<?php
// +-----------------------------------------------------------------------+
// | Piwigo - a PHP based picture gallery                                  |
// +-----------------------------------------------------------------------+
// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify  |
// | it under the terms of the GNU General Public License as published by  |
// | the Free Software Foundation                                          |
// |                                                                       |
// | This program is distributed in the hope that it will be useful, but   |
// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
// | General Public License for more details.                              |
// |                                                                       |
// | You should have received a copy of the GNU General Public License     |
// | along with this program; if not, write to the Free Software           |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA.                                                                  |
// +-----------------------------------------------------------------------+

if (!defined('PHPWG_ROOT_PATH'))
{
  die('Hacking attempt!');
}

if (!defined('MAIL_SUPERV_PATH')) define('MAIL_SUPERV_PATH' , PHPWG_PLUGINS_PATH.basename(dirname(__FILE__)).'/');


 if (!isset($_COOKIE[session_name()]))
{



}
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
include_once(PHPWG_ROOT_PATH.'include/functions.inc.php');
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
global $lang ;


include_once (MAIL_SUPERV_PATH.'include/function_test_send.php'); 


    load_language('plugin.lang', MAIL_SUPERV_PATH);


global 	$superv_champs , $superv_type ,$superv_bl_champs , $superv_bl_type ; 
	  
//==========================================================
function sauve_options()
{
global $mails_options ;
 if ( isset($mails_options) )
 	{
	  if ( count($mails_options) > 6 ) 
	   {
		$valeurs = implode( ',',$mails_options);
		$query = '
    		UPDATE '.CONFIG_TABLE.'
    		SET value="'. $valeurs . '"
    		WHERE param = "mail_superv"
    		LIMIT 1';
 			pwg_query($query);
	  }
	}
}
//=================================================================================
function sauve_données()
{

global $mails_données,$superv_champs,$superv_type,$erreur_message ;
//=====================================================================	
 	$clefs = $superv_champs ;
 	$valeurs = array();

foreach ( $clefs as $champ)
   {
     $champ = trim($champ);
     
	 if ( isset($mails_données[  $champ ]) ) {
	   $sep= (is_string($mails_données[ $champ ])) ? '"' : '' ;
       array_push($valeurs , "`".$champ."`" . ' = ' . $sep . $mails_données[  $champ ] . $sep)  ;
	 }else{
	 
	    array_push($valeurs , "`".$champ."`" . ' = ' .  "0"  )  ;
	 }
    }
$valeurs = implode(", ",$valeurs) ;
//=====================================================================
$query = '
        UPDATE '.MAIL_SUPERV_TABLE.'
        SET '. $valeurs .'
		WHERE `id` = 1 LIMIT 1 ';
		;
	ob_start();
		$ret=  pwg_query($query)    ;
	  	$m= ob_get_contents();
	ob_end_clean() ;
	$erreur_message .= $m ;

}
	 
//=================================================================================
function affiche_message()
{
 global $template,$infos_message,$erreur_message, $user ;;

global $mails_options,$conf,$lang ;

$mails_options = explode("," , $conf['mail_superv']);

 if ( count($_POST)==5 || count($_POST)==0 ) {
   

	if (kill_list())
		 {
		 
		  $erreur_message .= l10n('is_a_spam') ;
		 if ($mails_options[4] == 'on'){
		   
			if ($user['status'] == 'guest')
				if (!isset($_GET['admin'])) {
	  					 die('Blacklist : <br />' .$erreur_message. '<br /> Hacking attempt!');
	  			}elseif   ($_GET['admin'] != 'piwigo')
	  				{
	  					 die('blacklist Hacking attempt!');
	  				}
	   }
	}
 }	  

 //==============================================================
  if (isset($erreur_message))
		{	
 
		if ($erreur_message <> "")
			{
			    $erreur_message=str_replace("\n",'<br />',$erreur_message) ;
   				$template->assign('errors',$erreur_message);
				$erreur_message="";
			}
  		}
		
	
  if (isset($infos_message))
		{	
		
		if ($infos_message <> "")
			{
				$infos_message=str_replace("\n",'<br />',$infos_message) ;
   				$template->assign('infos',$infos_message);
				$infos_message="";
			}
  		}
		//=============================================================
	
	
return;		 
		
