1 | <?php |
---|
2 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
3 | |
---|
4 | /** |
---|
5 | * Send comment to subscribers |
---|
6 | * @param array comm |
---|
7 | */ |
---|
8 | function send_comment_to_subscribers($comm) |
---|
9 | { |
---|
10 | global $conf, $page, $user; |
---|
11 | |
---|
12 | if ( empty($comm) or !is_array($comm) ) |
---|
13 | { |
---|
14 | trigger_error('send_comment_to_subscribers: undefinided comm', E_USER_WARNING); |
---|
15 | return false; |
---|
16 | } |
---|
17 | |
---|
18 | $type= isset($comm['category_id']) ? 'category' : 'image'; |
---|
19 | |
---|
20 | // exclude current user |
---|
21 | $exclude = null; |
---|
22 | if (!empty($_POST['stc_mail'])) $exclude = pwg_db_real_escape_string($_POST['stc_mail']); |
---|
23 | else if (!is_a_guest()) $exclude = $user['email']; |
---|
24 | |
---|
25 | // get subscribers emails |
---|
26 | $query = ' |
---|
27 | SELECT |
---|
28 | email |
---|
29 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
30 | WHERE |
---|
31 | '.$type.'_id = '.$comm[$type.'_id'].' |
---|
32 | AND validated = true |
---|
33 | AND email != "'.$exclude.'" |
---|
34 | '; |
---|
35 | $emails = array_from_query($query, 'email'); |
---|
36 | |
---|
37 | set_make_full_url(); |
---|
38 | if ($type == 'image') |
---|
39 | { |
---|
40 | $element = get_picture_infos($comm['image_id']); |
---|
41 | } |
---|
42 | else if ($type == 'category') |
---|
43 | { |
---|
44 | $element = get_category_infos($comm['category_id']); |
---|
45 | } |
---|
46 | |
---|
47 | // get author name |
---|
48 | if ($comm['author'] == 'guest') |
---|
49 | { |
---|
50 | $comm['author'] = l10n('guest'); |
---|
51 | } |
---|
52 | |
---|
53 | // mail content |
---|
54 | $mail_args = array( |
---|
55 | 'subject' => '['.strip_tags($conf['gallery_title']).'] Re:'.$element['name'], |
---|
56 | 'content_format' => 'text/html', |
---|
57 | ); |
---|
58 | |
---|
59 | $generic_content = ' |
---|
60 | <b>.'.trigger_event('render_comment_author', $comm['author']).'</b> wrote : |
---|
61 | |
---|
62 | <blockquote>'.trigger_event('render_comment_content', $comm['content']).'</blockquote> |
---|
63 | |
---|
64 | <a href="'.$element['url'].'#comment-'.$comm['id'].'">Link to comment</a> |
---|
65 | <br><br> |
---|
66 | ================================ |
---|
67 | <br><br>'; |
---|
68 | |
---|
69 | foreach ($emails as $email) |
---|
70 | { |
---|
71 | $mail_args['content'] = $generic_content.' |
---|
72 | <a href="'.make_stc_url('unsubscribe-'.$type, $email, $element['id']).'">Stop receiving notifications</a><br> |
---|
73 | <a href="'.make_stc_url('manage', $email).'">Manage my subscribtions</a>'; |
---|
74 | pwg_mail($email, $mail_args); |
---|
75 | } |
---|
76 | |
---|
77 | unset_make_full_url(); |
---|
78 | } |
---|
79 | |
---|
80 | |
---|
81 | /* |
---|
82 | * add an email to subscribers list |
---|
83 | * @param int (image|category)_id |
---|
84 | * @param string email |
---|
85 | * @param string type (image|category) |
---|
86 | */ |
---|
87 | function subscribe_to_comments($element_id, $email, $type='image') |
---|
88 | { |
---|
89 | global $page, $conf, $user, $template, $picture; |
---|
90 | |
---|
91 | if ( empty($element_id) or empty($type) ) |
---|
92 | { |
---|
93 | trigger_error('subscribe_to_comment: missing element_id and/or type', E_USER_WARNING); |
---|
94 | return false; |
---|
95 | } |
---|
