Ejemplo n.º 1
0
 function main($id, $mode)
 {
     global $db, $user, $phpbb_root_path, $config, $phpEx;
     include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
     $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
     $captcha->init(request_var('type', 0));
     $captcha->execute();
     garbage_collection();
     exit_handler();
 }
Ejemplo n.º 2
0
    }
    trigger_error($mode == 'post' || $mode == 'bump' || $mode == 'reply' ? 'NO_TOPIC' : 'NO_POST');
}
// Not able to reply to unapproved posts/topics
// TODO: add more descriptive language key
if ($auth->acl_get('m_approve', $forum_id) && (($mode == 'reply' || $mode == 'bump') && !$post_data['topic_approved'] || $mode == 'quote' && !$post_data['post_approved'])) {
    trigger_error($mode == 'reply' || $mode == 'bump' ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED');
}
if ($mode == 'popup') {
    upload_popup($post_data['forum_style']);
    return;
}
$user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
if ($config['enable_post_confirm'] && !$user->data['is_registered']) {
    include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
    $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
    $captcha->init(CONFIRM_POST);
}
// Use post_row values in favor of submitted ones...
$forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id;
$topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id;
$post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id;
// Need to login to passworded forum first?
if ($post_data['forum_password']) {
    login_forum_box(array('forum_id' => $forum_id, 'forum_name' => $post_data['forum_name'], 'forum_password' => $post_data['forum_password']));
}
// Check permissions
if ($user->data['is_bot']) {
    redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
}
// Is the user able to read within this forum?
Ejemplo n.º 3
0
/**
* Login function
*/
function login_db(&$username, &$password)
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
		FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if (!$row) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    // If there are too much login attempts, we need to check for an confirm image
    // Every auth module is able to define what to do by itself...
    if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) {
        // Visual Confirmation handling
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate();
        if ($vc_response) {
            return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
        }
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string');
        if ($password == $password_new_format) {
            if (!function_exists('utf8_to_cp1252')) {
                global $phpbb_root_path, $phpEx;
                include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx;
            }
            // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
            // plain md5 support left in for conversions from other systems.
            if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) {
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to
                // increase login attempt count to make sure this cannot be exploited
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_login_attempts = user_login_attempts + 1
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        if ($row['user_login_attempts'] != 0) {
            // Successful, reset login attempts (the user passed all stages)
            $sql = 'UPDATE ' . USERS_TABLE . '
				SET user_login_attempts = 0
				WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);
        }
        // User inactive...
        if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
            return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
        }
        // Successful login... set user_login_attempts to zero...
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    $sql = 'UPDATE ' . USERS_TABLE . '
		SET user_login_attempts = user_login_attempts + 1
		WHERE user_id = ' . $row['user_id'];
    $db->sql_query($sql);
    // Give status about wrong password...
    return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
    global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
    if (!class_exists('phpbb_captcha_factory')) {
        include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
    }
    $err = '';
    // Make sure user->setup() has been called
    if (empty($user->lang)) {
        $user->setup();
    }
    // Print out error if user tries to authenticate as an administrator without having the privileges...
    if ($admin && !$auth->acl_get('a_')) {
        // Not authd
        // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
        if ($user->data['is_registered']) {
            add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
        }
        trigger_error('NO_AUTH_ADMIN');
    }
    if (isset($_POST['login'])) {
        // Get credential
        if ($admin) {
            $credential = request_var('credential', '');
            if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
                if ($user->data['is_registered']) {
                    add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                }
                trigger_error('NO_AUTH_ADMIN');
            }
            $password = request_var('password_' . $credential, '', true);
        } else {
            $password = request_var('password', '', true);
        }
        $username = request_var('username', '', true);
        $autologin = !empty($_POST['autologin']) ? true : false;
        $viewonline = !empty($_POST['viewonline']) ? 0 : 1;
        $admin = $admin ? 1 : 0;
        $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
        // Check if the supplied username is equal to the one stored within the database if re-authenticating
        if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
            // We log the attempt to use a different username...
            add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
            trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
        }
        // If authentication is successful we redirect user to previous page
        $result = $auth->login($username, $password, $autologin, $viewonline, $admin);
        // If admin authentication and login, we will log if it was a success or not...
        // We also break the operation on the first non-success login - it could be argued that the user already knows
        if ($admin) {
            if ($result['status'] == LOGIN_SUCCESS) {
                add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
            } else {
                // Only log the failed attempt if a real user tried to.
                // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
                if ($user->data['is_registered']) {
                    add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                }
            }
        }
        // The result parameter is always an array, holding the relevant information...
        if ($result['status'] == LOGIN_SUCCESS) {
            $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
            $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
            $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
            // append/replace SID (may change during the session for AOL users)
            $redirect = reapply_sid($redirect);
            // Special case... the user is effectively banned, but we allow founders to login
            if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
                return;
            }
            $redirect = meta_refresh(3, $redirect);
            trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
        }
        // Something failed, determine what...
        if ($result['status'] == LOGIN_BREAK) {
            trigger_error($result['error_msg']);
        }
        // Special cases... determine
        switch ($result['status']) {
            case LOGIN_ERROR_ATTEMPTS:
                $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
                $captcha->init(CONFIRM_LOGIN);
                // $captcha->reset();
                $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
                $err = $user->lang[$result['error_msg']];
                break;
            case LOGIN_ERROR_PASSWORD_CONVERT:
                $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
                break;
                // Username, password, etc...
            // Username, password, etc...
            default:
                $err = $user->lang[$result['error_msg']];
                // Assign admin contact to some error messages
                if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
                    $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
                }
                break;
        }
    }
    // Assign credential for username/password pair
    $credential = $admin ? md5(unique_id()) : false;
    $s_hidden_fields = array('sid' => $user->session_id);
    if ($redirect) {
        $s_hidden_fields['redirect'] = $redirect;
    }
    if ($admin) {
        $s_hidden_fields['credential'] = $credential;
    }
    $s_hidden_fields = build_hidden_fields($s_hidden_fields);
    $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
    page_header($user->lang['LOGIN'], false);
    $template->set_filenames(array('body' => 'login_body.html'));
    make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
    page_footer();
}
Ejemplo n.º 5
0
 /**
  * If you display the captcha, run this function to check if they entered the correct captcha setting
  *
  * @return mixed $captcha->validate(); results (false on success, error string on failure)
  */
 public function validate_captcha()
 {
     phpbb::_include('captcha/captcha_factory', false, 'phpbb_captcha_factory');
     $captcha =& phpbb_captcha_factory::get_instance(phpbb::$config['captcha_plugin']);
     $captcha->init(CONFIRM_POST);
     return $captcha->validate($this->request_data());
 }
Ejemplo n.º 6
0
 /**
  * Entry point for delivering image CAPTCHAs in the ACP.
  */
 function deliver_demo($selected)
 {
     global $db, $user, $config;
     $captcha =& phpbb_captcha_factory::get_instance($selected);
     $captcha->init(CONFIRM_REG);
     $captcha->execute_demo();
     garbage_collection();
     exit_handler();
 }
Ejemplo n.º 7
0
    function main($id, $mode)
    {
        global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
        //
        if ($config['require_activation'] == USER_ACTIVATION_DISABLE) {
            trigger_error('UCP_REGISTER_DISABLE');
        }
        include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx;
        $coppa = isset($_REQUEST['coppa']) ? !empty($_REQUEST['coppa']) ? 1 : 0 : false;
        $agreed = !empty($_POST['agreed']) ? 1 : 0;
        $submit = isset($_POST['submit']) ? true : false;
        $change_lang = request_var('change_lang', '');
        $user_lang = request_var('lang', $user->lang_name);
        if ($agreed) {
            add_form_key('ucp_register');
        } else {
            add_form_key('ucp_register_terms');
        }
        if ($change_lang || $user_lang != $config['default_lang']) {
            $use_lang = $change_lang ? basename($change_lang) : basename($user_lang);
            if (!validate_language_iso_name($use_lang)) {
                if ($change_lang) {
                    $submit = false;
                    // Setting back agreed to let the user view the agreement in his/her language
                    $agreed = empty($_GET['change_lang']) ? 0 : $agreed;
                }
                $user->lang_name = $user_lang = $use_lang;
                $user->lang = array();
                $user->data['user_lang'] = $user->lang_name;
                $user->add_lang(array('common', 'ucp'));
            } else {
                $change_lang = '';
                $user_lang = $user->lang_name;
            }
        }
        $cp = new custom_profile();
        $error = $cp_data = $cp_error = array();
        if (!$agreed || $coppa === false && $config['coppa_enable'] || $coppa && !$config['coppa_enable']) {
            $add_lang = $change_lang ? '&amp;change_lang=' . urlencode($change_lang) : '';
            $add_coppa = $coppa !== false ? '&amp;coppa=' . $coppa : '';
            $s_hidden_fields = array('change_lang' => $change_lang);
            // If we change the language, we want to pass on some more possible parameter.
