function upgrade32_dbchanges()
{
global $db, $output;
// Unset old ACP cookies from front-end since they're not needed anymore
my_unsetcookie('adminsid');
my_unsetcookie('acploginattempts');
my_unsetcookie('acp_view');
my_unsetcookie('inlinemod_useracp');
$output->print_header("Updating Database");
echo "<p>Performing necessary upgrade queries...</p>";
flush();
if ($db->field_exists('candeletereputations', 'usergroups')) {
$db->drop_column("usergroups", "candeletereputations");
}
if ($db->field_exists('authsecret', 'adminoptions')) {
$db->drop_column("adminoptions", "authsecret");
}
if ($db->field_exists('recovery_codes', 'adminoptions')) {
$db->drop_column("adminoptions", "recovery_codes");
}
if ($db->field_exists('authenticated', 'adminsessions')) {
$db->drop_column("adminsessions", "authenticated");
}
switch ($db->type) {
case "pgsql":
$db->add_column("usergroups", "candeletereputations", "smallint NOT NULL default '0' AFTER cangivereputations");
$db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''");
$db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''");
$db->add_column("adminsessions", "authenticated", "smallint NOT NULL default '0'");
break;
case "sqlite":
$db->add_column("usergroups", "candeletereputations", "tinyint(1) NOT NULL default '0'");
$db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''");
$db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''");
$db->add_column("adminsessions", "authenticated", "tinyint(1) NOT NULL default '0'");
break;
default:
$db->add_column("usergroups", "candeletereputations", "tinyint(1) NOT NULL default '0' AFTER cangivereputations");
$db->add_column("adminoptions", "authsecret", "varchar(16) NOT NULL default ''");
$db->add_column("adminoptions", "recovery_codes", "varchar(177) NOT NULL default ''");
$db->add_column("adminsessions", "authenticated", "tinyint(1) NOT NULL default '0'");
break;
}
// Delete forumpermissions belonging to a deleted forum
$db->delete_query("forumpermissions", "fid NOT IN(SELECT fid FROM {$db->table_prefix}forums)");
$db->update_query("settings", array('optionscode' => 'select\\r\\n0=No CAPTCHA\\r\\n1=MyBB Default CAPTCHA\\r\\n2=reCAPTCHA\\r\\n3=Are You a Human\\r\\n4=NoCAPTCHA reCAPTCHA'), "name='captchaimage'");
$output->print_contents("<p>Click next to continue with the upgrade process.</p>");
$output->print_footer("32_done");
}
function logout_user_func()
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups, $forum_cache;
if (!$mybb->user['uid']) {
return xmlrespfalse('Already logged out');
}
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
$lastvisit = array("lastactive" => $time - 900, "lastvisit" => $time);
$db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'");
$db->delete_query("sessions", "sid='" . $session->sid . "'");
}
return xmlresptrue();
}
/**
* Marks all forums as read.
*
*/
function mark_all_forums_read()
{
global $mybb, $db, $cache;
// Can only do "true" tracking for registered users
if ($mybb->user['uid'] > 0) {
$db->update_query("users", array('lastvisit' => TIME_NOW), "uid='" . $mybb->user['uid'] . "'");
require_once MYBB_ROOT . "inc/functions_user.php";
update_pm_count('', 2);
if ($mybb->settings['threadreadcut'] > 0) {
// Need to loop through all forums and mark them as read
$forums = $cache->read('forums');
$update_count = ceil(count($forums) / 20);
if ($update_count < 15) {
$update_count = 15;
}
$mark_query = '';
$done = 0;
foreach (array_keys($forums) as $fid) {
switch ($db->type) {
case "pgsql":
case "sqlite":
$mark_query[] = array('fid' => $fid, 'uid' => $mybb->user['uid'], 'dateline' => TIME_NOW);
break;
default:
if ($mark_query != '') {
$mark_query .= ',';
}
$mark_query .= "('{$fid}', '{$mybb->user['uid']}', '" . TIME_NOW . "')";
}
++$done;
// Only do this in loops of $update_count, save query time
if ($done % $update_count) {
switch ($db->type) {
case "pgsql":
case "sqlite":
foreach ($mark_query as $replace_query) {
add_shutdown(array($db, "replace_query"), array("forumsread", $replace_query, array("fid", "uid")));
}
$mark_query = array();
break;
default:
$db->shutdown_query("\n\t\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "forumsread (fid, uid, dateline)\n\t\t\t\t\t\t\t\tVALUES {$mark_query}\n\t\t\t\t\t\t\t");
$mark_query = '';
}
}
}
if ($mark_query != '') {
switch ($db->type) {
case "pgsql":
case "sqlite":
foreach ($mark_query as $replace_query) {
add_shutdown(array($db, "replace_query"), array("forumsread", $replace_query, array("fid", "uid")));
}
break;
default:
$db->shutdown_query("\n\t\t\t\t\t\t\tREPLACE INTO " . TABLE_PREFIX . "forumsread (fid, uid, dateline)\n\t\t\t\t\t\t\tVALUES {$mark_query}\n\t\t\t\t\t\t");
}
}
}
} else {
my_setcookie("mybb[readallforums]", 1);
my_setcookie("mybb[lastvisit]", TIME_NOW);
my_unsetcookie("mybb[threadread]");
my_unsetcookie("mybb[forumread]");
}
}
} else {
$quoted_ids = explode("|", $mybb->get_input('quoted_ids'));
$multiquote = explode("|", $mybb->cookies['multiquote']);
