[12560] | 1 | <?php |
---|
| 2 | if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!'); |
---|
| 3 | |
---|
| 4 | /** |
---|
| 5 | * Send comment to subscribers |
---|
| 6 | * @param array comm |
---|
| 7 | */ |
---|
| 8 | function send_comment_to_subscribers($comm) |
---|
| 9 | { |
---|
| 10 | global $conf, $page, $user; |
---|
| 11 | |
---|
[12600] | 12 | if ( empty($comm) or !is_array($comm) ) |
---|
| 13 | { |
---|
| 14 | trigger_error('send_comment_to_subscribers: undefinided comm', E_USER_WARNING); |
---|
| 15 | return false; |
---|
| 16 | } |
---|
| 17 | |
---|
[12560] | 18 | $type= isset($comm['category_id']) ? 'category' : 'image'; |
---|
| 19 | |
---|
| 20 | // exclude current user |
---|
| 21 | $exclude = null; |
---|
| 22 | if (!empty($_POST['stc_mail'])) $exclude = pwg_db_real_escape_string($_POST['stc_mail']); |
---|
[12561] | 23 | else if (!is_a_guest()) $exclude = $user['email']; |
---|
[12560] | 24 | |
---|
| 25 | // get subscribers emails |
---|
| 26 | $query = ' |
---|
| 27 | SELECT |
---|
| 28 | email |
---|
| 29 | FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 30 | WHERE |
---|
| 31 | '.$type.'_id = '.$comm[$type.'_id'].' |
---|
| 32 | AND validated = true |
---|
| 33 | AND email != "'.$exclude.'" |
---|
| 34 | '; |
---|
| 35 | $emails = array_from_query($query, 'email'); |
---|
| 36 | |
---|
| 37 | set_make_full_url(); |
---|
[12561] | 38 | if ($type == 'image') |
---|
[12560] | 39 | { |
---|
[12600] | 40 | $element = get_picture_infos($comm['image_id']); |
---|
[12561] | 41 | } |
---|
| 42 | else if ($type == 'category') |
---|
| 43 | { |
---|
[12600] | 44 | $element = get_category_infos($comm['category_id']); |
---|
[12560] | 45 | } |
---|
| 46 | |
---|
| 47 | // get author name |
---|
| 48 | if ($comm['author'] == 'guest') |
---|
| 49 | { |
---|
| 50 | $comm['author'] = l10n('guest'); |
---|
| 51 | } |
---|
| 52 | |
---|
| 53 | // mail content |
---|
| 54 | $mail_args = array( |
---|
| 55 | 'subject' => '['.strip_tags($conf['gallery_title']).'] Re:'.$element['name'], |
---|
| 56 | 'content_format' => 'text/html', |
---|
| 57 | ); |
---|
| 58 | |
---|
| 59 | $generic_content = ' |
---|
[12607] | 60 | <a href="'.$element['url'].'"><img src="'.$element['thumbnail'].'" alt="'.$element['name'].'"></a> |
---|
| 61 | <br> |
---|
[12560] | 62 | <b>.'.trigger_event('render_comment_author', $comm['author']).'</b> wrote : |
---|
| 63 | |
---|
| 64 | <blockquote>'.trigger_event('render_comment_content', $comm['content']).'</blockquote> |
---|
| 65 | |
---|
| 66 | <a href="'.$element['url'].'#comment-'.$comm['id'].'">Link to comment</a> |
---|
| 67 | <br><br> |
---|
| 68 | ================================ |
---|
| 69 | <br><br>'; |
---|
| 70 | |
---|
| 71 | foreach ($emails as $email) |
---|
| 72 | { |
---|
| 73 | $mail_args['content'] = $generic_content.' |
---|
[12600] | 74 | <a href="'.make_stc_url('unsubscribe-'.$type, $email, $element['id']).'">Stop receiving notifications</a><br> |
---|
| 75 | <a href="'.make_stc_url('manage', $email).'">Manage my subscribtions</a>'; |
---|
[12560] | 76 | pwg_mail($email, $mail_args); |
---|
| 77 | } |
---|
| 78 | |
---|
| 79 | unset_make_full_url(); |
---|
| 80 | } |
---|
| 81 | |
---|
[12561] | 82 | |
---|
[12607] | 83 | /** |
---|
[12560] | 84 | * add an email to subscribers list |
---|
| 85 | * @param int (image|category)_id |
---|
| 86 | * @param string email |
