function form_recaptcha($args)
{
global $objTPL;
$file = 'plugins/cscms/class.recaptcha.php';
if (!is_file($file) || !is_readable($file)) {
msgDie('FAIL', 'Fatal Error - 404' . '<br />We have been unable to locate/read the ' . $file . ' file.');
} else {
require_once $file;
}
if (class_exists('Captcha', false) && !is_empty($objTPL->config('site', 'captcha_pub')) && !is_empty($objTPL->config('site', 'captcha_priv'))) {
$objCAPTCHA = new Captcha($objTPL->config('site', 'captcha_pub'), $objTPL->config('site', 'captcha_priv'));
$objCAPTCHA->objTPL = $objTPL;
} else {
return false;
}
if (!HTTP_POST) {
return $objCAPTCHA->outputCaptcha($args);
} else {
return $objCAPTCHA->checkAnswer(User::getIP(), $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
}
return false;
}
// only validate Minecraft name
$to_validation['username'] = array('required' => true, 'isvalid' => true, 'min' => 3, 'max' => 20, 'unique' => 'users');
$mcname = htmlspecialchars(Input::get('username'));
}
$validation = $validate->check($_POST, $to_validation);
// Execute validation
if ($validation->passed()) {
$profile = ProfileUtils::getProfile($mcname);
$result = $profile->getProfileAsArray();
if (isset($result["uuid"]) && !empty($result['uuid'])) {
$uuid = $result['uuid'];
} else {
$uuid = '';
}
$user = new User();
$ip = $user->getIP();
if (filter_var($ip, FILTER_VALIDATE_IP)) {
// Valid IP
} else {
// TODO: Invalid IP, do something else
}
$password = password_hash(Input::get('password'), PASSWORD_BCRYPT, array("cost" => 13));
// Get current unix time
$date = new DateTime();
$date = $date->getTimestamp();
try {
$code = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 60);
$user->create(array('username' => htmlspecialchars(Input::get('username')), 'mcname' => $mcname, 'uuid' => $uuid, 'password' => $password, 'pass_method' => 'default', 'joined' => $date, 'group_id' => 1, 'email' => htmlspecialchars(Input::get('email')), 'reset_code' => $code, 'lastip' => htmlspecialchars($ip)));
$php_mailer = $queries->getWhere('settings', array('name', '=', 'phpmailer'));
$php_mailer = $php_mailer[0]->value;
if ($php_mailer == '1') {
/**
* Sets the online session for the tracker
*
* @version 1.0
* @since 1.0.0
* @author xLink
*
* @param string $log
*
* @return bool
*/
public function newOnlineSession($log = NULL)
{
$insert['uid'] = $this->grab('id');
$insert['username'] = $this->grab('username');
$insert['ip_address'] = User::getIP();
$insert['timestamp'] = time();
$insert['location'] = secureMe($this->config('global', 'fullPath', 'null'));
$insert['referer'] = secureMe($this->config('global', 'referer', 'null'));
$insert['language'] = secureMe($this->config('site', 'language', 'en'));
$insert['useragent'] = secureMe($this->config('global', 'browser'));
$insert['userkey'] = isset($_SESSION['user']['userkey']) ? $_SESSION['user']['userkey'] : $this->newKey();
if ($this->objSQL->insertRow('online', $insert, 0, $log)) {
$this->objCache->generate_statistics_cache();
return true;
}
return false;
}
/**
* Allows quick reply
*
* @version 2.0
* @since 1.0.0
* @author xLink
*
* @param int $id
*/
public function postQuickReply($id)
{
//grab the required thread so we got something to work with..
