Ejemplo n.º 1
0
    /**
     * Verify the activation code, and activate the user if correct.
     * Accessed by ?action=activate
     */
    public function action_activate()
    {
        global $context, $txt, $modSettings, $scripturl, $language, $user_info;
        require_once SUBSDIR . '/Auth.subs.php';
        // Logged in users should not bother to activate their accounts
        if (!empty($user_info['id'])) {
            redirectexit();
        }
        loadLanguage('Login');
        loadTemplate('Login');
        loadJavascriptFile('sha256.js', array('defer' => true));
        if (empty($_REQUEST['u']) && empty($_POST['user'])) {
            if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == '3') {
                fatal_lang_error('no_access', false);
            }
            $context['member_id'] = 0;
            $context['sub_template'] = 'resend';
            $context['page_title'] = $txt['invalid_activation_resend'];
            $context['can_activate'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] == '1';
            $context['default_username'] = isset($_GET['user']) ? $_GET['user'] : '';
            return;
        }
        // Get the code from the database...
        $row = findUser(empty($_REQUEST['u']) ? '
			member_name = {string:email_address} OR email_address = {string:email_address}' : '
			id_member = {int:id_member}', array('id_member' => isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, 'email_address' => isset($_POST['user']) ? $_POST['user'] : ''), false);
        // Does this user exist at all?
        if (empty($row)) {
            $context['sub_template'] = 'retry_activate';
            $context['page_title'] = $txt['invalid_userid'];
            $context['member_id'] = 0;
            return;
        }
        // Change their email address? (they probably tried a fake one first :P.)
        require_once SUBSDIR . '/Auth.subs.php';
        if (isset($_POST['new_email'], $_REQUEST['passwd']) && validateLoginPassword($_REQUEST['passwd'], $row['passwd'], $row['member_name'], true) && ($row['is_activated'] == 0 || $row['is_activated'] == 2)) {
            if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) {
                fatal_lang_error('no_access', false);
            }
            // @todo Separate the sprintf?
            require_once SUBSDIR . '/DataValidator.class.php';
            if (!Data_Validator::is_valid($_POST, array('new_email' => 'valid_email|required|max_length[255]'), array('new_email' => 'trim'))) {
                fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'], ENT_COMPAT, 'UTF-8')), false);
            }
            // Make sure their email isn't banned.
            isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
            // Ummm... don't even dare try to take someone else's email!!
            // @todo Separate the sprintf?
            if (userByEmail($_POST['new_email'])) {
                fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email'], ENT_COMPAT, 'UTF-8')));
            }
            updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));
            $row['email_address'] = $_POST['new_email'];
            $email_change = true;
        }
        // Resend the password, but only if the account wasn't activated yet.
        if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'resend' && ($row['is_activated'] == 0 || $row['is_activated'] == 2) && (!isset($_REQUEST['code']) || $_REQUEST['code'] == '')) {
            require_once SUBSDIR . '/Mail.subs.php';
            $replacements = array('REALNAME' => $row['real_name'], 'USERNAME' => $row['member_name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $row['id_member'] . ';code=' . $row['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $row['id_member'], 'ACTIVATIONCODE' => $row['validation_code'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder');
            $emaildata = loadEmailTemplate('resend_activate_message', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
            sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            $context['page_title'] = $txt['invalid_activation_resend'];
            // This will ensure we don't actually get an error message if it works!
            $context['error_title'] = '';
            fatal_lang_error(!empty($email_change) ? 'change_email_success' : 'resend_email_success', false);
        }
        // Quit if this code is not right.
        if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code']) {
            if (!empty($row['is_activated'])) {
                fatal_lang_error('already_activated', false);
            } elseif ($row['validation_code'] == '') {
                loadLanguage('Profile');
                fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'member_name'] . '">' . $txt['here'] . '</a>.', false);
            }
            $context['sub_template'] = 'retry_activate';
            $context['page_title'] = $txt['invalid_activation_code'];
            $context['member_id'] = $row['id_member'];
            return;
        }
        // Let the integration know that they've been activated!
        call_integration_hook('integrate_activate', array($row['member_name']));
        // Validation complete - update the database!
        updateMemberData($row['id_member'], array('is_activated' => 1, 'validation_code' => ''));
        // Also do a proper member stat re-evaluation.
        updateStats('member', false);
        if (!isset($_POST['new_email'])) {
            require_once SUBSDIR . '/Notification.subs.php';
            sendAdminNotifications('activation', $row['id_member'], $row['member_name']);
        }
        $context += array('page_title' => $txt['registration_successful'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => '', 'never_expire' => false, 'description' => $txt['activate_success']);
    }
Ejemplo n.º 2
0
function notifyMembersBoard(&$topicData)
{
    global $txt, $scripturl, $language, $user_info;
    global $modSettings, $sourcedir, $board, $smcFunc, $context;
    require_once $sourcedir . '/Subs-Post.php';
    // Do we have one or lots of topics?
    if (isset($topicData['body'])) {
        $topicData = array($topicData);
    }
    // Find out what boards we have... and clear out any rubbish!
    $boards = array();
    foreach ($topicData as $key => $topic) {
        if (!empty($topic['board'])) {
            $boards[$topic['board']][] = $key;
        } else {
            unset($topic[$key]);
            continue;
        }
        // Censor the subject and body...
        censorText($topicData[$key]['subject']);
        censorText($topicData[$key]['body']);
        $topicData[$key]['subject'] = un_htmlspecialchars($topicData[$key]['subject']);
        $topicData[$key]['body'] = trim(un_htmlspecialchars(strip_tags(strtr(parse_bbc($topicData[$key]['body'], false), array('<br />' => "\n", '</div>' => "\n", '</li>' => "\n", '&#91;' => '[', '&#93;' => ']')))));
    }
    // Just the board numbers.
    $board_index = array_unique(array_keys($boards));
    if (empty($board_index)) {
        return;
    }
    // Yea, we need to add this to the digest queue.
    $digest_insert = array();
    foreach ($topicData as $id => $data) {
        $digest_insert[] = array($data['topic'], $data['msg'], 'topic', $user_info['id']);
    }
    $smcFunc['db_insert']('', '{db_prefix}log_digest', array('id_topic' => 'int', 'id_msg' => 'int', 'note_type' => 'string', 'exclude' => 'int'), $digest_insert, array());
    // Find the members with notification on for these boards.
    $members = $smcFunc['db_query']('', '
		SELECT
			mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_send_body, mem.lngfile,
			ln.sent, ln.id_board, mem.id_group, mem.additional_groups, b.member_groups,
			mem.id_post_group
		FROM {db_prefix}log_notify AS ln
			INNER JOIN {db_prefix}boards AS b ON (b.id_board = ln.id_board)
			INNER JOIN {db_prefix}members AS mem ON (mem.id_member = ln.id_member)
		WHERE ln.id_board IN ({array_int:board_list})
			AND mem.id_member != {int:current_member}
			AND mem.is_activated = {int:is_activated}
			AND mem.notify_types != {int:notify_types}
			AND mem.notify_regularity < {int:notify_regularity}
		ORDER BY mem.lngfile', array('current_member' => $user_info['id'], 'board_list' => $board_index, 'is_activated' => 1, 'notify_types' => 4, 'notify_regularity' => 2));
    while ($rowmember = $smcFunc['db_fetch_assoc']($members)) {
        if ($rowmember['id_group'] != 1) {
            $allowed = explode(',', $rowmember['member_groups']);
            $rowmember['additional_groups'] = explode(',', $rowmember['additional_groups']);
            $rowmember['additional_groups'][] = $rowmember['id_group'];
            $rowmember['additional_groups'][] = $rowmember['id_post_group'];
            if (count(array_intersect($allowed, $rowmember['additional_groups'])) == 0) {
                continue;
            }
        }
        $langloaded = loadLanguage('EmailTemplates', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false);
        // Now loop through all the notifications to send for this board.
        if (empty($boards[$rowmember['id_board']])) {
            continue;
        }
        $sentOnceAlready = 0;
        foreach ($boards[$rowmember['id_board']] as $key) {
            // Don't notify the guy who started the topic!
            //!!! In this case actually send them a "it's approved hooray" email
            if ($topicData[$key]['poster'] == $rowmember['id_member']) {
                continue;
            }
            // Setup the string for adding the body to the message, if a user wants it.
            $send_body = empty($modSettings['disallow_sendBody']) && !empty($rowmember['notify_send_body']);
            $replacements = array('TOPICSUBJECT' => $topicData[$key]['subject'], 'TOPICLINK' => $scripturl . '?topic=' . $topicData[$key]['topic'] . '.new#new', 'MESSAGE' => $topicData[$key]['body'], 'UNSUBSCRIBELINK' => $scripturl . '?action=notifyboard;board=' . $topicData[$key]['board'] . '.0');
            if (!$send_body) {
                unset($replacements['MESSAGE']);
            }
            // Figure out which email to send off
            $emailtype = '';
            // Send only if once is off or it's on and it hasn't been sent.
            if (!empty($rowmember['notify_regularity']) && !$sentOnceAlready && empty($rowmember['sent'])) {
                $emailtype = 'notify_boards_once';
            } elseif (empty($rowmember['notify_regularity'])) {
                $emailtype = 'notify_boards';
            }
            if (!empty($emailtype)) {
                $emailtype .= $send_body ? '_body' : '';
                $emaildata = loadEmailTemplate($emailtype, $replacements, $langloaded);
                sendmail($rowmember['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 3);
            }
            $sentOnceAlready = 1;
        }
    }
    $smcFunc['db_free_result']($members);
    // Sent!
    $smcFunc['db_query']('', '
		UPDATE {db_prefix}log_notify
		SET sent = {int:is_sent}
		WHERE id_board IN ({array_int:board_list})
			AND id_member != {int:current_member}', array('current_member' => $user_info['id'], 'board_list' => $board_index, 'is_sent' => 1));
}
Ejemplo n.º 3
0
function Activate()
{
    global $context, $txt, $modSettings, $scripturl, $sourcedir, $language;
    loadLanguage('Login');
    //loadTemplate('Login');
    if (empty($_REQUEST['u']) && empty($_POST['user'])) {
        if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) {
            fatal_lang_error('no_access', false);
        }
        $context['member_id'] = 0;
        EoS_Smarty::loadTemplate('generic_skeleton');
        EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/resend');
        $context['page_title'] = $txt['invalid_activation_resend'];
        $context['can_activate'] = empty($modSettings['registration_method']) || $modSettings['registration_method'] == 1;
        $context['default_username'] = isset($_GET['user']) ? $_GET['user'] : '';
        return;
    }
    // Get the code from the database...
    $request = smf_db_query('
		SELECT id_member, validation_code, member_name, real_name, email_address, is_activated, passwd, lngfile
		FROM {db_prefix}members' . (empty($_REQUEST['u']) ? '
		WHERE member_name = {string:email_address} OR email_address = {string:email_address}' : '
		WHERE id_member = {int:id_member}') . '
		LIMIT 1', array('id_member' => isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : 0, 'email_address' => isset($_POST['user']) ? $_POST['user'] : ''));
    // Does this user exist at all?
    if (mysql_num_rows($request) == 0) {
        EoS_Smarty::loadTemplate('generic_skeleton');
        EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/retry_activate');
        $context['page_title'] = $txt['invalid_userid'];
        $context['member_id'] = 0;
        return;
    }
    $row = mysql_fetch_assoc($request);
    mysql_free_result($request);
    // Change their email address? (they probably tried a fake one first :P.)
    if (isset($_POST['new_email'], $_REQUEST['passwd']) && sha1(strtolower($row['member_name']) . $_REQUEST['passwd']) == $row['passwd']) {
        if (empty($modSettings['registration_method']) || $modSettings['registration_method'] == 3) {
            fatal_lang_error('no_access', false);
        }
        // !!! Separate the sprintf?
        if (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['new_email']) == 0) {
            fatal_error(sprintf($txt['valid_email_needed'], htmlspecialchars($_POST['new_email'])), false);
        }
        // Make sure their email isn't banned.
        isBannedEmail($_POST['new_email'], 'cannot_register', $txt['ban_register_prohibited']);
        // Ummm... don't even dare try to take someone else's email!!
        $request = smf_db_query('
			SELECT id_member
			FROM {db_prefix}members
			WHERE email_address = {string:email_address}
			LIMIT 1', array('email_address' => $_POST['new_email']));
        // !!! Separate the sprintf?
        if (mysql_num_rows($request) != 0) {
            fatal_lang_error('email_in_use', false, array(htmlspecialchars($_POST['new_email'])));
        }
        mysql_free_result($request);
        updateMemberData($row['id_member'], array('email_address' => $_POST['new_email']));
        $row['email_address'] = $_POST['new_email'];
        $email_change = true;
    }
    // Resend the password, but only if the account wasn't activated yet.
    if (!empty($_REQUEST['sa']) && $_REQUEST['sa'] == 'resend' && ($row['is_activated'] == 0 || $row['is_activated'] == 2) && (!isset($_REQUEST['code']) || $_REQUEST['code'] == '')) {
        require_once $sourcedir . '/lib/Subs-Post.php';
        $replacements = array('REALNAME' => $row['real_name'], 'USERNAME' => $row['member_name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $row['id_member'] . ';code=' . $row['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $row['id_member'], 'ACTIVATIONCODE' => $row['validation_code'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder');
        $emaildata = loadEmailTemplate('resend_activate_message', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        $context['page_title'] = $txt['invalid_activation_resend'];
        // This will ensure we don't actually get an error message if it works!
        $context['error_title'] = '';
        fatal_lang_error(!empty($email_change) ? 'change_email_success' : 'resend_email_success', false);
    }
    // Quit if this code is not right.
    if (empty($_REQUEST['code']) || $row['validation_code'] != $_REQUEST['code']) {
        if (!empty($row['is_activated'])) {
            fatal_lang_error('already_activated', false);
        } elseif ($row['validation_code'] == '') {
            loadLanguage('Profile');
            fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'member_name'] . '">' . $txt['here'] . '</a>.', false);
        }
        EoS_Smarty::loadTemplate('generic_skeleton');
        EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/retry_activate');
        $context['page_title'] = $txt['invalid_activation_code'];
        $context['member_id'] = $row['id_member'];
        return;
    }
    // Let the integration know that they've been activated!
    HookAPI::callHook('integrate_activate', array($row['member_name']));
    // Validation complete - update the database!
    updateMemberData($row['id_member'], array('is_activated' => 1, 'validation_code' => ''));
    // Also do a proper member stat re-evaluation.
    updateStats('member', false);
    if (!isset($_POST['new_email'])) {
        $actid = 0;
        require_once $sourcedir . '/lib/Subs-Post.php';
        // add to the activity stream
        if ($modSettings['astream_active']) {
            require_once $sourcedir . '/lib/Subs-Activities.php';
            $actid = aStreamAdd($row['id_member'], ACT_NEWMEMBER, array('member_name' => $row['member_name']), 0, 0, 0, $row['id_member']);
        }
        adminNotify('activation', $row['id_member'], $row['member_name'], $actid, ACT_NEWMEMBER);
    }
    EoS_Smarty::loadTemplate('generic_skeleton');
    EoS_Smarty::getConfigInstance()->registerHookTemplate('generic_content_area', 'loginout/login');
    $context += array('page_title' => $txt['registration_successful'], 'sub_template' => 'login', 'default_username' => $row['member_name'], 'default_password' => '', 'never_expire' => false, 'description' => $txt['activate_success']);
}
Ejemplo n.º 4
0
function ReportToModerator2()
{
    global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $sourcedir, $language, $context, $smcFunc;
    // You must have the proper permissions!
    isAllowedTo('report_any');
    // Make sure they aren't spamming.
    spamProtection('reporttm');
    require_once $sourcedir . '/Subs-Post.php';
    // No errors, yet.
