if (!check_class(varset($pref['email_item_class'], e_UC_MEMBER))) { header('Location: ' . e_BASE . 'index.php'); exit; } include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); require_once HEADERF; $use_imagecode = FALSE; $imgtypes = array('jpeg', 'png', 'gif'); foreach ($imgtypes as $t) { if (function_exists('imagecreatefrom' . $t)) { $use_imagecode = TRUE; } } if ($use_imagecode) { require_once e_HANDLER . 'secure_img_handler.php'; $sec_img = new secure_image(); } if (e_QUERY) { $qs = explode('.', e_QUERY, 2); } else { header('location:' . e_BASE . 'index.php'); exit; } $source = $qs[0]; $parms = varset($qs[1], ''); unset($qs); $error = ''; $message = ''; $referrer = strip_tags(urldecode(html_entity_decode(varset($_SERVER['HTTP_REFERER'], ''), ENT_QUOTES))); $emailurl = $source == 'referer' ? $referrer : SITEURL; $comments = $tp->post_toHTML(varset($_POST['comment'], ''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
+----------------------------------------------------------------------------+ */ require_once "class2.php"; include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); if (USER || e_LOGIN != e_SELF) { header('location:' . e_BASE . 'index.php'); exit; } $HEADER = ''; $FOOTER = ''; // Avoids strange displays when debug enabled! (But doesn't completely maintain XHTML formatting) require_once HEADERF; $use_imagecode = $pref['logcode'] && extension_loaded("gd"); if ($use_imagecode) { require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); } if (!USER) { require_once e_HANDLER . "form_handler.php"; $rs = new form(); $text = ""; $allowEmailLogin = varset($pref['allowEmailLogin'], 0); $ulabel = array(LAN_LOGIN_1, LAN_LOGIN_28, LAN_LOGIN_29); $LOGIN_USERNAME_LABEL = $ulabel[$allowEmailLogin]; $LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE; $LOGIN_TABLE_USERNAME = "******"; $LOGIN_TABLE_PASSWORD = "******"; if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) { $LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n"; } if ($use_imagecode) {
| http://e107.org | | | Released under the terms and conditions of the | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/contact.php,v $ | $Revision$ | $Date$ | $Author$ +----------------------------------------------------------------------------+ */ require_once "class2.php"; // security image may be disabled by removing the appropriate shortcodes from the template. require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); require_once HEADERF; if (!$CONTACT_FORM) { if (file_exists(THEME . "contact_template.php")) { require_once THEME . "contact_template.php"; } else { // Redirect Page if no contact-form or contact-info is available. if ($pref['sitecontacts'] == e_UC_NOBODY && trim(SITECONTACTINFO) == "") { e107::getRedirect()->redirect(e_BASE . "index.php"); exit; } require_once e_THEME . "templates/contact_template.php"; } } if (isset($_POST['send-contactus'])) {
/** # Class called when user attempts to log in # # @param string $username, $_POSTED user name # @param string $userpass, $_POSTED user password # @param $autologin - 'signup' - uses a specially encoded password - logs in if matches # - zero for 'normal' login # - non-zero sets the 'remember me' flag in the cookie ' @param string $response - response string returned by CHAP login (instead of password) # @return boolean - FALSE on login fail, TRUE on login successful */ public function login($username, $userpass, $autologin, $response = '', $noredirect = false) { $pref = e107::getPref(); $tp = e107::getParser(); $sql = e107::getDb(); $e_event = e107::getEvent(); $_E107 = e107::getE107(); $username = trim($username); $userpass = trim($userpass); if ($_E107['cli'] && $username == '') { return FALSE; } $forceLogin = $autologin === 'signup'; if (!$forceLogin && $autologin === 'provider') { $forceLogin = '******'; } if ($username == "" || $userpass == "" && $response == '' && $forceLogin !== 'provider') { // Required fields blank return $this->invalidLogin($username, LOGIN_BLANK_FIELD); } // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING); // $this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE); // This will exit if a ban is in force e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ", FALSE); // This will exit if a ban is in force $autologin = intval($autologin); // Will decode to zero if forced login $authorized = false; if (!