$thread = $this->objSQL->getLine('SELECT * FROM `$Pforum_threads` WHERE id ="%s" LIMIT 1;', array($id));
if (!$thread) {
hmsgDie('FAIL', 'Failed to retreive thread information');
}
$category = $this->getForumInfo($thread['cat_id']);
$category = $category[0];
$catAuth = $this->auth[$category['id']];
//give em write by default
$writeTest = true;
//see if the user has write permissions
if (!$catAuth['auth_reply'] && !$catAuth['auth_mod'] && !User::$IS_MOD) {
$writeTest = false;
}
//apparently they havent..
if (!$writeTest || $thread['locked']) {
$this->objTPL->set_filenames(array('body' => 'modules/forum/template/forum_category.tpl'));
$this->objTPL->assign_block_vars('threads', array());
$this->objTPL->assign_block_vars('threads.error', array('ERROR' => $thread['locked'] ? langVar('L_LOCKED') : langVar('L_AUTH_POST', $catAuth['auth_reply_type'])));
$this->objTPL->parse('body', false);
return;
}
//if we get this far then they have permissions, so start the page output
$this->objPage->addPagecrumb(array(array('url' => $this->config('global', 'url'), 'name' => langVar('B_POST_REPLY', $thread['subject']))));
//okay so test to see which part of the page we should see..
if (HTTP_POST && isset($_GET['mode']) && $_GET['mode'] == 'qreply') {
//check to make sure wer coming from a quick reply form
if (!doArgs('quick_reply', false, $_POST)) {
hmsgDie('FAIL', 'Error: Post Failed.');
}
//check to make sure we have a cat id
if (!doArgs('id', false, $_POST)) {
hmsgDie('FAIL', 'Error: I cannot remember where your posting to.');
}
//content checks
if (!doArgs('post', false, $_POST)) {
unset($_SESSION['site']['forum']);
hmsgDie('FAIL', 'Post Failed - Post either missing or not long enough.');
}
if (!doArgs('id', false, $_SESSION['site']['forum'][$id]) || $_SESSION['site']['forum'][$id]['id'] != $_POST['id']) {
hmsgdie('FAIL', 'Post Failed - I cannot remember where your posting to.');
}
if (!doArgs('sessid', false, $_SESSION['site']['forum'][$id]) || $_SESSION['site']['forum'][$id]['sessid'] != $_POST['sessid']) {
hmsgdie('FAIL', 'Post Failed - Security Check failed. Please make sure your posting directly from the page.');
}
//
//--insert the post info into the db
//
$uid = $this->objUser->grab('id');
//generate the post
unset($post);
$post['post'] = secureMe($_POST['post']);
$post['author'] = $uid;
$post['timestamp'] = time();
$post['thread_id'] = $thread['id'];
$post['poster_ip'] = User::getIP();
$post_insert = $this->objSQL->insertRow('forum_posts', $post);
if (!$post_insert) {
unset($_SESSION['site']['forum']);
hmsgDie('FAIL', 'Post Failed - Inserting the data into the db failed.(1)');
}
//update the thread
unset($update);
$update['last_uid'] = $uid;
$thread_update = $this->objSQL->updateRow('forum_threads', $update, array('id ="%s"', $id));
//update the forum watch table
if (isset($_POST['watch_topic'])) {
unset($array);
$array['user_id'] = $uid;
$array['thread_id'] = $thread['id'];
$this->objSQL->insertRow('forum_watch', $array);
}
//update the parent category
unset($array);
$array['last_post_id'] = $post_insert;
$this->objSQL->updateRow('forum_cats', $array, array('id ="%s"', $category['id']));
//do the notifications
$info = array('timestamp' => time(), 'content_id' => $thread_id, 'thread_id' => $thread['id']);
$this->notify($id, $thread, $info);
unset($_SESSION['site']);
if (!HTTP_AJAX) {
$this->objPage->redirect('/' . root() . 'modules/forum/thread/' . seo($thread['subject']) . '-' . $thread['id'] . '.html#top', 0, 3);
} else {
//grab the thread
$thread = $this->objSQL->getLine('SELECT t.*, COUNT(DISTINCT p.id) as posts
FROM `$Pforum_threads` t
LEFT JOIN `$Pforum_posts` p
ON p.thread_id = t.id
WHERE t.id = %d', array($thread['id']));
$pages = ceil($thread['posts'] / 10);
$page = doArgs('mode', false, $_GET) == 'last_page' ? $pages : doArgs('page', 1, $_GET);
