function upgrade32_dbchanges() { global $db, $output; // Unset old ACP cookies from front-end since they're not needed anymore my_unsetcookie('adminsid'); my_unsetcookie('acploginattempts'); my_unsetcookie('acp_view'); my_unsetcookie('inlinemod_useracp'); $output->print_header("Updating Database"); echo "<p>Performing necessary upgrade queries...</p>"; flush(); if ($db->field_exists('candeletereputations', 'usergroups')) { $db->drop_column("usergroups", "candeletereputations"); } if ($db->field_exists('authsecret', 'adminoptions')) { $db->drop_column("adminoptions", "authsecret"); } if ($db->field_exists('recovery_codes', 'adminoptions')) { $db->drop_column("adminoptions", "recovery_codes"); } if ($db->field_exists('authenticated', 'adminsessions')) { $db->drop_column("adminsessions", "authenticated"); } switch ($db->type) { case "pgsql": $db->add_column("usergroups", "candeletereputations", "smallint NOT NULL default '0' AFTER cangivereputations"); $db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''"); $db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''"); $db->add_column("adminsessions", "authenticated", "smallint NOT NULL default '0'"); break; case "sqlite": $db->add_column("usergroups", "candeletereputations", "tinyint(1) NOT NULL default '0'"); $db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''"); $db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''"); $db->add_column("adminsessions", "authenticated", "tinyint(1) NOT NULL default '0'"); break; default: $db->add_column("usergroups", "candeletereputations", "tinyint(1) NOT NULL default '0' AFTER cangivereputations"); $db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''"); $db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''"); $db->add_column("adminsessions", "authenticated", "tinyint(1) NOT NULL default '0'"); break; } // Delete forumpermissions belonging to a deleted forum $db->delete_query("forumpermissions", "fid NOT IN(SELECT fid FROM {$db->table_prefix}forums)"); $db->update_query("settings", array('optionscode' => 'select\\r\\n0=No CAPTCHA\\r\\n1=MyBB Default CAPTCHA\\r\\n2=reCAPTCHA\\r\\n3=Are You a Human\\r\\n4=NoCAPTCHA reCAPTCHA'), "name='captchaimage'"); $output->print_contents("<p>Click next to continue with the upgrade process.</p>"); $output->print_footer("32_done"); }
function logout_user_func() { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $forum_cache; if (!$mybb->user['uid']) { return xmlrespfalse('Already logged out'); } my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; $lastvisit = array("lastactive" => $time - 900, "lastvisit" => $time); $db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'"); $db->delete_query("sessions", "sid='" . $session->sid . "'"); } return xmlresptrue(); }
/** * Marks all forums as read. * */ function mark_all_forums_read() { global $mybb, $db, $cache; // Can only do "true" tracking for registered users if ($mybb->user['uid'] > 0) { $db->update_query("users", array('lastvisit' => TIME_NOW), "uid='" . $mybb->user['uid'] . "'"); require_once MYBB_ROOT . "inc/functions_user.php"; update_pm_count('', 2); if ($mybb->settings['threadreadcut'] > 0) { // Need to loop through all forums and mark them as read $forums = $cache->read('forums'); $update_count = ceil(count($forums) / 20); if ($update_count < 15) { $update_count = 15; } $mark_query = ''; $done = 0; foreach (array_keys($forums) as $fid) { switch ($db->type) { case "pgsql": case "sqlite": $mark_query[] = array('fid' => $fid, 'uid' => $mybb->user['uid'], 'dateline' => TIME_NOW); break; default: if ($mark_query != '') { $mark_query .= ','; } $mark_query .= "('{$fid}', '{$mybb->user['uid']}', '" . TIME_NOW . "')"; } ++$done; // Only do this in loops of $update_count, save query time if ($done % $update_count) { switch ($db->type) { case "pgsql": case "sqlite": foreach ($mark_query as $replace_query) { add_shutdown(array($db, "replace_query"), array("forumsread", $replace_query, array("fid", "uid"))); } $mark_query = array(); break; default: $db->shutdown_query("\n\t\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "forumsread (fid, uid, dateline)\n\t\t\t\t\t\t\t\tVALUES {$mark_query}\n\t\t\t\t\t\t\t"); $mark_query = ''; } } } if ($mark_query != '') { switch ($db->type) { case "pgsql": case "sqlite": foreach ($mark_query as $replace_query) { add_shutdown(array($db, "replace_query"), array("forumsread", $replace_query, array("fid", "uid"))); } break; default: $db->shutdown_query("\n\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "forumsread (fid, uid, dateline)\n\t\t\t\t\t\t\tVALUES {$mark_query}\n\t\t\t\t\t\t"); } } } } else { my_setcookie("mybb[readallforums]", 1); my_setcookie("mybb[lastvisit]", TIME_NOW); my_unsetcookie("mybb[threadread]"); my_unsetcookie("mybb[forumread]"); } }
