API tools faq
paste
Guest User

Untitled

a guest
Jun 9th, 2018
204
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include('./serverlib/init.inc.php');
  3. include('./serverlib/safecode.class.php');
  4.  
  5. ModuleFunction('FileHandler',
  6. array(substr(__FILE__, strlen(dirname(__FILE__))+1),
  7. isset($_REQUEST['action']) ? $_REQUEST['action'] : ''));
  8.  
  9. if(!isset($_REQUEST['action']))
  10. $_REQUEST['action'] = 'login';
  11.  
  12. if($_REQUEST['action'] == 'tos')
  13. {
  14. // terms of service
  15. $tpl->assign('tos', nl2br(htmlentities($lang_custom['tos'])));
  16. $tpl->assign('page', 'nli/tos.tpl');
  17. }
  18.  
  19. else if($_REQUEST['action'] == 'imprint')
  20. {
  21. // imprint
  22. $tpl->assign('imprint', $lang_custom['imprint']);
  23. $tpl->assign('page', 'nli/imprint.tpl');
  24. }
  25.  
  26. else if($_REQUEST['action'] == 'faq')
  27. {
  28. // faq
  29. $faq = array();
  30. $res = $db->Query('SELECT id,frage,antwort FROM {pre}faq WHERE (lang=? OR lang=?) AND (typ=? OR typ=?) ORDER BY frage ASC',
  31. ':all:',
  32. $currentLanguage,
  33. 'both',
  34. 'nli');
  35. while($row = $res->FetchArray(MYSQL_ASSOC))
  36. {
  37. $answer = $row['antwort'];
  38. $answer = str_replace('%%hostname%%', $_SERVER['HTTP_HOST'], $answer);
  39. $answer = str_replace('%%selfurl%%', $bm_prefs['selfurl'], $answer);
  40. $answer = nl2br($answer);
  41.  
  42. array_push($faq, array(
  43. 'question' => $row['frage'],
  44. 'answer' => $answer
  45. ));
  46. }
  47. $res->Free();
  48.  
  49. $tpl->assign('faq', $faq);
  50. $tpl->assign('page', 'nli/faq.tpl');
  51. }
  52.  
  53. else if($_REQUEST['action'] == 'signup')
  54. {
  55. // sign up ip lock?
  56. if($bm_prefs['regenabled'] == 'yes')
  57. {
  58. $res = $db->Query('SELECT COUNT(*) FROM {pre}users WHERE reg_ip=? AND reg_date>?',
  59. $_SERVER['REMOTE_ADDR'],
  60. time()-$bm_prefs['reg_iplock']);
  61. $row = $res->FetchArray();
  62. $res->Free();
  63.  
  64. if($row[0] != 0)
  65. {
  66. // block sign up
  67. $tpl->assign('msg', $lang_user['reglock']);
  68. $tpl->assign('page', 'nli/regdone.tpl');
  69. }
  70. else
  71. {
  72. $showForm = true;
  73.  
  74. if(isset($_POST['do']) && $_POST['do']=='createAccount')
  75. {
  76. $showForm = false;
  77. $invalidFields = array();
  78. $errorInfo = '';
  79.  
  80. //
  81. // check fields
  82. //
  83.  
  84. // email domain
  85. $suEMailDomain = trim($_POST['email_domain']);
  86. if(!in_array($suEMailDomain, explode(':', $bm_prefs['domains'])))
  87. $invalidFields[] = 'email_domain';
  88.  
  89. // email
  90. $suEMailLocal = trim($_POST['email_local']);
  91. $suEMail = $suEMailLocal . '@' . $suEMailDomain;
  92. if(!BMUser::AddressValid($suEMail) || !BMUser::AddressAvailable($suEMail)
  93. || BMUser::AddressLocked($suEMailLocal)
  94. || strlen($suEMailLocal) < $bm_prefs['minuserlength'])
  95. $invalidFields[] = 'email_local';
  96.  
  97. // first name
  98. $suFirstname = trim($_POST['firstname']);
  99. if(strlen($suFirstname) < 2)
  100. $invalidFields[] = 'firstname';
  101.  
