public function display($id = null, $name = null, $page = null, $pid = null)
{
global $lang_common, $lang_post, $lang_topic, $lang_bbeditor, $pd;
if ($this->user->g_read_board == '0') {
message($lang_common['No view'], '403');
}
// Load the viewtopic.php language file
require FEATHER_ROOT . 'lang/' . $this->user->language . '/topic.php';
// Load the post.php language file
require FEATHER_ROOT . 'lang/' . $this->user->language . '/post.php';
// Antispam feature
require FEATHER_ROOT . 'lang/' . $this->user->language . '/antispam.php';
$index_questions = rand(0, count($lang_antispam_questions) - 1);
// BBcode toolbar feature
require FEATHER_ROOT . 'lang/' . $this->user['language'] . '/bbeditor.php';
// Load the viewtopic.php model file
require_once FEATHER_ROOT . 'model/viewtopic.php';
// Fetch some informations about the topic TODO
$cur_topic = $this->model->get_info_topic($id);
// Sort out who the moderators are and if we are currently a moderator (or an admin)
$mods_array = $cur_topic['moderators'] != '' ? unserialize($cur_topic['moderators']) : array();
$is_admmod = $this->user->g_id == FEATHER_ADMIN || $this->user->g_moderator == '1' && array_key_exists($this->user->username, $mods_array) ? true : false;
if ($is_admmod) {
$admin_ids = get_admin_ids();
}
// Can we or can we not post replies?
$post_link = $this->model->get_post_link($id, $cur_topic['closed'], $cur_topic['post_replies'], $is_admmod);
// Add/update this topic in our list of tracked topics
if (!$this->user->is_guest) {
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$id] = time();
set_tracked_topics($tracked_topics);
}
// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $this->user->disp_posts);
$p = !isset($page) || $page <= 1 || $page > $num_pages ? 1 : intval($page);
$start_from = $this->user->disp_posts * ($p - 1);
$url_topic = url_friendly($cur_topic['subject']);
$url_forum = url_friendly($cur_topic['forum_name']);
// Generate paging links
$paging_links = '<span class="pages-label">' . $lang_common['Pages'] . ' </span>' . paginate($num_pages, $p, 'topic/' . $id . '/' . $url_topic . '/#');
if ($this->config['o_censoring'] == '1') {
$cur_topic['subject'] = censor_words($cur_topic['subject']);
}
$quickpost = $this->model->is_quickpost($cur_topic['post_replies'], $cur_topic['closed'], $is_admmod);
$subscraction = $this->model->get_subscraction($cur_topic['is_subscribed'], $id);
// Add relationship meta tags
$page_head = $this->model->get_page_head($id, $num_pages, $p, $url_topic);
$page_title = array(feather_escape($this->config['o_board_title']), feather_escape($cur_topic['forum_name']), feather_escape($cur_topic['subject']));
define('FEATHER_ALLOW_INDEX', 1);
define('FEATHER_ACTIVE_PAGE', 'viewtopic');
$this->header->setTitle($page_title)->setPage($p)->setPagingLinks($paging_links)->setPageHead($page_head)->display();
$forum_id = $cur_topic['forum_id'];
require FEATHER_ROOT . 'include/parser.php';
$this->feather->render('viewtopic.php', array('id' => $id, 'p' => $p, 'post_data' => $this->model->print_posts($id, $start_from, $cur_topic, $is_admmod), 'lang_common' => $lang_common, 'lang_topic' => $lang_topic, 'lang_post' => $lang_post, 'lang_bbeditor' => $lang_bbeditor, 'cur_topic' => $cur_topic, 'subscraction' => $subscraction, 'is_admmod' => $is_admmod, 'feather_config' => $this->config, 'paging_links' => $paging_links, 'post_link' => $post_link, 'start_from' => $start_from, 'lang_antispam' => $lang_antispam, 'pid' => $pid, 'quickpost' => $quickpost, 'index_questions' => $index_questions, 'lang_antispam_questions' => $lang_antispam_questions, 'url_forum' => $url_forum, 'url_topic' => $url_topic, 'feather' => $this->feather));
// Increment "num_views" for topic
$this->model->increment_views($id);
$this->footer->display('viewtopic', $id, $p, $pid, $cur_topic['forum_id'], $num_pages);
}
public function markforumread($id)
{
global $lang_common;
if ($this->user->is_guest) {
message($lang_common['No permission'], '403');
}
// Load the misc.php language file
