public function analysis($Message, $Report = '', $Time = 43200)
{
global $Cache, $Document;
if (empty($Report)) {
$Report = $Message;
}
$Identifier = make_secret(5);
$Cache->cache_value('analysis_' . $Identifier, array('url' => $_SERVER['REQUEST_URI'], 'message' => $Report, 'errors' => $this->get_errors(true), 'queries' => $this->get_queries(), 'flags' => $this->get_flags(), 'includes' => $this->get_includes(), 'cache' => $this->get_cache_keys(), 'vars' => $this->get_logged_vars()), $Time);
send_irc('PRIVMSG ' . LAB_CHAN . ' :' . $Message . ' ' . $Document . ' ' . ' http://' . NONSSL_SITE_URL . '/tools.php?action=analysis&case=' . $Identifier . ' http://' . NONSSL_SITE_URL . $_SERVER['REQUEST_URI']);
}
$Enabled = '1';
} else {
$NewInstall = false;
$Class = USER;
$Enabled = '0';
}
$DB->query("INSERT INTO users_main
(Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded) VALUES
('".db_string(trim($_REQUEST['username']))."','".db_string($_REQUEST['email'])."','".db_string(make_hash($_REQUEST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000')");
$DB->query("SELECT ID FROM stylesheets WHERE `Default`='1'");
list($StyleID) = $DB->next_record();
$UserID = $DB->inserted_id();
$AuthKey = make_secret();
$DB->query("INSERT INTO users_info (UserID,StyleID,AuthKey, Inviter, JoinDate) VALUES ('$UserID','$StyleID','".db_string($AuthKey)."', '$InviterID', '".sqltime()."')");
$DB->query("INSERT INTO users_history_ips
(UserID, IP, StartTime) VALUES
('$UserID', '".db_string($_SERVER['REMOTE_ADDR'])."', '".sqltime()."')");
$DB->query("INSERT INTO users_history_emails
(UserID, Email, Time, IP) VALUES
('$UserID', '".db_string($_REQUEST['email'])."', '0000-00-00 00:00:00', '".db_string($_SERVER['REMOTE_ADDR'])."')");
if ($_REQUEST['email'] != $InviteEmail) {
function send_email($To,$Subject,$Body,$From='noreply',$ContentType='text/plain') {
$Headers='MIME-Version: 1.0'."\r\n";
$Headers.='Content-type: '.$ContentType.'; charset=iso-8859-1'."\r\n";
$Headers.='From: '.SITE_NAME.' <'.$From.'@'.NONSSL_SITE_URL.'>'."\r\n";
$Headers.='Reply-To: '.$From.'@'.NONSSL_SITE_URL."\r\n";
$Headers.='X-Mailer: Project Gazelle'."\r\n";
$Headers.='Message-Id: <'.make_secret().'@'.NONSSL_SITE_URL.">\r\n";
$Headers.='X-Priority: 3'."\r\n";
mail($To,$Subject,$Body,$Headers,"-f ".$From."@".NONSSL_SITE_URL);
}
send_email($HackedEmail, "Your " . SITE_NAME . " account.", "Your " . SITE_NAME . " account appears to have been compromised. As a security measure we have disabled your account. To resolve this please visit us on IRC.\n\nThis is the information to connect to our server:\nIRC Server: " . BOT_SERVER . "\nPort: " . BOT_PORT . " (6697 SSL)\n\nOnce you are connected to our server you'll need to join our disabled channel.\nType: /join " . BOT_DISABLED_CHAN . "\n\nPlease visit us soon so we can help you resolve this matter.");
}
if ($MergeStatsFrom && check_perms('users_edit_ratio')) {
$DB->query("SELECT ID, Uploaded, Downloaded FROM users_main WHERE Username LIKE '" . $MergeStatsFrom . "'");
if ($DB->record_count() > 0) {
list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record();
$DB->query("UPDATE users_main AS um JOIN users_info AS ui ON um.ID=ui.UserID SET um.Uploaded = 0, um.Downloaded = 0, ui.AdminComment = CONCAT('" . sqltime() . " - Stats merged into http://" . NONSSL_SITE_URL . "/user.php?id=" . $UserID . " (" . $Cur['Username'] . ") by " . $LoggedUser['Username'] . "\n\n', ui.AdminComment) WHERE ID = " . $MergeID);
$UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'";
$UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'";
$EditSummary[] = "stats merged from http://" . NONSSL_SITE_URL . "/user.php?id=" . $MergeID . " (" . $MergeStatsFrom . ")";
$Cache->delete_value('users_stats_' . $UserID);