} else { $quoted_ids = explode("|", $mybb->get_input('quoted_ids')); $multiquote = explode("|", $mybb->cookies['multiquote']); if (is_array($multiquote) && is_array($quoted_ids)) { foreach ($multiquote as $key => $quoteid) { // If this ID was quoted, remove it from the multiquote list if (in_array($quoteid, $quoted_ids)) { unset($multiquote[$key]); } } // Still have an array - set the new cookie if (is_array($multiquote)) { $new_multiquote = implode(",", $multiquote); my_setcookie("multiquote", $new_multiquote); } else { my_unsetcookie("multiquote"); } } } } $plugins->run_hooks("newreply_do_newreply_end"); // This was a post made via the ajax quick reply - we need to do some special things here if ($mybb->get_input('ajax', MyBB::INPUT_INT)) { // Visible post if ($visible == 1) { // Set post counter $postcounter = $thread['replies'] + 1; if (is_moderator($fid, "canviewunapprove")) { $postcounter += $thread['unapprovedposts']; } if (is_moderator($fid, "canviewdeleted")) {
function clearinline($id, $type) { my_unsetcookie("inlinemod_" . $type . $id); my_unsetcookie("inlinemod_" . $type . $id . "_removed"); }
} } // After all of that no theme? Load the board default if (empty($loadstyle)) { $loadstyle = "def='1'"; } // Fetch the theme to load from the cache if ($loadstyle != "def='1'") { $query = $db->simple_select('themes', 'name, tid, properties, stylesheets, allowedgroups', $loadstyle, array('limit' => 1)); $theme = $db->fetch_array($query); if (isset($theme['tid']) && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all') { if ($load_from_user == 1) { $db->update_query('users', array('style' => 0), "style='{$mybb->user['style']}' AND uid='{$mybb->user['uid']}'"); } if (isset($mybb->cookies['mybbtheme'])) { my_unsetcookie('mybbtheme'); } $loadstyle = "def='1'"; } } if ($loadstyle == "def='1'") { if (!$cache->read('default_theme')) { $cache->update_default_theme(); } $theme = $cache->read('default_theme'); $load_from_forum = $load_from_user = 0; } // No theme was found - we attempt to load the master or any other theme if (!isset($theme['tid']) || isset($theme['tid']) && !$theme['tid']) { // Missing theme was from a forum, run a query to set any forums using the theme to the default if ($load_from_forum == 1) {
$atom1check = "checked=\"checked\""; $rss2check = ''; } else { $atom1check = ''; $rss2check = "checked=\"checked\""; } $forumselect = makesyndicateforums(); $plugins->run_hooks("misc_syndication_end"); eval("\$syndication = \"" . $templates->get("misc_syndication") . "\";"); output_page($syndication); } elseif ($mybb->input['action'] == "clearcookies") { verify_post_check($mybb->get_input('my_post_key')); $plugins->run_hooks("misc_clearcookies"); $remove_cookies = array('mybbuser', 'mybb[announcements]', 'mybb[lastvisit]', 'mybb[lastactive]', 'collapsed', 'mybb[forumread]', 'mybb[threadsread]', 'mybbadmin', 'mybblang', 'mybbtheme', 'multiquote', 'mybb[readallforums]', 'coppauser', 'coppadob', 'mybb[referrer]'); foreach ($remove_cookies as $name) { my_unsetcookie($name); } redirect("index.php", $lang->redirect_cookiescleared); } /** * Build a list of forums for RSS multiselect. * * @param int Parent forum ID. * @param unknown_type deprecated * @param boolean Whether to add selected attribute or not. * @param string HTML for the depth of the forum. * @return string HTML of the list of forums for CSS. */ function makesyndicateforums($pid = "0", $selitem = "", $addselect = "1", $depth = "") { global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates;
function cookielaw_clear_cookies() { global $mybb, $session; if (isset($mybb->cookies['mybb']['allow_cookies']) && $mybb->cookies['mybb']['allow_cookies'] == '0' && !defined('IN_ADMINCP')) { $cookies = cookielaw_get_cookies(true); foreach ($cookies as $cookie_name => $info) { if ($cookie_name == 'mybb[allow_cookies]') { continue; } my_unsetcookie($cookie_name); } foreach ($mybb->cookies as $key => $val) { if (strpos($key, 'inlinemod_') !== false) { my_unsetcookie($key); } } unset($mybb->user); unset($mybb->session); $session->load_guest(); } }
} if ($mybb->input['action'] == "logout") { $plugins->run_hooks("member_logout_start"); if (!$mybb->user['uid']) { redirect("index.php", $lang->redirect_alreadyloggedout); } // Check session ID if we have one if (isset($mybb->input['sid']) && $mybb->get_input('sid') != $session->sid) { error($lang->error_notloggedout); } else { if (!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') != $mybb->user['logoutkey']) { error($lang->error_notloggedout); } } my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; // Run this after the shutdown query from session system $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); $db->delete_query("sessions", "sid = '{$session->sid}'"); } $plugins->run_hooks("member_logout_end"); redirect("index.php", $lang->redirect_loggedout); } if ($mybb->input['action'] == "viewnotes") { $uid = $mybb->get_input('uid', MyBB::INPUT_INT); $user = get_user($uid); // Make sure we are looking at a real user here. if (!$user) { error($lang->error_nomember);
