Commit bab165f9 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files
parents df83f801 d0b976c8
......@@ -25,6 +25,7 @@
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require('init.php');
......
......@@ -41,7 +41,7 @@ if (isset($upgrades['core']) && !empty($upgrades['core']->install)) {
}
// normal admin page starts here
$smarty->assign('upgrades', $upgrades);
$smarty->display('admin/index.tpl');
?>
......@@ -63,7 +63,8 @@ class PluginArtefactInternal extends PluginArtefact {
insert_record('artefact_installed_type',$t);
}
}
delete_records_select('artefact_installed_type','(plugin = ? AND name NOT IN (' . implode(',', $ph) . '))',
$select = '(plugin = ? AND name NOT IN (' . implode(',', $ph) . '))';
delete_records_select('artefact_installed_type', $select,
array_merge(array($plugin),$types));
}
}
......
......@@ -47,6 +47,11 @@ $cfg->dbprefix = '';
// this is a big security hole.
$cfg->dataroot = '/path/to/uploaddir';
// system mail address. emails out come from this address.
// if not specified, will default to noreply@ automatically detected host.
// if that doesn't work or you want something else, then specify it here.
// $cfg->noreplyaddress = 'noreply@myhost.com'
// Logging configuration
// For each log level, you can specify where the messages are displayed.
// LOG_TARGET_SCREEN makes the error messages go to the screen - useful
......@@ -78,4 +83,12 @@ $cfg->log_environ_targets = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
// but probably only warnings are useful on a live site.
$cfg->log_backtrace_levels = LOG_LEVEL_WARN | LOG_LEVEL_ENVIRON;
// mail handling
// if you want mahara to use smtp servers to send mail, enter one or more here
// blank means mahara will use the default PHP method.
// $cfg->smtphosts = 'mail.a.com;mail.b.com';
// If you have specified an smtp server above, and the server requires authentication,
// enter them here
// $cfg->smtpuser = '';
// $cfg->smtppass = '';
?>
......@@ -25,6 +25,7 @@
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require('init.php');
......
......@@ -64,6 +64,13 @@ if (!isset($CFG->wwwroot) && isset($_SERVER['HTTP_HOST'])) {
}
$CFG->wwwroot = $proto . $host . '/' . $path;
}
if (!isset($CFG->noreplyaddress) && isset($_SERVER['HTTP_HOST'])) {
$CFG->noreplyaddress = 'noreply@' .
((isset($_SERVER['HTTP_X_FORWARDED_HOST']))
? $_SERVER['HTTP_X_FORWARDED_HOST']
: $_SERVER['HTTP_HOST']);
error_log("set to $CFG->noreplyaddress");
}
// xmldb stuff
$CFG->xmldbdisablenextprevchecking = true;
......
// @todo: Pack it down.
// Expects strings array
function get_string(s) {
var args = flattenArguments(arguments).slice(1);
......@@ -35,27 +37,8 @@ function displayMessage(m, /* optional */ elemid) {
});
}
// Tests if elements with the 'required' class have content and
// displays the appropriate message.
// Uses the html output from form.php to find the title of required
// fields: <label for="elementid">Element title</label>
function testRequired(e,formid) {
if (hasElementClass(e,'required') && e.value == '') {
var labels = getElementsByTagAndClassName('label',null,formid);
for (var j = 0; j < labels.length; j++) {
if (getNodeAttribute(labels[j],'for') == e.name) {
displayMessage({'message':get_string('namedfieldempty',scrapeText(labels[j])),
'type':'error'});
return false;
}
}
displayMessage({'message':get_string('requiredfieldempty'),'type':'error'});
return false;
}
return true;
}
// The javascript form validating function should be available from
// the server as formname_validate().
// Gets form elements, submits them to a url via post, and waits for a
// JSON response containing the result of the submission.