if (is_array($multiquote) && is_array($quoted_ids)) {
foreach ($multiquote as $key => $quoteid) {
// If this ID was quoted, remove it from the multiquote list
if (in_array($quoteid, $quoted_ids)) {
unset($multiquote[$key]);
}
}
// Still have an array - set the new cookie
if (is_array($multiquote)) {
$new_multiquote = implode(",", $multiquote);
my_setcookie("multiquote", $new_multiquote);
} else {
my_unsetcookie("multiquote");
}
}
}
}
$plugins->run_hooks("newreply_do_newreply_end");
// This was a post made via the ajax quick reply - we need to do some special things here
if ($mybb->get_input('ajax', MyBB::INPUT_INT)) {
// Visible post
if ($visible == 1) {
// Set post counter
$postcounter = $thread['replies'] + 1;
if (is_moderator($fid, "canviewunapprove")) {
$postcounter += $thread['unapprovedposts'];
}
if (is_moderator($fid, "canviewdeleted")) {
function clearinline($id, $type)
{
my_unsetcookie("inlinemod_" . $type . $id);
my_unsetcookie("inlinemod_" . $type . $id . "_removed");
}
}
}
// After all of that no theme? Load the board default
if (empty($loadstyle)) {
$loadstyle = "def='1'";
}
// Fetch the theme to load from the cache
if ($loadstyle != "def='1'") {
$query = $db->simple_select('themes', 'name, tid, properties, stylesheets, allowedgroups', $loadstyle, array('limit' => 1));
$theme = $db->fetch_array($query);
if (isset($theme['tid']) && !$load_from_forum && !is_member($theme['allowedgroups']) && $theme['allowedgroups'] != 'all') {
if ($load_from_user == 1) {
$db->update_query('users', array('style' => 0), "style='{$mybb->user['style']}' AND uid='{$mybb->user['uid']}'");
}
if (isset($mybb->cookies['mybbtheme'])) {
my_unsetcookie('mybbtheme');
}
$loadstyle = "def='1'";
}
}
if ($loadstyle == "def='1'") {
if (!$cache->read('default_theme')) {
$cache->update_default_theme();
}
$theme = $cache->read('default_theme');
$load_from_forum = $load_from_user = 0;
}
// No theme was found - we attempt to load the master or any other theme
if (!isset($theme['tid']) || isset($theme['tid']) && !$theme['tid']) {
// Missing theme was from a forum, run a query to set any forums using the theme to the default
if ($load_from_forum == 1) {
$atom1check = "checked=\"checked\"";
$rss2check = '';
} else {
$atom1check = '';
$rss2check = "checked=\"checked\"";
}
$forumselect = makesyndicateforums();
$plugins->run_hooks("misc_syndication_end");
eval("\$syndication = \"" . $templates->get("misc_syndication") . "\";");
output_page($syndication);
} elseif ($mybb->input['action'] == "clearcookies") {
verify_post_check($mybb->get_input('my_post_key'));
$plugins->run_hooks("misc_clearcookies");
$remove_cookies = array('mybbuser', 'mybb[announcements]', 'mybb[lastvisit]', 'mybb[lastactive]', 'collapsed', 'mybb[forumread]', 'mybb[threadsread]', 'mybbadmin', 'mybblang', 'mybbtheme', 'multiquote', 'mybb[readallforums]', 'coppauser', 'coppadob', 'mybb[referrer]');
foreach ($remove_cookies as $name) {
my_unsetcookie($name);
}
redirect("index.php", $lang->redirect_cookiescleared);
}
/**
* Build a list of forums for RSS multiselect.
*
* @param int Parent forum ID.
* @param unknown_type deprecated
* @param boolean Whether to add selected attribute or not.
* @param string HTML for the depth of the forum.
* @return string HTML of the list of forums for CSS.
*/
function makesyndicateforums($pid = "0", $selitem = "", $addselect = "1", $depth = "")
{
global $db, $forumcache, $permissioncache, $mybb, $forumlist, $forumlistbits, $flist, $lang, $unexp, $templates;
function cookielaw_clear_cookies()
{
global $mybb, $session;
if (isset($mybb->cookies['mybb']['allow_cookies']) && $mybb->cookies['mybb']['allow_cookies'] == '0' && !defined('IN_ADMINCP')) {
$cookies = cookielaw_get_cookies(true);
foreach ($cookies as $cookie_name => $info) {
if ($cookie_name == 'mybb[allow_cookies]') {
continue;
}
my_unsetcookie($cookie_name);
}
foreach ($mybb->cookies as $key => $val) {
if (strpos($key, 'inlinemod_') !== false) {
my_unsetcookie($key);
}
}
unset($mybb->user);
unset($mybb->session);
$session->load_guest();
}
}
}
if ($mybb->input['action'] == "logout") {
$plugins->run_hooks("member_logout_start");
if (!$mybb->user['uid']) {
redirect("index.php", $lang->redirect_alreadyloggedout);
}
// Check session ID if we have one
if (isset($mybb->input['sid']) && $mybb->get_input('sid') != $session->sid) {
error($lang->error_notloggedout);
} else {
if (!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') != $mybb->user['logoutkey']) {
error($lang->error_notloggedout);
}
}
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
// Run this after the shutdown query from session system
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
$db->delete_query("sessions", "sid = '{$session->sid}'");
}
$plugins->run_hooks("member_logout_end");
redirect("index.php", $lang->redirect_loggedout);
}
if ($mybb->input['action'] == "viewnotes") {
$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
$user = get_user($uid);
// Make sure we are looking at a real user here.