if ($page < $pages) {
echo '<script>document.location= "' . $this->generateThreadURL($thread) . '?mode=last_page";</script>';
exit;
}
$post['id'] = $post_insert;
echo $this->outputPosts(array($post), $thread);
exit;
}
}
hmsgDie('FAIL', 'Error: Quick Reply Precedure Fail.');
}
$doneSetup = $objCore->setup($classes);
if (!$doneSetup) {
msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot load CMS Classes, make sure file structure is intact and $cmsROOT is defined properly if applicable.'));
}
//globalise the class names
foreach ($objCore->classes as $objName => $args) {
${$objName} =& $objCore->{$objName};
}
unset($classes, $objCore->classes);
$objPage->setVar('language', $language);
//
//--Generate a 'Template' for the Session
//
$guest['user'] = array('id' => 0, 'username' => 'Guest', 'theme' => $objCore->config('site', 'theme'), 'userkey' => doArgs('userkey', null, $_SESSION['user']), 'timezone' => doArgs('timezone', $objCore->config('time', 'timezone'), $_SESSION['user']));
//generate user stuff
$config['global'] = array('user' => isset($_SESSION['user']['id']) ? $_SESSION['user'] : $guest['user'], 'ip' => User::getIP(), 'useragent' => doArgs('HTTP_USER_AGENT', null, $_SERVER), 'browser' => getBrowser($_SERVER['HTTP_USER_AGENT']), 'language' => $language, 'secure' => $_SERVER['HTTPS'] ? true : false, 'referer' => doArgs('HTTP_REFERER', null, $_SERVER), 'rootPath' => '/' . root(), 'fullPath' => $_SERVER['REQUEST_URI'], 'rootUrl' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/' . root(), 'url' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
//hook the session template, this is the place to add some more if you want
$objPlugins->hook('CMSCore_session_tpl', $config['global']);
$objUser->setIsOnline(!($config['global']['user']['id'] == 0 ? true : false));
$objUser->initPerms();
if (!defined('NO_DB')) {
//start the tracker, this sets out a few things so we can kill, ban etc
$objCore->objUser->tracker();
}
$theme = !User::$IS_ONLINE || !$objCore->config('site', 'theme_override') ? $objCore->config('site', 'theme') : $objUser->grab('theme');
if (!$objPage->setTheme($theme)) {
msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot find template. Please make sure atleast default/ is uploaded correctly and try again.'));
}
if (is_file(cmsROOT . 'modules/core/lang.' . $language . '.php')) {
translateFile(cmsROOT . 'modules/core/lang.' . $language . '.php');
}
/**
* Makes sure the cookie is valid
*
* @version 1.0
* @since 1.0.0
* @author Jesus
*
* @return bool
*/
public function runRememberMe()
{
if (!$this->config('login', 'remember_me')) {
$this->setError('Remember Me Failed. Remember Me is disabled site wide');
return false;
}
//make sure we have a cookie to begin with
if (is_empty(doArgs('login', null, $_COOKIE))) {
$this->setError('Remember Me Failed. Cookie not found.');
return false;
}
//this should return something not empty...
$cookie = unserialize($_COOKIE['login']);
if (is_empty($cookie)) {
$this->setError('Remember Me Failed. Cookie contained unexpected information.');
return false;
}
//verify we have the data we need
$values = array('uData', 'uIP', 'uAgent');
foreach ($values as $e) {
if (!isset($cookie[$e]) && !is_empty($cookie[$e])) {
$this->setError('Remember Me Failed. Cookie contained unexpected information.');
return false;
}
}
//uData should be 5 chars in length
if (strlen($cookie['uData']) != 5) {
$this->setError('Remember Me Failed. Cookie contained unexpected information.');
return false;
}
//make sure the IP has the right IP of the client
if ($this->config('login', 'ip_lock', false) && $cookie['uIP'] !== User::getIP()) {
$this->setError('Remember Me Failed. Cookie contained unexpected information.');
return false;
}
//and make sure the useragent matches the client
if ($cookie['uAgent'] != md5($_SERVER['HTTP_USER_AGENT'] . $this->config('db', 'ckeauth'))) {