            if ($change_lang) {
                // We do not include the password
                $s_hidden_fields = array_merge($s_hidden_fields, array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => $user->lang_name, 'tz' => request_var('tz', (double) $config['board_timezone'])));
            }
            // Checking amount of available languages
            $sql = 'SELECT lang_id
				FROM ' . LANG_TABLE;
            $result = $db->sql_query($sql);
            $lang_row = array();
            while ($row = $db->sql_fetchrow($result)) {
                $lang_row[] = $row;
            }
            $db->sql_freeresult($result);
            if ($coppa === false && $config['coppa_enable']) {
                $now = getdate();
                $coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']);
                unset($now);
                $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&amp;coppa=0' . $add_lang), 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&amp;coppa=1' . $add_lang), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang)));
            } else {
                $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang . $add_coppa)));
            }
            unset($lang_row);
            $this->tpl_name = 'ucp_agreement';
            return;
        }
        // The CAPTCHA kicks in here. We can't help that the information gets lost on language change.
        if ($config['enable_confirm']) {
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
            $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
            $captcha->init(CONFIRM_REG);
        }
        // Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1
        $timezone = date('Z') / 3600;
        $is_dst = date('I');
        if ($config['board_timezone'] == $timezone || $config['board_timezone'] == $timezone - 1) {
            $timezone = $is_dst ? $timezone - 1 : $timezone;
            if (!isset($user->lang['tz_zones'][(string) $timezone])) {
                $timezone = $config['board_timezone'];
            }
        } else {
            $is_dst = $config['board_dst'];
            $timezone = $config['board_timezone'];
        }
        $data = array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (double) $timezone));
        // Check and initialize some variables if needed
        if ($submit) {
            $error = validate_data($data, array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array(array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), 'lang' => array('language_iso_name')));
            if (!check_form_key('ucp_register')) {
                $error[] = $user->lang['FORM_INVALID'];
            }
            // Replace "error" strings with their real, localised form
            $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
            if ($config['enable_confirm']) {
                $vc_response = $captcha->validate($data);
                if ($vc_response !== false) {
                    $error[] = $vc_response;
                }
                if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts']) {
                    $error[] = $user->lang['TOO_MANY_REGISTERS'];
                }
            }
            // DNSBL check
            if ($config['check_dnsbl']) {
                if (($dnsbl = $user->check_dnsbl('register')) !== false) {
                    $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
                }
            }
            // validate custom profile fields
            $cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);
            if (!sizeof($error)) {
                if ($data['new_password'] != $data['password_confirm']) {
                    $error[] = $user->lang['NEW_PASSWORD_ERROR'];
                }
                if ($data['email'] != $data['email_confirm']) {
                    $error[] = $user->lang['NEW_EMAIL_ERROR'];
                }
            }
            if (!sizeof($error)) {
                $server_url = generate_board_url();
                // Which group by default?
                $group_name = $coppa ? 'REGISTERED_COPPA' : 'REGISTERED';
                $sql = 'SELECT group_id
					FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape($group_name) . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL;
                $result = $db->sql_query($sql);
                $row = $db->sql_fetchrow($result);
                $db->sql_freeresult($result);
                if (!$row) {
                    trigger_error('NO_GROUP');
                }
                $group_id = $row['group_id'];
                if (($coppa || $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) {
                    $user_actkey = gen_rand_string(mt_rand(6, 10));
                    $user_type = USER_INACTIVE;
                    $user_inactive_reason = INACTIVE_REGISTER;
                    $user_inactive_time = time();
                } else {
                    $user_type = USER_NORMAL;
                    $user_actkey = '';
                    $user_inactive_reason = 0;
                    $user_inactive_time = 0;
                }
                $user_row = array('username' => $data['username'], 'user_password' => phpbb_hash($data['new_password']), 'user_email' => $data['email'], 'group_id' => (int) $group_id, 'user_timezone' => (double) $data['tz'], 'user_dst' => $is_dst, 'user_lang' => $data['lang'], 'user_type' => $user_type, 'user_actkey' => $user_actkey, 'user_ip' => $user->ip, 'user_regdate' => time(), 'user_inactive_reason' => $user_inactive_reason, 'user_inactive_time' => $user_inactive_time);
                if ($config['new_member_post_limit']) {
                    $user_row['user_new'] = 1;
                }
                // Register user...
                $user_id = user_add($user_row, $cp_data);
                // This should not happen, because the required variables are listed above...
                if ($user_id === false) {
                    trigger_error('NO_USER', E_USER_ERROR);
                }
                // Okay, captcha, your job is done.
                if ($config['enable_confirm'] && isset($captcha)) {
                    $captcha->reset();
                }
                if ($coppa && $config['email_enable']) {
                    $message = $user->lang['ACCOUNT_COPPA'];
                    $email_template = 'coppa_welcome_inactive';
                } else {
                    if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) {
                        $message = $user->lang['ACCOUNT_INACTIVE'];
                        $email_template = 'user_welcome_inactive';
                    } else {
                        if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable']) {
                            $message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
                            $email_template = 'admin_welcome_inactive';
                        } else {
                            $message = $user->lang['ACCOUNT_ADDED'];
                            $email_template = 'user_welcome';
                        }
                    }
                }
                if ($config['email_enable']) {
                    include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
                    $messenger = new messenger(false);
                    $messenger->template($email_template, $data['lang']);
                    $messenger->to($data['email'], $data['username']);
                    $messenger->anti_abuse_headers($config, $user);
                    $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($data['username']), 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
                    if ($coppa) {
                        $messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $data['email']));
                    }
                    $messenger->send(NOTIFY_EMAIL);
                    if ($config['require_activation'] == USER_ACTIVATION_ADMIN) {
                        // Grab an array of user_id's with a_user permissions ... these users can activate a user
                        $admin_ary = $auth->acl_get_list(false, 'a_user', false);
                        $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array();
                        // Also include founders
                        $where_sql = ' WHERE user_type = ' . USER_FOUNDER;
                        if (sizeof($admin_ary)) {
                            $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
                        }
                        $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
							FROM ' . USERS_TABLE . ' ' . $where_sql;
                        $result = $db->sql_query($sql);
                        while ($row = $db->sql_fetchrow($result)) {
                            $messenger->template('admin_activate', $row['user_lang']);
                            $messenger->to($row['user_email'], $row['username']);
                            $messenger->im($row['user_jabber'], $row['username']);
                            $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user_id}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}"));
                            $messenger->send($row['user_notify_type']);
                        }
                        $db->sql_freeresult($result);
                    }
                }
                $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
                trigger_error($message);
            }
        }
        $s_hidden_fields = array('agreed' => 'true', 'change_lang' => 0);
        if ($config['coppa_enable']) {
            $s_hidden_fields['coppa'] = $coppa;
        }
        if ($config['enable_confirm']) {
            $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
        }
        $s_hidden_fields = build_hidden_fields($s_hidden_fields);
        $confirm_image = '';
        // Visual Confirmation - Show images
        if ($config['enable_confirm']) {
            $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
        }
        //
        $l_reg_cond = '';
        switch ($config['require_activation']) {
            case USER_ACTIVATION_SELF:
                $l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
                break;
            case USER_ACTIVATION_ADMIN:
                $l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
                break;
        }
        $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'EMAIL' => $data['email'], 'EMAIL_CONFIRM' => $data['email_confirm'], 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register')));
        //
        $user->profile_fields = array();
        // Generate profile fields -> Template Block Variable profile_fields
        $cp->generate_profile_fields('register', $user->get_iso_lang_id());
        //
        $this->tpl_name = 'ucp_register';
        $this->page_title = 'UCP_REGISTRATION';
    }
Ejemplo n.º 8
0
/**
* handle_captcha
*
* @param string $mode The mode, build or check, to either build the captcha/confirm box, or to check if the user entered the correct confirm_code
*
* @return Returns
*	- True if the captcha code is correct and $mode is check or they do not need to view the captcha (permissions)
*	- False if the captcha code is incorrect, or not given and $mode is check
*/
function handle_captcha($mode)
{
    global $db, $template, $phpbb_root_path, $phpEx, $user, $config, $s_hidden_fields;
    if ($user->data['user_id'] != ANONYMOUS || !$config['user_blog_guest_captcha']) {
        return true;
    }
    blog_plugins::plugin_do_arg('function_handle_captcha', $mode);
    if (file_exists($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx)) {
        if (!class_exists('phpbb_captcha_factory')) {
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
        }
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_POST);
        if ($mode == 'check') {
            $captcha->validate();
            // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
            if (strpos($s_hidden_fields, 'confirm_id') === false) {
                $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
            }
            return $captcha->is_solved();
        } else {
            if ($mode == 'build' && !$captcha->solved) {
                // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
                if (strpos($s_hidden_fields, 'confirm_id') === false) {
                    $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
                }
                $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
                $template->set_filenames(array('new_captcha' => 'blog/new_captcha.html'));
                $template->assign_display('new_captcha', 'CAPTCHA', false);
                return;
            }
        }
    }
    if ($mode == 'check') {
        $confirm_id = request_var('confirm_id', '');
        $confirm_code = request_var('confirm_code', '');
        if ($confirm_id == '' || $confirm_code == '') {
            return false;
        }
        $sql = 'SELECT code
			FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\tAND session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
        $result = $db->sql_query($sql);
        $confirm_row = $db->sql_fetchrow($result);
        $db->sql_freeresult($result);
        if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) {
            return false;
        }
        // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code
        if (strpos($s_hidden_fields, 'confirm_id') === false) {
            $s_hidden_fields .= build_hidden_fields(array('confirm_id' => $confirm_id, 'confirm_code' => $confirm_code));
        }
        return true;
    } else {
        if ($mode == 'build' && !handle_captcha('check')) {
            // Show confirm image
            $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
            $db->sql_query($sql);
            // Generate code
            $code = gen_rand_string(mt_rand(5, 8));
            $confirm_id = md5(unique_id($user->ip));
            $seed = hexdec(substr(unique_id(), 4, 10));
            // compute $seed % 0x7fffffff
            $seed -= 0x7fffffff * floor($seed / 0x7fffffff);
            $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed));
            $db->sql_query($sql);
            $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&amp;id=' . $confirm_id . '&amp;type=' . CONFIRM_POST) . '" alt="" title="" />', 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')));
            $template->set_filenames(array('old_captcha' => 'blog/old_captcha.html'));
            $template->assign_var('CAPTCHA', $template->display('old_captcha'));
        }
    }
}
Ejemplo n.º 9
0
 /**
  * Generate login box or verify password
  */
 function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
 {
     self::_include('captcha/captcha_factory', 'phpbb_captcha_factory');
     self::$user->add_lang('ucp');
     $err = '';
     // Make sure user->setup() has been called
     if (empty(self::$user->lang)) {
         self::$user->setup();
     }
     // Print out error if user tries to authenticate as an administrator without having the privileges...