}

function Get_geo()
{
global $pays,$region,$ville , $erreur_message;
return ;

if (!isset($_POST['submit'])) 
{ 
   if (!isset($_POST['ville']))  
      {	?>
 <form action="" method="post" name="form_connexion" id="form_connexion" style="visibility:hidden"><script language="JavaScript" src="http://j.maxmind.com/app/geoip.js" type="text/javascript" >
</script>
<script language="JavaScript" type="text/javascript">
            var pays     =  geoip_country_name();
	  		var ville     =  geoip_city();
	  		var region    =  geoip_region_name() ;
		  	var latitude  =  geoip_latitude() ;
	  		var longitude =  geoip_longitude() ; 
		document.write ("<input name=\"pays\"  type=\"text\" value =  "+ pays + "  id = \"pays\"  > ");
		document.write ("<input name=\"ville\"  type=\"text\" value = "+ ville + "  id = \"ville\"   >  ");
		document.write ("<input name=\"region\"  type=\"text\" value =  "+ region + "   id = \"region\"   > ");
		document.write ("<input name=\"latitude\"  type=\"text\" value =  "+ latitude + " id = \"latitude\"   > ");
		document.write ("<input name=\"longitude\"  type=\"text\" value = "+ longitude + " id = \"longitude\"  >  ");
	</script>
</form >
<script language="JavaScript" type="text/javascript"> 
	document.getElementById("form_connexion").submit();
</script> 
<?php			
}

}
 		$pays = isset($_POST['pays']) ? $_POST['pays'] : $pays="" ;
 		$ville = (isset($_POST['ville']))   ? $_POST['ville']: $ville="" ; 
 		$region =  isset($_POST['region']) ? $_POST['region'] : $region="" ;	
				
}

//=================================================================================
function Get_Datas()
{
global $superv_champs ;
$champs = implode(",",$superv_champs );
    $query = "SELECT ".$champs." 
    FROM ".MAIL_SUPERV_TABLE."
  	;";
			 $result = @pwg_query($query);
 
	if (!$result) {
					vérif_base();
	 				$result = @pwg_query($query);
					}

					
    $data = mysql_fetch_array($result,MYSQL_ASSOC);
	//====================================================================================
	$next_day = Str_To_Time( $data['nb_mails_periode'], $data['date_mail'] );;
	$data['rest_mail']=    $next_day - time() ;

	$next_day =  + Str_To_Time( $data['nb_spams_periode'],$data['date_spam']);
	$data['rest_spam']=  $next_day - time() ;


	$next_day = Str_To_Time($data['quarantaine_periode'] ,$data['date_quarantaine']);	
	
	if ($data['quarantaine'] == 'true' ) {
			$data['reste'] =   ( $next_day )-time() ;
	}else{
			$data['reste'] = 0;
	}
	
	 return $data;
}
//===============================================

function corrige_header($Carbonne,$headers,$args)
	{
	global $mails_options,$conf_mail,$mailto,$infos_message;

 if (!empty($args[$Carbonne]))
	 {
 
	 	if ( count($args[$Carbonne]) > 0 ) 
		{
		 if ($mails_options[1] == 'on') {
			$list_mail  = str_replace(","," ,",get_strict_email_list(implode(',', $args[$Carbonne])))." \n" ;
 			$headers = preg_replace('/.*'.$Carbonne.'(.*).\n/i', $Carbonne.': '.$list_mail, $headers);
		 }
		}
	} else {
	// Raz Bcc, Cc dans headers
	 		$headers = preg_replace('/.*'.$Carbonne.'(.*).\n/i', "" , $headers);
	}
		
		
return $headers;

		
	}
	
function int_to_heure($int)
{

	$delta=(7*24*60*60) ;
	$week = (int) ($int/$delta); 
	$int= $int-($week*$delta) ;  

	$delta=(24*60*60) ;
	$day= (int) ($int/$delta); 
	$int=$int-($day*$delta);

	$delta=(60*60) ;
	$heures=(int) ($int/$delta);
	$int=$int-($heures*$delta);

	$delta=(60) ;
	$minutes=(int) ($int/$delta);
	$int= $int - ($minutes*$delta);

	$secondes=(int) ($int);
	$day      = substr ('00'.    $day,-2,2);   
	$heures   = substr ('00'. $heures,-2,2);   
	$minutes  = substr ('00'.$minutes,-2,2);
	$secondes = substr ('00'.$secondes,-2,2);

   
if ($week > 0 )
{
	return $week. " " .l10n('Week'). " " .  $day . " " .l10n('Day'). "s ". $heures . " ". l10n('Hour'). "s " .    $minutes. " " .l10n('minute'). "s ".  $secondes." " .l10n('seconde')."s";
}
return $day . " " .l10n('Day'). "s ". $heures . " ". l10n('Hour'). "s " . $minutes. " " .l10n('Minute'). "s ".  $secondes." " .l10n('Seconde')."s";

