public function send() { if (!$this->_to || !$this->_subject || !$this->_view) { return FALSE; } if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') { ini_set('sendmail_from', $this->_from); } $headers = array('From: ' . $this->_from, 'Reply-to: ' . $this->_from); $this->config->base_url = 'http://' . $_SERVER['HTTP_HOST'] . url(); $this->template->parse_data($this->_data, $this->load); $message = $html = $this->load->view('emails/' . $this->_view, $this->_data); $text = $this->load->view('emails/' . $this->_view . '.txt', $this->_data); if ($text) { $headers[] = 'MIME-Version: 1.0'; $headers[] = 'Content-Type: multipart/alternative;' . "\n" . ' boundary="' . ($boundary = '--------' . unique_id()) . '"'; $message = '--' . $boundary . "\n"; $message .= 'Content-Type: text/plain; charset=UTF-8; format=flowed' . "\n\n"; $message .= str_replace('\\r', '', $text) . "\n\n"; $message .= '--' . $boundary . "\n"; $message .= 'Content-Type: text/html; charset=UTF-8;' . "\n\n"; $message .= str_replace('\\r', '', $html) . "\n\n"; } $result = mail(trim_word($this->_to, ', '), $this->config->nf_name . ' :: ' . $this->_subject, wordwrap($message, 70), implode("\r\n", $headers)); $this->reset(); return $result; }
public function confirm_image($max_attempts, &$confirm_id) { global $db, $user, $template; global $phpbb_root_path, $phpEx; $user->confirm_gc($this->confirm_type); if ($max_attempts) { $sql = 'SELECT COUNT(session_id) AS attempts FROM ' . CONFIRM_TABLE . "\n\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\tAND confirm_type = {$this->confirm_type}"; $result = $db->sql_query($sql); $attempts = (int) $db->sql_fetchfield('attempts'); $db->sql_freeresult($result); if ($attempts > $max_attempts) { return false; } } $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) $this->confirm_type, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_var('S_CONFIRM_CODE', true); return '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . $this->confirm_type) . '" alt="" title="" />'; }
function uploadAttributes($file_name, $file_size, $path, $id = '') { $access_key_id = $this->getOption('AWSAccessKeyID'); $secret_access_key = $this->getOption('AWSSecretAccessKey'); $bucket = $this->getOption('S3Bucket'); if (!($bucket && $access_key_id && $secret_access_key)) { throw new UnexpectedValueException('Configuration options AWSAccessKeyID, AWSSecretAccessKey, SQSQueueURL, S3Bucket required'); } $extension = file_extension($file_name); $mime = mime_from_path($file_name); if (!($mime && $extension)) { throw new UnexpectedValueException('Could not determine mime type or extension of: ' . $file_name); } if (!$id) { $id = unique_id($mime); } $s3_options = array(); $s3_options['bucket'] = $bucket; $s3_options['AWSAccessKeyId'] = $access_key_id; $s3_options['AWSSecretAccessKey'] = $secret_access_key; $s3_options['uniq_id'] = $id; $s3_options['path'] = $path . '.' . $extension; $s3_options['mime'] = $mime; $s3data = s3_upload_data($s3_options); $result = ''; if (!empty($s3data)) { $s3data['mime'] = $mime; $s3data['keyid'] = $access_key_id; //$s3data['id'] = $id; foreach ($s3data as $k => $v) { $result .= ' ' . $k . '="' . $v . '"'; } } return $result; }
public function write($data) { if (!isset($data['id']) || empty($data['id'])) { $data['id'] = unique_id(); } return parent::create($data); }
public function add_apa($type, $options = array()) { //generate unique id $unique_id = unique_id(); //check if all necessary information are given if (!$this->type_exists($type)) { return false; } $required = $this->get_apa_type($type)->required(); foreach ($required as $field) { if (!isset($options[$field])) { return false; } } $options['type'] = $type; //run pre-save-hook $options = $this->get_apa_type($type)->pre_save_func($unique_id, $options); //add apa to apatab $this->apa_tab[$unique_id] = $options; //save apatab $this->save_apa_tab($this->apa_tab); //maybe layout change necessary $this->get_apa_type($type)->add_layout_changes($unique_id); //run apa? return true; }
function _post($type) { $dir_jobs_queued = $this->_options['DirJobsQueued']; $job_id = empty($this->_options['JobID']) ? '' : $this->_options['JobID']; // make sure needed configuration is there if (!$dir_jobs_queued) { throw new UnexpectedValueException('Configuration option DirJobsQueued required'); } // if no JobID configuration option was set make up an ID if (!$job_id) { $job_id = unique_id($type . 'job'); } $path = end_with_slash($dir_jobs_queued); $path .= $job_id . '.xml'; // make sure we have a directory to write the job xml file to if (!safe_path($path)) { throw new RuntimeException('Could not create path: ' . $path); } // build job xml and write to file $xml_str = $this->_xmlBody($type); if (!@file_put_contents($path, $xml_str)) { throw new RuntimeException('Could not create file: ' . $path); } return $job_id; }
/** * Tries to acquire the lock by updating * the configuration variable in the database. * * As a lock may only be held by one process at a time, lock * acquisition may fail if another process is holding the lock * or if another process obtained the lock but never released it. * Locks are forcibly released after a timeout of 1 hour. * * @return bool true if lock was acquired * false otherwise */ public function acquire() { if ($this->locked) { return false; } if (!isset($this->config[$this->config_name])) { $this->config->set($this->config_name, '0', false); } $lock_value = $this->config[$this->config_name]; // make sure lock cannot be acquired by multiple processes if ($lock_value) { // if the other process is running more than an hour already we have to assume it // aborted without cleaning the lock $time = explode(' ', $lock_value); $time = $time[0]; if ($time + 3600 >= time()) { return false; } } $this->unique_id = time() . ' ' . unique_id(); // try to update the config value, if it was already modified by another // process we failed to acquire the lock. $this->locked = $this->config->set_atomic($this->config_name, $lock_value, $this->unique_id, false); return $this->locked; }
