function logea($descripcion, $tipo = "", $usuario)
{
global $db;
$ip = check_ip_behind_proxy();
if ($tipo) {
$SELECT = "INSERT INTO log (log_usuario_id, log_usuario_login, log_descripcion, log_ip, log_tipo) VALUES ('" . $_SESSION["usuario_id"] . "', '" . $usuario . "', '" . $descripcion . "', '" . $ip . "', '" . $tipo . "')";
} else {
$SELECT = "INSERT INTO log (log_usuario_id, log_usuario_login, log_descripcion, log_ip) VALUES ('" . $_SESSION["usuario_id"] . "', '" . $usuario . "', '" . $descripcion . "', '" . $ip . "')";
}
$result = $db->get_results($SELECT);
}
function reports_from_ip($ip = '')
{
require_once mnminclude . 'votes.php';
$vote = new Vote();
$vote->type = 'links';
if ($ip) {
$vote->ip = $ip;
} else {
require_once mnminclude . 'check_behind_proxy.php';
$vote->ip = check_ip_behind_proxy();
}
$vote->link = $this->id;
return $vote->reports();
}
}
}
// if user tries to log in
if (isset($_POST["processlogin"]) && is_numeric($_POST["processlogin"]) || isset($_GET["processlogin"]) && is_numeric($_GET["processlogin"])) {
if ($_POST["processlogin"] == 1) {
// users logs in with username and password
$username = sanitize(trim($_POST['username']), 3);
$password = sanitize(trim($_POST['password']), 3);
if (isset($_POST['persistent'])) {
$persistent = sanitize($_POST['persistent'], 3);
} else {
$persistent = '';
}
$dbusername = sanitize($db->escape($username), 4);
require_once mnminclude . 'check_behind_proxy.php';
$lastip = check_ip_behind_proxy();
$login = $db->get_row("SELECT *, UNIX_TIMESTAMP()-UNIX_TIMESTAMP(login_time) AS time FROM " . table_login_attempts . " WHERE login_ip='{$lastip}'");
if ($login->login_id) {
$login_id = $login->login_id;
if ($login->time < 3) {
$errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3);
} elseif ($login->login_count >= 3) {
if ($login->time < min(60 * pow(2, $login->login_count - 3), 3600)) {
$errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Login_Incorrect_Attempts'), $login->login_count, min(60 * pow(2, $login->login_count - 3), 3600) - $login->time);
}
}
} elseif (!is_ip_approved($lastip)) {
$db->query("INSERT INTO " . table_login_attempts . " SET login_username = '******', login_time=NOW(), login_ip='{$lastip}'");
$login_id = $db->insert_id;
if (!$login_id) {
$errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3);
// http://www.affero.org/oagpl.html
// AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING".
include 'config.php';
include mnminclude . 'html1.php';
include mnminclude . 'link.php';
include mnminclude . 'pageview.php';
$requestID = $_REQUEST['id'];
$requestTitle = $_REQUEST['title'];
$requestURL = $_REQUEST['url'];
if (isset($requestTitle)) {
$requestID = $db->get_var("SELECT link_id FROM " . table_links . " WHERE `link_title_url` = '{$requestTitle}';");
}
if (isset($requestURL)) {
$requestID = $db->get_var("SELECT link_id FROM " . table_links . " WHERE `link_url` = '{$requestURL}';");
}
if (is_numeric($requestID)) {
$id = $requestID;
$link = new Link();
$link->id = $requestID;
$link->read();
$pageview = new Pageview();
$pageview->type = 'out';
$pageview->page_id = $link->id;
$pageview->user_id = $current_user->user_id;
require_once mnminclude . 'check_behind_proxy.php';
$pageview->user_ip = check_ip_behind_proxy();
$pageview->insert();
header("HTTP/1.1 301 Moved Permanently");
header('Location: ' . $link->url);
//echo $link->url;
}
}
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || $_SERVER['SERVER_PORT'] == 443 || $_SERVER['HTTPS'] == 'on') {
$globals['https'] = true;
$globals['scheme'] = 'https:';
} else {
$globals['https'] = false;
if (!empty($globals['force_ssl'])) {
$globals['scheme'] = 'https:';
} else {
$globals['scheme'] = 'http:';
}
}
// Use proxy and load balancer detection
if ($globals['check_behind_proxy']) {
$globals['proxy_ip'] = $_SERVER["REMOTE_ADDR"];
$globals['user_ip'] = check_ip_behind_proxy();
} elseif ($globals['behind_load_balancer']) {
$globals['proxy_ip'] = $_SERVER["REMOTE_ADDR"];
$globals['user_ip'] = check_ip_behind_load_balancer();
} else {
$globals['user_ip'] = $_SERVER["REMOTE_ADDR"];
$globals['proxy_ip'] = false;
}
$globals['user_ip_int'] = inet_ptod($globals['user_ip']);
$globals['cache-control'] = array();
$globals['uri'] = preg_replace('/[<>\\r\\n]/', '', urldecode($_SERVER['REQUEST_URI']));
// clean it for future use
//echo "<!-- " . $globals['uri'] . "-->\n";
// For PHP < 5
if (!function_exists('htmlspecialchars_decode')) {
function htmlspecialchars_decode($text)
function remove()
{
global $db, $the_template;
if (empty($this->ip)) {
require_once mnminclude . 'check_behind_proxy.php';
$this->ip = check_ip_behind_proxy();
}
$this->value = intval($this->value);
$sql = "Select vote_id from " . table_votes . " where vote_type = '{$this->type}' and vote_user_id = {$this->user} and vote_link_id = {$this->link} and vote_value = {$this->value} AND vote_ip = '{$this->ip}' LIMIT 1";
$the_vote = $db->get_var($sql);
if ($the_vote) {
$sql = "Delete from " . table_votes . " where vote_id = " . $the_vote;
return $db->query($sql);
}
}
function Create()
{
global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
if ($this->username == '') {
return false;
