public function display($id = null, $name = null, $page = null, $pid = null) { global $lang_common, $lang_post, $lang_topic, $lang_bbeditor, $pd; if ($this->user->g_read_board == '0') { message($lang_common['No view'], '403'); } // Load the viewtopic.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/topic.php'; // Load the post.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/post.php'; // Antispam feature require FEATHER_ROOT . 'lang/' . $this->user->language . '/antispam.php'; $index_questions = rand(0, count($lang_antispam_questions) - 1); // BBcode toolbar feature require FEATHER_ROOT . 'lang/' . $this->user['language'] . '/bbeditor.php'; // Load the viewtopic.php model file require_once FEATHER_ROOT . 'model/viewtopic.php'; // Fetch some informations about the topic TODO $cur_topic = $this->model->get_info_topic($id); // Sort out who the moderators are and if we are currently a moderator (or an admin) $mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array(); $is_admmod = $this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false; if ($is_admmod) { $admin_ids = get_admin_ids(); } // Can we or can we not post replies? $post_link = $this->model->get_post_link($id, $cur_topic['closed'], $cur_topic['post_replies'], $is_admmod); // Add/update this topic in our list of tracked topics if (!$this->user->is_guest) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$id] = time(); set_tracked_topics($tracked_topics); } // Determine the post offset (based on $_GET['p']) $num_pages = ceil(($cur_topic['num_replies'] + 1) / $this->user->disp_posts); $p = !isset($page) || $page <= 1 || $page > $num_pages ? 1 : intval($page); $start_from = $this->user->disp_posts * ($p - 1); $url_topic = url_friendly($cur_topic['subject']); $url_forum = url_friendly($cur_topic['forum_name']); // Generate paging links $paging_links = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate($num_pages, $p, 'topic/' . $id . '/' . $url_topic . '/#'); if ($this->config['o_censoring'] == '1') { $cur_topic['subject'] = censor_words($cur_topic['subject']); } $quickpost = $this->model->is_quickpost($cur_topic['post_replies'], $cur_topic['closed'], $is_admmod); $subscraction = $this->model->get_subscraction($cur_topic['is_subscribed'], $id); // Add relationship meta tags $page_head = $this->model->get_page_head($id, $num_pages, $p, $url_topic); $page_title = array(feather_escape($this->config['o_board_title']), feather_escape($cur_topic['forum_name']), feather_escape($cur_topic['subject'])); define('FEATHER_ALLOW_INDEX', 1); define('FEATHER_ACTIVE_PAGE', 'viewtopic'); $this->header->setTitle($page_title)->setPage($p)->setPagingLinks($paging_links)->setPageHead($page_head)->display(); $forum_id = $cur_topic['forum_id']; require FEATHER_ROOT . 'include/parser.php'; $this->feather->render('viewtopic.php', array('id' => $id, 'p' => $p, 'post_data' => $this->model->print_posts($id, $start_from, $cur_topic, $is_admmod), 'lang_common' => $lang_common, 'lang_topic' => $lang_topic, 'lang_post' => $lang_post, 'lang_bbeditor' => $lang_bbeditor, 'cur_topic' => $cur_topic, 'subscraction' => $subscraction, 'is_admmod' => $is_admmod, 'feather_config' => $this->config, 'paging_links' => $paging_links, 'post_link' => $post_link, 'start_from' => $start_from, 'lang_antispam' => $lang_antispam, 'pid' => $pid, 'quickpost' => $quickpost, 'index_questions' => $index_questions, 'lang_antispam_questions' => $lang_antispam_questions, 'url_forum' => $url_forum, 'url_topic' => $url_topic, 'feather' => $this->feather)); // Increment "num_views" for topic $this->model->increment_views($id); $this->footer->display('viewtopic', $id, $p, $pid, $cur_topic['forum_id'], $num_pages); }
public function markforumread($id) { global $lang_common; if ($this->user->is_guest) { message($lang_common['No permission'], '403'); } // Load the misc.php language file require FEATHER_ROOT . 'lang/' . $this->user->language . '/misc.php'; $tracked_topics = get_tracked_topics(); $tracked_topics['forums'][$id] = time(); set_tracked_topics($tracked_topics); redirect(get_link('forum/' . $id . '/'), $lang_misc['Mark forum read redirect']); }