    $post_errors = array();
    // Check their session.
    if (checkSession('post', '', false) != '') {
        $post_errors[] = 'session_timeout';
    }
    // Make sure we have a comment and it's clean.
    if (!isset($_POST['comment']) || $smcFunc['htmltrim']($_POST['comment']) === '') {
        $post_errors[] = 'no_comment';
    }
    $poster_comment = strtr($smcFunc['htmlspecialchars']($_POST['comment']), array("\r" => '', "\n" => '', "\t" => ''));
    // Guests need to provide their address!
    if ($user_info['is_guest']) {
        $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']);
        if ($_POST['email'] === '') {
            $post_errors[] = 'no_email';
        } elseif (preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $_POST['email']) == 0) {
            $post_errors[] = 'bad_email';
        }
        isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
        $user_info['email'] = htmlspecialchars($_POST['email']);
    }
    // Could they get the right verification code?
    if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
        require_once $sourcedir . '/Subs-Editor.php';
        $verificationOptions = array('id' => 'report');
        $context['require_verification'] = create_control_verification($verificationOptions, true);
        if (is_array($context['require_verification'])) {
            $post_errors = array_merge($post_errors, $context['require_verification']);
        }
    }
    // Any errors?
    if (!empty($post_errors)) {
        loadLanguage('Errors');
        $context['post_errors'] = array();
        foreach ($post_errors as $post_error) {
            $context['post_errors'][] = $txt['error_' . $post_error];
        }
        return ReportToModerator();
    }
    // Get the basic topic information, and make sure they can see it.
    $_POST['msg'] = (int) $_POST['msg'];
    $request = $smcFunc['db_query']('', '
		SELECT m.id_topic, m.id_board, m.subject, m.body, m.id_member AS id_poster, m.poster_name, mem.real_name
		FROM {db_prefix}messages AS m
			LEFT JOIN {db_prefix}members AS mem ON (m.id_member = mem.id_member)
		WHERE m.id_msg = {int:id_msg}
			AND m.id_topic = {int:current_topic}
		LIMIT 1', array('current_topic' => $topic, 'id_msg' => $_POST['msg']));
    if ($smcFunc['db_num_rows']($request) == 0) {
        fatal_lang_error('no_board', false);
    }
    $message = $smcFunc['db_fetch_assoc']($request);
    $smcFunc['db_free_result']($request);
    $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
    $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
    $subject = un_htmlspecialchars($message['subject']);
    // Get a list of members with the moderate_board permission.
    require_once $sourcedir . '/Subs-Members.php';
    $moderators = membersAllowedTo('moderate_board', $board);
    $request = $smcFunc['db_query']('', '
		SELECT id_member, email_address, lngfile, mod_prefs
		FROM {db_prefix}members
		WHERE id_member IN ({array_int:moderator_list})
			AND notify_types != {int:notify_types}
		ORDER BY lngfile', array('moderator_list' => $moderators, 'notify_types' => 4));
    // Check that moderators do exist!
    if ($smcFunc['db_num_rows']($request) == 0) {
        fatal_lang_error('no_mods', false);
    }
    // If we get here, I believe we should make a record of this, for historical significance, yabber.
    if (empty($modSettings['disable_log_report'])) {
        $request2 = $smcFunc['db_query']('', '
			SELECT id_report, ignore_all
			FROM {db_prefix}log_reported
			WHERE id_msg = {int:id_msg}
				AND (closed = {int:not_closed} OR ignore_all = {int:ignored})
			ORDER BY ignore_all DESC', array('id_msg' => $_POST['msg'], 'not_closed' => 0, 'ignored' => 1));
        if ($smcFunc['db_num_rows']($request2) != 0) {
            list($id_report, $ignore) = $smcFunc['db_fetch_row']($request2);
        }
        $smcFunc['db_free_result']($request2);
        // If we're just going to ignore these, then who gives a monkeys...
        if (!empty($ignore)) {
            redirectexit('topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
        }
        // Already reported? My god, we could be dealing with a real rogue here...
        if (!empty($id_report)) {
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}log_reported
				SET num_reports = num_reports + 1, time_updated = {int:current_time}
				WHERE id_report = {int:id_report}', array('current_time' => time(), 'id_report' => $id_report));
        } else {
            if (empty($message['real_name'])) {
                $message['real_name'] = $message['poster_name'];
            }
            $smcFunc['db_insert']('', '{db_prefix}log_reported', array('id_msg' => 'int', 'id_topic' => 'int', 'id_board' => 'int', 'id_member' => 'int', 'membername' => 'string', 'subject' => 'string', 'body' => 'string', 'time_started' => 'int', 'time_updated' => 'int', 'num_reports' => 'int', 'closed' => 'int'), array($_POST['msg'], $message['id_topic'], $message['id_board'], $message['id_poster'], $message['real_name'], $message['subject'], $message['body'], time(), time(), 1, 0), array('id_report'));
            $id_report = $smcFunc['db_insert_id']('{db_prefix}log_reported', 'id_report');
        }
        // Now just add our report...
        if ($id_report) {
            $smcFunc['db_insert']('', '{db_prefix}log_reported_comments', array('id_report' => 'int', 'id_member' => 'int', 'membername' => 'string', 'email_address' => 'string', 'member_ip' => 'string', 'comment' => 'string', 'time_sent' => 'int'), array($id_report, $user_info['id'], $user_info['name'], $user_info['email'], $user_info['ip'], $poster_comment, time()), array('id_comment'));
        }
    }
    // Find out who the real moderators are - for mod preferences.
    $request2 = $smcFunc['db_query']('', '
		SELECT id_member
		FROM {db_prefix}moderators
		WHERE id_board = {int:current_board}', array('current_board' => $board));
    $real_mods = array();
    while ($row = $smcFunc['db_fetch_assoc']($request2)) {
        $real_mods[] = $row['id_member'];
    }
    $smcFunc['db_free_result']($request2);
    // Send every moderator an email.
    while ($row = $smcFunc['db_fetch_assoc']($request)) {
        // Maybe they don't want to know?!
        if (!empty($row['mod_prefs'])) {
            list(, , $pref_binary) = explode('|', $row['mod_prefs']);
            if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
                continue;
            }
        }
        $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg'], 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
        $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        // Send it to the moderator.
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
    }
    $smcFunc['db_free_result']($request);
    // Keep track of when the mod reports get updated, that way we know when we need to look again.
    updateSettings(array('last_mod_report_action' => time()));
    // Back to the post we reported!
    redirectexit('reportsent;topic=' . $topic . '.msg' . $_POST['msg'] . '#msg' . $_POST['msg']);
}
Ejemplo n.º 5
0
    /**
     * Show and manage all group requests.
     */
    public function action_requests()
    {
        global $txt, $context, $scripturl, $user_info, $modSettings;
        // Set up the template stuff...
        $context['page_title'] = $txt['mc_group_requests'];
        $context['sub_template'] = 'show_list';
        $context[$context['moderation_menu_name']]['tab_data'] = array('title' => $txt['mc_group_requests']);
        // Verify we can be here.
        if ($user_info['mod_cache']['gq'] == '0=1') {
            isAllowedTo('manage_membergroups');
        }
        // Normally, we act normally...
        $where = $user_info['mod_cache']['gq'] == '1=1' || $user_info['mod_cache']['gq'] == '0=1' ? $user_info['mod_cache']['gq'] : 'lgr.' . $user_info['mod_cache']['gq'];
        $where_parameters = array();
        // We've submitted?
        if (isset($_POST[$context['session_var']]) && !empty($_POST['groupr']) && !empty($_POST['req_action'])) {
            checkSession('post');
            validateToken('mod-gr');
            require_once SUBSDIR . '/Membergroups.subs.php';
            // Clean the values.
            foreach ($_POST['groupr'] as $k => $request) {
                $_POST['groupr'][$k] = (int) $request;
            }
            // If we are giving a reason (And why shouldn't we?), then we don't actually do much.
            if ($_POST['req_action'] == 'reason') {
                // Different sub template...
                $context['sub_template'] = 'group_request_reason';
                // And a limitation. We don't care that the page number bit makes no sense, as we don't need it!
                $where .= ' AND lgr.id_request IN ({array_int:request_ids})';
                $where_parameters['request_ids'] = $_POST['groupr'];
                $context['group_requests'] = list_getGroupRequests(0, $modSettings['defaultMaxMessages'], 'lgr.id_request', $where, $where_parameters);
                createToken('mod-gr');
                // Let obExit etc sort things out.
                obExit();
            } else {
                // Get the details of all the members concerned...
                require_once SUBSDIR . '/Members.subs.php';
                $concerned = getConcernedMembers($_POST['groupr'], $where);
                // Cleanup old group requests..
                deleteGroupRequests($_POST['groupr']);
                // Ensure everyone who is online gets their changes right away.
                updateSettings(array('settings_updated' => time()));
                if (!empty($concerned['email_details'])) {
                    require_once SUBSDIR . '/Mail.subs.php';
                    // They are being approved?
                    if ($_POST['req_action'] == 'approve') {
                        // Make the group changes.
                        foreach ($concerned['group_changes'] as $id => $groups) {
                            // Sanity check!
                            foreach ($groups['add'] as $key => $value) {
                                if ($value == 0 || trim($value) == '') {
                                    unset($groups['add'][$key]);
                                }
                            }
                            assignGroupsToMember($id, $groups['primary'], $groups['add']);
                        }
                        foreach ($concerned['email_details'] as $email) {
                            $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
                            $emaildata = loadEmailTemplate('mc_group_approve', $replacements, $email['language']);
                            sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
                        }
                    } else {
                        // Same as for approving, kind of.
                        foreach ($concerned['email_details'] as $email) {
                            $custom_reason = isset($_POST['groupreason']) && isset($_POST['groupreason'][$email['rid']]) ? $_POST['groupreason'][$email['rid']] : '';
                            $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
                            if (!empty($custom_reason)) {
                                $replacements['REASON'] = $custom_reason;
                            }
                            $emaildata = loadEmailTemplate(empty($custom_reason) ? 'mc_group_reject' : 'mc_group_reject_reason', $replacements, $email['language']);
                            sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
                        }
                    }
                }
                // Restore the current language.
                loadLanguage('ModerationCenter');
            }
        }
        // We're going to want this for making our list.
        require_once SUBSDIR . '/GenericList.class.php';
        require_once SUBSDIR . '/Membergroups.subs.php';
        // This is all the information required for a group listing.
        $listOptions = array('id' => 'group_request_list', 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_groupr_none_found'], 'base_href' => $scripturl . '?action=groups;sa=requests', 'default_sort_col' => 'member', 'get_items' => array('function' => 'list_getGroupRequests', 'params' => array($where, $where_parameters)), 'get_count' => array('function' => 'list_getGroupRequestCount', 'params' => array($where, $where_parameters)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_groupr_member']), 'data' => array('db' => 'member_link'), 'sort' => array('default' => 'mem.member_name', 'reverse' => 'mem.member_name DESC')), 'group' => array('header' => array('value' => $txt['mc_groupr_group']), 'data' => array('db' => 'group_link'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'reason' => array('header' => array('value' => $txt['mc_groupr_reason']), 'data' => array('db' => 'reason')), 'date' => array('header' => array('value' => $txt['date'], 'style' => 'width: 18%; white-space:nowrap;'), 'data' => array('db' => 'time_submitted')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%;text-align: center;'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="groupr[]" value="%1$d" class="input_check" />', 'params' => array('id' => false)), 'class' => 'centertext'))), 'form' => array('href' => $scripturl . '?action=groups;sa=requests', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id']), 'token' => 'mod-gr'), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => '
						<select name="req_action" onchange="if (this.value != 0 &amp;&amp; (this.value == \'reason\' || confirm(\'' . $txt['mc_groupr_warning'] . '\'))) this.form.submit();">
							<option value="0">' . $txt['with_selected'] . ':</option>
							<option value="0" disabled="disabled">' . str_repeat('&#8212;', strlen($txt['mc_groupr_approve'])) . '</option>
							<option value="approve">' . (isBrowser('ie8') ? '&#187;' : '&#10148;') . '&nbsp;' . $txt['mc_groupr_approve'] . '</option>
							<option value="reject">' . (isBrowser('ie8') ? '&#187;' : '&#10148;') . '&nbsp;' . $txt['mc_groupr_reject'] . '</option>
							<option value="reason">' . (isBrowser('ie8') ? '&#187;' : '&#10148;') . '&nbsp;' . $txt['mc_groupr_reject_w_reason'] . '</option>
						</select>
						<input type="submit" name="go" value="' . $txt['go'] . '" onclick="var sel = document.getElementById(\'req_action\'); if (sel.value != 0 &amp;&amp; sel.value != \'reason\' &amp;&amp; !confirm(\'' . $txt['mc_groupr_warning'] . '\')) return false;" class="right_submit" />', 'class' => 'floatright')));
        // Create the request list.
        createToken('mod-gr');
        createList($listOptions);
        $context['default_list'] = 'group_request_list';
    }
Ejemplo n.º 6
0
/**
 * Generates a random password for a user and emails it to them.
 * - called by Profile.php when changing someone's username.
 * - checks the validity of the new username.
 * - generates and sets a new password for the given user.
 * - mails the new password to the email address of the user.
 * - if username is not set, only a new password is generated and sent.
 *
 * @param int $memID
 * @param string $username = null
 */
function resetPassword($memID, $username = null)
{
    global $scripturl, $context, $txt, $sourcedir, $modSettings, $smcFunc, $language;
    // Language... and a required file.
    loadLanguage('Login');
    require_once $sourcedir . '/Subs-Post.php';
    // Get some important details.
    $request = $smcFunc['db_query']('', '
		SELECT member_name, email_address, lngfile
		FROM {db_prefix}members
		WHERE id_member = {int:id_member}', array('id_member' => $memID));
    list($user, $email, $lngfile) = $smcFunc['db_fetch_row']($request);
    $smcFunc['db_free_result']($request);
    if ($username !== null) {
        $old_user = $user;
        $user = trim($username);
    }
    // Generate a random password.
    $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10);
    $newPassword_sha1 = sha1(strtolower($user) . $newPassword);
    // Do some checks on the username if needed.
    if ($username !== null) {
        validateUsername($memID, $user);
        // Update the database...
        updateMemberData($memID, array('member_name' => $user, 'passwd' => $newPassword_sha1));
    } else {
        updateMemberData($memID, array('passwd' => $newPassword_sha1));
    }
    call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword));
    $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword);
    $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile);
    // Send them the email informing them of the change - then we're done!
    sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
function AdminApprove()
{
    global $txt, $context, $scripturl, $modSettings, $sourcedir, $language, $user_info, $smcFunc;
    // First, check our session.
    checkSession();
    require_once $sourcedir . '/Subs-Post.php';
    // We also need to the login languages here - for emails.
    loadLanguage('Login');
    // Sort out where we are going...
    $browse_type = isset($_REQUEST['type']) ? $_REQUEST['type'] : (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 1 ? 'activate' : 'approve');
    $current_filter = (int) $_REQUEST['orig_filter'];
    // If we are applying a filter do just that - then redirect.
    if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter']) {
        redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']);
    }
    // Nothing to do?
    if (!isset($_POST['todoAction']) && !isset($_POST['time_passed'])) {
        redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
    }
    // Are we dealing with members who have been waiting for > set amount of time?
    if (isset($_POST['time_passed'])) {
        $timeBefore = time() - 86400 * (int) $_POST['time_passed'];
        $condition = '
			AND date_registered < {int:time_before}';
    } else {
        $members = array();
        foreach ($_POST['todoAction'] as $id) {
            $members[] = (int) $id;
        }
        $condition = '
			AND id_member IN ({array_int:members})';
    }
    // Get information on each of the members, things that are important to us, like email address...
    $request = $smcFunc['db_query']('', '
		SELECT id_member, member_name, real_name, email_address, validation_code, lngfile
		FROM {db_prefix}members
		WHERE is_activated = {int:activated_status}' . $condition . '
		ORDER BY lngfile', array('activated_status' => $current_filter, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members));
    $member_count = $smcFunc['db_num_rows']($request);
    // If no results then just return!
    if ($member_count == 0) {
        redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
    }
    $member_info = array();
    $members = array();
    // Fill the info array.
    while ($row = $smcFunc['db_fetch_assoc']($request)) {
        $members[] = $row['id_member'];
        $member_info[] = array('id' => $row['id_member'], 'username' => $row['member_name'], 'name' => $row['real_name'], 'email' => $row['email_address'], 'language' => empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'], 'code' => $row['validation_code']);
    }
    $smcFunc['db_free_result']($request);
    // Are we activating or approving the members?
    if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail') {
        // Approve/activate this member.
