/** * Verify the activation code, and activate the user if correct. * Accessed by ?action=activate */ public function action_activate() { global $context, $txt, $modSettings, $scripturl, $language, $user_info; require_once SUBSDIR . '/Auth.subs.php'; // Logged in users should not bother to activate their accounts if (!empty($user_info['id'])) { redirectexit(); } loadLanguage('Login'); loadTemplate('Login'); loadJavascriptFile('sha256.js', array('defer' => true)); if (empty($_REQUEST['u']) && empty($_POST['user'])) { if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3') { fatal_lang_error('no_access', false); } $context['member_id'] = 0; $context['sub_template'] = 'resend'; $context['page_title'] = $txt['invalid_activation_resend']; $context['can_activate'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] == '1'; $context['default_username'] = isset($_GET['user']) ? $_GET['user'] : ''; return; } // Get the code from the database... $row = findUser(empty($_REQUEST['u']) ? ' member_name = {string:email_address} OR email_address = {string:email_address}' : ' id_member = {int:id_member}', array('id_member' => isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, 'email_address' => isset($_POST['user']) ? $_POST['user'] : ''), false); // Does this user exist at all? if (empty($row)) { $context['sub_template'] = 'retry_activate'; $context['page_title'] = $txt['invalid_userid']; $context['member_id'] = 0; return; } // Change their email address? (they probably tried a fake one first :P.) require_once SUBSDIR . '/Auth.subs.php'; if (isset($_POST['new_email'], $_REQUEST['passwd']) && validateLoginPassword($_REQUEST['passwd'], $row['passwd'], $row['member_name'], true) && ($row['is_activated'] == 0 || $row['is_activated'] == 2)) { if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) { fatal_lang_error('no_access', false); } // @todo Separate the sprintf? require_once SUBSDIR . '/DataValidator.class.php'; if (!Data_Validator::is_valid($_POST, array('new_email' => 'valid_email|required|max_length[255]'), array('new_email' => 'trim'))) { fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'], ENT_COMPAT, 'UTF-8')), false); } // Make sure their email isn't banned. isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']); // Ummm... don't even dare try to take someone else's email!! // @todo Separate the sprintf? if (userByEmail($_POST['new_email'])) { fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email'], ENT_COMPAT, 'UTF-8'))); } updateMemberData($row['id_member'], array('email_address' => $_POST['new_email'])); $row['email_address'] = $_POST['new_email']; $email_change = true; } // Resend the password, but only if the account wasn't activated yet. if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'resend' && ($row['is_activated'] == 0 || $row['is_activated'] == 2) && (!isset($_REQUEST['code']) || $_REQUEST['code'] == '')) { require_once SUBSDIR . '/Mail.subs.php'; $replacements = array('REALNAME' => $row['real_name'], 'USERNAME' => $row['member_name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $row['id_member'] . ';code=' . $row['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $row['id_member'], 'ACTIVATIONCODE' => $row['validation_code'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder'); $emaildata = loadEmailTemplate('resend_activate_message', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); $context['page_title'] = $txt['invalid_activation_resend']; // This will ensure we don't actually get an error message if it works! $context['error_title'] = ''; fatal_lang_error(!empty($email_change) ? 'change_email_success' : 'resend_email_success', false); } // Quit if this code is not right. if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code']) { if (!empty($row['is_activated'])) { fatal_lang_error('already_activated', false); } elseif ($row['validation_code'] == '') { loadLanguage('Profile'); fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'member_name'] . '">' . $txt['here'] . '</a>.', false); } $context['sub_template'] = 'retry_activate'; $context['page_title'] = $txt['invalid_activation_code']; $context['member_id'] = $row['id_member']; return; } // Let the integration know that they've been activated! call_integration_hook('integrate_activate', array($row['member_name'])); // Validation complete - update the database! updateMemberData($row['id_member'], array('is_activated' => 1, 'validation_code' => '')); // Also do a proper member stat re-evaluation. updateStats('member', false); if (!isset($_POST['new_email'])) { require_once SUBSDIR . '/Notification.subs.php'; sendAdminNotifications('activation', $row['id_member'], $row['member_name']); } $context += array('page_title' => $txt['registration_successful'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => '', 'never_expire' => false, 'description' => $txt['activate_success']); }
function notifyMembersBoard(&$topicData) { global $txt, $scripturl, $language, $user_info; global $modSettings, $sourcedir, $board, $smcFunc, $context; require_once $sourcedir . '/Subs-Post.php'; // Do we have one or lots of topics? if (isset($topicData['body'])) { $topicData = array($topicData); } // Find out what boards we have... and clear out any rubbish! $boards = array(); foreach ($topicData as $key => $topic) { if (!empty($topic['board'])) { $boards[$topic['board']][] = $key; } else { unset($topic[$key]); continue; } // Censor the subject and body... censorText($topicData[$key]['subject']); censorText($topicData[$key]['body']); $topicData[$key]['subject'] = un_htmlspecialchars($topicData[$key]['subject']); $topicData[$key]['body'] = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($topicData[$key]['body'], false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '[' => '[', ']' => ']'))))); } // Just the board numbers. $board_index = array_unique(array_keys($boards)); if (empty($board_index)) { return; } // Yea, we need to add this to the digest queue. $digest_insert = array(); foreach ($topicData as $id => $data) { $digest_insert[] = array($data['topic'], $data['msg'], 'topic', $user_info['id']); } $smcFunc['db_insert']('', '{db_prefix}log_digest', array('id_topic' => 'int', 'id_msg' => 'int', 'note_type' => 'string', 'exclude' => 'int'), $digest_insert, array()); // Find the members with notification on for these boards. $members = $smcFunc['db_query']('', ' SELECT mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_send_body, mem.lngfile, ln.sent, ln.id_board, mem.id_group, mem.additional_groups, b.member_groups, mem.id_post_group FROM {db_prefix}log_notify AS ln INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board) INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ln.id_member) WHERE ln.id_board IN ({array_int:board_list}) AND mem.id_member != {int:current_member} AND mem.is_activated = {int:is_activated} AND mem.notify_types != {int:notify_types} AND mem.notify_regularity < {int:notify_regularity} ORDER BY mem.lngfile', array('current_member' => $user_info['id'], 'board_list' => $board_index, 'is_activated' => 1, 'notify_types' => 4, 'notify_regularity' => 2)); while ($rowmember = $smcFunc['db_fetch_assoc']($members)) { if ($rowmember['id_group'] != 1) { $allowed = explode(',', $rowmember['member_groups']); $rowmember['additional_groups'] = explode(',', $rowmember['additional_groups']); $rowmember['additional_groups'][] = $rowmember['id_group']; $rowmember['additional_groups'][] = $rowmember['id_post_group']; if (count(array_intersect($allowed, $rowmember['additional_groups'])) == 0) { continue; } } $langloaded = loadLanguage('EmailTemplates', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false); // Now loop through all the notifications to send for this board. if (empty($boards[$rowmember['id_board']])) { continue; } $sentOnceAlready = 0; foreach ($boards[$rowmember['id_board']] as $key) { // Don't notify the guy who started the topic! //!!! In this case actually send them a "it's approved hooray" email if ($topicData[$key]['poster'] == $rowmember['id_member']) { continue; } // Setup the string for adding the body to the message, if a user wants it. $send_body = empty($modSettings['disallow_sendBody']) && !empty($rowmember['notify_send_body']); $replacements = array('TOPICSUBJECT' => $topicData[$key]['subject'], 'TOPICLINK' => $scripturl . '?topic=' . $topicData[$key]['topic'] . '.new#new', 'MESSAGE' => $topicData[$key]['body'], 'UNSUBSCRIBELINK' => $scripturl . '?action=notifyboard;board=' . $topicData[$key]['board'] . '.0'); if (!$send_body) { unset($replacements['MESSAGE']); } // Figure out which email to send off $emailtype = ''; // Send only if once is off or it's on and it hasn't been sent. if (!empty($rowmember['notify_regularity']) && !$sentOnceAlready && empty($rowmember['sent'])) { $emailtype = 'notify_boards_once'; } elseif (empty($rowmember['notify_regularity'])) { $emailtype = 'notify_boards'; } if (!empty($emailtype)) { $emailtype .= $send_body ? '_body' : ''; $emaildata = loadEmailTemplate($emailtype, $replacements, $langloaded); sendmail($rowmember['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 3); } $sentOnceAlready = 1; } } $smcFunc['db_free_result']($members); // Sent! $smcFunc['db_query']('', ' UPDATE {db_prefix}log_notify SET sent = {int:is_sent} WHERE id_board IN ({array_int:board_list}) AND id_member != {int:current_member}', array('current_member' => $user_info['id'], 'board_list' => $board_index, 'is_sent' => 1)); }
function Activate() { global $context, $txt, $modSettings, $scripturl, $sourcedir, $language; loadLanguage('Login'); //loadTemplate('Login'); if (empty($_REQUEST['u']) && empty($_POST['user'])) { if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) { fatal_lang_error('no_access', false); } $context['member_id'] = 0; EoS_Smarty::loadTemplate('generic_skeleton'); EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/resend'); $context['page_title'] = $txt['invalid_activation_resend']; $context['can_activate'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] == 1; $context['default_username'] = isset($_GET['user']) ? $_GET['user'] : ''; return; } // Get the code from the database... $request = smf_db_query(' SELECT id_member, validation_code, member_name, real_name, email_address, is_activated, passwd, lngfile FROM {db_prefix}members' . (empty($_REQUEST['u']) ? ' WHERE member_name = {string:email_address} OR email_address = {string:email_address}' : ' WHERE id_member = {int:id_member}') . ' LIMIT 1', array('id_member' => isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, 'email_address' => isset($_POST['user']) ? $_POST['user'] : '')); // Does this user exist at all? if (mysql_num_rows($request) == 0) { EoS_Smarty::loadTemplate('generic_skeleton'); EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/retry_activate'); $context['page_title'] = $txt['invalid_userid']; $context['member_id'] = 0; return; } $row = mysql_fetch_assoc($request); mysql_free_result($request); // Change their email address? (they probably tried a fake one first :P.) if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd']) { if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) { fatal_lang_error('no_access', false); } // !!! Separate the sprintf? if (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['new_email']) == 0) { fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'])), false); } // Make sure their email isn't banned. isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']); // Ummm... don't even dare try to take someone else's email!! $request = smf_db_query(' SELECT id_member FROM {db_prefix}members WHERE email_address = {string:email_address} LIMIT 1', array('email_address' => $_POST['new_email'])); // !!! Separate the sprintf? if (mysql_num_rows($request) != 0) { fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email']))); } mysql_free_result($request); updateMemberData($row['id_member'], array('email_address' => $_POST['new_email'])); $row['email_address'] = $_POST['new_email']; $email_change = true; } // Resend the password, but only if the account wasn't activated yet. if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'resend' && ($row['is_activated'] == 0 || $row['is_activated'] == 2) && (!isset($_REQUEST['code']) || $_REQUEST['code'] == '')) { require_once $sourcedir . '/lib/Subs-Post.php'; $replacements = array('REALNAME' => $row['real_name'], 'USERNAME' => $row['member_name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $row['id_member'] . ';code=' . $row['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $row['id_member'], 'ACTIVATIONCODE' => $row['validation_code'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder'); $emaildata = loadEmailTemplate('resend_activate_message', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); $context['page_title'] = $txt['invalid_activation_resend']; // This will ensure we don't actually get an error message if it works! $context['error_title'] = ''; fatal_lang_error(!empty($email_change) ? 'change_email_success' : 'resend_email_success', false); } // Quit if this code is not right. if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code']) { if (!empty($row['is_activated'])) { fatal_lang_error('already_activated', false); } elseif ($row['validation_code'] == '') { loadLanguage('Profile'); fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'member_name'] . '">' . $txt['here'] . '</a>.', false); } EoS_Smarty::loadTemplate('generic_skeleton'); EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/retry_activate'); $context['page_title'] = $txt['invalid_activation_code']; $context['member_id'] = $row['id_member']; return; } // Let the integration know that they've been activated! HookAPI::callHook('integrate_activate', array($row['member_name'])); // Validation complete - update the database! updateMemberData($row['id_member'], array('is_activated' => 1, 'validation_code' => '')); // Also do a proper member stat re-evaluation. updateStats('member', false); if (!isset($_POST['new_email'])) { $actid = 0; require_once $sourcedir . '/lib/Subs-Post.php'; // add to the activity stream if ($modSettings['astream_active']) { require_once $sourcedir . '/lib/Subs-Activities.php'; $actid = aStreamAdd($row['id_member'], ACT_NEWMEMBER, array('member_name' => $row['member_name']), 0, 0, 0, $row['id_member']); } adminNotify('activation', $row['id_member'], $row['member_name'], $actid, ACT_NEWMEMBER); } EoS_Smarty::loadTemplate('generic_skeleton'); EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/login'); $context += array('page_title' => $txt['registration_successful'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => '', 'never_expire' => false, 'description' => $txt['activate_success']); }