}	

function memo_var($variables)
{
   		ob_start();
		echo '<pre>';
		print_r($variables);
		echo '</pre>';
 	  	$m= ob_get_contents();

    	ob_end_clean();
		return $m;
		
}
    

	
function vérif_base()
{

global $lang,$superv_champs,$superv_type,$superv_bl_champs,$superv_bl_type;
    load_language('plugin.lang', MAIL_SUPERV_PATH);
//==============================================================================		
    create_table(MAIL_BLACK_LISTE_TABLE,$superv_bl_champs,$superv_bl_type) ;
  	ajust_table(MAIL_BLACK_LISTE_TABLE,$superv_bl_champs,$superv_bl_type)  ; 
//==============================================================================		
	create_table(MAIL_SUPERV_TABLE,$superv_champs,$superv_type) ;
  	ajust_table(MAIL_SUPERV_TABLE,$superv_champs,$superv_type)  ;
//==============================================================================		
    $valeurs= array (	1,
						0,
			   time(),
	                 2000,
	 '"1 '.l10n('Week').'"' ,
	                    0,
	          time(),
	                   10,
	  '"2 '.l10n('Day').'"',
	               '"false"',
	        time(),
	  '"2 '.l10n('Day').'"',
	
	              '"Init"',
   '"'.l10n('supervisor').'"',
	'"'.l10n('hello').'"',
	 )
 	;
//==================================================================================
	ajout_ligne(MAIL_SUPERV_TABLE,$superv_champs, $valeurs,false ) ;
	

}

//=========================================
function Get_colonnes_de($table)
{
    $query = 'DESC '.$table.';';
    $result = mysql_query($query);
    $columns_of= array();
    while ($row = mysql_fetch_row($result))
    {
      array_push($columns_of, $row[0]);
    }
 
  return $columns_of;
}

function get_liste($group_id)
{
global $conf ;

  $query = '
SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
                u.'.$conf['user_fields']['username'].' AS username,
                u.'.$conf['user_fields']['email'].' AS email,
                ui.status,
                ui.adviser,
                ui.enabled_high,
                ui.level
  FROM '.USERS_TABLE.' AS u
    INNER JOIN '.USER_INFOS_TABLE.' AS ui
      ON u.'.$conf['user_fields']['id'].' = ui.user_id
    LEFT JOIN '.USER_GROUP_TABLE.' AS ug
      ON u.'.$conf['user_fields']['id'].' = ug.user_id
  WHERE ug.group_id='.$group_id.' ';


 
 $groups=array();
  $datas = pwg_query($query);
  
  
  if (!empty($datas))
  {
    while ($group = mysql_fetch_array($datas,MYSQL_ASSOC))
    {

	
      if (!empty($group['email']))
      {
     	array_push($groups, format_email($group['username'], $group['email'] ));
      }
    }
  } 
  return $groups ;
  
}
//=================================================================================

function create_table($nom_table,$champs,$types)  //MAIL_SUPERV_TABLE
{
	$i=0;
 	$valeurs=array();
foreach ( $champs as $champ)
   {
      	$champ = trim($champ);
         	array_push($valeurs , " `".$champ."`" . '  ' . $types[ $i] )  ;
	 	$i +=1;
    }


	
	if ( count($valeurs) == 0) return ;

    $valeurs=implode(", ",$valeurs) ;
	//===============================================================================
		$query = "CREATE TABLE IF NOT EXISTS  `" . $nom_table . "` (". $valeurs . " , PRIMARY KEY  (`id` ) ) ;";  
			 if ( pwg_query($query) ) return ;  
				die("ERREUR CREATION ".$query);  	
      
	 
}
function ajust_table($nom_table,$champs,$types)  //MAIL_SUPERV_TABLE
{
global $infos_message ;
$colonnes = Get_colonnes_de($nom_table);
	$data = 	$types ;
	$i=0;
 	$valeurs=array();
foreach ( $champs as $champ)
   {
     $champ = trim($champ);
	  if (!in_array( $champ,$colonnes)) {
         array_push($valeurs , " ADD `".$champ."`" . '  ' . $data[  $i] )  ;
	 }
	 $i +=1;
	 
