-<? require_once("inc/header.php"); ?>
-<?
+<?
+require_once("inc/header.php");
+
$dat_dir = '/var/www/testimonials';
$upload_dir = '/var/www/bacula';
$password='';
$version_lst = array(
'empty' => "SELECT ONE",
+ '208' => "5.0.x",
+ '207' => "3.0.x",
'200' => "1.36.x",
'201' => "1.38.x",
'202' => "2.0.x",
'203' => "2.2.x",
- '204' => "SVN version"
+ '206' => "2.4.x",
+ '204' => "GIT master version"
);
$catalog_lst = array(
<script type="text/javascript" language="JavaScript">
-function validate_testimonial (form) {
+function validate_testimonial () {
var alertstr = '';
var invalid = 0;
var invalid_fields = new Array();
var ok;
+ var form = document.forms['form1'];
// email: standard text, hidden, password, or textarea box
var email = form.elements['email_address'].value;
if (email == null || ! email.match(/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*\.[a-zA-Z]+$/)) {
}
var number = form.elements['orgtype_id'].value;
if (number == null || ! number.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Organization type" options\n';
+ alertstr += '- Choose one of the "Organization type" options\n';
invalid_fields.push('orgtype_id');
invalid++;
}
}
var ostype = form.elements['ostype_id'].value;
if (ostype == null || ! ostype.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Director OS" field\n';
+ alertstr += '- Choose one of the "Director OS" field\n';
invalid_fields.push('ostype_id');
invalid++;
}
var catalog = form.elements['catalog_id'].value;
if (catalog == null || ! catalog.match(/^[0-9]+$/)) {
- alertstr += '- Choose one of the "Catalog type" field\n';
+ alertstr += '- Choose one of the "Catalog type" field\n';
invalid_fields.push('catalog_id');
invalid++;
}
+ var comments = form.elements['comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Comments" field, we disallow spam url\n';
+ invalid_fields.push('comments');
+ invalid++;
+ }
+ comments = form.elements['hardware_comments'].value;
+ if (comments != null && comments.match(/http:\/\//)) {
+ alertstr += '- Invalid entry for the "Hardware comments" field, we disallow spam url\n';
+ invalid_fields.push('hardware_comments');
+ invalid++;
+ }
var number = form.elements['number_fd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Client" field\n';
+ alertstr += '- Invalid entry for the "Number of Client" field\n';
invalid_fields.push('number_fd');
invalid++;
}
number = form.elements['number_sd'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Storage" field\n';
+ alertstr += '- Invalid entry for the "Number of Storage" field\n';
invalid_fields.push('number_sd');
invalid++;
}
number = form.elements['number_dir'].value;
- if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number of Director" field\n';
+ if (number == null || ! number.match(/^[0-9,\.]+$/) || number > 100) {
+ alertstr += '- Invalid entry for the "Number of Director" field\n';
invalid_fields.push('number_dir');
invalid++;
}
number = form.elements['month_gb'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "Number GB/month" field\n';
+ alertstr += '- Invalid entry for the "Number GB/month" field\n';
invalid_fields.push('month_gb');
invalid++;
}
number = form.elements['number_files'].value;
if (number == null || ! number.match(/^[0-9,\.]+$/)) {
- alertstr += '- Invalid entry for the "File number" field\n';
+ alertstr += '- Invalid entry for the "File number" field\n';
invalid_fields.push('number_files');
invalid++;
- }
+ }
if (invalid > 0 || alertstr != '') {
if (! invalid) invalid = 'The following'; // catch for programmer error
alert(''+invalid+' error(s) were encountered with your submission:'+'\n\n'
<tr>
<td class="content">
-<form name='form1' enctype="multipart/form-data" method='post' onsubmit="return validate_testimonial(this)" action='?page=testimonial'>
+<form name='form1' enctype="multipart/form-data" method='post' action='?page=testimonial'>
<input type='hidden' name='page' value='testimonial'>
<table border='0' class='Content'>
<?