96 | |
---|
97 | // check email |
---|
98 | if ( is_a_guest() and empty($email) ) |
---|
99 | { |
---|
100 | return false; |
---|
101 | } |
---|
102 | else if (!is_a_guest()) |
---|
103 | { |
---|
104 | $email = $user['email']; |
---|
105 | } |
---|
106 | |
---|
107 | // don't care if already registered |
---|
108 | $query = ' |
---|
109 | INSERT INTO '.SUBSCRIBE_TO_TABLE.'( |
---|
110 | email, |
---|
111 | '.$type.'_id, |
---|
112 | registration_date, |
---|
113 | validated |
---|
114 | ) |
---|
115 | VALUES( |
---|
116 | "'.pwg_db_real_escape_string($email).'", |
---|
117 | '.$element_id.', |
---|
118 | NOW(), |
---|
119 | "'.(is_a_guest() ? "false" : "true").'" |
---|
120 | ) |
---|
121 | ON DUPLICATE KEY UPDATE |
---|
122 | registration_date = IF(validated="true", registration_date, NOW()), |
---|
123 | validated = IF(validated="true", validated, "'.(is_a_guest() ? "false" : "true").'") |
---|
124 | ;'; |
---|
125 | pwg_query($query); |
---|
126 | |
---|
127 | // send validation mail |
---|
128 | if ( is_a_guest() and pwg_db_changes(null) != 0 ) |
---|
129 | { |
---|
130 | $element_name = ($type == 'image') ? $picture['current']['name'] : $page['category']['name']; |
---|
131 | |
---|
132 | $mail_args = array( |
---|
133 | 'subject' => '['.strip_tags($conf['gallery_title']).'] Please confirm your subscribtion to comments', |
---|
134 | 'content_format' => 'text/html', |
---|
135 | ); |
---|
136 | |
---|
137 | $mail_args['content'] = ' |
---|
138 | You requested to subscribe by email to comments on <b>'.$element_name.'</b>.<br> |
---|
139 | <br> |
---|
140 | We care about your inbox, so we want to confirm this request. Please click the confirm link to activate the subscription.<br> |
---|
141 | <br> |
---|
142 | <a href="'.make_stc_url('validate-'.$type, $email, $element_id).'">Confirm subscription</a><br> |
---|
143 | <br> |
---|
144 | If you did not request this action please disregard this message. |
---|
145 | '; |
---|
146 | |
---|
147 | pwg_mail($email, $mail_args); |
---|
148 | return 'confirm_mail'; |
---|
149 | } |
---|
150 | // just display confirmation message |
---|
151 | else if (pwg_db_changes(null) != 0) |
---|
152 | { |
---|
153 | return true; |
---|
154 | } |
---|
155 | } |
---|
156 | |
---|
157 | /* |
---|
158 | * remove an email from subscribers list |
---|
159 | * @param int (image|category)_id |
---|
160 | * @param string email |
---|
161 | * @param string type (image|category) |
---|
162 | */ |
---|
163 | function un_subscribe_to_comments($element_id, $email, $type='image') |
---|
164 | { |
---|
165 | global $template, $user; |
---|
166 | |
---|
167 | if ( empty($element_id) or empty($type) ) |
---|
168 | { |
---|
169 | trigger_error('un_subscribe_to_comment: missing element_id and/or type', E_USER_WARNING); |
---|
170 | return false; |
---|
171 | } |
---|
172 | |
---|
173 | // check email |
---|
174 | if ( is_a_guest() and empty($email) ) |
---|
175 | { |
---|
176 | return false; |
---|
177 | } |
---|
178 | else if (!is_a_guest()) |
---|
179 | { |
---|
180 | $email = $user['email']; |
---|
181 | } |
---|
182 | |
---|
183 | // delete subscription |
---|
184 | switch ($type) |
---|
185 | { |
---|
186 | case 'image' : |
---|
187 | case 'category' : |
---|
188 | $where_clause = $type.'_id = '.pwg_db_real_escape_string($element_id); |
---|
189 | case 'all' : |
---|
190 | { |
---|
191 | $query = ' |
