function main($id, $mode)
{
global $db, $user, $phpbb_root_path, $config, $phpEx;
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(request_var('type', 0));
$captcha->execute();
garbage_collection();
exit_handler();
}
}
trigger_error($mode == 'post' || $mode == 'bump' || $mode == 'reply' ? 'NO_TOPIC' : 'NO_POST');
}
// Not able to reply to unapproved posts/topics
// TODO: add more descriptive language key
if ($auth->acl_get('m_approve', $forum_id) && (($mode == 'reply' || $mode == 'bump') && !$post_data['topic_approved'] || $mode == 'quote' && !$post_data['post_approved'])) {
trigger_error($mode == 'reply' || $mode == 'bump' ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
}
if ($mode == 'popup') {
upload_popup($post_data['forum_style']);
return;
}
$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
if ($config['enable_post_confirm'] && !$user->data['is_registered']) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
}
// Use post_row values in favor of submitted ones...
$forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id;
$topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id;
$post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id;
// Need to login to passworded forum first?
if ($post_data['forum_password']) {
login_forum_box(array('forum_id' => $forum_id, 'forum_name' => $post_data['forum_name'], 'forum_password' => $post_data['forum_password']));
}
// Check permissions
if ($user->data['is_bot']) {
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
// Is the user able to read within this forum?
/**
* Session garbage collection
*
* This looks a lot more complex than it really is. Effectively we are
* deleting any sessions older than an admin definable limit. Due to the
* way in which we maintain session data we have to ensure we update user
* data before those sessions are destroyed. In addition this method
* removes autologin key information that is older than an admin defined
* limit.
*/
function session_gc()
{
global $db, $config, $phpbb_root_path, $phpEx;
$batch_size = 10;
if (!$this->time_now) {
$this->time_now = time();
}
// Firstly, delete guest sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE session_user_id = ' . ANONYMOUS . '
AND session_time < ' . (int) ($this->time_now - $config['session_length']);
$db->sql_query($sql);
// Get expired sessions, only most recent for each user
$sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
FROM ' . SESSIONS_TABLE . '
WHERE session_time < ' . ($this->time_now - $config['session_length']) . '
GROUP BY session_user_id, session_page';
$result = $db->sql_query_limit($sql, $batch_size);
$del_user_id = array();
$del_sessions = 0;
while ($row = $db->sql_fetchrow($result)) {
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'\n\t\t\t\tWHERE user_id = " . (int) $row['session_user_id'];
$db->sql_query($sql);
$del_user_id[] = (int) $row['session_user_id'];
$del_sessions++;
}
$db->sql_freeresult($result);
if (sizeof($del_user_id)) {
// Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
AND session_time < ' . ($this->time_now - $config['session_length']);
$db->sql_query($sql);
}
if ($del_sessions < $batch_size) {
// Less than 10 users, update gc timer ... else we want gc
// called again to delete other sessions
set_config('session_last_gc', $this->time_now, true);
if ($config['max_autologin_time']) {
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
WHERE last_login < ' . (time() - 86400 * (int) $config['max_autologin_time']);
$db->sql_query($sql);
}
// only called from CRON; should be a safe workaround until the infrastructure gets going
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx;
}
phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
$db->sql_query($sql);
}
return;
}
/**
* Login function
*/
function login_db(&$username, &$password)
{
global $db, $config;
// do not allow empty password
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) {
// Visual Confirmation handling
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate();
if ($vc_response) {
return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
}
}
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert']) {
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, stripslashes($password_old_format), 'string');
if ($password == $password_new_format) {
if (!function_exists('utf8_to_cp1252')) {
global $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx;
}
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
// plain md5 support left in for conversions from other systems.
if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
} else {
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
}
}
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
// Check for old password hash...
if (strlen($row['user_password']) == 32) {
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
if ($row['user_login_attempts'] != 0) {
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login... set user_login_attempts to zero...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
// Give status about wrong password...
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
$err = $user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => $user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
/**
* If you display the captcha, run this function to check if they entered the correct captcha setting
*
* @return mixed $captcha->validate(); results (false on success, error string on failure)
*/
public function validate_captcha()
{
phpbb::_include('captcha/captcha_factory', false, 'phpbb_captcha_factory');
$captcha =& phpbb_captcha_factory::get_instance(phpbb::$config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
return $captcha->validate($this->request_data());
}
/**
* Entry point for delivering image CAPTCHAs in the ACP.
*/
function deliver_demo($selected)
{
global $db, $user, $config;
$captcha =& phpbb_captcha_factory::get_instance($selected);
$captcha->init(CONFIRM_REG);
$captcha->execute_demo();
garbage_collection();
exit_handler();
}
function main($id, $mode)
{
global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
//
if ($config['require_activation'] == USER_ACTIVATION_DISABLE) {
trigger_error('UCP_REGISTER_DISABLE');
}
include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx;
$coppa = isset($_REQUEST['coppa']) ? !empty($_REQUEST['coppa']) ? 1 : 0 : false;
$agreed = !empty($_POST['agreed']) ? 1 : 0;
$submit = isset($_POST['submit']) ? true : false;
$change_lang = request_var('change_lang', '');
$user_lang = request_var('lang', $user->lang_name);
if ($agreed) {
add_form_key('ucp_register');
} else {
add_form_key('ucp_register_terms');
}
if ($change_lang || $user_lang != $config['default_lang']) {
$use_lang = $change_lang ? basename($change_lang) : basename($user_lang);
if (!validate_language_iso_name($use_lang)) {
if ($change_lang) {
$submit = false;
// Setting back agreed to let the user view the agreement in his/her language
$agreed = empty($_GET['change_lang']) ? 0 : $agreed;
}
$user->lang_name = $user_lang = $use_lang;
$user->lang = array();
$user->data['user_lang'] = $user->lang_name;
$user->add_lang(array('common', 'ucp'));
} else {
$change_lang = '';
$user_lang = $user->lang_name;
}
}
$cp = new custom_profile();
$error = $cp_data = $cp_error = array();
if (!$agreed || $coppa === false && $config['coppa_enable'] || $coppa && !$config['coppa_enable']) {
$add_lang = $change_lang ? '&change_lang=' . urlencode($change_lang) : '';
$add_coppa = $coppa !== false ? '&coppa=' . $coppa : '';
$s_hidden_fields = array('change_lang' => $change_lang);
// If we change the language, we want to pass on some more possible parameter.
if ($change_lang) {
// We do not include the password
$s_hidden_fields = array_merge($s_hidden_fields, array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => $user->lang_name, 'tz' => request_var('tz', (double) $config['board_timezone'])));
}
// Checking amount of available languages
$sql = 'SELECT lang_id
FROM ' . LANG_TABLE;
$result = $db->sql_query($sql);
$lang_row = array();
while ($row = $db->sql_fetchrow($result)) {
$lang_row[] = $row;
}
$db->sql_freeresult($result);
if ($coppa === false && $config['coppa_enable']) {
$now = getdate();
$coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']);
unset($now);
$template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=0' . $add_lang), 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=1' . $add_lang), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang)));
} else {
$template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang . $add_coppa)));
}
unset($lang_row);
$this->tpl_name = 'ucp_agreement';
return;
}
// The CAPTCHA kicks in here. We can't help that the information gets lost on language change.