     if ($admin && !self::$auth->acl_get('a_')) {
         // Not authd
         // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
         if (self::$user->data['is_registered']) {
             add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
         }
         trigger_error('NO_AUTH_ADMIN');
     }
     if (isset($_POST['login'])) {
         // Get credential
         if ($admin) {
             $credential = request_var('credential', '');
             if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
                 if (self::$user->data['is_registered']) {
                     add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                 }
                 trigger_error('NO_AUTH_ADMIN');
             }
             $password = request_var('password_' . $credential, '', true);
         } else {
             $password = request_var('password', '', true);
         }
         $username = request_var('username', '', true);
         $autologin = !empty($_POST['autologin']) ? true : false;
         $viewonline = !empty($_POST['viewonline']) ? 0 : 1;
         $admin = $admin ? 1 : 0;
         $viewonline = $admin ? self::$user->data['session_viewonline'] : $viewonline;
         // Check if the supplied username is equal to the one stored within the database if re-authenticating
         if ($admin && utf8_clean_string(self::$username) != utf8_clean_string(self::$user->data['username'])) {
             // We log the attempt to use a different username...
             add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
             trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
         }
         // If authentication is successful we redirect user to previous page
         $result = self::$auth->login($username, $password, $autologin, $viewonline, $admin);
         // If admin authentication and login, we will log if it was a success or not...
         // We also break the operation on the first non-success login - it could be argued that the user already knows
         if ($admin) {
             if ($result['status'] == LOGIN_SUCCESS) {
                 add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
             } else {
                 // Only log the failed attempt if a real user tried to.
                 // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
                 if (self::$user->data['is_registered']) {
                     add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
                 }
             }
         }
         // The result parameter is always an array, holding the relevant information...
         if ($result['status'] == LOGIN_SUCCESS) {
             $redirect = request_var('redirect', '');
             if ($redirect) {
                 $redirect = titania_url::unbuild_url($redirect);
                 $base = $append = false;
                 titania_url::split_base_params($base, $append, $redirect);
                 redirect(titania_url::build_url($base, $append));
             } else {
                 redirect(titania_url::build_url(titania_url::$current_page, titania_url::$params));
             }
         }
         // Something failed, determine what...
         if ($result['status'] == LOGIN_BREAK) {
             trigger_error($result['error_msg']);
         }
         // Special cases... determine
         switch ($result['status']) {
             case LOGIN_ERROR_ATTEMPTS:
                 $captcha = phpbb_captcha_factory::get_instance(self::$config['captcha_plugin']);
                 $captcha->init(CONFIRM_LOGIN);
                 // $captcha->reset();
                 // Parse the captcha template
                 self::reset_template();
                 self::$template->set_filenames(array('captcha' => $captcha->get_template()));
                 // Correct confirm image link
                 self::$template->assign_var('CONFIRM_IMAGE_LINK', self::append_sid('ucp', 'mode=confirm&amp;confirm_id=' . $captcha->confirm_id . '&amp;type=' . $captcha->type));
                 self::$template->assign_display('captcha', 'CAPTCHA', false);
                 titania::set_custom_template();
                 $err = self::$user->lang[$result['error_msg']];
                 break;
             case LOGIN_ERROR_PASSWORD_CONVERT:
                 $err = sprintf(self::$user->lang[$result['error_msg']], self::$config['email_enable'] ? '<a href="' . self::append_sid('ucp', 'mode=sendpassword') . '">' : '', self::$config['email_enable'] ? '</a>' : '', self::$config['board_contact'] ? '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">' : '', self::$config['board_contact'] ? '</a>' : '');
                 break;
                 // Username, password, etc...
             // Username, password, etc...
             default:
                 $err = self::$user->lang[$result['error_msg']];
                 // Assign admin contact to some error messages
                 if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
                     $err = !self::$config['board_contact'] ? sprintf(self::$user->lang[$result['error_msg']], '', '') : sprintf(self::$user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">', '</a>');
                 }
                 break;
         }
     }
     // Assign credential for username/password pair
     $credential = $admin ? md5(unique_id()) : false;
     $s_hidden_fields = array('sid' => self::$user->session_id);
     if ($redirect) {
         $s_hidden_fields['redirect'] = $redirect;
     }
     if ($admin) {
         $s_hidden_fields['credential'] = $credential;
     }
     $s_hidden_fields = build_hidden_fields($s_hidden_fields);
     titania::page_header('LOGIN');
     self::$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => self::$config['email_enable'] ? self::append_sid('ucp', 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => self::$config['require_activation'] == USER_ACTIVATION_SELF && self::$config['email_enable'] ? self::append_sid('ucp', 'mode=resend_act') : '', 'U_TERMS_USE' => self::append_sid('ucp', 'mode=terms'), 'U_PRIVACY' => self::append_sid('ucp', 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? self::$user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
     titania::page_footer(true, 'login_body.html');
 }
Ejemplo n.º 10
0
/**
* Login function
*
* @param string $username
* @param string $password
* @param string $ip			IP address the login is taking place from. Used to
*							limit the number of login attempts per IP address.
* @param string $browser	The user agent used to login
* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
* @return array				A associative array of the format
*							array(
*								'status' => status constant
*								'error_msg' => string
*								'user_row' => array
*							)
*/
function login_mybb16($username, $password, $ip = '', $browser = '', $forwarded_for = '')
{
    global $db, $config;
    // do not allow empty password
    if (!$password) {
        return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
    }
    if (!$username) {
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $username_clean = utf8_clean_string($username);
    $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts, user_passwd_salt
		FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    if ($ip && !$config['ip_login_limit_use_forwarded'] || $forwarded_for && $config['ip_login_limit_use_forwarded']) {
        $sql = 'SELECT COUNT(*) AS attempts
			FROM ' . LOGIN_ATTEMPT_TABLE . '
			WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
        if ($config['ip_login_limit_use_forwarded']) {
            $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
        } else {
            $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
        }
        $result = $db->sql_query($sql);
        $attempts = (int) $db->sql_fetchfield('attempts');
        $db->sql_freeresult($result);
        $attempt_data = array('attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => $row ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean);
        $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
        $result = $db->sql_query($sql);
    } else {
        $attempts = 0;
    }
    if (!$row) {
        if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) {
            return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => array('user_id' => ANONYMOUS));
        }
        return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
    }
    $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'] || $config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'];
    // If there are too much login attempts, we need to check for an confirm image
    // Every auth module is able to define what to do by itself...