function main($id, $mode) { global $config, $template, $phpbb_admin_path, $phpEx; $collect_url = "http://www.phpbb.com/stats/receive_stats.php"; $this->tpl_name = 'acp_send_statistics'; $this->page_title = 'ACP_SEND_STATISTICS'; // generate a unique id if necessary if (!isset($config['questionnaire_unique_id'])) { $install_id = unique_id(); set_config('questionnaire_unique_id', $install_id); } else { $install_id = $config['questionnaire_unique_id']; } $collector = new phpbb_questionnaire_data_collector($install_id); // Add data provider $collector->add_data_provider(new phpbb_questionnaire_php_data_provider()); $collector->add_data_provider(new phpbb_questionnaire_system_data_provider()); $collector->add_data_provider(new phpbb_questionnaire_phpbb_data_provider($config)); $template->assign_vars(array('U_COLLECT_STATS' => $collect_url, 'RAW_DATA' => $collector->get_data_for_form(), 'U_ACP_MAIN' => append_sid("{$phpbb_admin_path}index.{$phpEx}"))); $raw = $collector->get_data_raw(); foreach ($raw as $provider => $data) { if ($provider == 'install_id') { $data = array($provider => $data); } $template->assign_block_vars('providers', array('NAME' => htmlspecialchars($provider))); foreach ($data as $key => $value) { if (is_array($value)) { $value = utf8_wordwrap(serialize($value), 75, "\n", true); } $template->assign_block_vars('providers.values', array('KEY' => utf8_htmlspecialchars($key), 'VALUE' => utf8_htmlspecialchars($value))); } } }
public function __construct() { parent::__construct(); if ($this->config->nf_http_authentication && is_null($this->session('user_id')) && $this->session('session', 'http_authentication')) { $this->session->destroy('session', 'http_authentication'); if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { $login = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } else { if (isset($_SERVER['REDIRECT_REMOTE_USER']) && preg_match('/Basic (.*)/', $_SERVER['REDIRECT_REMOTE_USER'], $matches)) { list($login, $password) = explode(':', base64_decode($matches[1])); } } if (isset($login, $password)) { $user = $this->db->select('user_id', 'password', 'salt')->from('nf_users')->where('last_activity_date <>', 0)->where('deleted', FALSE)->where('BINARY username', $login, 'OR', 'BINARY email', $login)->row(); if ($user) { if (!$user['salt'] && $this->load->library('password')->is_valid($password, $user['password'], FALSE)) { $this->db->where('user_id', (int) $user['user_id'])->update('nf_users', array('password' => $user['password'] = $this->password->encrypt($password . ($salt = unique_id())), 'salt' => $user['salt'] = $salt)); } if ($this->load->library('password')->is_valid($password . $user['salt'], $user['password'])) { $this->login((int) $user['user_id'], FALSE); if ($this->config->request_url == 'user/logout.html') { redirect(); } } } } } $this->_init(); }
public function _row($filepath, $filename) { $row = (object) array( 'extension' => extension($filename), 'name' => strtolower($filename), 'random' => time() . '_' . substr(md5(unique_id()), 0, 10) ); $row->filename = $row->random . '.' . $row->extension; $row->filepath = $filepath . $row->filename; return $row; }
/** * This function will load everything needed for the evil quick reply * * @param int $topic_id * @param int $forum_id * @param array $topic_data */ function quick_reply($topic_id, $forum_id, &$topic_data) { global $template, $user, $auth, $db; global $phpbb_root_path, $phpEx, $config; // Some little config for the quick reply, allows the admin to change these default values through the database. $qr_config = array('enabled' => true, 'display_subject' => true, 'hide_box' => false, 'resize' => false); // do evil_qr_ prefixed of the config values exist in $config // /me slaps highway of life foreach (array_keys($qr_config) as $key) { if (isset($config['evil_qr_' . $key])) { $qr_config[$key] = $config['evil_qr_' . $key]; } } // Check if user has reply permissions for this forum or the topic is locked (thanks damnian) if (!$auth->acl_get('f_reply', $forum_id) || $topic_data['topic_status'] == ITEM_LOCKED && !$auth->acl_get('m_lock', $forum_id) || !$qr_config['enabled']) { return; } // Hidden fields $s_hidden_fields = array('t' => $topic_id, 'f' => $forum_id, 'mode' => 'reply', 'lastclick' => time(), 'icon' => 0); // Set preferences such as allow smilies, bbcode, attachsig $reply_prefs = array('disable_bbcode' => $config['allow_bbcode'] && $user->optionget('bbcode') ? false : true, 'disable_smilies' => $config['allow_smilies'] && $user->optionget('smilies') ? false : true, 'disable_magic_url' => false, 'attach_sig' => $config['allow_sig'] && $user->optionget('attachsig') ? true : false, 'notify' => $config['allow_topic_notify'] && ($user->data['user_notify'] || isset($topic_data['notify_status'])) ? true : false, 'lock_topic' => $topic_data['topic_status'] == ITEM_LOCKED && $auth->acl_get('m_lock', $forum_id) ? true : false); foreach ($reply_prefs as $name => $value) { if ($value) { $s_hidden_fields[$name] = 1; } } $subject = (strpos($topic_data['topic_title'], 'Re: ') !== 0 ? 'Re: ' : '') . censor_text($topic_data['topic_title']); if (!