}
if ($this->pass == '') {
return false;
}
if ($this->email == '') {
return false;
}
if (!user_exists($this->username)) {
require_once mnminclude . 'check_behind_proxy.php';
$userip = check_ip_behind_proxy();
$saltedpass = generateHash($this->pass);
if (pligg_validate()) {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
$encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url = $my_base_url;
$my_pligg_base = $my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "class.phpmailer5.php";
} else {
require "class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->CharSet = 'utf-8';
$mail->Body = $message;
if (!$mail->Send()) {
return false;
exit;
}
return true;
} else {
return false;
}
} else {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function Authenticate($username, $pass, $remember = false, $already_salted_pass = '')
{
global $db;
$dbusername = sanitize($db->escape($username), 4);
check_actions('login_start', $vars);
$user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******' or user_email= '{$dbusername}' ");
if ($already_salted_pass == '') {
$saltedpass = generateHash($pass, substr($user->user_pass, 0, SALT_LENGTH));
} else {
$saltedpass = $already_salted_pass;
}
if ($user->user_id > 0 && $user->user_pass === $saltedpass && $user->user_lastlogin != "0000-00-00 00:00:00" && $user->user_enabled) {
$this->user_login = $user->user_login;
$this->user_id = $user->user_id;
$vars = array('user' => serialize($this), 'can_login' => true);
check_actions('login_pass_match', $vars);
if ($vars['can_login'] != true) {
return false;
}
$this->authenticated = TRUE;
$this->md5_pass = md5($user->user_pass);
$this->SetIDCookie(1, $remember);
require_once mnminclude . 'check_behind_proxy.php';
$lastip = check_ip_behind_proxy();
$sql = "UPDATE " . table_users . " SET user_lastip = '{$lastip}', user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1";
$db->query($sql);
return true;
}
return false;
}
function register_check_errors($username, $email, $password, $password2)
{
global $main_smarty;
require_once mnminclude . 'check_behind_proxy.php';
$userip = check_ip_behind_proxy();
if (is_ip_banned($userip)) {
$form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_YourIpIsBanned');
$error = true;
}
if (!isset($username) || strlen($username) < 3) {
// if no username was given or username is less than 3 characters
$form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserTooShort');
$error = true;
}
if (preg_match('/\\pL/u', 'a')) {
// Check if PCRE was compiled with UTF-8 support
if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $username)) {
// if username contains invalid characters
$form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
$error = true;
}
} else {
if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $username)) {
$form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
$error = true;
}
}
if (user_exists(trim($username))) {
// if username already exists
$form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserExists');
$error = true;
}
if (!check_email(trim($email))) {
// if email is not valid
$form_email_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_BadEmail');
$error = true;
}
if (email_exists(trim($email))) {
// if email already exists
$form_email_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_EmailExists');
$error = true;
}
if (strlen($password) < 5) {
// if password is less than 5 characters
$form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_FiveCharPass');
$error = true;
}
if ($password !== $password2) {
// if both passwords do not match
$form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_NoPassMatch');
$error = true;
}
$vars = array('username' => $username, 'email' => $email, 'password' => $password);
check_actions('register_check_errors', $vars);
if ($vars['error'] == true) {
$error = true;
if ($vars['username_error']) {
$form_username_error[] = $vars['username_error'];
}
if ($vars['email_error']) {
$form_email_error[] = $vars['email_error'];
}
if ($vars['password_error']) {
$form_password_error[] = $vars['password_error'];
}
}
$main_smarty->assign('form_username_error', $form_username_error);
$main_smarty->assign('form_email_error', $form_email_error);
$main_smarty->assign('form_password_error', $form_password_error);
return $error;
}
function insert()
{
global $db, $the_template;
if (empty($this->ip)) {
require_once mnminclude . 'check_behind_proxy.php';
$this->ip = check_ip_behind_proxy();
}
$this->value = intval($this->value);
$sql = "INSERT INTO " . table_votes . " (vote_type, vote_user_id, vote_link_id, vote_value, vote_ip) VALUES ('{$this->type}', {$this->user}, {$this->link}, {$this->value}, '{$this->ip}')";
if ($this->count_all() != 0) {
// clear the cache for that story that was voted on
/*include_once('Smarty.class.php');
$votesmarty = new Smarty;
$votesmarty->compile_dir = "templates_c/";
$votesmarty->template_dir = "templates/";
$votesmarty->config_dir = "";
$votesmarty->cache_dir = "templates_c/";
$votesmarty->cache = true;
$votesmarty->clear_cache($the_template . '/link_summary.tpl', 'story' . $this->link);
$votesmarty = "";
*/
}
return $db->query($sql);
}