        $smcFunc['db_query']('', '
			UPDATE {db_prefix}members
			SET validation_code = {string:blank_string}, is_activated = {int:is_activated}
			WHERE is_activated = {int:activated_status}' . $condition, array('is_activated' => 1, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members, 'activated_status' => $current_filter, 'blank_string' => ''));
        // Do we have to let the integration code know about the activations?
        if (!empty($modSettings['integrate_activate'])) {
            foreach ($member_info as $member) {
                call_integration_hook('integrate_activate', array($member['username']));
            }
        }
        // Check for email.
        if ($_POST['todo'] == 'okemail') {
            foreach ($member_info as $member) {
                $replacements = array('NAME' => $member['name'], 'USERNAME' => $member['username'], 'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder');
                $emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']);
                sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            }
        }
    } elseif ($_POST['todo'] == 'require_activation') {
        require_once $sourcedir . '/Subs-Members.php';
        // We have to do this for each member I'm afraid.
        foreach ($member_info as $member) {
            // Generate a random activation code.
            $validation_code = generateValidationCode();
            // Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;).
            $smcFunc['db_query']('', '
				UPDATE {db_prefix}members
				SET validation_code = {string:validation_code}, is_activated = {int:not_activated}
				WHERE is_activated = {int:activated_status}
					' . $condition . '
					AND id_member = {int:selected_member}', array('not_activated' => 0, 'activated_status' => $current_filter, 'selected_member' => $member['id'], 'validation_code' => $validation_code, 'time_before' => empty($timeBefore) ? 0 : $timeBefore, 'members' => empty($members) ? array() : $members));
            $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $validation_code);
            $emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']);
            sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
    } elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail') {
        require_once $sourcedir . '/Subs-Members.php';
        deleteMembers($members);
        // Send email telling them they aren't welcome?
        if ($_POST['todo'] == 'rejectemail') {
            foreach ($member_info as $member) {
                $replacements = array('USERNAME' => $member['name']);
                $emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']);
                sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
            }
        }
    } elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail') {
        require_once $sourcedir . '/Subs-Members.php';
        deleteMembers($members);
        // Send email telling them they aren't welcome?
        if ($_POST['todo'] == 'deleteemail') {
            foreach ($member_info as $member) {
                $replacements = array('USERNAME' => $member['name']);
                $emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']);
                sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
            }
        }
    } elseif ($_POST['todo'] == 'remind') {
        foreach ($member_info as $member) {
            $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $member['code']);
            $emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']);
            sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
        }
    }
    // Back to the user's language!
    if (isset($current_language) && $current_language != $user_info['language']) {
        loadLanguage('index');
        loadLanguage('ManageMembers');
    }
    // Log what we did?
    if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind'))) {
        $log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member';
        $log_inserts = array();
        foreach ($member_info as $member) {
            $log_inserts[] = array(time(), 3, $user_info['id'], $user_info['ip'], $log_action, 0, 0, 0, serialize(array('member' => $member['id'])));
        }
        $smcFunc['db_insert']('', '{db_prefix}log_actions', array('log_time' => 'int', 'id_log' => 'int', 'id_member' => 'int', 'ip' => 'string-16', 'action' => 'string', 'id_board' => 'int', 'id_topic' => 'int', 'id_msg' => 'int', 'extra' => 'string-65534'), $log_inserts, array('id_action'));
    }
    // Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers).
    if (in_array($current_filter, array(3, 4))) {
        updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > $member_count ? $modSettings['unapprovedMembers'] - $member_count : 0));
    }
    // Update the member's stats. (but, we know the member didn't change their name.)
    updateStats('member', false);
    // If they haven't been deleted, update the post group statistics on them...
    if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind'))) {
        updateStats('postgroups', $members);
    }
    redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
}
Ejemplo n.º 8
0
function RemindPick()
{
    global $context, $txt, $scripturl, $sourcedir, $user_info, $webmaster_email, $smcFunc, $language, $modSettings;
    checkSession();
    // Coming with a known ID?
    if (!empty($_REQUEST['uid'])) {
        $where = 'id_member = {int:id_member}';
        $where_params['id_member'] = (int) $_REQUEST['uid'];
    } elseif (isset($_POST['user']) && $_POST['user'] != '') {
        $where = 'member_name = {string:member_name}';
        $where_params['member_name'] = $_POST['user'];
        $where_params['email_address'] = $_POST['user'];
    }
    // You must enter a username/email address.
    if (empty($where)) {
        fatal_lang_error('username_no_exist', false);
    }
    // Find the user!
    $request = $smcFunc['db_query']('', '
		SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
		FROM {db_prefix}members
		WHERE ' . $where . '
		LIMIT 1', array_merge($where_params, array()));
    // Maybe email?
    if ($smcFunc['db_num_rows']($request) == 0 && empty($_REQUEST['uid'])) {
        $smcFunc['db_free_result']($request);
        $request = $smcFunc['db_query']('', '
			SELECT id_member, real_name, member_name, email_address, is_activated, validation_code, lngfile, openid_uri, secret_question
			FROM {db_prefix}members
			WHERE email_address = {string:email_address}
			LIMIT 1', array_merge($where_params, array()));
        if ($smcFunc['db_num_rows']($request) == 0) {
            fatal_lang_error('no_user_with_email', false);
        }
    }
    $row = $smcFunc['db_fetch_assoc']($request);
    $smcFunc['db_free_result']($request);
    $context['account_type'] = !empty($row['openid_uri']) ? 'openid' : 'password';
    // If the user isn't activated/approved, give them some feedback on what to do next.
    if ($row['is_activated'] != 1) {
        // Awaiting approval...
        if (trim($row['validation_code']) == '') {
            fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false);
        } else {
            fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false);
        }
    }
    // You can't get emailed if you have no email address.
    $row['email_address'] = trim($row['email_address']);
    if ($row['email_address'] == '') {
        fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.');
    }
    // If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
    if (empty($row['secret_question']) || isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email') {
        // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
        require_once $sourcedir . '/Subs-Members.php';
        $password = generateValidationCode();
        require_once $sourcedir . '/Subs-Post.php';
        $replacements = array('REALNAME' => $row['real_name'], 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $row['id_member'] . ';code=' . $password, 'IP' => $user_info['ip'], 'MEMBERNAME' => $row['member_name'], 'OPENID' => $row['openid_uri']);
        $emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        $context['description'] = $txt['reminder_' . (!empty($row['openid_uri']) ? 'openid_' : '') . 'sent'];
        // If they were using OpenID simply email them their OpenID identity.
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        if (empty($row['openid_uri'])) {
            // Set the password in the database.
            updateMemberData($row['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
        }
        // Set up the template.
        $context['sub_template'] = 'sent';
        // Dont really.
        return;
    } elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret') {
        return SecretAnswerInput();
    }
    // No we're here setup the context for template number 2!
    $context['sub_template'] = 'reminder_pick';
    $context['current_member'] = array('id' => $row['id_member'], 'name' => $row['member_name']);
}
Ejemplo n.º 9
0
 /**
  * This function handles the approval, rejection, activation or deletion of members.
  *
  * What it does:
  * - Called by ?action=admin;area=viewmembers;sa=approve.
  * - Requires the moderate_forum permission.
  * - Redirects to ?action=admin;area=viewmembers;sa=browse
  * with the same parameters as the calling page.
  */
 public function action_approve()
 {
     global $scripturl, $modSettings;
     // First, check our session.
     checkSession();
     require_once SUBSDIR . '/Mail.subs.php';
     require_once SUBSDIR . '/Members.subs.php';
     // We also need to the login languages here - for emails.
     loadLanguage('Login');
     // Start off clean
     $conditions = array();
     // Sort out where we are going...
     $current_filter = $conditions['activated_status'] = (int) $_REQUEST['orig_filter'];
     // If we are applying a filter do just that - then redirect.
     if (isset($_REQUEST['filter']) && $_REQUEST['filter'] != $_REQUEST['orig_filter']) {
         redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $_REQUEST['filter'] . ';start=' . $_REQUEST['start']);
     }
     // Nothing to do?
     if (!isset($_POST['todoAction']) && !isset($_POST['time_passed'])) {
         redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
     }
     // Are we dealing with members who have been waiting for > set amount of time?
     if (isset($_POST['time_passed'])) {
         $conditions['time_before'] = time() - 86400 * (int) $_POST['time_passed'];
     } else {
         $conditions['members'] = array();
         foreach ($_POST['todoAction'] as $id) {
             $conditions['members'][] = (int) $id;
         }
     }
     $data = retrieveMemberData($conditions);
     if ($data['member_count'] == 0) {
         redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
     }
     $member_info = $data['member_info'];
     $conditions['members'] = $data['members'];
     // Are we activating or approving the members?
     if ($_POST['todo'] == 'ok' || $_POST['todo'] == 'okemail') {
         // Approve / activate this member.
         approveMembers($conditions);
         // Check for email.
         if ($_POST['todo'] == 'okemail') {
             foreach ($member_info as $member) {
                 $replacements = array('NAME' => $member['name'], 'USERNAME' => $member['username'], 'PROFILELINK' => $scripturl . '?action=profile;u=' . $member['id'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder');
                 $emaildata = loadEmailTemplate('admin_approve_accept', $replacements, $member['language']);
                 sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
             }
         }
         // Update the menu action cache so its forced to refresh
         cache_put_data('num_menu_errors', null, 900);
     } elseif ($_POST['todo'] == 'require_activation') {
         require_once SUBSDIR . '/Auth.subs.php';
         // We have to do this for each member I'm afraid.
         foreach ($member_info as $member) {
             $conditions['selected_member'] = $member['id'];
             // Generate a random activation code.
             $conditions['validation_code'] = generateValidationCode();
             // Set these members for activation - I know this includes two id_member checks but it's safer than bodging $condition ;).
             enforceReactivation($conditions);
             $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $conditions['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $conditions['validation_code']);
             $emaildata = loadEmailTemplate('admin_approve_activation', $replacements, $member['language']);
             sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
         }
     } elseif ($_POST['todo'] == 'reject' || $_POST['todo'] == 'rejectemail') {
         deleteMembers($conditions['members']);
         // Send email telling them they aren't welcome?
         if ($_POST['todo'] == 'rejectemail') {
             foreach ($member_info as $member) {
                 $replacements = array('USERNAME' => $member['name']);
                 $emaildata = loadEmailTemplate('admin_approve_reject', $replacements, $member['language']);
                 sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
             }
         }
     } elseif ($_POST['todo'] == 'delete' || $_POST['todo'] == 'deleteemail') {
         deleteMembers($conditions['members']);
         // Send email telling them they aren't welcome?
         if ($_POST['todo'] == 'deleteemail') {
             foreach ($member_info as $member) {
                 $replacements = array('USERNAME' => $member['name']);
                 $emaildata = loadEmailTemplate('admin_approve_delete', $replacements, $member['language']);
                 sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
             }
         }
     } elseif ($_POST['todo'] == 'remind') {
         foreach ($member_info as $member) {
             $replacements = array('USERNAME' => $member['name'], 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $member['id'] . ';code=' . $member['code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $member['id'], 'ACTIVATIONCODE' => $member['code']);
             $emaildata = loadEmailTemplate('admin_approve_remind', $replacements, $member['language']);
             sendmail($member['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
         }
     }
     // Log what we did?
     if (!empty($modSettings['modlog_enabled']) && in_array($_POST['todo'], array('ok', 'okemail', 'require_activation', 'remind'))) {
         $log_action = $_POST['todo'] == 'remind' ? 'remind_member' : 'approve_member';
         foreach ($member_info as $member) {
             logAction($log_action, array('member' => $member['id']), 'admin');
         }
     }
     // Although updateStats *may* catch this, best to do it manually just in case (Doesn't always sort out unapprovedMembers).
     if (in_array($current_filter, array(3, 4))) {
         updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > $data['member_count'] ? $modSettings['unapprovedMembers'] - $data['member_count'] : 0));
     }
     // Update the member's stats. (but, we know the member didn't change their name.)
     updateStats('member', false);
     // If they haven't been deleted, update the post group statistics on them...
     if (!in_array($_POST['todo'], array('delete', 'deleteemail', 'reject', 'rejectemail', 'remind'))) {
         updateStats('postgroups', $conditions['members']);
     }
     redirectexit('action=admin;area=viewmembers;sa=browse;type=' . $_REQUEST['type'] . ';sort=' . $_REQUEST['sort'] . ';filter=' . $current_filter . ';start=' . $_REQUEST['start']);
 }
Ejemplo n.º 10
0
 /**
  * Pick a reminder type.
  * Accessed by sa=picktype
  */
 public function action_picktype()
 {
     global $context, $txt, $scripturl, $user_info, $webmaster_email, $language, $modSettings;
     checkSession();
     validateToken('remind');
     createToken('remind');
     require_once SUBSDIR . '/Auth.subs.php';
     // No where params just yet
     $where_params = array();
     // Coming with a known ID?
     if (!empty($_REQUEST['uid'])) {
         $where = 'id_member = {int:id_member}';
         $where_params['id_member'] = (int) $_REQUEST['uid'];
     } elseif (isset($_POST['user']) && $_POST['user'] != '') {
         $where = 'member_name = {string:member_name}';
         $where_params['member_name'] = $_POST['user'];
         $where_params['email_address'] = $_POST['user'];
     }
     // You must enter a username/email address.
     if (empty($where)) {
         fatal_lang_error('username_no_exist', false);
     }
     // Make sure we are not being slammed
     // Don't call this if you're coming from the "Choose a reminder type" page - otherwise you'll likely get an error
     if (!isset($_POST['reminder_type']) || !in_array($_POST['reminder_type'], array('email', 'secret'))) {
         spamProtection('remind');
     }
     $member = findUser($where, $where_params);
     $context['account_type'] = !empty($member['openid_uri']) ? 'openid' : 'password';
     // If the user isn't activated/approved, give them some feedback on what to do next.
     if ($member['is_activated'] != 1) {
         // Awaiting approval...
         if (trim($member['validation_code']) == '') {
             fatal_error($txt['registration_not_approved'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false);
         } else {
             fatal_error($txt['registration_not_activated'] . ' <a href="' . $scripturl . '?action=activate;user='******'user'] . '">' . $txt['here'] . '</a>.', false);
         }
     }
     // You can't get emailed if you have no email address.
     $member['email_address'] = trim($member['email_address']);
     if ($member['email_address'] == '') {
         fatal_error($txt['no_reminder_email'] . '<br />' . $txt['send_email'] . ' <a href="mailto:' . $webmaster_email . '">webmaster</a> ' . $txt['to_ask_password'] . '.');
     }
     // If they have no secret question then they can only get emailed the item, or they are requesting the email, send them an email.
     if (empty($member['secret_question']) || isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'email') {
         // Randomly generate a new password, with only alpha numeric characters that is a max length of 10 chars.
         $password = generateValidationCode();
         require_once SUBSDIR . '/Mail.subs.php';
         $replacements = array('REALNAME' => $member['real_name'], 'REMINDLINK' => $scripturl . '?action=reminder;sa=setpassword;u=' . $member['id_member'] . ';code=' . $password, 'IP' => $user_info['ip'], 'MEMBERNAME' => $member['member_name'], 'OPENID' => $member['openid_uri']);
         $emaildata = loadEmailTemplate('forgot_' . $context['account_type'], $replacements, empty($member['lngfile']) || empty($modSettings['userLanguage']) ? $language : $member['lngfile']);
         $context['description'] = $txt['reminder_' . (!empty($member['openid_uri']) ? 'openid_' : '') . 'sent'];
         // If they were using OpenID simply email them their OpenID identity.
         sendmail($member['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
         if (empty($member['openid_uri'])) {
             // Set the password in the database.
             updateMemberData($member['id_member'], array('validation_code' => substr(md5($password), 0, 10)));
         }
         // Set up the template.
         $context['sub_template'] = 'sent';
         // Dont really.
         return;
     } elseif (isset($_POST['reminder_type']) && $_POST['reminder_type'] == 'secret') {
         return secretAnswerInput();
     }
     // No we're here setup the context for template number 2!
     $context['sub_template'] = 'reminder_pick';
     $context['current_member'] = array('id' => $member['id_member'], 'name' => $member['member_name']);
 }
Ejemplo n.º 11
0
 /**
  * Send the emails.
