function do_redirect($matches, $post_id, $user_id)
{
global $forum_db, $lang_redirect_links;
if (count($matches) > 0) {
foreach ($matches as $cur_url) {
if (forum_hash(forum_htmlencode($cur_url), '') == $_POST['hash']) {
// update counters, add if not exist
$subquery = array();
if ($post_id) {
$subquery[] = ' post_id=' . $post_id;
}
if ($user_id) {
$subquery[] = ' user_id=' . $user_id;
}
$query = array('SELECT' => '*', 'FROM' => 'hcs_redirect_links', 'WHERE' => 'link=\'' . $forum_db->escape($cur_url) . '\' AND ' . implode(' AND ', $subquery));
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
if (!$forum_db->num_rows($result)) {
$query = array('INSERT' => 'link, counter, post_id, user_id', 'INTO' => 'hcs_redirect_links', 'VALUES' => '\'' . $forum_db->escape($cur_url) . '\', 1, \'' . $post_id . '\', \'' . $user_id . '\'');
} else {
$cur_redirect_link = $forum_db->fetch_assoc($result);
$counter = $cur_redirect_link['counter'] + 1;
$query = array('UPDATE' => 'hcs_redirect_links', 'SET' => 'counter = ' . $counter, 'WHERE' => 'link=\'' . $forum_db->escape($cur_url) . '\' AND ' . implode(' AND ', $subquery));
}
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
redirect($cur_url, $lang_redirect_links['Go redirect']);
exit;
}
}
}
}
function check_redirect(&$url, &$link, &$full_url)
{
global $cur_post, $forum_url, $user;
if (!is_reserved_url($full_url)) {
if (isset($cur_post) && isset($cur_post['id']) && !isset($GLOBALS['hcs_sig_redirect'])) {
$full_url = forum_link($forum_url['hcs_redirect'], array(forum_hash($full_url, ''), $cur_post['id'])) . '" target="_blank';
} else {
if (!isset($cur_post) && !isset($cur_post['id']) && isset($GLOBALS['hcs_sig_redirect'])) {
$full_url = forum_link($forum_url['hcs_redirect_sig'], array(forum_hash($full_url, ''), $user['id'])) . '" target="_blank';
} else {
if (isset($cur_post) && isset($cur_post['id']) && isset($GLOBALS['hcs_sig_redirect'])) {
$full_url = forum_link($forum_url['hcs_redirect_sigpost'], array(forum_hash($full_url, ''), $cur_post['id'], $cur_post['poster_id'])) . '" target="_blank';
}
}
}
$link = str_replace('http://', '', $link);
}
}
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire);
($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;
$_SESSION = array();
$_SESSION['NOT_BOT'] = 1;
redirect(FORUM_ROOT . "search.php?action=show_new");
}
} else {
$_SESSION['GPG_VERIFICATION_REQUIRED'] = 0;
// Remove this user's guest entry from the online list
$query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\'');
($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire);
($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;
$_SESSION = array();
$_SESSION['NOT_BOT'] = 1;
redirect(FORUM_ROOT . "search.php?action=show_new");
}
}
}
} else {
if ($action == 'out') {
if ($forum_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $forum_user['id']) {
header('Location: ' . forum_link($forum_url['index']));
exit;
}
// We validate the CSRF token. If it's set in POST and we're at this point, the token is valid.
// If it's in GET, we need to make sure it's valid.