---|
| 87 | * @param string type (image|category) |
---|
| 88 | */ |
---|
| 89 | function subscribe_to_comments($element_id, $email, $type='image') |
---|
| 90 | { |
---|
[12600] | 91 | global $page, $conf, $user, $template, $picture; |
---|
[12560] | 92 | |
---|
[12600] | 93 | if ( empty($element_id) or empty($type) ) |
---|
| 94 | { |
---|
| 95 | trigger_error('subscribe_to_comment: missing element_id and/or type', E_USER_WARNING); |
---|
| 96 | return false; |
---|
| 97 | } |
---|
| 98 | |
---|
| 99 | // check email |
---|
[12609] | 100 | if ( ( is_a_guest() or empty($user['email']) ) and empty($email) ) |
---|
[12560] | 101 | { |
---|
[12600] | 102 | return false; |
---|
[12560] | 103 | } |
---|
[12561] | 104 | else if (!is_a_guest()) |
---|
[12560] | 105 | { |
---|
| 106 | $email = $user['email']; |
---|
| 107 | } |
---|
| 108 | |
---|
[12561] | 109 | // don't care if already registered |
---|
[12560] | 110 | $query = ' |
---|
[12600] | 111 | INSERT INTO '.SUBSCRIBE_TO_TABLE.'( |
---|
[12560] | 112 | email, |
---|
| 113 | '.$type.'_id, |
---|
| 114 | registration_date, |
---|
| 115 | validated |
---|
| 116 | ) |
---|
| 117 | VALUES( |
---|
| 118 | "'.pwg_db_real_escape_string($email).'", |
---|
| 119 | '.$element_id.', |
---|
| 120 | NOW(), |
---|
| 121 | "'.(is_a_guest() ? "false" : "true").'" |
---|
| 122 | ) |
---|
[12600] | 123 | ON DUPLICATE KEY UPDATE |
---|
| 124 | registration_date = IF(validated="true", registration_date, NOW()), |
---|
| 125 | validated = IF(validated="true", validated, "'.(is_a_guest() ? "false" : "true").'") |
---|
[12560] | 126 | ;'; |
---|
| 127 | pwg_query($query); |
---|
| 128 | |
---|
[12561] | 129 | // send validation mail |
---|
[12600] | 130 | if ( is_a_guest() and pwg_db_changes(null) != 0 ) |
---|
[12560] | 131 | { |
---|
[12561] | 132 | $element_name = ($type == 'image') ? $picture['current']['name'] : $page['category']['name']; |
---|
| 133 | |
---|
[12560] | 134 | $mail_args = array( |
---|
| 135 | 'subject' => '['.strip_tags($conf['gallery_title']).'] Please confirm your subscribtion to comments', |
---|
| 136 | 'content_format' => 'text/html', |
---|
| 137 | ); |
---|
| 138 | |
---|
| 139 | $mail_args['content'] = ' |
---|
[12561] | 140 | You requested to subscribe by email to comments on <b>'.$element_name.'</b>.<br> |
---|
[12560] | 141 | <br> |
---|
| 142 | We care about your inbox, so we want to confirm this request. Please click the confirm link to activate the subscription.<br> |
---|
| 143 | <br> |
---|
| 144 | <a href="'.make_stc_url('validate-'.$type, $email, $element_id).'">Confirm subscription</a><br> |
---|
| 145 | <br> |
---|
| 146 | If you did not request this action please disregard this message. |
---|
| 147 | '; |
---|
| 148 | |
---|
| 149 | pwg_mail($email, $mail_args); |
---|
[12600] | 150 | return 'confirm_mail'; |
---|
[12560] | 151 | } |
---|
[12600] | 152 | // just display confirmation message |
---|
| 153 | else if (pwg_db_changes(null) != 0) |
---|
[12561] | 154 | { |
---|
[12600] | 155 | return true; |
---|
[12561] | 156 | } |
---|
[12600] | 157 | } |
---|
| 158 | |
---|
[12607] | 159 | |
---|
| 160 | /** |
---|
[12600] | 161 | * remove an email from subscribers list |
---|
| 162 | * @param int (image|category)_id |
---|
| 163 | * @param string email |
---|
| 164 | * @param string type (image|category) |
---|
| 165 | */ |
---|