......@@ -63,15 +46,13 @@ function submitForm(formid,url,callback) {
if (typeof(tinyMCE) != 'undefined') {
tinyMCE.triggerSave();
}
if (!eval(formid + '_validate()')) {
return false;
}
var formelements = getElementsByTagAndClassName(null,formid,formid);
var data = {};
for (var i = 0; i < formelements.length; i++) {
if (testRequired(formelements[i])) {
data[formelements[i].name] = formelements[i].value;
}
else {
return false;
}
data[formelements[i].name] = formelements[i].value;
}
var req = getXMLHttpRequest();
req.open('POST',url);
......@@ -79,10 +60,13 @@ function submitForm(formid,url,callback) {
var d = sendXMLHttpRequest(req,queryString(data));
d.addCallback(function (result) {
var data = evalJSONRequest(result);
displayMessage({'message':data.message,'type':data.success});
var type = data.success ? 'infomsg' : 'errmsg';
eval(formid + '_message(\'' + data.message + '\',\'' + type + '\')');
callback();
});
d.addErrback(function() { displayMessage(get_string('unknownerror'),'error'); });
displayMessage({'message':get_string('processingform'),'type':'info'});
d.addErrback(function() {
eval(formid + '_message(\'' + get_string('unknownerror') + '\',\'' + 'errmsg\')');
});
eval(formid + '_message(\'' + get_string('processingform') + '\',\'' + 'infomsg\')');
return false;
}
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage notification-internal
* @author Penny Leach <penny@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
defined('INTERNAL') || die();
$string['typemaharamessage'] = 'System message';
$string['typeusermessage'] = 'Message from user';
$string['typefeedback'] = 'Feedback';
$string['typewatchlist'] = 'Watchlist';
$string['typenewview'] = 'New view';
$string['typecontactus'] = 'Contact us';
$string['typeobjectionable'] = 'Objectionable content';
$string['typevirusrepeat'] = 'Virus flat repeat';
$string['typevirusrelease'] = 'Virus flag release';
?>
\ No newline at end of file
......@@ -24,6 +24,8 @@
*
*/
defined('INTERNAL') || die();
$string['configsanityexception'] = '<p>It appears that your server\'s PHP configuration contains a setting that will prevent Mahara from working, or make your installation insecure.'
. ' More details follow:</p><div id="reason">%s</div><p>Once you have made the appropriate changes, reload this page.</p>';
// @todo<nigel>: most likely need much better descriptions here for these environment issues
......@@ -44,4 +46,10 @@ $string['datarootnotwritable'] = 'Your defined data root directory, %s, is not w
$string['dbconnfailed'] = 'Failed to connect to database, error message was %s';
// if you change these next two , be sure to change them in libroot/errors.php
// as they are duplicated there, in the case that get_string was not available.
$string['unrecoverableerror'] = 'A nonrecoverable error occured. This probably means that you have encountered a bug in the system';
$string['unrecoverableerrortitle'] = 'Mahara - Site Unavailable';
?>
......@@ -51,7 +51,7 @@ use and modify Mahara provided you agree to:
<li>not modify or remove the original license and copyrights, and</li>
<li>apply this same license to any derivative work.</li></ul></p>
<p>Please feel free to [Contact Us] if you have any questions regarding
<p>Please feel free to <a href="contact.php">Contact Us</a> if you have any questions regarding
Mahara.</p>
<p><a href="http://mahara.org">http://mahara.org</a></p>';
......@@ -62,8 +62,8 @@ builder and social networking system, connecting users and creating
online communities. Mahara provides you with the tools to set up a
personal learning and development environment.</p>
<p>For more information you can read [About] Mahara or alternatively
please feel free to [Contact Us].</p>';
<p>For more information you can read <a href="about.php">About</a> Mahara or alternatively
please feel free to <a href="contact.php">Contact Us</a>.</p>';
$string['loggedouthomedefaultcontent'] = '<p>Welcome to Mahara</p>
<p>Mahara is a fully featured electronic portfolio, weblog, resume
......@@ -71,8 +71,8 @@ builder and social networking system, connecting users and creating
online communities. Mahara provides you with the tools to set up a
personal learning and development environment.</p>
<p>For more information you can read [About] Mahara or alternatively
please feel free to [Contact Us].</p>';
<p>For more information you can read <a href="about.php">About</a> Mahara or alternatively
please feel free to <a href="contact.php">Contact Us</a>.</p>';
$string['privacydefaultcontent'] = '<h3>Introduction</h3>
<p>We are committed to protecting your privacy and providing users with
......@@ -131,7 +131,7 @@ visit this site.</p>
<h3>Contact</h3>