function cookie_login(&$forum_user)
{
global $forum_db, $db_type, $forum_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $forum_time_formats, $forum_date_formats;
$now = time();
$expire = $now + 1209600;
// The cookie expires after 14 days
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'expiration_time' => 0, 'expire_hash' => 'Guest');
$return = ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// If a cookie is set, we get the user_id and password hash from it
if (!empty($_COOKIE[$cookie_name])) {
$cookie_data = explode('|', base64_decode($_COOKIE[$cookie_name]));
if (!empty($cookie_data) && count($cookie_data) == 4) {
list($cookie['user_id'], $cookie['password_hash'], $cookie['expiration_time'], $cookie['expire_hash']) = $cookie_data;
}
}
($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null;
// If this a cookie for a logged in user and it shouldn't have already expired
if (intval($cookie['user_id']) > 1 && intval($cookie['expiration_time']) > $now) {
authenticate_user(intval($cookie['user_id']), $cookie['password_hash'], true);
// We now validate the cookie hash
if ($cookie['expire_hash'] !== sha1($forum_user['salt'] . $forum_user['password'] . forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))) {
set_default_user();
}
// If we got back the default user, the login failed
if ($forum_user['id'] == '1') {
forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire);
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = intval($cookie['expiration_time']) > $now + $forum_config['o_timeout_visit'] ? $now + 1209600 : $now + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($forum_user['id'] . '|' . $forum_user['password'] . '|' . $expire . '|' . sha1($forum_user['salt'] . $forum_user['password'] . forum_hash($expire, $forum_user['salt']))), $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/common.php')) {
$forum_user['language'] = $forum_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(FORUM_ROOT . 'style/' . $forum_user['style'] . '/' . $forum_user['style'] . '.php')) {
$forum_user['style'] = $forum_config['o_default_style'];
}
if (!$forum_user['disp_topics']) {
$forum_user['disp_topics'] = $forum_config['o_disp_topics_default'];
}
if (!$forum_user['disp_posts']) {
$forum_user['disp_posts'] = $forum_config['o_disp_posts_default'];
}
// Check user has a valid date and time format
if (!isset($forum_time_formats[$forum_user['time_format']])) {
$forum_user['time_format'] = 0;
}
if (!isset($forum_date_formats[$forum_user['date_format']])) {
$forum_user['date_format'] = 0;
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('FORUM_QUIET_VISIT')) {
// Update the online list
if (!$forum_user['logged']) {
$forum_user['logged'] = $now;
$forum_user['csrf_token'] = random_key(40, false, true);
$forum_user['prev_url'] = get_current_url(255);
// REPLACE INTO avoids a user having two rows in the online table
$query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => $forum_user['id'] . ', \'' . $forum_db->escape($forum_user['username']) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=' . $forum_user['id']);
if ($forum_user['prev_url'] != null) {
$query['REPLACE'] .= ', prev_url';
$query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\'';
}
($hook = get_hook('fn_cookie_login_qr_add_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($forum_user['logged'] < $now - $forum_config['o_timeout_visit']) {
$query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']);
($hook = get_hook('fn_cookie_login_qr_update_user_visit')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$forum_user['last_visit'] = $forum_user['logged'];
}
// Now update the logged time and save the current URL in the online list
$query = array('UPDATE' => 'online', 'SET' => 'logged=' . $now, 'WHERE' => 'user_id=' . $forum_user['id']);
$current_url = get_current_url(255);
if ($current_url != null) {
$query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\'';
}
if ($forum_user['idle'] == '1') {
$query['SET'] .= ', idle=0';
}
($hook = get_hook('fn_cookie_login_qr_update_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $forum_config['o_timeout_visit']);
}
}
}
$forum_user['is_guest'] = false;
$forum_user['is_admmod'] = $forum_user['g_id'] == FORUM_ADMIN || $forum_user['g_moderator'] == '1';
} else {
set_default_user();
}
($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null;
}
}
if (isset($_GET['key'])) {
$key = $_GET['key'];
($hook = get_hook('pf_change_email_key_supplied')) ? eval($hook) : null;
if ($key == '' || $key != $user['activate_key']) {
message(sprintf($lang_profile['E-mail key bad'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>'));
} else {
$query = array('UPDATE' => 'users', 'SET' => 'email=activate_string, activate_string=NULL, activate_key=NULL', 'WHERE' => 'id=' . $id);
($hook = get_hook('pf_change_email_key_qr_update_email')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
message($lang_profile['E-mail updated']);
}
} else {