if (!$user) {
error($lang->error_nomember);
$fpermfields = array('canview', 'canviewthreads', 'candlattachments', 'canpostthreads', 'canpostreplys', 'canpostattachments', 'canratethreads', 'caneditposts', 'candeleteposts', 'candeletethreads', 'caneditattachments', 'canpostpolls', 'canvotepolls', 'cansearch', 'modposts', 'modthreads', 'modattachments', 'mod_edit_posts');
// Include the installation resources
require_once INSTALL_ROOT . "resources/output.php";
$output = new installerOutput();
$output->script = "upgrade.php";
$output->title = "MyBB Upgrade Wizard";
if (file_exists("lock")) {
$output->print_error($lang->locked);
} else {
$mybb->input['action'] = $mybb->get_input('action');
if ($mybb->input['action'] == "logout" && $mybb->user['uid']) {
// Check session ID if we have one
if ($mybb->get_input('logoutkey') != $mybb->user['logoutkey']) {
$output->print_error("Your user ID could not be verified to log you out. This may have been because a malicious Javascript was attempting to log you out automatically. If you intended to log out, please click the Log Out button at the top menu.");
}
my_unsetcookie("mybbuser");
if ($mybb->user['uid']) {
$time = TIME_NOW;
$lastvisit = array("lastactive" => $time - 900, "lastvisit" => $time);
$db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'");
}
header("Location: upgrade.php");
} else {
if ($mybb->input['action'] == "do_login" && $mybb->request_method == "post") {
require_once MYBB_ROOT . "inc/functions_user.php";
if (!username_exists($mybb->get_input('username'))) {
$output->print_error("The username you have entered appears to be invalid.");
}
$options = array('fields' => array('username', 'password', 'salt', 'loginkey'));
$user = get_user_by_username($mybb->get_input('username'), $options);
if (!$user['uid']) {
echo 1;
exit;
}
} else {
$plugins->run_hooks("misc_markread_end");
require_once MYBB_ROOT . "/inc/functions_indicators.php";
mark_all_forums_read();
redirect("index.php", $lang->redirect_markforumsread);
}
} elseif ($mybb->input['action'] == "clearpass") {
$plugins->run_hooks("misc_clearpass");
if ($mybb->input['fid']) {
if (!verify_post_check($mybb->input['my_post_key'])) {
error($lang->invalid_post_code);
}
my_unsetcookie("forumpass[" . intval($mybb->input['fid']) . "]");
redirect("index.php", $lang->redirect_forumpasscleared);
}
} elseif ($mybb->input['action'] == "rules") {
if ($mybb->input['fid']) {
$plugins->run_hooks("misc_rules_start");
$fid = intval($mybb->input['fid']);
$forum = get_forum($fid);
if (!$forum || $forum['type'] != "f" || $forum['rules'] == '') {
error($lang->error_invalidforum);
}
$forumpermissions = forum_permissions($forum['fid']);
if ($forumpermissions['canview'] != 1) {
error_no_permission();
}
if (!$forum['rulestitle']) {
/**
* Checks to make sure a user has not tried to login more times than permitted
* Will stop execution with call to error() unless
*
* @param bool (Optional) The function will stop execution if it finds an error with the login. Default is True
* @return bool Number of logins when success, false if failed.
*/
function login_attempt_check($fatal = true)
{
global $mybb, $lang, $session, $db;
if ($mybb->settings['failedlogincount'] == 0) {
return 1;
}
// Note: Number of logins is defaulted to 1, because using 0 seems to clear cookie data. Not really a problem as long as we account for 1 being default.
