public static function LoadSession()
{
global $user, $bd_users;
$user = false;
$check_ip = GetRealIp();
$check = true;
$session = Filter::input('session_id', 'get');
if (!class_exists('User', false)) {
exit('include user class first');
}
if (!session_id() and !empty($session) and preg_match('/^[a-zA-Z0-9]{26,40}$/', $session)) {
session_id($session);
}
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESSION['user_name'])) {
$user = new User($_SESSION['user_name'], $bd_users['login']);
}
if (isset($_COOKIE['PRTCookie1']) and empty($user)) {
$user = new User($_COOKIE['PRTCookie1'], $bd_users['tmp']);
if ($user->id()) {
$_SESSION['user_name'] = $user->name();
$_SESSION['ip'] = $check_ip;
}
}
if (!empty($user)) {
if (!$user->id() or $user->lvl() <= 0 or $check and $check_ip != $user->ip()) {
if ($user->id()) {
$user->logout();
}
setcookie("PRTCookie1", "", time(), '/');
$user = false;
}
}
}
/**
* Process
* Works out what's going on.
* The API does the loading, saving, updating - this page just displays the right form(s), checks password validation and so on.
* After that, it'll print a success/failure message depending on what happened.
* It also checks to make sure that you're an admin before letting you add or delete.
* It also checks you're not going to delete your own account.
* If you're not an admin user, it won't let you edit anyone elses account and it won't let you delete your own account either.
*
* @see PrintHeader
* @see ParseTemplate
* @see IEM::getDatabase()
* @see GetUser
* @see GetLang
* @see User_API::Set
* @see PrintEditForm
* @see CheckUserSystem
* @see PrintManageUsers
* @see User_API::Find
* @see User_API::Admin
* @see PrintFooter
*
* @return Void Doesn't return anything, passes control over to the relevant function and prints that functions return message.
*/
function Process()
{
$action = (isset($_GET['Action'])) ? strtolower($_GET['Action']) : '';
if (!in_array($action, $this->PopupWindows)) {
$this->PrintHeader();
}
$thisuser = IEM::getCurrentUser();
$checkaction = $action;
if ($action == 'generatetoken') {
$checkaction = 'manage';
}
if (!$thisuser->HasAccess('users', $checkaction)) {
$this->DenyAccess();
}
if ($action == 'processpaging') {
$this->SetPerPage($_GET['PerPageDisplay']);
$action = '';
}
switch ($action) {
case 'generatetoken':
$check_fields = array('username', 'fullname', 'emailaddress');
foreach ($check_fields as $field) {
if (!isset($_POST[$field])) {
exit;
}
$$field = $_POST[$field];
}
$user = GetUser();
echo htmlspecialchars(sha1($username . $fullname . $emailaddress . GetRealIp(true) . time() . microtime()), ENT_QUOTES, SENDSTUDIO_CHARSET);
exit;
break;
case 'save':
$userid = (isset($_GET['UserID']))
? $_GET['UserID']
: 0;
if (empty($_POST)) {
$GLOBALS['Error'] = GetLang('UserNotUpdated');
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
$this->PrintEditForm($userid);
break;
}
$user = GetUser($userid);
$username = false;
if (isset($_POST['username'])) {
$username = $_POST['username'];
}
$userfound = $user->Find($username);
$error = false;
$template = false;
$duplicate_username = false;
if ($userfound && $userfound != $userid) {
$duplicate_username = true;
$error = GetLang('UserAlreadyExists');
}
$warnings = array();
$GLOBALS['Message'] = '';
if (!$duplicate_username) {
$to_check = array();
foreach (array('status' => 'isLastActiveUser', 'admintype' => 'isLastSystemAdmin') as $area => $desc) {
if (!isset($_POST[$area])) {
$to_check[] = $desc;
}
if (isset($_POST[$area]) && $_POST[$area] == '0') {
$to_check[] = $desc;
}
}
if ($user->isAdmin()) {
$to_check[] = 'isLastSystemAdmin';
}
$error = $this->CheckUserSystem($userid, $to_check);
if (!$error) {
$smtptype = (isset($_POST['smtptype']))
? $_POST['smtptype']
: 0;
// Make sure smtptype is eiter 0 or 1
if ($smtptype != 1) {
$smtptype = 0;
}
/**
* This was added, because User's API uses different names than of the HTML form names.