require FEATHER_ROOT . 'lang/' . $this->user->language . '/misc.php';
$tracked_topics = get_tracked_topics();
$tracked_topics['forums'][$id] = time();
set_tracked_topics($tracked_topics);
redirect(get_link('forum/' . $id . '/'), $lang_misc['Mark forum read redirect']);
}
public function login()
{
global $db_type, $lang_login;
$form_username = feather_trim($this->request->post('req_username'));
$form_password = feather_trim($this->request->post('req_password'));
$save_pass = $this->request->post('save_pass');
$user = DB::for_table('users')->where('username', $form_username)->find_one();
$authorized = false;
if (!empty($user->password)) {
$form_password_hash = feather_hash($form_password);
// Will result in a SHA-1 hash
// If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2
// Maybe this should be removed
if (strlen($user->password) != 40) {
if (md5($form_password) == $user->password) {
$authorized = true;
DB::for_table('users')->where('id', $user->id)->find_one()->set('password', $form_password_hash)->save();
}
} else {
$authorized = $user->password == $form_password_hash;
}
}
if (!$authorized) {
message($lang_login['Wrong user/pass'] . ' <a href="' . get_link('login/action/forget/') . '">' . $lang_login['Forgotten pass'] . '</a>');
}
// Update the status if this is the first time the user logged in
if ($user->group_id == FEATHER_UNVERIFIED) {
DB::for_table('users')->where('id', $user->id)->find_one()->set('group_id', $this->config['o_default_user_group'])->save();
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
}
// Remove this user's guest entry from the online list
DB::for_table('online')->where('ident', get_remote_address())->delete_many();
$expire = $save_pass == '1' ? time() + 1209600 : time() + $this->config['o_timeout_visit'];
feather_setcookie($user->id, $form_password_hash, $expire);
// Reset tracked topics
set_tracked_topics(null);
// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
$redirect_url = validate_redirect($this->request->post('redirect_url'), get_base_url());
redirect(feather_escape($redirect_url), $lang_login['Login redirect']);
}
}
($hook = get_hook('li_logout_selected')) ? eval($hook) : null;
// Remove user from "users online" list.
$query = array('DELETE' => 'online', 'WHERE' => 'user_id=' . $forum_user['id']);
($hook = get_hook('li_logout_qr_delete_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Update last_visit (make sure there's something to update it with)
if (isset($forum_user['logged'])) {
$query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']);
($hook = get_hook('li_logout_qr_update_last_visit')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
$expire = time() + 1209600;
forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire);
// Reset tracked topics
set_tracked_topics(null);
($hook = get_hook('li_logout_pre_redirect')) ? eval($hook) : null;
redirect(forum_link($forum_url['index']), $lang_login['Logout redirect']);
} else {
if (0) {
if (!$forum_user['is_guest']) {
header('Location: ' . forum_link($forum_url['index']));
}
($hook = get_hook('li_forgot_pass_selected')) ? eval($hook) : null;
if (isset($_POST['form_sent'])) {
// User pressed the cancel button
if (isset($_POST['cancel'])) {
redirect(forum_link($forum_url['index']), $lang_login['New password cancel redirect']);
}
if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/email.php';
check_forum_login_cookie($cur_topic['forum_id'], $cur_topic['password']);
}
if ($cur_topic['protected'] == '1' && $panther_user['username'] != $cur_topic['poster'] && !$is_admmod) {
message($lang_common['No permission']);
}
if ($panther_config['o_archiving'] == '1' && $cur_topic['archived'] == '0') {
if ($cur_topic['archived'] !== '2') {
$archive_rules = unserialize($panther_config['o_archive_rules']);
$cur_topic['archived'] = check_archive_rules($archive_rules, $id);
}
}
// Add/update this topic in our list of tracked topics
if (!$panther_user['is_guest']) {
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$id] = time();
set_tracked_topics($tracked_topics);
}
// Preg replace is slow!
