl_set_var('lat_message', $error_coords_not_ok); + $error = true; + $lat_h_not_ok = true; + } + else + { + if (($lat_h >= 0) && ($lat_h < 90)) + { + $lat_h_not_ok = false; + } + else + { + tpl_set_var('lat_message', $error_coords_not_ok); + $error = true; + $lat_h_not_ok = true; + } + } + + if (is_numeric($lat_min)) + { + if (($lat_min >= 0) && ($lat_min < 60)) + { + $lat_min_not_ok = false; + } + else + { + tpl_set_var('lat_message', $error_coords_not_ok); + $error = true; + $lat_min_not_ok = true; + } + } + else + { + tpl_set_var('lat_message', $error_coords_not_ok); + $error = true; + $lat_min_not_ok = true; + } + + $latitude = $lat_h + $lat_min / 60; + if ($latNS == 'S') $latitude = -$latitude; + + if ($latitude == 0) + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lat_min_not_ok = true; + } + } + else + { + $latitude = NULL; + $lat_h_not_ok = false; + $lat_min_not_ok = false; + } + + if ($lon_h!='' || $lon_min!='') + { + if (!mb_ereg_match('^[0-9]{1,3}$', $lon_h)) + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lon_h_not_ok = true; + } + else + { + if (($lon_h >= 0) && ($lon_h < 180)) + { + $lon_h_not_ok = false; + } + else + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lon_h_not_ok = true; + } + } + + if (is_numeric($lon_min)) + { + if (($lon_min >= 0) && ($lon_min < 60)) + { + $lon_min_not_ok = false; + } + else + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lon_min_not_ok = true; + } + } + else + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lon_min_not_ok = true; + } + + $longitude = $lon_h + $lon_min / 60; + if ($lonEW == 'W') $longitude = -$longitude; + + if ($longitude == 0) + { + tpl_set_var('lon_message', $error_coords_not_ok); + $error = true; + $lon_min_not_ok = true; + } + } + else + { + $longitude = NULL; + $lon_h_not_ok = false; + $lon_min_not_ok = false; + } + + $lon_not_ok = $lon_min_not_ok || $lon_h_not_ok; + $lat_not_ok = $lat_min_not_ok || $lat_h_not_ok; + + //check effort + $time_not_ok = true; + if (is_numeric($search_time) || ($search_time == '')) + { + $time_not_ok = false; + } + if ($time_not_ok) + { + tpl_set_var('effort_message', $time_not_ok_message); + $error = true; + } + $way_length_not_ok =true; + if (is_numeric($way_length) || ($search_time == '')) + { + $way_length_not_ok = false; + } + if ($way_length_not_ok) + { + tpl_set_var('effort_message', $way_length_not_ok_message); + $error = true; + } + + + //check hidden_since + $hidden_date_not_ok = true; + if (is_numeric($hidden_day) && is_numeric($hidden_month) && is_numeric($hidden_year)) + { + $hidden_date_not_ok = (checkdate($hidden_month, $hidden_day, $hidden_year) == false); + } + if ($hidden_date_not_ok) + { + tpl_set_var('hidden_since_message', $date_not_ok_message); + $error = true; + } + + //check date_activate + $activation_date_not_ok = true; + if (is_numeric($activate_day) && is_numeric($activate_month) && is_numeric($activate_year) && is_numeric($activate_hour)) + { + $activation_date_not_ok = ((checkdate($activate_month, $activate_day, $activate_year) == false) || $activate_hour < 0 || $activate_hour > 23); + } + if ($activation_date_not_ok == false) + { + if(!