<p>If you have any questions regarding this Statement or believe we
have not adhered to the above criteria, please [Contact Us] and we
have not adhered to the above criteria, please <a href="contact.php">Contact Us</a> and we
will use all reasonable efforts to remedy the issue.</p>';
$string['termsandconditionsdefaultcontent'] = '<p>Terms and Conditions</p>
......@@ -144,14 +144,14 @@ given below.</p>
all reasonable steps to provide all users with a safe , secure and
operational electronic portfolio system. If at any time you feel your
rights as a user have not been upheld or you have any questions
regarding the below, please [Contact Us] immediately.</p>
regarding the below, please <a href="contact.php">Contact Us</a> immediately.</p>
<p>[eP Site Name] will occasionally be unavailable for short periods of
time as we release new system features. We will endeavour to provide
at least 3 working days notice of any scheduled outage.</p>
<p>You are encouraged to report objectionable material or inappropriate
behaviour to the Site Administrator | [Contact Us] immediately. We
behaviour to the Site Administrator | <a href="contact.php">Contact Us</a> immediately. We
will ensure the matter is investigated in a timely manner.</p>
<p>Site Administrators may access your portfolio and its contents at
......@@ -160,7 +160,7 @@ to support your use of <eP SiteName> or as per these Terms and
Conditions.</p>
<p>Your obligations</p>
<p> The [Privacy Statement] should be considered an
<p> The <a href="privacy.php">Privacy Statement</a> should be considered an
extension of these Terms and Conditions and be read by all users.</p>
<p>Your [eP Site Name] account will expire after a given period of time
......@@ -201,14 +201,13 @@ nuisance or offensive by the Site Administrator.</p>
<p>Any unsolicited contact you receive as a result of personal
information you have publicly released via your portfolio is your
responsibility, however any misconduct in behaviour from users of the
system should be reported to the Site Administrator | [Contact Us]
system should be reported to the Site Administrator | <a href="contact.php">Contact Us</a>
immediately. We may occasionally make minor adjustments to our Terms
and Condition to reflect changes to the system and in response to user
feedback. As such we suggest you check the Terms and Conditions each
time you visit this site. We will however notify users of any major
changes to the Terms and Conditions via the [eP Site Name] homepage.</p>';
$string['uploadcopyrightdefaultcontent'] = '<p>Do you promise you\'ve got permission to use the file
you\'re about to upload, cross your heart, on pain of death, give up
your soul and your first-born, etc.?</p>';
you\'re about to upload? If infringing stuff gets posted here, it\'s not our fault, it\'s yours.</p>';
?>
......@@ -84,4 +84,5 @@ $string['creategroup'] = 'Add new group';
$string['groupname'] = 'Group name';
$string['groupdescription'] = 'Group description';
$string['emailname'] = 'Mahara System'; // robot!
?>
......@@ -379,12 +379,16 @@ function exception (Exception $e) {
// if $e not Exception
// get language string based on class name
// rather than by switch on class name
$outputmessage =<<<EOF
<p>Sorry, an unrecoverable error occured. Eventually, this page will look nice
and say something that won't make the viewer think that they broke something,
but since at the moment the viewer is a developer, allow me to laugh at you :)</p>
<p><a href="#" onclick="history.go(-1)">back</a></p>
EOF;
if (function_exists('get_string')) {
$outputmessage = get_string('unrecoverableerror', 'error');
$outputtitle = get_string('unrecoverableerrortitle', 'error');
}
else {
// sensible english defaults
$outputmessage = 'A nonrecoverable error occured. '
. 'This probably means you have encountered a bug in the system';
$outputtitle = 'Mahara - Site Unavailable';
}
switch (get_class($e)) {
case 'ConfigSanityException':
$outputmessage = $message = get_string('configsanityexception', 'error', $e->getMessage());
......@@ -395,10 +399,17 @@ EOF;
log_message($message, LOG_LEVEL_WARN, true, true, $e->getFile(), $e->getLine(), $e->getTrace());
if (function_exists('smarty')) {
$smarty = smarty();
$smarty->assign('title', $outputtitle);
$smarty->assign('message', $outputmessage);
$smarty->display('error.tpl');
}
else {
echo <<<EOF
<html>
<head>
<title>Mahara - Site Unavailable</title>
<title>$outputtitle</title>
<style type="text/css">
#reason {
margin: 0 3em;
......@@ -411,12 +422,13 @@ EOF;
echo insert_messages();
}
echo <<<EOF
<h1>OMGWTFBBQ</h1>
<h1>$outputtitle</h1>
$outputmessage
<hr>
</body>
</html>
EOF;
}
die();
}
......