public function login() { global $db_type, $lang_login; $form_username = feather_trim($this->request->post('req_username')); $form_password = feather_trim($this->request->post('req_password')); $save_pass = $this->request->post('save_pass'); $user = DB::for_table('users')->where('username', $form_username)->find_one(); $authorized = false; if (!empty($user->password)) { $form_password_hash = feather_hash($form_password); // Will result in a SHA-1 hash // If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2 // Maybe this should be removed if (strlen($user->password) != 40) { if (md5($form_password) == $user->password) { $authorized = true; DB::for_table('users')->where('id', $user->id)->find_one()->set('password', $form_password_hash)->save(); } } else { $authorized = $user->password == $form_password_hash; } } if (!$authorized) { message($lang_login['Wrong user/pass'] . ' <a href="' . get_link('login/action/forget/') . '">' . $lang_login['Forgotten pass'] . '</a>'); } // Update the status if this is the first time the user logged in if ($user->group_id == FEATHER_UNVERIFIED) { DB::for_table('users')->where('id', $user->id)->find_one()->set('group_id', $this->config['o_default_user_group'])->save(); // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require FEATHER_ROOT . 'include/cache.php'; } generate_users_info_cache(); } // Remove this user's guest entry from the online list DB::for_table('online')->where('ident', get_remote_address())->delete_many(); $expire = $save_pass == '1' ? time() + 1209600 : time() + $this->config['o_timeout_visit']; feather_setcookie($user->id, $form_password_hash, $expire); // Reset tracked topics set_tracked_topics(null); // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login) $redirect_url = validate_redirect($this->request->post('redirect_url'), get_base_url()); redirect(feather_escape($redirect_url), $lang_login['Login redirect']); }
} ($hook = get_hook('li_logout_selected')) ? eval($hook) : null; // Remove user from "users online" list. $query = array('DELETE' => 'online', 'WHERE' => 'user_id=' . $forum_user['id']); ($hook = get_hook('li_logout_qr_delete_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Update last_visit (make sure there's something to update it with) if (isset($forum_user['logged'])) { $query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']); ($hook = get_hook('li_logout_qr_update_last_visit')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } $expire = time() + 1209600; forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire); // Reset tracked topics set_tracked_topics(null); ($hook = get_hook('li_logout_pre_redirect')) ? eval($hook) : null; redirect(forum_link($forum_url['index']), $lang_login['Logout redirect']); } else { if (0) { if (!$forum_user['is_guest']) { header('Location: ' . forum_link($forum_url['index'])); } ($hook = get_hook('li_forgot_pass_selected')) ? eval($hook) : null; if (isset($_POST['form_sent'])) { // User pressed the cancel button if (isset($_POST['cancel'])) { redirect(forum_link($forum_url['index']), $lang_login['New password cancel redirect']); } if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/email.php';
check_forum_login_cookie($cur_topic['forum_id'], $cur_topic['password']); } if ($cur_topic['protected'] == '1' && $panther_user['username'] != $cur_topic['poster'] && !$is_admmod) { message($lang_common['No permission']); } if ($panther_config['o_archiving'] == '1' && $cur_topic['archived'] == '0') { if ($cur_topic['archived'] !== '2') { $archive_rules = unserialize($panther_config['o_archive_rules']); $cur_topic['archived'] = check_archive_rules($archive_rules, $id); } } // Add/update this topic in our list of tracked topics if (!$panther_user['is_guest']) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$id] = time(); set_tracked_topics($tracked_topics); } // Preg replace is slow! $url_subject = url_friendly($cur_topic['subject']); $url_forum = url_friendly($cur_topic['forum_name']); // Determine the post offset (based on $_GET['p']) $num_pages = ceil(($cur_topic['num_replies'] + 1) / $panther_user['disp_posts']); $p = !isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages ? 1 : intval($_GET['p']); $start_from = $panther_user['disp_posts'] * ($p - 1); if ($panther_config['o_censoring'] == '1') { $cur_topic['subject'] = censor_words($cur_topic['subject']); } $quickpost = false; if ($panther_config['o_quickpost'] == '1' && $cur_topic['archived'] != '1' && ($cur_topic['post_replies'] == '1' || $cur_topic['post_replies'] == '' && $panther_user['g_post_replies'] == '1') && ($cur_topic['closed'] == '0' || $is_admmod)) { // Load the post.php language file require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php';