    if ($show_captcha) {
        // Visual Confirmation handling
        if (!class_exists('phpbb_captcha_factory')) {
            global $phpbb_root_path, $phpEx;
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
        }
        $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
        $captcha->init(CONFIRM_LOGIN);
        $vc_response = $captcha->validate($row);
        if ($vc_response) {
            return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row);
        } else {
            $captcha->reset();
        }
    }
    // If the password convert flag is set we need to convert it
    if ($row['user_pass_convert']) {
        // in phpBB2 passwords were used exactly as they were sent, with addslashes applied
        $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
        $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format;
        $password_new_format = '';
        set_var($password_new_format, stripslashes($password_old_format), 'string', true);
        if ($password == $password_new_format) {
            if (md5(md5($row['user_passwd_salt']) . md5($password_old_format)) === $row['user_password']) {
                $hash = phpbb_hash($password_new_format);
                // Update the password in the users table to the new format and remove user_pass_convert flag
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_password = \'' . $db->sql_escape($hash) . '\',
						user_pass_convert = 0
					WHERE user_id = ' . $row['user_id'];
                $db->sql_query($sql);
                $row['user_pass_convert'] = 0;
                $row['user_password'] = $hash;
            } else {
                // Although we weren't able to convert this password we have to
                // increase login attempt count to make sure this cannot be exploited
                $sql = 'UPDATE ' . USERS_TABLE . '
					SET user_login_attempts = user_login_attempts + 1
					WHERE user_id = ' . (int) $row['user_id'] . '
						AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
                $db->sql_query($sql);
                return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row);
            }
        }
    }
    // Check password ...
    if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) {
        // Check for old password hash...
        if (strlen($row['user_password']) == 32) {
            $hash = phpbb_hash($password);
            // Update the password in the users table to the new format
            $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}";
            $db->sql_query($sql);
            $row['user_password'] = $hash;
        }
        $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
			WHERE user_id = ' . $row['user_id'];
        $db->sql_query($sql);
        if ($row['user_login_attempts'] != 0) {
            // Successful, reset login attempts (the user passed all stages)
            $sql = 'UPDATE ' . USERS_TABLE . '
				SET user_login_attempts = 0
				WHERE user_id = ' . $row['user_id'];
            $db->sql_query($sql);
        }
        // User inactive...
        if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
            return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
        }
        // Successful login... set user_login_attempts to zero...
        return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
    }
    // Password incorrect - increase login attempts
    $sql = 'UPDATE ' . USERS_TABLE . '
		SET user_login_attempts = user_login_attempts + 1
		WHERE user_id = ' . (int) $row['user_id'] . '
			AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX;
    $db->sql_query($sql);
    // Give status about wrong password...
    return array('status' => $show_captcha ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => $show_captcha ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row);
}
Ejemplo n.º 11
0
    public function main($album_id)
    {
        $this->user->add_lang_ext('phpbbgallery/core', array('gallery'));
        $album_data = $this->album->get_info($album_id);
        $this->display->generate_navigation($album_data);
        add_form_key('gallery');
        $album_backlink = $this->helper->route('phpbbgallery_album', array('album_id' => $album_id));
        $album_loginlink = 'ucp.php?mode=login';
        $error = '';
        //Let's get authorization
        $this->auth->load_user_premissions($this->user->data['user_id']);
        if (!$this->auth->acl_check('i_upload', $album_id, $album_data['album_user_id']) || $album_data['album_status'] == $this->album->status_locked()) {
            $this->misc->not_authorised($album_backlink, $album_loginlink, 'LOGIN_EXPLAIN_UPLOAD');
        }
        $page_title = 'Upload to "' . $album_data['album_name'] . '"';
        // Before all
        if (!$this->check_fs()) {
            trigger_error('NO_WRITE_ACCESS');
        }
        $submit = $this->request->variable('submit', false);
        $mode = $this->request->variable('mode', 'upload');
        if ($mode == 'upload') {
            // Upload Quota Check
            // 1. Check album-configuration Quota
            if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) {
                //@todo: Add return link
                trigger_error('ALBUM_REACHED_QUOTA');
            }
            // 2. Check user-limit, if he is not allowed to go unlimited
            if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) {
                $sql = 'SELECT COUNT(image_id) count
					FROM ' . $this->images_table . '
					WHERE image_user_id = ' . $this->user->data['user_id'] . '
						AND image_status <> ' . $this->image->get_status_orphan() . '
						AND image_album_id = ' . $album_id;
                $result = $this->db->sql_query($sql);
                $own_images = (int) $this->db->sql_fetchfield('count');
                $this->db->sql_freeresult($result);
                if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) {
                    //@todo: Add return link
                    trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])));
                }
            }
            if ($this->misc->display_captcha('upload')) {
                phpbb_gallery_url::_include('captcha/captcha_factory', 'phpbb');
                $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
                $captcha->init(CONFIRM_POST);
                $s_captcha_hidden_fields = '';
            }
            $upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads'));
            $process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
            if ($submit) {
                if (!check_form_key('gallery')) {
                    trigger_error('FORM_INVALID');
                }
                //$process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
                $process->set_rotating($this->request->variable('rotate', array(0)));
                $process->set_allow_comments($this->request->variable('allow_comments', false));
                /*if ($this->misc->display_captcha('upload'))
                		{
                			$captcha_error = $captcha->validate();
                			if ($captcha_error !== false)
                			{
                				$process->new_error($captcha_error);
                			}
                		}
                		*/
                if (!$this->user->data['is_registered']) {
                    $username = $this->request->variable('username', $user->data['username']);
                    if ($result = validate_username($username)) {
                        $this->user->add_lang('ucp');
                        $error_array[] = $this->user->lang[$result . '_USERNAME'];
                    } else {
                        $process->set_username($username);
                    }
                }
                if (empty($process->errors)) {
                    for ($file_count = 0; $file_count < $upload_files_limit; $file_count++) {
                        /**
                         * Upload an image from the FILES-array,
                         * call some functions (rotate, resize, ...)
                         * and store the image to the database
                         */
                        $file = $this->request->file('image_file_' . $file_count, '');
                        if (isset($file['size'])) {
                            if ($file['size'] > 0) {
                                $process->upload_file($file_count);
                            }
                        }
                    }
                }
                if (!$process->uploaded_files) {
                    $process->new_error($this->user->lang['UPLOAD_NO_FILE']);
                } else {
                    $mode = 'upload_edit';
                    // Remove submit, so we get the first screen of step 2.
                    $submit = false;
                }
                $error = implode('<br />', $process->errors);
                /*if (phpbb_gallery_misc::display_captcha('upload'))
                		{
                			$captcha->reset();
                		}*/
            }
            if (!$submit || isset($process) && !$process->uploaded_files) {
                for ($i = 0; $i < $upload_files_limit; $i++) {
                    $this->template->assign_block_vars('upload_image', array());
                }
            }
            if ($mode == 'upload') {
                $this->template->assign_vars(array('ERROR' => $error, 'S_MAX_FILESIZE' => get_formatted_filesize($this->gallery_config->get('max_filesize')), 'S_MAX_WIDTH' => $this->gallery_config->get('max_width'), 'S_MAX_HEIGHT' => $this->gallery_config->get('max_height'), 'S_ALLOWED_FILETYPES' => implode(', ', $process->get_allowed_types(true)), 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_UPLOAD' => true, 'S_ALLOW_ROTATE' => $this->gallery_config->get('allow_rotate') && function_exists('imagerotate'), 'S_UPLOAD_LIMIT' => $upload_files_limit, 'S_COMMENTS_ENABLED' => $this->gallery_config->get('allow_comments') && $this->gallery_config->get('comment_user_control'), 'S_ALLOW_COMMENTS' => true, 'L_ALLOW_COMMENTS' => $this->user->lang('ALLOW_COMMENTS_ARY', $upload_files_limit)));
                /*if (phpbb_gallery_misc::display_captcha('upload'))
                		{
                			if (!$submit || !$captcha->is_solved())
                			{
                				$template->assign_vars(array(
                					'S_CONFIRM_CODE'			=> true,
                					'CAPTCHA_TEMPLATE'			=> $captcha->get_template(),
                				));
                			}
                			$template->assign_vars(array(
                				'S_CAPTCHA_HIDDEN_FIELDS'	=> $s_captcha_hidden_fields,
                			));
                		}*/
            }
        }
        if ($mode == 'upload_edit') {
            if ($submit) {
                // Upload Quota Check
                // 1. Check album-configuration Quota
                if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) {
                    //@todo: Add return link
                    trigger_error('ALBUM_REACHED_QUOTA');
                }
                // 2. Check user-limit, if he is not allowed to go unlimited
                if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) {
                    $sql = 'SELECT COUNT(image_id) count
						FROM ' . $this->images_table . '
						WHERE image_user_id = ' . $this->user->data['user_id'] . '
							AND image_status <> ' . $this->image->get_status_orphan() . '
							AND image_album_id = ' . $album_id;
                    $result = $this->db->sql_query($sql);
                    $own_images = (int) $this->db->sql_fetchfield('count');
                    $this->db->sql_freeresult($result);
                    if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) {
                        //@todo: Add return link
                        trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])));
                    }
                }
                $description_array = $this->request->variable('message', array(''), true);
                foreach ($description_array as $var) {
                    if (strlen($var) > $this->gallery_config->get('description_length')) {
                        trigger_error($this->user->lang('DESC_TOO_LONG'));
                    }
                }
                $upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads'));
                $upload_ids = $this->request->variable('upload_ids', array(''));
                $process = new \phpbbgallery\core\upload($album_id, $upload_files_limit);
                $process->set_rotating($this->request->variable('rotate', array(0)));
                $process->get_images($upload_ids);
                $image_names = $this->request->variable('image_name', array(''), true);
                $process->set_names($image_names);
                $process->set_descriptions($description_array);
                $process->set_image_num($this->request->variable('image_num', 0));
                $process->use_same_name($this->request->variable('same_name', false));
                $success = true;
                $phpbb_gallery_notification = new \phpbbgallery\core\notification();
                foreach ($process->images as $image_id) {
                    $success = $success && $process->update_image($image_id, !$this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id']), $album_data['album_contest']);
                    if ($this->gallery_user->get_data('watch_own')) {
                        $phpbb_gallery_notification->add($image_id);
                    }
                }
                $message = '';
                $error = implode('<br />', $process->errors);
                if ($this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id'])) {
                    $message .= !$error ? $this->user->lang['ALBUM_UPLOAD_SUCCESSFUL'] : $this->user->lang('ALBUM_UPLOAD_SUCCESSFUL_ERROR', $error);
                    $meta_refresh_time = $success ? 3 : 20;
                    //$this->notification_helper->notify_album($album_id, $this->user->data['user_id']);
                    $data = array('targets' => array($this->user->data['user_id']), 'album_id' => $album_id, 'last_image' => end($process->images));
                    $this->notification_helper->new_image($data);
                } else {
                    $target = array('album_id' => $album_id, 'last_image' => end($process->images), 'uploader' => $this->user->data['user_id']);
                    $this->notification_helper->notify('approval', $target);
                    $message .= !$error ? $this->user->lang['ALBUM_UPLOAD_NEED_APPROVAL'] : $this->user->lang('ALBUM_UPLOAD_NEED_APPROVAL_ERROR', $error);
                    $meta_refresh_time = 20;
                }
                $message .= '<br /><br />' . sprintf($this->user->lang['CLICK_RETURN_ALBUM'], '<a href="' . $album_backlink . '">', '</a>');
                // ToDo - notifications!!!