if (isset($_POST['form_sent'])) {
($hook = get_hook('pf_change_email_normal_form_submitted')) ? eval($hook) : null;
if (forum_hash($_POST['req_password'], $forum_user['salt']) !== $forum_user['password']) {
$errors[] = $lang_profile['Wrong password'];
}
if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/email.php';
}
// Validate the email-address
$new_email = strtolower(forum_trim($_POST['req_new_email']));
if (!is_valid_email($new_email)) {
$errors[] = $lang_common['Invalid e-mail'];
}
// Check if it's a banned e-mail address
if (is_banned_email($new_email)) {
($hook = get_hook('pf_change_email_normal_banned_email')) ? eval($hook) : null;
if ($forum_config['p_allow_banned_email'] == '0') {
$errors[] = $lang_profile['Banned e-mail'];
function pun_stop_bots_check_cookie()
{
global $forum_user, $forum_db;
$query = array('SELECT' => 'pun_stop_bots_question_id', 'FROM' => 'users', 'WHERE' => 'id = ' . $forum_user['id']);
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
$row = $forum_db->fetch_assoc($result);
if ($row) {
$question_id = $row['pun_stop_bots_question_id'];
$pun_stop_bots_cookie = explode('|', base64_decode($_COOKIE[PUN_STOP_BOTS_COOKIE_NAME]));
if (count($pun_stop_bots_cookie) != 4) {
return FALSE;
} else {
list($user_id, $question_hash, $expire_time, $expire_hash) = $pun_stop_bots_cookie;
if ($forum_user['id'] == $user_id && forum_hash($question_id, $forum_user['salt']) == $question_hash && sha1($forum_user['salt'] . forum_hash($expire_time, $forum_user['salt'])) == $expire_hash) {
return TRUE;
} else {
return FALSE;
}
}
} else {
return FALSE;
}
}
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$query = array('INSERT' => 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood', 'INTO' => 'groups', 'VALUES' => '\'Moderators\', \'Moderator\', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0');
if ($db_type != 'pgsql') {
$query['INSERT'] .= ', g_id';
$query['VALUES'] .= ', 4';
}
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Insert guest and first admin user
$query = array('INSERT' => 'group_id, username, password, email', 'INTO' => 'users', 'VALUES' => '2, \'Guest\', \'Guest\', \'Guest\'');
if ($db_type != 'pgsql') {
$query['INSERT'] .= ', id';
$query['VALUES'] .= ', 1';
}
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$salt = random_key(12);
$query = array('INSERT' => 'group_id, username, password, email, language, num_posts, last_post, registered, registration_ip, last_visit, salt', 'INTO' => 'users', 'VALUES' => '1, \'' . $forum_db->escape($username) . '\', \'' . forum_hash($password1, $salt) . '\', \'' . $forum_db->escape($email) . '\', \'' . $forum_db->escape($default_lang) . '\', 1, ' . $now . ', ' . $now . ', \'127.0.0.1\', ' . $now . ', \'' . $forum_db->escape($salt) . '\'');
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$new_uid = $forum_db->insert_id();
// Enable/disable avatars depending on file_uploads setting in PHP configuration
$avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0;
// Enable/disable automatic check for updates depending on PHP environment (require cURL, fsockopen or allow_url_fopen)
$check_for_updates = function_exists('curl_init') || function_exists('fsockopen') || in_array(strtolower(@ini_get('allow_url_fopen')), array('on', 'true', '1')) ? 1 : 0;
// Insert config data
$config = array('o_cur_version' => "'" . FORUM_VERSION . "'", 'o_database_revision' => "'" . FORUM_DB_REVISION . "'", 'o_board_title' => "'" . $forum_db->escape($board_title) . "'", 'o_board_desc' => "'" . $forum_db->escape($board_descrip) . "'", 'o_default_timezone' => "'0'", 'o_time_format' => "'H:i:s'", 'o_date_format' => "'Y-m-d'", 'o_check_for_updates' => "'{$check_for_updates}'", 'o_check_for_versions' => "'{$check_for_updates}'", 'o_timeout_visit' => "'5400'", 'o_timeout_online' => "'300'", 'o_redirect_delay' => "'0'", 'o_show_version' => "'0'", 'o_show_user_info' => "'1'", 'o_show_post_count' => "'1'", 'o_signatures' => "'1'", 'o_smilies' => "'1'", 'o_smilies_sig' => "'1'", 'o_make_links' => "'1'", 'o_default_lang' => "'" . $forum_db->escape($default_lang) . "'", 'o_default_style' => "'Oxygen'", 'o_default_user_group' => "'3'", 'o_topic_review' => "'15'", 'o_disp_topics_default' => "'30'", 'o_disp_posts_default' => "'25'", 'o_indent_num_spaces' => "'4'", 'o_quote_depth' => "'3'", 'o_quickpost' => "'1'", 'o_users_online' => "'1'", 'o_censoring' => "'0'", 'o_ranks' => "'1'", 'o_show_dot' => "'0'", 'o_topic_views' => "'1'", 'o_quickjump' => "'1'", 'o_gzip' => "'0'", 'o_additional_navlinks' => "''", 'o_report_method' => "'0'", 'o_regs_report' => "'0'", 'o_default_email_setting' => "'1'", 'o_mailing_list' => "'" . $forum_db->escape($email) . "'", 'o_avatars' => "'{$avatars}'", 'o_avatars_dir' => "'img/avatars'", 'o_avatars_width' => "'60'", 'o_avatars_height' => "'60'", 'o_avatars_size' => "'15360'", 'o_search_all_forums' => "'1'", 'o_sef' => "'Default'", 'o_admin_email' => "'" . $forum_db->escape($email) . "'", 