function add_post($post_info, &$new_pid) { global $forum_db, $db_type, $forum_config, $lang_common; $return = ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null; if ($return != null) { return; } // Add the post $query = array('INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['hide_smilies'] . ', ' . $post_info['posted'] . ', ' . $post_info['topic_id']); // If it's a guest post, there might be an e-mail address we need to include if ($post_info['is_guest'] && $post_info['poster_email'] != null) { $query['INSERT'] .= ', poster_email'; $query['VALUES'] .= ', \'' . $forum_db->escape($post_info['poster_email']) . '\''; } ($hook = get_hook('fn_add_post_qr_add_post')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $new_pid = $forum_db->insert_id(); if (!$post_info['is_guest']) { // Subscribe or unsubscribe? if ($post_info['subscr_action'] == 1) { $query = array('INSERT' => 'user_id, topic_id', 'INTO' => 'subscriptions', 'VALUES' => $post_info['poster_id'] . ' ,' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_add_subscription')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } else { if ($post_info['subscr_action'] == 2) { $query = array('DELETE' => 'subscriptions', 'WHERE' => 'topic_id=' . $post_info['topic_id'] . ' AND user_id=' . $post_info['poster_id']); ($hook = get_hook('fn_add_post_qr_delete_subscription')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } } } // Count number of replies in the topic $query = array('SELECT' => 'COUNT(p.id)', 'FROM' => 'posts AS p', 'WHERE' => 'p.topic_id=' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_get_topic_reply_count')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $num_replies = $forum_db->result($result, 0) - 1; // Update topic $query = array('UPDATE' => 'topics', 'SET' => 'num_replies=' . $num_replies . ', last_post=' . $post_info['posted'] . ', last_post_id=' . $new_pid . ', last_poster=\'' . $forum_db->escape($post_info['poster']) . '\'', 'WHERE' => 'id=' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_update_topic')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); sync_forum($post_info['forum_id']); if (!defined('FORUM_SEARCH_IDX_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/search_idx.php'; } update_search_index('post', $new_pid, $post_info['message']); send_subscriptions($post_info, $new_pid); // Increment user's post count & last post time if (isset($post_info['update_user'])) { if ($post_info['is_guest']) { $query = array('UPDATE' => 'online', 'SET' => 'last_post=' . $post_info['posted'], 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\''); } else { $query = array('UPDATE' => 'users', 'SET' => 'num_posts=num_posts+1, last_post=' . $post_info['posted'], 'WHERE' => 'id=' . $post_info['poster_id']); } ($hook = get_hook('fn_add_post_qr_update_last_post')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } // If the posting user is logged in update his/her unread indicator if (!$post_info['is_guest'] && isset($post_info['update_unread']) && $post_info['update_unread']) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$post_info['topic_id']] = time(); set_tracked_topics($tracked_topics); } ($hook = get_hook('fn_add_post_end')) ? eval($hook) : null; }
function check_cookie(&$pun_user) { global $db, $db_type, $pun_config, $cookie_name, $cookie_seed; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) { $cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]); } // If it has a non-guest user, and hasn't expired if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) { // If the cookie has been tampered with $is_authorized = pun_hash_equals(forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $cookie_seed . '_cookie_hash'), $cookie['cookie_hash']); if (!$is_authorized) { $expire = $now + 31536000; // The cookie expires after a year pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Check if there's a user with the user ID and password hash from the cookie $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error()); $pun_user = $db->fetch_assoc($result); // If user authorisation failed $is_authorized = pun_hash_equals(forum_hmac($pun_user['password'], $cookie_seed . '_password_hash'), $cookie['password_hash']); if (!isset($pun_user['id']) || !