if ($_REQUEST['action'] == 'Modify') {
echo "<input type='hidden' title='testimonial id' id='id' name='id' class='ItemValue' value=''>";
- echo "<input type='submit' name='action' class='ItemValue' value='Save'>";
+ echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial();' value='Save'>";
echo "<input type='submit' name='action' class='ItemValue' onclick='confirm(\"Are you sure ?\");' value='Delete'><br>";
echo "<input type='hidden' name='page' class='ItemValue' value='testimonial'><br>";
} else {
- echo "<input type='submit' name='action' class='ItemValue' value='Review Profile Submission'>";
+ echo "<input type='submit' name='action' class='ItemValue' onclick='return validate_testimonial(this);' value='Review Profile Submission'>";
}
?>
$form['visible']=0;
save_formul($form);
- send_email($form['id'], $form['email_address']);
+ send_email($form['id'], $form['contact_name'], $form['email_address']);
echo "You can modify your profile <a href='?page=testimonial&action=Modify&id=" . $form['id'] . "'>here</a> (keep this link as bookmark)<br><br>";
print_formul($form);
}
$form = load_formul($filename);
if ($form['org_logo'] && file_exists($form['org_logo'])) {
- unlink($upload_dir + $form['org_logo']);
+ rename($upload_dir + $form['org_logo'], 'removed.' + $upload_dir + $form['org_logo']);
}
if (file_exists($filename)) {
- unlink($filename);
+ rename($filename, "$filename-removed");
echo "Profile deleted";
}
$limit = $_REQUEST['limit'];
$offset = $_REQUEST['offset'];
- $limit = is_numeric($limit)?$limit:5;
+ $limit = is_numeric($limit)?$limit:50;
$offset = is_numeric($offset)?$offset:0;
$max = $offset + $limit;
$admin = is_admin();
- if ($limit > 20) { $limit = 20 ;}
+ if ($limit > 100) { $limit = 100 ;}
if ($handle = opendir($dat_dir)) {
/* Ceci est la facon correcte de traverser un dossier. */
$i = 0 ;
while (false !== ($file = readdir($handle))) {
- if (preg_match("/profile.[a-z0-9\.]+/", $file)) {
+ if (preg_match("/^profile.[a-z0-9\.]+$/", $file)) {
if (($i >= $offset) && ($i < $max)) {
- print_formul_file("$dat_dir/$file",$admin);
+ $i += print_formul_file("$dat_dir/$file",$admin);
+ } else {
+ $i++;
}
if ($i > $max) {
break;
- }
- $i++;
+ }
}
}
closedir($handle);
function export_form($formul)
{
- global $country_lst, $org_type_lst, $org_industry_lst, $os_lst, $catalog_lst;
+ global $country_lst, $org_type_lst, $org_industry_lst, $os_lst, $catalog_lst, $version_lst;
$attribs = array('contact_name','email_address', 'org_name','title','website',
'hardware_comments','comments',
return $filename;
}
-function send_email($id, $email)
+function send_email($id, $name, $email)
{
// Your email address
// $from = 'kern@sibbald.com';
";
mail($email, $subject, $message, "From: Bacula WebMaster <$from>");
- mail($from, $subject, $message, "From: Bacula WebMaster <$from>");
- mail('eric@eb.homelinux.org', $subject, $message, "From: Bacula WebMaster <$from>");
+
+ $message = "Hello,
+You can review this testimonial at http://www.bacula.org/en/?page=testimonial&action=Modify&id=$id
+
+Best regards.
+";
+
+
+ mail('testimonial@baculasystems.com', $subject, $message, "From: $name <$email>");
echo "The email has been sent for approval.<br/>";
}
foreach ($attribs as $arr) {
$formul[$arr] = preg_replace('/[^a-zA-Z0-9!\.?\:\/,;_()@\n -]/', " ", $_REQUEST[$arr]);
}
-
+ /* Disallow http:// links into comments field */
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ $m = array();
+ preg_match('/http:\/\//', $_REQUEST['hardware_comments'], $m);
+ if (sizeof($m) > 2) {
+ return '';
+ }
+ /* Disallow when number of dir too big or > number of fd */
+ if (intval($_REQUEST['number_dir']) > 100 ||
+ intval($_REQUEST['number_dir']) > intval($_REQUEST['number_fd'])) {
+ return '';
+ }
$attribs = array('publish_contact','publish_email', 'publish_orgname', 'orgtype_id',
'orgindustry_id','org_size', 'publish_orgsize','publish_website', 'bacula_version',
'country_id','ostype_id', 'redundant_setup','number_fd','number_sd','support',
function is_admin()
{
global $dat_dir;
- $id = $_REQUEST['passwd'];
+ $id = $_REQUEST['p'];
if (!$id) {
return(false);
{
global $password;
if (is_admin()) {
- $pass = $_REQUEST['passwd'];
+ $pass = $_REQUEST['p'];
$waiting = $_REQUEST['waiting'];
- $password = "&passwd=$pass";
+ $password = "&p=$pass";
print "Admin: ";
if ($waiting) {
print "<a href='?page=testimonial&action=Admin$password'> View all</a><br>";
if ($handle = opendir($dat_dir)) {
/* Ceci est la facon correcte de traverser un dossier. */
while (false !== ($file = readdir($handle))) {
- if (preg_match("/profile.[a-z0-9\.]+/", $file)) {
+ if (preg_match("/^profile.[a-z0-9\.]+$/", $file)) {
$tmpv = array();
$tmpk = array();
$form = load_formul("$dat_dir/$file");
<? } ?>
<? if ($formul['publish_website']) { ?>
- <tr><td> Website: </td><td><? echo $formul['website'] ?> </td></tr>
+ <tr><td> Website: </td><td><a href="<? echo $formul['website'] ?>"><? echo $formul['website'] ?></a></td></tr>
<? } ?>
<? if ($formul['number_fd'] > 1) { ?>
<tr><td> GB/Month: </td><td><? echo $formul['month_gb'] ?> </td></tr>
<? } ?>
- <tr><td> Comments: </td><td width='450'><i><? echo $formul['comments'] ?> </i></td></tr>
+ <tr><td> Comments: </td><td width='650'><i><? echo $formul['comments'] ?> </i></td></tr>
<? if ($formul['publish_contact']) { ?>
<tr align='right'><td></td><td><i><? echo $formul['contact_name'] ?> </i></td></tr>
<? } ?>
+<!--
</table>
</td>
- <td align='center' valign='center'>
+-->
+ <tr><td></td>
+ <td>
<? if ($formul['org_logo']) { ?>
<a href="<? echo $formul['org_logo'] ?>" ><img width='150' src="<? echo $formul['org_logo'] ?>"></a>
<? } ?>
</td>
+ </tr> <!-- added -->
</table>
<?
return 1;
projects / bacula / docs / blobdiff