| 166 | function un_subscribe_to_comments($element_id, $email, $type='image') |
---|
| 167 | { |
---|
| 168 | global $template, $user; |
---|
[12560] | 169 | |
---|
[12600] | 170 | if ( empty($element_id) or empty($type) ) |
---|
| 171 | { |
---|
| 172 | trigger_error('un_subscribe_to_comment: missing element_id and/or type', E_USER_WARNING); |
---|
| 173 | return false; |
---|
| 174 | } |
---|
[12561] | 175 | |
---|
[12600] | 176 | // check email |
---|
[12609] | 177 | if ( ( is_a_guest() or empty($user['email']) ) and empty($email) ) |
---|
[12560] | 178 | { |
---|
[12600] | 179 | return false; |
---|
[12560] | 180 | } |
---|
[12600] | 181 | else if (!is_a_guest()) |
---|
| 182 | { |
---|
| 183 | $email = $user['email']; |
---|
| 184 | } |
---|
| 185 | |
---|
| 186 | // delete subscription |
---|
| 187 | switch ($type) |
---|
| 188 | { |
---|
| 189 | case 'image' : |
---|
| 190 | case 'category' : |
---|
| 191 | $where_clause = $type.'_id = '.pwg_db_real_escape_string($element_id); |
---|
| 192 | case 'all' : |
---|
| 193 | { |
---|
| 194 | $query = ' |
---|
| 195 | DELETE FROM '.SUBSCRIBE_TO_TABLE.' |
---|
| 196 | WHERE |
---|
| 197 | email = "'.pwg_db_real_escape_string($email).'" |
---|
| 198 | '.(!empty($where_clause) ? 'AND '.$where_clause : null).' |
---|
| 199 | ;'; |
---|
| 200 | pwg_query($query); |
---|
| 201 | |
---|
| 202 | return true; |
---|
| 203 | break; |
---|
| 204 | } |
---|
| 205 | } |
---|
| 206 | |
---|
| 207 | return false; |
---|
[12560] | 208 | } |
---|
| 209 | |
---|
[12607] | 210 | |
---|
| 211 | /** |
---|
[12600] | 212 | * validate a subscription |
---|
| 213 | * @param int (image|category)_id |
---|
| 214 | * @param string email |
---|
| 215 | * @param string type (image|category) |
---|
| 216 | */ |
---|
| 217 | function validate_subscriptions($element_id, $email, $type='image') |
---|
| 218 | { |
---|
| 219 | if ( empty($element_id) or empty($email) or empty($type) ) |
---|
| 220 | { |
---|
| 221 | trigger_error('validate_subscriptions: missing element_id and/or email and/or type', E_USER_WARNING); |
---|
| 222 | return false; |
---|
| 223 | } |
---|
| 224 | |
---|
| 225 | switch ($type) |
---|
| 226 | { |
---|
| 227 | case 'image' : |
---|
| 228 | case 'category': |
---|
| 229 | $where_clause = $type.'_id = '.pwg_db_real_escape_string($element_id); |
---|
| 230 | case 'all' : |
---|
| 231 | { |
---|
| 232 | $query = ' |
---|
| 233 | UPDATE '.SUBSCRIBE_TO_TABLE.' |
---|
| 234 | SET validated = "true" |
---|
| 235 | WHERE |
---|
| 236 | email = "'.pwg_db_real_escape_string($email).'" |
---|
| 237 | '.(!empty($where_clause) ? 'AND '.$where_clause : null).' |
---|
| 238 | ;'; |
---|
| 239 | pwg_query($query); |
---|
| 240 | |
---|
| 241 | if (pwg_db_changes(null) != 0) return true; |
---|
| 242 | break; |
---|
| 243 | } |
---|
| 244 | } |
---|
| 245 | |
---|
| 246 | return false; |
---|
| 247 | } |
---|
[12561] | 248 | |
---|
[12607] | 249 | |
---|
[12560] | 250 | /** |
---|
| 251 | * create absolute url to subscriptions section |
---|
| 252 | * @param string action |
---|
| 253 | * @param string email |
---|
| 254 | * @return string |
---|
| 255 | */ |
---|
| 256 | function make_stc_url($action, $email) |
---|
| 257 | { |
---|
[12561] | 258 | if ( empty($action) or empty($email) ) |
---|
| 259 | { |
---|
[12600] | 260 | trigger_error('make_stc_url: missing action and/or mail', E_USER_WARNING); |
---|
[12561] | 261 | return null; |