if ($config['enable_confirm']) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_REG);
}
// Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
$timezone = date('Z') / 3600;
$is_dst = date('I');
if ($config['board_timezone'] == $timezone || $config['board_timezone'] == $timezone - 1) {
$timezone = $is_dst ? $timezone - 1 : $timezone;
if (!isset($user->lang['tz_zones'][(string) $timezone])) {
$timezone = $config['board_timezone'];
}
} else {
$is_dst = $config['board_dst'];
$timezone = $config['board_timezone'];
}
$data = array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (double) $timezone));
// Check and initialize some variables if needed
if ($submit) {
$error = validate_data($data, array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array(array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), 'lang' => array('language_iso_name')));
if (!check_form_key('ucp_register')) {
$error[] = $user->lang['FORM_INVALID'];
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
if ($config['enable_confirm']) {
$vc_response = $captcha->validate($data);
if ($vc_response !== false) {
$error[] = $vc_response;
}
if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts']) {
$error[] = $user->lang['TOO_MANY_REGISTERS'];
}
}
// DNSBL check
if ($config['check_dnsbl']) {
if (($dnsbl = $user->check_dnsbl('register')) !== false) {
$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
}
}
// validate custom profile fields
$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);
if (!sizeof($error)) {
if ($data['new_password'] != $data['password_confirm']) {
$error[] = $user->lang['NEW_PASSWORD_ERROR'];
}
if ($data['email'] != $data['email_confirm']) {
$error[] = $user->lang['NEW_EMAIL_ERROR'];
}
}
if (!sizeof($error)) {
$server_url = generate_board_url();
// Which group by default?
$group_name = $coppa ? 'REGISTERED_COPPA' : 'REGISTERED';
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape($group_name) . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
trigger_error('NO_GROUP');
}
$group_id = $row['group_id'];
if (($coppa || $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) {
$user_actkey = gen_rand_string(mt_rand(6, 10));
$user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time();
} else {
$user_type = USER_NORMAL;
$user_actkey = '';
$user_inactive_reason = 0;
$user_inactive_time = 0;
}
$user_row = array('username' => $data['username'], 'user_password' => phpbb_hash($data['new_password']), 'user_email' => $data['email'], 'group_id' => (int) $group_id, 'user_timezone' => (double) $data['tz'], 'user_dst' => $is_dst, 'user_lang' => $data['lang'], 'user_type' => $user_type, 'user_actkey' => $user_actkey, 'user_ip' => $user->ip, 'user_regdate' => time(), 'user_inactive_reason' => $user_inactive_reason, 'user_inactive_time' => $user_inactive_time);
if ($config['new_member_post_limit']) {
$user_row['user_new'] = 1;
}
// Register user...
$user_id = user_add($user_row, $cp_data);
// This should not happen, because the required variables are listed above...
if ($user_id === false) {
trigger_error('NO_USER', E_USER_ERROR);
}
// Okay, captcha, your job is done.
if ($config['enable_confirm'] && isset($captcha)) {
$captcha->reset();
}
if ($coppa && $config['email_enable']) {
$message = $user->lang['ACCOUNT_COPPA'];
$email_template = 'coppa_welcome_inactive';
} else {
if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) {
$message = $user->lang['ACCOUNT_INACTIVE'];
$email_template = 'user_welcome_inactive';
} else {
if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable']) {
$message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
$email_template = 'admin_welcome_inactive';
} else {
$message = $user->lang['ACCOUNT_ADDED'];
$email_template = 'user_welcome';
}
}
}
if ($config['email_enable']) {
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$messenger = new messenger(false);
$messenger->template($email_template, $data['lang']);
$messenger->to($data['email'], $data['username']);
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($data['username']), 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
if ($coppa) {
$messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $data['email']));
}
$messenger->send(NOTIFY_EMAIL);
if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
// Grab an array of user_id's with a_user permissions ... these users can activate a user
$admin_ary = $auth->acl_get_list(false, 'a_user', false);
$admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
// Also include founders
$where_sql = ' WHERE user_type = ' . USER_FOUNDER;
if (sizeof($admin_ary)) {
$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
}
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
FROM ' . USERS_TABLE . ' ' . $where_sql;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$messenger->template('admin_activate', $row['user_lang']);
$messenger->to($row['user_email'], $row['username']);
$messenger->im($row['user_jabber'], $row['username']);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user_id}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
$messenger->send($row['user_notify_type']);
}
$db->sql_freeresult($result);
}
}
$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
trigger_error($message);
}
}
$s_hidden_fields = array('agreed' => 'true', 'change_lang' => 0);
if ($config['coppa_enable']) {
$s_hidden_fields['coppa'] = $coppa;
}
if ($config['enable_confirm']) {
$s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$confirm_image = '';
// Visual Confirmation - Show images
if ($config['enable_confirm']) {
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
}
//
$l_reg_cond = '';
switch ($config['require_activation']) {
case USER_ACTIVATION_SELF:
$l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
break;
case USER_ACTIVATION_ADMIN:
$l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
break;
}
$template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'EMAIL' => $data['email'], 'EMAIL_CONFIRM' => $data['email_confirm'], 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register')));
//
$user->profile_fields = array();
// Generate profile fields -> Template Block Variable profile_fields
$cp->generate_profile_fields('register', $user->get_iso_lang_id());
//
$this->tpl_name = 'ucp_register';
$this->page_title = 'UCP_REGISTRATION';
}
/**
* handle_captcha
*
* @param string $mode The mode, build or check, to either build the captcha/confirm box, or to check if the user entered the correct confirm_code
*
* @return Returns
* - True if the captcha code is correct and $mode is check or they do not need to view the captcha (permissions)
* - False if the captcha code is incorrect, or not given and $mode is check
*/
function handle_captcha($mode)
{
global $db, $template, $phpbb_root_path, $phpEx, $user, $config, $s_hidden_fields;
if ($user->data['user_id'] != ANONYMOUS || !$config['user_blog_guest_captcha']) {
return true;
}
blog_plugins::plugin_do_arg('function_handle_captcha', $mode);
if (file_exists($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx)) {
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
if ($mode == 'check') {
$captcha->validate();
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
return $captcha->is_solved();
} else {
if ($mode == 'build' && !$captcha->solved) {
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
$template->set_filenames(array('new_captcha' => 'blog/new_captcha.html'));
$template->assign_display('new_captcha', 'CAPTCHA', false);
return;
}
}
}
if ($mode == 'check') {
$confirm_id = request_var('confirm_id', '');
$confirm_code = request_var('confirm_code', '');
if ($confirm_id == '' || $confirm_code == '') {
return false;
}
$sql = 'SELECT code
FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\tAND session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
$result = $db->sql_query($sql);
$confirm_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) {
return false;
}
// add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
if (strpos($s_hidden_fields, 'confirm_id') === false) {
$s_hidden_fields .= build_hidden_fields(array('confirm_id' => $confirm_id, 'confirm_code' => $confirm_code));
}
return true;
} else {
if ($mode == 'build' && !handle_captcha('check')) {
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')));
$template->set_filenames(array('old_captcha' => 'blog/old_captcha.html'));
$template->assign_var('CAPTCHA', $template->display('old_captcha'));
}
}
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
self::_include('captcha/captcha_factory', 'phpbb_captcha_factory');
self::$user->add_lang('ucp');
$err = '';
// Make sure user->setup() has been called
if (empty(self::$user->lang)) {
self::$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !self::$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if (self::$user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if (self::$user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? self::$user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string(self::$username) != utf8_clean_string(self::$user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = self::$auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if (self::$user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', '');
if ($redirect) {