($publish == 'now2' || $publish == 'later' || $publish == 'notnow')) + { + $activation_date_not_ok = true; + } + } + if ($activation_date_not_ok) + { + tpl_set_var('activate_on_message', $date_not_ok_message); + $error = true; + } + + //name + if ($name == '') + { + tpl_set_var('name_message', $name_not_ok_message); + $error = true; + $name_not_ok = true; + } + else + { + $name_not_ok = false; + } + + //tos + if ($tos != 1) + { + tpl_set_var('tos_message', $tos_not_ok_message); + $error = true; + $tos_not_ok = true; + } + else + { + $tos_not_ok = false; + } + + //html-desc? + $desc_html_not_ok = false; + if ($descMode != 1) + { + // Filter Input + $purifier = new HTMLPurifier(); + $desc = $purifier->purify($desc); + + tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')); + + $desc_html_not_ok = false; + + if ($desc_html_not_ok == true) + { + tpl_set_var('desc_message', mb_ereg_replace('%text%', $errmsg, $html_desc_errbox)); + $error = true; + } + } + + //cache-size + $size_not_ok = false; + if ($sel_size == -1) + { + tpl_set_var('size_message', $size_not_ok_message); + $error = true; + $size_not_ok = true; + } + + //cache-type + $type_not_ok = false; + if ($sel_type == -1) + { + tpl_set_var('type_message', $type_not_ok_message); + $error = true; + $type_not_ok = true; + } + + if ($sel_size != 7 && ($sel_type == 4 || $sel_type == 5)) + { + if (!$size_not_ok) tpl_set_var('size_message', $sizemismatch_message); + $error = true; + $size_not_ok = true; + } + + //difficulty / terrain + $diff_not_ok = false; + if ($difficulty < 2 || $difficulty > 10 || $terrain < 2 || $terrain > 10) + { + tpl_set_var('diff_message', $diff_not_ok_message); + $error = true; + $diff_not_ok = true; + } + + //no errors? + if (!($tos_not_ok || $name_not_ok || $hidden_date_not_ok || $activation_date_not_ok || $lon_not_ok || $lat_not_ok || $desc_html_not_ok || $time_not_ok || $way_length_not_ok || $size_not_ok || $type_not_ok || $diff_not_ok)) + { + //sel_status + $now = getdate(); + $today = mktime(0, 0, 0, $now['mon'], $now['mday'], $now['year']); + $hidden_date = mktime(0, 0, 0, $hidden_month, $hidden_day, $hidden_year); + + if (($hidden_date > $today) && ($sel_type != 6)) + { + $sel_status = 2; //currently not available + } + else + { + $sel_status = 1; //available + } + + if($publish == 'now2') + { + $activation_date = 'NULL'; + $activation_column = ' '; + } + elseif($publish == 'later') + { + $sel_status = 5; + $activation_date = "'".date('Y-m-d H:i:s', mktime($activate_hour, 0, 0, $activate_month, $activate_day, $activate_year))."'"; + } + elseif($publish == 'notnow') + { + $sel_status = 5; + $activation_date = 'NULL'; + } + else + { + // should never happen + $activation_date = 'NULL'; + } + + //add record to caches table + sql("INSERT INTO `caches` ( + `cache_id`, + `user_id`, + `name`, + `longitude`, + `latitude`, + `type` , + `status` , + `country` , + `date_hidden` , + `date_activate` , + `size` , + `difficulty` , + `terrain`, + `logpw`, + `search_time`, + `way_length`, + `wp_gc`, + `wp_nc`, + `node` + ) VALUES ( + '', '&1', '&2', '&3', '&4', '&5', '&6', '&7', '&8', $activation_date, + '&9', '&10', '&11', '&12', '&13', '&14', '&15', '&16', '&17')", + $usr['userid'], + $name, + $longitude, + $latitude, + $sel_type, + $sel_status, + $sel_country, + date('Y-m-d', $hidden_date), + $sel_size, + $difficulty, + $terrain, + $log_pw, + $search_time, + $way_length, + $wp_gc, + $wp_nc, + $oc_nodeid); + $cache_id = mysql_insert_id($dblink); + + // do not use slave server for the next time ... + db_slave_exclude(); + // waypoint erstellen setCacheWaypoint($cache_id); - - $desc_uuid = create_uuid(); - //add record to cache_desc table - if ($descMode != 1) - { - sql("INSERT INTO `cache_desc` ( - `id`, - `cache_id`, - `language`, - `desc`, - `desc_html`, - `hint`, - `short_desc`, - `last_modified`, - `uuid`, - `desc_htmledit`, - `node` - ) VALUES ('', '&1', '&2', '&3', '1', '&4', '&5', NOW(), '&6', '&7', '&8')", - $cache_id, - $sel_lang, - $desc, - nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), - $short_desc, - $desc_uuid, - (($descMode == 3) ? 