// Use cookie if possible, otherwise use session
// Find better solution to prevent clearing cookies
$loginattempts = 0;
$failedlogin = 0;
if (!empty($mybb->cookies['loginattempts'])) {
$loginattempts = $mybb->cookies['loginattempts'];
}
if (!empty($mybb->cookies['failedlogin'])) {
$failedlogin = $mybb->cookies['failedlogin'];
}
// Work out if the user has had more than the allowed number of login attempts
if ($loginattempts > $mybb->settings['failedlogincount']) {
// If so, then we need to work out if they can try to login again
// Some maths to work out how long they have left and display it to them
$now = TIME_NOW;
if (empty($mybb->cookies['failedlogin'])) {
$failedtime = $now;
} else {
$failedtime = $mybb->cookies['failedlogin'];
}
$secondsleft = $mybb->settings['failedlogintime'] * 60 + $failedtime - $now;
$hoursleft = floor($secondsleft / 3600);
$minsleft = floor($secondsleft / 60 % 60);
$secsleft = floor($secondsleft % 60);
// This value will be empty the first time the user doesn't login in, set it
if (empty($failedlogin)) {
my_setcookie('failedlogin', $now);
if ($fatal) {
error($lang->sprintf($lang->failed_login_wait, $hoursleft, $minsleft, $secsleft));
}
return false;
}
// Work out if the user has waited long enough before letting them login again
if ($mybb->cookies['failedlogin'] < $now - $mybb->settings['failedlogintime'] * 60) {
my_setcookie('loginattempts', 1);
my_unsetcookie('failedlogin');
if ($mybb->user['uid'] != 0) {
$update_array = array('loginattempts' => 1);
$db->update_query("users", $update_array, "uid = '{$mybb->user['uid']}'");
}
return 1;
} else {
if ($mybb->cookies['failedlogin'] > $now - $mybb->settings['failedlogintime'] * 60) {
if ($fatal) {
error($lang->sprintf($lang->failed_login_wait, $hoursleft, $minsleft, $secsleft));
}
return false;
}
}
}
// User can attempt another login
return $loginattempts;
}
}
// Create session for this user
require_once MYBB_ROOT . "inc/class_session.php";
$session = new session();
$session->init();
$mybb->session =& $session;
$mybb->user['ismoderator'] = is_moderator("", "", $mybb->user['uid']);
// Set our POST validation code here
$mybb->post_code = generate_post_check();
// Set and load the language
if (!empty($mybb->input['language']) && $lang->language_exists($mybb->input['language']) && verify_post_check($mybb->input['my_post_key'], true)) {
$mybb->settings['bblanguage'] = $mybb->input['language'];
// If user is logged in, update their language selection with the new one
if ($mybb->user['uid']) {
if ($mybb->cookies['mybblang']) {
my_unsetcookie("mybblang");
}
$db->update_query("users", array("language" => $db->escape_string($mybb->settings['bblanguage'])), "uid='{$mybb->user['uid']}'");
} else {
my_setcookie("mybblang", $mybb->settings['bblanguage']);
}
$mybb->user['language'] = $mybb->settings['bblanguage'];
} else {
if (!$mybb->user['uid'] && !empty($mybb->cookies['mybblang']) && $lang->language_exists($mybb->cookies['mybblang'])) {
$mybb->settings['bblanguage'] = $mybb->cookies['mybblang'];
} else {
if (!isset($mybb->settings['bblanguage'])) {
$mybb->settings['bblanguage'] = "english";
}
}
}
function install_done()
{
global $output, $db, $mybb, $errors, $cache, $lang;
if (empty($mybb->input['adminuser'])) {
$errors[] = $lang->admin_step_error_nouser;
}
if (empty($mybb->input['adminpass'])) {
$errors[] = $lang->admin_step_error_nopassword;
}
if ($mybb->input['adminpass'] != $mybb->input['adminpass2']) {
$errors[] = $lang->admin_step_error_nomatch;
}
if (empty($mybb->input['adminemail'])) {
$errors[] = $lang->admin_step_error_noemail;
}
if (is_array($errors)) {
create_admin_user();
}
require MYBB_ROOT . 'inc/config.php';
$db = db_connection($config);
require MYBB_ROOT . 'inc/settings.php';
$mybb->settings =& $settings;
ob_start();
$output->print_header($lang->finish_setup, 'finish');
echo $lang->done_step_usergroupsinserted;
// Insert all of our user groups from the XML file
$settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml');
$parser = new XMLParser($settings);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$admin_gid = '';
$group_count = 0;
foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) {
// usergroup[cancp][0][value]
$new_group = array();
foreach ($usergroup as $key => $value) {
if ($key == "gid" || !is_array($value)) {
continue;
}
$new_group[$key] = $db->escape_string($value[0]['value']);
}
$return_gid = $db->insert_query("usergroups", $new_group);
// If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs)
if ($new_group['cancp'] == 1 && !$admin_gid) {
$admin_gid = $return_gid;
}
$group_count++;
}
echo $lang->done . '</p>';
echo $lang->done_step_admincreated;
$now = TIME_NOW;
$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt) . md5($mybb->input['adminpass']));
$newuser = array('username' => $db->escape_string($mybb->input['adminuser']), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->input['adminemail']), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'msn' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'remember' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_string(get_ip()), 'longregip' => intval(ip2long(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1);
$db->insert_query('users', $newuser);
echo $lang->done . '</p>';
echo $lang->done_step_adminoptions;
$adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml');
$parser = new XMLParser($adminoptions);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$insertmodule = array();
$db->delete_query("adminoptions");
// Insert all the admin permissions
foreach ($tree['adminoptions'][0]['user'] as $users) {
$uid = $users['attributes']['uid'];
foreach ($users['permissions'][0]['module'] as $module) {
foreach ($module['permission'] as $permission) {
$insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value'];
}
}
$defaultviews = array();
foreach ($users['defaultviews'][0]['view'] as $view) {
$defaultviews[$view['attributes']['type']] = $view['value'];
}
$adminoptiondata = array('uid' => intval($uid), 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(serialize($insertmodule)), 'defaultviews' => $db->escape_string(serialize($defaultviews)));
$insertmodule = array();
$db->insert_query('adminoptions', $adminoptiondata);
}
echo $lang->done . '</p>';
// Automatic Login
my_unsetcookie("sid");
my_unsetcookie("mybbuser");
my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true);
ob_end_flush();
// Make fulltext columns if supported
if ($db->supports_fulltext('threads')) {
$db->create_fulltext_index('threads', 'subject');
}
if ($db->supports_fulltext_boolean('posts')) {
$db->create_fulltext_index('posts', 'message');
}
// Register a shutdown function which actually tests if this functionality is working
add_shutdown('test_shutdown_function');
echo $lang->done_step_cachebuilding;
require_once MYBB_ROOT . 'inc/class_datacache.php';
$cache = new datacache();
$cache->update_version();
$cache->update_attachtypes();
$cache->update_smilies();
$cache->update_badwords();
$cache->update_usergroups();
$cache->update_forumpermissions();
$cache->update_stats();
$cache->update_forums();
$cache->update_moderators();
$cache->update_usertitles();
$cache->update_reportedposts();
$cache->update_mycode();
$cache->update_posticons();
$cache->update_update_check();
$cache->update_tasks();
$cache->update_spiders();
$cache->update_bannedips();
$cache->update_banned();
$cache->update_birthdays();
$cache->update("plugins", array());
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
echo $lang->done . '</p>';
echo $lang->done_step_success;
$written = 0;
if (is_writable('./')) {
$lock = @fopen('./lock', 'w');
$written = @fwrite($lock, '1');
@fclose($lock);
if ($written) {
echo $lang->done_step_locked;
}
}
if (!$written) {
echo $lang->done_step_dirdelete;
}
echo $lang->done_subscribe_mailing;
$output->print_footer('');
}
require_once MYBB_ROOT . "inc/3rdparty/2fa/GoogleAuthenticator.php";
$auth = new PHPGangsta_GoogleAuthenticator();
$test = $auth->verifyCode($admin_options['authsecret'], $mybb->get_input('code'));
// Either the code was okay or it was a recovery code
if ($test === true || $recovery === true) {
// Correct code -> session authenticated
$db->update_query("adminsessions", array("authenticated" => 1), "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'");
$admin_session['authenticated'] = 1;
$db->update_query("adminoptions", array("loginattempts" => 0, "loginlockoutexpiry" => 0), "uid='{$mybb->user['uid']}'");
my_setcookie('acploginattempts', 0);
// post would result in an authorization code mismatch error
$mybb->request_method = "get";
} else {
// Wrong code -> close session (aka logout)
$db->delete_query("adminsessions", "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'");
my_unsetcookie('adminsid');
// Now test whether we need to lock this guy completly
$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='{$mybb->user['uid']}'", '', true);
$loginattempts = login_attempt_check_acp($mybb->user['uid'], true);
// Have we attempted too many times?
if ($loginattempts['loginattempts'] > 0) {
// Have we set an expiry yet?
if ($loginattempts['loginlockoutexpiry'] == 0) {
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW + (int) $mybb->settings['loginattemptstimeout'] * 60), "uid='{$mybb->user['uid']}'");
}
// Did we hit lockout for the first time? Send the unlock email to the administrator
if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) {
$db->delete_query("awaitingactivation", "uid='{$mybb->user['uid']}' AND type='l'");
$lockout_array = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l");
$db->insert_query("awaitingactivation", $lockout_array);
$subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']);
/**
* Register procedure
* Refers to: /member.php
*
* @param array $info Contains user information of the User to be registered
* @return array|string If registration fails, we return an array containing the error message,
* If registration is successful, we return the string, which notifies the user of what will be the next action
*/
function register($info = array())
{
// Load the language phrases we need for the registration
$this->lang->load('member');
/**
* $info contains the given user information for the registration
* We need to make sure that every possible key is given, so we do not generate ugly E_NOIICE errors
*/
$possible_info_keys = array('username', 'password', 'password2', 'email', 'email2', 'referrer', 'timezone', 'language', 'profile_fields', 'allownotices', 'hideemail', 'subscriptionmethod', 'receivepms', 'pmnotice', 'emailpmnotify', 'invisible', 'dstcorrection');
// Iterate the possible info keys to create the array entry in $info if it does not exist
foreach ($possible_info_keys as $possible_info_key) {
if (!isset($info[$possible_info_key])) {
$info[$possible_info_key] = '';
}
}
// Run whatever hook specified at the beginning of the registration
$this->plugins->run_hooks('member_do_register_start');
// If register type is random password, we generate one
if ($this->mybb->settings['regtype'] == "randompass") {
$info['password'] = random_str();
$info['password2'] = $info['password'];
}
if ($this->mybb->settings['regtype'] == "verify" || $this->mybb->settings['regtype'] == "admin" || $info['coppa'] == 1) {
$usergroup = 5;
} else {
$usergroup = 2;
}
// Set up user handler.
require_once MYBB_ROOT . "inc/datahandlers/user.php";
$userhandler = new UserDataHandler("insert");
// Set the data for the new user.