$Cache->delete_value('users_stats_' . $MergeID);
}
}
if ($Pass && check_perms('users_edit_password')) {
$Secret = make_secret();
$UpdateSet[] = "Secret='{$Secret}'";
$UpdateSet[] = "PassHash='" . db_string(make_hash($Pass, $Secret)) . "'";
$EditSummary[] = 'password reset';
$Cache->delete_value('user_info_' . $UserID);
$Cache->delete_value('user_info_heavy_' . $UserID);
$Cache->delete_value('user_stats_' . $UserID);
$Cache->delete_value('enabled_' . $UserID);
$DB->query("SELECT SessionID FROM users_sessions WHERE UserID='{$UserID}'");
while (list($SessionID) = $DB->next_record()) {
$Cache->delete_value('session_' . $UserID . '_' . $SessionID);
}
$Cache->delete_value('users_sessions_' . $UserID);
$DB->query("DELETE FROM users_sessions WHERE UserID='{$UserID}'");
}
if (empty($UpdateSet) && empty($EditSummary)) {
$Attempts = 1;
$DB->query("INSERT INTO login_attempts \n\t\t\t\t(UserID,IP,LastAttempt,Attempts) VALUES \n\t\t\t\t('" . db_string($UserID) . "','" . db_string($_SERVER['REMOTE_ADDR']) . "','" . sqltime() . "',1)");
}
}
// end log_attempt function
// If user has submitted form
if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password'])) {
$Err = $Validate->ValidateForm($_POST);
if (!$Err) {
// Passes preliminary validation (username and password "look right")
$DB->query("SELECT\n\t\t\t\tID,\n\t\t\t\tPermissionID,\n\t\t\t\tCustomPermissions,\n\t\t\t\tPassHash,\n\t\t\t\tSecret,\n\t\t\t\tEnabled\n\t\t\t\tFROM users_main WHERE Username='******'username']) . "' \n\t\t\t\tAND Username<>''");
list($UserID, $PermissionID, $CustomPermissions, $PassHash, $Secret, $Enabled) = $DB->next_record(MYSQLI_NUM, array(2));
if (strtotime($BannedUntil) < time()) {
if ($UserID && $PassHash == make_hash($_POST['password'], $Secret)) {
if ($Enabled == 1) {
$SessionID = make_secret();
$Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID));
if (isset($_POST['keeplogged']) && $_POST['keeplogged']) {
$KeepLogged = 1;
setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', false);
} else {
$KeepLogged = 0;
setcookie('session', $Cookie, 0, '/', '', false);
}
//TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that
// Because we <3 our staff
$Permissions = get_permissions($PermissionID);
$CustomPermissions = unserialize($CustomPermissions);
if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) {
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
}
$Cache->commit_transaction(0);
$SQL = "UPDATE users_main AS m JOIN users_info AS i ON m.ID=i.UserID SET\n\ti.StyleID='" . db_string($_POST['stylesheet']) . "',\n\ti.StyleURL='" . db_string($_POST['styleurl']) . "',\n\ti.Avatar='" . db_string($_POST['avatar']) . "',\n\ti.SiteOptions='" . db_string(serialize($Options)) . "',\n\ti.Info='" . db_string($_POST['info']) . "',\n\ti.DownloadAlt='{$DownloadAlt}',\n\tm.Email='" . db_string($_POST['email']) . "',\n\tm.IRCKey='" . db_string($_POST['irckey']) . "',\n i.Country='" . $Country . "',\n\ti.Timezone='" . $Timezone . "',";
if (check_perms('anonymous')) {
$SQL .= "m.Anonymous='" . db_string($Anonymous) . "',";
}
$SQL .= "m.Paranoia='" . db_string(serialize($Paranoia)) . "'";
if ($ResetPassword) {
$ChangerIP = db_string($LoggedUser['IP']);
$Secret = make_secret();
$PassHash = make_hash($_POST['new_pass_1'], $Secret);
$SQL .= ",m.Secret='" . db_string($Secret) . "',m.PassHash='" . db_string($PassHash) . "'";
$DB->query("INSERT INTO users_history_passwords\n\t\t(UserID, ChangerIP, ChangeTime) VALUES\n\t\t('{$UserID}', '{$ChangerIP}', '" . sqltime() . "')");
}
if (isset($_POST['resetpasskey'])) {
$OldPassKey = db_string($LoggedUser['torrent_pass']);
$NewPassKey = db_string(make_secret());
$ChangerIP = db_string($LoggedUser['IP']);
$SQL .= ",m.torrent_pass='******'";