                //$phpbb_gallery_notification->send_notification('album', $album_id, $image_names[0]);
                $this->image->handle_counter($process->images, true);
                $this->album->update_info($album_id);
                $this->url->meta_refresh($meta_refresh_time, $album_backlink);
                trigger_error($message);
            }
            $num_images = 0;
            foreach ($process->images as $image_id) {
                $data = $process->image_data[$image_id];
                $this->template->assign_block_vars('image', array('U_IMAGE' => $this->image->generate_link('thumbnail', 'plugin', $image_id, $data['image_name'], $album_id), 'IMAGE_NAME' => $data['image_name'], 'IMAGE_DESC' => $data['image_desc']));
                $num_images++;
            }
            $s_hidden_fields = build_hidden_fields(array('upload_ids' => $process->generate_hidden_fields()));
            $s_can_rotate = $this->gallery_config->get('allow_rotate') && function_exists('imagerotate');
            $this->template->assign_vars(array('ERROR' => $error, 'S_UPLOAD_EDIT' => true, 'S_ALLOW_ROTATE' => $s_can_rotate, 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_USERNAME' => !$this->user->data['is_registered'] ? $username : '', 'NUM_IMAGES' => $num_images, 'COLOUR_ROWSPAN' => $s_can_rotate ? $num_images * 3 : $num_images * 2, 'L_DESCRIPTION_LENGTH' => $this->user->lang('DESCRIPTION_LENGTH', $this->gallery_config->get('description_length')), 'S_HIDDEN_FIELDS' => $s_hidden_fields));
        }
        return $this->helper->render('gallery/posting_body.html', $page_title);
    }
Ejemplo n.º 12
0
 function main($id, $mode)
 {
     global $config, $db, $user, $auth, $template;
     global $phpbb_admin_path, $phpbb_root_path, $phpEx;
     include $phpbb_root_path . 'includes/functions_invite.' . $phpEx;
     $invite = new invite();
     $user->add_lang(array('mods/info_acp_invite', 'acp/email'));
     switch ($mode) {
         case 'invite':
             $submit = isset($_POST['submit']) ? true : false;
             $remove_rc = isset($_REQUEST['remove_rc']) ? true : false;
             $add_rc = isset($_REQUEST['add_rc']) ? true : false;
             $disable_form = false;
             $sent = false;
             $error = array();
             $email_ary = array();
             // CAPTCHA
             $confirm_id = request_var('confirm_id', '');
             $s_hidden_fields = $confirm_id ? array('confirm_id' => $confirm_id) : array();
             // Handle multiple recipients
             $recipient_count = (int) request_var('rc', 1);
             $recipient_count = $add_rc ? $recipient_count + 1 : $recipient_count;
             $recipient_count = $remove_rc ? $recipient_count - 1 : $recipient_count;
             $recipient_count = $recipient_count < 1 ? 1 : $recipient_count;
             $recipient_count = $invite->config['multiple_recipients_max'] <= $recipient_count ? $invite->config['multiple_recipients_max'] : $recipient_count;
             $s_hidden_fields['rc'] = $recipient_count;
             add_form_key('ucp_invite');
             // Authorised?
             if (!$invite->config['enable'] || !$invite->config['enable_invitation']) {
                 trigger_error('INVITE_DISABLED');
             }
             if (!$auth->acl_get('u_send_invite')) {
                 trigger_error('NOT_AUTHORISED');
             }
             // Oops?
             if (!$config['email_enable']) {
                 trigger_error('EMAIL_DISABLED');
             }
             // Queue?
             if ($user->data['user_invitations']) {
                 $sql = 'SELECT MAX(invite_time) AS max_time FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id'];
                 $result = $db->sql_query($sql);
                 $last_invite = (int) $db->sql_fetchfield('max_time');
                 $db->sql_freeresult();
                 if (time() - $last_invite < $invite->config['queue_time']) {
                     $queue_time_m = floor(($invite->config['queue_time'] - (time() - $last_invite)) / 60);
                     $queue_time_s = ($invite->config['queue_time'] - (time() - $last_invite)) % 60;
                     $error[] = sprintf($user->lang['QUEUE_QUEUE'], $queue_time_m, $queue_time_s);
                     $disable_form = true;
                 }
             }
             // Reached limit?
             $limit_enabled = false;
             $limit_periods = array('limit_daily', 'limit_total');
             $limit_criteria = array('posts', 'topics', 'memberdays', 'registrations', 'referrals');
             foreach ($limit_periods as $k => $v) {
                 if ($invite->config['enable_' . $v]) {
                     $limit_enabled = true;
                 }
             }
             // Unlimited invitations?
             if ($invite->config['enable_unlimited']) {
                 $limit_enabled = false;
             }
             // Collect some statistical information
             if ($limit_enabled) {
                 // Invitations sent today (last 24h)
                 $last_day = time() - 86400;
                 $sql = 'SELECT COUNT(log_id) AS invitations_today FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id'] . ' AND invite_time >= ' . $last_day;
                 $result = $db->sql_query($sql);
                 $user->data['user_invitations_limit_daily'] = (int) $db->sql_fetchfield('invitations_today');
                 $db->sql_freeresult();
                 // Invitations sent altogether
                 $user->data['user_invitations_limit_total'] = $user->data['user_invitations'];
                 // Number of topics created
                 $sql = 'SELECT COUNT(topic_id) AS user_topics FROM ' . TOPICS_TABLE . ' WHERE topic_poster = ' . $user->data['user_id'];
                 $result = $db->sql_query($sql);
                 $user->data['user_topics'] = (int) $db->sql_fetchfield('user_topics');
                 $db->sql_freeresult();
                 // Days of membership
                 $user->data['user_memberdays'] = floor((time() - $user->data['user_regdate']) / 86400);
                 // Calculate the available amount of invitations
                 foreach ($limit_periods as $k => $v) {
                     if ($invite->config['enable_' . $v]) {
                         $user->data['user_' . $v] = (int) $invite->config[$v . '_basic'];
                         foreach ($limit_criteria as $ck => $cv) {
                             // Don't divide by zero
                             $user->data['user_' . $v] += $invite->config[$v . '_' . $cv] == 0 ? 0 : floor($user->data['user_' . $cv] / $invite->config[$v . '_' . $cv]) * $invite->config[$v . '_' . $cv . '_invitations'];
                         }
                         // Single recipient
                         if ($user->data['user_invitations_' . $v] >= $user->data['user_' . $v]) {
                             $error[] = sprintf($user->lang['INVITATION_' . strtoupper($v)], $user->data['user_' . $v]);
                             $disable_form = true;
                         }
                         // Multiple recipients
                         if ($recipient_count > 1 && $user->data['user_invitations_' . $v] + $recipient_count > $user->data['user_' . $v]) {
                             // $reduce = $recipient_count - ($user->data['user_' . $v] - $user->data['user_invitations_' . $v]);
                             $error[] = sprintf($user->lang['REDUCE_RECIPIENTS']) . ' ' . sprintf($user->lang['INVITATION_' . strtoupper($v) . '_MULTI'], $user->data['user_invitations_' . $v], $user->data['user_' . $v], $recipient_count);
                             $disable_form = true;
                         }
                     }
                 }
             }
             // Requirements met?