  *
  * - Sends off emails to all the moderators.
  * - Sends to administrators and global moderators. (1 and 2)
  * - Called by action_reporttm(), and thus has the same permission and setting requirements as it does.
  * - Accessed through ?action=reporttm when posting.
  */
 public function action_reporttm2()
 {
     global $txt, $scripturl, $topic, $board, $user_info, $modSettings, $language, $context;
     // You must have the proper permissions!
     isAllowedTo('report_any');
     // Make sure they aren't spamming.
     spamProtection('reporttm');
     require_once SUBSDIR . '/Mail.subs.php';
     // No errors, yet.
     $report_errors = Error_Context::context('report', 1);
     // Check their session.
     if (checkSession('post', '', false) != '') {
         $report_errors->addError('session_timeout');
     }
     // Make sure we have a comment and it's clean.
     if (!isset($_POST['comment']) || Util::htmltrim($_POST['comment']) === '') {
         $report_errors->addError('no_comment');
     }
     $poster_comment = strtr(Util::htmlspecialchars($_POST['comment']), array("\r" => '', "\t" => ''));
     if (Util::strlen($poster_comment) > 254) {
         $report_errors->addError('post_too_long');
     }
     // Guests need to provide their address!
     if ($user_info['is_guest']) {
         require_once SUBSDIR . '/DataValidator.class.php';
         if (!Data_Validator::is_valid($_POST, array('email' => 'valid_email'), array('email' => 'trim'))) {
             empty($_POST['email']) ? $report_errors->addError('no_email') : $report_errors->addError('bad_email');
         }
         isBannedEmail($_POST['email'], 'cannot_post', sprintf($txt['you_are_post_banned'], $txt['guest_title']));
         $user_info['email'] = htmlspecialchars($_POST['email'], ENT_COMPAT, 'UTF-8');
     }
     // Could they get the right verification code?
     if ($user_info['is_guest'] && !empty($modSettings['guests_report_require_captcha'])) {
         require_once SUBSDIR . '/VerificationControls.class.php';
         $verificationOptions = array('id' => 'report');
         $context['require_verification'] = create_control_verification($verificationOptions, true);
         if (is_array($context['require_verification'])) {
             foreach ($context['require_verification'] as $error) {
                 $report_errors->addError($error, 0);
             }
         }
     }
     // Any errors?
     if ($report_errors->hasErrors()) {
         return $this->action_reporttm();
     }
     // Get the basic topic information, and make sure they can see it.
     $msg_id = (int) $_POST['msg'];
     $message = posterDetails($msg_id, $topic);
     if (empty($message)) {
         fatal_lang_error('no_board', false);
     }
     $poster_name = un_htmlspecialchars($message['real_name']) . ($message['real_name'] != $message['poster_name'] ? ' (' . $message['poster_name'] . ')' : '');
     $reporterName = un_htmlspecialchars($user_info['name']) . ($user_info['name'] != $user_info['username'] && $user_info['username'] != '' ? ' (' . $user_info['username'] . ')' : '');
     $subject = un_htmlspecialchars($message['subject']);
     // Get a list of members with the moderate_board permission.
     require_once SUBSDIR . '/Members.subs.php';
     $moderators = membersAllowedTo('moderate_board', $board);
     $result = getBasicMemberData($moderators, array('preferences' => true, 'sort' => 'lngfile'));
     $mod_to_notify = array();
     foreach ($result as $row) {
         if ($row['notify_types'] != 4) {
             $mod_to_notify[] = $row;
         }
     }
     // Check that moderators do exist!
     if (empty($mod_to_notify)) {
         fatal_lang_error('no_mods', false);
     }
     // If we get here, I believe we should make a record of this, for historical significance, yabber.
     if (empty($modSettings['disable_log_report'])) {
         require_once SUBSDIR . '/Messages.subs.php';
         $id_report = recordReport($message, $poster_comment);
         // If we're just going to ignore these, then who gives a monkeys...
         if ($id_report === false) {
             redirectexit('topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
         }
     }
     // Find out who the real moderators are - for mod preferences.
     require_once SUBSDIR . '/Boards.subs.php';
     $real_mods = getBoardModerators($board, true);
     // Send every moderator an email.
     foreach ($mod_to_notify as $row) {
         // Maybe they don't want to know?!
         if (!empty($row['mod_prefs'])) {
             list(, , $pref_binary) = explode('|', $row['mod_prefs']);
             if (!($pref_binary & 1) && (!($pref_binary & 2) || !in_array($row['id_member'], $real_mods))) {
                 continue;
             }
         }
         $replacements = array('TOPICSUBJECT' => $subject, 'POSTERNAME' => $poster_name, 'REPORTERNAME' => $reporterName, 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id, 'REPORTLINK' => !empty($id_report) ? $scripturl . '?action=moderate;area=reports;report=' . $id_report : '', 'COMMENT' => $_POST['comment']);
         $emaildata = loadEmailTemplate('report_to_moderator', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
         // Send it to the moderator.
         sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], $user_info['email'], null, false, 2);
     }
     // Keep track of when the mod reports get updated, that way we know when we need to look again.
     updateSettings(array('last_mod_report_action' => time()));
     // Back to the post we reported!
     redirectexit('reportsent;topic=' . $topic . '.msg' . $msg_id . '#msg' . $msg_id);
 }
Ejemplo n.º 12
0
 /**
  * Send the announcement in chunks.
  *
  * splits the members to be sent a topic announcement into chunks.
  * composes notification messages in all languages needed.
  * does the actual sending of the topic announcements in chunks.
  * calculates a rough estimate of the percentage items sent.
  * Accessed by action=announce;sa=send
  * @uses announcement template announcement_send sub template
  */
 public function action_send()
 {
     global $topic, $board, $board_info, $context, $modSettings, $language, $scripturl;
     checkSession();
     $context['start'] = empty($_REQUEST['start']) ? 0 : (int) $_REQUEST['start'];
     $groups = array_merge($board_info['groups'], array(1));
     $who = array();
     // Load any supplied membergroups (from announcement_send template pause loop)
     if (isset($_POST['membergroups'])) {
         $_POST['who'] = explode(',', $_POST['membergroups']);
     }
     // Check that at least one membergroup was selected (set from announce sub template)
     if (empty($_POST['who'])) {
         fatal_lang_error('no_membergroup_selected');
     }
     // Make sure all membergroups are integers and can access the board of the announcement.
     foreach ($_POST['who'] as $id => $mg) {
         $who[$id] = in_array((int) $mg, $groups) ? (int) $mg : 0;
     }
     // Get the topic details that we are going to send
     require_once SUBSDIR . '/Topic.subs.php';
     $topic_info = getTopicInfo($topic, 'message');
     // Prepare a plain text (markdown) body for email use, does the censoring as well
     require_once SUBSDIR . '/Emailpost.subs.php';
     pbe_prepare_text($topic_info['body'], $topic_info['subject']);
     // We need this in order to be able send emails.
     require_once SUBSDIR . '/Mail.subs.php';
     require_once SUBSDIR . '/Members.subs.php';
     // Select the email addresses for this batch.
     $conditions = array('activated_status' => 1, 'member_greater' => $context['start'], 'group_list' => $who, 'order_by' => 'id_member', 'limit' => empty($modSettings['mail_queue']) ? 25 : 500);
     // Have we allowed members to opt out of announcements?
     if (!empty($modSettings['allow_disableAnnounce'])) {
         $conditions['notify_announcements'] = 1;
     }
     $data = retrieveMemberData($conditions);
     // All members have received a mail. Go to the next screen.
     if (empty($data) || $data['member_count'] === 0) {
         logAction('announce_topic', array('topic' => $topic), 'user');
         if (!empty($_REQUEST['move']) && allowedTo('move_any')) {
             redirectexit('action=movetopic;topic=' . $topic . '.0' . (empty($_REQUEST['goback']) ? '' : ';goback'));
         } elseif (!empty($_REQUEST['goback'])) {
             redirectexit('topic=' . $topic . '.new;boardseen#new', isBrowser('ie'));
         } else {
             redirectexit('board=' . $board . '.0');
         }
     }
     // Loop through all members that'll receive an announcement in this batch.
     $announcements = array();
     foreach ($data['member_info'] as $row) {
         $cur_language = empty($row['language']) || empty($modSettings['userLanguage']) ? $language : $row['language'];
         // If the language wasn't defined yet, load it and compose a notification message.
         if (!isset($announcements[$cur_language])) {
             $replacements = array('TOPICSUBJECT' => $topic_info['subject'], 'MESSAGE' => $topic_info['body'], 'TOPICLINK' => $scripturl . '?topic=' . $topic . '.0');
             $emaildata = loadEmailTemplate('new_announcement', $replacements, $cur_language);
             $announcements[$cur_language] = array('subject' => $emaildata['subject'], 'body' => $emaildata['body'], 'recipients' => array());
         }
         $announcements[$cur_language]['recipients'][$row['id']] = $row['email'];
         $context['start'] = $row['id'];
     }
     // For each language send a different mail - low priority...
     foreach ($announcements as $lang => $mail) {
         sendmail($mail['recipients'], $mail['subject'], $mail['body'], null, null, false, 5);
     }
     // Provide an overall indication of progress, this is not strictly correct
     if ($data['member_count'] < $conditions['limit']) {
         $context['percentage_done'] = 100;
     } else {
         $context['percentage_done'] = round(100 * $context['start'] / $modSettings['latestMember'], 1);
     }
     // Prepare for the template
     $context['move'] = empty($_REQUEST['move']) ? 0 : 1;
     $context['go_back'] = empty($_REQUEST['goback']) ? 0 : 1;
     $context['membergroups'] = implode(',', $who);
     $context['topic_subject'] = $topic_info['subject'];
     $context['sub_template'] = 'announcement_send';
     // Go back to the correct language for the user ;)
     if (!empty($modSettings['userLanguage'])) {
         loadLanguage('Post');
     }
 }
Ejemplo n.º 13
0
/**
 * Generates a random password for a user and emails it to them.
 *
 * What it does:
 * - called by ProfileOptions controller when changing someone's username.
 * - checks the validity of the new username.
 * - generates and sets a new password for the given user.
 * - mails the new password to the email address of the user.
 * - if username is not set, only a new password is generated and sent.
 *
 * @package Authorization
 * @param int $memID
 * @param string|null $username = null
 */
function resetPassword($memID, $username = null)
{
    global $modSettings, $language, $user_info;
    // Language... and a required file.
    loadLanguage('Login');
    require_once SUBSDIR . '/Mail.subs.php';
    // Get some important details.
    require_once SUBSDIR . '/Members.subs.php';
    $result = getBasicMemberData($memID, array('preferences' => true));
    $user = $result['member_name'];
    $email = $result['email_address'];
    $lngfile = $result['lngfile'];
    if ($username !== null) {
        $old_user = $user;
        $user = trim($username);
    }
    // Generate a random password.
    require_once EXTDIR . '/PasswordHash.php';
    $t_hasher = new PasswordHash(8, false);
    $newPassword = substr(preg_replace('/\\W/', '', md5(mt_rand())), 0, 10);
    $newPassword_sha256 = hash('sha256', strtolower($user) . $newPassword);
    $db_hash = $t_hasher->HashPassword($newPassword_sha256);
    // Do some checks on the username if needed.
    if ($username !== null) {
        $errors = Error_Context::context('reset_pwd', 0);
        validateUsername($memID, $user, 'reset_pwd');
        // If there are "important" errors and you are not an admin: log the first error
        // Otherwise grab all of them and don't log anything
        $error_severity = $errors->hasErrors(1) && !$user_info['is_admin'] ? 1 : null;
        foreach ($errors->prepareErrors($error_severity) as $error) {
            fatal_error($error, $error_severity === null ? false : 'general');
        }
        // Update the database...
        updateMemberData($memID, array('member_name' => $user, 'passwd' => $db_hash));
    } else {
        updateMemberData($memID, array('passwd' => $db_hash));
    }
    call_integration_hook('integrate_reset_pass', array($old_user, $user, $newPassword));
    $replacements = array('USERNAME' => $user, 'PASSWORD' => $newPassword);
    $emaildata = loadEmailTemplate('change_password', $replacements, empty($lngfile) || empty($modSettings['userLanguage']) ? $language : $lngfile);
    // Send them the email informing them of the change - then we're done!
    sendmail($email, $emaildata['subject'], $emaildata['body'], null, null, false, 0);
}
Ejemplo n.º 14
0
/**
 * Registers a member to the forum.
 *
 * What it does:
 * - Allows two types of interface: 'guest' and 'admin'. The first
 * - includes hammering protection, the latter can perform the registration silently.
 * - The strings used in the options array are assumed to be escaped.
 * - Allows to perform several checks on the input, e.g. reserved names.
 * - The function will adjust member statistics.
 * - If an error is detected will fatal error on all errors unless return_errors is true.
 *
 * @package Members
 * @uses Auth.subs.php
 * @uses Mail.subs.php
 * @param mixed[] $regOptions
 * @param string $error_context
 * @return integer the ID of the newly created member
 */
function registerMember(&$regOptions, $error_context = 'register')
{
    global $scripturl, $txt, $modSettings, $user_info;
    $db = database();
    loadLanguage('Login');
    // We'll need some external functions.
    require_once SUBSDIR . '/Auth.subs.php';
    require_once SUBSDIR . '/Mail.subs.php';
    // Put any errors in here.
    $reg_errors = Error_Context::context($error_context, 0);
    // Registration from the admin center, let them sweat a little more.
    if ($regOptions['interface'] == 'admin') {
        is_not_guest();
        isAllowedTo('moderate_forum');
    } elseif ($regOptions['interface'] == 'guest') {
        // You cannot register twice...
        if (empty($user_info['is_guest'])) {
            redirectexit();
        }
        // Make sure they didn't just register with this session.
        if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
            fatal_lang_error('register_only_once', false);
        }
    }
    // What method of authorization are we going to use?
    if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
        if (!empty($regOptions['openid'])) {
            $regOptions['auth_method'] = 'openid';
        } else {
            $regOptions['auth_method'] = 'password';
        }
    }
    // Spaces and other odd characters are evil...
    $regOptions['username'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $regOptions['username']));
    // Valid emails only
    require_once SUBSDIR . '/DataValidator.class.php';
    if (!Data_Validator::is_valid($regOptions, array('email' => 'valid_email|required|max_length[255]'), array('email' => 'trim'))) {
        $reg_errors->addError('bad_email');
    }
    validateUsername(0, $regOptions['username'], $error_context, !empty($regOptions['check_reserved_name']));
    // Generate a validation code if it's supposed to be emailed.
    $validation_code = '';
    if ($regOptions['require'] == 'activation') {
        $validation_code = generateValidationCode();
    }
    // If you haven't put in a password generate one.
    if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
        mt_srand(time() + 1277);
        $regOptions['password'] = generateValidationCode();
        $regOptions['password_check'] = $regOptions['password'];
    } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
        $reg_errors->addError('passwords_dont_match');
    }
    // That's kind of easy to guess...
    if ($regOptions['password'] == '') {
        if ($regOptions['auth_method'] == 'password') {
            $reg_errors->addError('no_password');
        } else {
            $regOptions['password'] = sha1(mt_rand());
        }
    }
    // Now perform hard password validation as required.
    if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '') {
        $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
        // Password isn't legal?
        if ($passwordError != null) {
            $reg_errors->addError('profile_error_password_' . $passwordError);
        }
    }
    // You may not be allowed to register this email.
    if (!empty($regOptions['check_email_ban'])) {
        isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
    }
    // Check if the email address is in use.
    $request = $db->query('', '
		SELECT id_member
		FROM {db_prefix}members
		WHERE email_address = {string:email_address}
			OR email_address = {string:username}
		LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
    if ($db->num_rows($request) != 0) {
        $reg_errors->addError(array('email_in_use', array(htmlspecialchars($regOptions['email'], ENT_COMPAT, 'UTF-8'))));
    }
    $db->free_result($request);
    // Perhaps someone else wants to check this user
    call_integration_hook('integrate_register_check', array(&$regOptions, &$reg_errors));
    // If there's any errors left return them at once!
    if ($reg_errors->hasErrors()) {
        return false;
    }
    $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
    // Can't change reserved vars.
    if (isset($regOptions['theme_vars']) && count(array_intersect(array_keys($regOptions['theme_vars']), $reservedVars)) != 0) {
        fatal_lang_error('no_theme');
    }
    // New password hash
    require_once SUBSDIR . '/Auth.subs.php';
    // Some of these might be overwritten. (the lower ones that are in the arrays below.)
