} // Should we alert people on the admin mailing list that a new user has registered? if ($panther_config['o_regs_report'] == '1') { $info = array('message' => array('<username>' => $username, '<base_url>' => get_base_url(), '<profile_url>' => panther_link($panther_url['profile'], array($new_uid, $url_username)), '<admin_url>' => panther_link($panther_url['profile_admin'], array($new_uid)))); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/new_user.tpl', $info); $mailer->send($panther_config['o_mailing_list'], $mail_tpl['subject'], $mail_tpl['message']); } } // Must the user verify the registration or do we log him/her in right now? if ($panther_config['o_regs_verify'] == '1') { $info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login']))); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info); $mailer->send($email1, $mail_tpl['subject'], $mail_tpl['message']); message(sprintf($lang_register['Reg email'], $panther_config['o_admin_email']), true); } panther_setcookie($new_uid, $login_key, time() + $panther_config['o_timeout_visit']); redirect(panther_link($panther_url['index']), $lang_register['Reg complete']); } } $page_title = array($panther_config['o_board_title'], $lang_register['Register']); $required_fields = array('req_user' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'] . ' 2'); $focus_element = array('register', 'req_user'); if (!empty($panther_robots)) { $required_fields['answer'] = $lang_common['Robot title']; } ($hook = get_extensions('register_before_header')) ? eval($hook) : null; define('PANTHER_ACTIVE_PAGE', 'register'); require PANTHER_ROOT . 'header.php'; $timezone = isset($timezone) ? $timezone : $panther_config['o_default_timezone']; $dst = isset($dst) ? $dst : $panther_config['o_default_dst']; $email_setting = isset($email_setting) ? $email_setting : $panther_config['o_default_email_setting'];
if ($panther_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $panther_user['id']) { header('Location: ' . panther_link($panther_url['index'])); exit; } confirm_referrer('login.php'); $data = array(':id' => $panther_user['id']); // Remove user from "users online" list $db->delete('online', 'user_id=:id', $data); generate_login_key(); // Update last_visit (make sure there's something to update it with) if (isset($panther_user['logged'])) { $update = array('last_visit' => $panther_user['logged']); $data = array(':id' => $panther_user['id']); $db->update('users', $update, 'id=:id', $data); } panther_setcookie(1, panther_hash(uniqid(rand(), true)), time() + 31536000); redirect(panther_link($panther_url['index']), $lang_login['Logout redirect']); } else { if ($action == 'forget') { if (!$panther_user['is_guest']) { header('Location: ' . panther_link($panther_url['index'])); exit; } if (isset($_POST['form_sent'])) { confirm_referrer('login.php'); ($hook = get_extensions('forget_password_before_validation')) ? eval($hook) : null; // Start with a clean slate $errors = array(); require PANTHER_ROOT . 'include/email.php'; // Validate the email address $email = isset($_POST['req_email']) ? strtolower(panther_trim($_POST['req_email'])) : '';
if (!empty($cur_user['password'])) { $old_password_hash = panther_hash($old_password . $cur_user['salt']); if ($cur_user['password'] == $old_password_hash || $panther_user['is_admmod']) { $authorized = true; } } if (!$authorized) { message($lang_profile['Wrong pass']); } $new_salt = random_pass(16); $new_password_hash = panther_hash($new_password1 . $new_salt); $update = array('password' => $new_password_hash, 'salt' => $new_salt); $data = array(':id' => $id); $db->update('users', $update, 'id=:id', $data); if ($panther_user['id'] == $id) { panther_setcookie($panther_user['id'], $new_password_hash, time() + $panther_config['o_timeout_visit']); } redirect(panther_link($panther_url['profile_essentials'], array($id)), $lang_profile['Pass updated redirect']); } $page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Change pass']); $required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']); $focus_element = array('change_pass', !$panther_user['is_admmod'] ? 'req_old_password' : 'req_new_password1'); define('PANTHER_ACTIVE_PAGE', 'profile'); require PANTHER_ROOT . 'header.php'; $tpl = load_template('change_password.tpl'); echo $tpl->render(array('lang_profile' => $lang_profile, 'lang_common' => $lang_common, 'csrf_token' => generate_csrf_token(), 'form_action' => panther_link($panther_url['change_password'], array($id)), 'panther_user' => $panther_user)); require PANTHER_ROOT . 'footer.php'; } else { if ($action == 'change_email') { // Make sure we are allowed to change this user's email if ($panther_user['id'] != $id) {
