function form_recaptcha($args) { global $objTPL; $file = 'plugins/cscms/class.recaptcha.php'; if (!is_file($file) || !is_readable($file)) { msgDie('FAIL', 'Fatal Error - 404' . '<br />We have been unable to locate/read the ' . $file . ' file.'); } else { require_once $file; } if (class_exists('Captcha', false) && !is_empty($objTPL->config('site', 'captcha_pub')) && !is_empty($objTPL->config('site', 'captcha_priv'))) { $objCAPTCHA = new Captcha($objTPL->config('site', 'captcha_pub'), $objTPL->config('site', 'captcha_priv')); $objCAPTCHA->objTPL = $objTPL; } else { return false; } if (!HTTP_POST) { return $objCAPTCHA->outputCaptcha($args); } else { return $objCAPTCHA->checkAnswer(User::getIP(), $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); } return false; }
// only validate Minecraft name $to_validation['username'] = array('required' => true, 'isvalid' => true, 'min' => 3, 'max' => 20, 'unique' => 'users'); $mcname = htmlspecialchars(Input::get('username')); } $validation = $validate->check($_POST, $to_validation); // Execute validation if ($validation->passed()) { $profile = ProfileUtils::getProfile($mcname); $result = $profile->getProfileAsArray(); if (isset($result["uuid"]) && !empty($result['uuid'])) { $uuid = $result['uuid']; } else { $uuid = ''; } $user = new User(); $ip = $user->getIP(); if (filter_var($ip, FILTER_VALIDATE_IP)) { // Valid IP } else { // TODO: Invalid IP, do something else } $password = password_hash(Input::get('password'), PASSWORD_BCRYPT, array("cost" => 13)); // Get current unix time $date = new DateTime(); $date = $date->getTimestamp(); try { $code = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 60); $user->create(array('username' => htmlspecialchars(Input::get('username')), 'mcname' => $mcname, 'uuid' => $uuid, 'password' => $password, 'pass_method' => 'default', 'joined' => $date, 'group_id' => 1, 'email' => htmlspecialchars(Input::get('email')), 'reset_code' => $code, 'lastip' => htmlspecialchars($ip))); $php_mailer = $queries->getWhere('settings', array('name', '=', 'phpmailer')); $php_mailer = $php_mailer[0]->value; if ($php_mailer == '1') {
/** * Sets the online session for the tracker * * @version 1.0 * @since 1.0.0 * @author xLink * * @param string $log * * @return bool */ public function newOnlineSession($log = NULL) { $insert['uid'] = $this->grab('id'); $insert['username'] = $this->grab('username'); $insert['ip_address'] = User::getIP(); $insert['timestamp'] = time(); $insert['location'] = secureMe($this->config('global', 'fullPath', 'null')); $insert['referer'] = secureMe($this->config('global', 'referer', 'null')); $insert['language'] = secureMe($this->config('site', 'language', 'en')); $insert['useragent'] = secureMe($this->config('global', 'browser')); $insert['userkey'] = isset($_SESSION['user']['userkey']) ? $_SESSION['user']['userkey'] : $this->newKey(); if ($this->objSQL->insertRow('online', $insert, 0, $log)) { $this->objCache->generate_statistics_cache(); return true; } return false; }
/** * Allows quick reply * * @version 2.0 * @since 1.0.0 * @author xLink * * @param int $id */ public function postQuickReply($id) { //grab the required thread so we got something to work with.. $thread = $this->objSQL->getLine('SELECT * FROM `$Pforum_threads` WHERE id ="%s" LIMIT 1;', array($id)); if (!$thread) { hmsgDie('FAIL', 'Failed to retreive thread information'); } $category = $this->getForumInfo($thread['cat_id']); $category = $category[0]; $catAuth = $this->auth[$category['id']]; //give em write by default $writeTest = true; //see if the user has write permissions if (!$catAuth['auth_reply'] && !$catAuth['auth_mod'] && !User::$IS_MOD) { $writeTest = false; } //apparently they havent.. if (!