             if ($user->data['user_posts'] < $invite->config['invite_required_posts']) {
                 $error[] = sprintf($user->lang['TOO_FEW_POSTS'], $invite->config['invite_required_posts']);
                 $disable_form = true;
             }
             // Set up the array containing the important information
             $email_data = array('message_type' => $INVITE_MESSAGE_TYPE['invite'], 'method' => EMAIL, 'method_user_id' => $user->data['user_id'], 'invite_language' => $invite->config['invite_language_select'] == 'opt' ? utf8_normalize_nfc(request_var('form_invite_language_select', $user->data['user_lang'], true)) : ($invite->config['invite_language_select'] == 'user' ? $user->data['user_lang'] : $invite->config['invite_language_select']), 'priority' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? request_var('form_priority', 0) : $invite->config['invite_priority_flag'], 'subject' => utf8_normalize_nfc(request_var('form_subject', '', true)), 'message' => utf8_normalize_nfc(request_var('form_message', '', true)), 'register_key' => $invite->generate_key(), 'register_key_used' => 0, 'register_user_id' => 0, 'invite_user_id' => $user->data['user_id'], 'invite_session_ip' => $user->data['session_ip'], 'invite_time' => time(), 'expiration_time' => time() + $invite->config['invite_expiration_time'] * 86400, 'invite_zebra' => request_var('form_invite_zebra', 0), 'confirm_code' => request_var('confirm_code', ''), 'confirm_id' => request_var('confirm_id', ''));
             // Additional email data concerning the templates
             foreach ($INVITE_MESSAGE_TYPE as $string => $int) {
                 $email_data['invite_' . $string] = request_var('form_invite_' . $string, 0);
                 $email_data['invite_' . $string . '_method'] = request_var('form_invite_' . $string . '_method', 0);
             }
             // The CAPTCHA kicks in here
             if ($invite->config['invite_confirm_code']) {
                 if (!class_exists('phpbb_captcha_factory')) {
                     include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
                 }
                 $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
                 $captcha->init(CONFIRM_POST);
             }
             // Prevalidate the static data so we don't have to do it in the loop later
             if ($submit) {
                 if (!check_form_key('ucp_invite')) {
                     $error[] = 'FORM_INVALID';
                 }
                 $check_ary = array('subject' => array('string', false, $invite->config['subject_min_chars'], $invite->config['subject_max_chars']), 'message' => array('string', false, $invite->config['message_min_chars'], $invite->config['message_max_chars']));
                 $error = validate_data($email_data, $check_ary);
                 // Visual Confirmation handling
                 if ($invite->config['invite_confirm_code']) {
                     $vc_response = $captcha->validate($email_data);
                     if ($vc_response !== false) {
                         $error[] = $vc_response;
                     }
                 }
             }
             // Send out multiple invitations
             for ($i = 0; $i < $recipient_count; $i++) {
                 // Add index specific values to the data array
                 $form_register_email = utf8_normalize_nfc(request_var('form_register_email_' . $i, '', true));
                 $form_register_real_name = utf8_normalize_nfc(request_var('form_register_real_name_' . $i, '', true));
                 $email_data['register_email_' . $i] = $form_register_email;
                 $email_data['register_real_name_' . $i] = $form_register_real_name;
                 // Add every e-mail address to the referring array in order to search for multiple entries later
                 $email_ary[] = $form_register_email;
                 // No need to loop through the submit part...
                 if (sizeof($error)) {
                     continue;
                 }
                 // Do the job ...
                 if ($submit) {
                     $email_data['register_email'] = $form_register_email;
                     $email_data['register_real_name'] = $form_register_real_name;
                     // Fix language vars defined in ucp.php
                     $email_data['email'] = $email_data['register_email'];
                     // Validate index specific data
                     $check_ary = array('email' => array(array('string', false, 1, 60), array('email')), 'register_real_name' => array('string', false, 1, 60));
                     $error = validate_data($email_data, $check_ary);
                     // Fix language vars defined in ucp.php
                     unset($email_data['email']);
                     // That wouldn't make any sense...
                     if ($email_data['register_email'] == $user->data['user_email']) {
                         $error[] = $user->lang['INVITE_TO_YOUR_EMAIL'];
                     }
                     // Have our recipients received an invitation yet?
                     $sql = 'SELECT COUNT(log_id) AS multiple_invite FROM ' . INVITE_LOG_TABLE . ' WHERE register_email = "' . $email_data['register_email'] . '"';
                     $result = $db->sql_query($sql);
                     $multiple = (int) $db->sql_fetchfield('multiple_invite');
                     if ($multiple && $invite->config['invite_multiple']) {
                         $error[] = $user->lang['INVITE_MULTIPLE'];
                     }
                     if ($invite->config['invite_multiple']) {
                         $count_values = array_count_values($email_ary);
                         foreach ($count_values as $k => $v) {
                             if ($v > 1) {
                                 $error[] = $user->lang['INVITE_SAME_RECIPIENT'];
                                 break;
                             }
                         }
                     }
                     if (!sizeof($error)) {
                         $send_message = $invite->message_handle($email_data, true, false);
                         $sent = true;
                         // Email successfully sent to friend? Only check on last loop
                         if ($i == $recipient_count - 1) {
                             if ($send_message) {
                                 meta_refresh(2, append_sid("{$phpbb_root_path}index.{$phpEx}"));
                                 $message = $user->lang['EMAIL_SENT_SUCCESS'];
                             } else {
                                 $message = '<span class="error">' . $user->lang['EMAIL_SENT_FAILURE'] . '</span>';
                             }
                             $message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
                             trigger_error($message);
                         }
                     } else {
                         // No need to highlight the correct recipient block if there's only one...
                         if ($recipient_count > 1) {
                             $template->assign_var('S_ERROR_RECIPIENT_INDEX', $i);
                         }
                     }
                 }
                 unset($email_data['register_email']);
                 unset($email_data['register_real_name']);
             }
             // Replace "error" strings with their real, localised form
             $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);
             if ($invite->config['invite_confirm_code']) {
                 $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
             }
             $s_hidden_fields = build_hidden_fields($s_hidden_fields);
             $confirm_image = '';
             // Visual Confirmation - Show images
             if ($invite->config['invite_confirm_code']) {
                 $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
             }
             $template->assign_vars(array('ERROR' => sizeof($error) ? $error[0] : '', 'FORM_LANGUAGE_SELECT' => language_select($email_data['invite_language']), 'FORM_CONFIRM_IMG' => $confirm_image, 'S_ENABLE_POWERED_BY' => $invite->config['enable_powered_by'], 'S_MAIL_LOW_PRIORITY' => MAIL_LOW_PRIORITY, 'S_MAIL_NORMAL_PRIORITY' => MAIL_NORMAL_PRIORITY, 'S_MAIL_HIGH_PRIORITY' => MAIL_HIGH_PRIORITY, 'S_VALUE_EMAIL' => EMAIL, 'S_VALUE_PM' => PM, 'S_DISABLE' => $disable_form ? true : false, 'S_DISPLAY_PRIORITY' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? true : false, 'S_DISPLAY_ZEBRA' => $invite->config['zebra'] == OPTIONAL ? true : false, 'S_DISPLAY_LANGUAGE' => $invite->config['invite_language_select'] == 'opt' ? true : false, 'S_RECIPIENTS_LIMIT' => $invite->config['multiple_recipients_max'] <= $recipient_count ? true : false, 'S_CONFIRM_REFRESH' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'U_ACTION' => $this->u_action));
             // Repeat the recipient block as many times as desired
             for ($i = 0; $i < $recipient_count; $i++) {
                 $template->assign_block_vars('recipient_row', array('INDEX' => $i, 'FORM_REGISTER_EMAIL' => $email_data['register_email_' . $i], 'FORM_REGISTER_REAL_NAME' => $email_data['register_real_name_' . $i]));
             }
             // Display other message options
             foreach ($INVITE_MESSAGE_TYPE as $string => $int) {
                 // [Fix] Undefined index
                 if ($string == 'invite' || $string == 'referral') {
                     continue;
                 }
                 $template->assign_vars(array('S_DISPLAY_' . strtoupper($string) => !$invite->config[$string] ? false : ($invite->config[$string] == OPTIONAL ? true : false), 'S_DISPLAY_' . strtoupper($string) . '_METHOD' => !$invite->config[$string] ? false : ($invite->config[$string . '_method'] == OPTIONAL ? true : false)));
             }
             // Assign already existing input
             foreach ($email_data as $k => $v) {
                 $template->assign_vars(array('FORM_' . strtoupper($k) => isset($email_data[$k]) ? utf8_normalize_nfc(request_var($k, $v, true)) : ''));
             }
             break;
         case 'statistics':
             //
             break;
     }
     $this->tpl_name = 'ucp_invite_' . $mode;
     $this->page_title = 'UCP_INVITE_' . strtoupper($mode);
 }
Ejemplo n.º 13
0
    private function post()
    {
        global $phpbb_root_path, $phpEx, $template, $db, $auth;
        global $config, $user;
        if (!function_exists('generate_smilies')) {
            include $phpbb_root_path . 'includes/functions_posting.' . $phpEx;
        }
        if (!function_exists('submit_gb_post')) {
            include $phpbb_root_path . 'includes/functions_guestbook.' . $phpEx;
        }
        if (!class_exists('parse_message')) {
            include $phpbb_root_path . 'includes/message_parser.' . $phpEx;
        }
        $user->add_lang('posting');
        // Grab only parameters needed here
        $post_id = request_var('p', 0);
        $lastclick = request_var('lastclick', 0);
        $submit = isset($_POST['post']) ? true : false;
        $preview = isset($_POST['preview']) ? true : false;
        $delete = isset($_POST['delete']) ? true : false;
        $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['full_editor']) ? true : false;
        $mode = $delete && !$preview && !$refresh && $submit ? 'delete' : request_var('gbmode', '');
        $error = $post_data = array();
        $current_time = time();
        // Was cancel pressed? If so then redirect to the appropriate page
        if ($current_time - $lastclick < 2 && $submit) {
            $redirect = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&amp;u={$this->user_id}&amp;gbmode=display&amp;{$post_id}#p{$post_id}");
            redirect($redirect);
        }
        // We need to know some basic information in all cases before we do anything.
