$CryptHash = Users::make_crypt_hash($_POST['password']);
$DB->query("\n\t\t\t\t\t\t\tUPDATE users_main\n\t\t\t\t\t\t\tSET passhash = '" . db_string($CryptHash) . "'\n\t\t\t\t\t\t\tWHERE ID = {$UserID}");
}
if ($Enabled == 1) {
$SessionID = Users::make_secret();
$Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID));
if (isset($_POST['keeplogged']) && $_POST['keeplogged']) {
$KeepLogged = 1;
setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', $SSL, true);
} else {
$KeepLogged = 0;
setcookie('session', $Cookie, 0, '/', '', $SSL, true);
}
//TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that
// Because we <3 our staff
$Permissions = Permissions::get_permissions($PermissionID);
$CustomPermissions = unserialize($CustomPermissions);
if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) {
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
}
$DB->query("\n\t\t\t\t\t\t\tINSERT INTO users_sessions\n\t\t\t\t\t\t\t\t(UserID, SessionID, KeepLogged, Browser, OperatingSystem, IP, LastUpdate, FullUA)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$UserID}', '" . db_string($SessionID) . "', '{$KeepLogged}', '{$Browser}', '{$OperatingSystem}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "', '" . db_string($_SERVER['HTTP_USER_AGENT']) . "')");
$Cache->begin_transaction("users_sessions_{$UserID}");
$Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime()));
$Cache->commit_transaction(0);
$Sql = "\n\t\t\t\t\t\t\tUPDATE users_main\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tLastLogin = '******',\n\t\t\t\t\t\t\t\tLastAccess = '" . sqltime() . "'\n\t\t\t\t\t\t\tWHERE ID = '" . db_string($UserID) . "'";
$DB->query($Sql);
if (!empty($_COOKIE['redirect'])) {
$URL = $_COOKIE['redirect'];
setcookie('redirect', '', time() - 60 * 60 * 24, '/', '', false);
header("Location: {$URL}");
die;
$SphQL->order_by('RAND()', '');
unset($_GET['page']);
} else {
$SphQL->order_by($SortOrders[$OrderBy], $OrderWay);
}
$Submitted = !empty($_GET['submit']);
//Paranoia
if (!empty($_GET['userid'])) {
if (!is_number($_GET['userid'])) {
error('User ID must be an integer');
}
$UserInfo = Users::user_info($_GET['userid']);
if (empty($UserInfo)) {
error('That user does not exist');
}
$Perms = Permissions::get_permissions($UserInfo['PermissionID']);
$UserClass = $Perms['Class'];
}
$BookmarkView = false;
if (empty($_GET['type'])) {
$Title = 'Requests';
if (empty($_GET['showall'])) {
$SphQL->where('visible', 1);
}
} else {
switch ($_GET['type']) {
case 'created':
if (!empty($UserInfo)) {
if (!check_paranoia('requestsvoted_list', $UserInfo['Paranoia'], $Perms['Class'], $UserInfo['ID'])) {
error(403);
}
/**
* Gets the heavy user info
* Only used for current user
*
* @param $UserID The userid to get the information for
* @return fetched heavy info.
* Just read the goddamn code, I don't have time to comment this shit.
*/
public static function user_heavy_info($UserID)
{
$HeavyInfo = G::$Cache->get_value("user_info_heavy_{$UserID}");
if (empty($HeavyInfo)) {
$QueryID = G::$DB->get_query_id();
G::$DB->query("\n\t\t\t\tSELECT\n\t\t\t\t\tm.Invites,\n\t\t\t\t\tm.torrent_pass,\n\t\t\t\t\tm.IP,\n\t\t\t\t\tm.CustomPermissions,\n\t\t\t\t\tm.can_leech AS CanLeech,\n\t\t\t\t\ti.AuthKey,\n\t\t\t\t\ti.RatioWatchEnds,\n\t\t\t\t\ti.RatioWatchDownload,\n\t\t\t\t\ti.StyleID,\n\t\t\t\t\ti.StyleURL,\n\t\t\t\t\ti.DisableInvites,\n\t\t\t\t\ti.DisablePosting,\n\t\t\t\t\ti.DisableUpload,\n\t\t\t\t\ti.DisableWiki,\n\t\t\t\t\ti.DisableAvatar,\n\t\t\t\t\ti.DisablePM,\n\t\t\t\t\ti.DisableRequests,\n\t\t\t\t\ti.DisableForums,\n\t\t\t\t\ti.DisableTagging," . "\n\t\t\t\t\ti.SiteOptions,\n\t\t\t\t\ti.DownloadAlt,\n\t\t\t\t\ti.LastReadNews,\n\t\t\t\t\ti.LastReadBlog,\n\t\t\t\t\ti.RestrictedForums,\n\t\t\t\t\ti.PermittedForums,\n\t\t\t\t\tm.FLTokens,\n\t\t\t\t\tm.PermissionID\n\t\t\t\tFROM users_main AS m\n\t\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\t\tWHERE m.ID = '{$UserID}'");
$HeavyInfo = G::$DB->next_record(MYSQLI_ASSOC, array('CustomPermissions', 'SiteOptions'));