......@@ -413,13 +413,20 @@ class Form {
foreach ($this->elements as $name => $elem) {
$result .= form_render_element($elem, $this);
}
$function = 'form_renderer_' . $this->renderer . '_messages';
if (function_exists($function)) {
$result .= $function($this->name);
}
$function = 'form_renderer_' . $this->renderer . '_footer';
if (function_exists($function)) {
$result .= $function();
}
$result .= "</form>\n";
return $result;
$js_validator = '<script language="javascript" type="text/javascript">' . "\n"
. $this->validate_js() . "</script>\n";
return $result . $js_validator;
}
/**
......@@ -557,6 +564,42 @@ class Form {
}
}
/**
* Returns a js function to perform simple validation based off
* the definition array.
*/
private function validate_js() {
$result = 'function ' . $this->name . "_validate(){\nvar ok=true;\n";
foreach ($this->get_elements() as $element) {
if (isset($element['rules']) && is_array($element['rules'])) {
foreach ($element['rules'] as $rule => $data) {
// Get the rule
$function = 'form_rule_' . $rule . '_js';
if (!function_exists($function)) {
@include_once('form/rules/' . $rule . '.php');
}
if (function_exists($function)) {
$rdata = $function($element['name']);
$errmsgid = $element['name'] . '_errmsg';
$result .= 'if (!(' . $rdata->condition . ")){" ;
$result .= $this->name . '_set_error(\'' . $errmsgid . '\',\''
. $rdata->message . "');ok=false;}\n";
$result .= 'else{' . $this->name . '_rem_error(\'' . $errmsgid . "');}\n";
}
}
}
}
$result .= "return ok;\n}\n";
$js_error_function = 'form_renderer_' . $this->renderer . '_error_js';
if (!function_exists($js_error_function)) {
@include_once('form/renderers/' . $this->renderer . '.php');
}
if (function_exists($js_error_function)) {
return $result . $js_error_function($this->name);
}
return $result;
}
/**
* Returns whether a field has an error marked on it.
*
......
......@@ -84,8 +84,11 @@ function form_renderer_table($builtelement, $rawelement) {
if (!empty($rawelement['error'])) {
$result .= "\t<tr>\n\t\t<td colspan=\"2\" class=\"errmsg\">";
$result .= hsc($rawelement['error']);
$result .= "</td>\n\t</tr>\n";
}
else {
$result .= "\t<tr style=\"display:none\" id=\"" . $rawelement['id'] . "_errmsg\"><td>";
}
$result .= "</td>\n\t</tr>\n";
return $result;
}
......@@ -98,4 +101,23 @@ function form_renderer_table_footer() {
return "</table>\n";
}
function form_renderer_table_messages($formid) {
// Element to hold messages relating to the whole form (used in javascript submission).
return "\t<tr id=\"" . $formid . "_msg\"><td colspan=\"2\" class=\"errmsg\"></td></tr>\n";
}
function form_renderer_table_error_js($id) {
$result = 'function ' . $id . '_set_error(id,m) {';
$result .= "swapDOM($(id),TR({'id':id},TD({'colspan':2,'class':'errmsg'},m)));";
$result .= "}\n";
$result .= 'function ' . $id . '_rem_error(id) {';
$result .= "swapDOM($(id),TR({'id':id,'style':'display:none;'},TD(null)));";
$result .= "}\n";
$result .= 'function ' . $id . '_message(m,type) {';
$result .= "replaceChildNodes($('" . $id . "_msg'),TD({'colspan':2,'class':type},m));";
$result .= "}\n";
return $result;
}
?>
......@@ -39,4 +39,19 @@ function form_rule_required($field) {
}
}
/**
* Returns a javascript condition to check whether the field has been specified.
*
* @param string $id id of the field to check
* @return string js condition to check if the field is empty.
* string The error message, if the value is invalid.