function ReportToModerator2() { global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $sourcedir, $language, $context, $smcFunc; // You must have the proper permissions! isAllowedTo('report_any'); // Make sure they aren't spamming. spamProtection('reporttm'); require_once $sourcedir . '/Subs-Post.php'; // No errors, yet. $post_errors = array(); // Check their session. if (checkSession('post', '', false) != '') { $post_errors[] = 'session_timeout'; } // Make sure we have a comment and it's clean. if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '') { $post_errors[] = 'no_comment'; } $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\n" => '', "\t" => '')); // Guests need to provide their address! if ($user_info['is_guest']) { $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']); if ($_POST['email'] === '') { $post_errors[] = 'no_email'; } elseif (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) { $post_errors[] = 'bad_email'; } isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); $user_info['email'] = htmlspecialchars($_POST['email']); } // Could they get the right verification code? if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) { require_once $sourcedir . '/Subs-Editor.php'; $verificationOptions = array('id' => 'report'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { $post_errors = array_merge($post_errors, $context['require_verification']); } } // Any errors? if (!empty($post_errors)) { loadLanguage('Errors'); $context['post_errors'] = array(); foreach ($post_errors as $post_error) { $context['post_errors'][] = $txt['error_' . $post_error]; } return ReportToModerator(); } // Get the basic topic information, and make sure they can see it. $_POST['msg'] = (int) $_POST['msg']; $request = $smcFunc['db_query']('', ' SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name FROM {db_prefix}messages AS m LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member) WHERE m.id_msg = {int:id_msg} AND m.id_topic = {int:current_topic} LIMIT 1', array('current_topic' => $topic, 'id_msg' => $_POST['msg'])); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_board', false); } $message = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($message['subject']); // Get a list of members with the moderate_board permission. require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('moderate_board', $board); $request = $smcFunc['db_query']('', ' SELECT id_member, email_address, lngfile, mod_prefs FROM {db_prefix}members WHERE id_member IN ({array_int:moderator_list}) AND notify_types != {int:notify_types} ORDER BY lngfile', array('moderator_list' => $moderators, 'notify_types' => 4)); // Check that moderators do exist! if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_mods', false); } // If we get here, I believe we should make a record of this, for historical significance, yabber. if (empty($modSettings['disable_log_report'])) { $request2 = $smcFunc['db_query']('', ' SELECT id_report, ignore_all FROM {db_prefix}log_reported WHERE id_msg = {int:id_msg} AND (closed = {int:not_closed} OR ignore_all = {int:ignored}) ORDER BY ignore_all DESC', array('id_msg' => $_POST['msg'], 'not_closed' => 0, 'ignored' => 1)); if ($smcFunc['db_num_rows']($request2) != 0) { list($id_report, $ignore) = $smcFunc['db_fetch_row']($request2); } $smcFunc['db_free_result']($request2); // If we're just going to ignore these, then who gives a monkeys... if (!empty($ignore)) { redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']); } // Already reported? My god, we could be dealing with a real rogue here... if (!empty($id_report)) { $smcFunc['db_query']('', ' UPDATE {db_prefix}log_reported SET num_reports = num_reports + 1, time_updated = {int:current_time} WHERE id_report = {int:id_report}', array('current_time' => time(), 'id_report' => $id_report)); } else { if (empty($message['real_name'])) { $message['real_name'] = $message['poster_name']; } $smcFunc['db_insert']('', '{db_prefix}log_reported', array('id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string', 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int', 'num_reports' => 'int', 'closed' => 'int'), array($_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'], $message['subject'], $message['body'], time(), time(), 1, 0), array('id_report')); $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report'); } // Now just add our report... if ($id_report) { $smcFunc['db_insert']('', '{db_prefix}log_reported_comments', array('id_report' => 'int', 'id_member' => 'int', 'membername' => 'string', 'email_address' => 'string', 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int'), array($id_report, $user_info['id'], $user_info['name'], $user_info['email'], $user_info['ip'], $poster_comment, time()), array('id_comment')); } } // Find out who the real moderators are - for mod preferences. $request2 = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}moderators WHERE id_board = {int:current_board}', array('current_board' => $board)); $real_mods = array(); while ($row = $smcFunc['db_fetch_assoc']($request2)) { $real_mods[] = $row['id_member']; } $smcFunc['db_free_result']($request2); // Send every moderator an email. while ($row = $smcFunc['db_fetch_assoc']($request)) { // Maybe they don't want to know?! if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) { continue; } } $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'], 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']); $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Send it to the moderator. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2); } $smcFunc['db_free_result']($request); // Keep track of when the mod reports get updated, that way we know when we need to look again. updateSettings(array('last_mod_report_action' => time())); // Back to the post we reported! redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']); }
/** * Show and manage all group requests. */ public function action_requests() { global $txt, $context, $scripturl, $user_info, $modSettings; // Set up the template stuff... $context['page_title'] = $txt['mc_group_requests']; $context['sub_template'] = 'show_list'; $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_group_requests']); // Verify we can be here. if ($user_info['mod_cache']['gq'] == '0=1') { isAllowedTo('manage_membergroups'); } // Normally, we act normally... $where = $user_info['mod_cache']['gq'] == '1=1' || $user_info['mod_cache']['gq'] == '0=1' ? $user_info['mod_cache']['gq'] : 'lgr.' . $user_info['mod_cache']['gq']; $where_parameters = array(); // We've submitted? if (isset($_POST[$context['session_var']]) && !empty($_POST['groupr']) && !empty($_POST['req_action'])) { checkSession('post'); validateToken('mod-gr'); require_once SUBSDIR . '/Membergroups.subs.php'; // Clean the values. foreach ($_POST['groupr'] as $k => $request) { $_POST['groupr'][$k] = (int) $request; } // If we are giving a reason (And why shouldn't we?), then we don't actually do much. if ($_POST['req_action'] == 'reason') { // Different sub template... $context['sub_template'] = 'group_request_reason'; // And a limitation. We don't care that the page number bit makes no sense, as we don't need it! $where .= ' AND lgr.id_request IN ({array_int:request_ids})'; $where_parameters['request_ids'] = $_POST['groupr']; $context['group_requests'] = list_getGroupRequests(0, $modSettings['defaultMaxMessages'], 'lgr.id_request', $where, $where_parameters); createToken('mod-gr'); // Let obExit etc sort things out. obExit(); } else { // Get the details of all the members concerned... require_once SUBSDIR . '/Members.subs.php'; $concerned = getConcernedMembers($_POST['groupr'], $where); // Cleanup old group requests.. deleteGroupRequests($_POST['groupr']); // Ensure everyone who is online gets their changes right away. updateSettings(array('settings_updated' => time())); if (!empty($concerned['email_details'])) { require_once SUBSDIR . '/Mail.subs.php'; // They are being approved? if ($_POST['req_action'] == 'approve') { // Make the group changes. foreach ($concerned['group_changes'] as $id => $groups) { // Sanity check! foreach ($groups['add'] as $key => $value) { if ($value == 0 || trim($value) == '') { unset($groups['add'][$key]); } } assignGroupsToMember($id, $groups['primary'], $groups['add']); } foreach ($concerned['email_details'] as $email) { $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']); $emaildata = loadEmailTemplate('mc_group_approve', $replacements, $email['language']); sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } } else { // Same as for approving, kind of. foreach ($concerned['email_details'] as $email) { $custom_reason = isset($_POST['groupreason']) && isset($_POST['groupreason'][$email['rid']]) ? $_POST['groupreason'][$email['rid']] : ''; $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']); if (!empty($custom_reason)) { $replacements['REASON'] = $custom_reason; } $emaildata = loadEmailTemplate(empty($custom_reason) ? 'mc_group_reject' : 'mc_group_reject_reason', $replacements, $email['language']); sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } } } // Restore the current language. loadLanguage('ModerationCenter'); } } // We're going to want this for making our list. require_once SUBSDIR . '/GenericList.class.php'; require_once SUBSDIR . '/Membergroups.subs.php'; // This is all the information required for a group listing. $listOptions = array('id' => 'group_request_list', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_groupr_none_found'], 'base_href' => $scripturl . '?action=groups;sa=requests', 'default_sort_col' => 'member', 'get_items' => array('function' => 'list_getGroupRequests', 'params' => array($where, $where_parameters)), 'get_count' => array('function' => 'list_getGroupRequestCount', 'params' => array($where, $where_parameters)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_groupr_member']), 'data' => array('db' => 'member_link'), 'sort' => array('default' => 'mem.member_name', 'reverse' => 'mem.member_name DESC')), 'group' => array('header' => array('value' => $txt['mc_groupr_group']), 'data' => array('db' => 'group_link'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'reason' => array('header' => array('value' => $txt['mc_groupr_reason']), 'data' => array('db' => 'reason')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%; white-space:nowrap;'), 'data' => array('db' => 'time_submitted')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%;text-align: center;'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="groupr[]" value="%1$d" class="input_check" />', 'params' => array('id' => false)), 'class' => 'centertext'))), 'form' => array('href' => $scripturl . '?action=groups;sa=requests', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-gr'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => ' <select name="req_action" onchange="if (this.value != 0 && (this.value == \'reason\' || confirm(\'' . $txt['mc_groupr_warning'] . '\'))) this.form.submit();"> <option value="0">' . $txt['with_selected'] . ':</option> <option value="0" disabled="disabled">' . str_repeat('—', strlen($txt['mc_groupr_approve'])) . '</option> <option value="approve">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['mc_groupr_approve'] . '</option> <option value="reject">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['mc_groupr_reject'] . '</option> <option value="reason">' . (isBrowser('ie8') ? '»' : '➤') . ' ' . $txt['mc_groupr_reject_w_reason'] . '</option> </select> <input type="submit" name="go" value="' . $txt['go'] . '" onclick="var sel = document.getElementById(\'req_action\'); if (sel.value != 0 && sel.value != \'reason\' && !confirm(\'' . $txt['mc_groupr_warning'] . '\')) return false;" class="right_submit" />', 'class' => 'floatright'))); // Create the request list. createToken('mod-gr'); createList($listOptions); $context['default_list'] = 'group_request_list'; }
/** * Generates a random password for a user and emails it to them. * - called by Profile.php when changing someone's username. * - checks the validity of the new username. * - generates and sets a new password for the given user. * - mails the new password to the email address of the user. * - if username is not set, only a new password is generated and sent. * * @param int $memID * @param string $username = null */ function resetPassword($memID, $username = null) { global $scripturl, $context, $txt, $sourcedir, $modSettings, $smcFunc, $language; // Language... and a required file. loadLanguage('Login'); require_once $sourcedir . '/Subs-Post.php'; // Get some important details. $request = $smcFunc['db_query']('', ' SELECT member_name, email_address, lngfile FROM {db_prefix}members WHERE id_member = {int:id_member}', array('id_member' => $memID)); list($user, $email, $lngfile) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($username !== null) { $old_user = $user; $user = trim($username); } // Generate a random password. $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10); $newPassword_sha1 = sha1(strtolower($user) . $newPassword); // Do some checks on the username if needed. if ($username !== null) { validateUsername($memID, $user); // Update the database... updateMemberData($memID, array('member_name' => $user, 'passwd' => $newPassword_sha1)); } else { updateMemberData($memID, array('passwd' => $newPassword_sha1)); } call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword)); $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword); $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile); // Send them the email informing them of the change - then we're done! sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0); }