$user = array("username" => $info['username'], "password" => $info['password'], "password2" => $info['password2'], "email" => $info['email'], "email2" => $info['email2'], "usergroup" => $usergroup, "referrer" => $info['referrername'], "timezone" => $info['timezone'], "language" => $info['language'], "profile_fields" => $info['profile_fields'], "regip" => $this->mybb->session->ipaddress, "longregip" => ip2long($this->mybb->session->ipaddress), "coppa_user" => intval($this->mybb->cookies['coppauser']));
if (isset($info['regcheck1']) && isset($info['regcheck2'])) {
$user['regcheck1'] = $info['regcheck1'];
$user['regcheck2'] = $info['regcheck2'];
}
// Do we have a saved COPPA DOB?
if ($this->mybb->cookies['coppadob']) {
list($dob_day, $dob_month, $dob_year) = explode("-", $this->mybb->cookies['coppadob']);
$user['birthday'] = array("day" => $dob_day, "month" => $dob_month, "year" => $dob_year);
}
// Generate the options array of the user
$user['options'] = array("allownotices" => $info['allownotices'], "hideemail" => $info['hideemail'], "subscriptionmethod" => $info['subscriptionmethod'], "receivepms" => $info['receivepms'], "pmnotice" => $info['pmnotice'], "emailpmnotify" => $info['emailpmnotify'], "invisible" => $info['invisible'], "dstcorrection" => $info['dstcorrection']);
// Assign data to the data handler
$userhandler->set_data($user);
// If the validation of the user failed, we return nice (friendly) errors
if (!$userhandler->validate_user()) {
$errors = $userhandler->get_friendly_errors();
return $errors;
}
// Create the User in the database
$user_info = $userhandler->insert_user();
// We need to set a cookie, if we don't want a random password (and it is no COPPA user), so he is instantly logged in
if ($this->mybb->settings['regtype'] != "randompass" && !$this->mybb->cookies['coppauser']) {
// Log them in
my_setcookie("mybbuser", $user_info['uid'] . "_" . $user_info['loginkey'], null, true);
}
/**
* Coppa User
* Nothing special, just return that the coppa user will be redirected
*/
if ($this->mybb->cookies['coppauser']) {
$this->lang->redirect_registered_coppa_activate = $this->lang->sprintf($this->lang->redirect_registered_coppa_activate, $this->mybb->settings['bbname'], $user_info['username']);
my_unsetcookie("coppauser");
my_unsetcookie("coppadob");
// Run whatever hook is defined at the end of a registration
$this->plugins->run_hooks("member_do_register_end");
return $this->lang->redirect_registered_coppa_activate;
} else {
if ($this->mybb->settings['regtype'] == "verify") {
// Generate and save the activation code in the database
$activationcode = random_str();
$now = TIME_NOW;
$activationarray = array("uid" => $user_info['uid'], "dateline" => TIME_NOW, "code" => $activationcode, "type" => "r");
$this->db->insert_query("awaitingactivation", $activationarray);
// Generate and send the email
$emailsubject = $this->lang->sprintf($this->lang->emailsubject_activateaccount, $this->mybb->settings['bbname']);
$emailmessage = $this->lang->sprintf($this->lang->email_activateaccount, $user_info['username'], $this->mybb->settings['bbname'], $this->mybb->settings['bburl'], $user_info['uid'], $activationcode);
my_mail($user_info['email'], $emailsubject, $emailmessage);
// Build the message to return
$this->lang->redirect_registered_activation = $this->lang->sprintf($this->lang->redirect_registered_activation, $this->mybb->settings['bbname'], $user_info['username']);
// Run whatever hook is defined at the end of a registration
$this->plugins->run_hooks("member_do_register_end");
return $this->lang->redirect_registered_activation;
} else {
if ($this->mybb->settings['regtype'] == "randompass") {
// Generate and send the email
$emailsubject = $this->lang->sprintf($this->lang->emailsubject_randompassword, $this->mybb->settings['bbname']);
$emailmessage = $this->lang->sprintf($this->lang->email_randompassword, $user['username'], $this->mybb->settings['bbname'], $user_info['username'], $user_info['password']);
my_mail($user_info['email'], $emailsubject, $emailmessage);
// Run whatever hook is defined at the end of a registration
$this->plugins->run_hooks("member_do_register_end");
return $this->lang->redirect_registered_passwordsent;
} else {
if ($this->mybb->settings['regtype'] == "admin") {
// Build the message to return
$this->lang->redirect_registered_admin_activate = $this->lang->sprintf($this->lang->redirect_registered_admin_activate, $this->mybb->settings['bbname'], $user_info['username']);
// Run whatever hook is defined at the end of a registration
$this->plugins->run_hooks("member_do_register_end");
return $this->lang->redirect_registered_admin_activate;
} else {
// Build the message to return
$this->lang->redirect_registered = $this->lang->sprintf($this->lang->redirect_registered, $this->mybb->settings['bbname'], $user_info['username']);
// Run whatever hook is defined at the end of a registration
$this->plugins->run_hooks('member_do_register_end');
return $this->lang->redirect_registered;
}
}
}
}
}
/**
* Installation is finished
*/
function install_done()
{
global $output, $db, $mybb, $errors, $cache, $lang;
if (empty($mybb->input['adminuser'])) {
$errors[] = $lang->admin_step_error_nouser;
}
if (empty($mybb->input['adminpass'])) {
$errors[] = $lang->admin_step_error_nopassword;
}
if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) {
$errors[] = $lang->admin_step_error_nomatch;
}
if (empty($mybb->input['adminemail'])) {
$errors[] = $lang->admin_step_error_noemail;
}
if (is_array($errors)) {
create_admin_user();
}
require MYBB_ROOT . 'inc/config.php';
$db = db_connection($config);
require MYBB_ROOT . 'inc/settings.php';
$mybb->settings =& $settings;
ob_start();
$output->print_header($lang->finish_setup, 'finish');
echo $lang->done_step_usergroupsinserted;
// Insert all of our user groups from the XML file
$usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml');
$parser = new XMLParser($usergroup_settings);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$admin_gid = '';