$fpermfields = array('canview', 'canviewthreads', 'candlattachments', 'canpostthreads', 'canpostreplys', 'canpostattachments', 'canratethreads', 'caneditposts', 'candeleteposts', 'candeletethreads', 'caneditattachments', 'canpostpolls', 'canvotepolls', 'cansearch', 'modposts', 'modthreads', 'modattachments', 'mod_edit_posts'); // Include the installation resources require_once INSTALL_ROOT . "resources/output.php"; $output = new installerOutput(); $output->script = "upgrade.php"; $output->title = "MyBB Upgrade Wizard"; if (file_exists("lock")) { $output->print_error($lang->locked); } else { $mybb->input['action'] = $mybb->get_input('action'); if ($mybb->input['action'] == "logout" && $mybb->user['uid']) { // Check session ID if we have one if ($mybb->get_input('logoutkey') != $mybb->user['logoutkey']) { $output->print_error("Your user ID could not be verified to log you out. This may have been because a malicious Javascript was attempting to log you out automatically. If you intended to log out, please click the Log Out button at the top menu."); } my_unsetcookie("mybbuser"); if ($mybb->user['uid']) { $time = TIME_NOW; $lastvisit = array("lastactive" => $time - 900, "lastvisit" => $time); $db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'"); } header("Location: upgrade.php"); } else { if ($mybb->input['action'] == "do_login" && $mybb->request_method == "post") { require_once MYBB_ROOT . "inc/functions_user.php"; if (!username_exists($mybb->get_input('username'))) { $output->print_error("The username you have entered appears to be invalid."); } $options = array('fields' => array('username', 'password', 'salt', 'loginkey')); $user = get_user_by_username($mybb->get_input('username'), $options); if (!$user['uid']) {
echo 1; exit; } } else { $plugins->run_hooks("misc_markread_end"); require_once MYBB_ROOT . "/inc/functions_indicators.php"; mark_all_forums_read(); redirect("index.php", $lang->redirect_markforumsread); } } elseif ($mybb->input['action'] == "clearpass") { $plugins->run_hooks("misc_clearpass"); if ($mybb->input['fid']) { if (!verify_post_check($mybb->input['my_post_key'])) { error($lang->invalid_post_code); } my_unsetcookie("forumpass[" . intval($mybb->input['fid']) . "]"); redirect("index.php", $lang->redirect_forumpasscleared); } } elseif ($mybb->input['action'] == "rules") { if ($mybb->input['fid']) { $plugins->run_hooks("misc_rules_start"); $fid = intval($mybb->input['fid']); $forum = get_forum($fid); if (!$forum || $forum['type'] != "f" || $forum['rules'] == '') { error($lang->error_invalidforum); } $forumpermissions = forum_permissions($forum['fid']); if ($forumpermissions['canview'] != 1) { error_no_permission(); } if (!$forum['rulestitle']) {
/** * Checks to make sure a user has not tried to login more times than permitted * Will stop execution with call to error() unless * * @param bool (Optional) The function will stop execution if it finds an error with the login. Default is True * @return bool Number of logins when success, false if failed. */ function login_attempt_check($fatal = true) { global $mybb, $lang, $session, $db; if ($mybb->settings['failedlogincount'] == 0) { return 1; } // Note: Number of logins is defaulted to 1, because using 0 seems to clear cookie data. Not really a problem as long as we account for 1 being default. // Use cookie if possible, otherwise use session // Find better solution to prevent clearing cookies $loginattempts = 0; $failedlogin = 0; if (!empty($mybb->cookies['loginattempts'])) { $loginattempts = $mybb->cookies['loginattempts']; } if (!empty($mybb->cookies['failedlogin'])) { $failedlogin = $mybb->cookies['failedlogin']; } // Work out if the user has had more than the allowed number of login attempts if ($loginattempts > $mybb->settings['failedlogincount']) { // If so, then we need to work out if they can try to login again // Some maths to work out how long they have left and display it to them $now = TIME_NOW; if (empty($mybb->cookies['failedlogin'])) { $failedtime = $now; } else { $failedtime = $mybb->cookies['failedlogin']; } $secondsleft = $mybb->settings['failedlogintime'] * 60 + $failedtime - $now; $hoursleft = floor($secondsleft / 3600); $minsleft = floor($secondsleft / 60 % 60); $secsleft = floor($secondsleft % 60); // This value will be empty the first time the user doesn't login in, set it if (empty($failedlogin)) { my_setcookie('failedlogin', $now); if ($fatal) { error($lang->sprintf($lang->failed_login_wait, $hoursleft, $minsleft, $secsleft)); } return false; } // Work out if the user has waited long enough before letting them login again if ($mybb->cookies['failedlogin'] < $now - $mybb->settings['failedlogintime'] * 60) { my_setcookie('loginattempts', 1); my_unsetcookie('failedlogin'); if ($mybb->user['uid'] != 0) { $update_array = array('loginattempts' => 1); $db->update_query("users", $update_array, "uid = '{$mybb->user['uid']}'"); } return 1; } else { if ($mybb->cookies['failedlogin'] > $now - $mybb->settings['failedlogintime'] * 60) { if ($fatal) { error($lang->sprintf($lang->failed_login_wait, $hoursleft, $minsleft, $secsleft)); } return false; } } } // User can attempt another login return $loginattempts; }
} // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->user['ismoderator'] = is_moderator("", "", $mybb->user['uid']); // Set our POST validation code here $mybb->post_code = generate_post_check(); // Set and load the language if (!empty($mybb->input['language']) && $lang->language_exists($mybb->input['language']) && verify_post_check($mybb->input['my_post_key'], true)) { $mybb->settings['bblanguage'] = $mybb->input['language']; // If user is logged in, update their language selection with the new one if ($mybb->user['uid']) { if ($mybb->cookies['mybblang']) { my_unsetcookie("mybblang"); } $db->update_query("users", array("language" => $db->escape_string($mybb->settings['bblanguage'])), "uid='{$mybb->user['uid']}'"); } else { my_setcookie("mybblang", $mybb->settings['bblanguage']); } $mybb->user['language'] = $mybb->settings['bblanguage']; } else { if (!$mybb->user['uid'] && !empty($mybb->cookies['mybblang']) && $lang->language_exists($mybb->cookies['mybblang'])) { $mybb->settings['bblanguage'] = $mybb->cookies['mybblang']; } else { if (!isset($mybb->settings['bblanguage'])) { $mybb->settings['bblanguage'] = "english"; } } }
function install_done() { global $output, $db, $mybb, $errors, $cache, $lang; if (empty($mybb->input['adminuser'])) { $errors[] = $lang->admin_step_error_nouser; } if (empty($mybb->input['adminpass'])) { $errors[] = $lang->admin_step_error_nopassword; } if ($mybb->input['adminpass'] != $mybb->input['adminpass2']) { $errors[] = $lang->admin_step_error_nomatch; } if (empty($mybb->input['adminemail'])) { $errors[] = $lang->admin_step_error_noemail; } if (is_array($errors)) { create_admin_user(); } require MYBB_ROOT . 'inc/config.php'; $db = db_connection($config); require MYBB_ROOT . 'inc/settings.php'; $mybb->settings =& $settings; ob_start(); $output->print_header($lang->finish_setup, 'finish'); echo $lang->done_step_usergroupsinserted; // Insert all of our user groups from the XML file $settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml'); $parser = new XMLParser($settings); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $admin_gid = ''; $group_count = 0; foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) { // usergroup[cancp][0][value] $new_group = array(); foreach ($usergroup as $key => $value) { if ($key == "gid" || !is_array($value)) { continue; } $new_group[$key] = $db->escape_string($value[0]['value']); } $return_gid = $db->insert_query("usergroups", $new_group); // If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs) if ($new_group['cancp'] == 1 && !$admin_gid) { $admin_gid = $return_gid; } $group_count++; } echo $lang->done . '</p>'; echo $lang->done_step_admincreated; $now = TIME_NOW; $salt = random_str(); $loginkey = generate_loginkey(); $saltedpw = md5(md5($salt) . md5($mybb->input['adminpass'])); $newuser = array('username' => $db->escape_string($mybb->input['adminuser']), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->input['adminemail']), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'msn' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'remember' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_string(get_ip()), 'longregip' => intval(ip2long(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1); $db->insert_query('users', $newuser); echo $lang->done . '</p>'; echo $lang->done_step_adminoptions; $adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml'); $parser = new XMLParser($adminoptions); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $insertmodule = array(); $db->delete_query("adminoptions"); // Insert all the admin permissions foreach ($tree['adminoptions'][0]['user'] as $users) { $uid = $users['attributes']['uid']; foreach ($users['permissions'][0]['module'] as $module) { foreach ($module['permission'] as $permission) { $insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value']; } } $defaultviews = array(); foreach ($users['defaultviews'][0]['view'] as $view) { $defaultviews[$view['attributes']['type']] = $view['value']; } $adminoptiondata = array('uid' => intval($uid), 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(serialize($insertmodule)), 'defaultviews' => $db->escape_string(serialize($defaultviews))); $insertmodule = array(); $db->insert_query('adminoptions', $adminoptiondata); } echo $lang->done . '</p>'; // Automatic Login my_unsetcookie("sid"); my_unsetcookie("mybbuser"); my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true); ob_end_flush(); // Make fulltext columns if supported if ($db->supports_fulltext('threads')) { $db->create_fulltext_index('threads', 'subject'); } if ($db->supports_fulltext_boolean('posts')) { $db->create_fulltext_index('posts', 'message'); } // Register a shutdown function which actually tests if this functionality is working add_shutdown('test_shutdown_function'); echo $lang->done_step_cachebuilding; require_once MYBB_ROOT . 'inc/class_datacache.php'; $cache = new datacache(); $cache->update_version(); $cache->update_attachtypes(); $cache->update_smilies(); $cache->update_badwords(); $cache->update_usergroups(); $cache->update_forumpermissions(); $cache->update_stats(); $cache->update_forums(); $cache->update_moderators(); $cache->update_usertitles(); $cache->update_reportedposts(); $cache->update_mycode(); $cache->update_posticons(); $cache->update_update_check(); $cache->update_tasks(); $cache->update_spiders(); $cache->update_bannedips(); $cache->update_banned(); $cache->update_birthdays(); $cache->update("plugins", array()); $cache->update("internal_settings", array('encryption_key' => random_str(32))); echo $lang->done . '</p>'; echo $lang->done_step_success; $written = 0; if (is_writable('./')) { $lock = @fopen('./lock', 'w'); $written = @fwrite($lock, '1'); @fclose($lock); if ($written) { echo $lang->done_step_locked; } } if (!$written) { echo $lang->done_step_dirdelete; } echo $lang->done_subscribe_mailing; $output->print_footer(''); }