function AdminApprove() { global $txt, $context, $scripturl, $modSettings, $sourcedir, $language, $user_info, $smcFunc; // First, check our session. checkSession(); require_once $sourcedir . '/Subs-Post.php'; // We also need to the login languages here - for emails. loadLanguage('Login'); // Sort out where we are going... $browse_type = isset($_REQUEST['type']) ? $_REQUEST['type'] : (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1 ? 'activate' : 'approve'); $current_filter = (int) $_REQUEST['orig_filter']; // If we are applying a filter do just that - then redirect. if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter']) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']); } // Nothing to do? if (!isset($_POST['todoAction']) && !isset($_POST['time_passed'])) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); } // Are we dealing with members who have been waiting for > set amount of time? if (isset($_POST['time_passed'])) { $timeBefore = time() - 86400 * (int) $_POST['time_passed']; $condition = ' AND date_registered < {int:time_before}'; } else { $members = array(); foreach ($_POST['todoAction'] as $id) { $members[] = (int) $id; } $condition = ' AND id_member IN ({array_int:members})'; } // Get information on each of the members, things that are important to us, like email address... $request = $smcFunc['db_query']('', ' SELECT id_member, member_name, real_name, email_address, validation_code, lngfile FROM {db_prefix}members WHERE is_activated = {int:activated_status}' . $condition . ' ORDER BY lngfile', array('activated_status' => $current_filter, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members)); $member_count = $smcFunc['db_num_rows']($request); // If no results then just return! if ($member_count == 0) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); } $member_info = array(); $members = array(); // Fill the info array. while ($row = $smcFunc['db_fetch_assoc']($request)) { $members[] = $row['id_member']; $member_info[] = array('id' => $row['id_member'], 'username' => $row['member_name'], 'name' => $row['real_name'], 'email' => $row['email_address'], 'language' => empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], 'code' => $row['validation_code']); } $smcFunc['db_free_result']($request); // Are we activating or approving the members? if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail') { // Approve/activate this member. $smcFunc['db_query']('', ' UPDATE {db_prefix}members SET validation_code = {string:blank_string}, is_activated = {int:is_activated} WHERE is_activated = {int:activated_status}' . $condition, array('is_activated' => 1, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members, 'activated_status' => $current_filter, 'blank_string' => '')); // Do we have to let the integration code know about the activations? if (!empty($modSettings['integrate_activate'])) { foreach ($member_info as $member) { call_integration_hook('integrate_activate', array($member['username'])); } } // Check for email. if ($_POST['todo'] == 'okemail') { foreach ($member_info as $member) { $replacements = array('NAME' => $member['name'], 'USERNAME' => $member['username'], 'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder'); $emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } } elseif ($_POST['todo'] == 'require_activation') { require_once $sourcedir . '/Subs-Members.php'; // We have to do this for each member I'm afraid. foreach ($member_info as $member) { // Generate a random activation code. $validation_code = generateValidationCode(); // Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;). $smcFunc['db_query']('', ' UPDATE {db_prefix}members SET validation_code = {string:validation_code}, is_activated = {int:not_activated} WHERE is_activated = {int:activated_status} ' . $condition . ' AND id_member = {int:selected_member}', array('not_activated' => 0, 'activated_status' => $current_filter, 'selected_member' => $member['id'], 'validation_code' => $validation_code, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members)); $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $validation_code); $emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail') { require_once $sourcedir . '/Subs-Members.php'; deleteMembers($members); // Send email telling them they aren't welcome? if ($_POST['todo'] == 'rejectemail') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name']); $emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } } elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail') { require_once $sourcedir . '/Subs-Members.php'; deleteMembers($members); // Send email telling them they aren't welcome? if ($_POST['todo'] == 'deleteemail') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name']); $emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } } elseif ($_POST['todo'] == 'remind') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $member['code']); $emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } // Back to the user's language! if (isset($current_language) && $current_language != $user_info['language']) { loadLanguage('index'); loadLanguage('ManageMembers'); } // Log what we did? if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind'))) { $log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member'; $log_inserts = array(); foreach ($member_info as $member) { $log_inserts[] = array(time(), 3, $user_info['id'], $user_info['ip'], $log_action, 0, 0, 0, serialize(array('member' => $member['id']))); } $smcFunc['db_insert']('', '{db_prefix}log_actions', array('log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string', 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534'), $log_inserts, array('id_action')); } // Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers). if (in_array($current_filter, array(3, 4))) { updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > $member_count ? $modSettings['unapprovedMembers'] - $member_count : 0)); } // Update the member's stats. (but, we know the member didn't change their name.) updateStats('member', false); // If they haven't been deleted, update the post group statistics on them... if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind'))) { updateStats('postgroups', $members); } redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); }
function RemindPick() { global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings; checkSession(); // Coming with a known ID? if (!empty($_REQUEST['uid'])) { $where = 'id_member = {int:id_member}'; $where_params['id_member'] = (int) $_REQUEST['uid']; } elseif (isset($_POST['user']) && $_POST['user'] != '') { $where = 'member_name = {string:member_name}'; $where_params['member_name'] = $_POST['user']; $where_params['email_address'] = $_POST['user']; } // You must enter a username/email address. if (empty($where)) { fatal_lang_error('username_no_exist', false); } // Find the user! $request = $smcFunc['db_query']('', ' SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question FROM {db_prefix}members WHERE ' . $where . ' LIMIT 1', array_merge($where_params, array())); // Maybe email? if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid'])) { $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question FROM {db_prefix}members WHERE email_address = {string:email_address} LIMIT 1', array_merge($where_params, array())); if ($smcFunc['db_num_rows']($request) == 0) { fatal_lang_error('no_user_with_email', false); } } $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password'; // If the user isn't activated/approved, give them some feedback on what to do next. if ($row['is_activated'] != 1) { // Awaiting approval... if (trim($row['validation_code']) == '') { fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false); } else { fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false); } } // You can't get emailed if you have no email address. $row['email_address'] = trim($row['email_address']); if ($row['email_address'] == '') { fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.'); } // If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email. if (empty($row['secret_question']) || isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email') { // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars. require_once $sourcedir . '/Subs-Members.php'; $password = generateValidationCode(); require_once $sourcedir . '/Subs-Post.php'; $replacements = array('REALNAME' => $row['real_name'], 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password, 'IP' => $user_info['ip'], 'MEMBERNAME' => $row['member_name'], 'OPENID' => $row['openid_uri']); $emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); $context['description'] = $txt['reminder_' . (!empty($row['openid_uri']) ? 'openid_' : '') . 'sent']; // If they were using OpenID simply email them their OpenID identity. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); if (empty($row['openid_uri'])) { // Set the password in the database. updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10))); } // Set up the template. $context['sub_template'] = 'sent'; // Dont really. return; } elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret') { return SecretAnswerInput(); } // No we're here setup the context for template number 2! $context['sub_template'] = 'reminder_pick'; $context['current_member'] = array('id' => $row['id_member'], 'name' => $row['member_name']); }
/** * This function handles the approval, rejection, activation or deletion of members. * * What it does: * - Called by ?action=admin;area=viewmembers;sa=approve. * - Requires the moderate_forum permission. * - Redirects to ?action=admin;area=viewmembers;sa=browse * with the same parameters as the calling page. */ public function action_approve() { global $scripturl, $modSettings; // First, check our session. checkSession(); require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/Members.subs.php'; // We also need to the login languages here - for emails. loadLanguage('Login'); // Start off clean $conditions = array(); // Sort out where we are going... $current_filter = $conditions['activated_status'] = (int) $_REQUEST['orig_filter']; // If we are applying a filter do just that - then redirect. if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter']) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']); } // Nothing to do? if (!isset($_POST['todoAction']) && !isset($_POST['time_passed'])) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); } // Are we dealing with members who have been waiting for > set amount of time? if (isset($_POST['time_passed'])) { $conditions['time_before'] = time() - 86400 * (int) $_POST['time_passed']; } else { $conditions['members'] = array(); foreach ($_POST['todoAction'] as $id) { $conditions['members'][] = (int) $id; } } $data = retrieveMemberData($conditions); if ($data['member_count'] == 0) { redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); } $member_info = $data['member_info']; $conditions['members'] = $data['members']; // Are we activating or approving the members? if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail') { // Approve / activate this member. approveMembers($conditions); // Check for email. if ($_POST['todo'] == 'okemail') { foreach ($member_info as $member) { $replacements = array('NAME' => $member['name'], 'USERNAME' => $member['username'], 'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder'); $emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } // Update the menu action cache so its forced to refresh cache_put_data('num_menu_errors', null, 900); } elseif ($_POST['todo'] == 'require_activation') { require_once SUBSDIR . '/Auth.subs.php'; // We have to do this for each member I'm afraid. foreach ($member_info as $member) { $conditions['selected_member'] = $member['id']; // Generate a random activation code. $conditions['validation_code'] = generateValidationCode(); // Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;). enforceReactivation($conditions); $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $conditions['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $conditions['validation_code']); $emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail') { deleteMembers($conditions['members']); // Send email telling them they aren't welcome? if ($_POST['todo'] == 'rejectemail') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name']); $emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } } elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail') { deleteMembers($conditions['members']); // Send email telling them they aren't welcome? if ($_POST['todo'] == 'deleteemail') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name']); $emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } } elseif ($_POST['todo'] == 'remind') { foreach ($member_info as $member) { $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $member['code']); $emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']); sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } // Log what we did? if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind'))) { $log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member'; foreach ($member_info as $member) { logAction($log_action, array('member' => $member['id']), 'admin'); } } // Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers). if (in_array($current_filter, array(3, 4))) { updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > $data['member_count'] ? $modSettings['unapprovedMembers'] - $data['member_count'] : 0)); } // Update the member's stats. (but, we know the member didn't change their name.) updateStats('member', false); // If they haven't been deleted, update the post group statistics on them... if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind'))) { updateStats('postgroups', $conditions['members']); } redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']); }
