if (!check_class(varset($pref['email_item_class'], e_UC_MEMBER))) {
header('Location: ' . e_BASE . 'index.php');
exit;
}
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
require_once HEADERF;
$use_imagecode = FALSE;
$imgtypes = array('jpeg', 'png', 'gif');
foreach ($imgtypes as $t) {
if (function_exists('imagecreatefrom' . $t)) {
$use_imagecode = TRUE;
}
}
if ($use_imagecode) {
require_once e_HANDLER . 'secure_img_handler.php';
$sec_img = new secure_image();
}
if (e_QUERY) {
$qs = explode('.', e_QUERY, 2);
} else {
header('location:' . e_BASE . 'index.php');
exit;
}
$source = $qs[0];
$parms = varset($qs[1], '');
unset($qs);
$error = '';
$message = '';
$referrer = strip_tags(urldecode(html_entity_decode(varset($_SERVER['HTTP_REFERER'], ''), ENT_QUOTES)));
$emailurl = $source == 'referer' ? $referrer : SITEURL;
$comments = $tp->post_toHTML(varset($_POST['comment'], ''), TRUE, 'retain_nl, emotes_off, no_make_clickable');
+----------------------------------------------------------------------------+
*/
require_once "class2.php";
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
if (USER || e_LOGIN != e_SELF) {
header('location:' . e_BASE . 'index.php');
exit;
}
$HEADER = '';
$FOOTER = '';
// Avoids strange displays when debug enabled! (But doesn't completely maintain XHTML formatting)
require_once HEADERF;
$use_imagecode = $pref['logcode'] && extension_loaded("gd");
if ($use_imagecode) {
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
}
if (!USER) {
require_once e_HANDLER . "form_handler.php";
$rs = new form();
$text = "";
$allowEmailLogin = varset($pref['allowEmailLogin'], 0);
$ulabel = array(LAN_LOGIN_1, LAN_LOGIN_28, LAN_LOGIN_29);
$LOGIN_USERNAME_LABEL = $ulabel[$allowEmailLogin];
$LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE;
$LOGIN_TABLE_USERNAME = "******";
$LOGIN_TABLE_PASSWORD = "******";
if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) {
$LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n";
}
if ($use_imagecode) {
| http://e107.org
|
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/contact.php,v $
| $Revision$
| $Date$
| $Author$
+----------------------------------------------------------------------------+
*/
require_once "class2.php";
// security image may be disabled by removing the appropriate shortcodes from the template.
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
require_once HEADERF;
if (!$CONTACT_FORM) {
if (file_exists(THEME . "contact_template.php")) {
require_once THEME . "contact_template.php";
} else {
// Redirect Page if no contact-form or contact-info is available.
if ($pref['sitecontacts'] == e_UC_NOBODY && trim(SITECONTACTINFO) == "") {
e107::getRedirect()->redirect(e_BASE . "index.php");
exit;
}
require_once e_THEME . "templates/contact_template.php";
}
}
if (isset($_POST['send-contactus'])) {
/**
# Class called when user attempts to log in
#
# @param string $username, $_POSTED user name
# @param string $userpass, $_POSTED user password
# @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
# - zero for 'normal' login
# - non-zero sets the 'remember me' flag in the cookie
' @param string $response - response string returned by CHAP login (instead of password)
# @return boolean - FALSE on login fail, TRUE on login successful
*/
public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
{
$pref = e107::getPref();
$tp = e107::getParser();
$sql = e107::getDb();
$e_event = e107::getEvent();
$_E107 = e107::getE107();
$username = trim($username);
$userpass = trim($userpass);
if ($_E107['cli'] && $username == '') {
return FALSE;
}
$forceLogin = $autologin === 'signup';
if (!$forceLogin && $autologin === 'provider') {
$forceLogin = '******';
}
if ($username == "" || $userpass == "" && $response == '' && $forceLogin !== 'provider') {
// Required fields blank
return $this->invalidLogin($username, LOGIN_BLANK_FIELD);
}
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
// $this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE); // This will exit if a ban is in force
e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ", FALSE);
// This will exit if a ban is in force
$autologin = intval($autologin);
// Will decode to zero if forced login
$authorized = false;
if (!$forceLogin && $this->e107->isInstalled('alt_auth')) {