  102. // last name
  103. $suSurname = trim($_POST['surname']);
  104. if(strlen($suSurname) < 2)
  105. $invalidFields[] = 'surname';
  106.  
  107. // 'strasse'-group
  108. if($bm_prefs['f_strasse'] != 'n')
  109. {
  110. // street
  111. $suStreet = trim($_POST['street']);
  112. if((strlen($suStreet) < 3) && (strlen($suStreet) > 0 || $bm_prefs['f_strasse'] == 'p'))
  113. $invalidFields[] = 'street';
  114.  
  115. // no
  116. $suNo = trim($_POST['no']);
  117. if((strlen($suNo) < 1) && (strlen($suNo) > 0 || $bm_prefs['f_strasse'] == 'p'))
  118. $invalidFields[] = 'no';
  119.  
  120. // zip
  121. $suZIP = trim($_POST['zip']);
  122. if((strlen($suZIP) < 3) && (strlen($suZIP) > 0 || $bm_prefs['f_strasse'] == 'p'))
  123. $invalidFields[] = 'zip';
  124.  
  125. // city
  126. $suCity = trim($_POST['city']);
  127. if((strlen($suCity) < 3) && (strlen($suCity) > 0 || $bm_prefs['f_strasse'] == 'p'))
  128. $invalidFields[] = 'city';
  129.  
  130. // country
  131. $suCountry = (int)$_POST['country'];
  132. if($bm_prefs['f_strasse'] == 'p' && !in_array($suCountry, array_keys(CountryList())))
  133. $invalidFields[] = 'country';
  134.  
  135. // zip/city check?
  136. if(!in_array('zip', $invalidFields)
  137. && !in_array('city', $invalidFields)
  138. && !in_array('country', $invalidFields)
  139. && $bm_prefs['plz_check'] == 'yes'
  140. && !ZIPCheck($suZIP, $suCity, $suCountry))
  141. {
  142. $invalidFields[] = 'zip';
  143. $invalidFields[] = 'city';
  144. $errorInfo .= ' ' . $lang_user['plzerror'];
  145. }
  146. }
  147. else if($bm_prefs['f_strasse'] == 'n')
  148. {
  149. $suStreet = $suNo = $suZIP = $suCity = '';
  150. $suCountry = $bm_prefs['std_land'];
  151. }
  152.  
  153. // 'telefon'-field
  154. if($bm_prefs['f_telefon'] != 'n')
  155. {
  156. $suPhone = trim($_POST['phone']);
  157. if((strlen($suPhone) < 5) && (strlen($suPhone) > 0 || $bm_prefs['f_telefon'] == 'p'))
  158. $invalidFields[] = 'phone';
  159. }
  160. else if($bm_prefs['f_telefon'] == 'n')
  161. {
  162. $suPhone = '';
  163. }
  164.  
  165. // safecode
  166. if($bm_prefs['f_safecode'] == 'p')
  167. {
  168. $code = Safecode::GetCode((int)$_POST['codeID']);
  169. if(!isset($_POST['safecode'])
  170. || strlen($code) < 4
  171. || strtolower($_POST['safecode']) != strtolower($code))
  172. $invalidFields[] = 'safecode';
  173. if(strlen($code) >= 4)
  174. Safecode::ReleaseCode((int)$_POST['codeID']);
  175. }
  176.  
  177. // 'fax'-field
  178. if($bm_prefs['f_fax'] != 'n')
  179. {
  180. $suFax = trim($_POST['fax']);
  181. if((strlen($suFax) < 5) && (strlen($suFax) > 0 || $bm_prefs['f_fax'] == 'p'))
  182. $invalidFields[] = 'fax';
  183. }
  184. else if($bm_prefs['f_fax'] == 'n')
  185. {
  186. $suFax = '';
  187. }
  188.  
  189. // 'altmail'-field
  190. if($bm_prefs['f_alternativ'] != 'n')
  191. {
  192. $suAltMail = trim($_POST['altmail']);
  193. if((strlen($suAltMail) > 0 || $bm_prefs['f_alternativ'] == 'p') && (!BMUser::AddressValid($suAltMail) || ($bm_prefs['alt_check'] == 'yes' && !ValidateMailAddress($suAltMail))))
  194. $invalidFields[] = 'altmail';
  195. }
  196. else if($bm_prefs['f_alternativ'] == 'n')
  197. {
  198. $suAltMail = '';
  199. }
  200.  