    $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => validateLoginPassword($regOptions['password'], '', $regOptions['username'], true), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => !empty($regOptions['time']) ? $regOptions['time'] : time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $regOptions['ip2'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'website_title' => '', 'website_url' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
    // Setup the activation status on this new account so it is correct - firstly is it an under age account?
    if ($regOptions['require'] == 'coppa') {
        $regOptions['register_vars']['is_activated'] = 5;
        // @todo This should be changed.  To what should be it be changed??
        $regOptions['register_vars']['validation_code'] = '';
    } elseif ($regOptions['require'] == 'nothing') {
        $regOptions['register_vars']['is_activated'] = 1;
    } elseif ($regOptions['require'] == 'activation') {
        $regOptions['register_vars']['is_activated'] = 0;
    } else {
        $regOptions['register_vars']['is_activated'] = 3;
    }
    if (isset($regOptions['memberGroup'])) {
        // Make sure the id_group will be valid, if this is an administator.
        $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
        // Check if this group is assignable.
        $unassignableGroups = array(-1, 3);
        $request = $db->query('', '
			SELECT id_group
			FROM {db_prefix}membergroups
			WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
				OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
        while ($row = $db->fetch_assoc($request)) {
            $unassignableGroups[] = $row['id_group'];
        }
        $db->free_result($request);
        if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
            $regOptions['register_vars']['id_group'] = 0;
        }
    }
    // Integrate optional member settings to be set.
    if (!empty($regOptions['extra_register_vars'])) {
        foreach ($regOptions['extra_register_vars'] as $var => $value) {
            $regOptions['register_vars'][$var] = $value;
        }
    }
    // Integrate optional user theme options to be set.
    $theme_vars = array();
    if (!empty($regOptions['theme_vars'])) {
        foreach ($regOptions['theme_vars'] as $var => $value) {
            $theme_vars[$var] = $value;
        }
    }
    // Right, now let's prepare for insertion.
    $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'personal_messages', 'unread_messages', 'notifications', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
    $knownFloats = array('time_offset');
    // Call an optional function to validate the users' input.
    call_integration_hook('integrate_register', array(&$regOptions, &$theme_vars, &$knownInts, &$knownFloats));
    $column_names = array();
    $values = array();
    foreach ($regOptions['register_vars'] as $var => $val) {
        $type = 'string';
        if (in_array($var, $knownInts)) {
            $type = 'int';
        } elseif (in_array($var, $knownFloats)) {
            $type = 'float';
        } elseif ($var == 'birthdate') {
            $type = 'date';
        }
        $column_names[$var] = $type;
        $values[$var] = $val;
    }
    // Register them into the database.
    $db->insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
    $memberID = $db->insert_id('{db_prefix}members', 'id_member');
    // Update the number of members and latest member's info - and pass the name, but remove the 's.
    if ($regOptions['register_vars']['is_activated'] == 1) {
        updateMemberStats($memberID, $regOptions['register_vars']['real_name']);
    } else {
        updateMemberStats();
    }
    // Theme variables too?
    if (!empty($theme_vars)) {
        $inserts = array();
        foreach ($theme_vars as $var => $val) {
            $inserts[] = array($memberID, $var, $val);
        }
        $db->insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
    }
    // If it's enabled, increase the registrations for today.
    trackStats(array('registers' => '+'));
    // Administrative registrations are a bit different...
    if ($regOptions['interface'] == 'admin') {
        if ($regOptions['require'] == 'activation') {
            $email_message = 'admin_register_activate';
        } elseif (!empty($regOptions['send_welcome_email'])) {
            $email_message = 'admin_register_immediate';
        }
        if (isset($email_message)) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            $emaildata = loadEmailTemplate($email_message, $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
    } else {
        // Can post straight away - welcome them to your fantastic community...
        if ($regOptions['require'] == 'nothing') {
            if (!empty($regOptions['send_welcome_email'])) {
                $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
                $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
                sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            }
            // Send admin their notification.
            require_once SUBSDIR . '/Notification.subs.php';
            sendAdminNotifications('standard', $memberID, $regOptions['username']);
        } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            if ($regOptions['require'] == 'activation') {
                $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            } else {
                $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
            }
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        } else {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
            // Admin gets informed here...
            require_once SUBSDIR . '/Notification.subs.php';
            sendAdminNotifications('approval', $memberID, $regOptions['username']);
        }
        // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
        $_SESSION['just_registered'] = 1;
    }
    // If they are for sure registered, let other people to know about it
    call_integration_hook('integrate_register_after', array($regOptions, $memberID));
    return $memberID;
}
Ejemplo n.º 15
0
function adminNotify($type, $memberID, $member_name = null, $actid = 0, $atype = 0)
{
    global $txt, $modSettings, $language, $scripturl, $user_info, $sourcedir;
    // If the setting isn't enabled then just exit.
    if (empty($modSettings['notify_new_registration'])) {
        return;
    }
    if ($member_name == null) {
        // Get the new user's name....
        $request = smf_db_query('
			SELECT real_name
			FROM {db_prefix}members
			WHERE id_member = {int:id_member}
			LIMIT 1', array('id_member' => $memberID));
        list($member_name) = mysql_fetch_row($request);
        mysql_free_result($request);
    }
    $toNotify = array();
    $groups = array();
    // All membergroups who can approve members.
    $request = smf_db_query('
		SELECT id_group
		FROM {db_prefix}permissions
		WHERE permission = {string:moderate_forum}
			AND add_deny = {int:add_deny}
			AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'moderate_forum' => 'moderate_forum'));
    while ($row = mysql_fetch_assoc($request)) {
        $groups[] = $row['id_group'];
    }
    mysql_free_result($request);
    // Add administrators too...
    $groups[] = 1;
    $groups = array_unique($groups);
    // Get a list of all members who have ability to approve accounts - these are the people who we inform.
    $request = smf_db_query('
		SELECT id_member, lngfile, email_address
		FROM {db_prefix}members
		WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0)
			AND notify_types != {int:notify_types}
		ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups)));
    $notify_users = array();
    while ($row = mysql_fetch_assoc($request)) {
        $replacements = array('USERNAME' => $member_name, 'PROFILELINK' => $scripturl . '?action=profile;u=' . $memberID);
        $emailtype = 'admin_notify';
        // If they need to be approved add more info...
        if ($type == 'approval') {
            $replacements['APPROVALLINK'] = $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve';
            $emailtype .= '_approval';
        }
        $emaildata = loadEmailTemplate($emailtype, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        // And do the actual sending...
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        $notify_users[] = $row['id_member'];
    }
    mysql_free_result($request);
    if ((int) $actid > 0 && $atype && $modSettings['astream_active'] && count($notify_users)) {
        require_once $sourcedir . '/lib/Subs-Activities.php';
        aStreamAddNotification($notify_users, $actid, $atype);
    }
    if (isset($current_language) && $current_language != $user_info['language']) {
        loadLanguage('Login');
    }
}
Ejemplo n.º 16
0
/**
 * Send the user a new activation email if they need to reactivate!
 */
function profileSendActivation()
{
    global $profile_vars, $txt, $context, $scripturl, $cookiename, $cur_profile, $language, $modSettings;
    require_once SUBSDIR . '/Mail.subs.php';
    // Shouldn't happen but just in case.
    if (empty($profile_vars['email_address'])) {
        return;
    }
    $replacements = array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'], 'ACTIVATIONCODE' => $profile_vars['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member']);
    // Send off the email.
    $emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']);
    sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
    // Log the user out.
    require_once SUBSDIR . '/Auth.subs.php';
    logOnline($context['id_member'], false);
    $_SESSION['log_time'] = 0;
    $_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
    if (isset($_COOKIE[$cookiename])) {
        $_COOKIE[$cookiename] = '';
    }
    loadUserSettings();
    $context['user']['is_logged'] = false;
    $context['user']['is_guest'] = true;
    // Send them to the done-with-registration-login screen.
    loadTemplate('Register');
    $context['page_title'] = $txt['profile'];
    $context['sub_template'] = 'after';
    $context['title'] = $txt['activate_changed_email_title'];
    $context['description'] = $txt['activate_changed_email_desc'];
    // We're gone!
    obExit();
}
Ejemplo n.º 17
0
function registerMember(&$regOptions, $return_errors = false)
{
    global $scripturl, $txt, $modSettings, $context, $sourcedir;
    global $user_info, $options, $settings, $smcFunc;
    loadLanguage('Login');
    // We'll need some external functions.
    require_once $sourcedir . '/lib/Subs-Auth.php';
    require_once $sourcedir . '/lib/Subs-Post.php';
    // Put any errors in here.
    $reg_errors = array();
    // Registration from the admin center, let them sweat a little more.
    if ($regOptions['interface'] == 'admin') {
        is_not_guest();
        isAllowedTo('moderate_forum');
    } elseif ($regOptions['interface'] == 'guest') {
        // You cannot register twice...
        if (empty($user_info['is_guest'])) {
            redirectexit();
        }
        // Make sure they didn't just register with this session.
        if (!empty($_SESSION['just_registered']) && empty($modSettings['disableRegisterCheck'])) {
            fatal_lang_error('register_only_once', false);
        }
    }
    // What method of authorization are we going to use?
    if (empty($regOptions['auth_method']) || !in_array($regOptions['auth_method'], array('password', 'openid'))) {
        if (!empty($regOptions['openid'])) {
            $regOptions['auth_method'] = 'openid';
        } else {
            $regOptions['auth_method'] = 'password';
        }
    }
    // No name?!  How can you register with no name?
    if (empty($regOptions['username'])) {
        $reg_errors[] = array('lang', 'need_username');
    }
    // Spaces and other odd characters are evil...
    $regOptions['username'] = preg_replace('~[\\t\\n\\r\\x0B\\0' . ($context['server']['complex_preg_chars'] ? '\\x{A0}' : " ") . ']+~u', ' ', $regOptions['username']);
    // Don't use too long a name.
    if (commonAPI::strlen($regOptions['username']) > 25) {
        $reg_errors[] = array('lang', 'error_long_name');
    }
    // Only these characters are permitted.
    if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false) {
        $reg_errors[] = array('lang', 'error_invalid_characters_username');
    }
    if (commonAPI::strtolower($regOptions['username']) === commonAPI::strtolower($txt['guest_title'])) {
        $reg_errors[] = array('lang', 'username_reserved', 'general', array($txt['guest_title']));
    }
    // !!! Separate the sprintf?
    if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\\-/][0-9A-Za-z=_\'+\\-/\\.]*@[\\w\\-]+(\\.[\\w\\-]+)*(\\.[\\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255) {
        $reg_errors[] = array('done', sprintf($txt['valid_email_needed'], commonAPI::htmlspecialchars($regOptions['username'])));
    }
    if (!empty($regOptions['check_reserved_name']) && isReservedName($regOptions['username'], 0, false)) {
        if ($regOptions['password'] == 'chocolate cake') {
            $reg_errors[] = array('done', 'Sorry, I don\'t take bribes... you\'ll need to come up with a different name.');
        }
        $reg_errors[] = array('done', '(' . htmlspecialchars($regOptions['username']) . ') ' . $txt['name_in_use']);
    }
    // Generate a validation code if it's supposed to be emailed.
    $validation_code = '';
    if ($regOptions['require'] == 'activation') {
        $validation_code = generateValidationCode();
    }
    // If you haven't put in a password generate one.
    if ($regOptions['interface'] == 'admin' && $regOptions['password'] == '' && $regOptions['auth_method'] == 'password') {
        mt_srand(time() + 1277);
        $regOptions['password'] = generateValidationCode();
        $regOptions['password_check'] = $regOptions['password'];
    } elseif ($regOptions['password'] != $regOptions['password_check'] && $regOptions['auth_method'] == 'password') {
        $reg_errors[] = array('lang', 'passwords_dont_match');
    }
    // That's kind of easy to guess...
    if ($regOptions['password'] == '') {
        if ($regOptions['auth_method'] == 'password') {
            $reg_errors[] = array('lang', 'no_password');
        } else {
            $regOptions['password'] = sha1(mt_rand());
        }
    }
    // Now perform hard password validation as required.
    if (!empty($regOptions['check_password_strength'])) {
        $passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));
        // Password isn't legal?
        if ($passwordError != null) {
            $reg_errors[] = array('lang', 'profile_error_password_' . $passwordError);
        }
    }
    // If they are using an OpenID that hasn't been verified yet error out.
    // !!! Change this so they can register without having to attempt a login first
    if ($regOptions['auth_method'] == 'openid' && (empty($_SESSION['openid']['verified']) || $_SESSION['openid']['openid_uri'] != $regOptions['openid'])) {
        $reg_errors[] = array('lang', 'openid_not_verified');
    }
    // You may not be allowed to register this email.
    if (!empty($regOptions['check_email_ban'])) {
        isBannedEmail($regOptions['email'], 'cannot_register', $txt['ban_register_prohibited']);
    }
    // Check if the email address is in use.
    $request = smf_db_query('
		SELECT id_member
		FROM {db_prefix}members
		WHERE email_address = {string:email_address}
			OR email_address = {string:username}
		LIMIT 1', array('email_address' => $regOptions['email'], 'username' => $regOptions['username']));
    // !!! Separate the sprintf?
    if (mysql_num_rows($request) != 0) {
        $reg_errors[] = array('lang', 'email_in_use', false, array(htmlspecialchars($regOptions['email'])));
    }
    mysql_free_result($request);
    // If we found any errors we need to do something about it right away!
    foreach ($reg_errors as $key => $error) {
        /* Note for each error:
        			0 = 'lang' if it's an index, 'done' if it's clear text.
        			1 = The text/index.
        			2 = Whether to log.
        			3 = sprintf data if necessary. */
        if ($error[0] == 'lang') {
            loadLanguage('Errors');
        }
        $message = $error[0] == 'lang' ? empty($error[3]) ? $txt[$error[1]] : vsprintf($txt[$error[1]], $error[3]) : $error[1];
        // What to do, what to do, what to do.
        if ($return_errors) {
            if (!empty($error[2])) {
                log_error($message, $error[2]);
            }
            $reg_errors[$key] = $message;
        } else {
            fatal_error($message, empty($error[2]) ? false : $error[2]);
        }
    }
    // If there's any errors left return them at once!
    if (!empty($reg_errors)) {
        return $reg_errors;
    }
    $reservedVars = array('actual_theme_url', 'actual_images_url', 'base_theme_dir', 'base_theme_url', 'default_images_url', 'default_theme_dir', 'default_theme_url', 'default_template', 'images_url', 'number_recent_posts', 'smiley_sets_default', 'theme_dir', 'theme_id', 'theme_layers', 'theme_templates', 'theme_url');
    // Can't change reserved vars.
    if (isset($regOptions['theme_vars']) && array_intersect($regOptions['theme_vars'], $reservedVars) != array()) {
        fatal_lang_error('no_theme');
    }
    // Some of these might be overwritten. (the lower ones that are in the arrays below.)
    $regOptions['register_vars'] = array('member_name' => $regOptions['username'], 'email_address' => $regOptions['email'], 'passwd' => sha1(strtolower($regOptions['username']) . $regOptions['password']), 'password_salt' => substr(md5(mt_rand()), 0, 4), 'posts' => 0, 'date_registered' => time(), 'member_ip' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $user_info['ip'], 'member_ip2' => $regOptions['interface'] == 'admin' ? '127.0.0.1' : $_SERVER['BAN_CHECK_IP'], 'validation_code' => $validation_code, 'real_name' => $regOptions['username'], 'personal_text' => $modSettings['default_personal_text'], 'pm_email_notify' => 1, 'id_theme' => 0, 'id_post_group' => 4, 'lngfile' => '', 'buddy_list' => '', 'pm_ignore_list' => '', 'message_labels' => '', 'location' => '', 'time_format' => '', 'signature' => '', 'avatar' => '', 'usertitle' => '', 'secret_question' => '', 'secret_answer' => '', 'additional_groups' => '', 'ignore_boards' => '', 'smiley_set' => '', 'openid_uri' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
    // Setup the activation status on this new account so it is correct - firstly is it an under age account?
    if ($regOptions['require'] == 'coppa') {
        $regOptions['register_vars']['is_activated'] = 5;
        // !!! This should be changed.  To what should be it be changed??