require_once MYBB_ROOT . "inc/3rdparty/2fa/GoogleAuthenticator.php"; $auth = new PHPGangsta_GoogleAuthenticator(); $test = $auth->verifyCode($admin_options['authsecret'], $mybb->get_input('code')); // Either the code was okay or it was a recovery code if ($test === true || $recovery === true) { // Correct code -> session authenticated $db->update_query("adminsessions", array("authenticated" => 1), "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); $admin_session['authenticated'] = 1; $db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'"); my_setcookie('acploginattempts', 0); // post would result in an authorization code mismatch error $mybb->request_method = "get"; } else { // Wrong code -> close session (aka logout) $db->delete_query("adminsessions", "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); my_unsetcookie('adminsid'); // Now test whether we need to lock this guy completly $db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='{$mybb->user['uid']}'", '', true); $loginattempts = login_attempt_check_acp($mybb->user['uid'], true); // Have we attempted too many times? if ($loginattempts['loginattempts'] > 0) { // Have we set an expiry yet? if ($loginattempts['loginlockoutexpiry'] == 0) { $db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW + (int) $mybb->settings['loginattemptstimeout'] * 60), "uid='{$mybb->user['uid']}'"); } // Did we hit lockout for the first time? Send the unlock email to the administrator if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) { $db->delete_query("awaitingactivation", "uid='{$mybb->user['uid']}' AND type='l'"); $lockout_array = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l"); $db->insert_query("awaitingactivation", $lockout_array); $subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']);
/** * Register procedure * Refers to: /member.php * * @param array $info Contains user information of the User to be registered * @return array|string If registration fails, we return an array containing the error message, * If registration is successful, we return the string, which notifies the user of what will be the next action */ function register($info = array()) { // Load the language phrases we need for the registration $this->lang->load('member'); /** * $info contains the given user information for the registration * We need to make sure that every possible key is given, so we do not generate ugly E_NOIICE errors */ $possible_info_keys = array('username', 'password', 'password2', 'email', 'email2', 'referrer', 'timezone', 'language', 'profile_fields', 'allownotices', 'hideemail', 'subscriptionmethod', 'receivepms', 'pmnotice', 'emailpmnotify', 'invisible', 'dstcorrection'); // Iterate the possible info keys to create the array entry in $info if it does not exist foreach ($possible_info_keys as $possible_info_key) { if (!isset($info[$possible_info_key])) { $info[$possible_info_key] = ''; } } // Run whatever hook specified at the beginning of the registration $this->plugins->run_hooks('member_do_register_start'); // If register type is random password, we generate one if ($this->mybb->settings['regtype'] == "randompass") { $info['password'] = random_str(); $info['password2'] = $info['password']; } if ($this->mybb->settings['regtype'] == "verify" || $this->mybb->settings['regtype'] == "admin" || $info['coppa'] == 1) { $usergroup = 5; } else { $usergroup = 2; } // Set up user handler. require_once MYBB_ROOT . "inc/datahandlers/user.php"; $userhandler = new UserDataHandler("insert"); // Set the data for the new user. $user = array("username" => $info['username'], "password" => $info['password'], "password2" => $info['password2'], "email" => $info['email'], "email2" => $info['email2'], "usergroup" => $usergroup, "referrer" => $info['referrername'], "timezone" => $info['timezone'], "language" => $info['language'], "profile_fields" => $info['profile_fields'], "regip" => $this->mybb->session->ipaddress, "longregip" => ip2long($this->mybb->session->ipaddress), "coppa_user" => intval($this->mybb->cookies['coppauser'])); if (isset($info['regcheck1']) && isset($info['regcheck2'])) { $user['regcheck1'] = $info['regcheck1']; $user['regcheck2'] = $info['regcheck2']; } // Do we have a saved COPPA DOB? if ($this->mybb->cookies['coppadob']) { list($dob_day, $dob_month, $dob_year) = explode("-", $this->mybb->cookies['coppadob']); $user['birthday'] = array("day" => $dob_day, "month" => $dob_month, "year" => $dob_year); } // Generate the options array of the user $user['options'] = array("allownotices" => $info['allownotices'], "hideemail" => $info['hideemail'], "subscriptionmethod" => $info['subscriptionmethod'], "receivepms" => $info['receivepms'], "pmnotice" => $info['pmnotice'], "emailpmnotify" => $info['emailpmnotify'], "invisible" => $info['invisible'], "dstcorrection" => $info['dstcorrection']); // Assign data to the data handler $userhandler->set_data($user); // If the validation of the user failed, we return nice (friendly) errors if (!