  201. // 'mail2sms_nummer'-field
  202. if($bm_prefs['f_mail2sms_nummer'] != 'n')
  203. {
  204. $suMobileNr = trim(ereg_replace('[^0-9]', '', str_replace('+', '00', $_POST['mail2sms_nummer'])));
  205. if((strlen($suMobileNr) < 6) && (strlen($suMobileNr) > 0 || $bm_prefs['f_mail2sms_nummer'] == 'p'))
  206. $invalidFields[] = 'mail2sms_nummer';
  207. }
  208. else if($bm_prefs['f_mail2sms_nummer'] == 'n')
  209. {
  210. $suMobileNr = '';
  211. }
  212.  
  213. // password
  214. $suPass1 = $_POST['pass1'];
  215. $suPass2 = $_POST['pass2'];
  216. if(strlen($suPass1) < 3 || $suPass1 != $suPass2 || $suPass1 == $suEMailLocal)
  217. {
  218. $invalidFields[] = 'pass1';
  219. $invalidFields[] = 'pass2';
  220. $errorInfo .= ' ' . $lang_user['pwerror'];
  221. }
  222.  
  223. // coupon
  224. $suCoupon = isset($_POST['code']) ? trim($_POST['code']) : '';
  225. if($suCoupon != '' && !BMUser::CouponValid($suCoupon))
  226. {
  227. $invalidFields[] = 'code';
  228. $errorInfo .= ' ' . $lang_user['signupcouponerror'];
  229. }
  230.  
  231. // tos
  232. if(!isset($_POST['tos']) || $_POST['tos'] != 'true')
  233. $errorInfo .= ' ' . $lang_user['toserror'];
  234.  
  235. // profile fields
  236. $suProfile = array();
  237. $res = $db->Query("SELECT id,rule,pflicht,typ FROM {pre}profilfelder");
  238. while($row = $res->FetchArray())
  239. {
  240. $feld_ok = false;
  241. $feld_name = 'field_' . $row['id'];
  242. switch($row['typ'])
  243. {
  244. case FIELD_CHECKBOX:
  245. $feld_ok = true;
  246. $suProfile[$row['id']] = isset($_POST[$feld_name]);
  247. break;
  248. case FIELD_DROPDOWN:
  249. $feld_ok = true;
  250. if($feld_ok)
  251. $suProfile[$row['id']] = $_POST[$feld_name];
  252. break;
  253. case FIELD_RADIO:
  254. $feld_ok = isset($_POST[$feld_name]);
  255. if($feld_ok)
  256. $suProfile[$row['id']] = $_POST[$feld_name];
  257. break;
  258. case FIELD_TEXT:
  259. $feld_ok = (trim($row['rule']) == '') || (ereg($row['rule'], $_POST[$feld_name]));
  260. if(isset($_POST[$feld_name]))
  261. $suProfile[$row['id']] = $_POST[$feld_name];
  262. break;
  263. }
  264. if(($row['pflicht']=='yes' || (isset($_POST[$feld_name]) && strlen($_POST[$feld_name]) > 0)) && (!$feld_ok))
  265. $invalidFields[] = $feld_name;
  266. }
  267. $res->Free();
  268.  
  269. // go on
  270. if(count($invalidFields) > 0)
  271. {
  272. // errors => mark fields red and show form again
  273. $showForm = true;
  274. $tpl->assign('errorStep', true);
  275. $tpl->assign('errorInfo', $lang_user['checkfields'] . $errorInfo);
  276. $tpl->assign('invalidFields', $invalidFields);
  277. }
  278. else
  279. {
  280. // create account
  281. $userId = BMUser::CreateAccount($suEMail,
  282. $suFirstname,
  283. $suSurname,
  284. $suStreet,
  285. $suNo,
  286. $suZIP,
  287. $suCity,
  288. $suCountry,
  289. $suPhone,
  290. $suFax,
  291. $suAltMail,
  292. $suMobileNr,
  293. $suPass1,
  294. $suProfile);
  295.  