$redirect = titania_url::unbuild_url($redirect);
$base = $append = false;
titania_url::split_base_params($base, $append, $redirect);
redirect(titania_url::build_url($base, $append));
} else {
redirect(titania_url::build_url(titania_url::$current_page, titania_url::$params));
}
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
$captcha = phpbb_captcha_factory::get_instance(self::$config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
// Parse the captcha template
self::reset_template();
self::$template->set_filenames(array('captcha' => $captcha->get_template()));
// Correct confirm image link
self::$template->assign_var('CONFIRM_IMAGE_LINK', self::append_sid('ucp', 'mode=confirm&confirm_id=' . $captcha->confirm_id . '&type=' . $captcha->type));
self::$template->assign_display('captcha', 'CAPTCHA', false);
titania::set_custom_template();
$err = self::$user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf(self::$user->lang[$result['error_msg']], self::$config['email_enable'] ? '<a href="' . self::append_sid('ucp', 'mode=sendpassword') . '">' : '', self::$config['email_enable'] ? '</a>' : '', self::$config['board_contact'] ? '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">' : '', self::$config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = self::$user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !self::$config['board_contact'] ? sprintf(self::$user->lang[$result['error_msg']], '', '') : sprintf(self::$user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">', '</a>');
}
break;
}
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => self::$user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
titania::page_header('LOGIN');
self::$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => self::$config['email_enable'] ? self::append_sid('ucp', 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => self::$config['require_activation'] == USER_ACTIVATION_SELF && self::$config['email_enable'] ? self::append_sid('ucp', 'mode=resend_act') : '', 'U_TERMS_USE' => self::append_sid('ucp', 'mode=terms'), 'U_PRIVACY' => self::append_sid('ucp', 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? self::$user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
titania::page_footer(true, 'login_body.html');
}
/**
* Login function
*
* @param string $username
* @param string $password
* @param string $ip IP address the login is taking place from. Used to
* limit the number of login attempts per IP address.
* @param string $browser The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array A associative array of the format
* array(
* 'status' => status constant
* 'error_msg' => string
* 'user_row' => array
* )
*/
function login_mybb16($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
global $db, $config;
// do not allow empty password
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$username_clean = utf8_clean_string($username);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts, user_passwd_salt
FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($ip && !$config['ip_login_limit_use_forwarded'] || $forwarded_for && $config['ip_login_limit_use_forwarded']) {
$sql = 'SELECT COUNT(*) AS attempts
FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
if ($config['ip_login_limit_use_forwarded']) {
$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
} else {
$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
}
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
$attempt_data = array('attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => $row ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean);
$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
$result = $db->sql_query($sql);
} else {
$attempts = 0;
}
if (!$row) {
if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) {
return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => array('user_id' => ANONYMOUS));
}
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'] || $config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'];
// If there are too much login attempts, we need to check for an confirm image
// Every auth module is able to define what to do by itself...
if ($show_captcha) {
// Visual Confirmation handling
if (!class_exists('phpbb_captcha_factory')) {
global $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
$vc_response = $captcha->validate($row);
if ($vc_response) {
return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
} else {
$captcha->reset();
}
}
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert']) {
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, stripslashes($password_old_format), 'string', true);
if ($password == $password_new_format) {
if (md5(md5($row['user_passwd_salt']) . md5($password_old_format)) === $row['user_password']) {
$hash = phpbb_hash($password_new_format);
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape($hash) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = $hash;
} else {
// Although we weren't able to convert this password we have to
// increase login attempt count to make sure this cannot be exploited
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
}
}
}
// Check password ...
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
// Check for old password hash...
if (strlen($row['user_password']) == 32) {
$hash = phpbb_hash($password);
// Update the password in the users table to the new format
$sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
$db->sql_query($sql);
$row['user_password'] = $hash;
}
$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
if ($row['user_login_attempts'] != 0) {
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login... set user_login_attempts to zero...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
}
// Password incorrect - increase login attempts
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_attempts = user_login_attempts + 1
WHERE user_id = ' . (int) $row['user_id'] . '
AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
$db->sql_query($sql);
// Give status about wrong password...
return array('status' => $show_captcha ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => $show_captcha ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
public function main($album_id)
{
$this->user->add_lang_ext('phpbbgallery/core', array('gallery'));
$album_data = $this->album->get_info($album_id);
$this->display->generate_navigation($album_data);
add_form_key('gallery');
$album_backlink = $this->helper->route('phpbbgallery_album', array('album_id' => $album_id));
$album_loginlink = 'ucp.php?mode=login';
$error = '';
//Let's get authorization
$this->auth->load_user_premissions($this->user->data['user_id']);
if (!$this->auth->acl_check('i_upload', $album_id, $album_data['album_user_id']) || $album_data['album_status'] == $this->album->status_locked()) {
$this->misc->not_authorised($album_backlink, $album_loginlink, 'LOGIN_EXPLAIN_UPLOAD');
}
$page_title = 'Upload to "' . $album_data['album_name'] . '"';
// Before all
if (!$this->check_fs()) {
trigger_error('NO_WRITE_ACCESS');
}
$submit = $this->request->variable('submit', false);
$mode = $this->request->variable('mode', 'upload');
if ($mode == 'upload') {
// Upload Quota Check
// 1. Check album-configuration Quota
if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) {
//@todo: Add return link
trigger_error('ALBUM_REACHED_QUOTA');
}
// 2. Check user-limit, if he is not allowed to go unlimited
if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) {
$sql = 'SELECT COUNT(image_id) count
FROM ' . $this->images_table . '
WHERE image_user_id = ' . $this->user->data['user_id'] . '
AND image_status <> ' . $this->image->get_status_orphan() . '
AND image_album_id = ' . $album_id;
$result = $this->db->sql_query($sql);
$own_images = (int) $this->db->sql_fetchfield('count');
$this->db->sql_freeresult($result);
if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) {
//@todo: Add return link
trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])));
}
}
if ($this->misc->display_captcha('upload')) {
phpbb_gallery_url::_include('captcha/captcha_factory', 'phpbb');
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
$s_captcha_hidden_fields = '';
}
$upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads'));
$process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
if ($submit) {
if (!check_form_key('gallery')) {
trigger_error('FORM_INVALID');
}
//$process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
$process->set_rotating($this->request->variable('rotate', array(0)));
$process->set_allow_comments($this->request->variable('allow_comments', false));
/*if ($this->misc->display_captcha('upload'))
{
$captcha_error = $captcha->validate();
if ($captcha_error !== false)
{
$process->new_error($captcha_error);
}
}
*/
if (!$this->user->data['is_registered']) {
$username = $this->request->variable('username', $user->data['username']);
if ($result = validate_username($username)) {
$this->user->add_lang('ucp');
$error_array[] = $this->user->lang[$result . '_USERNAME'];
} else {
$process->set_username($username);
}
}
if (empty($process->errors)) {
for ($file_count = 0; $file_count < $upload_files_limit; $file_count++) {
/**
* Upload an image from the FILES-array,
* call some functions (rotate, resize, ...)