1 : 0), - $oc_nodeid); - } - else - { - sql("INSERT INTO `cache_desc` ( - `id`, - `cache_id`, - `language`, - `desc`, - `desc_html`, - `hint`, - `short_desc`, - `last_modified`, - `uuid`, - `desc_htmledit`, - `node` - ) VALUES ('', '&1', '&2', '&3', '0', '&4', '&5', NOW(), '&6', 0, '&7')", - $cache_id, - $sel_lang, - nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')), - nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), - $short_desc, - $desc_uuid, - $oc_nodeid); - } - - // insert cache-attributes - for($i=0; $i 0) - { - sql("INSERT INTO `caches_attributes` (`cache_id`, `attrib_id`) VALUES ('&1', '&2')", $cache_id, $cache_attribs[$i]+0); - } - } - - // only if cache is published NOW or activate_date is in the past - if($publish == 'now2' || ($publish == 'later' && mktime($activate_hour, 0, 0, $activate_month, $activate_day, $activate_year) <= $today)) - { - //do event handling - include_once($opt['rootpath'] . '/lib/eventhandler.inc.php'); - - event_notify_new_cache($cache_id + 0); - event_new_cache($usr['userid']+0); - } - - // redirection - tpl_redirect('viewcache.php?cacheid=' . urlencode($cache_id)); - } - else - { - tpl_set_var('general_message', $error_general); - } - } - } - } - - if ($no_tpl_build == false) - { - //make the template and send it out - tpl_BuildTemplate(); - } -?> + //add record to cache_desc table + if ($descMode != 1) + { + sql("INSERT INTO `cache_desc` ( + `id`, + `cache_id`, + `language`, + `desc`, + `desc_html`, + `hint`, + `short_desc`, + `last_modified`, + `desc_htmledit`, + `node` + ) VALUES ('', '&1', '&2', '&3', '1', '&4', '&5', NOW(), '&6', '&7')", + $cache_id, + $sel_lang, + $desc, + nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), + $short_desc, + (($descMode == 3) ? 1 : 0), + $oc_nodeid); + } + else + { + sql("INSERT INTO `cache_desc` ( + `id`, + `cache_id`, + `language`, + `desc`, + `desc_html`, + `hint`, + `short_desc`, + `last_modified`, + `desc_htmledit`, + `node` + ) VALUES ('', '&1', '&2', '&3', '0', '&4', '&5', NOW(), 0, '&6')", + $cache_id, + $sel_lang, + nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')), + nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), + $short_desc, + $oc_nodeid); + } + + // insert cache-attributes + for($i=0; $i 0) + { + sql("INSERT INTO `caches_attributes` (`cache_id`, `attrib_id`) VALUES ('&1', '&2')", $cache_id, $cache_attribs[$i]+0); + } + } + + // only if cache is published NOW or activate_date is in the past + if($publish == 'now2' || ($publish == 'later' && mktime($activate_hour, 0, 0, $activate_month, $activate_day, $activate_year) <= $today)) + { + //do event handling + include_once($opt['rootpath'] . '/lib/eventhandler.inc.php'); + + event_notify_new_cache($cache_id + 0); + event_new_cache($usr['userid']+0); + } + + // redirection + tpl_redirect('viewcache.php?cacheid=' . urlencode($cache_id)); + } + else + { + tpl_set_var('general_message', $error_general); + } + } + } + } + + if ($no_tpl_build == false) + { + //make the template and send it out + tpl_BuildTemplate(); + } +?