  296. // successful?
  297. if($userId !== false && $userId > 0)
  298. {
  299. // redeem coupon?
  300. if($suCoupon != '')
  301. {
  302. $theNewUser = _new('BMUser', array($userId));
  303. $theNewUser->RedeemCoupon($suCoupon);
  304. }
  305.  
  306. // account created
  307. Add2Stat('signup');
  308. $showForm = false;
  309. $tpl->assign('msg', sprintf($bm_prefs['usr_status'] == 'locked'
  310. ? $lang_user['regdonelocked']
  311. : $lang_user['regdone'], $suEMail));
  312. $tpl->assign('page', 'nli/regdone.tpl');
  313.  
  314.  
  315. // module handler
  316. ModuleFunction('AfterSuccessfulSignup', array($userId, $suEMail));
  317. }
  318. else
  319. {
  320. // error occured
  321. $showForm = true;
  322. $tpl->assign('errorStep', true);
  323. $tpl->assign('errorInfo', $lang_user['regerror']);
  324. $tpl->assign('invalidFields', array());
  325. }
  326. }
  327. }
  328.  
  329. if($showForm)
  330. {
  331. // codes?
  332. $res = $db->Query('SELECT COUNT(*) FROM {pre}codes');
  333. $row = $res->FetchArray(MYSQL_NUM);
  334. $res->Free();
  335. $tpl->assign('code', $row[0] > 0);
  336.  
  337. // safe code
  338. if($bm_prefs['f_safecode'] == 'p')
  339. $tpl->assign('codeID', Safecode::RequestCode());
  340.  
  341. // profile fields?
  342. $profilfelder = array();
  343. $res = $db->Query('SELECT feld,pflicht,id,extra,typ FROM {pre}profilfelder');
  344. while($row = $res->FetchArray())
  345. {
  346. array_push($profilfelder, array(
  347. 'feld' => $row['feld'],
  348. 'pflicht' => $row['pflicht']=='yes',
  349. 'id' => $row['id'],
  350. 'extra' => explode(',', $row['extra']),
  351. 'typ' => $row['typ']
  352. ));
  353. }
  354. $res->Free();
  355. if(count($profilfelder) > 0)
  356. $tpl->assign('profilfelder', $profilfelder);
  357.  
  358. // required fields
  359. $tpl->assign('f_strasse', $bm_prefs['f_strasse']);
  360. $tpl->assign('f_telefon', $bm_prefs['f_telefon']);
  361. $tpl->assign('f_fax', $bm_prefs['f_fax']);
  362. $tpl->assign('f_alternativ', $bm_prefs['f_alternativ']);
  363. $tpl->assign('f_mail2sms_nummer', $bm_prefs['f_mail2sms_nummer']);
  364. $tpl->assign('f_safecode', function_exists('imagepng') ? $bm_prefs['f_safecode'] : 'n');
  365.  
  366. // show page
  367. $tpl->assign('countryList', CountryList());
  368. $tpl->assign('defaultCountry', $bm_prefs['std_land']);
  369. $tpl->assign('tos', htmlentities($lang_custom['tos']));
  370. $tpl->assign('domainList', explode(':', $bm_prefs['domains']));
  371. $tpl->assign('page', 'nli/signup.tpl');
  372. }
  373. }
  374. }
  375. else
  376. {
  377. // sign up disabled
  378. $tpl->assign('msg', $lang_user['regdisabled']);
  379. $tpl->assign('page', 'nli/regdone.tpl');
  380. }
  381. }
  382.  
  383.  
  384. else if($_REQUEST['action'] == 'codegen')
  385. {
  386. // dump code as image
  387. if(isset($_GET['id']) && is_numeric($_GET['id']))
  388. Safecode::DumpCode($_GET['id']);
  389. exit();
  390. }
  391.  
  392.  
  393. else if($_REQUEST['action'] == 'checkSafeCode')
  394. {
  395. // check code
  396. if(isset($_GET['id']) && is_numeric($_GET['id'])
  397. && isset($_GET['code']))
  398. {
  399. $id = $_GET['id'];
  400. $code = trim($_GET['code']);
  401.  