$is_authorized) { $expire = $now + 31536000; // The cookie expires after a year pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Send a new, updated cookie with a new expiration timestamp $expire = $cookie['expiration_time'] > $now + $pun_config['o_timeout_visit'] ? $now + 1209600 : $now + $pun_config['o_timeout_visit']; pun_setcookie($pun_user['id'], $pun_user['password'], $expire); // Set a default language if the user selected language no longer exists if (!file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) { $pun_user['language'] = $pun_config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) { $pun_user['style'] = $pun_config['o_default_style']; } if (!$pun_user['disp_topics']) { $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; } if (!$pun_user['disp_posts']) { $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('PUN_QUIET_VISIT')) { // Update the online list if (!$pun_user['logged']) { $pun_user['logged'] = $now; // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table switch ($db_type) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': case 'sqlite': $db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); break; default: $db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ' WHERE NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id=' . $pun_user['id'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); break; } // Reset tracked topics set_tracked_topics(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) { $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); $pun_user['last_visit'] = $pun_user['logged']; } $idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : ''; $db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error()); // Update tracked topics with the current expire time if (isset($_COOKIE[$cookie_name . '_track'])) { forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $pun_config['o_timeout_visit']); } } } else { if (!$pun_user['logged']) { $pun_user['logged'] = $pun_user['last_visit']; } } $pun_user['is_guest'] = false; $pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1'; } else { set_default_user(); } }
function set_preferences() { global $db_type, $cookie_name; // Get Slim current session $feather = \Slim\Slim::getInstance(); $now = time(); // Set a default language if the user selected language no longer exists if (!file_exists(FEATHER_ROOT . 'lang/' . $feather->user->language)) { $feather->user->language = $feather->config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(FEATHER_ROOT . 'style/' . $feather->user->style . '.css')) { $feather->user->style = $feather->config['o_default_style']; } if (!$feather->user->disp_topics) { $feather->user->disp_topics = $feather->config['o_disp_topics_default']; } if (!$feather->user->disp_posts) { $feather->user->disp_posts = $feather->config['o_disp_posts_default']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('FEATHER_QUIET_VISIT')) { // Update the online list if (!$feather->user->logged) { $feather->user->logged = $now; // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table switch ($db_type) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': case 'sqlite': case 'sqlite3': \DB::for_table('online')->raw_execute('REPLACE INTO ' . $feather->prefix . 'online (user_id, ident, logged) VALUES(:user_id, :ident, :logged)', array(':user_id' => $feather->user->id, ':ident' => $feather->user->username, ':logged' => $feather->user->logged)); break; default: \DB::for_table('online')->raw_execute('INSERT INTO ' . $feather->prefix . 'online (user_id, ident, logged) SELECT :user_id, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $feather->prefix . 'online WHERE user_id=:user_id)', array(':user_id' => $feather->user->id, ':ident' => $feather->user->username, ':logged' => $feather->user->logged)); break; } // Reset tracked topics set_tracked_topics(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($feather->user->logged < $now - $feather->config['o_timeout_visit']) { \DB::for_table('users')->where('id', $feather->user->id)->find_one()->set('last_visit', $feather->user->logged)->save(); $feather->user->last_visit = $feather->user->logged; } $idle_sql = $feather->user->idle == '1' ? ', idle=0' : ''; \DB::for_table('online')->raw_execute('UPDATE ' . $feather->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=:user_id', array(':user_id' => $feather->user->id)); // Update tracked topics with the current expire time $cookie_tracked_topics = $feather->getCookie($cookie_name . '_track'); if (isset($cookie_tracked_topics)) { set_tracked_topics(json_decode($cookie_tracked_topics, true)); } } } else { if (!$feather->user->logged) { $feather->user->logged = $feather->user->last_visit; } } }