* HTML form names should stay the same to keep it consistant throught the application
*
* This will actually map HTML forms => User's API fields
*/
$areaMapping = array(
'trialuser' => 'trialuser',
'groupid' => 'groupid',
'username' => 'username',
'fullname' => 'fullname',
'emailaddress' => 'emailaddress',
'status' => 'status',
'admintype' => 'admintype',
'listadmintype' => 'listadmintype',
'segmentadmintype' => 'segmentadmintype',
'templateadmintype' => 'templateadmintype',
'editownsettings' => 'editownsettings',
'usertimezone' => 'usertimezone',
'textfooter' => 'textfooter',
'htmlfooter' => 'htmlfooter',
'infotips' => 'infotips',
'smtp_server' => 'smtpserver',
'smtp_u' => 'smtpusername',
'smtp_p' => 'smtppassword',
'smtp_port' => 'smtpport',
'usewysiwyg' => 'usewysiwyg',
'usexhtml' => 'usexhtml',
'enableactivitylog' => 'enableactivitylog',
'xmlapi' => 'xmlapi',
'xmltoken' => 'xmltoken',
'googlecalendarusername' => 'googlecalendarusername',
'googlecalendarpassword' => 'googlecalendarpassword',
'user_language' => 'user_language',
'adminnotify_email' => 'adminnotify_email',
'adminnotify_send_flag' => 'adminnotify_send_flag',
'adminnotify_send_threshold' => 'adminnotify_send_threshold',
'adminnotify_send_emailtext' => 'adminnotify_send_emailtext',
'adminnotify_import_flag' => 'adminnotify_import_flag',
'adminnotify_import_threshold' => 'adminnotify_import_threshold',
'adminnotify_import_emailtext' => 'adminnotify_import_emailtext'
);
$group = API_USERGROUPS::getRecordById($_POST['groupid']);
$totalEmails = (int) $group['limit_totalemailslimit'];
$unlimitedEmails = $totalEmails == 0;
// set fields
foreach ($areaMapping as $p => $area) {
$val = (isset($_POST[$p])) ? $_POST[$p] : '';
if (in_array($area, array('status', 'editownsettings'))) {
if ($userid == $thisuser->userid) {
$val = $thisuser->$area;
}
}
$user->Set($area, $val);
}
// activity type
$activity = IEM::requestGetPOST('eventactivitytype', '', 'trim');
if (!empty($activity)) {
$activity_array = explode("\n", $activity);
for ($i = 0, $j = count($activity_array); $i < $j; ++$i) {
$activity_array[$i] = trim($activity_array[$i]);
}
} else {
$activity_array = array();
}
$user->Set('eventactivitytype', $activity_array);
// the 'limit' things being on actually means unlimited. so check if the value is NOT set.
foreach (array('permonth', 'perhour', 'maxlists') as $p => $area) {
$limit_check = 'limit' . $area;
$val = 0;
if (!isset($_POST[$limit_check])) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: 0;
}
$user->Set($area, $val);
}
if (SENDSTUDIO_MAXHOURLYRATE > 0) {
if ($user->Get('perhour') == 0 || ($user->Get('perhour') > SENDSTUDIO_MAXHOURLYRATE)) {
$user_hourly = $this->FormatNumber($user->Get('perhour'));
if ($user->Get('perhour') == 0) {
$user_hourly = GetLang('UserPerHour_Unlimited');
}
$warnings[] = sprintf(GetLang('UserPerHourOverMaxHourlyRate'), $this->FormatNumber(SENDSTUDIO_MAXHOURLYRATE), $user_hourly);
}
}
if ($smtptype == 0) {
$user->Set('smtpserver', '');
$user->Set('smtpusername', '');
$user->Set('smtppassword', '');
$user->Set('smtpport', 25);
}
if ($_POST['ss_p'] != '') {
if ($_POST['ss_p_confirm'] != '' && $_POST['ss_p_confirm'] == $_POST['ss_p']) {