        $regOptions['register_vars']['validation_code'] = '';
    } elseif ($regOptions['require'] == 'nothing') {
        $regOptions['register_vars']['is_activated'] = 1;
    } elseif ($regOptions['require'] == 'activation') {
        $regOptions['register_vars']['is_activated'] = 0;
    } else {
        $regOptions['register_vars']['is_activated'] = 3;
    }
    if (isset($regOptions['memberGroup'])) {
        // Make sure the id_group will be valid, if this is an administator.
        $regOptions['register_vars']['id_group'] = $regOptions['memberGroup'] == 1 && !allowedTo('admin_forum') ? 0 : $regOptions['memberGroup'];
        // Check if this group is assignable.
        $unassignableGroups = array(-1, 3);
        $request = smf_db_query('
			SELECT id_group
			FROM {db_prefix}membergroups
			WHERE min_posts != {int:min_posts}' . (allowedTo('admin_forum') ? '' : '
				OR group_type = {int:is_protected}'), array('min_posts' => -1, 'is_protected' => 1));
        while ($row = mysql_fetch_assoc($request)) {
            $unassignableGroups[] = $row['id_group'];
        }
        mysql_free_result($request);
        if (in_array($regOptions['register_vars']['id_group'], $unassignableGroups)) {
            $regOptions['register_vars']['id_group'] = 0;
        }
    }
    // Integrate optional member settings to be set.
    if (!empty($regOptions['extra_register_vars'])) {
        foreach ($regOptions['extra_register_vars'] as $var => $value) {
            $regOptions['register_vars'][$var] = $value;
        }
    }
    // Integrate optional user theme options to be set.
    $theme_vars = array();
    if (!empty($regOptions['theme_vars'])) {
        foreach ($regOptions['theme_vars'] as $var => $value) {
            $theme_vars[$var] = $value;
        }
    }
    // Call an optional function to validate the users' input.
    HookAPI::callHook('integrate_register', array(&$regOptions, &$theme_vars));
    // Right, now let's prepare for insertion.
    $knownInts = array('date_registered', 'posts', 'id_group', 'last_login', 'instant_messages', 'unread_messages', 'new_pm', 'pm_prefs', 'gender', 'hide_email', 'show_online', 'pm_email_notify', 'karma_good', 'karma_bad', 'notify_announcements', 'notify_send_body', 'notify_regularity', 'notify_types', 'id_theme', 'is_activated', 'id_msg_last_visit', 'id_post_group', 'total_time_logged_in', 'warning');
    $knownFloats = array('time_offset');
    $column_names = array();
    $values = array();
    foreach ($regOptions['register_vars'] as $var => $val) {
        $type = 'string';
        if (in_array($var, $knownInts)) {
            $type = 'int';
        } elseif (in_array($var, $knownFloats)) {
            $type = 'float';
        } elseif ($var == 'birthdate') {
            $type = 'date';
        }
        $column_names[$var] = $type;
        $values[$var] = $val;
    }
    // Register them into the database.
    smf_db_insert('', '{db_prefix}members', $column_names, $values, array('id_member'));
    $memberID = smf_db_insert_id('{db_prefix}members', 'id_member');
    // Update the number of members and latest member's info - and pass the name, but remove the 's.
    if ($regOptions['register_vars']['is_activated'] == 1) {
        updateStats('member', $memberID, $regOptions['register_vars']['real_name']);
    } else {
        updateStats('member');
    }
    // Theme variables too?
    if (!empty($theme_vars)) {
        $inserts = array();
        foreach ($theme_vars as $var => $val) {
            $inserts[] = array($memberID, $var, $val);
        }
        smf_db_insert('insert', '{db_prefix}themes', array('id_member' => 'int', 'variable' => 'string-255', 'value' => 'string-65534'), $inserts, array('id_member', 'variable'));
    }
    // If it's enabled, increase the registrations for today.
    trackStats(array('registers' => '+'));
    // Administrative registrations are a bit different...
    if ($regOptions['interface'] == 'admin') {
        if ($regOptions['require'] == 'activation') {
            $email_message = 'admin_register_activate';
        } elseif (!empty($regOptions['send_welcome_email'])) {
            $email_message = 'admin_register_immediate';
        }
        if (isset($email_message)) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
            $emaildata = loadEmailTemplate($email_message, $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
        // All admins are finished here.
        return $memberID;
    }
    // Can post straight away - welcome them to your fantastic community...
    if ($regOptions['require'] == 'nothing') {
        if (!empty($regOptions['send_welcome_email'])) {
            $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
            $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'immediate', $replacements);
            sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        }
        // Send admin their notification.
        adminNotify('standard', $memberID, $regOptions['username']);
    } elseif ($regOptions['require'] == 'activation' || $regOptions['require'] == 'coppa') {
        $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
        if ($regOptions['require'] == 'activation') {
            $replacements += array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $memberID . ';code=' . $validation_code, 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $memberID, 'ACTIVATIONCODE' => $validation_code);
        } else {
            $replacements += array('COPPALINK' => $scripturl . '?action=coppa;u=' . $memberID);
        }
        $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . ($regOptions['require'] == 'activation' ? 'activate' : 'coppa'), $replacements);
        sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
    } else {
        $replacements = array('REALNAME' => $regOptions['register_vars']['real_name'], 'USERNAME' => $regOptions['username'], 'PASSWORD' => $regOptions['password'], 'FORGOTPASSWORDLINK' => $scripturl . '?action=reminder', 'OPENID' => !empty($regOptions['openid']) ? $regOptions['openid'] : '');
        $emaildata = loadEmailTemplate('register_' . ($regOptions['auth_method'] == 'openid' ? 'openid_' : '') . 'pending', $replacements);
        sendmail($regOptions['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
        // Admin gets informed here...
        adminNotify('approval', $memberID, $regOptions['username']);
    }
    // Okay, they're for sure registered... make sure the session is aware of this for security. (Just married :P!)
    $_SESSION['just_registered'] = 1;
    return $memberID;
}
Ejemplo n.º 18
0
function groupMembership2($profile_vars, $post_errors, $memID)
{
    global $user_info, $sourcedir, $context, $user_profile, $modSettings, $txt, $smcFunc, $scripturl, $language;
    // Let's be extra cautious...
    if (!$context['user']['is_owner'] || empty($modSettings['show_group_membership'])) {
        isAllowedTo('manage_membergroups');
    }
    if (!isset($_REQUEST['gid']) && !isset($_POST['primary'])) {
        fatal_lang_error('no_access', false);
    }
    checkSession(isset($_GET['gid']) ? 'get' : 'post');
    $old_profile =& $user_profile[$memID];
    $context['can_manage_membergroups'] = allowedTo('manage_membergroups');
    $context['can_manage_protected'] = allowedTo('admin_forum');
    // By default the new primary is the old one.
    $newPrimary = $old_profile['id_group'];
    $addGroups = array_flip(explode(',', $old_profile['additional_groups']));
    $canChangePrimary = $old_profile['id_group'] == 0 ? 1 : 0;
    $changeType = isset($_POST['primary']) ? 'primary' : (isset($_POST['req']) ? 'request' : 'free');
    // One way or another, we have a target group in mind...
    $group_id = isset($_REQUEST['gid']) ? (int) $_REQUEST['gid'] : (int) $_POST['primary'];
    $foundTarget = $changeType == 'primary' && $group_id == 0 ? true : false;
    // Sanity check!!
    if ($group_id == 1) {
        isAllowedTo('admin_forum');
    } else {
        $request = $smcFunc['db_query']('', '
			SELECT group_type
			FROM {db_prefix}membergroups
			WHERE id_group = {int:current_group}
			LIMIT {int:limit}', array('current_group' => $group_id, 'limit' => 1));
        list($is_protected) = $smcFunc['db_fetch_row']($request);
        $smcFunc['db_free_result']($request);
        if ($is_protected == 1) {
            isAllowedTo('admin_forum');
        }
    }
    // What ever we are doing, we need to determine if changing primary is possible!
    $request = $smcFunc['db_query']('', '
		SELECT id_group, group_type, hidden, group_name
		FROM {db_prefix}membergroups
		WHERE id_group IN ({int:group_list}, {int:current_group})', array('group_list' => $group_id, 'current_group' => $old_profile['id_group']));
    while ($row = $smcFunc['db_fetch_assoc']($request)) {
        // Is this the new group?
        if ($row['id_group'] == $group_id) {
            $foundTarget = true;
            $group_name = $row['group_name'];
            // Does the group type match what we're doing - are we trying to request a non-requestable group?
            if ($changeType == 'request' && $row['group_type'] != 2) {
                fatal_lang_error('no_access', false);
            } elseif ($changeType == 'free' && $row['group_type'] == 2 && $old_profile['id_group'] != $row['id_group'] && !isset($addGroups[$row['id_group']])) {
                fatal_lang_error('no_access', false);
            } elseif ($changeType == 'free' && $row['group_type'] != 3 && $row['group_type'] != 2) {
                fatal_lang_error('no_access', false);
            }
            // We can't change the primary group if this is hidden!
            if ($row['hidden'] == 2) {
                $canChangePrimary = false;
            }
        }
        // If this is their old primary, can we change it?
        if ($row['id_group'] == $old_profile['id_group'] && ($row['group_type'] > 1 || $context['can_manage_membergroups']) && $canChangePrimary !== false) {
            $canChangePrimary = 1;
        }
        // If we are not doing a force primary move, don't do it automatically if current primary is not 0.
        if ($changeType != 'primary' && $old_profile['id_group'] != 0) {
            $canChangePrimary = false;
        }
        // If this is the one we are acting on, can we even act?
        if (!$context['can_manage_protected'] && $row['group_type'] == 1 || !$context['can_manage_membergroups'] && $row['group_type'] == 0) {
            $canChangePrimary = false;
        }
    }
    $smcFunc['db_free_result']($request);
    // Didn't find the target?
    if (!$foundTarget) {
        fatal_lang_error('no_access', false);
    }
    // Final security check, don't allow users to promote themselves to admin.
    if ($context['can_manage_membergroups'] && !allowedTo('admin_forum')) {
        $request = $smcFunc['db_query']('', '
			SELECT COUNT(permission)
			FROM {db_prefix}permissions
			WHERE id_group = {int:selected_group}
				AND permission = {string:admin_forum}
				AND add_deny = {int:not_denied}', array('selected_group' => $group_id, 'not_denied' => 1, 'admin_forum' => 'admin_forum'));
        list($disallow) = $smcFunc['db_fetch_row']($request);
        $smcFunc['db_free_result']($request);
        if ($disallow) {
            isAllowedTo('admin_forum');
        }
    }
    // If we're requesting, add the note then return.
    if ($changeType == 'request') {
        $request = $smcFunc['db_query']('', '
			SELECT id_member
			FROM {db_prefix}log_group_requests
			WHERE id_member = {int:selected_member}
				AND id_group = {int:selected_group}', array('selected_member' => $memID, 'selected_group' => $group_id));
        if ($smcFunc['db_num_rows']($request) != 0) {
            fatal_lang_error('profile_error_already_requested_group');
        }
        $smcFunc['db_free_result']($request);
        // Log the request.
        $smcFunc['db_insert']('', '{db_prefix}log_group_requests', array('id_member' => 'int', 'id_group' => 'int', 'time_applied' => 'int', 'reason' => 'string-65534'), array($memID, $group_id, time(), $_POST['reason']), array('id_request'));
        // Send an email to all group moderators etc.
        require_once $sourcedir . '/Subs-Post.php';
        // Do we have any group moderators?
        $request = $smcFunc['db_query']('', '
			SELECT id_member
			FROM {db_prefix}group_moderators
			WHERE id_group = {int:selected_group}', array('selected_group' => $group_id));
        $moderators = array();
        while ($row = $smcFunc['db_fetch_assoc']($request)) {
            $moderators[] = $row['id_member'];
        }
        $smcFunc['db_free_result']($request);
        // Otherwise this is the backup!
        if (empty($moderators)) {
            require_once $sourcedir . '/Subs-Members.php';
            $moderators = membersAllowedTo('manage_membergroups');
        }
        if (!empty($moderators)) {
            $request = $smcFunc['db_query']('', '
				SELECT id_member, email_address, lngfile, member_name, mod_prefs
				FROM {db_prefix}members
				WHERE id_member IN ({array_int:moderator_list})
					AND notify_types != {int:no_notifications}
				ORDER BY lngfile', array('moderator_list' => $moderators, 'no_notifications' => 4));
            while ($row = $smcFunc['db_fetch_assoc']($request)) {
                // Check whether they are interested.
                if (!empty($row['mod_prefs'])) {
                    list(, , $pref_binary) = explode('|', $row['mod_prefs']);
                    if (!($pref_binary & 4)) {
                        continue;
                    }
                }
                $replacements = array('RECPNAME' => $row['member_name'], 'APPYNAME' => $old_profile['member_name'], 'GROUPNAME' => $group_name, 'REASON' => $_POST['reason'], 'MODLINK' => $scripturl . '?action=moderate;area=groups;sa=requests');
                $emaildata = loadEmailTemplate('request_membership', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
                sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
            }
            $smcFunc['db_free_result']($request);
        }
        return $changeType;
    } elseif ($changeType == 'free') {
        // Are we leaving?
        if ($old_profile['id_group'] == $group_id || isset($addGroups[$group_id])) {
            if ($old_profile['id_group'] == $group_id) {
                $newPrimary = 0;
            } else {
                unset($addGroups[$group_id]);
            }
        } else {
            // Can we change the primary, and do we want to?
            if ($canChangePrimary) {
                if ($old_profile['id_group'] != 0) {
                    $addGroups[$old_profile['id_group']] = -1;
                }
                $newPrimary = $group_id;
            } else {
                $addGroups[$group_id] = -1;
            }
        }
    } elseif ($canChangePrimary) {
        if ($old_profile['id_group'] != 0) {
            $addGroups[$old_profile['id_group']] = -1;
        }
        if (isset($addGroups[$group_id])) {
            unset($addGroups[$group_id]);
        }
        $newPrimary = $group_id;
    }
    // Finally, we can make the changes!
    foreach ($addGroups as $id => $dummy) {
        if (empty($id)) {
            unset($addGroups[$id]);
        }
    }
    $addGroups = implode(',', array_flip($addGroups));
    // Ensure that we don't cache permissions if the group is changing.
    if ($context['user']['is_owner']) {
        $_SESSION['mc']['time'] = 0;
    } else {
        updateSettings(array('settings_updated' => time()));
    }
    updateMemberData($memID, array('id_group' => $newPrimary, 'additional_groups' => $addGroups));
    return $changeType;
}
Ejemplo n.º 19
0
/**
 * This simple function gets a list of all administrators and sends them an email
 * to let them know a new member has joined.
 * Called by registerMember() function in subs/Members.subs.php.
 * Email is sent to all groups that have the moderate_forum permission.
 * The language set by each member is being used (if available).
 *
 * @param string $type types supported are 'approval', 'activation', and 'standard'.
 * @param int $memberID
 * @param string|null $member_name = null
 * @uses the Login language file.
 */
function sendAdminNotifications($type, $memberID, $member_name = null)
{
    global $modSettings, $language, $scripturl, $user_info;
    $db = database();
    // If the setting isn't enabled then just exit.
    if (empty($modSettings['notify_new_registration'])) {
        return;
    }
    // Needed to notify admins, or anyone
    require_once SUBSDIR . '/Mail.subs.php';
    if ($member_name == null) {
        require_once SUBSDIR . '/Members.subs.php';
        // Get the new user's name....
        $member_info = getBasicMemberData($memberID);
        $member_name = $member_info['real_name'];
    }
    $groups = array();
    // All membergroups who can approve members.