$this->setError('Remember Me Failed. Cookie contained unexpected information.');
return false;
}
//setup the query
unset($query);
$query[] = 'SELECT uData FROM `$Puserkeys` ';
$query[] = 'WHERE uData LIKE "%' . secureMe($cookie['uData'], 'MRES') . ':%" ';
$query[] = 'AND uAgent = "' . secureMe($cookie['uAgent'], 'MRES') . '" ';
if ($this->config('login', 'ip_lock')) {
$query[] = 'AND uIP = "' . secureMe($cookie['uIP'], 'MRES') . '" ';
}
$query[] = 'LIMIT 1;';
//prepare and exec
$query = $this->objSQL->getLine(implode(' ', $query));
if (!count($query)) {
$this->setError('Could not query for userkey');
return false;
}
//untangle the user id from the query
$query['uData'] = explode(':', $query['uData']);
if (!isset($query['uData'][1]) || is_empty($query['uData'][1])) {
$this->setError('No ID Exists');
return false;
}
//now try and grab the user's info
$this->userData = $this->objUser->getUserInfo($query['uData'][1]);
if (is_empty($this->userData)) {
$this->setError('No user exists with that ID');
return false;
}
//now check to make sure users info is valid before letting em login properly
if ($this->userData['autologin'] == 0) {
$this->setError('User isn\'t set to autologin.');
return false;
}
if (!$this->activeCheck()) {
$this->setError('User isn\'t active.');
return false;
}
if (!$this->banCheck()) {
$this->setError('User is banned.');
return false;
}
if (!$this->whiteListCheck()) {
$this->setError('You\'re IP dosent match the whitelist.');
return false;
}
//everything seems fine, log them in
$this->objUser->setSessions($this->userData['id'], true);
$this->objUser->newOnlineSession('Online System: AutoLogin Sequence Activated for ' . $this->userData['username']);
return true;
}
// Za spacje należy użyć \s, np. tanie\skomputery
$kio->spam_words = str_replace(array(',', ' ', '#'), array('|', '', ''), Kio::getConfig('spam_words'));
// Characters to replace
$kio->chars = unserialize(Kio::getConfig('chars')) + array(' ' => '_', '\' => '', '"' => '', ''' => '', '`' => '', '"' => '', '>' => '', '<' => '', '&' => '');
// Check timezone_identifiers_list()
$kio->bbcode = (include ROOT . 'system/parser/bbcode/' . (Kio::getConfig('bbcode_parser') ? Kio::getConfig('bbcode_parser') . '.php' : 'index.php'));
$kio->emoticons = (include ROOT . 'system/parser/emoticons/' . (Kio::getConfig('emoticons_parser') ? Kio::getConfig('emoticons_parser') . '.php' : 'index.php'));
$kio->censure = (include ROOT . 'system/parser/censure/' . (Kio::getConfig('censure_parser') ? Kio::getConfig('censure_parser') . '.php' : 'index.php'));
session_start();
//setlocale(LC_ALL, LC); ////
mb_internal_encoding('UTF-8');
set_magic_quotes_runtime(false);
////
ini_set('magic_quotes_gpc', 'Off');
////
define('IP', User::getIP());
// Get user IP
define('TRANSLATE_DATE', Kio::getConfig('translate_date'));
// Breadcrumb/Path
define('ONLY_IN_TITLE', false);
define('NO_URL', null);
//////////////////
User::detectLang(Kio::getConfig('detect_lang'));
/////////////////
// Check if some functions exists
if (in_array(false, $kio->functions)) {
require_once ROOT . 'system/functions2.php';
}
switch (Kio::getConfig('url_type')) {
// www.site.com/?example
case 1:
/**
* Records a sql query in the database with a log message
*
* @version 1.0
* @since 1.0.0
* @author xLink
*
* @param string $query
* @param string $log
*
* @return bool
*/
public function recordLog($query, $log)
{
if (!$this->logging) {
return false;
}
$info['uid'] = User::$IS_ONLINE ? $this->objUser->grab('id') : '0';
$info['username'] = User::$IS_ONLINE ? $this->objUser->grab('username') : 'Guest';
$info['description'] = $log;
$info['query'] = $query;
$info['refer'] = secureMe($_SERVER['HTTP_REFERER']);
$info['date'] = time();
$info['ip_address'] = User::getIP();
return $this->insertRow('logs', $info, false);
}