function check_cookie(&$panther_user) { global $db, $panther_config; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it if (isset($_COOKIE[$panther_config['o_cookie_name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$panther_config['o_cookie_name']], $matches)) { $cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]); } // If it has a non-guest user, and hasn't expired if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) { // If the cookie has been tampered with if (!panther_hash_equals(hash_hmac('sha512', $cookie['user_id'] . '|' . $cookie['expiration_time'], $panther_config['o_cookie_seed'] . '_cookie_hash'), $cookie['cookie_hash'])) { $expire = $now + 31536000; // The cookie expires after a year panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } $data = array(':id' => $cookie['user_id']); // Check if there's a user with the user ID and password hash from the cookie $ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=:id', $data); $panther_user = $ps->fetch(); // If user authorisation failed if (!isset($panther_user['id']) || !panther_hash_equals(hash_hmac('sha512', $panther_user['login_key'], $panther_config['o_cookie_seed'] . '_password_hash'), $cookie['password_hash'])) { $expire = $now + 31536000; // The cookie expires after a year panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Send a new, updated cookie with a new expiration timestamp $expire = $cookie['expiration_time'] > $now + $panther_config['o_timeout_visit'] ? $now + 1209600 : $now + $panther_config['o_timeout_visit']; panther_setcookie($panther_user['id'], $panther_user['login_key'], $expire); // Set a default language if the user selected language no longer exists if (!file_exists(PANTHER_ROOT . 'lang/' . $panther_user['language'])) { $panther_user['language'] = $panther_config['o_default_lang']; } $style_root = ($panther_config['o_style_path'] != 'style' ? $panther_config['o_style_path'] : PANTHER_ROOT . $panther_config['o_style_path']) . '/'; // Set a default style if the user selected style no longer exists if (!file_exists($style_root . $panther_user['style'] . '.css')) { $panther_user['style'] = $panther_config['o_default_style']; } if (!$panther_user['disp_topics']) { $panther_user['disp_topics'] = $panther_config['o_disp_topics_default']; } if (!$panther_user['disp_posts']) { $panther_user['disp_posts'] = $panther_config['o_disp_posts_default']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('PANTHER_QUIET_VISIT')) { // Update the online list if (!$panther_user['logged']) { $panther_user['logged'] = $now; $data = array(':id' => $panther_user['id'], ':ident' => $panther_user['username'], ':logged' => $panther_user['logged']); // REPLACE INTO avoids a user having two rows in the online table $db->run('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES (:id, :ident, :logged)', $data); // Reset tracked topics set_tracked_topics(null); } else { $data = array(':id' => $panther_user['id']); // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($panther_user['logged'] < $now - $panther_config['o_timeout_visit']) { $update = array('last_visit' => $panther_user['logged']); $db->update('users', $update, 'id=:id', $data); $panther_user['last_visit'] = $panther_user['logged']; } $update = array('logged' => $now); if ($panther_user['idle'] == '1') { $update['idle'] = 0; } $db->update('online', $update, 'user_id=:id', $data); // Update tracked topics with the current expire time if (isset($_COOKIE[$panther_config['o_cookie_name'] . '_track'])) { forum_setcookie($panther_config['o_cookie_name'] . '_track', $_COOKIE[$panther_config['o_cookie_name'] . '_track'], $now + $panther_config['o_timeout_visit']); } } } else { if (!$panther_user['logged']) { $panther_user['logged'] = $panther_user['last_visit']; } } $panther_user['is_guest'] = false; $panther_user['is_admmod'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1'; $panther_user['is_admin'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1' && $panther_user['g_admin'] == '1'; $panther_user['is_bot'] = false; } else { set_default_user(); } }