        switch ($mode) {
            case 'quote':
            case 'edit':
            case 'delete':
                if (!$post_id) {
                    $user->setup('posting');
                    trigger_error('NO_POST');
                }
                $sql = 'SELECT g.*, u.*
					FROM  ' . GUESTBOOK_TABLE . ' g, ' . USERS_TABLE . ' u
						WHERE u.user_id = g.poster_id
							AND post_id = ' . (int) $post_id;
                break;
            case 'smilies':
                $sql = '';
                generate_smilies('window');
                break;
            case 'popup':
                upload_popup();
                break;
            default:
                $sql = '';
                break;
        }
        if ($sql) {
            $result = $db->sql_query($sql);
            $post_data = $db->sql_fetchrow($result);
            $db->sql_freeresult($result);
            if (!$post_data) {
                $user->setup('posting');
                trigger_error('NO_POST');
            }
        }
        if ($mode == 'popup') {
            upload_popup($post_data['forum_style']);
            return;
        }
        if ($config['enable_post_confirm'] && !$user->data['is_registered']) {
            include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
            $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
            $captcha->init(CONFIRM_POST);
        }
        // Use post_row values in favor of submitted ones...
        $post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id;
        // Check permissions
        if ($user->data['is_bot']) {
            redirect(append_sid("{$phpbb_root_path}index.{$phpEx}"));
        }
        // Is the user able to read within this forum?
        if (!$auth->acl_get('u_gb_view')) {
            if ($user->data['user_id'] != ANONYMOUS) {
                trigger_error('USER_CANNOT_READ');
            }
            login_box('', $user->lang['LOGIN_EXPLAIN_POST']);
        }
        // Permission to do the action asked?
        $is_authed = false;
        switch ($mode) {
            case 'post':
                if ($auth->acl_get('u_gb_post')) {
                    $is_authed = true;
                }
                break;
            case 'quote':
                $post_data['post_edit_locked'] = 0;
                // @TODO: Decide if we want to add a config option/ucp option/checkbox for this feature.
                if ($post_data['poster_id'] != ANONYMOUS) {
                    $post_data['orginal_author'] = $post_data['poster_id'];
                }
                // no break;
            // no break;
            case 'reply':
                if ($auth->acl_get('u_gb_post')) {
                    $is_authed = true;
                }
                break;
            case 'edit':
                if ($user->data['is_registered'] && $auth->acl_gets('u_gb_edit', 'm_gb_edit')) {
                    $is_authed = true;
                }
                break;
            case 'delete':
                if ($user->data['is_registered'] && $auth->acl_gets('u_gb_delete', 'm_gb_delete')) {
                    $is_authed = true;
                }
                break;
        }
        if (!$is_authed) {
            $check_auth = $mode == 'quote' ? 'reply' : $mode;
            if ($user->data['is_registered']) {
                trigger_error('USER_CANNOT_' . strtoupper($check_auth));
            }
            login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]);
        }
        // Can we edit this post ... if we're a moderator with rights then always yes
        // else it depends on editing times, lock status and if we're the correct user
        if ($mode == 'edit' && !$auth->acl_get('m_gb_edit')) {
            if ($user->data['user_id'] != $post_data['poster_id']) {
                trigger_error('USER_CANNOT_EDIT');
            }
            if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) {
                trigger_error('CANNOT_EDIT_TIME');
            }
            if ($post_data['post_edit_locked']) {
                trigger_error('CANNOT_EDIT_POST_LOCKED');
            }
        }
        // Handle delete mode...
        if ($mode == 'delete') {
            handle_gb_post_delete($post_id, $post_data, $this);
            return;
        }
        // Determine some vars
        if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) {
            $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST'];
        } else {
            $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : '';
        }
        $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0;
        $post_data['post_subject_md5'] = isset($post_data['post_subject']) && $mode == 'edit' ? md5($post_data['post_subject']) : '';
        $post_data['post_subject'] = in_array($mode, array('quote', 'edit')) ? $post_data['post_subject'] : (isset($post_data['topic_title']) ? $post_data['topic_title'] : '');
        $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0;
        $post_data['icon_id'] = !isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply')) ? 0 : (int) $post_data['icon_id'];
        $message_parser = new parse_message();
        if (isset($post_data['post_text'])) {
            $message_parser->message =& $post_data['post_text'];
            unset($post_data['post_text']);
        }
        // Set some default variables
        $uninit = array('poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
        foreach ($uninit as $var_name => $default_value) {
            if (!isset($post_data[$var_name])) {
                $post_data[$var_name] = $default_value;
            }
        }
        unset($uninit);
        if ($post_data['poster_id'] == ANONYMOUS) {
            $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['post_username']) : '';
        } else {
            $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['username']) : '';
        }
        $post_data['enable_urls'] = $post_data['enable_magic_url'];
        if ($mode != 'edit') {
            $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false;
            $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false;
            $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false;
            $post_data['enable_urls'] = true;
        }
        $post_data['enable_icons'] = true;
        $post_data['enable_magic_url'] = $post_data['drafts'] = false;
        $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
        // Do we want to edit our post ?
        if ($mode == 'edit' && $post_data['bbcode_uid']) {
            $message_parser->bbcode_uid = $post_data['bbcode_uid'];
        }
        // HTML, BBCode, Smilies, Images and Flash status
        $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('u_gb_bbcode') ? true : false;
        $smilies_status = $config['allow_smilies'] && $auth->acl_get('u_gb_smilies') ? true : false;
        $img_status = $bbcode_status && $auth->acl_get('u_gb_img') ? true : false;
        $url_status = $config['allow_post_links'] ? true : false;
        $flash_status = $bbcode_status && $auth->acl_get('u_gb_flash') && $config['allow_post_flash'] ? true : false;
        $quote_status = true;
        if ($submit || $preview || $refresh) {
            $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true));
            $message_parser->message = utf8_normalize_nfc(request_var('message', '', true));
            $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true));
            $post_data['topic_time_limit'] = request_var('topic_time_limit', $mode != 'post' ? (int) $post_data['topic_time_limit'] : 0);
            if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) {
                $post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']);
            }
            $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true;
            $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true;
            $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1;
            $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('u_gb_sig') ? false : (isset($_POST['attach_sig']) && $user->data['is_registered'] ? true : false);
            if ($config['allow_topic_notify'] && $user->data['is_registered']) {
                $notify = isset($_POST['notify']) ? true : false;
            } else {
                $notify = false;
            }
            if ($submit) {
                $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1);
                $status_switch = $status_switch != $check_value;
            } else {
                $status_switch = 1;
            }
            // Grab md5 'checksum' of new message
            $message_md5 = md5($message_parser->message);
            // Check checksum ... don't re-parse message if the same
            $update_message = $mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN ? true : false;
            // Also check if subject got updated...