/** * Pick a reminder type. * Accessed by sa=picktype */ public function action_picktype() { global $context, $txt, $scripturl, $user_info, $webmaster_email, $language, $modSettings; checkSession(); validateToken('remind'); createToken('remind'); require_once SUBSDIR . '/Auth.subs.php'; // No where params just yet $where_params = array(); // Coming with a known ID? if (!empty($_REQUEST['uid'])) { $where = 'id_member = {int:id_member}'; $where_params['id_member'] = (int) $_REQUEST['uid']; } elseif (isset($_POST['user']) && $_POST['user'] != '') { $where = 'member_name = {string:member_name}'; $where_params['member_name'] = $_POST['user']; $where_params['email_address'] = $_POST['user']; } // You must enter a username/email address. if (empty($where)) { fatal_lang_error('username_no_exist', false); } // Make sure we are not being slammed // Don't call this if you're coming from the "Choose a reminder type" page - otherwise you'll likely get an error if (!isset($_POST['reminder_type']) || !in_array($_POST['reminder_type'], array('email', 'secret'))) { spamProtection('remind'); } $member = findUser($where, $where_params); $context['account_type'] = !empty($member['openid_uri']) ? 'openid' : 'password'; // If the user isn't activated/approved, give them some feedback on what to do next. if ($member['is_activated'] != 1) { // Awaiting approval... if (trim($member['validation_code']) == '') { fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false); } else { fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false); } } // You can't get emailed if you have no email address. $member['email_address'] = trim($member['email_address']); if ($member['email_address'] == '') { fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.'); } // If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email. if (empty($member['secret_question']) || isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email') { // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars. $password = generateValidationCode(); require_once SUBSDIR . '/Mail.subs.php'; $replacements = array('REALNAME' => $member['real_name'], 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $member['id_member'] . ';code=' . $password, 'IP' => $user_info['ip'], 'MEMBERNAME' => $member['member_name'], 'OPENID' => $member['openid_uri']); $emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($member['lngfile']) || empty($modSettings['userLanguage']) ? $language : $member['lngfile']); $context['description'] = $txt['reminder_' . (!empty($member['openid_uri']) ? 'openid_' : '') . 'sent']; // If they were using OpenID simply email them their OpenID identity. sendmail($member['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); if (empty($member['openid_uri'])) { // Set the password in the database. updateMemberData($member['id_member'], array('validation_code' => substr(md5($password), 0, 10))); } // Set up the template. $context['sub_template'] = 'sent'; // Dont really. return; } elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret') { return secretAnswerInput(); } // No we're here setup the context for template number 2! $context['sub_template'] = 'reminder_pick'; $context['current_member'] = array('id' => $member['id_member'], 'name' => $member['member_name']); }
/** * Send the emails. * * - Sends off emails to all the moderators. * - Sends to administrators and global moderators. (1 and 2) * - Called by action_reporttm(), and thus has the same permission and setting requirements as it does. * - Accessed through ?action=reporttm when posting. */ public function action_reporttm2() { global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context; // You must have the proper permissions! isAllowedTo('report_any'); // Make sure they aren't spamming. spamProtection('reporttm'); require_once SUBSDIR . '/Mail.subs.php'; // No errors, yet. $report_errors = Error_Context::context('report', 1); // Check their session. if (checkSession('post', '', false) != '') { $report_errors->addError('session_timeout'); } // Make sure we have a comment and it's clean. if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') { $report_errors->addError('no_comment'); } $poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => '')); if (Util::strlen($poster_comment) > 254) { $report_errors->addError('post_too_long'); } // Guests need to provide their address! if ($user_info['is_guest']) { require_once SUBSDIR . '/DataValidator.class.php'; if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) { empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email'); } isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title'])); $user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8'); } // Could they get the right verification code? if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) { require_once SUBSDIR . '/VerificationControls.class.php'; $verificationOptions = array('id' => 'report'); $context['require_verification'] = create_control_verification($verificationOptions, true); if (is_array($context['require_verification'])) { foreach ($context['require_verification'] as $error) { $report_errors->addError($error, 0); } } } // Any errors? if ($report_errors->hasErrors()) { return $this->action_reporttm(); } // Get the basic topic information, and make sure they can see it. $msg_id = (int) $_POST['msg']; $message = posterDetails($msg_id, $topic); if (empty($message)) { fatal_lang_error('no_board', false); } $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : ''); $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : ''); $subject = un_htmlspecialchars($message['subject']); // Get a list of members with the moderate_board permission. require_once SUBSDIR . '/Members.subs.php'; $moderators = membersAllowedTo('moderate_board', $board); $result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile')); $mod_to_notify = array(); foreach ($result as $row) { if ($row['notify_types'] != 4) { $mod_to_notify[] = $row; } } // Check that moderators do exist! if (empty($mod_to_notify)) { fatal_lang_error('no_mods', false); } // If we get here, I believe we should make a record of this, for historical significance, yabber. if (empty($modSettings['disable_log_report'])) { require_once SUBSDIR . '/Messages.subs.php'; $id_report = recordReport($message, $poster_comment); // If we're just going to ignore these, then who gives a monkeys... if ($id_report === false) { redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id); } } // Find out who the real moderators are - for mod preferences. require_once SUBSDIR . '/Boards.subs.php'; $real_mods = getBoardModerators($board, true); // Send every moderator an email. foreach ($mod_to_notify as $row) { // Maybe they don't want to know?! if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) { continue; } } $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']); $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Send it to the moderator. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2); } // Keep track of when the mod reports get updated, that way we know when we need to look again. updateSettings(array('last_mod_report_action' => time())); // Back to the post we reported! redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id); }
/** * Send the announcement in chunks. * * splits the members to be sent a topic announcement into chunks. * composes notification messages in all languages needed. * does the actual sending of the topic announcements in chunks. * calculates a rough estimate of the percentage items sent. * Accessed by action=announce;sa=send * @uses announcement template announcement_send sub template */ public function action_send() { global $topic, $board, $board_info, $context, $modSettings, $language, $scripturl; checkSession(); $context['start'] = empty($_REQUEST['start']) ? 0 : (int) $_REQUEST['start']; $groups = array_merge($board_info['groups'], array(1)); $who = array(); // Load any supplied membergroups (from announcement_send template pause loop) if (isset($_POST['membergroups'])) { $_POST['who'] = explode(',', $_POST['membergroups']); } // Check that at least one membergroup was selected (set from announce sub template) if (empty($_POST['who'])) { fatal_lang_error('no_membergroup_selected'); } // Make sure all membergroups are integers and can access the board of the announcement. foreach ($_POST['who'] as $id => $mg) { $who[$id] = in_array((int) $mg, $groups) ? (int) $mg : 0; } // Get the topic details that we are going to send require_once SUBSDIR . '/Topic.subs.php'; $topic_info = getTopicInfo($topic, 'message'); // Prepare a plain text (markdown) body for email use, does the censoring as well require_once SUBSDIR . '/Emailpost.subs.php'; pbe_prepare_text($topic_info['body'], $topic_info['subject']); // We need this in order to be able send emails. require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/Members.subs.php'; // Select the email addresses for this batch. $conditions = array('activated_status' => 1, 'member_greater' => $context['start'], 'group_list' => $who, 'order_by' => 'id_member', 'limit' => empty($modSettings['mail_queue']) ? 25 : 500); // Have we allowed members to opt out of announcements? if (!empty($modSettings['allow_disableAnnounce'])) { $conditions['notify_announcements'] = 1; } $data = retrieveMemberData($conditions); // All members have received a mail. Go to the next screen. if (empty($data) || $data['member_count'] === 0) { logAction('announce_topic', array('topic' => $topic), 'user'); if (!empty($_REQUEST['move']) && allowedTo('move_any')) { redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback')); } elseif (!empty($_REQUEST['goback'])) { redirectexit('topic=' . $topic . '.new;boardseen#new', isBrowser('ie')); } else { redirectexit('board=' . $board . '.0'); } } // Loop through all members that'll receive an announcement in this batch. $announcements = array(); foreach ($data['member_info'] as $row) { $cur_language = empty($row['language']) || empty($modSettings['userLanguage']) ? $language : $row['language']; // If the language wasn't defined yet, load it and compose a notification message. if (!isset($announcements[$cur_language])) { $replacements = array('TOPICSUBJECT' => $topic_info['subject'], 'MESSAGE' => $topic_info['body'], 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0'); $emaildata = loadEmailTemplate('new_announcement', $replacements, $cur_language); $announcements[$cur_language] = array('subject' => $emaildata['subject'], 'body' => $emaildata['body'], 'recipients' => array()); } $announcements[$cur_language]['recipients'][$row['id']] = $row['email']; $context['start'] = $row['id']; } // For each language send a different mail - low priority... foreach ($announcements as $lang => $mail) { sendmail($mail['recipients'], $mail['subject'], $mail['body'], null, null, false, 5); } // Provide an overall indication of progress, this is not strictly correct if ($data['member_count'] < $conditions['limit']) { $context['percentage_done'] = 100; } else { $context['percentage_done'] = round(100 * $context['start'] / $modSettings['latestMember'], 1); } // Prepare for the template $context['move'] = empty($_REQUEST['move']) ? 0 : 1; $context['go_back'] = empty($_REQUEST['goback']) ? 0 : 1; $context['membergroups'] = implode(',', $who); $context['topic_subject'] = $topic_info['subject']; $context['sub_template'] = 'announcement_send'; // Go back to the correct language for the user ;) if (!empty($modSettings['userLanguage'])) { loadLanguage('Post'); } }
/** * Generates a random password for a user and emails it to them. * * What it does: * - called by ProfileOptions controller when changing someone's username. * - checks the validity of the new username. * - generates and sets a new password for the given user. * - mails the new password to the email address of the user. * - if username is not set, only a new password is generated and sent. * * @package Authorization * @param int $memID * @param string|null $username = null */ function resetPassword($memID, $username = null) { global $modSettings, $language, $user_info; // Language... and a required file. loadLanguage('Login'); require_once SUBSDIR . '/Mail.subs.php'; // Get some important details. require_once SUBSDIR . '/Members.subs.php'; $result = getBasicMemberData($memID, array('preferences' => true)); $user = $result['member_name']; $email = $result['email_address']; $lngfile = $result['lngfile']; if ($username !== null) { $old_user = $user; $user = trim($username); } // Generate a random password. require_once EXTDIR . '/PasswordHash.php'; $t_hasher = new PasswordHash(8, false); $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10); $newPassword_sha256 = hash('sha256', strtolower($user) . $newPassword); $db_hash = $t_hasher->HashPassword($newPassword_sha256); // Do some checks on the username if needed. if ($username !== null) { $errors = Error_Context::context('reset_pwd', 0); validateUsername($memID, $user, 'reset_pwd'); // If there are "important" errors and you are not an admin: log the first error // Otherwise grab all of them and don't log anything $error_severity = $errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null; foreach ($errors->prepareErrors($error_severity) as $error) { fatal_error($error, $error_severity === null ? false : 'general'); } // Update the database... updateMemberData($memID, array('member_name' => $user, 'passwd' => $db_hash)); } else { updateMemberData($memID, array('passwd' => $db_hash)); } call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword)); $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword); $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile); // Send them the email informing them of the change - then we're done! sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0); }