$qr_config['display_subject']) { // /me is a show-off list($s_hidden_fields['subject'], $subject) = array($subject, ''); } // Confirmation code handling (stolen from posting.php) if ($config['enable_post_confirm'] && !$user->data['is_registered']) { // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\r\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\r\n\t\t\t\tAND confirm_type = " . CONFIRM_POST; $db->sql_query($sql); // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />')); } // new RC6/RC7 stuff add_form_key('posting'); // Page title & action URL, include session_id for security purpose $s_action = append_sid("{$phpbb_root_path}posting.{$phpEx}", false, true, $user->session_id); // Assign template variables $template->assign_vars(array('QR_SUBJECT' => $subject, 'S_QR_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_QR_POST_ACTION' => $s_action, 'S_QR_ENABLED' => $qr_config['enabled'], 'S_QR_SUBJECT' => $qr_config['display_subject'], 'S_QR_HIDE_BOX' => $qr_config['hide_box'], 'S_QR_RESIZE' => $qr_config['resize'])); }
function mybb_import_attachment($source) { global $convert_row, $convert; $target = phpbb_user_id($convert_row['uid']) . '_' . md5(unique_id()); import_attachment($source, $target); if (mybb_has_thumbnail($convert_row['thumbnail'])) { _import_check('upload_path', $convert_row['thumbnail'], 'thumb_' . $target); } return $target; }
public function _construct() { if (empty($this->name)) { $this->name = unique_id(); } if (empty($this->id)) { $this->id = unique_id(); } $acc_opts = array(); foreach ($this->accordion_opts as $opt) { $acc_opts[$opt] = $this->{$opt}; } $this->out = $this->jquery->Accordion($this->name, $this->options, $acc_opts); }
function phpbb_hash($password) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random_state = unique_id(); $random = ''; $count = 6; $random = ''; for ($i = 0; $i < $count; $i += 16) { $random_state = md5(unique_id() . $random_state); $random .= pack('H*', md5($random_state)); } $random = substr($random, 0, $count); $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); return $hash; }
/** * Cleans destination filename * * @access public * @param real|unique $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename * @param string $prefix Prefix applied to filename */ function clean_filename($mode = 'unique', $prefix = '') { if ($this->init_error) { return; } switch ($mode) { case 'real': // Replace any chars which may cause us problems with _ $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); $this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname))); $this->realname = preg_replace("/%(\\w{2})/", '_', $this->realname); $this->realname = $prefix . $this->realname . '_.' . $this->extension; break; case 'unique': default: $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; } }
public function upload($files, $dir = NULL, &$filename = NULL, $file_id = NULL, $var = NULL) { if (!file_exists($dir = './upload/' . ($dir ?: 'unknow'))) { if (!mkdir($dir, 0777, TRUE)) { return FALSE; } } do { $file = unique_id() . '.' . extension(basename($var ? $files['name'][$var] : $files['name'])); } while (file_exists($filename = $dir . '/' . $file)); if (move_uploaded_file($var ? $files['tmp_name'][$var] : $files['tmp_name'], $filename)) { if ($file_id) { $this->_unlink($file_id); $this->db->where('file_id', $file_id)->update('nf_files', array('user_id' => $this->user() ? $this->user('user_id') : NULL, 'path' => $filename, 'name' => $var ? $files['name'][$var] : $files['name'])); return $file_id; } else { return $this->add($filename, $var ? $files['name'][$var] : $files['name']); } } return FALSE; }
public function _construct() { if (empty($this->name)) { $this->name = unique_id(); } if (empty($this->class)) { $this->class = ""; } if (empty($this->id)) { $this->id = unique_id(); } $options = array(); foreach ($this->all_opts as $opt) { $options[$opt] = $this->{$opt}; } $this->jquery->qtip('.' . $this->name, 'return $(".' . $this->name . '_c", this).html();', $options); if (isset($this->usediv) && $this->usediv) { $this->out = '<div class="' . $this->name . ' ' . $this->class . '" id="' . $this->id . '"><div class="' . $this->name . '_c" style="display:none;">' . $this->content . '</div>' . $this->label . '</div>'; } else { $this->out = '<span class="' . $this->name . ' ' . $this->class . '" id="' . $this->id . '"><span class="' . $this->name . '_c" style="display:none;">' . $this->content . '</span>' . $this->label . '</span>'; } }
public function income_today($data = array()) { log_message('error', json_encode(array('step' => 'adddata', 'data' => $data)), 'today_income_log'); $new_log = $this->_is_exists($data); log_message('error', json_encode(array('step' => 'olddata', 'data' => $new_log)), 'today_income_log'); if (empty($new_log)) { $new_log = $data; $new_log['id'] = unique_id(); $id = 0; } else { $new_log['rel_data'] = json_decode($new_log['rel_data'], TRUE); if (is_null($new_log['rel_data'])) { $new_log['rel_data'] = $data['rel_data']; } else { if (isset($data['rel_data']['account'])) { $new_log['rel_data']['account'] = $data['rel_data']['account']; } if (isset($data['rel_data']['title'])) { $new_log['rel_data']['title'] = $data['rel_data']['title']; } foreach ($data['rel_data']['logs'] as $key => $value) { $check = $this->getUqieArr($new_log, $value); if (!$check) { $new_log['rel_data']['logs'][] = $value; } } } $id = $new_log['id']; unset($new_log['id']); } log_message('error', json_encode(array('step' => 'newdata', 'data' => $new_log)), 'today_income_log'); $new_log['rel_data']['money'] = 0; foreach ($new_log['rel_data']['logs'] as $key => $value) { $new_log['rel_data']['money'] += floatval($value['money']); } $new_log['created'] = date('Y-m-d H:i:s'); $new_log['rel_data'] = json_encode($new_log['rel_data']); return $this->save($new_log, $id); }