public function increment_post_count($post, $new_tid) { if (!$this->user->is_guest) { DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_post', $post['time'])->set_expr('num_posts', 'num_posts+1')->save(); // Promote this user to a new group if enabled if ($this->user->g_promote_next_group != 0 && $this->user->num_posts + 1 >= $this->user->g_promote_min_posts) { $new_group_id = $this->user->g_promote_next_group; DB::for_table('users')->where('id', $this->user->id)->find_one()->set('group_id', $new_group_id)->save(); } // Topic tracking stuff... $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$new_tid] = time(); set_tracked_topics($tracked_topics); } else { // Update the last_post field for guests DB::for_table('online')->where('ident', get_remote_address())->find_one()->set('last_post', $post['time'])->save(); } }
function check_cookie(&$pun_user) { global $db, $db_type, $pun_config, $flux_config; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it if (isset($_COOKIE[$flux_config['cookie']['name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$flux_config['cookie']['name']], $matches)) { $cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]); } // If it has a non-guest user, and hasn't expired if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) { // If the cookie has been tampered with if (forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $flux_config['cookie']['seed'] . '_cookie_hash') != $cookie['cookie_hash']) { $expire = $now + 31536000; // The cookie expires after a year pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Check if there's a user with the user ID and password hash from the cookie $query = $db->select(array('user' => 'u.*', 'group' => 'g.*', 'logged' => 'o.logged', 'idle' => 'o.idle'), 'users AS u'); $query->innerJoin('g', 'groups AS g', 'u.group_id = g.g_id'); $query->leftJoin('o', 'online AS o', 'o.user_id = u.id'); $query->where = 'u.id = :user_id'; $params = array(':user_id' => $cookie['user_id']); $result = $query->run($params); unset($query, $params); // If the password is invalid if (empty($result) || forum_hmac($result[0]['password'], $flux_config['cookie']['seed'] . '_password_hash') !== $cookie['password_hash']) { $expire = $now + 31536000; // The cookie expires after a year pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } $pun_user = $result[0]; unset($result); // Send a new, updated cookie with a new expiration timestamp $expire = $cookie['expiration_time'] > $now + $pun_config['o_timeout_visit'] ? $now + 1209600 : $now + $pun_config['o_timeout_visit']; pun_setcookie($pun_user['id'], $pun_user['password'], $expire); // Set a default language if the user selected language no longer exists if (!file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) { $pun_user['language'] = $pun_config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) { $pun_user['style'] = $pun_config['o_default_style']; } if (!$pun_user['disp_topics']) { $pun_user['disp_topics'] = $pun_config['o_disp_topics_default']; } if (!$pun_user['disp_posts']) { $pun_user['disp_posts'] = $pun_config['o_disp_posts_default']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('PUN_QUIET_VISIT')) { // Update the online list if (!$pun_user['logged']) { $pun_user['logged'] = $now; // REPLACE INTO avoids a user having two rows in the online table $query = $db->replace(array('user_id' => ':user_id', 'logged' => ':logged'), 'online', array('ident' => ':ident')); $params = array(':user_id' => $pun_user['id'], ':ident' => $pun_user['username'], ':logged' => $pun_user['logged']); $query->run($params); unset($query, $params); // Reset tracked topics set_tracked_topics(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) { $query = $db->update(array('last_visit' => ':logged'), 'users'); $query->where = 'id = :user_id'; $params = array(':logged' => $pun_user['logged'], ':user_id' => $pun_user['id']); $query->run($params); unset($query, $params); $pun_user['last_visit'] = $pun_user['logged']; } $query = $db->update(array('logged' => ':now', 'idle' => '0'), 'online'); $query->where = 'user_id = :user_id'; $params = array(':now' => $now, ':user_id' => $pun_user['id']); $query->run($params); unset($query, $params); // Update tracked topics with the current expire time if (isset($_COOKIE[$flux_config['cookie']['name'] . '_track'])) { forum_setcookie($flux_config['cookie']['name'] . '_track', $_COOKIE[$flux_config['cookie']['name'] . '_track'], $now + $pun_config['o_timeout_visit']); } } } else { if (!$pun_user['logged']) { $pun_user['logged'] = $pun_user['last_visit']; } } $pun_user['is_guest'] = false; $pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1'; } else { set_default_user(); } }