    $request = $db->query('', '
		SELECT id_group
		FROM {db_prefix}permissions
		WHERE permission = {string:moderate_forum}
			AND add_deny = {int:add_deny}
			AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'moderate_forum' => 'moderate_forum'));
    while ($row = $db->fetch_assoc($request)) {
        $groups[] = $row['id_group'];
    }
    $db->free_result($request);
    // Add administrators too...
    $groups[] = 1;
    $groups = array_unique($groups);
    // Get a list of all members who have ability to approve accounts - these are the people who we inform.
    $request = $db->query('', '
		SELECT id_member, lngfile, email_address
		FROM {db_prefix}members
		WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0)
			AND notify_types != {int:notify_types}
		ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups)));
    $current_language = $user_info['language'];
    while ($row = $db->fetch_assoc($request)) {
        $replacements = array('USERNAME' => $member_name, 'PROFILELINK' => $scripturl . '?action=profile;u=' . $memberID);
        $emailtype = 'admin_notify';
        // If they need to be approved add more info...
        if ($type == 'approval') {
            $replacements['APPROVALLINK'] = $scripturl . '?action=admin;area=viewmembers;sa=browse;type=approve';
            $emailtype .= '_approval';
        }
        $emaildata = loadEmailTemplate($emailtype, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        // And do the actual sending...
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
    }
    $db->free_result($request);
    if (isset($current_language) && $current_language != $user_info['language']) {
        loadLanguage('Login');
    }
}
/**
 * Sends a personal message from the specified person to the specified people
 * ($from defaults to the user)
 *
 * @package PersonalMessage
 * @param mixed[] $recipients - an array containing the arrays 'to' and 'bcc', both containing id_member's.
 * @param string $subject - should have no slashes and no html entities
 * @param string $message - should have no slashes and no html entities
 * @param bool $store_outbox
 * @param mixed[]|null $from - an array with the id, name, and username of the member.
 * @param int $pm_head - the ID of the chain being replied to - if any.
 * @return mixed[] an array with log entries telling how many recipients were successful and which recipients it failed to send to.
 */
function sendpm($recipients, $subject, $message, $store_outbox = true, $from = null, $pm_head = 0)
{
    global $scripturl, $txt, $user_info, $language, $modSettings, $webmaster_email;
    $db = database();
    // Make sure the PM language file is loaded, we might need something out of it.
    loadLanguage('PersonalMessage');
    // Needed for our email and post functions
    require_once SUBSDIR . '/Mail.subs.php';
    require_once SUBSDIR . '/Post.subs.php';
    // Initialize log array.
    $log = array('failed' => array(), 'sent' => array());
    if ($from === null) {
        $from = array('id' => $user_info['id'], 'name' => $user_info['name'], 'username' => $user_info['username']);
    } else {
        $user_info['name'] = $from['name'];
    }
    // This is the one that will go in their inbox.
    $htmlmessage = Util::htmlspecialchars($message, ENT_QUOTES, 'UTF-8', true);
    preparsecode($htmlmessage);
    $htmlsubject = strtr(Util::htmlspecialchars($subject), array("\r" => '', "\n" => '', "\t" => ''));
    if (Util::strlen($htmlsubject) > 100) {
        $htmlsubject = Util::substr($htmlsubject, 0, 100);
    }
    // Make sure is an array
    if (!is_array($recipients)) {
        $recipients = array($recipients);
    }
    // Integrated PMs
    call_integration_hook('integrate_personal_message', array(&$recipients, &$from, &$subject, &$message));
    // Get a list of usernames and convert them to IDs.
    $usernames = array();
    foreach ($recipients as $rec_type => $rec) {
        foreach ($rec as $id => $member) {
            if (!is_numeric($recipients[$rec_type][$id])) {
                $recipients[$rec_type][$id] = Util::strtolower(trim(preg_replace('/[<>&"\'=\\\\]/', '', $recipients[$rec_type][$id])));
                $usernames[$recipients[$rec_type][$id]] = 0;
            }
        }
    }
    if (!empty($usernames)) {
        $request = $db->query('pm_find_username', '
			SELECT
				id_member, member_name
			FROM {db_prefix}members
			WHERE ' . (defined('DB_CASE_SENSITIVE') ? 'LOWER(member_name)' : 'member_name') . ' IN ({array_string:usernames})', array('usernames' => array_keys($usernames)));
        while ($row = $db->fetch_assoc($request)) {
            if (isset($usernames[Util::strtolower($row['member_name'])])) {
                $usernames[Util::strtolower($row['member_name'])] = $row['id_member'];
            }
        }
        $db->free_result($request);
        // Replace the usernames with IDs. Drop usernames that couldn't be found.
        foreach ($recipients as $rec_type => $rec) {
            foreach ($rec as $id => $member) {
                if (is_numeric($recipients[$rec_type][$id])) {
                    continue;
                }
                if (!empty($usernames[$member])) {
                    $recipients[$rec_type][$id] = $usernames[$member];
                } else {
                    $log['failed'][$id] = sprintf($txt['pm_error_user_not_found'], $recipients[$rec_type][$id]);
                    unset($recipients[$rec_type][$id]);
                }
            }
        }
    }
    // Make sure there are no duplicate 'to' members.
    $recipients['to'] = array_unique($recipients['to']);
    // Only 'bcc' members that aren't already in 'to'.
    $recipients['bcc'] = array_diff(array_unique($recipients['bcc']), $recipients['to']);
    // Combine 'to' and 'bcc' recipients.
    $all_to = array_merge($recipients['to'], $recipients['bcc']);
    // Check no-one will want it deleted right away!
    $request = $db->query('', '
		SELECT
			id_member, criteria, is_or
		FROM {db_prefix}pm_rules
		WHERE id_member IN ({array_int:to_members})
			AND delete_pm = {int:delete_pm}', array('to_members' => $all_to, 'delete_pm' => 1));
    $deletes = array();
    // Check whether we have to apply anything...
    while ($row = $db->fetch_assoc($request)) {
        $criteria = unserialize($row['criteria']);
        // Note we don't check the buddy status, cause deletion from buddy = madness!
        $delete = false;
        foreach ($criteria as $criterium) {
            if ($criterium['t'] == 'mid' && $criterium['v'] == $from['id'] || $criterium['t'] == 'gid' && in_array($criterium['v'], $user_info['groups']) || $criterium['t'] == 'sub' && strpos($subject, $criterium['v']) !== false || $criterium['t'] == 'msg' && strpos($message, $criterium['v']) !== false) {
                $delete = true;
            } elseif (!$row['is_or']) {
                $delete = false;
                break;
            }
        }
        if ($delete) {
            $deletes[$row['id_member']] = 1;
        }
    }
    $db->free_result($request);
    // Load the membergrounp message limits.
    static $message_limit_cache = array();
    if (!allowedTo('moderate_forum') && empty($message_limit_cache)) {
        $request = $db->query('', '
			SELECT
				id_group, max_messages
			FROM {db_prefix}membergroups', array());
        while ($row = $db->fetch_assoc($request)) {
            $message_limit_cache[$row['id_group']] = $row['max_messages'];
        }
        $db->free_result($request);
    }
    // Load the groups that are allowed to read PMs.
    // @todo move into a separate function on $permission.
    $allowed_groups = array();
    $disallowed_groups = array();
    $request = $db->query('', '
		SELECT
			id_group, add_deny
		FROM {db_prefix}permissions
		WHERE permission = {string:read_permission}', array('read_permission' => 'pm_read'));
    while ($row = $db->fetch_assoc($request)) {
        if (empty($row['add_deny'])) {
            $disallowed_groups[] = $row['id_group'];
        } else {
            $allowed_groups[] = $row['id_group'];
        }
    }
    $db->free_result($request);
    if (empty($modSettings['permission_enable_deny'])) {
        $disallowed_groups = array();
    }
    $request = $db->query('', '
		SELECT
			member_name, real_name, id_member, email_address, lngfile,
			pm_email_notify, personal_messages,' . (allowedTo('moderate_forum') ? ' 0' : '
			(receive_from = {int:admins_only}' . (empty($modSettings['enable_buddylist']) ? '' : ' OR
			(receive_from = {int:buddies_only} AND FIND_IN_SET({string:from_id}, buddy_list) = 0) OR
			(receive_from = {int:not_on_ignore_list} AND FIND_IN_SET({string:from_id}, pm_ignore_list) != 0)') . ')') . ' AS ignored,
			FIND_IN_SET({string:from_id}, buddy_list) != 0 AS is_buddy, is_activated,
			additional_groups, id_group, id_post_group
		FROM {db_prefix}members
		WHERE id_member IN ({array_int:recipients})
		ORDER BY lngfile
		LIMIT {int:count_recipients}', array('not_on_ignore_list' => 1, 'buddies_only' => 2, 'admins_only' => 3, 'recipients' => $all_to, 'count_recipients' => count($all_to), 'from_id' => $from['id']));
    $notifications = array();
    while ($row = $db->fetch_assoc($request)) {
        // Don't do anything for members to be deleted!
        if (isset($deletes[$row['id_member']])) {
            continue;
        }
        // We need to know this members groups.
        $groups = explode(',', $row['additional_groups']);
        $groups[] = $row['id_group'];
        $groups[] = $row['id_post_group'];
        $message_limit = -1;
        // For each group see whether they've gone over their limit - assuming they're not an admin.
        if (!in_array(1, $groups)) {
            foreach ($groups as $id) {
                if (isset($message_limit_cache[$id]) && $message_limit != 0 && $message_limit < $message_limit_cache[$id]) {
                    $message_limit = $message_limit_cache[$id];
                }
            }
            if ($message_limit > 0 && $message_limit <= $row['personal_messages']) {
                $log['failed'][$row['id_member']] = sprintf($txt['pm_error_data_limit_reached'], $row['real_name']);
                unset($all_to[array_search($row['id_member'], $all_to)]);
                continue;
            }
            // Do they have any of the allowed groups?
            if (count(array_intersect($allowed_groups, $groups)) == 0 || count(array_intersect($disallowed_groups, $groups)) != 0) {
                $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']);
                unset($all_to[array_search($row['id_member'], $all_to)]);
                continue;
            }
        }
        // Note that PostgreSQL can return a lowercase t/f for FIND_IN_SET
        if (!empty($row['ignored']) && $row['ignored'] != 'f' && $row['id_member'] != $from['id']) {
            $log['failed'][$row['id_member']] = sprintf($txt['pm_error_ignored_by_user'], $row['real_name']);
            unset($all_to[array_search($row['id_member'], $all_to)]);
            continue;
        }
        // If the receiving account is banned (>=10) or pending deletion (4), refuse to send the PM.
        if ($row['is_activated'] >= 10 || $row['is_activated'] == 4 && !$user_info['is_admin']) {
            $log['failed'][$row['id_member']] = sprintf($txt['pm_error_user_cannot_read'], $row['real_name']);
            unset($all_to[array_search($row['id_member'], $all_to)]);
            continue;
        }
        // Send a notification, if enabled - taking the buddy list into account.
        if (!empty($row['email_address']) && ($row['pm_email_notify'] == 1 || $row['pm_email_notify'] > 1 && (!empty($modSettings['enable_buddylist']) && $row['is_buddy'])) && $row['is_activated'] == 1) {
            $notifications[empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']][] = $row['email_address'];
        }
        $log['sent'][$row['id_member']] = sprintf(isset($txt['pm_successfully_sent']) ? $txt['pm_successfully_sent'] : '', $row['real_name']);
    }
    $db->free_result($request);
    // Only 'send' the message if there are any recipients left.
    if (empty($all_to)) {
        return $log;
    }
    // Track the pm count for our stats
    if (!empty($modSettings['trackStats'])) {
        trackStats(array('pm' => '+'));
    }
    // Insert the message itself and then grab the last insert id.
    $db->insert('', '{db_prefix}personal_messages', array('id_pm_head' => 'int', 'id_member_from' => 'int', 'deleted_by_sender' => 'int', 'from_name' => 'string-255', 'msgtime' => 'int', 'subject' => 'string-255', 'body' => 'string-65534'), array($pm_head, $from['id'], $store_outbox ? 0 : 1, $from['username'], time(), $htmlsubject, $htmlmessage), array('id_pm'));
    $id_pm = $db->insert_id('{db_prefix}personal_messages', 'id_pm');
    // Add the recipients.
    if (!empty($id_pm)) {
        // If this is new we need to set it part of it's own conversation.
        if (empty($pm_head)) {
            $db->query('', '
				UPDATE {db_prefix}personal_messages
				SET id_pm_head = {int:id_pm_head}
				WHERE id_pm = {int:id_pm_head}', array('id_pm_head' => $id_pm));
        }
        // Some people think manually deleting personal_messages is fun... it's not. We protect against it though :)
        $db->query('', '
			DELETE FROM {db_prefix}pm_recipients
			WHERE id_pm = {int:id_pm}', array('id_pm' => $id_pm));
        $insertRows = array();
        $to_list = array();
        foreach ($all_to as $to) {
            $insertRows[] = array($id_pm, $to, in_array($to, $recipients['bcc']) ? 1 : 0, isset($deletes[$to]) ? 1 : 0, 1);
            if (!in_array($to, $recipients['bcc'])) {
                $to_list[] = $to;
            }
        }
        $db->insert('insert', '{db_prefix}pm_recipients', array('id_pm' => 'int', 'id_member' => 'int', 'bcc' => 'int', 'deleted' => 'int', 'is_new' => 'int'), $insertRows, array('id_pm', 'id_member'));
    }
    $maillist = !empty($modSettings['maillist_enabled']) && !empty($modSettings['pbe_pm_enabled']);
    // If they have post by email enabled, override disallow_sendBody
    if (!$maillist && !empty($modSettings['disallow_sendBody'])) {
        $message = '';
        censorText($subject);
    } else {
        require_once SUBSDIR . '/Emailpost.subs.php';
        pbe_prepare_text($message, $subject);
    }
    $to_names = array();
    if (count($to_list) > 1) {
        require_once SUBSDIR . '/Members.subs.php';
        $result = getBasicMemberData($to_list);
        foreach ($result as $row) {
            $to_names[] = un_htmlspecialchars($row['real_name']);
        }
    }
    $replacements = array('SUBJECT' => $subject, 'MESSAGE' => $message, 'SENDER' => un_htmlspecialchars($from['name']), 'READLINK' => $scripturl . '?action=pm;pmsg=' . $id_pm . '#msg' . $id_pm, 'REPLYLINK' => $scripturl . '?action=pm;sa=send;f=inbox;pmsg=' . $id_pm . ';quote;u=' . $from['id'], 'TOLIST' => implode(', ', $to_names));
    // Select the right template
    $email_template = ($maillist && empty($modSettings['disallow_sendBody']) ? 'pbe_' : '') . 'new_pm' . (empty($modSettings['disallow_sendBody']) ? '_body' : '') . (!empty($to_names) ? '_tolist' : '');
    foreach ($notifications as $lang => $notification_list) {
        // Using maillist functionality
        if ($maillist) {
            $sender_details = query_sender_wrapper($from['id']);
            $from_wrapper = !empty($modSettings['maillist_mail_from']) ? $modSettings['maillist_mail_from'] : (empty($modSettings['maillist_sitename_address']) ? $webmaster_email : $modSettings['maillist_sitename_address']);
            // Add in the signature
            $replacements['SIGNATURE'] = $sender_details['signature'];
            // And off it goes, looking a bit more personal
            $mail = loadEmailTemplate($email_template, $replacements, $lang);
            $reference = !empty($pm_head) ? $pm_head : null;
            sendmail($notification_list, $mail['subject'], $mail['body'], $from['name'], 'p' . $id_pm, false, 2, null, true, $from_wrapper, $reference);
        } else {
            // Off the notification email goes!
            $mail = loadEmailTemplate($email_template, $replacements, $lang);
            sendmail($notification_list, $mail['subject'], $mail['body'], null, 'p' . $id_pm, false, 2, null, true);
        }
    }
    // Integrated After PMs
    call_integration_hook('integrate_personal_message_after', array(&$id_pm, &$log, &$recipients, &$from, &$subject, &$message));
    // Back to what we were on before!
    loadLanguage('index+PersonalMessage');
    // Add one to their unread and read message counts.
    foreach ($all_to as $k => $id) {
        if (isset($deletes[$id])) {
            unset($all_to[$k]);
        }
    }
    if (!empty($all_to)) {
        updateMemberData($all_to, array('personal_messages' => '+', 'unread_messages' => '+', 'new_pm' => 1));
    }
    return $log;
}
Ejemplo n.º 21
0
function scheduled_paid_subscriptions()
{
    global $txt, $sourcedir, $scripturl, $modSettings, $language;
    // Start off by checking for removed subscriptions.