  402. $rightCode = Safecode::GetCode($id);
  403. if(strlen($rightCode) < 4 || strtolower($code) != strtolower($rightCode))
  404. echo('0');
  405. else
  406. echo('1');
  407. }
  408. else
  409. echo('0');
  410. exit();
  411. }
  412.  
  413.  
  414. else if($_REQUEST['action'] == 'checkAddressAvailability')
  415. {
  416. if(!isset($_GET['address']))
  417. exit();
  418.  
  419. // check address availability
  420. $result = BMUser::AddressValid($_GET['address']) ? 1 : 2;
  421.  
  422. if($result == 1)
  423. {
  424. list($localPart) = explode('@', $_GET['address']);
  425. if(strlen(trim($localPart)) < $bm_prefs['minuserlength']
  426. || BMUser::AddressLocked($localPart))
  427. $result = 0;
  428. }
  429.  
  430. if($result == 1)
  431. $result = BMUser::AddressAvailable($_GET['address']) ? 1 : 0;
  432.  
  433. // respond
  434. $response = array(
  435. 'available' => $result
  436. );
  437.  
  438. Array2XML($response);
  439. exit();
  440. }
  441.  
  442.  
  443. else if($_REQUEST['action'] == 'page' && isset($_GET['page']))
  444. {
  445. $page = ereg_replace('([^a-zA-Z0-9]*)', '', $_GET['page']);
  446. $tpl->assign('page', 'custompages/' . $page . '.tpl');
  447. }
  448.  
  449.  
  450. else if($_REQUEST['action'] == 'forgetCookie')
  451. {
  452. // delete cookies
  453. setcookie('bm_savedUser', '', time() - TIME_ONE_HOUR);
  454. setcookie('bm_savedPassword', '', time() - TIME_ONE_HOUR);
  455. setcookie('bm_savedLanguage', '', time() - TIME_ONE_HOUR);
  456.  
  457. // reload
  458. header('Location: index.php');
  459. exit();
  460. }
  461.  
  462.  
  463. else if($_REQUEST['action'] == 'lostPassword'
  464. && isset($_REQUEST['email_local'])
  465. && isset($_REQUEST['email_domain'])
  466. && trim($_REQUEST['email_local']) != '')
  467. {
  468. $userMail = trim($_REQUEST['email_local']) . '@' . $_REQUEST['email_domain'];
  469.  
  470. if(BMUser::LostPassword($userMail))
  471. {
  472. // send PW link
  473. $tpl->assign('msg', $lang_user['pwresetsuccess']);
  474. }
  475. else
  476. {
  477. // unknown address
  478. $tpl->assign('msg', $lang_user['pwresetfailed']);
  479. }
  480.  
  481. $tpl->assign('title', $lang_user['lostpw']);
  482. $tpl->assign('page', 'nli/msg.tpl');
  483. }
  484.  
  485.  
  486. else if($_REQUEST['action'] == 'resetPassword'
  487. && isset($_REQUEST['user'])
  488. && isset($_REQUEST['key']))
  489. {
  490. $userID = (int)$_REQUEST['user'];
  491. $resetKey = trim($_REQUEST['key']);
  492.  
  493. if(BMUser::ResetPassword($userID, $resetKey))
  494. {
  495. // delete cookies
  496. setcookie('bm_savedUser', '', time() - TIME_ONE_HOUR);
  497. setcookie('bm_savedPassword', '', time() - TIME_ONE_HOUR);
  498. setcookie('bm_savedLanguage', '', time() - TIME_ONE_HOUR);
  499.  
  500. // ok
  501. $tpl->assign('msg', $lang_user['pwresetsuccess2']);
  502. }
  503. else
  504. {
  505. // invalid id/key
  506. $tpl->assign('msg', $lang_user['pwresetfailed2']);
  507. }
  508.  
  509. $tpl->assign('title', $lang_user['lostpw']);
  510. $tpl->assign('page', 'nli/msg.tpl');
  511. }
  512.  
  513.  