* and store the image to the database
*/
$file = $this->request->file('image_file_' . $file_count, '');
if (isset($file['size'])) {
if ($file['size'] > 0) {
$process->upload_file($file_count);
}
}
}
}
if (!$process->uploaded_files) {
$process->new_error($this->user->lang['UPLOAD_NO_FILE']);
} else {
$mode = 'upload_edit';
// Remove submit, so we get the first screen of step 2.
$submit = false;
}
$error = implode('<br />', $process->errors);
/*if (phpbb_gallery_misc::display_captcha('upload'))
{
$captcha->reset();
}*/
}
if (!$submit || isset($process) && !$process->uploaded_files) {
for ($i = 0; $i < $upload_files_limit; $i++) {
$this->template->assign_block_vars('upload_image', array());
}
}
if ($mode == 'upload') {
$this->template->assign_vars(array('ERROR' => $error, 'S_MAX_FILESIZE' => get_formatted_filesize($this->gallery_config->get('max_filesize')), 'S_MAX_WIDTH' => $this->gallery_config->get('max_width'), 'S_MAX_HEIGHT' => $this->gallery_config->get('max_height'), 'S_ALLOWED_FILETYPES' => implode(', ', $process->get_allowed_types(true)), 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_UPLOAD' => true, 'S_ALLOW_ROTATE' => $this->gallery_config->get('allow_rotate') && function_exists('imagerotate'), 'S_UPLOAD_LIMIT' => $upload_files_limit, 'S_COMMENTS_ENABLED' => $this->gallery_config->get('allow_comments') && $this->gallery_config->get('comment_user_control'), 'S_ALLOW_COMMENTS' => true, 'L_ALLOW_COMMENTS' => $this->user->lang('ALLOW_COMMENTS_ARY', $upload_files_limit)));
/*if (phpbb_gallery_misc::display_captcha('upload'))
{
if (!$submit || !$captcha->is_solved())
{
$template->assign_vars(array(
'S_CONFIRM_CODE' => true,
'CAPTCHA_TEMPLATE' => $captcha->get_template(),
));
}
$template->assign_vars(array(
'S_CAPTCHA_HIDDEN_FIELDS' => $s_captcha_hidden_fields,
));
}*/
}
}
if ($mode == 'upload_edit') {
if ($submit) {
// Upload Quota Check
// 1. Check album-configuration Quota
if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) {
//@todo: Add return link
trigger_error('ALBUM_REACHED_QUOTA');
}
// 2. Check user-limit, if he is not allowed to go unlimited
if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) {
$sql = 'SELECT COUNT(image_id) count
FROM ' . $this->images_table . '
WHERE image_user_id = ' . $this->user->data['user_id'] . '
AND image_status <> ' . $this->image->get_status_orphan() . '
AND image_album_id = ' . $album_id;
$result = $this->db->sql_query($sql);
$own_images = (int) $this->db->sql_fetchfield('count');
$this->db->sql_freeresult($result);
if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) {
//@todo: Add return link
trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])));
}
}
$description_array = $this->request->variable('message', array(''), true);
foreach ($description_array as $var) {
if (strlen($var) > $this->gallery_config->get('description_length')) {
trigger_error($this->user->lang('DESC_TOO_LONG'));
}
}
$upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads'));
$upload_ids = $this->request->variable('upload_ids', array(''));
$process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
$process->set_rotating($this->request->variable('rotate', array(0)));
$process->get_images($upload_ids);
$image_names = $this->request->variable('image_name', array(''), true);
$process->set_names($image_names);
$process->set_descriptions($description_array);
$process->set_image_num($this->request->variable('image_num', 0));
$process->use_same_name($this->request->variable('same_name', false));
$success = true;
$phpbb_gallery_notification = new \phpbbgallery\core\notification();
foreach ($process->images as $image_id) {
$success = $success && $process->update_image($image_id, !$this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id']), $album_data['album_contest']);
if ($this->gallery_user->get_data('watch_own')) {
$phpbb_gallery_notification->add($image_id);
}
}
$message = '';
$error = implode('<br />', $process->errors);
if ($this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id'])) {
$message .= !$error ? $this->user->lang['ALBUM_UPLOAD_SUCCESSFUL'] : $this->user->lang('ALBUM_UPLOAD_SUCCESSFUL_ERROR', $error);
$meta_refresh_time = $success ? 3 : 20;
//$this->notification_helper->notify_album($album_id, $this->user->data['user_id']);
$data = array('targets' => array($this->user->data['user_id']), 'album_id' => $album_id, 'last_image' => end($process->images));
$this->notification_helper->new_image($data);
} else {
$target = array('album_id' => $album_id, 'last_image' => end($process->images), 'uploader' => $this->user->data['user_id']);
$this->notification_helper->notify('approval', $target);
$message .= !$error ? $this->user->lang['ALBUM_UPLOAD_NEED_APPROVAL'] : $this->user->lang('ALBUM_UPLOAD_NEED_APPROVAL_ERROR', $error);
$meta_refresh_time = 20;
}
$message .= '<br /><br />' . sprintf($this->user->lang['CLICK_RETURN_ALBUM'], '<a href="' . $album_backlink . '">', '</a>');
// ToDo - notifications!!!
//$phpbb_gallery_notification->send_notification('album', $album_id, $image_names[0]);
$this->image->handle_counter($process->images, true);
$this->album->update_info($album_id);
$this->url->meta_refresh($meta_refresh_time, $album_backlink);
trigger_error($message);
}
$num_images = 0;
foreach ($process->images as $image_id) {
$data = $process->image_data[$image_id];
$this->template->assign_block_vars('image', array('U_IMAGE' => $this->image->generate_link('thumbnail', 'plugin', $image_id, $data['image_name'], $album_id), 'IMAGE_NAME' => $data['image_name'], 'IMAGE_DESC' => $data['image_desc']));
$num_images++;
}
$s_hidden_fields = build_hidden_fields(array('upload_ids' => $process->generate_hidden_fields()));
$s_can_rotate = $this->gallery_config->get('allow_rotate') && function_exists('imagerotate');
$this->template->assign_vars(array('ERROR' => $error, 'S_UPLOAD_EDIT' => true, 'S_ALLOW_ROTATE' => $s_can_rotate, 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_USERNAME' => !$this->user->data['is_registered'] ? $username : '', 'NUM_IMAGES' => $num_images, 'COLOUR_ROWSPAN' => $s_can_rotate ? $num_images * 3 : $num_images * 2, 'L_DESCRIPTION_LENGTH' => $this->user->lang('DESCRIPTION_LENGTH', $this->gallery_config->get('description_length')), 'S_HIDDEN_FIELDS' => $s_hidden_fields));
}
return $this->helper->render('gallery/posting_body.html', $page_title);
}
function main($id, $mode)
{
global $config, $db, $user, $auth, $template;
global $phpbb_admin_path, $phpbb_root_path, $phpEx;
include $phpbb_root_path . 'includes/functions_invite.' . $phpEx;
$invite = new invite();
$user->add_lang(array('mods/info_acp_invite', 'acp/email'));
switch ($mode) {
case 'invite':
$submit = isset($_POST['submit']) ? true : false;
$remove_rc = isset($_REQUEST['remove_rc']) ? true : false;
$add_rc = isset($_REQUEST['add_rc']) ? true : false;
$disable_form = false;
$sent = false;
$error = array();
$email_ary = array();
// CAPTCHA
$confirm_id = request_var('confirm_id', '');
$s_hidden_fields = $confirm_id ? array('confirm_id' => $confirm_id) : array();
// Handle multiple recipients
$recipient_count = (int) request_var('rc', 1);
$recipient_count = $add_rc ? $recipient_count + 1 : $recipient_count;
$recipient_count = $remove_rc ? $recipient_count - 1 : $recipient_count;
$recipient_count = $recipient_count < 1 ? 1 : $recipient_count;
$recipient_count = $invite->config['multiple_recipients_max'] <= $recipient_count ? $invite->config['multiple_recipients_max'] : $recipient_count;
$s_hidden_fields['rc'] = $recipient_count;
add_form_key('ucp_invite');
// Authorised?