    $request = smf_db_query('
		SELECT id_subscribe, id_member
		FROM {db_prefix}log_subscribed
		WHERE status = {int:is_active}
			AND end_time < {int:time_now}', array('is_active' => 1, 'time_now' => time()));
    while ($row = mysql_fetch_assoc($request)) {
        require_once $sourcedir . '/ManagePaid.php';
        removeSubscription($row['id_subscribe'], $row['id_member']);
    }
    mysql_free_result($request);
    // Get all those about to expire that have not had a reminder sent.
    $request = smf_db_query('
		SELECT ls.id_sublog, m.id_member, m.member_name, m.email_address, m.lngfile, s.name, ls.end_time
		FROM {db_prefix}log_subscribed AS ls
			INNER JOIN {db_prefix}subscriptions AS s ON (s.id_subscribe = ls.id_subscribe)
			INNER JOIN {db_prefix}members AS m ON (m.id_member = ls.id_member)
		WHERE ls.status = {int:is_active}
			AND ls.reminder_sent = {int:reminder_sent}
			AND s.reminder > {int:reminder_wanted}
			AND ls.end_time < ({int:time_now} + s.reminder * 86400)', array('is_active' => 1, 'reminder_sent' => 0, 'reminder_wanted' => 0, 'time_now' => time()));
    $subs_reminded = array();
    while ($row = mysql_fetch_assoc($request)) {
        // If this is the first one load the important bits.
        if (empty($subs_reminded)) {
            require_once $sourcedir . '/lib/Subs-Post.php';
            // Need the below for loadLanguage to work!
            loadEssentialThemeData();
        }
        $subs_reminded[] = $row['id_sublog'];
        $replacements = array('PROFILE_LINK' => $scripturl . '?action=profile;area=subscriptions;u=' . $row['id_member'], 'REALNAME' => $row['member_name'], 'SUBSCRIPTION' => $row['name'], 'END_DATE' => strip_tags(timeformat($row['end_time'])));
        $emaildata = loadEmailTemplate('paid_subscription_reminder', $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        // Send the actual email.
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
    }
    mysql_free_result($request);
    // Mark the reminder as sent.
    if (!empty($subs_reminded)) {
        smf_db_query('
			UPDATE {db_prefix}log_subscribed
			SET reminder_sent = {int:reminder_sent}
			WHERE id_sublog IN ({array_int:subscription_list})', array('subscription_list' => $subs_reminded, 'reminder_sent' => 1));
    }
    return true;
}
Ejemplo n.º 22
0
/**
 * Send all the administrators a lovely email.
 *
 * What it does:
 * - It loads all users who are admins or have the admin forum permission.
 * - It uses the email template and replacements passed in the parameters.
 * - It sends them an email.
 *
 * @package Admin
 * @param string $template
 * @param mixed[] $replacements
 * @param int[] $additional_recipients
 */
function emailAdmins($template, $replacements = array(), $additional_recipients = array())
{
    global $language, $modSettings;
    $db = database();
    // We certainly want this.
    require_once SUBSDIR . '/Mail.subs.php';
    // Load all groups which are effectively admins.
    $request = $db->query('', '
		SELECT id_group
		FROM {db_prefix}permissions
		WHERE permission = {string:admin_forum}
			AND add_deny = {int:add_deny}
			AND id_group != {int:id_group}', array('add_deny' => 1, 'id_group' => 0, 'admin_forum' => 'admin_forum'));
    $groups = array(1);
    while ($row = $db->fetch_assoc($request)) {
        $groups[] = $row['id_group'];
    }
    $db->free_result($request);
    $request = $db->query('', '
		SELECT id_member, member_name, real_name, lngfile, email_address
		FROM {db_prefix}members
		WHERE (id_group IN ({array_int:group_list}) OR FIND_IN_SET({raw:group_array_implode}, additional_groups) != 0)
			AND notify_types != {int:notify_types}
		ORDER BY lngfile', array('group_list' => $groups, 'notify_types' => 4, 'group_array_implode' => implode(', additional_groups) != 0 OR FIND_IN_SET(', $groups)));
    $emails_sent = array();
    while ($row = $db->fetch_assoc($request)) {
        // Stick their particulars in the replacement data.
        $replacements['IDMEMBER'] = $row['id_member'];
        $replacements['REALNAME'] = $row['member_name'];
        $replacements['USERNAME'] = $row['real_name'];
        // Load the data from the template.
        $emaildata = loadEmailTemplate($template, $replacements, empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile']);
        // Then send the actual email.
        sendmail($row['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
        // Track who we emailed so we don't do it twice.
        $emails_sent[] = $row['email_address'];
    }
    $db->free_result($request);
    // Any additional users we must email this to?
    if (!empty($additional_recipients)) {
        foreach ($additional_recipients as $recipient) {
            if (in_array($recipient['email'], $emails_sent)) {
                continue;
            }
            $replacements['IDMEMBER'] = $recipient['id'];
            $replacements['REALNAME'] = $recipient['name'];
            $replacements['USERNAME'] = $recipient['name'];
            // Load the template again.
            $emaildata = loadEmailTemplate($template, $replacements, empty($recipient['lang']) || empty($modSettings['userLanguage']) ? $language : $recipient['lang']);
            // Send off the email.
            sendmail($recipient['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 1);
        }
    }
}
Ejemplo n.º 23
0
function GroupRequests()
{
    global $txt, $context, $scripturl, $user_info, $sourcedir, $smcFunc, $modSettings, $language;
    // Set up the template stuff...
    $context['page_title'] = $txt['mc_group_requests'];
    $context['sub_template'] = 'show_list';
    // Verify we can be here.
    if ($user_info['mod_cache']['gq'] == '0=1') {
        isAllowedTo('manage_membergroups');
    }
    // Normally, we act normally...
    $where = $user_info['mod_cache']['gq'] == '1=1' || $user_info['mod_cache']['gq'] == '0=1' ? $user_info['mod_cache']['gq'] : 'lgr.' . $user_info['mod_cache']['gq'];
    $where_parameters = array();
    // We've submitted?
    if (isset($_POST[$context['session_var']]) && !empty($_POST['groupr']) && !empty($_POST['req_action'])) {
        checkSession('post');
        // Clean the values.
        foreach ($_POST['groupr'] as $k => $request) {
            $_POST['groupr'][$k] = (int) $request;
        }
        // If we are giving a reason (And why shouldn't we?), then we don't actually do much.
        if ($_POST['req_action'] == 'reason') {
            // Different sub template...
            $context['sub_template'] = 'group_request_reason';
            // And a limitation. We don't care that the page number bit makes no sense, as we don't need it!
            $where .= ' AND lgr.id_request IN ({array_int:request_ids})';
            $where_parameters['request_ids'] = $_POST['groupr'];
            $context['group_requests'] = list_getGroupRequests(0, $modSettings['defaultMaxMessages'], 'lgr.id_request', $where, $where_parameters);
            // Let obExit etc sort things out.
            obExit();
        } else {
            // Get the details of all the members concerned...
            $request = $smcFunc['db_query']('', '
				SELECT lgr.id_request, lgr.id_member, lgr.id_group, mem.email_address, mem.id_group AS primary_group,
					mem.additional_groups AS additional_groups, mem.lngfile, mem.member_name, mem.notify_types,
					mg.hidden, mg.group_name
				FROM {db_prefix}log_group_requests AS lgr
					INNER JOIN {db_prefix}members AS mem ON (mem.id_member = lgr.id_member)
					INNER JOIN {db_prefix}membergroups AS mg ON (mg.id_group = lgr.id_group)
				WHERE ' . $where . '
					AND lgr.id_request IN ({array_int:request_list})
				ORDER BY mem.lngfile', array('request_list' => $_POST['groupr']));
            $email_details = array();
            $group_changes = array();
            while ($row = $smcFunc['db_fetch_assoc']($request)) {
                $row['lngfile'] = empty($row['lngfile']) || empty($modSettings['userLanguage']) ? $language : $row['lngfile'];
                // If we are approving work out what their new group is.
                if ($_POST['req_action'] == 'approve') {
                    // For people with more than one request at once.
                    if (isset($group_changes[$row['id_member']])) {
                        $row['additional_groups'] = $group_changes[$row['id_member']]['add'];
                        $row['primary_group'] = $group_changes[$row['id_member']]['primary'];
                    } else {
                        $row['additional_groups'] = explode(',', $row['additional_groups']);
                    }
                    // Don't have it already?
                    if ($row['primary_group'] == $row['id_group'] || in_array($row['id_group'], $row['additional_groups'])) {
                        continue;
                    }
                    // Should it become their primary?
                    if ($row['primary_group'] == 0 && $row['hidden'] == 0) {
                        $row['primary_group'] = $row['id_group'];
                    } else {
                        $row['additional_groups'][] = $row['id_group'];
                    }
                    // Add them to the group master list.
                    $group_changes[$row['id_member']] = array('primary' => $row['primary_group'], 'add' => $row['additional_groups']);
                }
                // Add required information to email them.
                if ($row['notify_types'] != 4) {
                    $email_details[] = array('rid' => $row['id_request'], 'member_id' => $row['id_member'], 'member_name' => $row['member_name'], 'group_id' => $row['id_group'], 'group_name' => $row['group_name'], 'email' => $row['email_address'], 'language' => $row['lngfile']);
                }
            }
            $smcFunc['db_free_result']($request);
            // Remove the evidence...
            $smcFunc['db_query']('', '
				DELETE FROM {db_prefix}log_group_requests
				WHERE id_request IN ({array_int:request_list})', array('request_list' => $_POST['groupr']));
            // Ensure everyone who is online gets their changes right away.
            updateSettings(array('settings_updated' => time()));
            if (!empty($email_details)) {
                require_once $sourcedir . '/Subs-Post.php';
                // They are being approved?
                if ($_POST['req_action'] == 'approve') {
                    // Make the group changes.
                    foreach ($group_changes as $id => $groups) {
                        // Sanity check!
                        foreach ($groups['add'] as $key => $value) {
                            if ($value == 0 || trim($value) == '') {
                                unset($groups['add'][$key]);
                            }
                        }
                        $smcFunc['db_query']('', '
							UPDATE {db_prefix}members
							SET id_group = {int:primary_group}, additional_groups = {string:additional_groups}
							WHERE id_member = {int:selected_member}', array('primary_group' => $groups['primary'], 'selected_member' => $id, 'additional_groups' => implode(',', $groups['add'])));
                    }
                    $lastLng = $user_info['language'];
                    foreach ($email_details as $email) {
                        $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
                        $emaildata = loadEmailTemplate('mc_group_approve', $replacements, $email['language']);
                        sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
                    }
                } else {
                    // Same as for approving, kind of.
                    $lastLng = $user_info['language'];
                    foreach ($email_details as $email) {
                        $custom_reason = isset($_POST['groupreason']) && isset($_POST['groupreason'][$email['rid']]) ? $_POST['groupreason'][$email['rid']] : '';
                        $replacements = array('USERNAME' => $email['member_name'], 'GROUPNAME' => $email['group_name']);
                        if (!empty($custom_reason)) {
                            $replacements['REASON'] = $custom_reason;
                        }
                        $emaildata = loadEmailTemplate(empty($custom_reason) ? 'mc_group_reject' : 'mc_group_reject_reason', $replacements, $email['language']);
                        sendmail($email['email'], $emaildata['subject'], $emaildata['body'], null, null, false, 2);
                    }
                }
            }
            // Restore the current language.
            loadLanguage('ModerationCenter');
        }
    }
    // We're going to want this for making our list.
    require_once $sourcedir . '/Subs-List.php';
    // This is all the information required for a group listing.
    $listOptions = array('id' => 'group_request_list', 'title' => $txt['mc_group_requests'], 'width' => '100%', 'items_per_page' => $modSettings['defaultMaxMessages'], 'no_items_label' => $txt['mc_groupr_none_found'], 'base_href' => $scripturl . '?action=groups;sa=requests', 'default_sort_col' => 'member', 'get_items' => array('function' => 'list_getGroupRequests', 'params' => array($where, $where_parameters)), 'get_count' => array('function' => 'list_getGroupRequestCount', 'params' => array($where, $where_parameters)), 'columns' => array('member' => array('header' => array('value' => $txt['mc_groupr_member']), 'data' => array('db' => 'member_link'), 'sort' => array('default' => 'mem.member_name', 'reverse' => 'mem.member_name DESC')), 'group' => array('header' => array('value' => $txt['mc_groupr_group']), 'data' => array('db' => 'group_link'), 'sort' => array('default' => 'mg.group_name', 'reverse' => 'mg.group_name DESC')), 'reason' => array('header' => array('value' => $txt['mc_groupr_reason']), 'data' => array('db' => 'reason')), 'action' => array('header' => array('value' => '<input type="checkbox" class="input_check" onclick="invertAll(this, this.form);" />', 'style' => 'width: 4%;'), 'data' => array('sprintf' => array('format' => '<input type="checkbox" name="groupr[]" value="%1$d" class="input_check" />', 'params' => array('id' => false)), 'style' => 'text-align: center;'))), 'form' => array('href' => $scripturl . '?action=groups;sa=requests', 'include_sort' => true, 'include_start' => true, 'hidden_fields' => array($context['session_var'] => $context['session_id'])), 'additional_rows' => array(array('position' => 'bottom_of_list', 'value' => '
					<select name="req_action" onchange="if (this.value != 0 &amp;&amp; (this.value == \'reason\' || confirm(\'' . $txt['mc_groupr_warning'] . '\'))) this.form.submit();">
						<option value="0">' . $txt['with_selected'] . ':</option>
						<option value="0">---------------------</option>
						<option value="approve">' . $txt['mc_groupr_approve'] . '</option>
						<option value="reject">' . $txt['mc_groupr_reject'] . '</option>
						<option value="reason">' . $txt['mc_groupr_reject_w_reason'] . '</option>
					</select>
					<input type="submit" name="go" value="' . $txt['go'] . '" onclick="var sel = document.getElementById(\'req_action\'); if (sel.value != 0 &amp;&amp; sel.value != \'reason\' &amp;&amp; !confirm(\'' . $txt['mc_groupr_warning'] . '\')) return false;" class="button_submit" />', 'align' => 'right')));
    // Create the request list.
    createList($listOptions);
    $context['default_list'] = 'group_request_list';
}
Ejemplo n.º 24
0
function arcadeEvent($id_event, $data = array())
{
    global $smcFunc, $db_prefix, $scripturl, $txt, $user_info, $sourcedir, $modSettings, $language;
    if ($id_event == 'get' && empty($data)) {
        return arcadeGetEventTypes();
    } else {
        $event = arcadeGetEventTypes($id_event);
    }
    $replacements = array('ARCADE_SETTINGS_URL' => $scripturl . '?action=profile;area=arcadeSettings');
    $pms = array();
    $event['func']($event, $replacements, $pms, $data);
    if (empty($pms)) {
        return true;
    }
    require_once $sourcedir . '/Subs-Post.php';
    $request = $smcFunc['db_query']('', '
		SELECT mem.id_member, mem.email_address, mem.notify_regularity, mem.notify_send_body, mem.lngfile
		FROM {db_prefix}members AS mem
		WHERE mem.id_member IN({array_int:members})
		ORDER BY mem.lngfile', array('members' => array_keys($pms)));
    while ($rowmember = $smcFunc['db_fetch_assoc']($request)) {
        $replacements['USERID'] = $rowmember['id_member'];
        $replacements['PROFILE'] = $scripturl . '?action=profile;u=' . $rowmember['id_member'];
        $emailtype = 'notification_arcade_' . $pms[$rowmember['id_member']];
        loadLanguage('ArcadeEmail', empty($rowmember['lngfile']) || empty($modSettings['userLanguage']) ? $language : $rowmember['lngfile'], false);
        $emaildata = loadEmailTemplate($emailtype, $replacements, '', false);
        sendmail($rowmember['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 4);
        unset($notification);
    }
    return true;
}