$DB->query("INSERT INTO users_history_passkeys\n\t\t\t(UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime) VALUES\n\t\t\t('{$UserID}', '{$OldPassKey}', '{$NewPassKey}', '{$ChangerIP}', '" . sqltime() . "')");
$Cache->begin_transaction('user_info_heavy_' . $UserID);
$Cache->update_row(false, array('torrent_pass' => $NewPassKey));
$Cache->commit_transaction(0);
$Cache->delete_value('user_' . $OldPassKey);
update_tracker('change_passkey', array('oldpasskey' => $OldPassKey, 'newpasskey' => $NewPassKey));
}
$SQL .= "WHERE m.ID='" . db_string($UserID) . "'";
$DB->query($SQL);
if ($ResetPassword) {
logout();
}
header('Location: user.php?action=edit&userid=' . $UserID);
if (!preg_match("/^" . EMAIL_REGEX . "\$/i", $CurEmail)) {
if (count($Emails) > 1) {
continue;
} else {
error('Invalid email.');
header('Location: user.php?action=invite');
die;
}
}
$DB->query("SELECT Expires FROM invites WHERE InviterID = " . $LoggedUser['ID'] . " AND Email LIKE '" . $CurEmail . "'");
if ($DB->record_count() > 0) {
error("You already have a pending invite to that address!");
header('Location: user.php?action=invite');
die;
}
$InviteKey = db_string(make_secret());
$Message = <<<EOT
The user {$Username} has invited you to join {$SiteName}, and has specified this address ({$CurEmail}) as your email address. If you do not know this person, please ignore this email, and do not reply.
Please note that selling invites, trading invites, and giving invites away publicly (eg. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.
To confirm your invite, click on the following link:
http://{$SiteURL}/register.php?invite={$InviteKey}
After you register, you will be able to use your account. Please take note that if you do not use this invite in the next 3 days, it will expire. We urge you to read the RULES and the wiki immediately after you join.
Thank you,
{$SiteName} Staff
EOT;
$DB->query("INSERT INTO invites\n\t\t(InviterID, InviteKey, Email, Expires) VALUES\n\t\t('{$LoggedUser['ID']}', '{$InviteKey}', '" . db_string($CurEmail) . "', '{$InviteExpires}')");
\*************************************************************************/
if($BiWeek != next_biweek() || $_GET['runbiweek']) {
echo "Ran bi-weekly functions\n";
//------------- Cycle auth keys -----------------------------------------//
$DB->query("UPDATE users_info
SET AuthKey =
MD5(
CONCAT(
AuthKey, RAND(), '".db_string(make_secret())."',
SHA1(
CONCAT(
RAND(), RAND(), '".db_string(make_secret())."'
)
)
)
);"
);
//------------- Give out invites! ---------------------------------------//
/*
Every month, on the 8th, each Power User gets one invite (max of 4).
Every month, on the 8th and the 22nd, each Elite User gets one invite (max of 4).
Every month, on the 8th and the 22nd, each TorrentMaster gets two invites (max of 8).
Then, every month, on the 8th and the 22nd, we give out bonus invites like this:
function doLogin($UserID, $KeepLogged = false)
{
global $DB, $Cache, $Enc, $Browser, $OperatingSystem;
$SessionID = make_secret();
$Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID));
if ($KeepLogged) {
setcookie('session', $Cookie, 0, '/', '', false);
} else {
setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', false);
}
$DB->query("INSERT INTO sessions\n (UserID, SessionID, KeepLogged, Browser, OperatingSystem, IP, LastUpdate)\n VALUES ('{$UserID}', '" . db_string($SessionID) . "', '{$KeepLogged}', '{$Browser}','{$OperatingSystem}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "')");
$Cache->begin_transaction('ptpimg_sessions_' . $UserID);
$Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime()));
$Cache->commit_transaction(0);
$DB->query("UPDATE users\n\t\t\t\tSET\n\t\t\t\tLastLogin='******',\n\t\t\t\tLastAccess='" . sqltime() . "'\n\t\t\t\tWHERE ID='" . db_string($UserID) . "'");
return true;
}