if (!$invite->config['enable'] || !$invite->config['enable_invitation']) {
trigger_error('INVITE_DISABLED');
}
if (!$auth->acl_get('u_send_invite')) {
trigger_error('NOT_AUTHORISED');
}
// Oops?
if (!$config['email_enable']) {
trigger_error('EMAIL_DISABLED');
}
// Queue?
if ($user->data['user_invitations']) {
$sql = 'SELECT MAX(invite_time) AS max_time FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$last_invite = (int) $db->sql_fetchfield('max_time');
$db->sql_freeresult();
if (time() - $last_invite < $invite->config['queue_time']) {
$queue_time_m = floor(($invite->config['queue_time'] - (time() - $last_invite)) / 60);
$queue_time_s = ($invite->config['queue_time'] - (time() - $last_invite)) % 60;
$error[] = sprintf($user->lang['QUEUE_QUEUE'], $queue_time_m, $queue_time_s);
$disable_form = true;
}
}
// Reached limit?
$limit_enabled = false;
$limit_periods = array('limit_daily', 'limit_total');
$limit_criteria = array('posts', 'topics', 'memberdays', 'registrations', 'referrals');
foreach ($limit_periods as $k => $v) {
if ($invite->config['enable_' . $v]) {
$limit_enabled = true;
}
}
// Unlimited invitations?
if ($invite->config['enable_unlimited']) {
$limit_enabled = false;
}
// Collect some statistical information
if ($limit_enabled) {
// Invitations sent today (last 24h)
$last_day = time() - 86400;
$sql = 'SELECT COUNT(log_id) AS invitations_today FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id'] . ' AND invite_time >= ' . $last_day;
$result = $db->sql_query($sql);
$user->data['user_invitations_limit_daily'] = (int) $db->sql_fetchfield('invitations_today');
$db->sql_freeresult();
// Invitations sent altogether
$user->data['user_invitations_limit_total'] = $user->data['user_invitations'];
// Number of topics created
$sql = 'SELECT COUNT(topic_id) AS user_topics FROM ' . TOPICS_TABLE . ' WHERE topic_poster = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
$user->data['user_topics'] = (int) $db->sql_fetchfield('user_topics');
$db->sql_freeresult();
// Days of membership
$user->data['user_memberdays'] = floor((time() - $user->data['user_regdate']) / 86400);
// Calculate the available amount of invitations
foreach ($limit_periods as $k => $v) {
if ($invite->config['enable_' . $v]) {
$user->data['user_' . $v] = (int) $invite->config[$v . '_basic'];
foreach ($limit_criteria as $ck => $cv) {
// Don't divide by zero
$user->data['user_' . $v] += $invite->config[$v . '_' . $cv] == 0 ? 0 : floor($user->data['user_' . $cv] / $invite->config[$v . '_' . $cv]) * $invite->config[$v . '_' . $cv . '_invitations'];
}
// Single recipient
if ($user->data['user_invitations_' . $v] >= $user->data['user_' . $v]) {
$error[] = sprintf($user->lang['INVITATION_' . strtoupper($v)], $user->data['user_' . $v]);
$disable_form = true;
}
// Multiple recipients
if ($recipient_count > 1 && $user->data['user_invitations_' . $v] + $recipient_count > $user->data['user_' . $v]) {
// $reduce = $recipient_count - ($user->data['user_' . $v] - $user->data['user_invitations_' . $v]);
$error[] = sprintf($user->lang['REDUCE_RECIPIENTS']) . ' ' . sprintf($user->lang['INVITATION_' . strtoupper($v) . '_MULTI'], $user->data['user_invitations_' . $v], $user->data['user_' . $v], $recipient_count);
$disable_form = true;
}
}
}
}
// Requirements met?
if ($user->data['user_posts'] < $invite->config['invite_required_posts']) {
$error[] = sprintf($user->lang['TOO_FEW_POSTS'], $invite->config['invite_required_posts']);
$disable_form = true;
}
// Set up the array containing the important information
$email_data = array('message_type' => $INVITE_MESSAGE_TYPE['invite'], 'method' => EMAIL, 'method_user_id' => $user->data['user_id'], 'invite_language' => $invite->config['invite_language_select'] == 'opt' ? utf8_normalize_nfc(request_var('form_invite_language_select', $user->data['user_lang'], true)) : ($invite->config['invite_language_select'] == 'user' ? $user->data['user_lang'] : $invite->config['invite_language_select']), 'priority' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? request_var('form_priority', 0) : $invite->config['invite_priority_flag'], 'subject' => utf8_normalize_nfc(request_var('form_subject', '', true)), 'message' => utf8_normalize_nfc(request_var('form_message', '', true)), 'register_key' => $invite->generate_key(), 'register_key_used' => 0, 'register_user_id' => 0, 'invite_user_id' => $user->data['user_id'], 'invite_session_ip' => $user->data['session_ip'], 'invite_time' => time(), 'expiration_time' => time() + $invite->config['invite_expiration_time'] * 86400, 'invite_zebra' => request_var('form_invite_zebra', 0), 'confirm_code' => request_var('confirm_code', ''), 'confirm_id' => request_var('confirm_id', ''));
// Additional email data concerning the templates
foreach ($INVITE_MESSAGE_TYPE as $string => $int) {
$email_data['invite_' . $string] = request_var('form_invite_' . $string, 0);
$email_data['invite_' . $string . '_method'] = request_var('form_invite_' . $string . '_method', 0);
}
// The CAPTCHA kicks in here
if ($invite->config['invite_confirm_code']) {
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
}
// Prevalidate the static data so we don't have to do it in the loop later
if ($submit) {
if (!check_form_key('ucp_invite')) {
$error[] = 'FORM_INVALID';
}
$check_ary = array('subject' => array('string', false, $invite->config['subject_min_chars'], $invite->config['subject_max_chars']), 'message' => array('string', false, $invite->config['message_min_chars'], $invite->config['message_max_chars']));
$error = validate_data($email_data, $check_ary);
// Visual Confirmation handling
if ($invite->config['invite_confirm_code']) {
$vc_response = $captcha->validate($email_data);
if ($vc_response !== false) {
$error[] = $vc_response;
}
}
}
// Send out multiple invitations
for ($i = 0; $i < $recipient_count; $i++) {
// Add index specific values to the data array
$form_register_email = utf8_normalize_nfc(request_var('form_register_email_' . $i, '', true));
$form_register_real_name = utf8_normalize_nfc(request_var('form_register_real_name_' . $i, '', true));
$email_data['register_email_' . $i] = $form_register_email;
$email_data['register_real_name_' . $i] = $form_register_real_name;
// Add every e-mail address to the referring array in order to search for multiple entries later
$email_ary[] = $form_register_email;
// No need to loop through the submit part...