  514. else if($_REQUEST['action'] == 'confirmAlias'
  515. && isset($_REQUEST['id'])
  516. && isset($_REQUEST['code']))
  517. {
  518. if(BMUser::ConfirmAlias((int)$_REQUEST['id'], $_REQUEST['code']))
  519. $tpl->assign('msg', $lang_user['confirmaliasok']);
  520. else
  521. $tpl->assign('msg', $lang_user['confirmaliaserr']);
  522.  
  523. $tpl->assign('title', $lang_user['confirmaliastitle']);
  524. $tpl->assign('page', 'nli/msg.tpl');
  525. }
  526.  
  527.  
  528. else if($_REQUEST['action'] == 'readCertMail'
  529. && isset($_REQUEST['id'])
  530. && isset($_REQUEST['key']))
  531. {
  532. $id = (int)$_REQUEST['id'];
  533. $key = trim($_REQUEST['key']);
  534.  
  535. if(!class_exists('BMMailbox'))
  536. include('./serverlib/mailbox.class.php');
  537.  
  538. $mail = BMMailbox::GetCertMail($id, $key);
  539.  
  540. if($mail)
  541. {
  542. // get text part
  543. $textParts = $mail->GetTextParts();
  544. if(isset($textParts['html']))
  545. {
  546. $textMode = 'html';
  547. $text = $textParts['html'];
  548. }
  549. else if(isset($textParts['text']))
  550. {
  551. $textMode = 'text';
  552. $text = formatEMailText($textParts['text']);
  553. }
  554. else
  555. {
  556. $textMode = 'text';
  557. $text = '';
  558. }
  559.  
  560. // get attachments
  561. $attachments = $mail->GetAttachments();
  562.  
  563. // show text only?
  564. if(isset($_REQUEST['showText']))
  565. {
  566. if($textMode == 'html')
  567. $text = '<base target="_blank" /><font face="arial" size="2">' . formatEMailHTMLText(isset($textParts['html']) ? $textParts['html'] : '', isset($_REQUEST['enableExternal']), $attachments, (int)$_REQUEST['id']) . '</font>';
  568. else
  569. $text = '<base target="_blank" /><font face="arial" size="2">' . formatEMailText(isset($textParts['text']) ? $textParts['text'] : '') . '</font>';
  570. echo($text);
  571. exit();
  572. }
  573.  
  574. // get attachment?
  575. if(isset($_REQUEST['downloadAttachment']))
  576. {
  577. $parts = $mail->GetPartList();
  578. if(isset($parts[$_REQUEST['attachment']]))
  579. {
  580. $part = $parts[$_REQUEST['attachment']];
  581.  
  582. header('Content-Type: ' . $part['content-type']);
  583. header(sprintf('Content-Disposition: %s; filename="%s"',
  584. 'attachment',
  585. addslashes($part['filename'])));
  586.  
  587. $attData = &$part['body'];
  588. $attData->Init();
  589. while($block = $attData->DecodeBlock(PART_CHUNK_SIZE))
  590. {
  591. echo $block;
  592. }
  593. $attData->Finish();
  594.  
  595. exit();
  596. }
  597. }
  598.  
  599. // assign
  600. $tpl->assign('mailID', $id);
  601. $tpl->assign('key', $key);
  602. $tpl->assign('subject', $mail->GetHeaderValue('subject'));
  603. $tpl->assign('fromAddresses', ParseMailList($mail->GetHeaderValue('from')));
  604. $tpl->assign('toAddresses', ParseMailList($mail->GetHeaderValue('to')));
  605. $tpl->assign('ccAddresses', ParseMailList($mail->GetHeaderValue('cc')));
  606. $tpl->assign('replyToAddresses', ParseMailList($mail->GetHeaderValue('reply-to')));
  607. $tpl->assign('flags', $mail->flags);
  608. $tpl->assign('date', $mail->date);
  609. $tpl->assign('priority', (int)$mail->priority);
  610. $tpl->assign('text', $text);
  611. $tpl->assign('textMode', $textMode);
  612. $tpl->assign('attachments', $attachments);
  613. $tpl->assign('page', 'nli/certmail.read.tpl');
  614. }
  615. else
  616. {
  617. $tpl->assign('msg', $lang_user['certmailerror']);
  618. $tpl->assign('title', $lang_user['certmail']);
  619. $tpl->assign('page', 'nli/msg.tpl');
  620. }
  621. }
  622.  