$writeTest || $thread['locked']) { $this->objTPL->set_filenames(array('body' => 'modules/forum/template/forum_category.tpl')); $this->objTPL->assign_block_vars('threads', array()); $this->objTPL->assign_block_vars('threads.error', array('ERROR' => $thread['locked'] ? langVar('L_LOCKED') : langVar('L_AUTH_POST', $catAuth['auth_reply_type']))); $this->objTPL->parse('body', false); return; } //if we get this far then they have permissions, so start the page output $this->objPage->addPagecrumb(array(array('url' => $this->config('global', 'url'), 'name' => langVar('B_POST_REPLY', $thread['subject'])))); //okay so test to see which part of the page we should see.. if (HTTP_POST && isset($_GET['mode']) && $_GET['mode'] == 'qreply') { //check to make sure wer coming from a quick reply form if (!doArgs('quick_reply', false, $_POST)) { hmsgDie('FAIL', 'Error: Post Failed.'); } //check to make sure we have a cat id if (!doArgs('id', false, $_POST)) { hmsgDie('FAIL', 'Error: I cannot remember where your posting to.'); } //content checks if (!doArgs('post', false, $_POST)) { unset($_SESSION['site']['forum']); hmsgDie('FAIL', 'Post Failed - Post either missing or not long enough.'); } if (!doArgs('id', false, $_SESSION['site']['forum'][$id]) || $_SESSION['site']['forum'][$id]['id'] != $_POST['id']) { hmsgdie('FAIL', 'Post Failed - I cannot remember where your posting to.'); } if (!doArgs('sessid', false, $_SESSION['site']['forum'][$id]) || $_SESSION['site']['forum'][$id]['sessid'] != $_POST['sessid']) { hmsgdie('FAIL', 'Post Failed - Security Check failed. Please make sure your posting directly from the page.'); } // //--insert the post info into the db // $uid = $this->objUser->grab('id'); //generate the post unset($post); $post['post'] = secureMe($_POST['post']); $post['author'] = $uid; $post['timestamp'] = time(); $post['thread_id'] = $thread['id']; $post['poster_ip'] = User::getIP(); $post_insert = $this->objSQL->insertRow('forum_posts', $post); if (!$post_insert) { unset($_SESSION['site']['forum']); hmsgDie('FAIL', 'Post Failed - Inserting the data into the db failed.(1)'); } //update the thread unset($update); $update['last_uid'] = $uid; $thread_update = $this->objSQL->updateRow('forum_threads', $update, array('id ="%s"', $id)); //update the forum watch table if (isset($_POST['watch_topic'])) { unset($array); $array['user_id'] = $uid; $array['thread_id'] = $thread['id']; $this->objSQL->insertRow('forum_watch', $array); } //update the parent category unset($array); $array['last_post_id'] = $post_insert; $this->objSQL->updateRow('forum_cats', $array, array('id ="%s"', $category['id'])); //do the notifications $info = array('timestamp' => time(), 'content_id' => $thread_id, 'thread_id' => $thread['id']); $this->notify($id, $thread, $info); unset($_SESSION['site']); if (!HTTP_AJAX) { $this->objPage->redirect('/' . root() . 'modules/forum/thread/' . seo($thread['subject']) . '-' . $thread['id'] . '.html#top', 0, 3); } else { //grab the thread $thread = $this->objSQL->getLine('SELECT t.*, COUNT(DISTINCT p.id) as posts FROM `$Pforum_threads` t LEFT JOIN `$Pforum_posts` p ON p.thread_id = t.id WHERE t.id = %d', array($thread['id'])); $pages = ceil($thread['posts'] / 10); $page = doArgs('mode', false, $_GET) == 'last_page' ? $pages : doArgs('page', 1, $_GET); if ($page < $pages) { echo '<script>document.location= "' . $this->generateThreadURL($thread) . '?mode=last_page";</script>'; exit; } $post['id'] = $post_insert; echo $this->outputPosts(array($post), $thread); exit; } } hmsgDie('FAIL', 'Error: Quick Reply Precedure Fail.'); }