$group_count = 0;
foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) {
// usergroup[cancp][0][value]
$new_group = array();
foreach ($usergroup as $key => $value) {
if (!is_array($value)) {
continue;
}
$new_group[$key] = $db->escape_string($value[0]['value']);
}
$db->insert_query("usergroups", $new_group, false);
// If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs)
if ($new_group['cancp'] == 1 && !$admin_gid) {
$admin_gid = $usergroup['gid'][0]['value'];
}
$group_count++;
}
// Restart usergroup sequence with correct # of groups
if ($config['database']['type'] == "pgsql") {
$db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));");
}
echo $lang->done . '</p>';
echo $lang->done_step_admincreated;
$now = TIME_NOW;
$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass')));
$newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => '');
$db->insert_query('users', $newuser);
echo $lang->done . '</p>';
echo $lang->done_step_adminoptions;
$adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml');
$parser = new XMLParser($adminoptions);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$insertmodule = array();
$db->delete_query("adminoptions");
// Insert all the admin permissions
foreach ($tree['adminoptions'][0]['user'] as $users) {
$uid = $users['attributes']['uid'];
foreach ($users['permissions'][0]['module'] as $module) {
foreach ($module['permission'] as $permission) {
$insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value'];
}
}
$defaultviews = array();
foreach ($users['defaultviews'][0]['view'] as $view) {
$defaultviews[$view['attributes']['type']] = $view['value'];
}
$adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews)));
$insertmodule = array();
$db->insert_query('adminoptions', $adminoptiondata);
}
echo $lang->done . '</p>';
// Automatic Login
my_unsetcookie("sid");
my_unsetcookie("mybbuser");
my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true);
ob_end_flush();
// Make fulltext columns if supported
if ($db->supports_fulltext('threads')) {
$db->create_fulltext_index('threads', 'subject');
}
if ($db->supports_fulltext_boolean('posts')) {
$db->create_fulltext_index('posts', 'message');
}
echo $lang->done_step_cachebuilding;
require_once MYBB_ROOT . 'inc/class_datacache.php';
$cache = new datacache();
$cache->update_version();
$cache->update_attachtypes();
$cache->update_smilies();
$cache->update_badwords();
$cache->update_usergroups();
$cache->update_forumpermissions();
$cache->update_stats();
$cache->update_statistics();
$cache->update_forums();
$cache->update_moderators();
$cache->update_usertitles();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();
$cache->update_mycode();
$cache->update_profilefields();
$cache->update_posticons();
$cache->update_spiders();
$cache->update_bannedips();
$cache->update_banned();
$cache->update_bannedemails();
$cache->update_birthdays();
$cache->update_groupleaders();
$cache->update_threadprefixes();
$cache->update_forumsdisplay();
$cache->update("plugins", array());
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
$cache->update_default_theme();
$version_history = array();
$dh = opendir(INSTALL_ROOT . "resources");
while (($file = readdir($dh)) !== false) {
if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) {
$version_history[$match[1]] = $match[1];
}
}
sort($version_history, SORT_NUMERIC);
$cache->update("version_history", $version_history);
// Schedule an update check so it occurs an hour ago. Gotta stay up to date!
$update['nextrun'] = TIME_NOW - 3600;
$db->update_query("tasks", $update, "tid='12'");
$cache->update_update_check();
$cache->update_tasks();
echo $lang->done . '</p>';
echo $lang->done_step_success;
$written = 0;
if (is_writable('./')) {
$lock = @fopen('./lock', 'w');
$written = @fwrite($lock, '1');
@fclose($lock);
if ($written) {
echo $lang->done_step_locked;
}
}
if (!$written) {
echo $lang->done_step_dirdelete;
}
echo $lang->done_whats_next;
$output->print_footer('');
}
if (!$db->is_fulltext("posts") && $db->supports_fulltext("threads")) {
$db->create_fulltext_index("threads", "subject");
}
}
// If the delayedthreadviews setting was changed, enable or disable the tasks for it.
if (isset($mybb->input['upsetting']['delayedthreadviews']) && $mybb->settings['delayedthreadviews'] != $mybb->input['upsetting']['delayedthreadviews']) {
if ($mybb->input['upsetting']['delayedthreadviews'] == 0) {
$updated_task = array("enabled" => 0);
} else {
$updated_task = array("enabled" => 1);
}
$db->update_query("tasks", $updated_task, "file='threadviews'");
}
// Have we changed our cookie prefix? If so, update our adminsid so we're not logged out
if ($mybb->input['upsetting']['cookieprefix'] && $mybb->input['upsetting']['cookieprefix'] != $mybb->settings['cookieprefix']) {
my_unsetcookie("adminsid");
$mybb->settings['cookieprefix'] = $mybb->input['upsetting']['cookieprefix'];
my_setcookie("adminsid", $admin_session['sid'], '', true);
}
// Have we opted for a reCAPTCHA and not set a public/private key?
if ($mybb->input['upsetting']['captchaimage'] == 2 && !$mybb->input['upsetting']['captchaprivatekey'] && !$mybb->input['upsetting']['captchapublickey']) {
$db->update_query("settings", array("value" => 1), "name = 'captchaimage'");
}
rebuild_settings();
$plugins->run_hooks("admin_config_settings_change_commit");
// If we have changed our report reasons recache them
if (isset($mybb->input['upsetting']['reportreasons'])) {
$cache->update_reportedposts();
}
// Log admin action
log_admin_action();
// Do the usergroup update for all those selected
// If the a selected user is a super admin, don't update that user
foreach ($selected as $user) {
if (!is_super_admin($user)) {
$users_to_update[] = $user;
}
}
$to_update_count = count($users_to_update);
if ($to_update_count > 0 && is_array($users_to_update)) {
// Update the users in the database
$sql = implode(",", $users_to_update);
$db->update_query("users", $update_array, "uid IN (" . $sql . ")");
// Redirect the admin...