$url_subject = url_friendly($cur_topic['subject']);
$url_forum = url_friendly($cur_topic['forum_name']);
// Determine the post offset (based on $_GET['p'])
$num_pages = ceil(($cur_topic['num_replies'] + 1) / $panther_user['disp_posts']);
$p = !isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages ? 1 : intval($_GET['p']);
$start_from = $panther_user['disp_posts'] * ($p - 1);
if ($panther_config['o_censoring'] == '1') {
$cur_topic['subject'] = censor_words($cur_topic['subject']);
}
$quickpost = false;
if ($panther_config['o_quickpost'] == '1' && $cur_topic['archived'] != '1' && ($cur_topic['post_replies'] == '1' || $cur_topic['post_replies'] == '' && $panther_user['g_post_replies'] == '1') && ($cur_topic['closed'] == '0' || $is_admmod)) {
// Load the post.php language file
require PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/post.php';
function add_post($post_info, &$new_pid)
{
global $forum_db, $db_type, $forum_config, $lang_common;
$return = ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// Add the post
$query = array('INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['hide_smilies'] . ', ' . $post_info['posted'] . ', ' . $post_info['topic_id']);
// If it's a guest post, there might be an e-mail address we need to include
if ($post_info['is_guest'] && $post_info['poster_email'] != null) {
$query['INSERT'] .= ', poster_email';
$query['VALUES'] .= ', \'' . $forum_db->escape($post_info['poster_email']) . '\'';
}
($hook = get_hook('fn_add_post_qr_add_post')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$new_pid = $forum_db->insert_id();
if (!$post_info['is_guest']) {
// Subscribe or unsubscribe?
if ($post_info['subscr_action'] == 1) {
$query = array('INSERT' => 'user_id, topic_id', 'INTO' => 'subscriptions', 'VALUES' => $post_info['poster_id'] . ' ,' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_add_subscription')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
} else {
if ($post_info['subscr_action'] == 2) {
$query = array('DELETE' => 'subscriptions', 'WHERE' => 'topic_id=' . $post_info['topic_id'] . ' AND user_id=' . $post_info['poster_id']);
($hook = get_hook('fn_add_post_qr_delete_subscription')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
}
}
// Count number of replies in the topic
$query = array('SELECT' => 'COUNT(p.id)', 'FROM' => 'posts AS p', 'WHERE' => 'p.topic_id=' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_get_topic_reply_count')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
$num_replies = $forum_db->result($result, 0) - 1;
// Update topic
$query = array('UPDATE' => 'topics', 'SET' => 'num_replies=' . $num_replies . ', last_post=' . $post_info['posted'] . ', last_post_id=' . $new_pid . ', last_poster=\'' . $forum_db->escape($post_info['poster']) . '\'', 'WHERE' => 'id=' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_update_topic')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
sync_forum($post_info['forum_id']);
if (!defined('FORUM_SEARCH_IDX_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/search_idx.php';
}
update_search_index('post', $new_pid, $post_info['message']);
send_subscriptions($post_info, $new_pid);
// Increment user's post count & last post time
if (isset($post_info['update_user'])) {
if ($post_info['is_guest']) {
$query = array('UPDATE' => 'online', 'SET' => 'last_post=' . $post_info['posted'], 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\'');
} else {
$query = array('UPDATE' => 'users', 'SET' => 'num_posts=num_posts+1, last_post=' . $post_info['posted'], 'WHERE' => 'id=' . $post_info['poster_id']);
}
($hook = get_hook('fn_add_post_qr_update_last_post')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
// If the posting user is logged in update his/her unread indicator
if (!$post_info['is_guest'] && isset($post_info['update_unread']) && $post_info['update_unread']) {
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$post_info['topic_id']] = time();
set_tracked_topics($tracked_topics);
}
($hook = get_hook('fn_add_post_end')) ? eval($hook) : null;
}
function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
$is_authorized = pun_hash_equals(forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $cookie_seed . '_cookie_hash'), $cookie['cookie_hash']);
if (!$is_authorized) {
$expire = $now + 31536000;
// The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
$is_authorized = pun_hash_equals(forum_hmac($pun_user['password'], $cookie_seed . '_password_hash'), $cookie['password_hash']);
if (!isset($pun_user['id']) || !$is_authorized) {
$expire = $now + 31536000;
// The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $pun_config['o_timeout_visit'] ? $now + 1209600 : $now + $pun_config['o_timeout_visit'];
pun_setcookie($pun_user['id'], $pun_user['password'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
$pun_user['style'] = $pun_config['o_default_style'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$pun_user['logged'] = $now;