function build_captcha() { global $db, $cache, $config, $template, $user, $lang; // Clean old sessions and old confirm codes $user->confirm_gc(); // Generate the required confirmation code $confirm_image = ''; $code = unique_id(); // 0 (zero) could get confused with O (the letter) so we change it //$code = substr(str_replace(array('0'), array('Z'), strtoupper(base_convert($code, 16, 35))), 2, 6); // Easiest to read charset... some letters and numbers may be ambiguous $code = substr(str_replace(array('0', '1', '2', '5', 'O', 'I', 'Z', 'S'), array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H'), strtoupper(base_convert($code, 16, 35))), 2, $this->code_length); $confirm_id = md5(uniqid($user->ip)); $sql = "INSERT INTO " . CONFIRM_TABLE . " (confirm_id, session_id, code)\n\t\t\tVALUES ('" . $db->sql_escape($confirm_id) . "', '" . $db->sql_escape($user->data['session_id']) . "', '" . $db->sql_escape($code) . "')"; $result = $db->sql_query($sql); unset($code); $server_url = create_server_url(); $confirm_image = '<img src="' . append_sid($server_url . CMS_PAGE_PROFILE . '?mode=confirm&confirm_id=' . $confirm_id) . '" alt="" title="" />'; $template->assign_vars(array('S_CAPTCHA' => true, 'CONFIRM_IMG' => $confirm_image, 'CAPTCHA_HIDDEN' => '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />', 'CAPTCHA_CODE_LENGTH' => $this->code_length, 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['CONFIRM_CODE_IMPAIRED'], '<a href="mailto:' . $config['board_email'] . '">', '</a>'))); $return_array = array('confirm_id' => $confirm_id, 'confirm_image' => $confirm_image); return $return_array; }
/** * * @version Version 0.1 / $Id: functions.php 8491 2008-04-04 11:41:58Z acydburn $ * * Portable PHP password hashing framework. * * Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in * the public domain. * * There's absolutely no warranty. * * The homepage URL for this framework is: * * http://www.openwall.com/phpass/ * * Please be sure to update the Version line if you edit this file in any way. * It is suggested that you leave the main version number intact, but indicate * your project name (after the slash) and add your own revision information. * * Please do not change the "private" password hashing method implemented in * here, thereby making your hashes incompatible. However, if you must, please * change the hash type identifier (the "$P$") to something different. * * Obviously, since this code is in the public domain, the above are not * requirements (there can be none), but merely suggestions. * * * Hash the password */ function phpbb_hash($password) { $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $random_state = uniqid(); $random = ''; $count = 6; if ($fh = @fopen('/dev/urandom', 'rb')) { $random = fread($fh, $count); fclose($fh); } if (strlen($random) < $count) { $random = ''; for ($i = 0; $i < $count; $i += 16) { $random_state = md5(unique_id() . $random_state); $random .= pack('H*', md5($random_state)); } $random = substr($random, 0, $count); } $hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64); if (strlen($hash) == 34) { return $hash; } return md5($password); }
/** * Init - give message here or manually */ function parse_message($message = '') { // Init BBCode UID $this->bbcode_uid = substr(base_convert(unique_id(), 16, 36), 0, BBCODE_UID_LEN); if ($message) { $this->message = $message; } }
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\t\tAND confirm_type = " . CONFIRM_LOGIN; $db->sql_query($sql); // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'))); $err = $user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } } if (!$redirect) { // We just use what the session code determined... // If we are not within the admin directory we use the page dir... $redirect = ''; if (!$admin) { $redirect .= $user->page['page_dir'] ? $user->page['page_dir'] . '/' : ''; } $redirect .= $user->page['page_name'] . ($user->page['query_string'] ? '?' . htmlspecialchars($user->page['query_string']) : ''); } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('redirect' => $redirect, 'sid' => $user->session_id); if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_LOGIN_ACTION' => !$admin ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }
function main($id, $mode) { global $cache, $db, $user, $template, $table_prefix, $request; global $phpbb_root_path, $phpbb_container, $phpbb_log; $this->db_tools = $phpbb_container->get('dbal.tools'); $user->add_lang('acp/database'); $this->tpl_name = 'acp_database'; $this->page_title = 'ACP_DATABASE'; $action = $request->variable('action', ''); $submit = isset($_POST['submit']) ? true : false; $template->assign_vars(array('MODE' => $mode)); switch ($mode) { case 'backup': $this->page_title = 'ACP_BACKUP'; switch ($action) { case 'download': $type = $request->variable('type', ''); $table = array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array(''))); $format = $request->variable('method', ''); $where = $request->variable('where', ''); if (!sizeof($table)) { trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING); } $store = $download = $structure = $schema_data = false; if ($where == 'store_and_download' || $where == 'store') { $store = true; } if ($where == 'store_and_download' || $where == 'download') { $download = true; } if ($type == 'full' || $type == 'structure') { $structure = true; } if ($type == 'full' || $type == 'data') { $schema_data = true; } @set_time_limit(1200); @set_time_limit(0); $time = time(); $filename = 'backup_' . $time . '_' . unique_id(); $extractor = $phpbb_container->get('dbal.extractor'); $extractor->init_extractor($format, $filename, $time, $download, $store); $extractor->write_start($table_prefix); foreach ($table as $table_name) { // Get the table structure if ($structure) { $extractor->write_table($table_name); } else { // We might wanna empty out all that junk :D switch ($db->get_sql_layer()) { case 'sqlite': case 'sqlite3': $extractor->flush('DELETE FROM ' . $table_name . ";\n"); break; case 'mssql': case 'mssql_odbc': case 'mssqlnative': $extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n"); break; case 'oracle': $extractor->flush('TRUNCATE TABLE ' . $table_name . "/\n"); break; default: $extractor->flush('TRUNCATE TABLE ' . $table_name . ";\n"); break; } } // Data if ($schema_data) { $extractor->write_data($table_name); } } $extractor->write_end(); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_BACKUP'); if ($download == true) { exit; } trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action)); break; default: $tables = $this->db_tools->sql_list_tables(); asort($tables); foreach ($tables as $table_name) { if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0) { $template->assign_block_vars('tables', array('TABLE' => $table_name)); } } unset($tables); $template->assign_vars(array('U_ACTION' => $this->u_action . '&action=download')); $available_methods = array('gzip' => 'zlib', 'bzip2' => 'bz2'); foreach ($available_methods as $type => $module) { if (!@extension_loaded($module)) { continue; } $template->assign_block_vars('methods', array('TYPE' => $type)); } $template->assign_block_vars('methods', array('TYPE' => 'text')); break; } break; case 'restore': $this->page_title = 'ACP_RESTORE'; switch ($action) { case 'submit': $delete = $request->variable('delete', ''); $file = $request->variable('file', ''); $download = $request->variable('download', ''); if (!preg_match('#^backup_\\d{10,}_[a-z\\d]{16}\\.(sql(?:\\.(?:gz|bz2))?)$#', $file, $matches)) { trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } $file_name = $phpbb_root_path . 'store/' . $matches[0]; if (!file_exists($file_name) || !is_readable($file_name)) { trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } if ($delete) { if (confirm_box(true)) { unlink($file_name); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_DELETE'); trigger_error($user->lang['BACKUP_DELETE'] . adm_back_link($this->u_action)); } else { confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file))); } } else { if ($download || confirm_box(true)) { if ($download) { $name = $matches[0]; switch ($matches[1]) { case 'sql': $mimetype = 'text/x-sql'; break; case 'sql.bz2': $mimetype = 'application/x-bzip2'; break; case 'sql.gz': $mimetype = 'application/x-gzip'; break; } header('Cache-Control: private, no-cache'); header("Content-Type: {$mimetype}; name=\"{$name}\""); header("Content-disposition: attachment; filename={$name}"); @set_time_limit(0); $fp = @fopen($file_name, 'rb'); if ($fp !== false) { while (!feof($fp)) { echo fread($fp, 8192); } fclose($fp); } flush(); exit; } switch ($matches[1]) { case 'sql': $fp = fopen($file_name, 'rb'); $read = 'fread'; $seek = 'fseek'; $eof = 'feof'; $close = 'fclose'; $fgetd = 'fgetd'; break; case 'sql.bz2': $fp = bzopen($file_name, 'r'); $read = 'bzread'; $seek = ''; $eof = 'feof'; $close = 'bzclose'; $fgetd = 'fgetd_seekless'; break; case 'sql.gz': $fp = gzopen($file_name, 'rb'); $read = 'gzread'; $seek = 'gzseek'; $eof = 'gzeof'; $close = 'gzclose'; $fgetd = 'fgetd'; break; } switch ($db->get_sql_layer()) { case 'mysql': case 'mysql4': case 'mysqli': case 'sqlite': case 'sqlite3': while (($sql = $fgetd($fp, ";\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); } break; case 'postgres': $delim = ";\n"; while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false) { $query = trim($sql); if (substr($query, 0, 13) == 'CREATE DOMAIN') { list(, , $domain) = explode(' ', $query); $sql = "SELECT domain_name\n\t\t\t\t\t\t\t\t\t\t\t\tFROM information_schema.domains\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE domain_name = '{$domain}';"; $result = $db->sql_query($sql); if (!$db->sql_fetchrow($result)) { $db->sql_query($query); } $db->sql_freeresult($result); } else { $db->sql_query($query); } if (substr($query, 0, 4) == 'COPY') { while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\\.') { if ($sub === false) { trigger_error($user->lang['RESTORE_FAILURE'] . adm_back_link($this->u_action), E_USER_WARNING); } pg_put_line($db->get_db_connect_id(), $sub . "\n"); } pg_put_line($db->get_db_connect_id(), "\\.\n"); pg_end_copy($db->get_db_connect_id()); } } break; case 'oracle': while (($sql = $fgetd($fp, "/\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); } break; case 'mssql': case 'mssql_odbc': case 'mssqlnative': while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); } break; } $close($fp); // Purge the cache due to updated data $cache->purge(); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_RESTORE'); trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action)); break; } else { if (!$download) { confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file))); } } } default: $methods = array('sql'); $available_methods = array('sql.gz' => 'zlib', 'sql.bz2' => 'bz2'); foreach ($available_methods as $type => $module) { if (!@extension_loaded($module)) { continue; } $methods[] = $type; } $dir = $phpbb_root_path . 'store/'; $dh = @opendir($dir); $backup_files = array(); if ($dh) { while (($file = readdir($dh)) !== false) { if (preg_match('#^backup_(\\d{10,})_[a-z\\d]{16}\\.(sql(?:\\.(?:gz|bz2))?)$#', $file, $matches)) { if (in_array($matches[2], $methods)) { $backup_files[(int) $matches[1]] = $file; } } } closedir($dh); } if (!empty($backup_files)) { krsort($backup_files); foreach ($backup_files as $name => $file) { $template->assign_block_vars('files', array('FILE' => $file, 'NAME' => $user->format_date($name, 'd-m-Y H:i:s', true), 'SUPPORTED' => true)); } } $template->assign_vars(array('U_ACTION' => $this->u_action . '&action=submit')); break; } break; } }