$userhandler->validate_user()) { $errors = $userhandler->get_friendly_errors(); return $errors; } // Create the User in the database $user_info = $userhandler->insert_user(); // We need to set a cookie, if we don't want a random password (and it is no COPPA user), so he is instantly logged in if ($this->mybb->settings['regtype'] != "randompass" && !$this->mybb->cookies['coppauser']) { // Log them in my_setcookie("mybbuser", $user_info['uid'] . "_" . $user_info['loginkey'], null, true); } /** * Coppa User * Nothing special, just return that the coppa user will be redirected */ if ($this->mybb->cookies['coppauser']) { $this->lang->redirect_registered_coppa_activate = $this->lang->sprintf($this->lang->redirect_registered_coppa_activate, $this->mybb->settings['bbname'], $user_info['username']); my_unsetcookie("coppauser"); my_unsetcookie("coppadob"); // Run whatever hook is defined at the end of a registration $this->plugins->run_hooks("member_do_register_end"); return $this->lang->redirect_registered_coppa_activate; } else { if ($this->mybb->settings['regtype'] == "verify") { // Generate and save the activation code in the database $activationcode = random_str(); $now = TIME_NOW; $activationarray = array("uid" => $user_info['uid'], "dateline" => TIME_NOW, "code" => $activationcode, "type" => "r"); $this->db->insert_query("awaitingactivation", $activationarray); // Generate and send the email $emailsubject = $this->lang->sprintf($this->lang->emailsubject_activateaccount, $this->mybb->settings['bbname']); $emailmessage = $this->lang->sprintf($this->lang->email_activateaccount, $user_info['username'], $this->mybb->settings['bbname'], $this->mybb->settings['bburl'], $user_info['uid'], $activationcode); my_mail($user_info['email'], $emailsubject, $emailmessage); // Build the message to return $this->lang->redirect_registered_activation = $this->lang->sprintf($this->lang->redirect_registered_activation, $this->mybb->settings['bbname'], $user_info['username']); // Run whatever hook is defined at the end of a registration $this->plugins->run_hooks("member_do_register_end"); return $this->lang->redirect_registered_activation; } else { if ($this->mybb->settings['regtype'] == "randompass") { // Generate and send the email $emailsubject = $this->lang->sprintf($this->lang->emailsubject_randompassword, $this->mybb->settings['bbname']); $emailmessage = $this->lang->sprintf($this->lang->email_randompassword, $user['username'], $this->mybb->settings['bbname'], $user_info['username'], $user_info['password']); my_mail($user_info['email'], $emailsubject, $emailmessage); // Run whatever hook is defined at the end of a registration $this->plugins->run_hooks("member_do_register_end"); return $this->lang->redirect_registered_passwordsent; } else { if ($this->mybb->settings['regtype'] == "admin") { // Build the message to return $this->lang->redirect_registered_admin_activate = $this->lang->sprintf($this->lang->redirect_registered_admin_activate, $this->mybb->settings['bbname'], $user_info['username']); // Run whatever hook is defined at the end of a registration $this->plugins->run_hooks("member_do_register_end"); return $this->lang->redirect_registered_admin_activate; } else { // Build the message to return $this->lang->redirect_registered = $this->lang->sprintf($this->lang->redirect_registered, $this->mybb->settings['bbname'], $user_info['username']); // Run whatever hook is defined at the end of a registration $this->plugins->run_hooks('member_do_register_end'); return $this->lang->redirect_registered; } } } } }
/** * Installation is finished */ function install_done() { global $output, $db, $mybb, $errors, $cache, $lang; if (empty($mybb->input['adminuser'])) { $errors[] = $lang->admin_step_error_nouser; } if (empty($mybb->input['adminpass'])) { $errors[] = $lang->admin_step_error_nopassword; } if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) { $errors[] = $lang->admin_step_error_nomatch; } if (empty($mybb->input['adminemail'])) { $errors[] = $lang->admin_step_error_noemail; } if (is_array($errors)) { create_admin_user(); } require MYBB_ROOT . 'inc/config.php'; $db = db_connection($config); require MYBB_ROOT . 