function check_cookie(&$panther_user) { global $db, $panther_config; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it if (isset($_COOKIE[$panther_config['o_cookie_name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$panther_config['o_cookie_name']], $matches)) { $cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]); } // If it has a non-guest user, and hasn't expired if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) { // If the cookie has been tampered with if (!panther_hash_equals(hash_hmac('sha512', $cookie['user_id'] . '|' . $cookie['expiration_time'], $panther_config['o_cookie_seed'] . '_cookie_hash'), $cookie['cookie_hash'])) { $expire = $now + 31536000; // The cookie expires after a year panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } $data = array(':id' => $cookie['user_id']); // Check if there's a user with the user ID and password hash from the cookie $ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=:id', $data); $panther_user = $ps->fetch(); // If user authorisation failed if (!isset($panther_user['id']) || !panther_hash_equals(hash_hmac('sha512', $panther_user['login_key'], $panther_config['o_cookie_seed'] . '_password_hash'), $cookie['password_hash'])) { $expire = $now + 31536000; // The cookie expires after a year panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Send a new, updated cookie with a new expiration timestamp $expire = $cookie['expiration_time'] > $now + $panther_config['o_timeout_visit'] ? $now + 1209600 : $now + $panther_config['o_timeout_visit']; panther_setcookie($panther_user['id'], $panther_user['login_key'], $expire); // Set a default language if the user selected language no longer exists if (!file_exists(PANTHER_ROOT . 'lang/' . $panther_user['language'])) { $panther_user['language'] = $panther_config['o_default_lang']; } $style_root = ($panther_config['o_style_path'] != 'style' ? $panther_config['o_style_path'] : PANTHER_ROOT . $panther_config['o_style_path']) . '/'; // Set a default style if the user selected style no longer exists if (!file_exists($style_root . $panther_user['style'] . '.css')) { $panther_user['style'] = $panther_config['o_default_style']; } if (!$panther_user['disp_topics']) { $panther_user['disp_topics'] = $panther_config['o_disp_topics_default']; } if (!$panther_user['disp_posts']) { $panther_user['disp_posts'] = $panther_config['o_disp_posts_default']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('PANTHER_QUIET_VISIT')) { // Update the online list if (!$panther_user['logged']) { $panther_user['logged'] = $now; $data = array(':id' => $panther_user['id'], ':ident' => $panther_user['username'], ':logged' => $panther_user['logged']); // REPLACE INTO avoids a user having two rows in the online table $db->run('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES (:id, :ident, :logged)', $data); // Reset tracked topics set_tracked_topics(null); } else { $data = array(':id' => $panther_user['id']); // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($panther_user['logged'] < $now - $panther_config['o_timeout_visit']) { $update = array('last_visit' => $panther_user['logged']); $db->update('users', $update, 'id=:id', $data); $panther_user['last_visit'] = $panther_user['logged']; } $update = array('logged' => $now); if ($panther_user['idle'] == '1') { $update['idle'] = 0; } $db->update('online', $update, 'user_id=:id', $data); // Update tracked topics with the current expire time if (isset($_COOKIE[$panther_config['o_cookie_name'] . '_track'])) { forum_setcookie($panther_config['o_cookie_name'] . '_track', $_COOKIE[$panther_config['o_cookie_name'] . '_track'], $now + $panther_config['o_timeout_visit']); } } } else { if (!$panther_user['logged']) { $panther_user['logged'] = $panther_user['last_visit']; } } $panther_user['is_guest'] = false; $panther_user['is_admmod'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1'; $panther_user['is_admin'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1' && $panther_user['g_admin'] == '1'; $panther_user['is_bot'] = false; } else { set_default_user(); } }