> diff --git a/htdocs/newdesc.php b/htdocs/newdesc.php index f2f4ecb0..3f74e461 100644 --- a/htdocs/newdesc.php +++ b/htdocs/newdesc.php @@ -1,242 +1,237 @@ - 0) - { - $cache_record = sql_fetch_array($cache_rs); - mysql_free_result($cache_rs); - - if ($cache_record['user_id'] == $usr['userid']) - { - $tplname = 'newdesc'; - - require($stylepath . '/newdesc.inc.php'); - - //get the posted data - $show_all_langs = isset($_POST['show_all_langs']) ? $_POST['show_all_langs'] : 0; - $short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : ''; - - $hints = isset($_POST['hints']) ? $_POST['hints'] : ''; - $sel_lang = isset($_POST['desc_lang']) ? $_POST['desc_lang'] : $default_lang; - $desc = isset($_POST['desc']) ? $_POST['desc'] : ''; - $descMode = isset($_POST['descMode']) ? ($_POST['descMode']+0) : 3; - if (($descMode < 1) || ($descMode > 3)) $descMode = 3; - - // fuer alte Versionen von OCProp - if (isset($_POST['submit']) && !isset($_POST['version2'])) - { - $descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1; - $_POST['submitform'] = $_POST['submit']; - - $desc = iconv("ISO-8859-1", "UTF-8", $desc); - $short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc); - $hints = iconv("ISO-8859-1", "UTF-8", $hints); - } - - if ($descMode != 1) - { - // Filter Input - $purifier = new HTMLPurifier(); - $desc = $purifier->purify($desc); - - } - - $desc_lang_exists = false; - - //save to db? - if (isset($_POST['submitform'])) - { - //check if the entered language already exists - $desc_rs = sql("SELECT `id` FROM `cache_desc` WHERE `cache_id`='&1' AND `language`='&2'", $cache_id, $sel_lang); - $desc_lang_exists = (mysql_num_rows($desc_rs) > 0); - mysql_free_result($desc_rs); - - if ($desc_lang_exists == false) - { - $desc_uuid = create_uuid(); - //add to DB - if ($descMode != 1) - { - sql("INSERT INTO `cache_desc` ( - `id`, - `cache_id`, - `language`, - `desc`, - `desc_html`, - `desc_htmledit`, - `hint`, - `short_desc`, - `last_modified`, - `uuid`, - `node` - ) VALUES ('', '&1', '&2', '&3', 1, '&4', '&5', '&6', NOW(), '&7', '&8')", - $cache_id, - $sel_lang, - $desc, - ($descMode == 3) ? '1' : '0', - nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), - $short_desc, - $desc_uuid, - $oc_nodeid); - } - else - { - sql("INSERT INTO `cache_desc` ( - `id`, - `cache_id`, - `language`, - `desc`, - `desc_html`, - `desc_htmledit`, - `hint`, - `short_desc`, - `last_modified`, - `uuid`, - `node` - ) VALUES ('', '&1', '&2', '&3', 0, 0, '&4', '&5', NOW(), '&6', '&7')", - $cache_id, - $sel_lang, - nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')), - nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), - $short_desc, - $desc_uuid, - $oc_nodeid); - } - - // do not use slave server for the next time ... - db_slave_exclude(); - - tpl_redirect('editcache.php?cacheid=' . urlencode($cache_id)); - exit; - } - } - elseif (isset($_POST['show_all_langs_submit'])) - { - $show_all_langs = 1; - } - - // check if any default language is available - if ($show_all_langs == 0) - { - if (sqlValue("SELECT COUNT(*) - FROM `languages_list_default` - LEFT JOIN `cache_desc` ON `languages_list_default`.`show`=`cache_desc`.`language` AND `cache_desc`.`cache_id`='" . sql_escape($cache_id) . "' - WHERE `languages_list_default`.`lang`='" . sql_escape($locale) . "' AND ISNULL(`cache_desc`.`cache_id`)", 0) == 0) - { - $show_all_langs = 1; - } - } - - //build langslist - $langoptions = ''; - $rsLanguages = sql("SELECT `short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` - FROM `languages` - LEFT JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` AND `languages_list_default`.`lang`='&1' - LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` - LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' - WHERE `languages`.`short` NOT IN (SELECT `language` FROM `cache_desc` WHERE `cache_id`='&3') AND - ('&2'=1 OR `languages_list_default`.