'inc/settings.php'; $mybb->settings =& $settings; ob_start(); $output->print_header($lang->finish_setup, 'finish'); echo $lang->done_step_usergroupsinserted; // Insert all of our user groups from the XML file $usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml'); $parser = new XMLParser($usergroup_settings); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $admin_gid = ''; $group_count = 0; foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) { // usergroup[cancp][0][value] $new_group = array(); foreach ($usergroup as $key => $value) { if (!is_array($value)) { continue; } $new_group[$key] = $db->escape_string($value[0]['value']); } $db->insert_query("usergroups", $new_group, false); // If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs) if ($new_group['cancp'] == 1 && !$admin_gid) { $admin_gid = $usergroup['gid'][0]['value']; } $group_count++; } // Restart usergroup sequence with correct # of groups if ($config['database']['type'] == "pgsql") { $db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));"); } echo $lang->done . '</p>'; echo $lang->done_step_admincreated; $now = TIME_NOW; $salt = random_str(); $loginkey = generate_loginkey(); $saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass'))); $newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => ''); $db->insert_query('users', $newuser); echo $lang->done . '</p>'; echo $lang->done_step_adminoptions; $adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml'); $parser = new XMLParser($adminoptions); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $insertmodule = array(); $db->delete_query("adminoptions"); // Insert all the admin permissions foreach ($tree['adminoptions'][0]['user'] as $users) { $uid = $users['attributes']['uid']; foreach ($users['permissions'][0]['module'] as $module) { foreach ($module['permission'] as $permission) { $insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value']; } } $defaultviews = array(); foreach ($users['defaultviews'][0]['view'] as $view) { $defaultviews[$view['attributes']['type']] = $view['value']; } $adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews))); $insertmodule = array(); $db->insert_query('adminoptions', $adminoptiondata); } echo $lang->done . '</p>'; // Automatic Login my_unsetcookie("sid"); my_unsetcookie("mybbuser"); my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true); ob_end_flush(); // Make fulltext columns if supported if ($db->supports_fulltext('threads')) { $db->create_fulltext_index('threads', 'subject'); } if ($db->supports_fulltext_boolean('posts')) { $db->create_fulltext_index('posts', 'message'); } echo $lang->done_step_cachebuilding; require_once MYBB_ROOT . 'inc/class_datacache.php'; $cache = new datacache(); $cache->update_version(); $cache->update_attachtypes(); $cache->update_smilies(); $cache->update_badwords(); $cache->update_usergroups(); $cache->update_forumpermissions(); $cache->update_stats(); $cache->update_statistics(); $cache->update_forums(); $cache->update_moderators(); $cache->update_usertitles(); $cache->update_reportedcontent(); $cache->update_awaitingactivation(); $cache->update_mycode(); $cache->update_profilefields(); $cache->update_posticons(); $cache->update_spiders(); $cache->update_bannedips(); $cache->update_banned(); $cache->update_bannedemails(); $cache->update_birthdays(); $cache->update_groupleaders(); $cache->update_threadprefixes(); $cache->update_forumsdisplay(); $cache->update("plugins", array()); $cache->update("internal_settings", array('encryption_key' => random_str(32))); $cache->update_default_theme(); $version_history = array(); $dh = opendir(INSTALL_ROOT . "resources"); while (($file = readdir($dh)) !== false) { if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) { $version_history[$match[1]] = $match[1]; } } sort($version_history, SORT_NUMERIC); $cache->update("version_history", $version_history); // Schedule an update check so it occurs an hour ago. Gotta stay up to date! $update['nextrun'] = TIME_NOW - 3600; $db->update_query("tasks", $update, "tid='12'"); $cache->update_update_check(); $cache->update_tasks(); echo $lang->done . '</p>'; echo $lang->done_step_success; $written = 0; if (is_writable('./')) { $lock = @fopen('./lock', 'w'); $written = @fwrite($lock, '1'); @fclose($lock); if ($written) { echo $lang->done_step_locked; } } if (!$written) { echo $lang->done_step_dirdelete; } echo $lang->done_whats_next; $output->print_footer(''); }
if (!$db->is_fulltext("posts") && $db->supports_fulltext("threads")) { $db->create_fulltext_index("threads", "subject"); } } // If the delayedthreadviews setting was changed, enable or disable the tasks for it. if (isset($mybb->input['upsetting']['delayedthreadviews']) && $mybb->settings['delayedthreadviews'] != $mybb->input['upsetting']['delayedthreadviews']) { if ($mybb->input['upsetting']['delayedthreadviews'] == 0) { $updated_task = array("enabled" => 0); } else { $updated_task = array("enabled" => 1); } $db->update_query("tasks", $updated_task, "file='threadviews'"); } // Have we changed our cookie prefix? If so, update our adminsid so we're not logged out if ($mybb->input['upsetting']['cookieprefix'] && $mybb->input['upsetting']['cookieprefix'] != $mybb->settings['cookieprefix']) { my_unsetcookie("adminsid"); $mybb->settings['cookieprefix'] = $mybb->input['upsetting']['cookieprefix']; my_setcookie("adminsid", $admin_session['sid'], '', true); } // Have we opted for a reCAPTCHA and not set a public/private key? if ($mybb->input['upsetting']['captchaimage'] == 2 && !$mybb->input['upsetting']['captchaprivatekey'] && !$mybb->input['upsetting']['captchapublickey']) { $db->update_query("settings", array("value" => 1), "name = 'captchaimage'"); } rebuild_settings(); $plugins->run_hooks("admin_config_settings_change_commit"); // If we have changed our report reasons recache them if (isset($mybb->input['upsetting']['reportreasons'])) { $cache->update_reportedposts(); } // Log admin action log_admin_action();