/** * Registers a member to the forum. * * What it does: * - Allows two types of interface: 'guest' and 'admin'. The first * - includes hammering protection, the latter can perform the registration silently. * - The strings used in the options array are assumed to be escaped. * - Allows to perform several checks on the input, e.g. reserved names. * - The function will adjust member statistics. * - If an error is detected will fatal error on all errors unless return_errors is true. * * @package Members * @uses Auth.subs.php * @uses Mail.subs.php * @param mixed[] $regOptions * @param string $error_context * @return integer the ID of the newly created member */ function registerMember(&$regOptions, $error_context = 'register') { global $scripturl, $txt, $modSettings, $user_info; $db = database(); loadLanguage('Login'); // We'll need some external functions. require_once SUBSDIR . '/Auth.subs.php'; require_once SUBSDIR . '/Mail.subs.php'; // Put any errors in here. $reg_errors = Error_Context::context($error_context, 0); // Registration from the admin center, let them sweat a little more. if ($regOptions['interface'] == 'admin') { is_not_guest(); isAllowedTo('moderate_forum'); } elseif ($regOptions['interface'] == 'guest') { // You cannot register twice... if (empty($user_info['is_guest'])) { redirectexit(); } // Make sure they didn't just register with this session. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) { fatal_lang_error('register_only_once', false); } } // What method of authorization are we going to use? if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) { if (!empty($regOptions['openid'])) { $regOptions['auth_method'] = 'openid'; } else { $regOptions['auth_method'] = 'password'; } } // Spaces and other odd characters are evil... $regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username'])); // Valid emails only require_once SUBSDIR . '/DataValidator.class.php'; if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) { $reg_errors->addError('bad_email'); } validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name'])); // Generate a validation code if it's supposed to be emailed. $validation_code = ''; if ($regOptions['require'] == 'activation') { $validation_code = generateValidationCode(); } // If you haven't put in a password generate one. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') { mt_srand(time() + 1277); $regOptions['password'] = generateValidationCode(); $regOptions['password_check'] = $regOptions['password']; } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') { $reg_errors->addError('passwords_dont_match'); } // That's kind of easy to guess... if ($regOptions['password'] == '') { if ($regOptions['auth_method'] == 'password') { $reg_errors->addError('no_password'); } else { $regOptions['password'] = sha1(mt_rand()); } } // Now perform hard password validation as required. if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') { $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email'])); // Password isn't legal? if ($passwordError != null) { $reg_errors->addError('profile_error_password_' . $passwordError); } } // You may not be allowed to register this email. if (!empty($regOptions['check_email_ban'])) { isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']); } // Check if the email address is in use. $request = $db->query('', ' SELECT id_member FROM {db_prefix}members WHERE email_address = {string:email_address} OR email_address = {string:username} LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username'])); if ($db->num_rows($request) != 0) { $reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8')))); } $db->free_result($request); // Perhaps someone else wants to check this user call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors)); // If there's any errors left return them at once! if ($reg_errors->hasErrors()) { return false; } $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url'); // Can't change reserved vars. if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) { fatal_lang_error('no_theme'); } // New password hash require_once SUBSDIR . '/Auth.subs.php'; // Some of these might be overwritten. (the lower ones that are in the arrays below.) $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); // Setup the activation status on this new account so it is correct - firstly is it an under age account? if ($regOptions['require'] == 'coppa') { $regOptions['register_vars']['is_activated'] = 5; // @todo This should be changed. To what should be it be changed?? $regOptions['register_vars']['validation_code'] = ''; } elseif ($regOptions['require'] == 'nothing') { $regOptions['register_vars']['is_activated'] = 1; } elseif ($regOptions['require'] == 'activation') { $regOptions['register_vars']['is_activated'] = 0; } else { $regOptions['register_vars']['is_activated'] = 3; } if (isset($regOptions['memberGroup'])) { // Make sure the id_group will be valid, if this is an administator. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup']; // Check if this group is assignable. $unassignableGroups = array(-1, 3); $request = $db->query('', ' SELECT id_group FROM {db_prefix}membergroups WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : ' OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1)); while ($row = $db->fetch_assoc($request)) { $unassignableGroups[] = $row['id_group']; } $db->free_result($request); if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) { $regOptions['register_vars']['id_group'] = 0; } } // Integrate optional member settings to be set. if (!empty($regOptions['extra_register_vars'])) { foreach ($regOptions['extra_register_vars'] as $var => $value) { $regOptions['register_vars'][$var] = $value; } } // Integrate optional user theme options to be set. $theme_vars = array(); if (!empty($regOptions['theme_vars'])) { foreach ($regOptions['theme_vars'] as $var => $value) { $theme_vars[$var] = $value; } } // Right, now let's prepare for insertion. $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning'); $knownFloats = array('time_offset'); // Call an optional function to validate the users' input. call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats)); $column_names = array(); $values = array(); foreach ($regOptions['register_vars'] as $var => $val) { $type = 'string'; if (in_array($var, $knownInts)) { $type = 'int'; } elseif (in_array($var, $knownFloats)) { $type = 'float'; } elseif ($var == 'birthdate') { $type = 'date'; } $column_names[$var] = $type; $values[$var] = $val; } // Register them into the database. $db->insert('', '{db_prefix}members', $column_names, $values, array('id_member')); $memberID = $db->insert_id('{db_prefix}members', 'id_member'); // Update the number of members and latest member's info - and pass the name, but remove the 's. if ($regOptions['register_vars']['is_activated'] == 1) { updateMemberStats($memberID, $regOptions['register_vars']['real_name']); } else { updateMemberStats(); } // Theme variables too? if (!empty($theme_vars)) { $inserts = array(); foreach ($theme_vars as $var => $val) { $inserts[] = array($memberID, $var, $val); } $db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable')); } // If it's enabled, increase the registrations for today. trackStats(array('registers' => '+')); // Administrative registrations are a bit different... if ($regOptions['interface'] == 'admin') { if ($regOptions['require'] == 'activation') { $email_message = 'admin_register_activate'; } elseif (!empty($regOptions['send_welcome_email'])) { $email_message = 'admin_register_immediate'; } if (isset($email_message)) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); $emaildata = loadEmailTemplate($email_message, $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } } else { // Can post straight away - welcome them to your fantastic community... if ($regOptions['require'] == 'nothing') { if (!empty($regOptions['send_welcome_email'])) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } // Send admin their notification. require_once SUBSDIR . '/Notification.subs.php'; sendAdminNotifications('standard', $memberID, $regOptions['username']); } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); if ($regOptions['require'] == 'activation') { $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); } else { $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID); } $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } else { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); // Admin gets informed here... require_once SUBSDIR . '/Notification.subs.php'; sendAdminNotifications('approval', $memberID, $regOptions['username']); } // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!) $_SESSION['just_registered'] = 1; } // If they are for sure registered, let other people to know about it call_integration_hook('integrate_register_after', array($regOptions, $memberID)); return $memberID; }
function adminNotify($type, $memberID, $member_name = null, $actid = 0, $atype = 0) { global $txt, $modSettings, $language, $scripturl, $user_info, $sourcedir; // If the setting isn't enabled then just exit. if (empty($modSettings['notify_new_registration'])) { return; } if ($member_name == null) { // Get the new user's name.... $request = smf_db_query(' SELECT real_name FROM {db_prefix}members WHERE id_member = {int:id_member} LIMIT 1', array('id_member' => $memberID)); list($member_name) = mysql_fetch_row($request); mysql_free_result($request); } $toNotify = array(); $groups = array(); // All membergroups who can approve members. $request = smf_db_query(' SELECT id_group FROM {db_prefix}permissions WHERE permission = {string:moderate_forum} AND add_deny = {int:add_deny} AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'moderate_forum' => 'moderate_forum')); while ($row = mysql_fetch_assoc($request)) { $groups[] = $row['id_group']; } mysql_free_result($request); // Add administrators too... $groups[] = 1; $groups = array_unique($groups); // Get a list of all members who have ability to approve accounts - these are the people who we inform. $request = smf_db_query(' SELECT id_member, lngfile, email_address FROM {db_prefix}members WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0) AND notify_types != {int:notify_types} ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups))); $notify_users = array(); while ($row = mysql_fetch_assoc($request)) { $replacements = array('USERNAME' => $member_name, 'PROFILELINK' => $scripturl . '?action=profile;u=' . $memberID); $emailtype = 'admin_notify'; // If they need to be approved add more info... if ($type == 'approval') { $replacements['APPROVALLINK'] = $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve'; $emailtype .= '_approval'; } $emaildata = loadEmailTemplate($emailtype, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // And do the actual sending... sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); $notify_users[] = $row['id_member']; } mysql_free_result($request); if ((int) $actid > 0 && $atype && $modSettings['astream_active'] && count($notify_users)) { require_once $sourcedir . '/lib/Subs-Activities.php'; aStreamAddNotification($notify_users, $actid, $atype); } if (isset($current_language) && $current_language != $user_info['language']) { loadLanguage('Login'); } }
/** * Send the user a new activation email if they need to reactivate! */ function profileSendActivation() { global $profile_vars, $txt, $context, $scripturl, $cookiename, $cur_profile, $language, $modSettings; require_once SUBSDIR . '/Mail.subs.php'; // Shouldn't happen but just in case. if (empty($profile_vars['email_address'])) { return; } $replacements = array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'], 'ACTIVATIONCODE' => $profile_vars['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member']); // Send off the email. $emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']); sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); // Log the user out. require_once SUBSDIR . '/Auth.subs.php'; logOnline($context['id_member'], false); $_SESSION['log_time'] = 0; $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0)); if (isset($_COOKIE[$cookiename])) { $_COOKIE[$cookiename] = ''; } loadUserSettings(); $context['user']['is_logged'] = false; $context['user']['is_guest'] = true; // Send them to the done-with-registration-login screen. loadTemplate('Register'); $context['page_title'] = $txt['profile']; $context['sub_template'] = 'after'; $context['title'] = $txt['activate_changed_email_title']; $context['description'] = $txt['activate_changed_email_desc']; // We're gone! obExit(); }
function registerMember(&$regOptions, $return_errors = false) { global $scripturl, $txt, $modSettings, $context, $sourcedir; global $user_info, $options, $settings, $smcFunc; loadLanguage('Login'); // We'll need some external functions. require_once $sourcedir . '/lib/Subs-Auth.php'; require_once $sourcedir . '/lib/Subs-Post.php'; // Put any errors in here. $reg_errors = array(); // Registration from the admin center, let them sweat a little more. if ($regOptions['interface'] == 'admin') { is_not_guest(); isAllowedTo('moderate_forum'); } elseif ($regOptions['interface'] == 'guest') { // You cannot register twice... if (empty($user_info['is_guest'])) { redirectexit(); } // Make sure they didn't just register with this session. if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) { fatal_lang_error('register_only_once', false); } } // What method of authorization are we going to use? if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) { if (!empty($regOptions['openid'])) { $regOptions['auth_method'] = 'openid'; } else { $regOptions['auth_method'] = 'password'; } } // No name?! How can you register with no name? if (empty($regOptions['username'])) { $reg_errors[] = array('lang', 'need_username'); } // Spaces and other odd characters are evil... $regOptions['username'] = preg_replace('~[\\t\\n\\r\\x0B\\0' . ($context['server']['complex_preg_chars'] ? '\\x{A0}' : " ") . ']+~u', ' ', $regOptions['username']); // Don't use too long a name. if (commonAPI::strlen($regOptions['username']) > 25) { $reg_errors[] = array('lang', 'error_long_name'); } // Only these characters are permitted. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false) { $reg_errors[] = array('lang', 'error_invalid_characters_username'); } if (commonAPI::strtolower($regOptions['username']) === commonAPI::strtolower($txt['guest_title'])) { $reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title'])); } // !!! Separate the sprintf? if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255) { $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], commonAPI::htmlspecialchars($regOptions['username']))); } if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false)) { if ($regOptions['password'] == 'chocolate cake') { $reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.'); } $reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']); } // Generate a validation code if it's supposed to be emailed. $validation_code = ''; if ($regOptions['require'] == 'activation') { $validation_code = generateValidationCode(); } // If you haven't put in a password generate one. if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') { mt_srand(time() + 1277); $regOptions['password'] = generateValidationCode(); $regOptions['password_check'] = $regOptions['password']; } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') { $reg_errors[] = array('lang', 'passwords_dont_match'); } // That's kind of easy to guess... if ($regOptions['password'] == '') { if ($regOptions['auth_method'] == 'password') { $reg_errors[] = array('lang', 'no_password'); } else { $regOptions['password'] = sha1(mt_rand()); } } // Now perform hard password validation as required. if (!empty($regOptions['check_password_strength'])) { $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email'])); // Password isn't legal? if ($passwordError != null) { $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError); } } // If they are using an OpenID that hasn't been verified yet error out. // !!! Change this so they can register without having to attempt a login first if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid'])) { $reg_errors[] = array('lang', 'openid_not_verified'); } // You may not be allowed to register this email. if (!empty($regOptions['check_email_ban'])) { isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']); } // Check if the email address is in use. $request = smf_db_query(' SELECT id_member FROM {db_prefix}members WHERE email_address = {string:email_address} OR email_address = {string:username} LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username'])); // !!! Separate the sprintf? if (mysql_num_rows($request) != 0) { $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email']))); } mysql_free_result($request); // If we found any errors we need to do something about it right away! foreach ($reg_errors as $key => $error) { /* Note for each error: 0 = 'lang' if it's an index, 'done' if it's clear text. 1 = The text/index. 