/** * Return email header */ function build_header($to, $cc, $bcc) { global $config; $headers = array(); $headers[] = 'From: ' . $this->from; if ($cc) { $headers[] = 'Cc: ' . $cc; } if ($bcc) { $headers[] = 'Bcc: ' . $bcc; } $headers[] = 'Reply-To: ' . $this->replyto; $headers[] = 'Return-Path: <' . $config['board_email'] . '>'; $headers[] = 'Sender: <' . $config['board_email'] . '>'; $headers[] = 'MIME-Version: 1.0'; $headers[] = 'Message-ID: <' . md5(unique_id(time())) . '@' . $config['server_name'] . '>'; $headers[] = 'Date: ' . date('r', time()); $headers[] = 'Content-Type: text/plain; charset=UTF-8'; // format=flowed $headers[] = 'Content-Transfer-Encoding: 8bit'; // 7bit $headers[] = 'X-Priority: ' . $this->mail_priority; $headers[] = 'X-MSMail-Priority: ' . ($this->mail_priority == MAIL_LOW_PRIORITY ? 'Low' : ($this->mail_priority == MAIL_NORMAL_PRIORITY ? 'Normal' : 'High')); $headers[] = 'X-Mailer: PhpBB3'; $headers[] = 'X-MimeOLE: phpBB3'; $headers[] = 'X-phpBB-Origin: phpbb://' . str_replace(array('http://', 'https://'), array('', ''), generate_board_url()); // We use \n here instead of \r\n because our smtp mailer is adjusting it to \r\n automatically, whereby the php mail function only works // if using \n. if (sizeof($this->extra_headers)) { $headers[] = implode("\n", $this->extra_headers); } return implode("\n", $headers); }
/** * Remote upload method * Uploads file from given url * * @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif * @return filespec $file Object "filespec" is returned, all further operations can be done with this object * @access public */ protected function remote_upload($upload_url) { $upload_ary = array(); $upload_ary['local_mode'] = true; if (!preg_match('#^(https?://).*?\\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID')); } $url = parse_url($upload_url); $host = $url['host']; $path = $url['path']; $port = !empty($url['port']) ? (int) $url['port'] : 80; $upload_ary['type'] = 'application/octet-stream'; $url['path'] = explode('.', $url['path']); $ext = array_pop($url['path']); $url['path'] = implode('', $url['path']); $upload_ary['name'] = utf8_basename($url['path']) . ($ext ? '.' . $ext : ''); $filename = $url['path']; $filesize = 0; $remote_max_filesize = $this->get_max_file_size(); $errno = 0; $errstr = ''; if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) { return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED')); } // Make sure $path not beginning with / if (strpos($path, '/') === 0) { $path = substr($path, 1); } fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n"); fputs($fsock, "HOST: " . $host . "\r\n"); fputs($fsock, "Connection: close\r\n\r\n"); // Set a proper timeout for the socket socket_set_timeout($fsock, $this->upload->upload_timeout); $get_info = false; $data = ''; $length = false; $timer_stop = time() + $this->upload->upload_timeout; while ((!$length || $filesize < $length) && !@feof($fsock)) { if ($get_info) { if ($length) { // Don't attempt to read past end of file if server indicated length $block = @fread($fsock, min($length - $filesize, 1024)); } else { $block = @fread($fsock, 1024); } $filesize += strlen($block); if ($remote_max_filesize && $filesize > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } $data .= $block; } else { $line = @fgets($fsock, 1024); if ($line == "\r\n") { $get_info = true; } else { if (stripos($line, 'content-type: ') !== false) { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } else { if ($this->upload->max_filesize && stripos($line, 'content-length: ') !== false) { $length = (int) str_replace('content-length: ', '', strtolower($line)); if ($remote_max_filesize && $length && $length > $remote_max_filesize) { $max_filesize = get_formatted_filesize($remote_max_filesize, false); return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit'])); } } else { if (stripos($line, '404 not found') !== false) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND'); } } } } } $stream_meta_data = stream_get_meta_data($fsock); // Cancel upload if we exceed timeout if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT'); } } @fclose($fsock); if (empty($data)) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA'); } $filename = tempnam(sys_get_temp_dir(), unique_id() . '-'); if (!($fp = @fopen($filename, 'wb'))) { return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED'); } $upload_ary['size'] = fwrite($fp, $data); fclose($fp); unset($data); $upload_ary['tmp_name'] = $filename; /** @var filespec $file */ $file = $this->factory->get('filespec')->set_upload_ary($upload_ary)->set_upload_namespace($this->upload); $this->upload->common_checks($file); return $file; }
