function UploadFile($file, $parenttype, $parentid, $cap, $description = '', $temporary = false)
{
global $loguser, $loguserid;
$targetdir = DATA_DIR . 'uploads';
$filedata = $_FILES[$file];
$filename = $filedata['name'];
if ($filedata['size'] == 0) {
return true;
} else {
if ($filedata['size'] > $cap) {
return false;
} else {
CleanupUploads();
$randomid = Shake();
$pname = $randomid . '_' . Shake();
$temp = $filedata['tmp_name'];
Query("\n\t\t\tINSERT INTO {uploadedfiles} (id, physicalname, filename, description, user, date, parenttype, parentid, downloads, deldate) \n\t\t\tVALUES ({0}, {1}, {2}, {3}, {4}, {5}, {6}, {7}, 0, {8})", $randomid, $pname, $filename, $description, $loguserid, time(), $parenttype, $parentid, $temporary ? time() : 0);
$fullpath = $targetdir . '/' . $pname;
copy($temp, $fullpath);
file_put_contents($fullpath . '.hash', hash_hmac_file('sha256', $fullpath, SALT));
Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $filename . "[/]\"", false);
return $randomid;
}
}
}
function uploadFile($file, $cattype, $cat)
{
global $loguserid, $uploaddirs, $goodfiles, $badfiles, $userquota, $maxSize;
$targetdir = $uploaddirs[$cattype];
$totalsize = foldersize($targetdir);
$filedata = $_FILES[$file];
$c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND cattype={1} AND user={2} AND deldate=0", $filedata['name'], $cattype, $loguserid);
if ($c > 0) {
return "You already have a file with this name. Please delete the old copy before uploading a new one.";
}
if ($filedata['size'] == 0) {
if ($filedata['tmp_name'] == '') {
return 'No file given.';
} else {
return 'File is empty.';
}
}
if ($filedata['size'] > $maxSize) {
return 'File is too large. Maximum size allowed is ' . BytesToSize($maxSize) . '.';
}
$randomid = Shake();
$pname = $randomid . '_' . Shake();
$fname = $_FILES['newfile']['name'];
$temp = $_FILES['newfile']['tmp_name'];
$size = $_FILES['size']['size'];
$parts = explode(".", $fname);
$extension = end($parts);
if ($totalsize + $size > $quot) {
Alert(format(__("Uploading \"{0}\" would break the quota."), $fname));
} else {
if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) {
return 'Forbidden file type.';
} else {
$description = $_POST['description'];
$big_descr = $cat['showindownloads'] ? $_POST['big_description'] : '';
Query("insert into {uploader} (id, filename, description, big_description, date, user, private, category, deldate, physicalname) values ({7}, {0}, {1}, {6}, {2}, {3}, {4}, {5}, 0, {8})", $fname, $description, time(), $loguserid, $privateFlag, $_POST['cat'], $big_descr, $randomid, $pname);
copy($temp, $targetdir . "/" . $pname);
Report("[b]" . $loguser['name'] . "[/] uploaded file \"[b]" . $fname . "[/]\"" . ($privateFlag ? " (privately)" : ""), $privateFlag);
die(header("Location: " . actionLink("uploaderlist", "", "cat=" . $_POST["cat"])));
}
}
}
} else {
$newsalt = Shake();
$sha = doHash($_POST['pass'] . $salt . $newsalt);
$sex = validateSex($_POST["sex"]);
$rUsers = Query("insert into {users} (name, password, pss, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {3}, {4}, {5}, {6}, {7})", $_POST['name'], $sha, $newsalt, time(), $_SERVER['REMOTE_ADDR'], $_POST['email'], $sex, Settings::get("defaultTheme"));
$uid = insertId();
if ($uid == 1) {
Query("update {users} set powerlevel = 4 where id = 1");
}
recalculateKarma($uid);
logAction('register', array('user' => $uid));
$user = Fetch(Query("select * from {users} where id={0}", $uid));
$user["rawpass"] = $_POST["pass"];
$bucket = "newuser";
include "lib/pluginloader.php";
$sessionID = Shake();
setcookie("logsession", $sessionID, 0, $boardroot, "", false, true);
Query("INSERT INTO {sessions} (id, user, autoexpire) VALUES ({0}, {1}, {2})", doHash($sessionID . $salt), $user["id"], 0);
redirectAction("board");
}
}
$sexes = array(__("Male"), __("Female"), __("N/A"));
$name = "";
if (isset($_POST["name"])) {
$name = htmlspecialchars($_POST["name"]);
}
$email = "";
if (isset($_POST["email"])) {
$email = htmlspecialchars($_POST["email"]);
}
$sex = 2;
?>';
if (file_put_contents('config/database.php', $dbconfig) === FALSE) {
die('Error: failed to create the config file. Check the permissions of the user running PHP.' . $footer);
}
$salt = Shake(24);
define('SALT', $salt);
$saltfile = '<?php define(\'SALT\', ' . phpescape($salt) . '); ?>';
file_put_contents('config/salt.php', $saltfile);
$kurifile = '<?php define(\'KURIKEY\', ' . phpescape(Shake(32)) . '); ?>';
file_put_contents('config/kurikey.php', $kurifile);
require 'lib/mysql.php';
require 'lib/mysqlfunctions.php';
$debugMode = 1;
Upgrade();
Import('database.sql');
$pss = Shake(16);
$sha = hash('sha256', $boardpassword . $salt . $pss, FALSE);
Query("insert into {users} (id, name, password, pss, primarygroup, regdate, lastactivity, lastip, email, sex, theme) values ({0}, {1}, {2}, {3}, {4}, {5}, {5}, {6}, {7}, {8}, {9})", 1, $boardusername, $sha, $pss, 4, time(), $_SERVER['REMOTE_ADDR'], '', 2, 'blargboard');
?>
<h3>Your new Blargboard board has been successfully installed!</h3>
<br>
You should now:
<ul>
<li>delete install.php and database.sql
<li><a href="./?page=login">log in to your board</a> and configure it
</ul>
<br>
Thank you for choosing Blargboard!<br>
<br>
<?php
} else {
Kill(format(__("Your password has been reset to <strong>{0}</strong>. You can use this password to log in to the board. We suggest you change it as soon as possible."), $newPass), __("Password reset"));
} else {
if ($_POST['action'] == __("Send reset email")) {
if ($_POST['mail'] != $_POST['mail2']) {
Kill(__("The e-mail addresses you entered don't match, try again."));
}
$user = Query("select id, name, password, email, lostkeytimer, pss from {users} where name = {0} and email = {1}", $_POST['name'], $_POST['mail']);
if (NumRows($user) != 0) {
//Do not disclose info about user e-mail.
$user = Fetch($user);
if ($user['lostkeytimer'] > time() - 60 * 60) {
//wait an hour between attempts
Kill(__("To prevent abuse, this function can only be used once an hour."), __("Slow down!"));
}
//Make a RANDOM reset key.
$resetKey = Shake();
$hashedResetKey = doHash($resetKey . $salt . $user["pss"]);
$from = Settings::get("mailResetSender");
$to = $user['email'];
$subject = format(__("Password reset for {0}"), $user['name']);
$message = format(__("A password reset was requested for your user account on {0}."), Settings::get("boardname")) . "\n" . __("If you did not submit this request, this message can be ignored.") . "\n\n" . __("To reset your password, visit the following URL:") . "\n\n" . absoluteActionLink("lostpass", $user['id'], "key={$resetKey}") . "\n\n" . __("This link can be used once.");
$headers = "From: " . $from . "\r\n" . "Reply-To: " . $from . "\r\n" . "X-Mailer: PHP";
mail($to, $subject, wordwrap($message, 70), $headers);
logAction('lostpass', array('user2' => $user["id"]));
Query("update {users} set lostkey = {0}, lostkeytimer = {1} where id = {2}", $hashedResetKey, time(), $user['id']);
}
Kill(__("Check your email in a moment and follow the link found therein."), __("Reset email sent"));
} else {
write("\n\t<form action=\"" . actionLink("lostpass") . "\" method=\"post\">\n\t\t<table class=\"outline margin width50\">\n\t\t\t<tr class=\"header0\">\n\t\t\t\t<th colspan=\"2\">\n\t\t\t\t\t" . __("Lost password") . "\n\t\t\t\t</th>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"un\">" . __("User name") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell0\">\n\t\t\t\t\t<input type=\"text\" id=\"un\" name=\"name\" style=\"width: 98%;\" maxlength=\"25\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"em\">" . __("Email address") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"email\" id=\"em\" name=\"mail\" style=\"width: 98%;\" maxlength=\"60\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell2\">\n\t\t\t\t\t<label for=\"em\">" . __("Retype email address") . "</label>\n\t\t\t\t</td>\n\t\t\t\t<td class=\"cell1\">\n\t\t\t\t\t<input type=\"email\" id=\"em\" name=\"mail2\" style=\"width: 98%;\" maxlength=\"60\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr class=\"cell2\">\n\t\t\t\t<td></td>\n\t\t\t\t<td>\n\t\t\t\t\t<input type=\"submit\" name=\"action\" value=\"" . __("Send reset email") . "\" />\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class=\"cell1 smallFonts\" colspan=\"2\">\n\t\t\t\t\t" . __("If you did not specify an email address in your profile, you are <em>not</em> out of luck. The old method of contacting an administrator from outside the board is still an option.") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>\n\t</form>\n");
}
}
$c = FetchResult("SELECT COUNT(*) FROM {uploader} WHERE filename={0} AND deldate=0", $_FILES['newfile']['name']);
if ($c > 0) {
Kill("The file '{$_FILES['newfile']['name']}' already exists. Please delete the old copy before uploading a new one.");
}
if ($_FILES['newfile']['size'] == 0) {
if ($_FILES['newfile']['tmp_name'] == "") {
Alert(__("No file given."));
} else {
Alert(__("File is empty."));
}
} else {
if ($_FILES['newfile']['size'] > Settings::pluginGet('uploaderMaxFileSize') * 1024 * 1024) {
Alert(format(__("File is too large. Maximum size is {0}."), BytesToSize(Settings::pluginGet('uploaderMaxFileSize') * 1024 * 1024)));
} else {
$randomid = Shake();
$pname = $randomid . '_' . Shake();
$fname = $_FILES['newfile']['name'];
$temp = $_FILES['newfile']['tmp_name'];
$size = $_FILES['size']['size'];
$parts = explode(".", $fname);
$extension = end($parts);
if ($totalsize + $size > $quot) {
Alert(format(__("Uploading \"{0}\" would break the quota."), $fname));
} else {
if (in_array(strtolower($extension), $badfiles) || is_array($goodfiles) && !in_array(strtolower($extension), $goodfiles)) {
Alert(__("Forbidden file type."));
} else {
$description = $_POST['description'];
$big_descr = $cat['showindownloads'] ? $_POST['big_description'] : '';
Query("insert into {uploader} (id, filename, description, big_description, date, user, private, category, deldate, physicalname) values ({7}, {0}, {1}, {6}, {2}, {3}, {4}, {5}, 0, {8})", $fname, $description, time(), $loguserid, $privateFlag, $_POST['cat'], $big_descr, $randomid, $pname);
copy($temp, $targetdir . "/" . $pname);
function HandlePassword($field, $item)
{
global $sets, $user, $loguser, $loguserid;
if ($_POST[$field] != "" && $_POST['repeat' . $field] != "" && $_POST['repeat' . $field] !== $_POST[$field]) {
return __("To change your password, you must type it twice without error.");
}
if ($_POST[$field] != "" && $_POST['repeat' . $field] == "") {
$_POST[$field] = "";
}
if ($_POST[$field]) {
$newsalt = Shake();
$sha = doHash($_POST[$field] . SALT . $newsalt);
$_POST[$field] = $sha;
$sets[] = "pss = '" . $newsalt . "'";
//Now logout all the sessions that aren't this one, for security.
Query("DELETE FROM {sessions} WHERE id != {0} and user = {1}", doHash($_COOKIE['logsession'] . SALT), $user['id']);
}
return false;
}
function HandlePassword($field, $item)
{
global $fallToEditor, $sets, $salt, $user, $loguser, $loguserid;
if ($_POST[$field] != "" && $_POST['repeat' . $field] != "" && $_POST['repeat' . $field] != $_POST[$field]) {
$fallToEditor = true;
return __("To change your password, you must type it twice without error.");
} else {
if ($_POST[$field] != "" && $_POST['repeat' . $field] == "") {
$_POST[$field] = "";
}
}
if ($_POST[$field]) {
$newsalt = Shake();
$sha = hash("sha256", $_POST[$field] . $salt . $newsalt, FALSE);
if ($user['id'] == $loguser['id']) {
$logdata['loguserid'] = $user['id'];
$logdata['bull'] = hash('sha256', $user['id'] . $sha . $salt . $newsalt, FALSE);
$logdata_s = base64_encode(serialize($logdata));
setcookie("logdata", $logdata_s, 2147483647, "", "", false, true);
}
$_POST[$field] = $sha;
$sets[] = "pss = '" . $newsalt . "'";
}
}