$mybb->input['action'] = "inline_usergroup";
log_admin_action($to_update_count);
my_unsetcookie("inlinemod_useracp");
flash_message($lang->success_mass_usergroups, 'success');
admin_redirect("index.php?module=user-users" . $vid_url);
} else {
// They tried to edit super admins! Uh-oh!
$errors[] = $lang->no_usergroup_changed;
}
}
$page->output_header($lang->manage_users);
$page->output_nav_tabs($sub_tabs, 'manage_users');
// Display a table warning
$table = new Table();
$lang->usergroup_info = $lang->sprintf($lang->usergroup_info, count($selected));
$table->construct_cell($lang->usergroup_info);
$table->construct_row();
$table->output($lang->important);
/**
* The switch function deletes the mybbuser cookie, sets a new cookie for the selected account and starts a new session.
* Function is called by ajax request and sends the new users post key.
*
*/
function accountswitcher_switch()
{
global $db, $mybb, $lang, $charset, $cache, $templates;
if ($mybb->user['uid'] != 0 && isset($mybb->input['switchuser']) && $mybb->input['switchuser'] == 1 && $mybb->request_method == "post") {
require_once MYBB_ROOT . "/inc/plugins/accountswitcher/class_accountswitcher.php";
$eas = new AccountSwitcher($mybb, $db, $cache, $templates);
// Get permissions for this user
$userPermission = user_permissions($mybb->user['uid']);
// Get permissions for the master. First get the master
$master = get_user((int) $mybb->user['as_uid']);
// Get his permissions
$masterPermission = user_permissions($master['uid']);
// If one of both has the permission allow to switch
if ($userPermission['as_canswitch'] == 1 || $masterPermission['as_canswitch'] == 1) {
if (!isset($lang->as_invaliduser)) {
$lang->load("accountswitcher");
}
verify_post_check($mybb->get_input('my_post_key'));
// Get user info
$user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
// Check if user exists
if (!$user) {
error($lang->as_invaliduser);
}
// Can the new account be shared?
if ($user['as_share'] != 0 && $mybb->settings['aj_shareuser'] == 1) {
// Account already used by another user?
if ($user['as_shareuid'] != 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Account only shared by buddies?
if ($user['as_buddyshare'] != 0) {
// No buddy - no switch
if ($user['buddylist'] != '') {
$buddylist = explode(",", $user['buddylist']);
}
if (empty($buddylist) || !empty($buddylist) && !in_array($mybb->user['uid'], $buddylist)) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
}
// Shared account is free - set share uid
if ($user['as_shareuid'] == 0) {
$updated_shareuid = array("as_shareuid" => (int) $mybb->user['uid']);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $user['uid'] . "'");
$eas->update_accountswitcher_cache();
$user['as_shareuid'] = (int) $mybb->user['uid'];
}
}
// Make sure you can switch to an attached account only
if ($user['as_uid'] == $mybb->user['uid'] || $user['as_uid'] != 0 && $user['as_uid'] == $mybb->user['as_uid'] || $user['uid'] == $mybb->user['as_uid'] || $user['as_shareuid'] == $mybb->user['uid'] || $user['uid'] == $mybb->user['as_shareuid']) {
// Is the current account shared?
if ($mybb->user['as_share'] != 0) {
// Account used by another user?
if ($mybb->user['as_shareuid'] == 0) {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
return;
}
// Reset share uid
if ($mybb->user['as_shareuid'] != 0) {
$updated_shareuid = array("as_shareuid" => 0);
$db->update_query("users", $updated_shareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
}
}
// Log the old user out
my_unsetcookie("mybbuser");
my_unsetcookie("sid");
if ($mybb->user['uid']) {
$time = TIME_NOW;
// Run this after the shutdown query from session system
$db->shutdown_query("UPDATE " . TABLE_PREFIX . "users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
$db->delete_query("sessions", "sid = '{$session->sid}'");
}
// Now let the login datahandler do the work
require_once MYBB_ROOT . "inc/datahandlers/login.php";
$loginhandler = new LoginDataHandler("get");
$mybb->input['remember'] = "yes";
$loginhandler->set_data($user);
$validated = $loginhandler->validate_login();
$loginhandler->complete_login();
// Create session for this user
require_once MYBB_ROOT . "inc/class_session.php";
$session = new session();
$session->init();
$mybb->session =& $session;
$mybb->post_code = generate_post_check();
// Send new users post code
header("Content-type: text/plain; charset={$charset}");
echo $mybb->post_code;
exit;
} else {
log_moderator_action(array('uid' => $user['uid'], 'username' => $user['username']), $lang->aj_switch_invalid_log);
error($lang->as_notattacheduser);
}
}
}
}