---|
192 | DELETE FROM '.SUBSCRIBE_TO_TABLE.' |
---|
193 | WHERE |
---|
194 | email = "'.pwg_db_real_escape_string($email).'" |
---|
195 | '.(!empty($where_clause) ? 'AND '.$where_clause : null).' |
---|
196 | ;'; |
---|
197 | pwg_query($query); |
---|
198 | |
---|
199 | return true; |
---|
200 | break; |
---|
201 | } |
---|
202 | } |
---|
203 | |
---|
204 | return false; |
---|
205 | } |
---|
206 | |
---|
207 | /* |
---|
208 | * validate a subscription |
---|
209 | * @param int (image|category)_id |
---|
210 | * @param string email |
---|
211 | * @param string type (image|category) |
---|
212 | */ |
---|
213 | function validate_subscriptions($element_id, $email, $type='image') |
---|
214 | { |
---|
215 | if ( empty($element_id) or empty($email) or empty($type) ) |
---|
216 | { |
---|
217 | trigger_error('validate_subscriptions: missing element_id and/or email and/or type', E_USER_WARNING); |
---|
218 | return false; |
---|
219 | } |
---|
220 | |
---|
221 | switch ($type) |
---|
222 | { |
---|
223 | case 'image' : |
---|
224 | case 'category': |
---|
225 | $where_clause = $type.'_id = '.pwg_db_real_escape_string($element_id); |
---|
226 | case 'all' : |
---|
227 | { |
---|
228 | $query = ' |
---|
229 | UPDATE '.SUBSCRIBE_TO_TABLE.' |
---|
230 | SET validated = "true" |
---|
231 | WHERE |
---|
232 | email = "'.pwg_db_real_escape_string($email).'" |
---|
233 | '.(!empty($where_clause) ? 'AND '.$where_clause : null).' |
---|
234 | ;'; |
---|
235 | pwg_query($query); |
---|
236 | |
---|
237 | if (pwg_db_changes(null) != 0) return true; |
---|
238 | break; |
---|
239 | } |
---|
240 | } |
---|
241 | |
---|
242 | return false; |
---|
243 | } |
---|
244 | |
---|
245 | /** |
---|
246 | * create absolute url to subscriptions section |
---|
247 | * @param string action |
---|
248 | * @param string email |
---|
249 | * @return string |
---|
250 | */ |
---|
251 | function make_stc_url($action, $email) |
---|
252 | { |
---|
253 | if ( empty($action) or empty($email) ) |
---|
254 | { |
---|
255 | trigger_error('make_stc_url: missing action and/or mail', E_USER_WARNING); |
---|
256 | return null; |
---|
257 | } |
---|
258 | |
---|
259 | global $conf; |
---|
260 | set_make_full_url(); |
---|
261 | |
---|
262 | $url_params = array( |
---|
263 | 'action' => $action, |
---|
264 | 'email' => $email, |
---|
265 | ); |
---|
266 | |
---|
267 | if (func_num_args() > 2) |
---|
268 | { |
---|
269 | $url_params['id'] = func_get_arg(2); |
---|
270 | } |
---|
271 | |
---|
272 | $url_params['key'] = crypt_value( |
---|
273 | $action.$email.(isset($url_params['id'])?$url_params['id']:null), |
---|
274 | $conf['secret_key'] |
---|
275 | ); |
---|
276 | |
---|
277 | $url = add_url_params( |
---|
278 | make_index_url( array('section' => 'subscriptions') ), |
---|
279 | $url_params |
---|
280 | ); |
---|
281 | |
---|
282 | unset_make_full_url(); |
---|
283 | return $url; |
---|
284 | } |
---|
285 | |
---|
286 | /** |
---|
287 | * get name and url of a picture |
---|
288 | * @param int image_id |
---|
289 | * @return array |
---|
290 | */ |
---|
291 | function get_picture_infos($image_id, $absolute=false) |
---|
292 | { |
---|
293 | global $page; |
---|
294 | |
---|
295 | $query = ' |
---|
296 | SELECT |
---|
297 | id, |
---|
298 | name, |
---|
299 | file |
---|
300 | FROM '.IMAGES_TABLE.' |
---|
301 | WHERE id = '.$image_id.' |
---|
302 | ;'; |
---|