// Do the usergroup update for all those selected // If the a selected user is a super admin, don't update that user foreach ($selected as $user) { if (!is_super_admin($user)) { $users_to_update[] = $user; } } $to_update_count = count($users_to_update); if ($to_update_count > 0 && is_array($users_to_update)) { // Update the users in the database $sql = implode(",", $users_to_update); $db->update_query("users", $update_array, "uid IN (" . $sql . ")"); // Redirect the admin... $mybb->input['action'] = "inline_usergroup"; log_admin_action($to_update_count); my_unsetcookie("inlinemod_useracp"); flash_message($lang->success_mass_usergroups, 'success'); admin_redirect("index.php?module=user-users" . $vid_url); } else { // They tried to edit super admins! Uh-oh! $errors[] = $lang->no_usergroup_changed; } } $page->output_header($lang->manage_users); $page->output_nav_tabs($sub_tabs, 'manage_users'); // Display a table warning $table = new Table(); $lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected)); $table->construct_cell($lang->usergroup_info); $table->construct_row(); $table->output($lang->important);
/** * The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session. * Function is called by ajax request and sends the new users post key. * */ function accountswitcher_switch() { global $db, $mybb, $lang, $charset, $cache, $templates; if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") { require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php"; $eas = new AccountSwitcher($mybb, $db, $cache, $templates); // Get permissions for this user $userPermission = user_permissions($mybb->user['uid']); // Get permissions for the master. First get the master $master = get_user((int) $mybb->user['as_uid']); // Get his permissions $masterPermission = user_permissions($master['uid']); // If one of both has the permission allow to switch if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) { if (!isset($lang->as_invaliduser)) { $lang->load("accountswitcher"); } verify_post_check($mybb->get_input('my_post_key')); // Get user info $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT)); // Check if user exists if (!$user) { error($lang->as_invaliduser); } // Can the new account be shared? if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) { // Account already used by another user? if ($user['as_shareuid'] != 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Account only shared by buddies? if ($user['as_buddyshare'] != 0) { // No buddy - no switch if ($user['buddylist'] != '') { $buddylist = explode(",", $user['buddylist']); } if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } } // Shared account is free - set share uid if ($user['as_shareuid'] == 0) { $updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']); $db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'"); $eas->update_accountswitcher_cache(); $user['as_shareuid'] = (int) $mybb->user['uid']; } } // Make sure you can switch to an attached account only if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) { // Is the current account shared? if ($mybb->user['as_share'] != 0) { // Account used by another user? if ($mybb->user['as_shareuid'] == 0) { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); return; } // Reset share uid if ($mybb->user['as_shareuid'] != 0) { $updated_shareuid = array("as_shareuid" => 0); $db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'"); $eas->update_accountswitcher_cache(); } } // Log the old user out my_unsetcookie("mybbuser"); my_unsetcookie("sid"); if ($mybb->user['uid']) { $time = TIME_NOW; // Run this after the shutdown query from session system $db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'"); $db->delete_query("sessions", "sid = '{$session->sid}'"); } // Now let the login datahandler do the work require_once MYBB_ROOT . "inc/datahandlers/login.php"; $loginhandler = new LoginDataHandler("get"); $mybb->input['remember'] = "yes"; $loginhandler->set_data($user); $validated = $loginhandler->validate_login(); $loginhandler->complete_login(); // Create session for this user require_once MYBB_ROOT . "inc/class_session.php"; $session = new session(); $session->init(); $mybb->session =& $session; $mybb->post_code = generate_post_check(); // Send new users post code header("Content-type: text/plain; charset={$charset}"); echo $mybb->post_code; exit; } else { log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log); error($lang->as_notattacheduser); } } } }