$authMethod[0] = varset($pref['auth_method'], 'e107');
// Primary authentication method
$authMethod[1] = varset($pref['auth_method2'], 'none');
// Secondary authentication method (if defined)
$result = false;
foreach ($authMethod as $method) {
if ($method == 'e107') {
if ($this->lookupUser($username, $forceLogin)) {
if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE) {
$authorized = true;
$result = LOGIN_CONTINUE;
// Valid User exists in local DB
} elseif (varset($pref['auth_badpassword'], TRUE)) {
$result = LOGIN_TRY_OTHER;
continue;
// Should use alternate method for password auth
} else {
return $this->invalidLogin($username, LOGIN_ABORT);
}
}
} else {
if ($method != 'none') {
$auth_file = e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
if (file_exists($auth_file)) {
require_once e_PLUGIN . 'alt_auth/alt_auth_login_class.php';
$al = new alt_login($method, $username, $userpass);
$result = $al->loginResult;
switch ($result) {
case LOGIN_ABORT:
return $this->invalidLogin($username, LOGIN_ABORT);
break;
case LOGIN_DB_ERROR:
return $this->invalidLogin($username, LOGIN_DB_ERROR);
break;
case AUTH_SUCCESS:
$authorized = true;
break;
case LOGIN_TRY_OTHER:
continue;
break;
}
}
}
}
if ($result === LOGIN_CONTINUE) {
break;
}
}
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
// Check secure image
if (!$forceLogin && $pref['logcode'] && extension_loaded('gd')) {
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
// Invalid code
return $this->invalidLogin($username, LOGIN_BAD_CODE);
}
}
if (empty($this->userData)) {
if (!$this->lookupUser($username, $forceLogin)) {
return $this->invalidLogin($username, LOGIN_BAD_USERNAME);
// User doesn't exist
}
}
if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true) {
return $this->invalidLogin($username, LOGIN_BAD_PW);
}
// Check user status
switch ($this->userData['user_ban']) {
case USER_REGISTERED_NOT_VALIDATED:
// User not fully signed up - hasn't activated account.
return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED);
case USER_BANNED:
// User banned
return $this->invalidLogin($username, LOGIN_BANNED, $this->userData['user_id']);
case USER_VALIDATED:
// Valid user
break;
// Nothing to do ATM
// Nothing to do ATM
case USER_EMAIL_BOUNCED:
$bounceLAN = "Emails to [x] are bouncing back. Please [verify your email address is correct].";
//TODO LAN
$bounceMessage = $tp->lanVars($bounceLAN, $this->userData['user_email'], true);
$bounceMessage = str_replace(array('[', ']'), array("<a href='" . e_HTTP . "usersettings.php'>", "</a>"), $bounceMessage);
e107::getMessage()->addWarning($bounceMessage, 'default', true);
break;
default:
// May want to pick this up
}
// User is OK as far as core is concerned
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
if ($this->passResult !== FALSE && $this->passResult !== PASSWORD_VALID) {
// May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write
// If login by email address also allowed, will have to write that value too
// $sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id']));
}
$userpass = '';
// Finished with any plaintext password - can get rid of it
$ret = $e_event->trigger("preuserlogin", $username);
if ($ret != '') {
return $this->invalidLogin($username, LOGIN_BAD_TRIGGER, $ret);
}
// Trigger events happy as well
$user_id = $this->userData['user_id'];
$user_name = $this->userData['user_name'];
$user_admin = $this->userData['user_admin'];
$user_email = $this->userData['user_email'];
/* restrict more than one person logging in using same us/pw */
if ($pref['disallowMultiLogin']) {
if ($sql->db_Select("online", "online_ip", "online_user_id='" . $user_id . "." . $user_name . "'")) {
return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id);
}
}
// User login definitely accepted here
$cookieval = $this->userMethods->makeUserCookie($this->userData, $autologin);
// Calculate class membership - needed for a couple of things
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
$class_list = $this->userMethods->addCommonClasses($this->userData, TRUE);
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) {
// Need to note in user audit trail
$this->e107->admin_log->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',', $class_list), 'remember_me' => $autologin, 'user_admin' => $user_admin, 'user_email' => $user_email);