$doneSetup = $objCore->setup($classes); if (!$doneSetup) { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot load CMS Classes, make sure file structure is intact and $cmsROOT is defined properly if applicable.')); } //globalise the class names foreach ($objCore->classes as $objName => $args) { ${$objName} =& $objCore->{$objName}; } unset($classes, $objCore->classes); $objPage->setVar('language', $language); // //--Generate a 'Template' for the Session // $guest['user'] = array('id' => 0, 'username' => 'Guest', 'theme' => $objCore->config('site', 'theme'), 'userkey' => doArgs('userkey', null, $_SESSION['user']), 'timezone' => doArgs('timezone', $objCore->config('time', 'timezone'), $_SESSION['user'])); //generate user stuff $config['global'] = array('user' => isset($_SESSION['user']['id']) ? $_SESSION['user'] : $guest['user'], 'ip' => User::getIP(), 'useragent' => doArgs('HTTP_USER_AGENT', null, $_SERVER), 'browser' => getBrowser($_SERVER['HTTP_USER_AGENT']), 'language' => $language, 'secure' => $_SERVER['HTTPS'] ? true : false, 'referer' => doArgs('HTTP_REFERER', null, $_SERVER), 'rootPath' => '/' . root(), 'fullPath' => $_SERVER['REQUEST_URI'], 'rootUrl' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . '/' . root(), 'url' => ($_SERVER['HTTPS'] ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); //hook the session template, this is the place to add some more if you want $objPlugins->hook('CMSCore_session_tpl', $config['global']); $objUser->setIsOnline(!($config['global']['user']['id'] == 0 ? true : false)); $objUser->initPerms(); if (!defined('NO_DB')) { //start the tracker, this sets out a few things so we can kill, ban etc $objCore->objUser->tracker(); } $theme = !User::$IS_ONLINE || !$objCore->config('site', 'theme_override') ? $objCore->config('site', 'theme') : $objUser->grab('theme'); if (!$objPage->setTheme($theme)) { msgDie('FAIL', sprintf($errorTPL, 'Fatal Error', 'Cannot find template. Please make sure atleast default/ is uploaded correctly and try again.')); } if (is_file(cmsROOT . 'modules/core/lang.' . $language . '.php')) { translateFile(cmsROOT . 'modules/core/lang.' . $language . '.php'); }
/** * Makes sure the cookie is valid * * @version 1.0 * @since 1.0.0 * @author Jesus * * @return bool */ public function runRememberMe() { if (!$this->config('login', 'remember_me')) { $this->setError('Remember Me Failed. Remember Me is disabled site wide'); return false; } //make sure we have a cookie to begin with if (is_empty(doArgs('login', null, $_COOKIE))) { $this->setError('Remember Me Failed. Cookie not found.'); return false; } //this should return something not empty... $cookie = unserialize($_COOKIE['login']); if (is_empty($cookie)) { $this->setError('Remember Me Failed. Cookie contained unexpected information.'); return false; } //verify we have the data we need $values = array('uData', 'uIP', 'uAgent'); foreach ($values as $e) { if (!isset($cookie[$e]) && !is_empty($cookie[$e])) { $this->setError('Remember Me Failed. Cookie contained unexpected information.'); return false; } } //uData should be 5 chars in length if (strlen($cookie['uData']) != 5) { $this->setError('Remember Me Failed. Cookie contained unexpected information.'); return false; } //make sure the IP has the right IP of the client if ($this->config('login', 'ip_lock', false) && $cookie['uIP'] !