$user->Set('password', $_POST['ss_p']);
} else {
$error = GetLang('PasswordsDontMatch');
}
}
}
if (!$error) {
$user->RevokeAccess();
$temp = array();
if (!empty($_POST['permissions'])) {
foreach ($_POST['permissions'] as $area => $p) {
foreach ($p as $subarea => $k) {
$temp[$subarea] = $user->GrantAccess($area, $subarea);
}
}
}
}
}
if (!$error) {
$result = $user->Save();
if ($result) {
FlashMessage(GetLang('UserUpdated'), SS_FLASH_MSG_SUCCESS, IEM::urlFor('Users'));
} else {
$GLOBALS['Message'] = GetFlashMessages();
$GLOBALS['Error'] = GetLang('UserNotUpdated');
$GLOBALS['Message'] .= $this->ParseTemplate('ErrorMsg', true, false);
}
} else {
$GLOBALS['Error'] = $error;
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
}
if (!empty($warnings)) {
$GLOBALS['Warning'] = implode('<br/>', $warnings);
$GLOBALS['Message'] .= $this->ParseTemplate('WarningMsg', true, false);
}
$this->PrintEditForm($userid);
break;
case 'add':
$temp = get_available_user_count();
if ($temp['normal'] == 0 && $temp['trial'] == 0) {
$this->PrintManageUsers();
break;
}
$this->PrintEditForm(0);
break;
case 'delete':
$users = IEM::requestGetPOST('users', array(), 'intval');
$deleteData = (IEM::requestGetPOST('deleteData', 0, 'intval') == 1);
$this->DeleteUsers($users, $deleteData);
break;
case 'create':
$user = New User_API();
$warnings = array();
$fields = array(
'trialuser', 'username', 'fullname', 'emailaddress',
'status', 'admintype', 'editownsettings',
'listadmintype', 'segmentadmintype', 'usertimezone',
'textfooter', 'htmlfooter', 'templateadmintype',
'infotips', 'smtpserver',
'smtpusername', 'smtpport', 'usewysiwyg',
'enableactivitylog', 'xmlapi', 'xmltoken',
'googlecalendarusername','googlecalendarpassword',
'adminnotify_email','adminnotify_send_flag','adminnotify_send_threshold',
'adminnotify_send_emailtext','adminnotify_import_flag','adminnotify_import_threshold',
'adminnotify_import_emailtext'
);
if (!$user->Find($_POST['username'])) {
foreach ($fields as $p => $area) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: '';
$user->Set($area, $val);
}
// activity type
$activity = IEM::requestGetPOST('eventactivitytype', '', 'trim');
if (!empty($activity)) {
$activity_array = explode("\n", $activity);
for ($i = 0, $j = count($activity_array); $i < $j; ++$i) {
$activity_array[$i] = trim($activity_array[$i]);
}
} else {
$activity_array = array();
}
$user->Set('eventactivitytype', $activity_array);
// the 'limit' things being on actually means unlimited. so check if the value is NOT set.
foreach (array('permonth', 'perhour', 'maxlists') as $p => $area) {
$limit_check = 'limit' . $area;
$val = 0;
if (!isset($_POST[$limit_check])) {
$val = (isset($_POST[$area]))
? $_POST[$area]
: 0;
}
$user->Set($area, $val);
}
if (SENDSTUDIO_MAXHOURLYRATE > 0) {
if ($user->Get('perhour') == 0 || ($user->Get('perhour') > SENDSTUDIO_MAXHOURLYRATE)) {
$user_hourly = $this->FormatNumber($user->Get('perhour'));
if ($user->Get('perhour') == 0) {
$user_hourly = GetLang('UserPerHour_Unlimited');
}
$warnings[] = sprintf(GetLang('UserPerHourOverMaxHourlyRate'), $this->FormatNumber(SENDSTUDIO_MAXHOURLYRATE), $user_hourly);
}
}
// this has a different post value otherwise firefox tries to pre-fill it.