if (sizeof($error)) {
continue;
}
// Do the job ...
if ($submit) {
$email_data['register_email'] = $form_register_email;
$email_data['register_real_name'] = $form_register_real_name;
// Fix language vars defined in ucp.php
$email_data['email'] = $email_data['register_email'];
// Validate index specific data
$check_ary = array('email' => array(array('string', false, 1, 60), array('email')), 'register_real_name' => array('string', false, 1, 60));
$error = validate_data($email_data, $check_ary);
// Fix language vars defined in ucp.php
unset($email_data['email']);
// That wouldn't make any sense...
if ($email_data['register_email'] == $user->data['user_email']) {
$error[] = $user->lang['INVITE_TO_YOUR_EMAIL'];
}
// Have our recipients received an invitation yet?
$sql = 'SELECT COUNT(log_id) AS multiple_invite FROM ' . INVITE_LOG_TABLE . ' WHERE register_email = "' . $email_data['register_email'] . '"';
$result = $db->sql_query($sql);
$multiple = (int) $db->sql_fetchfield('multiple_invite');
if ($multiple && $invite->config['invite_multiple']) {
$error[] = $user->lang['INVITE_MULTIPLE'];
}
if ($invite->config['invite_multiple']) {
$count_values = array_count_values($email_ary);
foreach ($count_values as $k => $v) {
if ($v > 1) {
$error[] = $user->lang['INVITE_SAME_RECIPIENT'];
break;
}
}
}
if (!sizeof($error)) {
$send_message = $invite->message_handle($email_data, true, false);
$sent = true;
// Email successfully sent to friend? Only check on last loop
if ($i == $recipient_count - 1) {
if ($send_message) {
meta_refresh(2, append_sid("{$phpbb_root_path}index.{$phpEx}"));
$message = $user->lang['EMAIL_SENT_SUCCESS'];
} else {
$message = '<span class="error">' . $user->lang['EMAIL_SENT_FAILURE'] . '</span>';
}
$message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
trigger_error($message);
}
} else {
// No need to highlight the correct recipient block if there's only one...
if ($recipient_count > 1) {
$template->assign_var('S_ERROR_RECIPIENT_INDEX', $i);
}
}
}
unset($email_data['register_email']);
unset($email_data['register_real_name']);
}
// Replace "error" strings with their real, localised form
$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
if ($invite->config['invite_confirm_code']) {
$s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$confirm_image = '';
// Visual Confirmation - Show images
if ($invite->config['invite_confirm_code']) {
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
}
$template->assign_vars(array('ERROR' => sizeof($error) ? $error[0] : '', 'FORM_LANGUAGE_SELECT' => language_select($email_data['invite_language']), 'FORM_CONFIRM_IMG' => $confirm_image, 'S_ENABLE_POWERED_BY' => $invite->config['enable_powered_by'], 'S_MAIL_LOW_PRIORITY' => MAIL_LOW_PRIORITY, 'S_MAIL_NORMAL_PRIORITY' => MAIL_NORMAL_PRIORITY, 'S_MAIL_HIGH_PRIORITY' => MAIL_HIGH_PRIORITY, 'S_VALUE_EMAIL' => EMAIL, 'S_VALUE_PM' => PM, 'S_DISABLE' => $disable_form ? true : false, 'S_DISPLAY_PRIORITY' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? true : false, 'S_DISPLAY_ZEBRA' => $invite->config['zebra'] == OPTIONAL ? true : false, 'S_DISPLAY_LANGUAGE' => $invite->config['invite_language_select'] == 'opt' ? true : false, 'S_RECIPIENTS_LIMIT' => $invite->config['multiple_recipients_max'] <= $recipient_count ? true : false, 'S_CONFIRM_REFRESH' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'U_ACTION' => $this->u_action));
// Repeat the recipient block as many times as desired
for ($i = 0; $i < $recipient_count; $i++) {
$template->assign_block_vars('recipient_row', array('INDEX' => $i, 'FORM_REGISTER_EMAIL' => $email_data['register_email_' . $i], 'FORM_REGISTER_REAL_NAME' => $email_data['register_real_name_' . $i]));
}
// Display other message options
foreach ($INVITE_MESSAGE_TYPE as $string => $int) {
// [Fix] Undefined index
if ($string == 'invite' || $string == 'referral') {
continue;
}
$template->assign_vars(array('S_DISPLAY_' . strtoupper($string) => !$invite->config[$string] ? false : ($invite->config[$string] == OPTIONAL ? true : false), 'S_DISPLAY_' . strtoupper($string) . '_METHOD' => !$invite->config[$string] ? false : ($invite->config[$string . '_method'] == OPTIONAL ? true : false)));
}
// Assign already existing input
foreach ($email_data as $k => $v) {
$template->assign_vars(array('FORM_' . strtoupper($k) => isset($email_data[$k]) ? utf8_normalize_nfc(request_var($k, $v, true)) : ''));
}
break;
case 'statistics':
//
break;
}
$this->tpl_name = 'ucp_invite_' . $mode;
$this->page_title = 'UCP_INVITE_' . strtoupper($mode);
}
private function post()
{
global $phpbb_root_path, $phpEx, $template, $db, $auth;
global $config, $user;
if (!function_exists('generate_smilies')) {
include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
}
if (!function_exists('submit_gb_post')) {
include $phpbb_root_path . 'includes/functions_guestbook.' . $phpEx;
}
if (!class_exists('parse_message')) {
include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
}
$user->add_lang('posting');
// Grab only parameters needed here
$post_id = request_var('p', 0);
$lastclick = request_var('lastclick', 0);
$submit = isset($_POST['post']) ? true : false;
$preview = isset($_POST['preview']) ? true : false;
$delete = isset($_POST['delete']) ? true : false;
$refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['full_editor']) ? true : false;
$mode = $delete && !$preview && !$refresh && $submit ? 'delete' : request_var('gbmode', '');
$error = $post_data = array();
$current_time = time();
// Was cancel pressed? If so then redirect to the appropriate page
if ($current_time - $lastclick < 2 && $submit) {
$redirect = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$this->user_id}&gbmode=display&{$post_id}#p{$post_id}");
redirect($redirect);
}
// We need to know some basic information in all cases before we do anything.
switch ($mode) {
case 'quote':
case 'edit':
case 'delete':
if (!$post_id) {
$user->setup('posting');
trigger_error('NO_POST');
}
$sql = 'SELECT g.*, u.*
FROM ' . GUESTBOOK_TABLE . ' g, ' . USERS_TABLE . ' u
WHERE u.user_id = g.poster_id
AND post_id = ' . (int) $post_id;
break;
case 'smilies':
$sql = '';
generate_smilies('window');
break;
case 'popup':
upload_popup();
break;
default:
$sql = '';
break;
}
if ($sql) {
$result = $db->sql_query($sql);
$post_data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$post_data) {
$user->setup('posting');
trigger_error('NO_POST');
}
}
if ($mode == 'popup') {
upload_popup($post_data['forum_style']);
return;
}
if ($config['enable_post_confirm'] && !$user->data['is_registered']) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_POST);
}
// Use post_row values in favor of submitted ones...