---|
| 262 | } |
---|
[12560] | 263 | |
---|
| 264 | global $conf; |
---|
| 265 | set_make_full_url(); |
---|
| 266 | |
---|
| 267 | $url_params = array( |
---|
| 268 | 'action' => $action, |
---|
| 269 | 'email' => $email, |
---|
| 270 | ); |
---|
| 271 | |
---|
| 272 | if (func_num_args() > 2) |
---|
| 273 | { |
---|
[12600] | 274 | $url_params['id'] = func_get_arg(2); |
---|
[12560] | 275 | } |
---|
| 276 | |
---|
[12600] | 277 | $url_params['key'] = crypt_value( |
---|
| 278 | $action.$email.(isset($url_params['id'])?$url_params['id']:null), |
---|
| 279 | $conf['secret_key'] |
---|
| 280 | ); |
---|
| 281 | |
---|
[12560] | 282 | $url = add_url_params( |
---|
| 283 | make_index_url( array('section' => 'subscriptions') ), |
---|
| 284 | $url_params |
---|
| 285 | ); |
---|
| 286 | |
---|
| 287 | unset_make_full_url(); |
---|
| 288 | return $url; |
---|
| 289 | } |
---|
| 290 | |
---|
[12607] | 291 | |
---|
[12600] | 292 | /** |
---|
| 293 | * get name and url of a picture |
---|
| 294 | * @param int image_id |
---|
| 295 | * @return array |
---|
| 296 | */ |
---|
| 297 | function get_picture_infos($image_id, $absolute=false) |
---|
| 298 | { |
---|
| 299 | global $page; |
---|
| 300 | |
---|
| 301 | $query = ' |
---|
| 302 | SELECT |
---|
| 303 | id, |
---|
| 304 | name, |
---|
[12607] | 305 | file, |
---|
| 306 | path, |
---|
| 307 | tn_ext |
---|
[12600] | 308 | FROM '.IMAGES_TABLE.' |
---|
| 309 | WHERE id = '.$image_id.' |
---|
| 310 | ;'; |
---|
| 311 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
| 312 | |
---|
| 313 | if (empty($element['name'])) |
---|
| 314 | { |
---|
| 315 | $element['name'] = get_name_from_file($element['file']); |
---|
| 316 | } |
---|
| 317 | |
---|
| 318 | $url_params = array('image_id' => $element['id']); |
---|
| 319 | if ( !empty($page['category']) and !$absolute ) |
---|
| 320 | { |
---|
| 321 | $url_params['section'] = 'categories'; |
---|
| 322 | $url_params['category'] = $page['category']; |
---|
| 323 | } |
---|
| 324 | $element['url'] = make_picture_url($url_params); |
---|
| 325 | |
---|
[12607] | 326 | $element['thumbnail'] = get_thumbnail_url($element); |
---|
| 327 | |
---|
[12600] | 328 | return $element; |
---|
| 329 | } |
---|
[12561] | 330 | |
---|
[12560] | 331 | /** |
---|
[12600] | 332 | * get name and url of a category |
---|
| 333 | * @param int cat_id |
---|
| 334 | * @return array |
---|
| 335 | */ |
---|
| 336 | function get_category_infos($cat_id) |
---|
| 337 | { |
---|
[12607] | 338 | global $conf; |
---|
| 339 | |
---|
[12600] | 340 | $query = ' |
---|
| 341 | SELECT |
---|
[12607] | 342 | cat.id, |
---|
| 343 | cat.name, |
---|
| 344 | cat.permalink, |
---|
| 345 | img.id AS image_id, |
---|
| 346 | img.path, |
---|
| 347 | img.tn_ext |
---|
| 348 | FROM '.CATEGORIES_TABLE.' AS cat |
---|
| 349 | LEFT JOIN '.USER_CACHE_CATEGORIES_TABLE.' AS ucc |
---|
| 350 | ON ucc.cat_id = cat.id AND ucc.user_id = '.$conf['guest_id'].' |
---|
| 351 | LEFT JOIN '.IMAGES_TABLE.' AS img |
---|
| 352 | ON img.id = ucc.user_representative_picture_id |
---|
| 353 | WHERE cat.id = '.$cat_id.' |
---|
[12600] | 354 | ;'; |
---|
| 355 | $element = pwg_db_fetch_assoc(pwg_query($query)); |
---|
[12607] | 356 | // we use guest_id for user_cache beacause we don't know the status of recipient |
---|
[12600] | 357 | |
---|
| 358 | $url_params['section'] = 'categories'; |
---|