$smtp_password = '';
if (isset($_POST['smtp_p'])) {
$smtp_password = $_POST['smtp_p'];
}
$user->Set('smtppassword', $smtp_password);
$error = false;
if ($_POST['ss_p'] != '') {
if ($_POST['ss_p_confirm'] != '' && $_POST['ss_p_confirm'] == $_POST['ss_p']) {
$user->Set('password', $_POST['ss_p']);
} else {
$error = GetLang('PasswordsDontMatch');
}
}
if (!$error) {
if (!empty($_POST['permissions'])) {
foreach ($_POST['permissions'] as $area => $p) {
foreach ($p as $subarea => $k) {
$user->GrantAccess($area, $subarea);
}
}
}
if (!empty($_POST['lists'])) {
$user->GrantListAccess($_POST['lists']);
}
if (!empty($_POST['templates'])) {
$user->GrantTemplateAccess($_POST['templates']);
}
if (!empty($_POST['segments'])) {
$user->GrantSegmentAccess($_POST['segments']);
}
$GLOBALS['Message'] = '';
if (!empty($warnings)) {
$GLOBALS['Warning'] = implode('<br/>', $warnings);
$GLOBALS['Message'] .= $this->ParseTemplate('WarningMsg', true, false);
}
$user->Set('gettingstarted', 0);
$user->Set('groupid', (int) IEM_Request::getParam('groupid'));
$result = $user->Create();
if ($result == '-1') {
FlashMessage(GetLang('UserNotCreated_License'), SS_FLASH_MSG_ERROR, IEM::urlFor('Users'));
break;
} else {
if ($result) {
FlashMessage(GetLang('UserCreated'), SS_FLASH_MSG_SUCCESS, IEM::urlFor('Users'));
break;
} else {
FlashMessage(GetLang('UserNotCreated'), SS_FLASH_MSG_ERROR, IEM::urlFor('Users'));
}
}
} else {
$GLOBALS['Error'] = $error;
}
} else {
$GLOBALS['Error'] = GetLang('UserAlreadyExists');
}
$GLOBALS['Message'] = $this->ParseTemplate('ErrorMsg', true, false);
$details = array();
foreach (array('FullName', 'EmailAddress', 'Status', 'AdminType', 'ListAdminType', 'SegmentAdminType', 'TemplateAdminType', 'InfoTips', 'forcedoubleoptin', 'forcespamcheck', 'smtpserver', 'smtpusername', 'smtpport') as $p => $area) {
$lower = strtolower($area);
$val = (isset($_POST[$lower])) ? $_POST[$lower] : '';
$details[$area] = $val;
}
$this->PrintEditForm(0, $details);
break;
case 'edit':
$userid = IEM::requestGetGET('UserID', 0, 'intval');
if ($userid == 0) {
$this->DenyAccess();
}
$this->PrintEditForm($userid);
break;
case 'sendpreviewdisplay':
$this->PrintHeader(true);
$this->SendTestPreviewDisplay('index.php?Page=Users&Action=SendPreview', 'self.parent.getSMTPPreviewParameters()');
$this->PrintFooter(true);
break;
case 'testgooglecalendar':
$status = array(
'status' => false,
'message' => ''
);
try {
$details = array(
'username' => $_REQUEST['gcusername'],
'password' => $_REQUEST['gcpassword']
);
$this->GoogleCalendarAdd($details, true);
$status['status'] = true;
$status['message'] = GetLang('GooglecalendarTestSuccess');
} catch (Exception $e) {
$status['message'] = GetLang('GooglecalendarTestFailure');
}
print GetJSON($status);
break;
case 'sendpreview':
$this->SendTestPreview();
break;
default:
$this->PrintManageUsers();
break;
}
if (!in_array($action, $this->PopupWindows)) {
$this->PrintFooter();
}
}
$emailapi->SetSmtp($user->smtpserver, $user->smtpusername, $user->smtppassword, $user->smtpport);
}
$emailapi->TrackLinks(false);
$emailapi->ForceLinkChecks(false);
$emailapi->TrackOpens(false);
$emailapi->DisableUnsubscribe(true);
$emailapi->Set('CharSet', SENDSTUDIO_CHARSET);
$mail_result = $emailapi->Send(true);
/**
* Record the forward for statistical purposes.
*/
$forwardip = GetRealIp();
$forwardtime = $statsapi->GetServerTime();
$statid = IEM::sessionGet('Statid');
$forward_details = array(
'forwardtime' => $forwardtime,
'forwardip' => $forwardip,
'subscriberid' => $subscriber_id,
'statid' => $statid,
'listid' => $list,
'emailaddress' => $friendsemail
);
$statsapi->RecordForward($forward_details, $stats_idtype);
$errors[] = sprintf(GetLang('FormFail_AlreadySubscribedToList'), $listname);
}
}
/**
* We have errors? No point doing anything else. Print out the errors and stop.
*/
if (!empty($errors)) {
DisplayErrorPage($formapi, $formtype, $errors);
exit();
}
/**
* If there are no errors, let's do the rest of the work.