  623.  
  624. else if($_REQUEST['action'] == 'completeAddressBookEntry'
  625. && isset($_REQUEST['contact'])
  626. && isset($_REQUEST['key']))
  627. {
  628. $contactID = (int)$_REQUEST['contact'];
  629. $key = trim($_REQUEST['key']);
  630.  
  631. if(!class_exists('BMAddressbook'))
  632. include('./serverlib/addressbook.class.php');
  633.  
  634. $contactData = BMAddressbook::GetContactForSelfCompleteInvitation($contactID, $key);
  635. if($contactData)
  636. {
  637. if(isset($_REQUEST['do']) && $_REQUEST['do'] == 'save')
  638. {
  639. // save data
  640. $book = _new('BMAddressbook', array($contactData['user']));
  641. $book->Change($contactID,
  642. $_REQUEST['firma'],
  643. $contactData['vorname'],
  644. $contactData['nachname'],
  645. $_REQUEST['strassenr'],
  646. $_REQUEST['plz'],
  647. $_REQUEST['ort'],
  648. $_REQUEST['land'],
  649. $_REQUEST['tel'],
  650. $_REQUEST['fax'],
  651. $_REQUEST['handy'],
  652. $_REQUEST['email'],
  653. $_REQUEST['work_strassenr'],
  654. $_REQUEST['work_plz'],
  655. $_REQUEST['work_ort'],
  656. $_REQUEST['work_land'],
  657. $_REQUEST['work_tel'],
  658. $_REQUEST['work_fax'],
  659. $_REQUEST['work_handy'],
  660. $_REQUEST['work_email'],
  661. $_REQUEST['anrede'],
  662. $_REQUEST['position'],
  663. $_REQUEST['web'],
  664. $contactData['kommentar'],
  665. SmartyDateTime('geburtsdatum_'),
  666. $contactData['default_address'],
  667. false);
  668. $book->InvalidateSelfCompleteInvitation($contactID, $key);
  669.  
  670. // send mail
  671. $userData = BMUser::Fetch($contactData['user']);
  672. $vars = array(
  673. 'vorname' => $contactData['vorname'],
  674. 'nachname' => $contactData['nachname']
  675. );
  676. SystemMail($bm_prefs['passmail_abs'],
  677. $userData['email'],
  678. $lang_custom['selfcomp_n_sub'],
  679. 'selfcomp_n_text',
  680. $vars);
  681.  
  682. // log
  683. PutLog(sprintf('Address book entry completed after accepting invitation (contact id: %d, key: %s, IP: %s)',
  684. $contactID,
  685. $key,
  686. $_SERVER['REMOTE_ADDR']),
  687. PRIO_NOTE,
  688. __FILE__,
  689. __LINE__);
  690.  
  691. $tpl->assign('msg', $lang_user['completeok']);
  692. $tpl->assign('title', $lang_user['addrselfcomplete']);
  693. $tpl->assign('page', 'nli/msg.tpl');
  694. }
  695. else
  696. {
  697. // show form
  698. $tpl->assign('contact', $contactData);
  699. $tpl->assign('page', 'nli/contact.complete.tpl');
  700. }
  701. }
  702. else
  703. {
  704. $tpl->assign('msg', $lang_user['completeerr']);
  705. $tpl->assign('title', $lang_user['addrselfcomplete']);
  706. $tpl->assign('page', 'nli/msg.tpl');
  707. }
  708. }
  709.  
  710.  
  711. else
  712. {
  713. $availableLanguages = GetAvailableLanguages();
  714.  
  715. if(isset($_REQUEST['do']) && $_REQUEST['do']=='login')
  716. {
  717. // get login (password as MD5 hash)
  718. $password = (strlen($_REQUEST['passwordMD5']) == 32
  719. ? $_REQUEST['passwordMD5']
  720. : md5($_REQUEST['password']));
  721. $email = (isset($_REQUEST['email_full'])
  722. ? $_REQUEST['email_full']
  723. : $_REQUEST['email_local'] . '@' . $_REQUEST['email_domain']);
  724. $language = (isset($_REQUEST['language']) && isset($availableLanguages[$_REQUEST['language']])
  725. ? $_REQUEST['language']
  726. : $bm_prefs['language']);
  727.  