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ' WHERE NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id=' . $pun_user['id'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $pun_config['o_timeout_visit']);
}
}
} else {
if (!$pun_user['logged']) {
$pun_user['logged'] = $pun_user['last_visit'];
}
}
$pun_user['is_guest'] = false;
$pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1';
} else {
set_default_user();
}
}
function set_preferences()
{
global $db_type, $cookie_name;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
$now = time();
// Set a default language if the user selected language no longer exists
if (!file_exists(FEATHER_ROOT . 'lang/' . $feather->user->language)) {
$feather->user->language = $feather->config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(FEATHER_ROOT . 'style/' . $feather->user->style . '.css')) {
$feather->user->style = $feather->config['o_default_style'];
}
if (!$feather->user->disp_topics) {
$feather->user->disp_topics = $feather->config['o_disp_topics_default'];
}
if (!$feather->user->disp_posts) {
$feather->user->disp_posts = $feather->config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('FEATHER_QUIET_VISIT')) {
// Update the online list
if (!$feather->user->logged) {
$feather->user->logged = $now;
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
case 'sqlite3':
\DB::for_table('online')->raw_execute('REPLACE INTO ' . $feather->prefix . 'online (user_id, ident, logged) VALUES(:user_id, :ident, :logged)', array(':user_id' => $feather->user->id, ':ident' => $feather->user->username, ':logged' => $feather->user->logged));
break;
default:
\DB::for_table('online')->raw_execute('INSERT INTO ' . $feather->prefix . 'online (user_id, ident, logged) SELECT :user_id, :ident, :logged WHERE NOT EXISTS (SELECT 1 FROM ' . $feather->prefix . 'online WHERE user_id=:user_id)', array(':user_id' => $feather->user->id, ':ident' => $feather->user->username, ':logged' => $feather->user->logged));
break;
}
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($feather->user->logged < $now - $feather->config['o_timeout_visit']) {
\DB::for_table('users')->where('id', $feather->user->id)->find_one()->set('last_visit', $feather->user->logged)->save();
$feather->user->last_visit = $feather->user->logged;
}
$idle_sql = $feather->user->idle == '1' ? ', idle=0' : '';
\DB::for_table('online')->raw_execute('UPDATE ' . $feather->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=:user_id', array(':user_id' => $feather->user->id));
// Update tracked topics with the current expire time
$cookie_tracked_topics = $feather->getCookie($cookie_name . '_track');
if (isset($cookie_tracked_topics)) {
set_tracked_topics(json_decode($cookie_tracked_topics, true));
}
}
} else {
if (!$feather->user->logged) {
$feather->user->logged = $feather->user->last_visit;
}
}
}
public function increment_post_count($post, $new_tid)
{
if (!$this->user->is_guest) {
DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_post', $post['time'])->set_expr('num_posts', 'num_posts+1')->save();
// Promote this user to a new group if enabled
if ($this->user->g_promote_next_group != 0 && $this->user->num_posts + 1 >= $this->user->g_promote_min_posts) {
$new_group_id = $this->user->g_promote_next_group;
DB::for_table('users')->where('id', $this->user->id)->find_one()->set('group_id', $new_group_id)->save();
}
// Topic tracking stuff...
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$new_tid] = time();
set_tracked_topics($tracked_topics);
} else {
// Update the last_post field for guests
DB::for_table('online')->where('ident', get_remote_address())->find_one()->set('last_post', $post['time'])->save();
}
}
function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $flux_config;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$flux_config['cookie']['name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$flux_config['cookie']['name']], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $flux_config['cookie']['seed'] . '_cookie_hash') != $cookie['cookie_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Check if there's a user with the user ID and password hash from the cookie
$query = $db->select(array('user' => 'u.*', 'group' => 'g.*', 'logged' => 'o.logged', 'idle' => 'o.idle'), 'users AS u');
$query->innerJoin('g', 'groups AS g', 'u.group_id = g.g_id');
$query->leftJoin('o', 'online AS o', 'o.user_id = u.id');
$query->where = 'u.id = :user_id';
$params = array(':user_id' => $cookie['user_id']);
$result = $query->run($params);
unset($query, $params);
// If the password is invalid
if (empty($result) || forum_hmac($result[0]['password'], $flux_config['cookie']['seed'] . '_password_hash') !== $cookie['password_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
pun_setcookie(1, pun_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
$pun_user = $result[0];
unset($result);
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $pun_config['o_timeout_visit'] ? $now + 1209600 : $now + $pun_config['o_timeout_visit'];
pun_setcookie($pun_user['id'], $pun_user['password'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