/** * Index messages on the fly as we convert them * @todo naderman, can you check that this works with the new search plugins as it's use is currently disabled (and thus untested) function search_indexing($message = '') { global $fulltext_search, $convert_row; if (!isset($convert_row['post_id'])) { return; } if (!$message) { if (!isset($convert_row['message'])) { return; } $message = $convert_row['message']; } $title = (isset($convert_row['title'])) ? $convert_row['title'] : ''; $fulltext_search->index('post', $convert_row['post_id'], $message, $title, $convert_row['poster_id'], $convert_row['forum_id']); } */ function make_unique_filename($filename) { if (!strlen($filename)) { $filename = md5(unique_id()) . '.dat'; } else { if ($filename[0] == '.') { $filename = md5(unique_id()) . $filename; } else { if (preg_match('/\\.([a-z]+)$/i', $filename, $m)) { $filename = preg_replace('/\\.([a-z]+)$/i', '_' . md5(unique_id()) . '.\\1', $filename); } else { $filename .= '_' . md5(unique_id()) . '.dat'; } } } return $filename; }
/** * Adds an user * * @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded. * @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array * @return the new user's ID. */ function user_add($user_row, $cp_data = false) { global $db, $user, $auth, $config, $phpbb_root_path, $phpEx; if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type'])) { return false; } $username_clean = utf8_clean_string($user_row['username']); if (empty($username_clean)) { return false; } $sql_ary = array('username' => $user_row['username'], 'username_clean' => $username_clean, 'user_password' => isset($user_row['user_password']) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type']); // These are the additional vars able to be specified $additional_vars = array('user_permissions' => '', 'user_timezone' => $config['board_timezone'], 'user_dateformat' => $config['default_dateformat'], 'user_lang' => $config['default_lang'], 'user_style' => (int) $config['default_style'], 'user_actkey' => '', 'user_ip' => '', 'user_regdate' => time(), 'user_passchg' => time(), 'user_options' => 895, 'user_inactive_reason' => 0, 'user_inactive_time' => 0, 'user_lastmark' => time(), 'user_lastvisit' => 0, 'user_lastpost_time' => 0, 'user_lastpage' => '', 'user_posts' => 0, 'user_dst' => (int) $config['board_dst'], 'user_colour' => '', 'user_occ' => '', 'user_interests' => '', 'user_avatar' => '', 'user_avatar_type' => 0, 'user_avatar_width' => 0, 'user_avatar_height' => 0, 'user_new_privmsg' => 0, 'user_unread_privmsg' => 0, 'user_last_privmsg' => 0, 'user_message_rules' => 0, 'user_full_folder' => PRIVMSGS_NO_BOX, 'user_emailtime' => 0, 'user_notify' => 0, 'user_notify_pm' => 1, 'user_notify_type' => NOTIFY_EMAIL, 'user_allow_pm' => 1, 'user_allow_viewonline' => 1, 'user_allow_viewemail' => 1, 'user_allow_massemail' => 1, 'user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => '', 'user_form_salt' => unique_id()); // Now fill the sql array with not required variables foreach ($additional_vars as $key => $default_value) { $sql_ary[$key] = isset($user_row[$key]) ? $user_row[$key] : $default_value; } // Any additional variables in $user_row not covered above? $remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary)); // Now fill our sql array with the remaining vars if (sizeof($remaining_vars)) { foreach ($remaining_vars as $key) { $sql_ary[$key] = $user_row[$key]; } } $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $user_id = $db->sql_nextid(); // Insert Custom Profile Fields if ($cp_data !== false && sizeof($cp_data)) { $cp_data['user_id'] = (int) $user_id; if (!class_exists('custom_profile')) { include_once $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; } $sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data)); $db->sql_query($sql); } // Place into appropriate group... $sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => (int) $user_id, 'group_id' => (int) $user_row['group_id'], 'user_pending' => 0)); $db->sql_query($sql); // Now make it the users default group... group_set_user_default($user_row['group_id'], array($user_id), false); // set the newest user and adjust the user count if the user is a normal user and no activation mail is sent if ($user_row['user_type'] == USER_NORMAL) { set_config('newest_user_id', $user_id, true); set_config('newest_username', $user_row['username'], true); set_config('num_users', $config['num_users'] + 1, true); $sql = 'SELECT group_colour FROM ' . GROUPS_TABLE . ' WHERE group_id = ' . (int) $user_row['group_id']; $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); set_config('newest_user_colour', $row['group_colour'], true); } return $user_id; }
protected function _create_home() { global $core, $user; if (_button() && is_ghost()) { $v = $this->__(array('cat' => 1, 'ticket_group' => 0, 'ticket_title', 'ticket_text', 'ticket_username', 'attachments')); $t_contact = $user->v(); if (f($v['ticket_username']) && _auth_get('ticket_create_admin')) { if (!preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['ticket_username'])) { $this->_error('#SIGN_LOGIN_ERROR'); } $sql = 'SELECT * FROM _members WHERE user_username = ? AND user_id <> 1 AND user_active = 1'; if (!($t_contact = _fieldrow(sql_filter($sql, $v['ticket_username'])))) { $this->_error('#SIGN_LOGIN_ERROR'); } } if (!