$forceLogin && $this->e107->isInstalled('alt_auth')) { $authMethod[0] = varset($pref['auth_method'], 'e107'); // Primary authentication method $authMethod[1] = varset($pref['auth_method2'], 'none'); // Secondary authentication method (if defined) $result = false; foreach ($authMethod as $method) { if ($method == 'e107') { if ($this->lookupUser($username, $forceLogin)) { if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE) { $authorized = true; $result = LOGIN_CONTINUE; // Valid User exists in local DB } elseif (varset($pref['auth_badpassword'], TRUE)) { $result = LOGIN_TRY_OTHER; continue; // Should use alternate method for password auth } else { return $this->invalidLogin($username, LOGIN_ABORT); } } } else { if ($method != 'none') { $auth_file = e_PLUGIN . 'alt_auth/' . $method . '_auth.php'; if (file_exists($auth_file)) { require_once e_PLUGIN . 'alt_auth/alt_auth_login_class.php'; $al = new alt_login($method, $username, $userpass); $result = $al->loginResult; switch ($result) { case LOGIN_ABORT: return $this->invalidLogin($username, LOGIN_ABORT); break; case LOGIN_DB_ERROR: return $this->invalidLogin($username, LOGIN_DB_ERROR); break; case AUTH_SUCCESS: $authorized = true; break; case LOGIN_TRY_OTHER: continue; break; } } } } if ($result === LOGIN_CONTINUE) { break; } } } $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username); // Check secure image if (!$forceLogin && $pref['logcode'] && extension_loaded('gd')) { require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { // Invalid code return $this->invalidLogin($username, LOGIN_BAD_CODE); } } if (empty($this->userData)) { if (!$this->lookupUser($username, $forceLogin)) { return $this->invalidLogin($username, LOGIN_BAD_USERNAME); // User doesn't exist } } if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true) { return $this->invalidLogin($username, LOGIN_BAD_PW); } // Check user status switch ($this->userData['user_ban']) { case USER_REGISTERED_NOT_VALIDATED: // User not fully signed up - hasn't activated account. return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED); case USER_BANNED: // User banned return $this->invalidLogin($username, LOGIN_BANNED, $this->userData['user_id']); case USER_VALIDATED: // Valid user break; // Nothing to do ATM // Nothing to do ATM case USER_EMAIL_BOUNCED: $bounceLAN = "Emails to [x] are bouncing back. Please [verify your email address is correct]."; //TODO LAN $bounceMessage = $tp->lanVars($bounceLAN, $this->userData['user_email'], true); $bounceMessage = str_replace(array('[', ']'), array("<a href='" . e_HTTP . "usersettings.php'>", "</a>"), $bounceMessage); e107::getMessage()->addWarning($bounceMessage, 'default', true); break; default: // May want to pick this up } // User is OK as far as core is concerned // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING); if ($this->passResult !== FALSE && $this->passResult !== PASSWORD_VALID) { // May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write // If login by email address also allowed, will have to write that value too // $sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id'])); } $userpass = ''; // Finished with any plaintext password - can get rid of it $ret = $e_event->trigger("preuserlogin", $username); if ($ret != '') { return $this->invalidLogin($username, LOGIN_BAD_TRIGGER, $ret); } // Trigger events happy as well $user_id = $this->userData['user_id']; $user_name = $this->userData['user_name']; $user_admin = $this->userData['user_admin']; $user_email = $this->userData['user_email']; /* restrict more than one person logging in using same us/pw */ if ($pref['disallowMultiLogin']) { if ($sql->db_Select("online", "online_ip", "online_user_id='" . $user_id . "." . $user_name . "'")) { return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id); } } // User login definitely accepted here $cookieval = $this->userMethods->makeUserCookie($this->userData, $autologin); // Calculate class membership - needed for a couple of things // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point $class_list = $this->userMethods->addCommonClasses($this->userData, TRUE); $user_logging_opts = e107::getConfig()->get('user_audit_opts'); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) { // Need to note in user audit trail $this->e107->admin_log->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); } $edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',', $class_list), 