| 359 | $url_params['category'] = $element; |
---|
| 360 | $element['url'] = make_index_url($url_params); |
---|
| 361 | |
---|
[12607] | 362 | $element['thumbnail'] = get_thumbnail_url(array( |
---|
| 363 | 'id' => $element['image_id'], |
---|
| 364 | 'path' => $element['path'], |
---|
| 365 | 'tn_ext' => $element['tn_ext'], |
---|
| 366 | )); |
---|
| 367 | |
---|
[12600] | 368 | return $element; |
---|
| 369 | } |
---|
| 370 | |
---|
[12607] | 371 | |
---|
[12600] | 372 | /** |
---|
[12620] | 373 | * crypt a string using mcrypt extension or |
---|
| 374 | * http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php/802957#802957 |
---|
[12560] | 375 | * @param string value to crypt |
---|
| 376 | * @param string key |
---|
| 377 | * @return string |
---|
| 378 | */ |
---|
| 379 | function crypt_value($value, $key) |
---|
| 380 | { |
---|
| 381 | if (extension_loaded('mcrypt')) |
---|
| 382 | { |
---|
| 383 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
| 384 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
[12620] | 385 | $result = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
[12560] | 386 | } |
---|
| 387 | else |
---|
| 388 | { |
---|
[12620] | 389 | $result = null; |
---|
| 390 | for($i = 0; $i < strlen($value); $i++) |
---|
| 391 | { |
---|
| 392 | $char = substr($value, $i, 1); |
---|
| 393 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
---|
| 394 | $char = chr(ord($char) + ord($keychar)); |
---|
| 395 | $result .= $char; |
---|
| 396 | } |
---|
[12560] | 397 | } |
---|
| 398 | |
---|
[12620] | 399 | $result = base64url_encode($result); |
---|
| 400 | return trim($result); |
---|
[12560] | 401 | } |
---|
| 402 | |
---|
| 403 | /** |
---|
| 404 | * decrypt a string crypted with previous function |
---|
| 405 | * @param string value to decrypt |
---|
| 406 | * @param string key |
---|
| 407 | * @return string |
---|
| 408 | */ |
---|
| 409 | function decrypt_value($value, $key) |
---|
| 410 | { |
---|
| 411 | $value = base64url_decode($value); |
---|
| 412 | |
---|
| 413 | if (extension_loaded('mcrypt')) |
---|
| 414 | { |
---|
| 415 | $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); |
---|
| 416 | $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); |
---|
[12620] | 417 | $result = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $value, MCRYPT_MODE_ECB, $iv); |
---|
[12560] | 418 | } |
---|
| 419 | else |
---|
| 420 | { |
---|
[12620] | 421 | $result = null; |
---|
| 422 | for($i = 0; $i < strlen($value); $i++) |
---|
| 423 | { |
---|
| 424 | $char = substr($value, $i, 1); |
---|
| 425 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
---|
| 426 | $char = chr(ord($char) - ord($keychar)); |
---|
| 427 | $result .= $char; |
---|
| 428 | } |
---|
[12560] | 429 | } |
---|
| 430 | |
---|
[12620] | 431 | return trim($result); |
---|
[12560] | 432 | } |
---|
| 433 | |
---|
| 434 | /** |
---|
| 435 | * variant of base64 functions usable into url |
---|
| 436 | * http://fr.php.net/manual/fr/function.base64-encode.php#103849 |
---|
| 437 | */ |
---|
| 438 | function base64url_encode($data) |
---|
| 439 | { |
---|
| 440 | return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
---|
| 441 | } |
---|
| 442 | function base64url_decode($data) |
---|
| 443 | { |
---|
| 444 | return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); |
---|
| 445 | } |
---|
| 446 | |
---|
| 447 | ?> |
---|