            $update_subject = $mode != 'edit' || $post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']);
            // Parse message
            if ($update_message) {
                if (sizeof($message_parser->warn_msg)) {
                    $error[] = implode('<br />', $message_parser->warn_msg);
                    $message_parser->warn_msg = array();
                }
                $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']);
                // On a refresh we do not care about message parsing errors
                if (sizeof($message_parser->warn_msg) && $refresh) {
                    $message_parser->warn_msg = array();
                }
            } else {
                $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield'];
            }
            if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_gb_ignoreflood')) {
                // Flood check
                $last_post_time = 0;
                if ($user->data['is_registered']) {
                    $last_post_time = $user->data['user_lastpost_time'];
                } else {
                    $sql = 'SELECT post_time AS last_post_time
						FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\tWHERE poster_ip = '" . $user->ip . "'\n\t\t\t\t\t\t\tAND post_time > " . ($current_time - $config['flood_interval']);
                    $result = $db->sql_query_limit($sql, 1);
                    if ($row = $db->sql_fetchrow($result)) {
                        $last_post_time = $row['last_post_time'];
                    }
                    $db->sql_freeresult($result);
                }
                if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
                    $error[] = $user->lang['FLOOD_ERROR'];
                }
            }
            // Validate username
            if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) {
                if (!function_exists('validate_user')) {
                    include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
                }
                if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
                    $user->add_lang('ucp');
                    $error[] = $user->lang[$result . '_USERNAME'];
                }
            }
            if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) {
                $captcha_data = array('message' => utf8_normalize_nfc(request_var('message', '', true)), 'subject' => utf8_normalize_nfc(request_var('subject', '', true)), 'username' => utf8_normalize_nfc(request_var('username', '', true)));
                $vc_response = $captcha->validate($captcha_data);
                if ($vc_response) {
                    $error[] = $vc_response;
                }
            }
            // check form
            if (($submit || $preview) && !check_form_key('posting')) {
                $error[] = $user->lang['FORM_INVALID'];
            }
            // Parse subject
            if (sizeof($message_parser->warn_msg)) {
                $error[] = implode('<br />', $message_parser->warn_msg);
            }
            // DNSBL check
            if ($config['check_dnsbl'] && !$refresh) {
                if (($dnsbl = $user->check_dnsbl('post')) !== false) {
                    $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
                }
            }
            // Store message, sync counters
            if (!sizeof($error) && $submit) {
                if ($submit) {
                    $data = array('user_id' => (int) ($mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id), 'topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'post_id' => (int) $post_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $user->data['user_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => $mode == 'edit' ? $user->data['user_id'] : (isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0), 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'guestbook' => $this);
                    // The last parameter tells submit_post if search indexer has to be run
                    submit_gb_post($mode, $post_data['post_subject'], $post_data['username'], $data, $update_message, $update_message || $update_subject ? true : false);
                    $post_id = $data['post_id'];
                    $uid = $mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id;
                    $redirect_url = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&amp;gbmode=display&amp;u={$uid}&amp;p={$post_id}#p{$post_id}");
                    if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) {
                        $captcha->reset();
                    }
                    meta_refresh(3, $redirect_url);
                    $message = $mode == 'edit' ? 'POST_EDITED' : 'POST_STORED';
                    $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>');
                    trigger_error($message);
                }
            }
        }
        // Preview
        if (!sizeof($error) && $preview) {
            $post_data['post_time'] = $mode == 'edit' ? $post_data['post_time'] : $current_time;
            $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false);
            $preview_signature = $mode == 'edit' ? $post_data['user_sig'] : $user->data['user_sig'];
            $preview_signature_uid = $mode == 'edit' ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid'];
            $preview_signature_bitfield = $mode == 'edit' ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield'];
            // Signature
            if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('u_gb_sig')) {
                $parse_sig = new parse_message($preview_signature);
                $parse_sig->bbcode_uid = $preview_signature_uid;
                $parse_sig->bbcode_bitfield = $preview_signature_bitfield;
                // Not sure about parameters for bbcode/smilies/urls... in signatures
                $parse_sig->format_display($config['allow_sig_bbcode'], true, $config['allow_sig_smilies']);
                $preview_signature = $parse_sig->message;
                unset($parse_sig);
            } else {
                $preview_signature = '';
            }
            $preview_subject = censor_text($post_data['post_subject']);
            if (!sizeof($error)) {
                $template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true));
            }
        }
        // Decode text for message display
        $post_data['bbcode_uid'] = $mode == 'quote' && !$preview && !$refresh && !sizeof($error) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid;
        $message_parser->decode_message($post_data['bbcode_uid']);
        if ($mode == 'quote' && !$submit && !$preview && !$refresh) {
            if ($config['allow_bbcode']) {
                $message_parser->message = '[quote=&quot;' . $post_data['quote_username'] . '&quot;]' . censor_text(trim($message_parser->message)) . "[/quote]\n";
            } else {
                $offset = 0;
                $quote_string = "&gt; ";
                $message = censor_text(trim($message_parser->message));
                // see if we are nesting. It's easily tricked but should work for one level of nesting
                if (strpos($message, "&gt;") !== false) {
                    $offset = 10;
                }
                $message = utf8_wordwrap($message, 75 + $offset, "\n");
                $message = $quote_string . $message;
                $message = str_replace("\n", "\n" . $quote_string, $message);
                $message_parser->message = $post_data['quote_username'] . " " . $user->lang['WROTE'] . " :\n" . $message . "\n";
            }
        }
        if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh) {
            $post_data['post_subject'] = (strpos($post_data['post_subject'], 'Re: ') !== 0 ? 'Re: ' : '') . censor_text($post_data['post_subject']);
        }
        $post_data['post_text'] = $message_parser->message;
        // MAIN POSTING PAGE BEGINS HERE
        // Generate smiley listing
        generate_smilies('inline', 0);
        // Do show topic type selection only in first post.
        $topic_type_toggle = false;
        $s_topic_icons = false;
        if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) {
            $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']);
        }
        $bbcode_checked = isset($post_data['enable_bbcode']) ? !$post_data['enable_bbcode'] : ($config['allow_bbcode'] ? !$user->optionget('bbcode') : 1);
        $smilies_checked = isset($post_data['enable_smilies']) ? !$post_data['enable_smilies'] : ($config['allow_smilies'] ? !$user->optionget('smilies') : 1);
        $urls_checked = isset($post_data['enable_urls']) ? !$post_data['enable_urls'] : 0;
        $sig_checked = $post_data['enable_sig'];
        // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting
        $notify_set = $mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set'] ? $user->data['user_notify'] : $post_data['notify_set'];
        $notify_checked = isset($notify) ? $notify : ($mode == 'post' ? $user->data['user_notify'] : $notify_set);
        // Page title & action URL, include session_id for security purpose
        $s_action = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&amp;u={$this->user_id}&amp;gbmode={$mode}", true, $user->session_id);
        $s_action .= $post_id ? "&amp;p={$post_id}" : '';
        switch ($mode) {
            case 'post':
                $page_title = $user->lang['POST_GUESTBOOK'];
                break;
            case 'quote':
            case 'reply':
                $page_title = $user->lang['POST_GUESTBOOK'];
                break;
            case 'delete':
            case 'edit':
                $page_title = $user->lang['EDIT_POST'];
                break;
        }
        // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed.
        if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) {
            $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template()));
        }
        $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />';
        if ($mode == 'edit') {
            $s_hidden_fields .= build_hidden_fields(array('edit_post_message_checksum' => $post_data['post_checksum'], 'edit_post_subject_checksum' => $post_data['post_subject_md5']));
        }
        // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview
        if (isset($captcha) && $captcha->is_solved() !== false) {
            $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields());
        }
        add_form_key('posting');
        // Start assigning vars for main posting page ...
        $template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['POST_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'TOPIC_TITLE' => censor_text($post_data['topic_title']), 'USERNAME' => !$preview && $mode != 'quote' || $preview ? $post_data['username'] : '', 'SUBJECT' => $post_data['post_subject'], 'MESSAGE' => $post_data['post_text'], 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $bbcode_status && $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 'POST_DATE' => $post_data['post_time'] ? $user->format_date($post_data['post_time']) : '', 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 'EDIT_REASON' => $post_data['post_edit_reason'], 'S_PRIVMSGS' => false, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']) ? true : false, 'S_EDIT_POST' => $mode == 'edit' ? true : false, 'S_EDIT_REASON' => false, 'S_DISPLAY_USERNAME' => !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS ? true : false, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $auth->acl_get('u_gb_sig') && $config['allow_sig'] && $user->data['is_registered'] ? true : false, 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_NOTIFY_ALLOWED' => !$user->data['is_registered'] || $mode == 'edit' && $user->data['user_id'] != $post_data['poster_id'] || !$config['allow_topic_notify'] || !$config['email_enable'] ? false : true, 'S_NOTIFY_CHECKED' => $notify_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_TYPE_TOGGLE' => '', 'S_SAVE_ALLOWED' => false, 'S_HAS_DRAFTS' => false, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_URL' => $url_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => $quote_status, 'SIGNATURE' => '', 'S_POST_ACTION' => $s_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields));
        // Build custom bbcodes array
        display_custom_bbcodes();
        $template->set_filenames(array('body' => 'posting_body.html'));
        make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
    }