2 = Whether to log. 3 = sprintf data if necessary. */ if ($error[0] == 'lang') { loadLanguage('Errors'); } $message = $error[0] == 'lang' ? empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3]) : $error[1]; // What to do, what to do, what to do. if ($return_errors) { if (!empty($error[2])) { log_error($message, $error[2]); } $reg_errors[$key] = $message; } else { fatal_error($message, empty($error[2]) ? false : $error[2]); } } // If there's any errors left return them at once! if (!empty($reg_errors)) { return $reg_errors; } $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url'); // Can't change reserved vars. if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array()) { fatal_lang_error('no_theme'); } // Some of these might be overwritten. (the lower ones that are in the arrays below.) $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); // Setup the activation status on this new account so it is correct - firstly is it an under age account? if ($regOptions['require'] == 'coppa') { $regOptions['register_vars']['is_activated'] = 5; // !!! This should be changed. To what should be it be changed?? $regOptions['register_vars']['validation_code'] = ''; } elseif ($regOptions['require'] == 'nothing') { $regOptions['register_vars']['is_activated'] = 1; } elseif ($regOptions['require'] == 'activation') { $regOptions['register_vars']['is_activated'] = 0; } else { $regOptions['register_vars']['is_activated'] = 3; } if (isset($regOptions['memberGroup'])) { // Make sure the id_group will be valid, if this is an administator. $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup']; // Check if this group is assignable. $unassignableGroups = array(-1, 3); $request = smf_db_query(' SELECT id_group FROM {db_prefix}membergroups WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : ' OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1)); while ($row = mysql_fetch_assoc($request)) { $unassignableGroups[] = $row['id_group']; } mysql_free_result($request); if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) { $regOptions['register_vars']['id_group'] = 0; } } // Integrate optional member settings to be set. if (!empty($regOptions['extra_register_vars'])) { foreach ($regOptions['extra_register_vars'] as $var => $value) { $regOptions['register_vars'][$var] = $value; } } // Integrate optional user theme options to be set. $theme_vars = array(); if (!empty($regOptions['theme_vars'])) { foreach ($regOptions['theme_vars'] as $var => $value) { $theme_vars[$var] = $value; } } // Call an optional function to validate the users' input. HookAPI::callHook('integrate_register', array(&$regOptions, &$theme_vars)); // Right, now let's prepare for insertion. $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning'); $knownFloats = array('time_offset'); $column_names = array(); $values = array(); foreach ($regOptions['register_vars'] as $var => $val) { $type = 'string'; if (in_array($var, $knownInts)) { $type = 'int'; } elseif (in_array($var, $knownFloats)) { $type = 'float'; } elseif ($var == 'birthdate') { $type = 'date'; } $column_names[$var] = $type; $values[$var] = $val; } // Register them into the database. smf_db_insert('', '{db_prefix}members', $column_names, $values, array('id_member')); $memberID = smf_db_insert_id('{db_prefix}members', 'id_member'); // Update the number of members and latest member's info - and pass the name, but remove the 's. if ($regOptions['register_vars']['is_activated'] == 1) { updateStats('member', $memberID, $regOptions['register_vars']['real_name']); } else { updateStats('member'); } // Theme variables too? if (!empty($theme_vars)) { $inserts = array(); foreach ($theme_vars as $var => $val) { $inserts[] = array($memberID, $var, $val); } smf_db_insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable')); } // If it's enabled, increase the registrations for today. trackStats(array('registers' => '+')); // Administrative registrations are a bit different... if ($regOptions['interface'] == 'admin') { if ($regOptions['require'] == 'activation') { $email_message = 'admin_register_activate'; } elseif (!empty($regOptions['send_welcome_email'])) { $email_message = 'admin_register_immediate'; } if (isset($email_message)) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); $emaildata = loadEmailTemplate($email_message, $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } // All admins are finished here. return $memberID; } // Can post straight away - welcome them to your fantastic community... if ($regOptions['require'] == 'nothing') { if (!empty($regOptions['send_welcome_email'])) { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } // Send admin their notification. adminNotify('standard', $memberID, $regOptions['username']); } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); if ($regOptions['require'] == 'activation') { $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code); } else { $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID); } $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } else { $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : ''); $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements); sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); // Admin gets informed here... adminNotify('approval', $memberID, $regOptions['username']); } // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!) $_SESSION['just_registered'] = 1; return $memberID; }
function groupMembership2($profile_vars, $post_errors, $memID) { global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language; // Let's be extra cautious... if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership'])) { isAllowedTo('manage_membergroups'); } if (!isset($_REQUEST['gid']) && !isset($_POST['primary'])) { fatal_lang_error('no_access', false); } checkSession(isset($_GET['gid']) ? 'get' : 'post'); $old_profile =& $user_profile[$memID]; $context['can_manage_membergroups'] = allowedTo('manage_membergroups'); $context['can_manage_protected'] = allowedTo('admin_forum'); // By default the new primary is the old one. $newPrimary = $old_profile['id_group']; $addGroups = array_flip(explode(',', $old_profile['additional_groups'])); $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0; $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free'); // One way or another, we have a target group in mind... $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary']; $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false; // Sanity check!! if ($group_id == 1) { isAllowedTo('admin_forum'); } else { $request = $smcFunc['db_query']('', ' SELECT group_type FROM {db_prefix}membergroups WHERE id_group = {int:current_group} LIMIT {int:limit}', array('current_group' => $group_id, 'limit' => 1)); list($is_protected) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($is_protected == 1) { isAllowedTo('admin_forum'); } } // What ever we are doing, we need to determine if changing primary is possible! $request = $smcFunc['db_query']('', ' SELECT id_group, group_type, hidden, group_name FROM {db_prefix}membergroups WHERE id_group IN ({int:group_list}, {int:current_group})', array('group_list' => $group_id, 'current_group' => $old_profile['id_group'])); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Is this the new group? if ($row['id_group'] == $group_id) { $foundTarget = true; $group_name = $row['group_name']; // Does the group type match what we're doing - are we trying to request a non-requestable group? if ($changeType == 'request' && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']])) { fatal_lang_error('no_access', false); } elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2) { fatal_lang_error('no_access', false); } // We can't change the primary group if this is hidden! if ($row['hidden'] == 2) { $canChangePrimary = false; } } // If this is their old primary, can we change it? if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false) { $canChangePrimary = 1; } // If we are not doing a force primary move, don't do it automatically if current primary is not 0. if ($changeType != 'primary' && $old_profile['id_group'] != 0) { $canChangePrimary = false; } // If this is the one we are acting on, can we even act? if (!$context['can_manage_protected'] && $row['group_type'] == 1 || !$context['can_manage_membergroups'] && $row['group_type'] == 0) { $canChangePrimary = false; } } $smcFunc['db_free_result']($request); // Didn't find the target? if (!$foundTarget) { fatal_lang_error('no_access', false); } // Final security check, don't allow users to promote themselves to admin. if ($context['can_manage_membergroups'] && !allowedTo('admin_forum')) { $request = $smcFunc['db_query']('', ' SELECT COUNT(permission) FROM {db_prefix}permissions WHERE id_group = {int:selected_group} AND permission = {string:admin_forum} AND add_deny = {int:not_denied}', array('selected_group' => $group_id, 'not_denied' => 1, 'admin_forum' => 'admin_forum')); list($disallow) = $smcFunc['db_fetch_row']($request); $smcFunc['db_free_result']($request); if ($disallow) { isAllowedTo('admin_forum'); } } // If we're requesting, add the note then return. if ($changeType == 'request') { $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}log_group_requests WHERE id_member = {int:selected_member} AND id_group = {int:selected_group}', array('selected_member' => $memID, 'selected_group' => $group_id)); if ($smcFunc['db_num_rows']($request) != 0) { fatal_lang_error('profile_error_already_requested_group'); } $smcFunc['db_free_result']($request); // Log the request. $smcFunc['db_insert']('', '{db_prefix}log_group_requests', array('id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534'), array($memID, $group_id, time(), $_POST['reason']), array('id_request')); // Send an email to all group moderators etc. require_once $sourcedir . '/Subs-Post.php'; // Do we have any group moderators? $request = $smcFunc['db_query']('', ' SELECT id_member FROM {db_prefix}group_moderators WHERE id_group = {int:selected_group}', array('selected_group' => $group_id)); $moderators = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $moderators[] = $row['id_member']; } $smcFunc['db_free_result']($request); // Otherwise this is the backup! if (empty($moderators)) { require_once $sourcedir . '/Subs-Members.php'; $moderators = membersAllowedTo('manage_membergroups'); } if (!empty($moderators)) { $request = $smcFunc['db_query']('', ' SELECT id_member, email_address, lngfile, member_name, mod_prefs FROM {db_prefix}members WHERE id_member IN ({array_int:moderator_list}) AND notify_types != {int:no_notifications} ORDER BY lngfile', array('moderator_list' => $moderators, 'no_notifications' => 4)); while ($row = $smcFunc['db_fetch_assoc']($request)) { // Check whether they are interested. if (!empty($row['mod_prefs'])) { list(, , $pref_binary) = explode('|', $row['mod_prefs']); if (!($pref_binary & 4)) { continue; } } $replacements = array('RECPNAME' => $row['member_name'], 'APPYNAME' => $old_profile['member_name'], 'GROUPNAME' => $group_name, 'REASON' => $_POST['reason'], 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests'); $emaildata = loadEmailTemplate('request_membership', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } $smcFunc['db_free_result']($request); } return $changeType; } elseif ($changeType == 'free') { // Are we leaving? if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id])) { if ($old_profile['id_group'] == $group_id) { $newPrimary = 0; } else { unset($addGroups[$group_id]); } } else { // Can we change the primary, and do we want to? if ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } $newPrimary = $group_id; } else { $addGroups[$group_id] = -1; } } } elseif ($canChangePrimary) { if ($old_profile['id_group'] != 0) { $addGroups[$old_profile['id_group']] = -1; } if (isset($addGroups[$group_id])) { unset($addGroups[$group_id]); } $newPrimary = $group_id; } // Finally, we can make the changes! foreach ($addGroups as $id => $dummy) { if (empty($id)) { unset($addGroups[$id]); } } $addGroups = implode(',', array_flip($addGroups)); // Ensure that we don't cache permissions if the group is changing. if ($context['user']['is_owner']) { $_SESSION['mc']['time'] = 0; } else { updateSettings(array('settings_updated' => time())); } updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups)); return $changeType; }