e107::getEvent()->trigger("login", $edata_li);
if ($_E107['cli']) {
return $cookieval;
}
if (in_array(e_UC_NEWUSER, $class_list)) {
if (time() > $this->userData['user_join'] + varset($pref['user_new_period'], 0) * 86400) {
// 'New user' probationary period expired - we can take them out of the class
$this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']);
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE);
$sql->update('user', "`user_class` = '" . $this->userData['user_class'] . "'", 'WHERE `user_id`=' . $this->userData['user_id']);
unset($class_list[e_UC_NEWUSER]);
$edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',', $class_list), 'user_email' => $user_email);
$e_event->trigger('userNotNew', $edata_li);
}
}
if ($noredirect) {
return true;
}
$redir = e_REQUEST_URL;
//$redir = e_SELF;
//if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) {
// See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
// $log_info = "New user: "******" Class: ".$this->userData['user_class']." Admin: ".$this->userData['user_admin']." Perms: ".$this->userData['user_perms'];
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
// FIXME - front page now supports SEF URLs - make a check here
foreach ($pref['frontpage_force'] as $fk => $fp) {
if (in_array($fk, $class_list)) {
// We've found the entry of interest
if (strlen($fp)) {
if (strpos($fp, 'http') === FALSE) {
$fp = str_replace(e_HTTP, '', $fp);
// This handles sites in a subdirectory properly (normally, will replace nothing)
$fp = SITEURL . $fp;
}
//$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE);
$redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE);
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
}
break;
}
}
}
$redirPrev = e107::getRedirect()->getPreviousUrl();
if ($redirPrev) {
e107::getRedirect()->redirect($redirPrev);
}
e107::getRedirect()->redirect($redir);
exit;
}
$secureimg['angle'] = "0";
$secureimg['x'] = "6";
$secureimg['y'] = "22";
$secureimg['font'] = "imagecode.ttf";
$secureimg['color'] = "90,90,90"; // red,green,blue
?>
*/
// error_reporting(E_ALL);
define('e107_INIT', true);
define('e_BASE', realpath(".." . DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR);
@(include e_BASE . 'e107_config.php');
if (!isset($mySQLserver)) {
if (defined('e_DEBUG')) {
echo "FAILED TO LOAD " . e_BASE . "e107_config.php in secimg.php";
}
exit;
}
require_once realpath(e_BASE . $HANDLERS_DIRECTORY . DIRECTORY_SEPARATOR . "secure_img_handler.php");
$sim = new secure_image();
if (!isset($_GET['id'])) {
exit;
}
$code = $_GET['id'];
if (!empty($_GET['clr']) && preg_match('/^[a-f0-9]{6}$/i', $_GET['clr'])) {
$color = $_GET['clr'];
} else {
$color = "cccccc";
}
$sim->render($code, $color);
exit;
*
* $URL$
* $Id$
*
*/
require_once 'class2.php';
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
$tp = e107::getParser();
if (USER) {
header('location:' . e_BASE . 'index.php');
exit;
}
if ($pref['fpwcode'] && extension_loaded('gd')) {
define('USE_IMAGECODE', TRUE);
require_once e_HANDLER . 'secure_img_handler.php';
$sec_img = new secure_image();
} else {
define('USE_IMAGECODE', FALSE);
}
if ($pref['membersonly_enabled']) {
$sc = array('FPW_LOGIN_LOGO' => file_exists(THEME . "images/login_logo.png") ? "<img src='" . THEME_ABS . "images/login_logo.png' alt='' />\n" : "<img src='" . e_IMAGE_ABS . "logo.png' alt='' />\n");
require_once e107::coreTemplatePath('fpw');
//correct way to load a core template.
$HEADER = $tp->simpleParse($FPW_TABLE_HEADER, $sc);
$FOOTER = $tp->simpleParse($FPW_TABLE_FOOTER, $sc);
}
$user_info = e107::getUserSession();
require_once HEADERF;
function fpw_error($txt)
{
global $ns;
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
*
* $URL$
* $Id$
*/
/* Example Custom secure_image_custom.php file:
<?php
$secureimg['image'] = "code_bg_custom"; // filename excluding the .ext
$secureimg['size'] = "15";
$secureimg['angle'] = "0";
$secureimg['x'] = "6";
$secureimg['y'] = "22";
$secureimg['font'] = "imagecode.ttf";
$secureimg['color'] = "90,90,90"; // red,green,blue
?>
*/
// error_reporting(E_ALL);
define('e107_INIT', true);
require_once realpath(dirname(__FILE__) . "/secure_img_handler.php");
$sim = new secure_image();
$sim->render($_SERVER['QUERY_STRING']);
exit;