*/
$ipaddress = GetRealIp();
$subscriberapi->Set('requestip', $ipaddress);
if ($formapi->Get('requireconfirm') == true) {
$subscriberapi->Set('confirmed', 0);
} else {
$subscriberapi->Set('confirmed', 1);
}
/**
* Set this in case the person is filling in a contact form and they are already on all of the list(s).
*/
$subscriber_id = 0;
$subscriber['subscriberid'] = 0;
/**
$statstype = 'auto';
$statid = $foundparts['a'];
} else {
$statstype = 'newsletter';
$statid = $foundparts['n'];
}
$send_details = $statsapi->FetchStats($statid, $statstype);
if (empty($send_details['Lists'])) {
DisplayImage();
exit();
}
$opentime = $statsapi->GetServerTime();
$openip = GetRealIp();
$open_details = array(
'opentime' => $opentime,
'openip' => $openip,
'subscriberid' => $subscriber_id,
'statid' => $statid,
'opentype' => $opentype,
'listid' => (int)$_GET['L']
);
$statsapi->RecordOpen($open_details, $statstype);
DisplayImage();
exit();
public static function userInit()
{
global $user, $config;
MCRAuth::LoadSession();
if ($config['p_sync']) {
self::start();
$id = self::userLoad();
if ($id) {
$user = new User($id);
if ($user->lvl() <= 0) {
$user = false;
} else {
$user->login(randString(15), GetRealIp());
}
} elseif (!empty($user)) {
$user->logout();
$user = false;
}
}
}
/**
* UnsubscribeRequest
* This handles unsubscribe requests. If this is a first-time request, it logs it appropriately. If the first request wasn't acknowledged or process (ie you submit to an unsubscribe form again before clicking the 'unsubscribe' link), this will delete the old request and re-add it.
* If the request is acknowledged, the subscriber will be unsubscribed from the list accordingly.
*
* @param Int $subscriberid The subscriber's id from the database
* @param Int $listid The listid to unsubscribe them from
*
* @see IsSubscriberOnList
* @see UnsubscribeSubscriber
* @see unsubform.php
*
* @return Boolean Returns true if the unsubscribe worked, or if the request is acknowledged. Returns false if the subscriber is not on the mailing list in the first place or if the unsubscribe confirmation failed.
*/
function UnsubscribeRequest($subscriberid=0, $listid=0)
{
if (!$this->IsSubscriberOnList(false, $listid, $subscriberid, true)) {
return false;
}
$subscriberid = (int)$subscriberid;
$listid = (int)$listid;
$query = "UPDATE " . SENDSTUDIO_TABLEPREFIX . "list_subscribers SET unsubscribeconfirmed='" . $this->unsubscribeconfirmed . "' WHERE subscriberid='" . $subscriberid . "' AND listid='" . $listid . "'";
$this->Db->Query($query);
if ($this->unsubscribeconfirmed) {
$result = $this->UnsubscribeSubscriber(false, $listid, $subscriberid, true);
if ($result[0] == true) {
return true;
}
return false;
} else {
// delete the old request (if applicable).
$query = "DELETE FROM " . SENDSTUDIO_TABLEPREFIX . "list_subscribers_unsubscribe WHERE subscriberid='" . $subscriberid . "' AND listid='" . $listid . "'";
$this->Db->Query($query);
if (!$this->unsubscriberequestip) {
$this->unsubscriberequestip = GetRealIp();
}
// re-add it.
$query = "INSERT INTO " . SENDSTUDIO_TABLEPREFIX . "list_subscribers_unsubscribe (subscriberid, unsubscribetime, listid, unsubscribeip, unsubscriberequesttime, unsubscriberequestip) VALUES ('" . $subscriberid . "', 0, '" . $listid . "', '', '" . $this->GetServerTime() . "', '" . $this->unsubscriberequestip . "')";
$this->Db->Query($query);
}
return true;
}
function CanAccess($ban_type = 1)
{
global $bd_names;
$ip = GetRealIp();
$ban_type = (int) $ban_type;
$line = getDB()->fetchRow("SELECT COUNT(*) FROM `{$bd_names['ip_banning']}` " . "WHERE `IP`=:ip AND `ban_type`='" . $ban_type . "' " . "AND `ban_until` <> '0000-00-00 00:00:00' AND `ban_until` > NOW()", array('ip' => $ip), 'num');
$num = (int) $line[0];
if ($num) {
getDB()->close();
if ($ban_type == 2) {
exit('(-_-)zzZ <br>' . lng('IP_BANNED'));
}
return false;
}
return true;
}
require_once 'includes/recaptchalib.php';
$privatekey = "6LeWKcASAAAAAOInaBRHkofj8uf_f-1aRcbkQPnH";
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$smarty->assign('signup_error', $smarty->get_config_vars('reCapcha_error'));
} else {
if (preg_match("/^[a-z]+([-_.]?[a-z0-9]+)*\$/i", $_POST['username']) == 0) {
$smarty->assign('signup_error', $smarty->get_config_vars('Wrong_username'));
} elseif ($_POST['password'] != $_POST['c_password']) {
$smarty->assign('signup_error', $smarty->get_config_vars('Different_passwords'));
} else {
// Существует ли уже такой пользователь?