/** * This simple function gets a list of all administrators and sends them an email * to let them know a new member has joined. * Called by registerMember() function in subs/Members.subs.php. * Email is sent to all groups that have the moderate_forum permission. * The language set by each member is being used (if available). * * @param string $type types supported are 'approval', 'activation', and 'standard'. * @param int $memberID * @param string|null $member_name = null * @uses the Login language file. */ function sendAdminNotifications($type, $memberID, $member_name = null) { global $modSettings, $language, $scripturl, $user_info; $db = database(); // If the setting isn't enabled then just exit. if (empty($modSettings['notify_new_registration'])) { return; } // Needed to notify admins, or anyone require_once SUBSDIR . '/Mail.subs.php'; if ($member_name == null) { require_once SUBSDIR . '/Members.subs.php'; // Get the new user's name.... $member_info = getBasicMemberData($memberID); $member_name = $member_info['real_name']; } $groups = array(); // All membergroups who can approve members. $request = $db->query('', ' SELECT id_group FROM {db_prefix}permissions WHERE permission = {string:moderate_forum} AND add_deny = {int:add_deny} AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'moderate_forum' => 'moderate_forum')); while ($row = $db->fetch_assoc($request)) { $groups[] = $row['id_group']; } $db->free_result($request); // Add administrators too... $groups[] = 1; $groups = array_unique($groups); // Get a list of all members who have ability to approve accounts - these are the people who we inform. $request = $db->query('', ' SELECT id_member, lngfile, email_address FROM {db_prefix}members WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0) AND notify_types != {int:notify_types} ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups))); $current_language = $user_info['language']; while ($row = $db->fetch_assoc($request)) { $replacements = array('USERNAME' => $member_name, 'PROFILELINK' => $scripturl . '?action=profile;u=' . $memberID); $emailtype = 'admin_notify'; // If they need to be approved add more info... if ($type == 'approval') { $replacements['APPROVALLINK'] = $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve'; $emailtype .= '_approval'; } $emaildata = loadEmailTemplate($emailtype, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // And do the actual sending... sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0); } $db->free_result($request); if (isset($current_language) && $current_language != $user_info['language']) { loadLanguage('Login'); } }
/** * Sends a personal message from the specified person to the specified people * ($from defaults to the user) * * @package PersonalMessage * @param mixed[] $recipients - an array containing the arrays 'to' and 'bcc', both containing id_member's. * @param string $subject - should have no slashes and no html entities * @param string $message - should have no slashes and no html entities * @param bool $store_outbox * @param mixed[]|null $from - an array with the id, name, and username of the member. * @param int $pm_head - the ID of the chain being replied to - if any. * @return mixed[] an array with log entries telling how many recipients were successful and which recipients it failed to send to. */ function sendpm($recipients, $subject, $message, $store_outbox = true, $from = null, $pm_head = 0) { global $scripturl, $txt, $user_info, $language, $modSettings, $webmaster_email; $db = database(); // Make sure the PM language file is loaded, we might need something out of it. loadLanguage('PersonalMessage'); // Needed for our email and post functions require_once SUBSDIR . '/Mail.subs.php'; require_once SUBSDIR . '/Post.subs.php'; // Initialize log array. $log = array('failed' => array(), 'sent' => array()); if ($from === null) { $from = array('id' => $user_info['id'], 'name' => $user_info['name'], 'username' => $user_info['username']); } else { $user_info['name'] = $from['name']; } // This is the one that will go in their inbox. $htmlmessage = Util::htmlspecialchars($message, ENT_QUOTES, 'UTF-8', true); preparsecode($htmlmessage); $htmlsubject = strtr(Util::htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => '')); if (Util::strlen($htmlsubject) > 100) { $htmlsubject = Util::substr($htmlsubject, 0, 100); } // Make sure is an array if (!is_array($recipients)) { $recipients = array($recipients); } // Integrated PMs call_integration_hook('integrate_personal_message', array(&$recipients, &$from, &$subject, &$message)); // Get a list of usernames and convert them to IDs. $usernames = array(); foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (!is_numeric($recipients[$rec_type][$id])) { $recipients[$rec_type][$id] = Util::strtolower(trim(preg_replace('/[<>&"\'=\\\\]/', '', $recipients[$rec_type][$id]))); $usernames[$recipients[$rec_type][$id]] = 0; } } } if (!empty($usernames)) { $request = $db->query('pm_find_username', ' SELECT id_member, member_name FROM {db_prefix}members WHERE ' . (defined('DB_CASE_SENSITIVE') ? 'LOWER(member_name)' : 'member_name') . ' IN ({array_string:usernames})', array('usernames' => array_keys($usernames))); while ($row = $db->fetch_assoc($request)) { if (isset($usernames[Util::strtolower($row['member_name'])])) { $usernames[Util::strtolower($row['member_name'])] = $row['id_member']; } } $db->free_result($request); // Replace the usernames with IDs. Drop usernames that couldn't be found. foreach ($recipients as $rec_type => $rec) { foreach ($rec as $id => $member) { if (is_numeric($recipients[$rec_type][$id])) { continue; } if (!empty($usernames[$member])) { $recipients[$rec_type][$id] = $usernames[$member]; } else { $log['failed'][$id] = sprintf($txt['pm_error_user_not_found'], $recipients[$rec_type][$id]); unset($recipients[$rec_type][$id]); } } } } // Make sure there are no duplicate 'to' members. $recipients['to'] = array_unique($recipients['to']); // Only 'bcc' members that aren't already in 'to'. $recipients['bcc'] = array_diff(array_unique($recipients['bcc']), $recipients['to']); // Combine 'to' and 'bcc' recipients. $all_to = array_merge($recipients['to'], $recipients['bcc']); // Check no-one will want it deleted right away! $request = $db->query('', ' SELECT id_member, criteria, is_or FROM {db_prefix}pm_rules WHERE id_member IN ({array_int:to_members}) AND delete_pm = {int:delete_pm}', array('to_members' => $all_to, 'delete_pm' => 1)); $deletes = array(); // Check whether we have to apply anything... while ($row = $db->fetch_assoc($request)) { $criteria = unserialize($row['criteria']); // Note we don't check the buddy status, cause deletion from buddy = madness! $delete = false; foreach ($criteria as $criterium) { if ($criterium['t'] == 'mid' && $criterium['v'] == $from['id'] || $criterium['t'] == 'gid' && in_array($criterium['v'], $user_info['groups']) || $criterium['t'] == 'sub' && strpos($subject, $criterium['v']) !== false || $criterium['t'] == 'msg' && strpos($message, $criterium['v']) !== false) { $delete = true; } elseif (!$row['is_or']) { $delete = false; break; } } if ($delete) { $deletes[$row['id_member']] = 1; } } $db->free_result($request); // Load the membergrounp message limits. static $message_limit_cache = array(); if (!allowedTo('moderate_forum') && empty($message_limit_cache)) { $request = $db->query('', ' SELECT id_group, max_messages FROM {db_prefix}membergroups', array()); while ($row = $db->fetch_assoc($request)) { $message_limit_cache[$row['id_group']] = $row['max_messages']; } $db->free_result($request); } // Load the groups that are allowed to read PMs. // @todo move into a separate function on $permission. $allowed_groups = array(); $disallowed_groups = array(); $request = $db->query('', ' SELECT id_group, add_deny FROM {db_prefix}permissions WHERE permission = {string:read_permission}', array('read_permission' => 'pm_read')); while ($row = $db->fetch_assoc($request)) { if (empty($row['add_deny'])) { $disallowed_groups[] = $row['id_group']; } else { $allowed_groups[] = $row['id_group']; } } $db->free_result($request); if (empty($modSettings['permission_enable_deny'])) { $disallowed_groups = array(); } $request = $db->query('', ' SELECT member_name, real_name, id_member, email_address, lngfile, pm_email_notify, personal_messages,' . (allowedTo('moderate_forum') ? ' 0' : ' (receive_from = {int:admins_only}' . (empty($modSettings['enable_buddylist']) ? '' : ' OR (receive_from = {int:buddies_only} AND FIND_IN_SET({string:from_id}, buddy_list) = 0) OR (receive_from = {int:not_on_ignore_list} AND FIND_IN_SET({string:from_id}, pm_ignore_list) != 0)') . ')') . ' AS ignored, FIND_IN_SET({string:from_id}, buddy_list) != 0 AS is_buddy, is_activated, additional_groups, id_group, id_post_group FROM {db_prefix}members WHERE id_member IN ({array_int:recipients}) ORDER BY lngfile LIMIT {int:count_recipients}', array('not_on_ignore_list' => 1, 'buddies_only' => 2, 'admins_only' => 3, 'recipients' => $all_to, 'count_recipients' => count($all_to), 'from_id' => $from['id'])); $notifications = array(); while ($row = $db->fetch_assoc($request)) { // Don't do anything for members to be deleted! if (isset($deletes[$row['id_member']])) { continue; } // We need to know this members groups. $groups = explode(',', $row['additional_groups']); $groups[] = $row['id_group']; $groups[] = $row['id_post_group']; $message_limit = -1; // For each group see whether they've gone over their limit - assuming they're not an admin. if (!in_array(1, $groups)) { foreach ($groups as $id) { if (isset($message_limit_cache[$id]) && $message_limit != 0 && $message_limit < $message_limit_cache[$id]) { $message_limit = $message_limit_cache[$id]; } } if ($message_limit > 0 && $message_limit <= $row['personal_messages']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_data_limit_reached'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // Do they have any of the allowed groups? if (count(array_intersect($allowed_groups, $groups)) == 0 || count(array_intersect($disallowed_groups, $groups)) != 0) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } } // Note that PostgreSQL can return a lowercase t/f for FIND_IN_SET if (!empty($row['ignored']) && $row['ignored'] != 'f' && $row['id_member'] != $from['id']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_ignored_by_user'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // If the receiving account is banned (>=10) or pending deletion (4), refuse to send the PM. if ($row['is_activated'] >= 10 || $row['is_activated'] == 4 && !$user_info['is_admin']) { $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']); unset($all_to[array_search($row['id_member'], $all_to)]); continue; } // Send a notification, if enabled - taking the buddy list into account. if (!empty($row['email_address']) && ($row['pm_email_notify'] == 1 || $row['pm_email_notify'] > 1 && (!empty($modSettings['enable_buddylist']) && $row['is_buddy'])) && $row['is_activated'] == 1) { $notifications[empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']][] = $row['email_address']; } $log['sent'][$row['id_member']] = sprintf(isset($txt['pm_successfully_sent']) ? $txt['pm_successfully_sent'] : '', $row['real_name']); } $db->free_result($request); // Only 'send' the message if there are any recipients left. if (empty($all_to)) { return $log; } // Track the pm count for our stats if (!empty($modSettings['trackStats'])) { trackStats(array('pm' => '+')); } // Insert the message itself and then grab the last insert id. $db->insert('', '{db_prefix}personal_messages', array('id_pm_head' => 'int', 'id_member_from' => 'int', 'deleted_by_sender' => 'int', 'from_name' => 'string-255', 'msgtime' => 'int', 'subject' => 'string-255', 'body' => 'string-65534'), array($pm_head, $from['id'], $store_outbox ? 0 : 1, $from['username'], time(), $htmlsubject, $htmlmessage), array('id_pm')); $id_pm = $db->insert_id('{db_prefix}personal_messages', 'id_pm'); // Add the recipients. if (!empty($id_pm)) { // If this is new we need to set it part of it's own conversation. if (empty($pm_head)) { $db->query('', ' UPDATE {db_prefix}personal_messages SET id_pm_head = {int:id_pm_head} WHERE id_pm = {int:id_pm_head}', array('id_pm_head' => $id_pm)); } // Some people think manually deleting personal_messages is fun... it's not. We protect against it though :) $db->query('', ' DELETE FROM {db_prefix}pm_recipients WHERE id_pm = {int:id_pm}', array('id_pm' => $id_pm)); $insertRows = array(); $to_list = array(); foreach ($all_to as $to) { $insertRows[] = array($id_pm, $to, in_array($to, $recipients['bcc']) ? 1 : 0, isset($deletes[$to]) ? 1 : 0, 1); if (!in_array($to, $recipients['bcc'])) { $to_list[] = $to; } } $db->insert('insert', '{db_prefix}pm_recipients', array('id_pm' => 'int', 'id_member' => 'int', 'bcc' => 'int', 'deleted' => 'int', 'is_new' => 'int'), $insertRows, array('id_pm', 'id_member')); } $maillist = !empty($modSettings['maillist_enabled']) && !empty($modSettings['pbe_pm_enabled']); // If they have post by email enabled, override disallow_sendBody if (!$maillist && !empty($modSettings['disallow_sendBody'])) { $message = ''; censorText($subject); } else { require_once SUBSDIR . '/Emailpost.subs.php'; pbe_prepare_text($message, $subject); } $to_names = array(); if (count($to_list) > 1) { require_once SUBSDIR . '/Members.subs.php'; $result = getBasicMemberData($to_list); foreach ($result as $row) { $to_names[] = un_htmlspecialchars($row['real_name']); } } $replacements = array('SUBJECT' => $subject, 'MESSAGE' => $message, 'SENDER' => un_htmlspecialchars($from['name']), 'READLINK' => $scripturl . '?action=pm;pmsg=' . $id_pm . '#msg' . $id_pm, 'REPLYLINK' => $scripturl . '?action=pm;sa=send;f=inbox;pmsg=' . $id_pm . ';quote;u=' . $from['id'], 'TOLIST' => implode(', ', $to_names)); // Select the right template $email_template = ($maillist && empty($modSettings['disallow_sendBody']) ? 'pbe_' : '') . 'new_pm' . (empty($modSettings['disallow_sendBody']) ? '_body' : '') . (!empty($to_names) ? '_tolist' : ''); foreach ($notifications as $lang => $notification_list) { // Using maillist functionality if ($maillist) { $sender_details = query_sender_wrapper($from['id']); $from_wrapper = !empty($modSettings['maillist_mail_from']) ? $modSettings['maillist_mail_from'] : (empty($modSettings['maillist_sitename_address']) ? $webmaster_email : $modSettings['maillist_sitename_address']); // Add in the signature $replacements['SIGNATURE'] = $sender_details['signature']; // And off it goes, looking a bit more personal $mail = loadEmailTemplate($email_template, $replacements, $lang); $reference = !empty($pm_head) ? $pm_head : null; sendmail($notification_list, $mail['subject'], $mail['body'], $from['name'], 'p' . $id_pm, false, 2, null, true, $from_wrapper, $reference); } else { // Off the notification email goes! $mail = loadEmailTemplate($email_template, $replacements, $lang); sendmail($notification_list, $mail['subject'], $mail['body'], null, 'p' . $id_pm, false, 2, null, true); } } // Integrated After PMs call_integration_hook('integrate_personal_message_after', array(&$id_pm, &$log, &$recipients, &$from, &$subject, &$message)); // Back to what we were on before! loadLanguage('index+PersonalMessage'); // Add one to their unread and read message counts. foreach ($all_to as $k => $id) { if (isset($deletes[$id])) { unset($all_to[$k]); } } if (!empty($all_to)) { updateMemberData($all_to, array('personal_messages' => '+', 'unread_messages' => '+', 'new_pm' => 1)); } return $log; }