if (!empty($HeavyInfo['CustomPermissions'])) {
$HeavyInfo['CustomPermissions'] = unserialize($HeavyInfo['CustomPermissions']);
} else {
$HeavyInfo['CustomPermissions'] = array();
}
if (!empty($HeavyInfo['RestrictedForums'])) {
$RestrictedForums = array_map('trim', explode(',', $HeavyInfo['RestrictedForums']));
} else {
$RestrictedForums = array();
}
unset($HeavyInfo['RestrictedForums']);
if (!empty($HeavyInfo['PermittedForums'])) {
$PermittedForums = array_map('trim', explode(',', $HeavyInfo['PermittedForums']));
} else {
$PermittedForums = array();
}
unset($HeavyInfo['PermittedForums']);
G::$DB->query("\n\t\t\t\tSELECT PermissionID\n\t\t\t\tFROM users_levels\n\t\t\t\tWHERE UserID = {$UserID}");
$PermIDs = G::$DB->collect('PermissionID');
foreach ($PermIDs as $PermID) {
$Perms = Permissions::get_permissions($PermID);
if (!empty($Perms['PermittedForums'])) {
$PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums'])));
}
}
$Perms = Permissions::get_permissions($HeavyInfo['PermissionID']);
unset($HeavyInfo['PermissionID']);
if (!empty($Perms['PermittedForums'])) {
$PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums'])));
}
if (!empty($PermittedForums) || !empty($RestrictedForums)) {
$HeavyInfo['CustomForums'] = array();
foreach ($RestrictedForums as $ForumID) {
$HeavyInfo['CustomForums'][$ForumID] = 0;
}
foreach ($PermittedForums as $ForumID) {
$HeavyInfo['CustomForums'][$ForumID] = 1;
}
} else {
$HeavyInfo['CustomForums'] = null;
}
if (isset($HeavyInfo['CustomForums'][''])) {
unset($HeavyInfo['CustomForums']['']);
}
$HeavyInfo['SiteOptions'] = unserialize($HeavyInfo['SiteOptions']);
if (!empty($HeavyInfo['SiteOptions'])) {
$HeavyInfo = array_merge($HeavyInfo, $HeavyInfo['SiteOptions']);
}
unset($HeavyInfo['SiteOptions']);
G::$DB->set_query_id($QueryID);
G::$Cache->cache_value("user_info_heavy_{$UserID}", $HeavyInfo, 0);
}
return $HeavyInfo;
}
<?
authorize();
$UserID = $_REQUEST['userid'];
if (!is_number($UserID)) {
error(404);
}
//For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[]
$U = Users::user_info($UserID);
if (!$U) {
error(404);
}
$Permissions = Permissions::get_permissions($U['PermissionID']);
if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) {
send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']);
error(403);
}
$Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet.");
$Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", array('regex' => '/^'.CSS_REGEX.'$/i'));
// The next two are commented out because the drop-down menus were replaced with a check box and radio buttons
//$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option.");
//$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option.");
$Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100)));
//$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1));
$Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option.");
$Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i"));
<?php
//TODO: Developer, add resend last donation when available AND add missing headers to Test IPN
enforce_login();
//Include the header
if ($LoggedUser['RatioWatch']) {
error('Due to the high volume of payment disputes, we do not accept donations from users on ratio watch. Sorry.');
}
if (!($UserCount = $Cache->get_value('stats_user_count'))) {
$DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM users_main\n\t\tWHERE Enabled = '1'");
list($UserCount) = $DB->next_record();
$Cache->cache_value('stats_user_count', $UserCount, 0);
//inf cache
}
$DonorPerms = Permissions::get_permissions(DONOR);
View::show_header('Donate');
?>
<!-- Donate -->
<div class="thin">
<?php
if (check_perms('site_debug')) {
?>
<div class="header">
<h2>Test IPN</h2>
</div>
<div class="box pad">
<form class="donate_form" name="test_paypal" method="post" action="donate.php">
<input type="hidden" name="action" value="ipn" />
<input type="hidden" name="auth" value="<?php
echo $LoggedUser['AuthKey'];
?>