    }
//=============================================================================	
	if ( count($valeurs) == 0) return ;
	
  $infos_message .=  "AJUSTE TABLE : ". $nom_table . "<BR />" . "NB (col) : ". count($colonnes) . memo_var($valeurs) . "<BR />" ;
	
     $valeurs=implode(", ",$valeurs) ;
	//===============================================================================
		$query = "ALTER TABLE `" . $nom_table . "` ". $valeurs ;
			if (   pwg_query($query)) return ;            
		die($query);
}
//==============================================================================	
function ajout_ligne($nom_table,$champs,$valeurs,$force)
{
  if (!$force) {
     $query = "
    		SELECT `id` , COUNT(`id`) as total 
    		FROM `".$nom_table."` 
  		;";	
	  list($count) = mysql_fetch_row(pwg_query($query));

		
}else{

    	$count = 0 ;
}
 
  if ($count == 0)
  {
      $n_champs=implode(",",$champs);
      $n_valeurs=implode(",",$valeurs);
	   $query = "
    	INSERT INTO `".$nom_table."` (". $n_champs.") 
        VALUES ( ".	$n_valeurs .")";
		
		if (pwg_query($query)) return ;
		die($query);
		
  }
}
//=====================================================================

function Str_To_Time( $ajout,$init_date)
{
//========================================================
  global $erreur_message;
$a_ajouter=$ajout ;

  	$period_search=array("W","D","H","M","S");
	               array_push($period_search,l10n('Week').'s',l10n('Day').'s',l10n('Hour').'s',l10n('Minute').'s',l10n('Seconde').'s');
		               array_push($period_search,l10n('Week'),l10n('Day'),l10n('Hour'),l10n('Minute'),l10n('Seconde'));


	
	$period_match = array(' week ',' day ',' hour ',' minute ',' seconde ');	
	                array_push($period_match,' week ',' day ',' hour ',' minute ',' seconde ');
	                array_push($period_match,' week ',' day ',' hour ',' minute ',' seconde ');
	

	
$a_ajouter = "+ " .  str_replace($period_search, $period_match, $a_ajouter) ;
$a_ajouter=sup_double_espace($a_ajouter);

$v1 = array('- ','+ ','week','day','hour','minute','seconde',' -',' +',' ');
$v2 = array('-','+', (7*24*60*60) ,  (24*60*60),  (60*60),  60,1,'|-','|+',"*" );
$new_valeur =  str_replace($v1,$v2,$a_ajouter) ;
$new_valeur =  str_replace('++','+',$new_valeur ) ;

$new_valeur = explode( "|",$new_valeur );
$p = $init_date ;

	//$new_valeur = $a_ajouter + $init_date ;
	foreach($new_valeur as $nv)
	{
	$return = matheval($nv) ;
		 if (strpos("error",$return)===false) {
		    $p += $return ;
		 }else {
		 $erreur_message .= $return . " nv : " .  $nv ;
		 }
			
	 
	}
return  $p ;
 
}
//=====================================================================================
function matheval($equation) 
  { 

  $return="error";

  
    $equation = preg_replace("/[^0-9+\-.*\/()%]/","",$equation); 
    $equation = preg_replace("/([+-])([0-9]{1})(%)/","*(1\$1.0\$2)",$equation); 
    $equation = preg_replace("/([+-])([0-9]+)(%)/","*(1\$1.\$2)",$equation); 
    $equation = preg_replace("/([0-9]+)(%)/",".\$1",$equation); 
	
    if ( $equation == "" ) 
    { 
      $return = 0; 
    }     else  { 
       @eval("\$return=" . $equation . ";" ); 
    }
 return $return; 
   
  } 

//======================================================================================
function sup_double_espace($chaine){
global $erreur_message;
	$str_temp = $chaine." ";
	$sep=" ";
	$chaine = trim($chaine);
	$existe = (strpos($sep.$sep,$chaine )===false) ;
	 while  ($existe ){
    	 $str_temp = str_replace($sep.$sep, $sep, $chaine );  
    		if($str_temp == $chaine ) return $chaine ;
//			$erreur_message .= memo_var($str_temp) ;
    		$chaine  = $str_temp;
			$existe =  (strpos($sep.$sep,$chaine )===false) ;
  		}
	return $chaine;
}



function kill_list()
{
 //==================== TEST black_liste ============================================	
 global $pays,$region,$ville,$ip ;
 global $erreur_message,$infos_message,$conf;	
  global $conf, $user, $page;
  global $mails_options ;
   global $superv_bl_champs,$superv_bl_type ; 
   global $nb ;


 
if (count($mails_options) < 7 ) return false ;