function scheduled_paid_subscriptions() { global $txt, $sourcedir, $scripturl, $modSettings, $language; // Start off by checking for removed subscriptions. $request = smf_db_query(' SELECT id_subscribe, id_member FROM {db_prefix}log_subscribed WHERE status = {int:is_active} AND end_time < {int:time_now}', array('is_active' => 1, 'time_now' => time())); while ($row = mysql_fetch_assoc($request)) { require_once $sourcedir . '/ManagePaid.php'; removeSubscription($row['id_subscribe'], $row['id_member']); } mysql_free_result($request); // Get all those about to expire that have not had a reminder sent. $request = smf_db_query(' SELECT ls.id_sublog, m.id_member, m.member_name, m.email_address, m.lngfile, s.name, ls.end_time FROM {db_prefix}log_subscribed AS ls INNER JOIN {db_prefix}subscriptions AS s ON (s.id_subscribe = ls.id_subscribe) INNER JOIN {db_prefix}members AS m ON (m.id_member = ls.id_member) WHERE ls.status = {int:is_active} AND ls.reminder_sent = {int:reminder_sent} AND s.reminder > {int:reminder_wanted} AND ls.end_time < ({int:time_now} + s.reminder * 86400)', array('is_active' => 1, 'reminder_sent' => 0, 'reminder_wanted' => 0, 'time_now' => time())); $subs_reminded = array(); while ($row = mysql_fetch_assoc($request)) { // If this is the first one load the important bits. if (empty($subs_reminded)) { require_once $sourcedir . '/lib/Subs-Post.php'; // Need the below for loadLanguage to work! loadEssentialThemeData(); } $subs_reminded[] = $row['id_sublog']; $replacements = array('PROFILE_LINK' => $scripturl . '?action=profile;area=subscriptions;u=' . $row['id_member'], 'REALNAME' => $row['member_name'], 'SUBSCRIPTION' => $row['name'], 'END_DATE' => strip_tags(timeformat($row['end_time']))); $emaildata = loadEmailTemplate('paid_subscription_reminder', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Send the actual email. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } mysql_free_result($request); // Mark the reminder as sent. if (!empty($subs_reminded)) { smf_db_query(' UPDATE {db_prefix}log_subscribed SET reminder_sent = {int:reminder_sent} WHERE id_sublog IN ({array_int:subscription_list})', array('subscription_list' => $subs_reminded, 'reminder_sent' => 1)); } return true; }
/** * Send all the administrators a lovely email. * * What it does: * - It loads all users who are admins or have the admin forum permission. * - It uses the email template and replacements passed in the parameters. * - It sends them an email. * * @package Admin * @param string $template * @param mixed[] $replacements * @param int[] $additional_recipients */ function emailAdmins($template, $replacements = array(), $additional_recipients = array()) { global $language, $modSettings; $db = database(); // We certainly want this. require_once SUBSDIR . '/Mail.subs.php'; // Load all groups which are effectively admins. $request = $db->query('', ' SELECT id_group FROM {db_prefix}permissions WHERE permission = {string:admin_forum} AND add_deny = {int:add_deny} AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'admin_forum' => 'admin_forum')); $groups = array(1); while ($row = $db->fetch_assoc($request)) { $groups[] = $row['id_group']; } $db->free_result($request); $request = $db->query('', ' SELECT id_member, member_name, real_name, lngfile, email_address FROM {db_prefix}members WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0) AND notify_types != {int:notify_types} ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups))); $emails_sent = array(); while ($row = $db->fetch_assoc($request)) { // Stick their particulars in the replacement data. $replacements['IDMEMBER'] = $row['id_member']; $replacements['REALNAME'] = $row['member_name']; $replacements['USERNAME'] = $row['real_name']; // Load the data from the template. $emaildata = loadEmailTemplate($template, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']); // Then send the actual email. sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); // Track who we emailed so we don't do it twice. $emails_sent[] = $row['email_address']; } $db->free_result($request); // Any additional users we must email this to? if (!empty($additional_recipients)) { foreach ($additional_recipients as $recipient) { if (in_array($recipient['email'], $emails_sent)) { continue; } $replacements['IDMEMBER'] = $recipient['id']; $replacements['REALNAME'] = $recipient['name']; $replacements['USERNAME'] = $recipient['name']; // Load the template again. $emaildata = loadEmailTemplate($template, $replacements, empty($recipient['lang']) || empty($modSettings['userLanguage']) ? $language : $recipient['lang']); // Send off the email. sendmail($recipient['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1); } } }
function GroupRequests() { global $txt, $context, $scripturl, $user_info, $sourcedir, $smcFunc, $modSettings, $language; // Set up the template stuff... $context['page_title'] = $txt['mc_group_requests']; $context['sub_template'] = 'show_list'; // Verify we can be here. if ($user_info['mod_cache']['gq'] == '0=1') { isAllowedTo('manage_membergroups'); } // Normally, we act normally... $where = $user_info['mod_cache']['gq'] == '1=1' || $user_info['mod_cache']['gq'] == '0=1' ? $user_info['mod_cache']['gq'] : 'lgr.' . $user_info['mod_cache']['gq']; $where_parameters = array(); // We've submitted? if (isset($_POST[$context['session_var']]) && !empty($_POST['groupr']) && !empty($_POST['req_action'])) { checkSession('post'); // Clean the values. foreach ($_POST['groupr'] as $k => $request) { $_POST['groupr'][$k] = (int) $request; } // If we are giving a reason (And why shouldn't we?), then we don't actually do much. if ($_POST['req_action'] == 'reason') { // Different sub template... $context['sub_template'] = 'group_request_reason'; // And a limitation. We don't care that the page number bit makes no sense, as we don't need it! $where .= ' AND lgr.id_request IN ({array_int:request_ids})'; $where_parameters['request_ids'] = $_POST['groupr']; $context['group_requests'] = list_getGroupRequests(0, $modSettings['defaultMaxMessages'], 'lgr.id_request', $where, $where_parameters); // Let obExit etc sort things out. obExit(); } else { // Get the details of all the members concerned... $request = $smcFunc['db_query']('', ' SELECT lgr.id_request, lgr.id_member, lgr.id_group, mem.email_address, mem.id_group AS primary_group, mem.additional_groups AS additional_groups, mem.lngfile, mem.member_name, mem.notify_types, mg.hidden, mg.group_name FROM {db_prefix}log_group_requests AS lgr INNER JOIN {db_prefix}members AS mem ON (mem.id_member = lgr.id_member) INNER JOIN {db_prefix}membergroups AS mg ON (mg.id_group = lgr.id_group) WHERE ' . $where . ' AND lgr.id_request IN ({array_int:request_list}) ORDER BY mem.lngfile', array('request_list' => $_POST['groupr'])); $email_details = array(); $group_changes = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $row['lngfile'] = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']; // If we are approving work out what their new group is. if ($_POST['req_action'] == 'approve') { // For people with more than one request at once. if (isset($group_changes[$row['id_member']])) { $row['additional_groups'] = $group_changes[$row['id_member']]['add']; $row['primary_group'] = $group_changes[$row['id_member']]['primary']; } else { $row['additional_groups'] = explode(',', $row['additional_groups']); } // Don't have it already? if ($row['primary_group'] == $row['id_group'] || in_array($row['id_group'], $row['additional_groups'])) { continue; } // Should it become their primary? if ($row['primary_group'] == 0 && $row['hidden'] == 0) { $row['primary_group'] = $row['id_group']; } else { $row['additional_groups'][] = $row['id_group']; } // Add them to the group master list. $group_changes[$row['id_member']] = array('primary' => $row['primary_group'], 'add' => $row['additional_groups']); } // Add required information to email them. if ($row['notify_types'] != 4) { $email_details[] = array('rid' => $row['id_request'], 'member_id' => $row['id_member'], 'member_name' => $row['member_name'], 'group_id' => $row['id_group'], 'group_name' => $row['group_name'], 'email' => $row['email_address'], 'language' => $row['lngfile']); } } $smcFunc['db_free_result']($request); // Remove the evidence... $smcFunc['db_query']('', ' DELETE FROM {db_prefix}log_group_requests WHERE id_request IN ({array_int:request_list})', array('request_list' => $_POST['groupr'])); // Ensure everyone who is online gets their changes right away. updateSettings(array('settings_updated' => time())); if (!empty($email_details)) { require_once $sourcedir . '/Subs-Post.php'; // They are being approved? if ($_POST['req_action'] == 'approve') { // Make the group changes. foreach ($group_changes as $id => $groups) { // Sanity check! foreach ($groups['add'] as $key => $value) { if ($value == 0 || trim($value) == '') { unset($groups['add'][$key]); } } $smcFunc['db_query']('', ' UPDATE {db_prefix}members SET id_group = {int:primary_group}, additional_groups = {string:additional_groups} WHERE id_member = {int:selected_member}', array('primary_group' => $groups['primary'], 'selected_member' => $id, 'additional_groups' => implode(',', $groups['add']))); } $lastLng = $user_info['language']; foreach ($email_details as $email) { $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']); $emaildata = loadEmailTemplate('mc_group_approve', $replacements, $email['language']); sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } } else { // Same as for approving, kind of. $lastLng = $user_info['language']; foreach ($email_details as $email) { $custom_reason = isset($_POST['groupreason']) && isset($_POST['groupreason'][$email['rid']]) ? $_POST['groupreason'][$email['rid']] : ''; $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']); if (!empty($custom_reason)) { $replacements['REASON'] = $custom_reason; } $emaildata = loadEmailTemplate(empty($custom_reason) ? 'mc_group_reject' : 'mc_group_reject_reason', $replacements, $email['language']); sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2); } } } // Restore the current language. loadLanguage('ModerationCenter'); } } // We're going to want this for making our list. require_once $sourcedir . '/Subs-List.php'; // This is all the information required for a group listing. $listOptions = array('id' => 'group_request_list', 'title' => $txt['mc_group_requests'], 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_groupr_none_found'], 'base_href' => $scripturl . '?action=groups;sa=requests', 'default_sort_col' => 'member', 'get_items' => array('function' => 'list_getGroupRequests', 'params' => array($where, $where_parameters)), 'get_count' => array('function' => 'list_getGroupRequestCount', 'params' => array($where, $where_parameters)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_groupr_member']), 'data' => array('db' => 'member_link'), 'sort' => array('default' => 'mem.member_name', 'reverse' => 'mem.member_name DESC')), 'group' => array('header' => array('value' => $txt['mc_groupr_group']), 'data' => array('db' => 'group_link'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'reason' => array('header' => array('value' => $txt['mc_groupr_reason']), 'data' => array('db' => 'reason')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%;'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="groupr[]" value="%1$d" class="input_check" />', 'params' => array('id' => false)), 'style' => 'text-align: center;'))), 'form' => array('href' => $scripturl . '?action=groups;sa=requests', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id'])), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => ' <select name="req_action" onchange="if (this.value != 0 && (this.value == \'reason\' || confirm(\'' . $txt['mc_groupr_warning'] . '\'))) this.form.submit();"> <option value="0">' . $txt['with_selected'] . ':</option> <option value="0">---------------------</option> <option value="approve">' . $txt['mc_groupr_approve'] . '</option> <option value="reject">' . $txt['mc_groupr_reject'] . '</option> <option value="reason">' . $txt['mc_groupr_reject_w_reason'] . '</option> </select> <input type="submit" name="go" value="' . $txt['go'] . '" onclick="var sel = document.getElementById(\'req_action\'); if (sel.value != 0 && sel.value != \'reason\' && !confirm(\'' . $txt['mc_groupr_warning'] . '\')) return false;" class="button_submit" />', 'align' => 'right'))); // Create the request list. createList($listOptions); $context['default_list'] = 'group_request_list'; }
function arcadeEvent($id_event, $data = array()) { global $smcFunc, $db_prefix, $scripturl, $txt, $user_info, $sourcedir, $modSettings, $language; if ($id_event == 'get' && empty($data)) { return arcadeGetEventTypes(); } else { $event = arcadeGetEventTypes($id_event); } $replacements = array('ARCADE_SETTINGS_URL' => $scripturl . '?action=profile;area=arcadeSettings'); $pms = array(); $event['func']($event, $replacements, $pms, $data); if (empty($pms)) { return true; } require_once $sourcedir . '/Subs-Post.php'; $request = $smcFunc['db_query']('', ' SELECT mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_send_body, mem.lngfile FROM {db_prefix}members AS mem WHERE mem.id_member IN({array_int:members}) ORDER BY mem.lngfile', array('members' => array_keys($pms))); while ($rowmember = $smcFunc['db_fetch_assoc']($request)) { $replacements['USERID'] = $rowmember['id_member']; $replacements['PROFILE'] = $scripturl . '?action=profile;u=' . $rowmember['id_member']; $emailtype = 'notification_arcade_' . $pms[$rowmember['id_member']]; loadLanguage('ArcadeEmail', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false); $emaildata = loadEmailTemplate($emailtype, $replacements, '', false); sendmail($rowmember['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 4); unset($notification); } return true; }