  728. // login
  729. list($result, $param) = BMUser::Login($email, $password);
  730.  
  731. // login ok?
  732. if($result == USER_OK)
  733. {
  734. // stats
  735. Add2Stat('login');
  736.  
  737. // save login?
  738. if(isset($_POST['savelogin']))
  739. {
  740. // set cookies
  741. setcookie('bm_savedUser', $email, time() + TIME_ONE_YEAR);
  742. setcookie('bm_savedPassword', $password, time() + TIME_ONE_YEAR);
  743. setcookie('bm_savedLanguage', $language, time() + TIME_ONE_YEAR);
  744. }
  745. else
  746. {
  747. // delete cookies
  748. setcookie('bm_savedUser', '', time() - TIME_ONE_HOUR);
  749. setcookie('bm_savedPassword', '', time() - TIME_ONE_HOUR);
  750. setcookie('bm_savedLanguage', '', time() - TIME_ONE_HOUR);
  751. }
  752.  
  753. // register language
  754. $_SESSION['bm_sessionLanguage'] = $language;
  755.  
  756. // redirect to target page
  757. if(!isset($_REQUEST['target']))
  758. {
  759. header('Location: start.php?sid=' . $param);
  760. }
  761. else if($_REQUEST['target'] == 'inbox')
  762. {
  763. header('Location: email.php?folder=0&sid=' . $param);
  764. }
  765. else if($_REQUEST['target'] == 'compose')
  766. {
  767. header('Location: email.compose.php?sid=' . $param
  768. . (isset($_REQUEST['draft']) && $_REQUEST['draft']!='' ? '&redirect=' . (int)($_REQUEST['draft']) : '')
  769. . (isset($_REQUEST['to']) && $_REQUEST['to']!='' ? '&to=' . urlencode($_REQUEST['to']) : '')
  770. . (isset($_REQUEST['cc']) && $_REQUEST['cc']!='' ? '&subject=' . urlencode($_REQUEST['cc']) : '')
  771. . (isset($_REQUEST['subject']) && $_REQUEST['subject']!='' ? '&subject=' . urlencode($_REQUEST['subject']) : '')
  772. . (isset($_REQUEST['text']) && $_REQUEST['text']!='' ? '&text=' . urlencode($_REQUEST['text']) : ''));
  773. }
  774. else if($_REQUEST['target'] == 'membership')
  775. {
  776. header('Location: prefs.php?sid=' . $param . '&action=membership');
  777. }
  778. exit();
  779. }
  780. else
  781. {
  782. // tell user what happened
  783. switch($result)
  784. {
  785. case USER_BAD_PASSWORD:
  786. $tpl->assign('msg', sprintf($lang_user['badlogin'], $param));
  787. break;
  788. case USER_DOES_NOT_EXIST:
  789. $tpl->assign('msg', $lang_user['baduser']);
  790. break;
  791. case USER_LOCKED:
  792. $tpl->assign('msg', $lang_user['userlocked']);
  793. break;
  794. case USER_LOGIN_BLOCK:
  795. $tpl->assign('msg', sprintf($lang_user['loginblocked'], FormatDate($param)));
  796. break;
  797. }
  798. $tpl->assign('page', 'nli/loginresult.tpl');
  799. }
  800. }
  801. else
  802. {
  803. // login page
  804. if(isset($_COOKIE['bm_savedUser']))
  805. {
  806. $tpl->assign('welcomeBack', sprintf($lang_user['welcomeback'], $_COOKIE['bm_savedUser']));
  807. }
  808.  
  809. // lost password and no email entered?
  810. if(isset($_REQUEST['action']) && $_REQUEST['action'] == 'lostPassword')
  811. {
  812. $tpl->assign('invalidFields', array('email_local_pw'));
  813. }
  814.  
  815. $tpl->assign('languageList', $availableLanguages);
  816. $tpl->assign('domainList', explode(':', $bm_prefs['domains']));
  817. $tpl->assign('page', 'nli/login.tpl');
  818. }
  819. }
  820.  
  821. $tpl->display('nli/index.tpl');
  822. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!