`show`=`languages`.`short`) - ORDER BY `name` ASC", - $locale, - (($show_all_langs == 1) ? 1 : 0), - $cache_id); - while ($rLanguage = sql_fetch_assoc($rsLanguages)) - { - $sSelected = ($rLanguage['short'] == $sel_lang) ? ' selected="selected"' : ''; - $langoptions .= '' . "\n"; - } - sql_free_result($rsLanguages); - tpl_set_var('langoptions', $langoptions); - - //here we set the template vars - tpl_set_var('name', htmlspecialchars($cache_record['name'], ENT_COMPAT, 'UTF-8')); - tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8')); - - tpl_set_var('lang_message', $desc_lang_exists ? $lang_message : ''); - - tpl_set_var('show_all_langs', $show_all_langs); - tpl_set_var('show_all_langs_submit', ($show_all_langs == 0) ? $show_all_langs_submit : ''); - tpl_set_var('short_desc', htmlspecialchars($short_desc, ENT_COMPAT, 'UTF-8')); - tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')); - tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')); - - // Text / normal HTML / HTML editor - tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); - - if ($descMode == 1) - tpl_set_var('descMode', 1); - else if ($descMode == 2) - tpl_set_var('descMode', 2); - else - { - // TinyMCE - $headers = tpl_get_var('htmlheaders') . "\n"; - $headers .= '' . "\n"; - $headers .= '' . "\n"; - tpl_set_var('htmlheaders', $headers); - - tpl_set_var('descMode', 3); - } - - tpl_set_var('reset', $reset); - tpl_set_var('submit', $submit); - } - else - { - //TODO: not the owner - } - } - else - { - mysql_free_result($cache_rs); - //TODO: cache not exist - } - } - } - - //make the template and send it out - tpl_BuildTemplate(); -?> + 0) + { + $cache_record = sql_fetch_array($cache_rs); + mysql_free_result($cache_rs); + + if ($cache_record['user_id'] == $usr['userid']) + { + $tplname = 'newdesc'; + + require($stylepath . '/newdesc.inc.php'); + + //get the posted data + $show_all_langs = isset($_POST['show_all_langs']) ? $_POST['show_all_langs'] : 0; + $short_desc = isset($_POST['short_desc']) ? $_POST['short_desc'] : ''; + + $hints = isset($_POST['hints']) ? $_POST['hints'] : ''; + $sel_lang = isset($_POST['desc_lang']) ? $_POST['desc_lang'] : $default_lang; + $desc = isset($_POST['desc']) ? $_POST['desc'] : ''; + $descMode = isset($_POST['descMode']) ? ($_POST['descMode']+0) : 3; + if (($descMode < 1) || ($descMode > 3)) $descMode = 3; + + // fuer alte Versionen von OCProp + if (isset($_POST['submit']) && !isset($_POST['version2'])) + { + $descMode = (isset($_POST['desc_html']) && ($_POST['desc_html']==1)) ? 2 : 1; + $_POST['submitform'] = $_POST['submit']; + + $desc = iconv("ISO-8859-1", "UTF-8", $desc); + $short_desc = iconv("ISO-8859-1", "UTF-8", $short_desc); + $hints = iconv("ISO-8859-1", "UTF-8", $hints); + } + + if ($descMode != 1) + { + // Filter Input + $purifier = new HTMLPurifier(); + $desc = $purifier->purify($desc); + + } + + $desc_lang_exists = false; + + //save to db? + if (isset($_POST['submitform'])) + { + //check if the entered language already exists + $desc_rs = sql("SELECT `id` FROM `cache_desc` WHERE `cache_id`='&1' AND `language`='&2'", $cache_id, $sel_lang); + $desc_lang_exists = (mysql_num_rows($desc_rs) > 0); + mysql_free_result($desc_rs); + + if ($desc_lang_exists == false) + { + //add to DB + if ($descMode != 1) + { + sql("INSERT INTO `cache_desc` ( + `id`, + `cache_id`, + `language`, + `desc`, + `desc_html`, + `desc_htmledit`, + `hint`, + `short_desc`, + `last_modified`, + `node` + ) VALUES ('', '&1', '&2', '&3', 1, '&4', '&5', '&6', NOW(), '&7')", + $cache_id, + $sel_lang, + $desc, + ($descMode == 3) ? '1' : '0', + nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), + $short_desc, + $oc_nodeid); + } + else + { + sql("INSERT INTO `cache_desc` ( + `id`, + `cache_id`, + `language`, + `desc`, + `desc_html`, + `desc_htmledit`, + `hint`, + `short_desc`, + `last_modified`, + `node` + ) VALUES ('', '&1', '&2', '&3', 0, 0, '&4', '&5', NOW(), '&6')", + $cache_id, + $sel_lang, + nl2br(htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')), + nl2br(htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')), + $short_desc, + $oc_nodeid); + } + + // do not use slave server for the next time ... + db_slave_exclude(); + + tpl_redirect('editcache.php?cacheid=' . urlencode($cache_id)); + exit; + } + } + elseif (isset($_POST['show_all_langs_submit'])) + { + $show_all_langs = 1; + } + + // check if any default language is available + if ($show_all_langs == 0) + { + if (sqlValue("SELECT COUNT(*) + FROM `languages_list_default` + LEFT JOIN `cache_desc` ON `languages_list_default`.`show`=`cache_desc`.`language` AND `cache_desc`.`cache_id`='" . sql_escape($cache_id) . "' + WHERE `languages_list_default`.`lang`='" . sql_escape($locale) . "' AND ISNULL(`cache_desc`.`cache_id`)", 0) == 0) + { + $show_all_langs = 1; + } + } + + //build langslist + $langoptions = ''; + $rsLanguages = sql("SELECT `short`, IFNULL(`sys_trans_text`.`text`, `languages`.`name`) AS `name` + FROM `languages` + LEFT JOIN `languages_list_default` ON `languages`.`short`=`languages_list_default`.`show` AND `languages_list_default`.`lang`='&1' + LEFT JOIN `sys_trans` ON `languages`.`trans_id`=`sys_trans`.`id` + LEFT JOIN `sys_trans_text` ON `sys_trans`.`id`=`sys_trans_text`.`trans_id` AND `sys_trans_text`.`lang`='&1' + WHERE `languages`.`short` NOT IN (SELECT `language` FROM `cache_desc` WHERE `cache_id`='&3') AND + ('&2'=1 OR `languages_list_default`.`show`=`languages`.`short`) + ORDER BY `name` ASC", + $locale, + (($show_all_langs == 1) ? 1 : 0), + $cache_id); + while ($rLanguage = sql_fetch_assoc($rsLanguages)) + { + $sSelected = ($rLanguage['short'] == $sel_lang) ? ' selected="selected"' : ''; + $langoptions .= '' . "\n"; + } + sql_free_result($rsLanguages); + tpl_set_var('langoptions', $langoptions); + + //here we set the template vars + tpl_set_var('name', htmlspecialchars($cache_record['name'], ENT_COMPAT, 'UTF-8')); + tpl_set_var('cacheid', htmlspecialchars($cache_id, ENT_COMPAT, 'UTF-8')); + + tpl_set_var('lang_message', $desc_lang_exists ? $lang_message : ''); + + tpl_set_var('show_all_langs', $show_all_langs); + tpl_set_var('show_all_langs_submit', ($show_all_langs == 0) ? $show_all_langs_submit : ''); + tpl_set_var('short_desc', htmlspecialchars($short_desc, ENT_COMPAT, 'UTF-8')); + tpl_set_var('desc', htmlspecialchars($desc, ENT_COMPAT, 'UTF-8')); + tpl_set_var('hints', htmlspecialchars($hints, ENT_COMPAT, 'UTF-8')); + + // Text / normal HTML / HTML editor + tpl_set_var('use_tinymce', (($descMode == 3) ? 1 : 0)); + + if ($descMode == 1) + tpl_set_var('descMode', 1); + else if ($descMode == 2) + tpl_set_var('descMode', 2); + else + { + // TinyMCE + $headers = tpl_get_var('htmlheaders') . "\n"; + $headers .= '' . "\n"; + $headers .= '' . "\n"; + tpl_set_var('htmlheaders', $headers); + + tpl_set_var('descMode', 3); + } + + tpl_set_var('reset', $reset); + tpl_set_var('submit', $submit); + } + else + { + //TODO: not the owner + } + } + else + { + mysql_free_result($cache_rs); + //TODO: cache not exist + } + } + } + + //make the template and send it out + tpl_BuildTemplate(); +?>