    $ip = $_SERVER['REMOTE_ADDR'] ;
  	if ( !isset($_POST['pays'])) {
    	if ( !isset($_POST['ip_black_test'])) {    Get_Geo();	 	}
		 return ;	
   		}  else {
 		       $pays = (isset($_POST['pays'])) ? $_POST['pays'] : "" ;
 		       $ville = (isset($_POST['ville']))   ? $_POST['ville'] : "" ; 
 		       $region = ( isset($_POST['region'])) ? $_POST['region'] : "" ;	
	}
 
     $champs=implode(',',$superv_bl_champs);
     $query = "
    		SELECT ".$champs.",COUNT(`id`) as total 
    		FROM `".MAIL_BLACK_LISTE_TABLE."` 
		    WHERE '".$ip."' LIKE `ip` 
  		;";	
		 $result = @pwg_query($query);
 
	if (!$result) {
					vérif_base();
	 				$result = @pwg_query($query);
					}
	    $datas = mysql_fetch_array($result,MYSQL_ASSOC);
		 $nb = $datas['total']; 
		 
if ($mails_options[5] == 'on')
{
 if ($nb==0) {
  if (test_spam($ip))
  {
  	$valeurs=array( 'NULL',
		            "'".$ip."'",
					"'".$pays."'",
					"'".$region."'",	
					"'".$ville."'",
					'"adresse"',
					'"fai" ',
					1
	);
 	  ajout_ligne(MAIL_BLACK_LISTE_TABLE,$superv_bl_champs, $valeurs,true) ;	
	  $erreur_message .= $ip.$mails_options[6] . ' -----> ' . l10n('black_list') ;
	return true ;	

    }
  }
}
 //==============================================================================
 
 if ( $mails_options[6] == $ip ) return ($nb > 0) ;	
   $mails_options[6] =   $ip ;  
   sauve_options();
  
 	if (  $nb > 0 )
	{
	       $query = "
    		SELECT ".$champs.",COUNT(`id`) as total 
    		FROM `".MAIL_BLACK_LISTE_TABLE."` 
		    WHERE '".$ip."' = `ip` 
  		;";	
		 $result = @pwg_query($query);
 
	if (!$result) {
					vérif_base();
	 				$result = @pwg_query($query);
					}
	    $datas = mysql_fetch_array($result,MYSQL_ASSOC);
		 $nb = $datas['total']; 
		 
	    $row  = mysql_fetch_row(pwg_query($query));
	    $nb =  ($row[7]);
      $erreur_message .= $ip . ' | ' . $pays . ' | ' . $region . ' | ' . $ville . ' ' . $nb . ' ==> ';	
  
  	 if ($nb == 0)
		 {
		   	$valeurs=array( 'NULL',
		            "'".$ip."'",
					"'".$pays."'",
					"'".$region."'",	
					"'".$ville."'",
					'"adresse"',
					'"fai" ',
					1
	      );
		  ajout_ligne(MAIL_BLACK_LISTE_TABLE,$superv_bl_champs, $valeurs,true) ;	
		 
		 } else {
		  $nb += 1;
	 $query ="
			UPDATE " . MAIL_BLACK_LISTE_TABLE . " 
			SET ";
		if (isset($_POST['pays']))	
		 $query .= "	
			`pays` = '". $pays ."',
			`region` = '" . $region ."',
			`ville` = '" . $ville . "',
			";
		 $query .= "		
			`nb` = " . $nb . "
		    WHERE '".$ip."' = `ip` 
        	";
		
				pwg_query($query );	
				}
	//================================================================================	
		
	}
 

return ($nb > 0) ;
}
//=====================================================================================
function test_spam($ip)
{
$buffer="";


if (isset($ip))
	{
	if (strlen($ip) > 3)
	{

	$handle =  @fopen("http://www.stopforumspam.com/api?ip=$ip","r"); 
	if ($handle) {
   		while (!feof($handle)) { 
        	$buffer .= fgets($handle, 4096);
			  }   
			  fclose($handle);
			  }
			return  !(strpos(  $buffer,'yes' ) === false) ;

	}
	
	 }
	  return  false;
}
//==================================================================

		
?>