'o_webmaster_email' => "'" . $forum_db->escape($email) . "'", 'o_subscriptions' => "'1'", 'o_smtp_host' => "NULL", 'o_smtp_user' => "NULL", 'o_smtp_pass' => "NULL", 'o_smtp_ssl' => "'0'", 'o_regs_allow' => "'1'", 'o_regs_verify' => "'0'", 'o_announcement' => "'0'", 'o_announcement_heading' => "'" . $lang_install['Default announce heading'] . "'", 'o_announcement_message' => "'" . $lang_install['Default announce message'] . "'", 'o_rules' => "'0'", 'o_rules_message' => "'" . $lang_install['Default rules'] . "'", 'o_maintenance' => "'0'", 'o_maintenance_message' => "'" . $lang_admin_settings['Maintenance message default'] . "'", 'o_default_dst' => "'0'", 'p_message_bbcode' => "'1'", 'p_message_img_tag' => "'1'", 'p_message_all_caps' => "'1'", 'p_subject_all_caps' => "'1'", 'p_sig_all_caps' => "'1'", 'p_sig_bbcode' => "'1'", 'p_sig_img_tag' => "'0'", 'p_sig_length' => "'400'", 'p_sig_lines' => "'4'", 'p_allow_banned_email' => "'1'", 'p_allow_dupe_email' => "'0'", 'p_force_guest_email' => "'1'", 'o_show_moderators' => "'0'", 'o_mask_passwords' => "'1'");
foreach ($config as $conf_name => $conf_value) {
$query = array('INSERT' => 'conf_name, conf_value', 'INTO' => 'config', 'VALUES' => '\'' . $conf_name . '\', ' . $conf_value . '');
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
// Insert some other default data
$query = array('INSERT' => 'cat_name, disp_position', 'INTO' => 'categories', 'VALUES' => '\'' . $lang_install['Default category name'] . '\', 1');
$forum_db->query_build($query) or error(__FILE__, __LINE__);
private function user_register($profile, $prev_url)
{
global $forum_config, $lang_fancy_login_loginza, $forum_user, $forum_db, $forum_url;
// Load the profile language file
if (!isset($lang_profile)) {
require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php';
}
// We allowed register new users?
if ($forum_config['o_regs_allow'] == '0') {
message($lang_profile['No new regs']);
}
// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
$query = array('SELECT' => 'COUNT(u.id)', 'FROM' => 'users AS u', 'WHERE' => 'u.registration_ip=\'' . $forum_db->escape(get_remote_address()) . '\' AND u.registered>' . (time() - 3600));
($hook = get_hook('rg_register_qr_check_register_flood')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
if ($forum_db->result($result) > 0) {
message($lang_profile['Registration flood']);
}
// Get user info from Loginza Profile
$username = $this->get_username_for_new_user($profile);
$loginza_identity = isset($profile->identity) ? forum_trim($profile->identity) : FALSE;
$lup = new LoginzaUserProfile($profile);
$email = $lup->get_email();
if (!$username) {
message($lang_fancy_login_loginza['Error empty username']);
}
if (!$loginza_identity) {
message($lang_fancy_login_loginza['Error empty identity']);
}
// Check e-mail address
$banned_email = FALSE;
$dupe_list = array();
if ($email) {
$error = $this->check_email($email, $banned_email, $dupe_list);
if (TRUE !== $error) {
message($error);
}
}
// Clean old unverified registrators - delete older than 72 hours
$query = array('DELETE' => 'users', 'WHERE' => 'group_id=' . FORUM_UNVERIFIED . ' AND activate_key IS NOT NULL AND registered < ' . (time() - 259200));
($hook = get_hook('rg_register_qr_delete_unverified')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
($hook = get_hook('rg_register_end_validation')) ? eval($hook) : null;
// User default info
$language = $forum_config['o_default_lang'];
$password = random_key(12, TRUE);
$salt = random_key(12);
$password_hash = forum_hash($password, $salt);
$initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED;
// Timezone & DST
$this->get_timezone_and_dst($timezone, $dst);
// Insert the new user into the database.
// We do this now to get the last inserted id for later use.
$user_info = array('username' => $username, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password, 'password_hash' => $password_hash, 'email' => $email, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $forum_config['o_default_lang'], 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, TRUE) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1', 'loginza_profile' => $profile, 'loginza_return_url' => $prev_url, 'loginza_banned_email' => $banned_email, 'loginza_dupe_list' => $dupe_list);
($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null;
// If we dont have email — save userdata to session and show form
if (!$email) {
if (!isset($_SESSION)) {
session_start();
}
$session_id = 'fancy_login_loginza_' . random_key(12, TRUE, TRUE);
$_SESSION[$session_id] = $user_info;
$this->form_end_reg($session_id);
} else {
if ($forum_config['o_regs_verify'] == '1' && $forum_config['o_fancy_login_loginza_trust_openid_emails'] == '1') {
// Skip activate email from OpenID
$user_info['activate_key'] = 'NULL';
$user_info['require_verification'] = FALSE;
$user_info['group_id'] = $forum_config['o_default_user_group'];
}
$this->register($user_info);
}
}