*/
function form_rule_required_js($id) {
$r->condition = '$(\'' . $id . '\').value != \'\'';
$r->message = get_string('This field is required');
return $r;
}
?>
......@@ -802,4 +802,93 @@ function main_nav() {
return $menu;
}
/**
* Always use this function for all emails to users
*
* @param object $userto user object to send email to. must contain firstname,lastname,prefname,email
* @param object $userfrom user object to send email from. If null, email will come from mahara
* @param string $subject email subject
* @param string $messagetext text version of email
* @param string $messagehtml html version of email (will send both html and text)
*/
function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='') {
if (empty($userto)) {
throw new InvalidArgumentException("empty user given to email_user");
}
require_once('phpmailer/class.phpmailer.php');
$mail = new phpmailer();
$mail->Version = 'Mahara ' . get_config('release');
$mail->PluginDir = get_config('libroot') . 'phpmailer/';
$mail->CharSet = 'UTF-8';
$smtphosts = get_config('smtphosts');
if ($smtphosts == 'qmail') {
// use Qmail system
$mail->IsQmail();
}
else if (empty($smtphosts)) {
// use PHP mail() = sendmail
$mail->IsMail();
}
else {
$mail->IsSMTP();
// use SMTP directly
$mail->Host = get_config('smtphosts');
if (get_config('smtpuser')) {
// Use SMTP authentication
$mail->SMTPAuth = true;
$mail->Username = get_config('smtpuser');
$mail->Password = get_config('smtppass');
}
}
if (empty($userfrom)) {
$mail->Sender = get_config('noreplyaddress');
$mail->From = $mail->Sender;
$mail->FromName = get_string('emailname');
}
else {
$mail->Sender = $userfrom->email;
$mail->From = $mail->Sender;
$mail->FromName = fullname($userfrom);
}
$mail->AddReplyTo($mail->From, $mail->FromName);
$mail->Subject = substr(stripslashes($subject), 0, 78);
$usertoname = fullname($userto);
$mail->AddAddress($userto->email, $usertoname );
$mail->WordWrap = 79;
if ($messagehtml) {
$mail->IsHTML(true);
$mail->Encoding = 'quoted-printable';
$mail->Body = $messagehtml;
$mail->AltBody = "\n$messagetext\n";
}
else {
$mail->IsHTML(false);
$mail->Body = "\n$messagetext\n";
}
if ($mail->Send()) {
return true;
}
throw new Exception("Couldn't send email to $usertoname with subject $subject. "
. "Error from phpmailer was: " . $mail->ErrorInfo );
}
function fullname($user) {
return $user->firstname . ' ' . $user->lastname;
// @todo
}
?>
ChangeLog
Version 1.73 (Sun, Jun 10 2005)
* Fixed denial of service bug: http://www.cybsec.com/vuln/PHPMailer-DOS.pdf
* Now has a total of 20 translations
* Fixed alt attachments bug: http://tinyurl.com/98u9k
Version 1.72 (Wed, May 25 2004)
* Added Dutch, Swedish, Czech, Norwegian, and Turkish translations.
* Received: Removed this method because spam filter programs like
SpamAssassin reject this header.
* Fixed error count bug.
* SetLanguage default is now "language/".
* Fixed magic_quotes_runtime bug.
Version 1.71 (Tue, Jul 28 2003)
* Made several speed enhancements
* Added German and Italian translation files
* Fixed HELO/AUTH bugs on keep-alive connects
* Now provides an error message if language file does not load
* Fixed attachment EOL bug
* Updated some unclear documentation
* Added additional tests and improved others
Version 1.70 (Mon, Jun 20 2003)
* Added SMTP keep-alive support
* Added IsError method for error detection
* Added error message translation support (SetLanguage)
* Refactored many methods to increase library performance
* Hello now sends the newer EHLO message before HELO as per RFC 2821
* Removed the boundary class and replaced it with GetBoundary
* Removed queue support methods
* New $Hostname variable
* New Message-ID header
* Received header reformat
* Helo variable default changed to $Hostname
* Removed extra spaces in Content-Type definition (#667182)
* Return-Path should be set to Sender when set
* Adds Q or B encoding to headers when necessary
* quoted-encoding should now encode NULs \000
* Fixed encoding of body/AltBody (#553370)
* Adds "To: undisclosed-recipients:;" when all recipients are hidden (BCC)
* Multiple bug fixes
Version 1.65 (Fri, Aug 09 2002)