if ($rDB->selectCell('SELECT Count(id) FROM account WHERE username=? LIMIT 1', $_POST['username']) == 1) {
$smarty->assign('signup_error', $smarty->get_config_vars('Such_user_exists'));
} else {
$ip = GetRealIp();
// Вроде все нормально, создаем аккаунт
$success = $rDB->selectCell('
INSERT INTO account (username, sha_pass_hash, email, joindate, gmlevel, reg_ip)
VALUES (?, ?, ?, NOW(), 0, ?)
', strtoupper($_POST['username']), strtoupper(create_usersend_pass($_POST['username'], $_POST['password'])), isset($_POST['email']) ? $_POST['email'] : '', $ip);
if ($success > 0) {
// Все отлично, авторизуем
$_REQUEST['account'] = 'signin';
} else {
// Неизвестная ошибка
$smarty->assign('signup_error', $smarty->get_config_vars('Unknow_error_on_account_create'));
}
}
}
}
$url = trim($statsapi->CleanVersion($url, $subscriberinfo));
/**
* IE doesn't like redirecting to urls with an anchor on the end - so we'll strip it off.
$newurl = parse_url($url);
$url = $newurl['scheme'] . '://' . $newurl['host'];
if (isset($newurl['path'])) {
$url .= $newurl['path'];
if (isset($newurl['query'])) {
$url .= '?' . $newurl['query'];
}
}
*/
$clicktime = $statsapi->GetServerTime();
$clickip = GetRealIp();
$click_details = array(
'clicktime' => $clicktime,
'clickip' => $clickip,
'subscriberid' => $subscriberid,
'statid' => $statid,
'linkid' => $linkid,
'listid' => $listinfo['listid'],
'url' => $url
);
$statsapi->RecordLinkClick($click_details, $statstype);
/**
* Do Tracking module
/**
* Check whether or not an IP address is banned
*
* This method will also clean up the ban table for records that are no longer used.
*
* @return Boolean Returns TRUE if an IP address is recorded as banned, FALSE otherwise
*/
private function _isIPBanned()
{
// If the "login_banned_ip" table is not yet available, then bypass procedure and just return a FALSE
// (ie. Returning FALSE means the IP is NOT banned)
if (!$this->_failedLoginSecurityAvailable()) {
return false;
}
$db = IEM::getDatabase();
$tablePrefix = SENDSTUDIO_TABLEPREFIX;
$ip = GetRealIp(true);
$now = time();
// This shuld always NEVER happened, but as a precaution, we need to ban empty IPs
if (empty($ip)) {
return true;
}
// ----- Clean up unused record
$status = $db->Query("DELETE FROM {$tablePrefix}login_banned_ip WHERE bantime < {$now}");
if ($status === false) {
trigger_error('Cannot clean up unused record from ban table', E_USER_WARNING);
}
// -----
// ----- Check if the IP has exceeded login threshold
$query = "\n\t\t\t\tSELECT ipaddress\n\t\t\t\tFROM {$tablePrefix}login_banned_ip\n\t\t\t\tWHERE\tipaddress = '{$ip}'\n\t\t\t\t\t\tAND bantime >= {$now}\n\t\t\t";
$status = $db->Query($query);
if ($status === false) {
trigger_error('Cannot query ban table', E_USER_WARNING);
return true;
}
$row = $db->Fetch($status);
$db->FreeResult($status);
if (empty($row)) {
return false;
}
// -----
return true;
}
exit;
}
loadTool('ajax.php');
loadTool('user.class.php');
DBinit('login');
if ($out) {
header("Location: " . BASE_URL);
MCRAuth::userLoad();
if (!empty($user)) {
$user->logout();
}
} elseif ($login) {
$pass = Filter::input('pass');