$pun_user['style'] = $pun_config['o_default_style'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$pun_user['logged'] = $now;
// REPLACE INTO avoids a user having two rows in the online table
$query = $db->replace(array('user_id' => ':user_id', 'logged' => ':logged'), 'online', array('ident' => ':ident'));
$params = array(':user_id' => $pun_user['id'], ':ident' => $pun_user['username'], ':logged' => $pun_user['logged']);
$query->run($params);
unset($query, $params);
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
$query = $db->update(array('last_visit' => ':logged'), 'users');
$query->where = 'id = :user_id';
$params = array(':logged' => $pun_user['logged'], ':user_id' => $pun_user['id']);
$query->run($params);
unset($query, $params);
$pun_user['last_visit'] = $pun_user['logged'];
}
$query = $db->update(array('logged' => ':now', 'idle' => '0'), 'online');
$query->where = 'user_id = :user_id';
$params = array(':now' => $now, ':user_id' => $pun_user['id']);
$query->run($params);
unset($query, $params);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$flux_config['cookie']['name'] . '_track'])) {
forum_setcookie($flux_config['cookie']['name'] . '_track', $_COOKIE[$flux_config['cookie']['name'] . '_track'], $now + $pun_config['o_timeout_visit']);
}
}
} else {
if (!$pun_user['logged']) {
$pun_user['logged'] = $pun_user['last_visit'];
}
}
$pun_user['is_guest'] = false;
$pun_user['is_admmod'] = $pun_user['g_id'] == PUN_ADMIN || $pun_user['g_moderator'] == '1';
} else {
set_default_user();
}
}
function check_cookie(&$panther_user)
{
global $db, $panther_config;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$panther_config['o_cookie_name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$panther_config['o_cookie_name']], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (!panther_hash_equals(hash_hmac('sha512', $cookie['user_id'] . '|' . $cookie['expiration_time'], $panther_config['o_cookie_seed'] . '_cookie_hash'), $cookie['cookie_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
$data = array(':id' => $cookie['user_id']);
// Check if there's a user with the user ID and password hash from the cookie
$ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=:id', $data);
$panther_user = $ps->fetch();
// If user authorisation failed
if (!isset($panther_user['id']) || !panther_hash_equals(hash_hmac('sha512', $panther_user['login_key'], $panther_config['o_cookie_seed'] . '_password_hash'), $cookie['password_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $panther_config['o_timeout_visit'] ? $now + 1209600 : $now + $panther_config['o_timeout_visit'];
panther_setcookie($panther_user['id'], $panther_user['login_key'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PANTHER_ROOT . 'lang/' . $panther_user['language'])) {
$panther_user['language'] = $panther_config['o_default_lang'];
}
$style_root = ($panther_config['o_style_path'] != 'style' ? $panther_config['o_style_path'] : PANTHER_ROOT . $panther_config['o_style_path']) . '/';
// Set a default style if the user selected style no longer exists
if (!file_exists($style_root . $panther_user['style'] . '.css')) {
$panther_user['style'] = $panther_config['o_default_style'];
}
if (!$panther_user['disp_topics']) {
$panther_user['disp_topics'] = $panther_config['o_disp_topics_default'];
}
if (!$panther_user['disp_posts']) {
$panther_user['disp_posts'] = $panther_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PANTHER_QUIET_VISIT')) {
// Update the online list
if (!$panther_user['logged']) {
$panther_user['logged'] = $now;
$data = array(':id' => $panther_user['id'], ':ident' => $panther_user['username'], ':logged' => $panther_user['logged']);
// REPLACE INTO avoids a user having two rows in the online table
$db->run('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES (:id, :ident, :logged)', $data);
// Reset tracked topics
set_tracked_topics(null);
} else {
$data = array(':id' => $panther_user['id']);
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($panther_user['logged'] < $now - $panther_config['o_timeout_visit']) {
$update = array('last_visit' => $panther_user['logged']);
$db->update('users', $update, 'id=:id', $data);
$panther_user['last_visit'] = $panther_user['logged'];
}
$update = array('logged' => $now);
if ($panther_user['idle'] == '1') {
$update['idle'] = 0;
}
$db->update('online', $update, 'user_id=:id', $data);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$panther_config['o_cookie_name'] . '_track'])) {
forum_setcookie($panther_config['o_cookie_name'] . '_track', $_COOKIE[$panther_config['o_cookie_name'] . '_track'], $now + $panther_config['o_timeout_visit']);
}
}
} else {
if (!$panther_user['logged']) {
$panther_user['logged'] = $panther_user['last_visit'];
}
}
$panther_user['is_guest'] = false;
$panther_user['is_admmod'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1';
$panther_user['is_admin'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1' && $panther_user['g_admin'] == '1';
$panther_user['is_bot'] = false;
} else {
set_default_user();
}
}