$post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id;
// Check permissions
if ($user->data['is_bot']) {
redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
// Is the user able to read within this forum?
if (!$auth->acl_get('u_gb_view')) {
if ($user->data['user_id'] != ANONYMOUS) {
trigger_error('USER_CANNOT_READ');
}
login_box('', $user->lang['LOGIN_EXPLAIN_POST']);
}
// Permission to do the action asked?
$is_authed = false;
switch ($mode) {
case 'post':
if ($auth->acl_get('u_gb_post')) {
$is_authed = true;
}
break;
case 'quote':
$post_data['post_edit_locked'] = 0;
// @TODO: Decide if we want to add a config option/ucp option/checkbox for this feature.
if ($post_data['poster_id'] != ANONYMOUS) {
$post_data['orginal_author'] = $post_data['poster_id'];
}
// no break;
// no break;
case 'reply':
if ($auth->acl_get('u_gb_post')) {
$is_authed = true;
}
break;
case 'edit':
if ($user->data['is_registered'] && $auth->acl_gets('u_gb_edit', 'm_gb_edit')) {
$is_authed = true;
}
break;
case 'delete':
if ($user->data['is_registered'] && $auth->acl_gets('u_gb_delete', 'm_gb_delete')) {
$is_authed = true;
}
break;
}
if (!$is_authed) {
$check_auth = $mode == 'quote' ? 'reply' : $mode;
if ($user->data['is_registered']) {
trigger_error('USER_CANNOT_' . strtoupper($check_auth));
}
login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
}
// Can we edit this post ... if we're a moderator with rights then always yes
// else it depends on editing times, lock status and if we're the correct user
if ($mode == 'edit' && !$auth->acl_get('m_gb_edit')) {
if ($user->data['user_id'] != $post_data['poster_id']) {
trigger_error('USER_CANNOT_EDIT');
}
if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) {
trigger_error('CANNOT_EDIT_TIME');
}
if ($post_data['post_edit_locked']) {
trigger_error('CANNOT_EDIT_POST_LOCKED');
}
}
// Handle delete mode...
if ($mode == 'delete') {
handle_gb_post_delete($post_id, $post_data, $this);
return;
}
// Determine some vars
if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) {
$post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST'];
} else {
$post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
}
$post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0;
$post_data['post_subject_md5'] = isset($post_data['post_subject']) && $mode == 'edit' ? md5($post_data['post_subject']) : '';
$post_data['post_subject'] = in_array($mode, array('quote', 'edit')) ? $post_data['post_subject'] : (isset($post_data['topic_title']) ? $post_data['topic_title'] : '');
$post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0;
$post_data['icon_id'] = !isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply')) ? 0 : (int) $post_data['icon_id'];
$message_parser = new parse_message();
if (isset($post_data['post_text'])) {
$message_parser->message =& $post_data['post_text'];
unset($post_data['post_text']);
}
// Set some default variables
$uninit = array('poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
foreach ($uninit as $var_name => $default_value) {
if (!isset($post_data[$var_name])) {
$post_data[$var_name] = $default_value;
}
}
unset($uninit);
if ($post_data['poster_id'] == ANONYMOUS) {
$post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['post_username']) : '';
} else {
$post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['username']) : '';
}
$post_data['enable_urls'] = $post_data['enable_magic_url'];
if ($mode != 'edit') {
$post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false;
$post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false;
$post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false;
$post_data['enable_urls'] = true;
}
$post_data['enable_icons'] = true;
$post_data['enable_magic_url'] = $post_data['drafts'] = false;
$check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
// Do we want to edit our post ?
if ($mode == 'edit' && $post_data['bbcode_uid']) {
$message_parser->bbcode_uid = $post_data['bbcode_uid'];
}
// HTML, BBCode, Smilies, Images and Flash status
$bbcode_status = $config['allow_bbcode'] && $auth->acl_get('u_gb_bbcode') ? true : false;
$smilies_status = $config['allow_smilies'] && $auth->acl_get('u_gb_smilies') ? true : false;
$img_status = $bbcode_status && $auth->acl_get('u_gb_img') ? true : false;
$url_status = $config['allow_post_links'] ? true : false;
$flash_status = $bbcode_status && $auth->acl_get('u_gb_flash') && $config['allow_post_flash'] ? true : false;
$quote_status = true;
if ($submit || $preview || $refresh) {
$post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
$message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
$post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
$post_data['topic_time_limit'] = request_var('topic_time_limit', $mode != 'post' ? (int) $post_data['topic_time_limit'] : 0);
if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) {
$post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']);
}
$post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
$post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
$post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1;
$post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('u_gb_sig') ? false : (isset($_POST['attach_sig']) && $user->data['is_registered'] ? true : false);
if ($config['allow_topic_notify'] && $user->data['is_registered']) {
$notify = isset($_POST['notify']) ? true : false;
} else {
$notify = false;
}
if ($submit) {
$status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
$status_switch = $status_switch != $check_value;
} else {
$status_switch = 1;
}
// Grab md5 'checksum' of new message
$message_md5 = md5($message_parser->message);
// Check checksum ... don't re-parse message if the same
$update_message = $mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN ? true : false;
// Also check if subject got updated...
$update_subject = $mode != 'edit' || $post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']);
// Parse message
if ($update_message) {
if (sizeof($message_parser->warn_msg)) {
$error[] = implode('<br />', $message_parser->warn_msg);
$message_parser->warn_msg = array();
}
$message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
// On a refresh we do not care about message parsing errors
if (sizeof($message_parser->warn_msg) && $refresh) {
$message_parser->warn_msg = array();
}
} else {
$message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
}
if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_gb_ignoreflood')) {
// Flood check
$last_post_time = 0;
if ($user->data['is_registered']) {
$last_post_time = $user->data['user_lastpost_time'];
} else {
$sql = 'SELECT post_time AS last_post_time
FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\tWHERE poster_ip = '" . $user->ip . "'\n\t\t\t\t\t\t\tAND post_time > " . ($current_time - $config['flood_interval']);
$result = $db->sql_query_limit($sql, 1);
if ($row = $db->sql_fetchrow($result)) {
$last_post_time = $row['last_post_time'];
}
$db->sql_freeresult($result);
}
if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
$error[] = $user->lang['FLOOD_ERROR'];
}
}
// Validate username
if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) {
if (!function_exists('validate_user')) {
include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
}
if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
$user->add_lang('ucp');
$error[] = $user->lang[$result . '_USERNAME'];
}
}
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) {
$captcha_data = array('message' => utf8_normalize_nfc(request_var('message', '', true)), 'subject' => utf8_normalize_nfc(request_var('subject', '', true)), 'username' => utf8_normalize_nfc(request_var('username', '', true)));
$vc_response = $captcha->validate($captcha_data);
if ($vc_response) {
$error[] = $vc_response;
}
}
// check form
if (($submit || $preview) && !check_form_key('posting')) {
$error[] = $user->lang['FORM_INVALID'];
}
// Parse subject
if (sizeof($message_parser->warn_msg)) {
$error[] = implode('<br />', $message_parser->warn_msg);
}
// DNSBL check
if ($config['check_dnsbl'] && !$refresh) {
if (($dnsbl = $user->check_dnsbl('post')) !== false) {
$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
}
}
// Store message, sync counters
if (!sizeof($error) && $submit) {
if ($submit) {
$data = array('user_id' => (int) ($mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id), 'topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'post_id' => (int) $post_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $user->data['user_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => $mode == 'edit' ? $user->data['user_id'] : (isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0), 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'guestbook' => $this);
// The last parameter tells submit_post if search indexer has to be run
submit_gb_post($mode, $post_data['post_subject'], $post_data['username'], $data, $update_message, $update_message || $update_subject ? true : false);
$post_id = $data['post_id'];
$uid = $mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id;
$redirect_url = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&gbmode=display&u={$uid}&p={$post_id}#p{$post_id}");
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) {
$captcha->reset();
}
meta_refresh(3, $redirect_url);
$message = $mode == 'edit' ? 'POST_EDITED' : 'POST_STORED';
$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message);
}
}
}
// Preview
if (!sizeof($error) && $preview) {
$post_data['post_time'] = $mode == 'edit' ? $post_data['post_time'] : $current_time;
$preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
$preview_signature = $mode == 'edit' ? $post_data['user_sig'] : $user->data['user_sig'];
$preview_signature_uid = $mode == 'edit' ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
$preview_signature_bitfield = $mode == 'edit' ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
// Signature
if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('u_gb_sig')) {
$parse_sig = new parse_message($preview_signature);
$parse_sig->bbcode_uid = $preview_signature_uid;
$parse_sig->bbcode_bitfield = $preview_signature_bitfield;
// Not sure about parameters for bbcode/smilies/urls... in signatures
$parse_sig->format_display($config['allow_sig_bbcode'], true, $config['allow_sig_smilies']);
$preview_signature = $parse_sig->message;
unset($parse_sig);
} else {
$preview_signature = '';
}
$preview_subject = censor_text($post_data['post_subject']);
if (!sizeof($error)) {
$template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true));
}
}
// Decode text for message display
$post_data['bbcode_uid'] = $mode == 'quote' && !$preview && !$refresh && !sizeof($error) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
$message_parser->decode_message($post_data['bbcode_uid']);
if ($mode == 'quote' && !$submit && !$preview && !$refresh) {
if ($config['allow_bbcode']) {
$message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
} else {
$offset = 0;
$quote_string = "> ";
$message = censor_text(trim($message_parser->message));
// see if we are nesting. It's easily tricked but should work for one level of nesting
if (strpos($message, ">") !== false) {
$offset = 10;
}
$message = utf8_wordwrap($message, 75 + $offset, "\n");
$message = $quote_string . $message;
$message = str_replace("\n", "\n" . $quote_string, $message);
$message_parser->message = $post_data['quote_username'] . " " . $user->lang['WROTE'] . " :\n" . $message . "\n";
}
}
if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh) {
$post_data['post_subject'] = (strpos($post_data['post_subject'], 'Re: ') !== 0 ? 'Re: ' : '') . censor_text($post_data['post_subject']);
}
$post_data['post_text'] = $message_parser->message;
// MAIN POSTING PAGE BEGINS HERE
// Generate smiley listing
generate_smilies('inline', 0);
// Do show topic type selection only in first post.
$topic_type_toggle = false;
$s_topic_icons = false;
if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) {
$s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
}
$bbcode_checked = isset($post_data['enable_bbcode']) ? !$post_data['enable_bbcode'] : ($config['allow_bbcode'] ? !$user->optionget('bbcode') : 1);
$smilies_checked = isset($post_data['enable_smilies']) ? !$post_data['enable_smilies'] : ($config['allow_smilies'] ? !$user->optionget('smilies') : 1);
$urls_checked = isset($post_data['enable_urls']) ? !$post_data['enable_urls'] : 0;
$sig_checked = $post_data['enable_sig'];
// If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
$notify_set = $mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set'] ? $user->data['user_notify'] : $post_data['notify_set'];
$notify_checked = isset($notify) ? $notify : ($mode == 'post' ? $user->data['user_notify'] : $notify_set);
// Page title & action URL, include session_id for security purpose
$s_action = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$this->user_id}&gbmode={$mode}", true, $user->session_id);
$s_action .= $post_id ? "&p={$post_id}" : '';
switch ($mode) {
case 'post':
$page_title = $user->lang['POST_GUESTBOOK'];
break;
case 'quote':
case 'reply':
$page_title = $user->lang['POST_GUESTBOOK'];
break;
case 'delete':
case 'edit':
$page_title = $user->lang['EDIT_POST'];
break;
}
// Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) {
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template()));
}
$s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
if ($mode == 'edit') {
$s_hidden_fields .= build_hidden_fields(array('edit_post_message_checksum' => $post_data['post_checksum'], 'edit_post_subject_checksum' => $post_data['post_subject_md5']));
}
// Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
if (isset($captcha) && $captcha->is_solved() !== false) {
$s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
}
add_form_key('posting');
// Start assigning vars for main posting page ...
$template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['POST_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'TOPIC_TITLE' => censor_text($post_data['topic_title']), 'USERNAME' => !$preview && $mode != 'quote' || $preview ? $post_data['username'] : '', 'SUBJECT' => $post_data['post_subject'], 'MESSAGE' => $post_data['post_text'], 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $bbcode_status && $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 'POST_DATE' => $post_data['post_time'] ? $user->format_date($post_data['post_time']) : '', 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 'EDIT_REASON' => $post_data['post_edit_reason'], 'S_PRIVMSGS' => false, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']) ? true : false, 'S_EDIT_POST' => $mode == 'edit' ? true : false, 'S_EDIT_REASON' => false, 'S_DISPLAY_USERNAME' => !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS ? true : false, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $auth->acl_get('u_gb_sig') && $config['allow_sig'] && $user->data['is_registered'] ? true : false, 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_NOTIFY_ALLOWED' => !$user->data['is_registered'] || $mode == 'edit' && $user->data['user_id'] != $post_data['poster_id'] || !$config['allow_topic_notify'] || !$config['email_enable'] ? false : true, 'S_NOTIFY_CHECKED' => $notify_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_TYPE_TOGGLE' => '', 'S_SAVE_ALLOWED' => false, 'S_HAS_DRAFTS' => false, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_URL' => $url_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => $quote_status, 'SIGNATURE' => '', 'S_POST_ACTION' => $s_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
// Build custom bbcodes array
display_custom_bbcodes();
$template->set_filenames(array('body' => 'posting_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
}