$tmp_user = new User($login, strpos($login, '@') === false ? $bd_users['login'] : $bd_users['email']);
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
if (!$tmp_user->id()) {
aExit(4, lng('AUTH_NOT_EXIST'));
}
if ($tmp_user->auth_fail_num() >= 5) {
CaptchaCheck(6);
}
if (!$tmp_user->authenticate($pass)) {
$ajax_message['auth_fail_num'] = (int) $tmp_user->auth_fail_num();
aExit(1, lng('AUTH_FAIL') . '.<br /> <a href="#" style="color: #656565;" onclick="RestoreStart(); return false;">' . lng('AUTH_RESTORE') . ' ?</a>');
}
if ($tmp_user->lvl() <= 0) {
aExit(4, lng('USER_BANNED'));
}
$tmp_user->login(randString(15), GetRealIp(), Filter::input('save', 'post', 'bool'));
aExit(0, 'success');
}
}
if (strlen($input['email']) > 50) {
$rcodes[] = 13;
}
if (strcmp($input['pass'], $input['repass'])) {
$rcodes[] = 9;
}
tryExit();
$verification = (bool) sqlConfigGet('email-verification');
if ($verification) {
$group = 4;
} else {
$group = 1;
}
$sql = "INSERT INTO `{$bd_names['users']}` (" . "`{$bd_users['login']}`," . "`{$bd_users['password']}`," . "`{$bd_users['ip']}`," . "`{$bd_users['female']}`," . "`{$bd_users['ctime']}`," . "`{$bd_users['group']}`) VALUES(:login, :pass, :ip, '{$female}', NOW(),'{$group}')";
$result = getDB()->ask($sql, array('login' => $input['login'], 'pass' => MCRAuth::createPass($input['pass']), 'ip' => GetRealIp()));
if (!$result) {
aExit(14);
}
$tmp_user = new User(getDB()->lastInsertId());
$tmp_user->setDefaultSkin();
$next_reg = (int) sqlConfigGet('next-reg-time');
if ($next_reg > 0) {
getDB()->ask("INSERT INTO `{$bd_names['ip_banning']}` (`IP`,`time_start`,`ban_until`) " . "VALUES (:ip, NOW(), NOW()+INTERVAL {$next_reg} HOUR)", array('ip' => $_SERVER['REMOTE_ADDR']));
}
if ($tmp_user->changeEmail($input['email'], $verification) > 1) {
aExit(14, lng('MAIL_FAIL'));
}
if (!$verification) {
aExit(0, lng('REG_COMPLETE') . '. <a href="#" class="btn" onclick="Login();">' . lng('ENTER') . '</a>');
} else {
public function add()
{
for ($i = 0; $i < count($_FILES['file']['name']); $i++) {
$name = $_FILES['file']['name'][$i];
$type = $_FILES['file']['type'][$i];
$size = $_FILES['file']['size'][$i];
$tmp_name = $_FILES['file']['tmp_name'][$i];
//Make sure we have a filepath
if ($tmp_name != "") {
//Setup our new file path
$folder = "uploads/" . date('Y/m/d/') . md5(date('H:i:s')) . "/";
if (!is_dir($folder)) {
mkdir($folder, 0755, true);
}
$newFilePath = $folder . $name;
//Upload the file into the temp dir
$ip = GetRealIp();
$session_id = session_id();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$hash = get_link($_SERVER['HTTP_REFERER'])[0];
$DENY_EXT = array('php', 'php3', 'php4', 'php5', 'phtml', 'exe', 'pl', 'cgi', 'html', 'htm', 'js', 'asp', 'aspx', 'bat', 'sh', 'cmd');
$file_ext = strtolower(pathinfo($newFilePath, PATHINFO_EXTENSION));
if (!in_array($file_ext, $DENY_EXT)) {
if (move_uploaded_file($tmp_name, $newFilePath)) {
mysql_query("INSERT INTO `storage_ktga`.`files` (`created`,`hash`,`path`,`name`,`type`,`size`,`ip`,`session_id`,`user_agent`) VALUES (NOW(),'{$hash}','/{$newFilePath}','{$name}','{$type}','{$size}','{$ip}','{$session_id}','{$user_agent}');");
}
}
}
}
return $folder;
}