303 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
304 | |
---|
305 | if (empty($element['name'])) |
---|
306 | { |
---|
307 | $element['name'] = get_name_from_file($element['file']); |
---|
308 | } |
---|
309 | |
---|
310 | $url_params = array('image_id' => $element['id']); |
---|
311 | if ( !empty($page['category']) and !$absolute ) |
---|
312 | { |
---|
313 | $url_params['section'] = 'categories'; |
---|
314 | $url_params['category'] = $page['category']; |
---|
315 | } |
---|
316 | $element['url'] = make_picture_url($url_params); |
---|
317 | |
---|
318 | return $element; |
---|
319 | } |
---|
320 | |
---|
321 | /** |
---|
322 | * get name and url of a category |
---|
323 | * @param int cat_id |
---|
324 | * @return array |
---|
325 | */ |
---|
326 | function get_category_infos($cat_id) |
---|
327 | { |
---|
328 | $query = ' |
---|
329 | SELECT |
---|
330 | id, |
---|
331 | name, |
---|
332 | permalink |
---|
333 | FROM '.CATEGORIES_TABLE.' |
---|
334 | WHERE id = '.$cat_id.' |
---|
335 | ;'; |
---|
336 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
337 | |
---|
338 | $url_params['section'] = 'categories'; |
---|
339 | $url_params['category'] = $element; |
---|
340 | $element['url'] = make_index_url($url_params); |
---|
341 | |
---|
342 | return $element; |
---|
343 | } |
---|
344 | |
---|
345 | /** |
---|
346 | * crypt a string using mcrypt extension or a binary method |
---|
347 | * @param string value to crypt |
---|
348 | * @param string key |
---|
349 | * @return string |
---|
350 | */ |
---|
351 | function crypt_value($value, $key) |
---|
352 | { |
---|
353 | if (extension_loaded('mcrypt')) |
---|
354 | { |
---|
355 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
356 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
357 | $value = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
358 | } |
---|
359 | else |
---|
360 | { |
---|
361 | $value = $value ^ $key; // binary XOR operation |
---|
362 | } |
---|
363 | |
---|
364 | $value = base64url_encode($value); |
---|
365 | return trim($value); |
---|
366 | } |
---|
367 | |
---|
368 | /** |
---|
369 | * decrypt a string crypted with previous function |
---|
370 | * @param string value to decrypt |
---|
371 | * @param string key |
---|
372 | * @return string |
---|
373 | */ |
---|
374 | function decrypt_value($value, $key) |
---|
375 | { |
---|
376 | $value = base64url_decode($value); |
---|
377 | |
---|
378 | if (extension_loaded('mcrypt')) |
---|
379 | { |
---|
380 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
381 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
382 | $value = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
383 | } |
---|
384 | else |
---|
385 | { |
---|
386 | $value = $value ^ $key; // binary XOR operation |
---|
387 | } |
---|
388 | |
---|
389 | return trim($value); |
---|
390 | } |
---|
391 | |
---|
392 | |
---|
393 | /** |
---|
394 | * variant of base64 functions usable into url |
---|
395 | * http://fr.php.net/manual/fr/function.base64-encode.php#103849 |
---|
396 | */ |
---|
397 | function base64url_encode($data) |
---|
398 | { |
---|
399 | return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
---|
400 | } |
---|
401 | function base64url_decode($data) |
---|
402 | { |
---|
403 | return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); |
---|
404 | } |
---|
405 | |
---|
406 | ?> |
---|