== User::getIP()) { $this->setError('Remember Me Failed. Cookie contained unexpected information.'); return false; } //and make sure the useragent matches the client if ($cookie['uAgent'] != md5($_SERVER['HTTP_USER_AGENT'] . $this->config('db', 'ckeauth'))) { $this->setError('Remember Me Failed. Cookie contained unexpected information.'); return false; } //setup the query unset($query); $query[] = 'SELECT uData FROM `$Puserkeys` '; $query[] = 'WHERE uData LIKE "%' . secureMe($cookie['uData'], 'MRES') . ':%" '; $query[] = 'AND uAgent = "' . secureMe($cookie['uAgent'], 'MRES') . '" '; if ($this->config('login', 'ip_lock')) { $query[] = 'AND uIP = "' . secureMe($cookie['uIP'], 'MRES') . '" '; } $query[] = 'LIMIT 1;'; //prepare and exec $query = $this->objSQL->getLine(implode(' ', $query)); if (!count($query)) { $this->setError('Could not query for userkey'); return false; } //untangle the user id from the query $query['uData'] = explode(':', $query['uData']); if (!isset($query['uData'][1]) || is_empty($query['uData'][1])) { $this->setError('No ID Exists'); return false; } //now try and grab the user's info $this->userData = $this->objUser->getUserInfo($query['uData'][1]); if (is_empty($this->userData)) { $this->setError('No user exists with that ID'); return false; } //now check to make sure users info is valid before letting em login properly if ($this->userData['autologin'] == 0) { $this->setError('User isn\'t set to autologin.'); return false; } if (!$this->activeCheck()) { $this->setError('User isn\'t active.'); return false; } if (!$this->banCheck()) { $this->setError('User is banned.'); return false; } if (!$this->whiteListCheck()) { $this->setError('You\'re IP dosent match the whitelist.'); return false; } //everything seems fine, log them in $this->objUser->setSessions($this->userData['id'], true); $this->objUser->newOnlineSession('Online System: AutoLogin Sequence Activated for ' . $this->userData['username']); return true; }
// Za spacje należy użyć \s, np. tanie\skomputery $kio->spam_words = str_replace(array(',', ' ', '#'), array('|', '', ''), Kio::getConfig('spam_words')); // Characters to replace $kio->chars = unserialize(Kio::getConfig('chars')) + array(' ' => '_', '\' => '', '"' => '', ''' => '', '`' => '', '"' => '', '>' => '', '<' => '', '&' => ''); // Check timezone_identifiers_list() $kio->bbcode = (include ROOT . 'system/parser/bbcode/' . (Kio::getConfig('bbcode_parser') ? Kio::getConfig('bbcode_parser') . '.php' : 'index.php')); $kio->emoticons = (include ROOT . 'system/parser/emoticons/' . (Kio::getConfig('emoticons_parser') ? Kio::getConfig('emoticons_parser') . '.php' : 'index.php')); $kio->censure = (include ROOT . 'system/parser/censure/' . (Kio::getConfig('censure_parser') ? Kio::getConfig('censure_parser') . '.php' : 'index.php')); session_start(); //setlocale(LC_ALL, LC); //// mb_internal_encoding('UTF-8'); set_magic_quotes_runtime(false); //// ini_set('magic_quotes_gpc', 'Off'); //// define('IP', User::getIP()); // Get user IP define('TRANSLATE_DATE', Kio::getConfig('translate_date')); // Breadcrumb/Path define('ONLY_IN_TITLE', false); define('NO_URL', null); ////////////////// User::detectLang(Kio::getConfig('detect_lang')); ///////////////// // Check if some functions exists if (in_array(false, $kio->functions)) { require_once ROOT . 'system/functions2.php'; } switch (Kio::getConfig('url_type')) { // www.site.com/?example case 1:
/** * Records a sql query in the database with a log message * * @version 1.0 * @since 1.0.0 * @author xLink * * @param string $query * @param string $log * * @return bool */ public function recordLog($query, $log) { if (!$this->logging) { return false; } $info['uid'] = User::$IS_ONLINE ? $this->objUser->grab('id') : '0'; $info['username'] = User::$IS_ONLINE ? $this->objUser->grab('username') : 'Guest'; $info['description'] = $log; $info['query'] = $query; $info['refer'] = secureMe($_SERVER['HTTP_REFERER']); $info['date'] = time(); $info['ip_address'] = User::getIP(); return $this->insertRow('logs', $info, false); }