'remember_me' => $autologin, 'user_admin' => $user_admin, 'user_email' => $user_email); e107::getEvent()->trigger("login", $edata_li); if ($_E107['cli']) { return $cookieval; } if (in_array(e_UC_NEWUSER, $class_list)) { if (time() > $this->userData['user_join'] + varset($pref['user_new_period'], 0) * 86400) { // 'New user' probationary period expired - we can take them out of the class $this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE); $sql->update('user', "`user_class` = '" . $this->userData['user_class'] . "'", 'WHERE `user_id`=' . $this->userData['user_id']); unset($class_list[e_UC_NEWUSER]); $edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',', $class_list), 'user_email' => $user_email); $e_event->trigger('userNotNew', $edata_li); } } if ($noredirect) { return true; } $redir = e_REQUEST_URL; //$redir = e_SELF; //if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY); if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) { // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules // $log_info = "New user: "******" Class: ".$this->userData['user_class']." Admin: ".$this->userData['user_admin']." Perms: ".$this->userData['user_perms']; // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE); // FIXME - front page now supports SEF URLs - make a check here foreach ($pref['frontpage_force'] as $fk => $fp) { if (in_array($fk, $class_list)) { // We've found the entry of interest if (strlen($fp)) { if (strpos($fp, 'http') === FALSE) { $fp = str_replace(e_HTTP, '', $fp); // This handles sites in a subdirectory properly (normally, will replace nothing) $fp = SITEURL . $fp; } //$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE); $redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE); } break; } } } $redirPrev = e107::getRedirect()->getPreviousUrl(); if ($redirPrev) { e107::getRedirect()->redirect($redirPrev); } e107::getRedirect()->redirect($redir); exit; }
$secureimg['angle'] = "0"; $secureimg['x'] = "6"; $secureimg['y'] = "22"; $secureimg['font'] = "imagecode.ttf"; $secureimg['color'] = "90,90,90"; // red,green,blue ?> */ // error_reporting(E_ALL); define('e107_INIT', true); define('e_BASE', realpath(".." . DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR); @(include e_BASE . 'e107_config.php'); if (!isset($mySQLserver)) { if (defined('e_DEBUG')) { echo "FAILED TO LOAD " . e_BASE . "e107_config.php in secimg.php"; } exit; } require_once realpath(e_BASE . $HANDLERS_DIRECTORY . DIRECTORY_SEPARATOR . "secure_img_handler.php"); $sim = new secure_image(); if (!isset($_GET['id'])) { exit; } $code = $_GET['id']; if (!empty($_GET['clr']) && preg_match('/^[a-f0-9]{6}$/i', $_GET['clr'])) { $color = $_GET['clr']; } else { $color = "cccccc"; } $sim->render($code, $color); exit;
* * $URL$ * $Id$ * */ require_once 'class2.php'; include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); $tp = e107::getParser(); if (USER) { header('location:' . e_BASE . 'index.php'); exit; } if ($pref['fpwcode'] && extension_loaded('gd')) { define('USE_IMAGECODE', TRUE); require_once e_HANDLER . 'secure_img_handler.php'; $sec_img = new secure_image(); } else { define('USE_IMAGECODE', FALSE); } if ($pref['membersonly_enabled']) { $sc = array('FPW_LOGIN_LOGO' => file_exists(THEME . "images/login_logo.png") ? "<img src='" . THEME_ABS . "images/login_logo.png' alt='' />\n" : "<img src='" . e_IMAGE_ABS . "logo.png' alt='' />\n"); require_once e107::coreTemplatePath('fpw'); //correct way to load a core template. $HEADER = $tp->simpleParse($FPW_TABLE_HEADER, $sc); $FOOTER = $tp->simpleParse($FPW_TABLE_FOOTER, $sc); } $user_info = e107::getUserSession(); require_once HEADERF; function fpw_error($txt) { global $ns;
/* * e107 website system * * Copyright (C) 2008-2009 e107 Inc (e107.org) * Released under the terms and conditions of the * GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * * * $URL$ * $Id$ */ /* Example Custom secure_image_custom.php file: <?php $secureimg['image'] = "code_bg_custom"; // filename excluding the .ext $secureimg['size'] = "15"; $secureimg['angle'] = "0"; $secureimg['x'] = "6"; $secureimg['y'] = "22"; $secureimg['font'] = "imagecode.ttf"; $secureimg['color'] = "90,90,90"; // red,green,blue ?> */ // error_reporting(E_ALL); define('e107_INIT', true); require_once realpath(dirname(__FILE__) . "/secure_img_handler.php"); $sim = new secure_image(); $sim->render($_SERVER['QUERY_STRING']); exit;