($ticket_status = $core->cache_load('ticket_status_default'))) { $sql = 'SELECT status_id FROM _tickets_status WHERE status_default = 1'; $ticket_status = $core->cache_store(_field($sql, 'status_id', 0)); } $v2 = array('code' => substr(md5(unique_id()), 0, 8), 'childs' => 0, 'parent' => 0, 'deleted' => 0, 'lastreply' => (int) $user->time, 'group' => $v['ticket_group'], 'contact' => $t_contact['user_id'], 'aby' => 0, 'cat' => $v['cat'], 'status' => $ticket_status, 'start' => (int) $user->time, 'end' => 0, 'ip' => $user->i_ip, 'title' => $v['ticket_title'], 'text' => $v['ticket_text']); $sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $v2)); $v['ticket_id'] = _sql_nextid($sql); $v = array_merge($v, $v2); if (f($v['attachments'])) { $attachments = explode(',', $v['attachments']); $location = XFS . 'space/f/'; if (@is_dir($location)) { @(include XFS . 'core/upload.php'); $upload = new upload(); $umask = umask(0); $i = 0; foreach ($attachments as $row) { if (@file_exists($location . $row)) { $extension = _extension($row); if (preg_match('/\\.(' . $upload->ext_blacklist . ')$/', strtolower($row))) { $extension = 'txt'; } $filepath = _filename('_' . $v['code'] . '_' . $i, $extension); @rename($location . $row, $location . $filepath); $upload->chmod($location . $filepath); $insert_attach = array('ticket' => $v['ticket_id'], 'name' => $filepath, 'mime' => mime_content_type($location . $filepath), 'extension' => $extension, 'size' => filesize($location . $filepath), 'checksum' => md5_file($location . $filepath), 'downloads' => 0, 'time' => time()); $sql = 'INSERT INTO _tickets_attach' . _build_array('INSERT', prefix('attach', $insert_attach)); _sql($sql); $i++; } } @umask($umask); } } if ($v['parent']) { $sql = 'UPDATE _tickets SET ticket_childs = ticket_childs + 1 WHERE ticket_id = ?'; _sql(sql_filter($sql, $v['ticket_parent'])); } if (f($v['ticket_username'])) { $insert_note = array('ticket_id' => (int) $v['ticket_id'], 'user_id' => $user->v('user_id'), 'note_text' => _lang('TICKET_CREATE_STAFF'), 'note_time' => time(), 'note_cc' => 1); $sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $insert_note); _sql($sql); } $sql = 'SELECT group_name, group_email FROM _groups WHERE group_id = ?'; $d_group = _fieldrow(sql_filter($sql, $v['ticket_group'])); $ticket_subject = entity_decode($d_group['group_name'] . ' [#' . $v['code'] . ']: ' . $v['ticket_title']); $ticket_message = entity_decode($v['text']); $sql = 'SELECT m.user_email FROM _groups_members gm, _members m WHERE gm.member_group = ? AND gm.member_mod = ? AND gm.member_uid = m.user_id ORDER BY m.user_email'; $group_members = _rowset(sql_filter($sql, $v['group'], 1), false, 'user_email'); // // Common email notification require_once XFS . 'core/emailer.php'; $emailer = new emailer(); $emailer_vars = array('USERNAME' => $t_contact['user_username'], 'FULLNAME' => entity_decode(_fullname($t_contact)), 'SUBJECT' => entity_decode($v['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $v['code']))); $email_from = $d_group['group_email'] . '@' . $core->v('domain'); $user_template = 'ticket_' . $d_group['group_email']; // // Notify ticket creator $emailer->from($email_from); $emailer->set_subject($ticket_subject); $emailer->use_template($user_template); $emailer->email_address($t_contact['user_email']); $emailer->set_decode(true); $emailer->assign_vars($emailer_vars); $emailer->send(); $emailer->reset(); // // Notify group mods $emailer->from($email_from); $emailer->use_template('ticket_tech'); $emailer->set_subject($ticket_subject); foreach ($group_members as $i => $row) { $method = !$i ? 'email_address' : 'cc'; $emailer->{$method}($row); } $emailer->set_decode(true); $emailer->assign_vars($emailer_vars); $emailer->send(); $emailer->reset(); return $this->e(_link($this->m(), array('x1' => 'view', 'code' => $v['code']))); } $sql = 'SELECT group_id, group_name FROM _groups ORDER BY group_name'; _rowset_style($sql, 'groups'); $sql = 'SELECT cat_id, cat_name FROM _tickets_cat WHERE cat_id > 0 AND cat_group IN (??) GROUP BY cat_name ORDER BY cat_group, cat_name'; if (!($cat = _rowset_style(sql_filter($sql, $user->auth_groups()), 'cat', 'cat'))) { _style('no_cat'); } return v_style(array('CHANGE_USER' => sprintf(_lang('TICKET_CHANGE_USER'), _fullname($user->v())))); }
/** * Set/Update a persistent login key * * This method creates or updates a persistent session key. When a user makes * use of persistent (formerly auto-) logins a key is generated and stored in the * DB. When they revisit with the same key it's automatically updated in both the * DB and cookie. Multiple keys may exist for each user representing different * browsers or locations. As with _any_ non-secure-socket no passphrase login this * remains vulnerable to exploit. */ function set_login_key($user_id = false, $key = false, $user_ip = false) { global $config, $db; $user_id = $user_id === false ? $this->data['user_id'] : $user_id; $user_ip = $user_ip === false ? $this->ip : $user_ip; $key = $key === false ? $this->cookie_data['k'] ? $this->cookie_data['k'] : false : $key; $key_id = unique_id(hexdec(substr($this->session_id, 0, 8))); $sql_ary = array('key_id' => (string) md5($key_id), 'last_ip' => (string) $this->ip, 'last_login' => (int) time()); if (!$key) { $sql_ary += array('user_id' => (int) $user_id); } if ($key) { $sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_id . "\n\t\t\t\t\tAND key_id = '" . $db->sql_escape(md5($key)) . "'"; } else { $sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); } $db->sql_query($sql); $this->cookie_data['k'] = $key_id; return false; }
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); // $captcha->reset(); $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); $err = $user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('sid' => $user->session_id); if ($redirect) { $s_hidden_fields['redirect'] = $redirect; } if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }