function check_cookie()
{
global $cookie_name, $cookie_seed;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
$now = time();
// Get FeatherBB cookie
$cookie_raw = $feather->getCookie($cookie_name);
// Check if cookie exists and is valid (getCookie method returns false if the data has been tampered locally so it can't decrypt the cookie);
if (isset($cookie_raw)) {
$cookie = json_decode($cookie_raw, true);
$checksum = hash_hmac('sha1', $cookie['user_id'] . $cookie['expires'], $cookie_seed . '_checksum');
// If cookie has a non-guest user, hasn't expired and is legit
if ($cookie['user_id'] > 1 && $cookie['expires'] > $now && $checksum == $cookie['checksum']) {
// Get user info from db
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$where_check_cookie = array('u.id' => intval($cookie['user_id']));
$result = \DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o')->where($where_check_cookie)->find_result_set();
foreach ($result as $feather->user) {
}
// Another security check, to prevent identity fraud by changing the user id in the cookie) (might be useless considering the strength of encryption)
if (isset($feather->user->id) && hash_hmac('sha1', $feather->user->password, $cookie_seed . '_password_hash') === $cookie['password_hash']) {
$expires = $cookie['expires'] > $now + $feather->config['o_timeout_visit'] ? $now + 1209600 : $now + $feather->config['o_timeout_visit'];
$feather->user->is_guest = false;
$feather->user->is_admmod = $feather->user->g_id == FEATHER_ADMIN || $feather->user->g_moderator == '1';
feather_setcookie($feather->user->id, $feather->user->password, $expires);
set_preferences();
return true;
}
}
}
// If there is no cookie, or cookie is guest or expired, let's reconnect.
$expires = $now + 31536000;
// The cookie expires after a year
feather_setcookie(1, feather_hash(uniqid(rand(), true)), $expires);
return set_default_user();
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $feather;
// Check if there's a user matching $user and $password
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$result = ORM::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
if (is_int($user)) {
$result = $result->where('u.id', intval($user));
} else {
$result = $result->where('u.username', $user);
}
$result = $result->find_result_set();
foreach ($result as $feather->user) {
}
if (!isset($feather->user->id) || $password_is_hash && $password != $feather->user->password || !$password_is_hash && feather_hash($password) != $feather->user->password) {
set_default_user();
} else {
$feather->user->is_guest = false;
}
}
public function insert_user($user)
{
global $lang_register;
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $this->config['o_regs_verify'] == '0' ? $this->config['o_default_user_group'] : FEATHER_UNVERIFIED;
$password_hash = feather_hash($user['password1']);
// Add the user
$insert_user = array('username' => $user['username'], 'group_id' => $intial_group_id, 'password' => $password_hash, 'email' => $user['email1'], 'email_setting' => $this->config['o_default_email_setting'], 'timezone' => $this->config['o_default_timezone'], 'dst' => 0, 'language' => $user['language'], 'style' => $this->config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now);
DB::for_table('users')->create()->set($insert_user)->save();
$new_uid = DB::get_db()->lastInsertId($this->feather->prefix . 'users');
if ($this->config['o_regs_verify'] == '0') {
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require FEATHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
}
// If the mailing list isn't empty, we may need to send out some alerts
if ($this->config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if (isset($user['banned_email'])) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/banned_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<email>', $user['email1'], $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the email was a dupe
if (!empty($dupe_list)) {
// Load the "dupe email register" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/dupe_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
if ($this->config['o_regs_report'] == '1') {
// Load the "new user" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/new_user.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $new_uid . '/'), $mail_message);
$mail_message = str_replace('<admin_url>', get_link('user/' . $new_uid . '/section/admin/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
// Must the user verify the registration or do we log him/her in right now?
if ($this->config['o_regs_verify'] == '1') {
// Load the "welcome" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/welcome.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $this->config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<username>', $user['username'], $mail_message);
$mail_message = str_replace('<password>', $user['password1'], $mail_message);
$mail_message = str_replace('<login_url>', get_link('login/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($user['email1'], $mail_subject, $mail_message);
message($lang_register['Reg email'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
}
feather_setcookie($new_uid, $password_hash, time() + $this->config['o_timeout_visit']);
redirect(get_base_url(), $lang_register['Reg complete']);
}
public function password_forgotten()
{
global $lang_common, $lang_login;
if (!$this->user->is_guest) {
header('Location: ' . get_base_url());
exit;
}
// Start with a clean slate
$errors = array();
if ($this->feather->request()->isPost()) {
require FEATHER_ROOT . 'include/email.php';
// Validate the email address
$email = strtolower(feather_trim($this->request->post('req_email')));
if (!is_valid_email($email)) {
$errors[] = $lang_common['Invalid email'];
}
// Did everything go according to plan?
if (empty($errors)) {
$select_password_forgotten = array('id', 'username', 'last_email_sent');
$result = DB::for_table('users')->select_many($select_password_forgotten)->where('email', $email)->find_many();
if ($result) {
// Load the "activate password" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/activate_password.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all emails sent out here)
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
// Loop through users we found
foreach ($result as $cur_hit) {
if ($cur_hit->last_email_sent != '' && time() - $cur_hit->last_email_sent < 3600 && time() - $cur_hit->last_email_sent >= 0) {
message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit->last_email_sent)) / 60)), true);
}
// Generate a new password and a new password activation code
$new_password = random_pass(12);
$new_password_key = random_pass(8);
$update_password = array('activate_string' => feather_hash($new_password), 'activate_key' => $new_password_key, 'last_email_sent' => time());
DB::for_table('users')->where('id', $cur_hit->id)->find_one()->set($update_password)->save();
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit->username, $mail_message);
$cur_mail_message = str_replace('<activation_url>', get_link('user/' . $cur_hit->id . '/action/change_pass/?key=' . $new_password_key), $cur_mail_message);
$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
pun_mail($email, $mail_subject, $cur_mail_message);
}
message($lang_login['Forget mail'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
} else {
$errors[] = $lang_login['No email match'] . ' ' . htmlspecialchars($email) . '.';
}
}
}
return $errors;
}
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'poster' => array('datatype' => 'VARCHAR(200)', 'allow_null' => false, 'default' => '\'\''), 'subject' => array('datatype' => 'VARCHAR(255)', 'allow_null' => false, 'default' => '\'\''), 'posted' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'first_post_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_poster' => array('datatype' => 'VARCHAR(200)', 'allow_null' => true), 'num_views' => array('datatype' => 'MEDIUMINT(8) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'num_replies' => array('datatype' => 'MEDIUMINT(8) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'closed' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'sticky' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'moved_to' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'forum_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'), 'INDEXES' => array('forum_id_idx' => array('forum_id'), 'moved_to_idx' => array('moved_to'), 'last_post_idx' => array('last_post'), 'first_post_id_idx' => array('first_post_id')));
$db->create_table('topics', $schema) or error('Unable to create topics table', __FILE__, __LINE__, $db->error());
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'group_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '3'), 'username' => array('datatype' => 'VARCHAR(200)', 'allow_null' => false, 'default' => '\'\''), 'password' => array('datatype' => 'VARCHAR(40)', 'allow_null' => false, 'default' => '\'\''), 'email' => array('datatype' => 'VARCHAR(80)', 'allow_null' => false, 'default' => '\'\''), 'title' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true), 'realname' => array('datatype' => 'VARCHAR(40)', 'allow_null' => true), 'url' => array('datatype' => 'VARCHAR(100)', 'allow_null' => true), 'jabber' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'icq' => array('datatype' => 'VARCHAR(12)', 'allow_null' => true), 'msn' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'aim' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'yahoo' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'location' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'signature' => array('datatype' => 'TEXT', 'allow_null' => true), 'disp_topics' => array('datatype' => 'TINYINT(3) UNSIGNED', 'allow_null' => true), 'disp_posts' => array('datatype' => 'TINYINT(3) UNSIGNED', 'allow_null' => true), 'email_setting' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'notify_with_post' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'auto_notify' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'show_smilies' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_img' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_img_sig' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_avatars' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_sig' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'timezone' => array('datatype' => 'FLOAT', 'allow_null' => false, 'default' => '0'), 'dst' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'time_format' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'date_format' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'language' => array('datatype' => 'VARCHAR(25)', 'allow_null' => false, 'default' => '\'' . $db->escape($default_lang) . '\''), 'style' => array('datatype' => 'VARCHAR(25)', 'allow_null' => false, 'default' => '\'' . $db->escape($default_style) . '\''), 'num_posts' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_search' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_email_sent' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_report_sent' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'registered' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'registration_ip' => array('datatype' => 'VARCHAR(39)', 'allow_null' => false, 'default' => '\'0.0.0.0\''), 'last_visit' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'admin_note' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'activate_string' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'activate_key' => array('datatype' => 'VARCHAR(8)', 'allow_null' => true)), 'PRIMARY KEY' => array('id'), 'UNIQUE KEYS' => array('username_idx' => array('username')), 'INDEXES' => array('registered_idx' => array('registered')));
if ($db_type == 'mysql' || $db_type == 'mysqli' || $db_type == 'mysql_innodb' || $db_type == 'mysqli_innodb') {
$schema['UNIQUE KEYS']['username_idx'] = array('username(25)');
}
$db->create_table('users', $schema) or error('Unable to create users table', __FILE__, __LINE__, $db->error());
$now = time();
// Insert the four preset groups
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '1, ' : '') . '\'' . $db->escape($lang_install['Administrators']) . '\', \'' . $db->escape($lang_install['Administrator']) . '\', 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_mod_promote_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '2, ' : '') . '\'' . $db->escape($lang_install['Moderators']) . '\', \'' . $db->escape($lang_install['Moderator']) . '\', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '3, ' : '') . '\'' . $db->escape($lang_install['Guests']) . '\', NULL, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 60, 30, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '4, ' : '') . '\'' . $db->escape($lang_install['Members']) . '\', NULL, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 60, 30, 60, 60)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
// Insert guest and first admin user
$db->query('INSERT INTO ' . $db_prefix . 'users (group_id, username, password, email) VALUES(3, \'' . $db->escape($lang_install['Guest']) . '\', \'' . $db->escape($lang_install['Guest']) . '\', \'' . $db->escape($lang_install['Guest']) . '\')') or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \'' . $db->escape($username) . '\', \'' . feather_hash($password1) . '\', \'' . $email . '\', \'' . $db->escape($default_lang) . '\', \'' . $db->escape($default_style) . '\', 1, ' . $now . ', ' . $now . ', \'' . $db->escape(get_remote_address()) . '\', ' . $now . ')') or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
// Enable/disable avatars depending on file_uploads setting in PHP configuration
$avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0;
// Insert config data
$feather_config = array('o_cur_version' => FORUM_VERSION, 'o_database_revision' => FORUM_DB_REVISION, 'o_searchindex_revision' => FORUM_SI_REVISION, 'o_parser_revision' => FORUM_PARSER_REVISION, 'o_board_title' => $title, 'o_board_desc' => $description, 'o_default_timezone' => 0, 'o_time_format' => 'H:i:s', 'o_date_format' => 'Y-m-d', 'o_timeout_visit' => 1800, 'o_timeout_online' => 300, 'o_redirect_delay' => 1, 'o_show_version' => 0, 'o_show_user_info' => 1, 'o_show_post_count' => 1, 'o_signatures' => 1, 'o_smilies' => 1, 'o_smilies_sig' => 1, 'o_make_links' => 1, 'o_default_lang' => $default_lang, 'o_default_style' => $default_style, 'o_default_user_group' => 4, 'o_topic_review' => 15, 'o_disp_topics_default' => 30, 'o_disp_posts_default' => 25, 'o_indent_num_spaces' => 4, 'o_quote_depth' => 3, 'o_quickpost' => 1, 'o_users_online' => 1, 'o_censoring' => 0, 'o_show_dot' => 0, 'o_topic_views' => 1, 'o_quickjump' => 1, 'o_gzip' => 0, 'o_additional_navlinks' => '', 'o_report_method' => 0, 'o_regs_report' => 0, 'o_default_email_setting' => 1, 'o_mailing_list' => $email, 'o_avatars' => $avatars, 'o_avatars_dir' => 'img/avatars', 'o_avatars_width' => 60, 'o_avatars_height' => 60, 'o_avatars_size' => 10240, 'o_search_all_forums' => 1, 'o_base_url' => $base_url, 'o_admin_email' => $email, 'o_webmaster_email' => $email, 'o_forum_subscriptions' => 1, 'o_topic_subscriptions' => 1, 'o_smtp_host' => null, 'o_smtp_user' => null, 'o_smtp_pass' => null, 'o_smtp_ssl' => 0, 'o_regs_allow' => 1, 'o_regs_verify' => 0, 'o_announcement' => 0, 'o_announcement_message' => $lang_install['Announcement'], 'o_rules' => 0, 'o_rules_message' => $lang_install['Rules'], 'o_maintenance' => 0, 'o_maintenance_message' => $lang_install['Maintenance message'], 'o_default_dst' => 0, 'o_feed_type' => 2, 'o_feed_ttl' => 0, 'p_message_bbcode' => 1, 'p_message_img_tag' => 1, 'p_message_all_caps' => 1, 'p_subject_all_caps' => 1, 'p_sig_all_caps' => 1, 'p_sig_bbcode' => 1, 'p_sig_img_tag' => 0, 'p_sig_length' => 400, 'p_sig_lines' => 4, 'p_allow_banned_email' => 1, 'p_allow_dupe_email' => 0, 'p_force_guest_email' => 1);
foreach ($feather_config as $conf_name => $conf_value) {
$db->query('INSERT INTO ' . $db_prefix . 'config (conf_name, conf_value) VALUES(\'' . $conf_name . '\', ' . (is_null($conf_value) ? 'NULL' : '\'' . $db->escape($conf_value) . '\'') . ')') or error('Unable to insert into table ' . $db_prefix . 'config. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
}
// Insert some other default data
$subject = $lang_install['Test post'];
$message = $lang_install['Message'];
$db->query('INSERT INTO ' . $db_prefix . 'categories (cat_name, disp_position) VALUES(\'' . $db->escape($lang_install['Test category']) . '\', 1)') or error('Unable to insert into table ' . $db_prefix . 'categories. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'forums (forum_name, forum_desc, num_topics, num_posts, last_post, last_post_id, last_poster, disp_position, cat_id) VALUES(\'' . $db->escape($lang_install['Test forum']) . '\', \'' . $db->escape($lang_install['This is just a test forum']) . '\', 1, 1, ' . $now . ', 1, \'' . $db->escape($username) . '\', 1, 1)') or error('Unable to insert into table ' . $db_prefix . 'forums. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'topics (poster, subject, posted, first_post_id, last_post, last_post_id, last_poster, forum_id) VALUES(\'' . $db->escape($username) . '\', \'' . $db->escape($subject) . '\', ' . $now . ', 1, ' . $now . ', 1, \'' . $db->escape($username) . '\', 1)') or error('Unable to insert into table ' . $db_prefix . 'topics. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'posts (poster, poster_id, poster_ip, message, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', 2, \'' . $db->escape(get_remote_address()) . '\', \'' . $db->escape($message) . '\', ' . $now . ', 1)') or error('Unable to insert into table ' . $db_prefix . 'posts. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->end_transaction();
public function display()
{
global $lang_common;
// START SUBST - <body> TODO
/*if (isset($focus_element)) {
$tpl_main = str_replace('<body onload="', '<body onload="document.getElementById(\''.$focus_element[0].'\').elements[\''.$focus_element[1].'\'].focus();', $tpl_main);
$tpl_main = str_replace('<body>', '<body onload="document.getElementById(\''.$focus_element[0].'\').elements[\''.$focus_element[1].'\'].focus()">', $tpl_main);
}*/
// END SUBST - <body>
// START SUBST - <pun_navlinks>
$links = array();
// Index should always be displayed
$links[] = '<li id="navindex"' . (FEATHER_ACTIVE_PAGE == 'index' ? ' class="isactive"' : '') . '><a href="' . get_base_url() . '/">' . $lang_common['Index'] . '</a></li>';
if ($this->user->g_read_board == '1' && $this->user->g_view_users == '1') {
$links[] = '<li id="navuserlist"' . (FEATHER_ACTIVE_PAGE == 'userlist' ? ' class="isactive"' : '') . '><a href="' . get_link('userlist/') . '">' . $lang_common['User list'] . '</a></li>';
}
if ($this->config['o_rules'] == '1' && (!$this->user->is_guest || $this->user->g_read_board == '1' || $this->config['o_regs_allow'] == '1')) {
$links[] = '<li id="navrules"' . (FEATHER_ACTIVE_PAGE == 'rules' ? ' class="isactive"' : '') . '><a href="' . get_link('rules/') . '">' . $lang_common['Rules'] . '</a></li>';
}
if ($this->user->g_read_board == '1' && $this->user->g_search == '1') {
$links[] = '<li id="navsearch"' . (FEATHER_ACTIVE_PAGE == 'search' ? ' class="isactive"' : '') . '><a href="' . get_link('search/') . '">' . $lang_common['Search'] . '</a></li>';
}
if ($this->user->is_guest) {
$links[] = '<li id="navregister"' . (FEATHER_ACTIVE_PAGE == 'register' ? ' class="isactive"' : '') . '><a href="' . get_link('register/') . '">' . $lang_common['Register'] . '</a></li>';
$links[] = '<li id="navlogin"' . (FEATHER_ACTIVE_PAGE == 'login' ? ' class="isactive"' : '') . '><a href="' . get_link('login/') . '">' . $lang_common['Login'] . '</a></li>';
} else {
$links[] = '<li id="navprofile"' . (FEATHER_ACTIVE_PAGE == 'profile' ? ' class="isactive"' : '') . '><a href="' . get_link('user/' . $this->user->id . '/') . '">' . $lang_common['Profile'] . '</a></li>';
if ($this->user->is_admmod) {
$links[] = '<li id="navadmin"' . (FEATHER_ACTIVE_PAGE == 'admin' ? ' class="isactive"' : '') . '><a href="' . get_link('admin/') . '">' . $lang_common['Admin'] . '</a></li>';
}
$links[] = '<li id="navlogout"><a href="' . get_link('logout/id/' . $this->user->id . '/token/' . feather_hash($this->user->id . feather_hash(get_remote_address()))) . '/">' . $lang_common['Logout'] . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
if ($this->user->g_read_board == '1' && $this->config['o_additional_navlinks'] != '') {
if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $this->config['o_additional_navlinks'] . "\n", $extra_links)) {
// Insert any additional links into the $links array (at the correct index)
$num_links = count($extra_links[1]);
for ($i = 0; $i < $num_links; ++$i) {
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra' . ($i + 1) . '">' . $extra_links[2][$i] . '</li>'));
}
}
}
$navlinks = '<div id="brdmenu" class="inbox">' . "\n\t\t\t" . '<ul>' . "\n\t\t\t\t" . implode("\n\t\t\t\t", $links) . "\n\t\t\t" . '</ul>' . "\n\t\t" . '</div>';
// END SUBST - <pun_navlinks>
// START SUBST - <pun_status>
$page_statusinfo = $page_topicsearches = array();
if ($this->user->is_guest) {
$page_statusinfo = '<p class="conl">' . $lang_common['Not logged in'] . '</p>';
} else {
$page_statusinfo[] = '<li><span>' . $lang_common['Logged in as'] . ' <strong>' . feather_escape($this->user->username) . '</strong></span></li>';
$page_statusinfo[] = '<li><span>' . sprintf($lang_common['Last visit'], format_time($this->user->last_visit)) . '</span></li>';
if ($this->user->is_admmod) {
if ($this->config['o_report_method'] == '0' || $this->config['o_report_method'] == '2') {
if ($this->model->get_reports()) {
$page_statusinfo[] = '<li class="reportlink"><span><strong><a href="' . get_link('admin/reports/') . '">' . $lang_common['New reports'] . '</a></strong></span></li>';
}
}
if ($this->config['o_maintenance'] == '1') {
$page_statusinfo[] = '<li class="maintenancelink"><span><strong><a href="' . get_link('admin/maintenance/') . '">' . $lang_common['Maintenance mode enabled'] . '</a></strong></span></li>';
}
}
if ($this->user->g_read_board == '1' && $this->user->g_search == '1') {
$page_topicsearches[] = '<a href="' . get_link('search/show/replies/') . '" title="' . $lang_common['Show posted topics'] . '">' . $lang_common['Posted topics'] . '</a>';
$page_topicsearches[] = '<a href="' . get_link('search/show/new/') . '" title="' . $lang_common['Show new posts'] . '">' . $lang_common['New posts header'] . '</a>';
}
}
// Quick searches
if ($this->user->g_read_board == '1' && $this->user->g_search == '1') {
$page_topicsearches[] = '<a href="' . get_link('search/show/recent/') . '" title="' . $lang_common['Show active topics'] . '">' . $lang_common['Active topics'] . '</a>';
$page_topicsearches[] = '<a href="' . get_link('search/show/unanswered/') . '" title="' . $lang_common['Show unanswered topics'] . '">' . $lang_common['Unanswered topics'] . '</a>';
}
// Generate all that jazz
$page_info = '<div id="brdwelcome" class="inbox">';
// The status information
if (is_array($page_statusinfo)) {
$page_info .= "\n\t\t\t" . '<ul class="conl">';
$page_info .= "\n\t\t\t\t" . implode("\n\t\t\t\t", $page_statusinfo);
$page_info .= "\n\t\t\t" . '</ul>';
} else {
$page_info .= "\n\t\t\t" . $page_statusinfo;
}
// Generate quicklinks
if (!empty($page_topicsearches)) {
$page_info .= "\n\t\t\t" . '<ul class="conr">';
$page_info .= "\n\t\t\t\t" . '<li><span>' . $lang_common['Topic searches'] . ' ' . implode(' | ', $page_topicsearches) . '</span></li>';
$page_info .= "\n\t\t\t" . '</ul>';
}
$page_info .= "\n\t\t\t" . '<div class="clearer"></div>' . "\n\t\t" . '</div>';
// END SUBST - <pun_status>
// START SUBST - <pun_main>
if (!defined('FEATHER_HEADER')) {
define('FEATHER_HEADER', 1);
}
// Render the header
$this->title = isset($this->title) ? $this->title : feather_escape($this->config['o_board_title']);
// Define $p if it's not set to avoid a PHP notice
$this->page = isset($this->page) ? $this->page : null;
$this->page_head = isset($this->page_head) ? $this->page_head : null;
$this->focus_element = isset($this->focus_element) ? $this->focus_element : null;
$this->paging_links = isset($this->paging_links) ? $this->paging_links : null;
$this->required_fields = isset($this->required_fields) ? $this->required_fields : null;
$this->feather->render('header.php', array('lang_common' => $lang_common, 'page_title' => $this->title, 'focus_element' => $this->focus_element, 'p' => $this->page, 'feather_user' => $this->user, 'feather_config' => $this->config, '_SERVER' => $_SERVER, 'page_head' => $this->page_head, 'navlinks' => $navlinks, 'page_info' => $page_info, 'paging_links' => $this->paging_links, 'required_fields' => $this->required_fields, 'feather' => $this->feather));
}
public function change_email($id)
{
global $lang_profile, $lang_common, $lang_prof_reg;
// Make sure we are allowed to change this user's email
if ($this->user->id != $id) {
if (!$this->user->is_admmod) {
// A regular user trying to change another user's email?
message($lang_common['No permission'], '403');
} elseif ($this->user->g_moderator == '1') {
// A moderator trying to change a user's email?
$select_change_mail = array('u.group_id', 'g.g_moderator');
$user = DB::for_table('users')->table_alias('u')->select_many($select_change_mail)->inner_join('groups', array('g.g_id', '=', 'u.group_id'), 'g')->where('u.id', $id)->find_one();
if (!$user) {
message($lang_common['Bad request'], '404');
}
if ($this->user->g_mod_edit_users == '0' || $this->user->g_mod_change_passwords == '0' || $user['group_id'] == FEATHER_ADMIN || $user['g_moderator'] == '1') {
message($lang_common['No permission'], '403');
}
}
}
if ($this->request->get('key')) {
$key = $this->request->get('key');
$new_email_key = DB::for_table('users')->where('id', $id)->find_one_col('activate_key');
if ($key == '' || $key != $new_email_key) {
message($lang_profile['Email key bad'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.');
} else {
DB::for_table('users')->where('id', $id)->find_one()->set_expr('email', 'activate_string')->set_expr('activate_string', 'NULL')->set_expr('activate_key', 'NULL')->save();
message($lang_profile['Email updated'], true);
}
} elseif ($this->request->isPost()) {
if (feather_hash($this->request->post('req_password')) !== $this->user->password) {
message($lang_profile['Wrong pass']);
}
require FEATHER_ROOT . 'include/email.php';
// Validate the email address
$new_email = strtolower(feather_trim($this->request->post('req_new_email')));
if (!is_valid_email($new_email)) {
message($lang_common['Invalid email']);
}
// Check if it's a banned email address
if (is_banned_email($new_email)) {
if ($this->config['p_allow_banned_email'] == '0') {
message($lang_prof_reg['Banned email']);
} elseif ($this->config['o_mailing_list'] != '') {
// Load the "banned email change" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/banned_email_change.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $this->user->username, $mail_message);
$mail_message = str_replace('<email>', $new_email, $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $id . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
// Check if someone else already has registered with that email address
$select_change_mail = array('id', 'username');
$result = DB::for_table('users')->select_many($select_change_mail)->where('email', $new_email)->find_many();
if ($result) {
if ($this->config['p_allow_dupe_email'] == '0') {
message($lang_prof_reg['Dupe email']);
} elseif ($this->config['o_mailing_list'] != '') {
foreach ($result as $cur_dupe) {
$dupe_list[] = $cur_dupe['username'];
}
// Load the "dupe email change" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/dupe_email_change.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $this->user->username, $mail_message);
$mail_message = str_replace('<dupe_list>', implode(', ', $dupe_list), $mail_message);
$mail_message = str_replace('<profile_url>', get_link('user/' . $id . '/'), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($this->config['o_mailing_list'], $mail_subject, $mail_message);
}
}
$new_email_key = random_pass(8);
// Update the user
$update_user = array('activate_string' => $new_email, 'activate_key' => $new_email_key);
DB::for_table('users')->where('id', tid)->find_one()->set($update_user)->save();
// Load the "activate email" template
$mail_tpl = trim(file_get_contents(FEATHER_ROOT . 'lang/' . $this->user->language . '/mail_templates/activate_email.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $this->user->username, $mail_message);
$mail_message = str_replace('<base_url>', get_base_url(), $mail_message);
$mail_message = str_replace('<activation_url>', get_link('user/' . $id . '/action/change_email/?key=' . $new_email_key), $mail_message);
$mail_message = str_replace('<board_mailer>', $this->config['o_board_title'], $mail_message);
pun_mail($new_email, $mail_subject, $mail_message);
message($lang_profile['Activate email sent'] . ' <a href="mailto:' . feather_escape($this->config['o_admin_email']) . '">' . feather_escape($this->config['o_admin_email']) . '</a>.', true);
}
}
