function validate_username($username) { global $lang, $userdata; // Remove doubled up spaces $username = preg_replace('#\\s+#', ' ', trim($username)); $username = clean_username($username); $sql = "SELECT username\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE LOWER(username) = '" . strtolower($username) . "'"; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) { DB()->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } } DB()->sql_freeresult($result); $sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . strtolower($username) . "'"; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { DB()->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_taken']); } } DB()->sql_freeresult($result); $sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) { DB()->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = DB()->sql_fetchrow($result)); } } DB()->sql_freeresult($result); $sql = "SELECT word\n\t\tFROM " . WORDS_TABLE; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { do { if (preg_match("#\\b(" . str_replace("\\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\\b#i", $username)) { DB()->sql_freeresult($result); return array('error' => true, 'error_msg' => $lang['Username_disallowed']); } } while ($row = DB()->sql_fetchrow($result)); } } DB()->sql_freeresult($result); // Don't allow " and ALT-255 in username. if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) { return array('error' => true, 'error_msg' => $lang['Username_invalid']); } return array('error' => false, 'error_msg' => ''); }
public function run() { $crons = $this->timekeeper->list_crons(); $params = $crons['bridge_usersync']['params']; //Bridge not active, exit cronjob if (intval($this->config->get('cmsbridge_active')) === 0) { return false; } $a = $this->bridge->get_users(); $arrUser = array(); $arrCMSUsernames = array(); foreach ($a as $val) { $id = intval($val['id']); $arrUser[] = $val; $arrCMSUsernames[] = clean_username($val['name']); } foreach ($arrUser as $arrUserdata) { if ($this->pdh->get('user', 'check_username', array($arrUserdata['name'])) != 'false') { if (!$this->bridge->check_user_group($arrUserdata['id'])) { continue; } //Neu anlegen $salt = $this->user->generate_salt(); $strPassword = random_string(false, 32); $strPwdHash = $this->user->encrypt_password($strPassword, $salt); $user_id = $this->pdh->put('user', 'insert_user_bridge', array($arrUserdata['name'], $strPwdHash . ':' . $salt, $arrUserdata['email'], false)); $this->pdh->process_hook_queue(); //Sync Usergroups $this->bridge->sync_usergroups((int) $arrUserdata['id'], $user_id); } else { $user_id = $this->pdh->get('user', 'userid', array($arrUserdata['name'])); //Sync Usergroups $this->bridge->sync_usergroups((int) $arrUserdata['id'], $user_id); } } //Delete EQdkp Plus User, except Admins and Superadmins if ((int) $params['delete_eqdkp_user'] == 1) { $arrEQdkpUser = $this->pdh->aget('user', 'name', 0, array($this->pdh->get('user', 'id_list', array(true)))); foreach ($arrEQdkpUser as $userid => $username) { $username = clean_username($username); if (!in_array($username, $arrCMSUsernames)) { if ($this->user->check_group(2, false, $userid) || $this->user->check_group(3, false, $userid)) { continue; } $this->pdh->put('user', 'delete_user', array($userid)); } } } }
public function post_get_salt($params, $body) { $xml = simplexml_load_string($body); if ($xml && $xml->user) { $query = $this->db->query("SELECT user_password FROM __users WHERE LOWER(username)='" . $this->db->escape(clean_username($xml->user)) . "' AND user_active='1'"); while ($row = $this->db->fetch_record($query)) { if (strpos($row['user_password'], ':') !== false) { list($user_password, $user_salt) = explode(':', $row['user_password']); $out = array('salt' => base64_encode($user_salt)); return $out; } } return $this->pex->error('user not found'); } }
function validate_username($username, $check_ban_and_taken = true) { global $user, $lang; static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\\#\\-\'.:+ '; $username = str_compact($username); $username = clean_username($username); // Length if (mb_strlen($username, 'UTF-8') > USERNAME_MAX_LENGTH) { return $lang['USERNAME_TOO_LONG']; } else { if (mb_strlen($username, 'UTF-8') < USERNAME_MIN_LENGTH) { return $lang['USERNAME_TOO_SMALL']; } } // Allowed symbols if (!preg_match('#^[' . $name_chars . ']+$#iu', $username, $m)) { $invalid_chars = preg_replace('#[' . $name_chars . ']#iu', '', $username); return "{$lang['USERNAME_INVALID']}: <b>" . htmlCHR($invalid_chars) . "</b>"; } // HTML Entities if (preg_match_all('/&(#[0-9]+|[a-z]+);/iu', $username, $m)) { foreach ($m[0] as $ent) { if (!preg_match('/^(&|<|>)$/iu', $ent)) { return $lang['USERNAME_INVALID']; } } } if ($check_ban_and_taken) { // Занято $username_sql = DB()->escape($username); if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '******' LIMIT 1")) { if (!IS_GUEST && $row['username'] != $user->name || IS_GUEST) { return $lang['USERNAME_TAKEN']; } } // Запрещено $banned_names = array(); foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) { $banned_names[] = str_replace('\\*', '.*?', preg_quote($row['disallow_username'], '#u')); } if ($banned_names_exp = join('|', $banned_names)) { if (preg_match("#^({$banned_names_exp})\$#iu", $username)) { return $lang['USERNAME_DISALLOWED']; } } } return false; }
public function post_get_salt($params, $body) { $xml = simplexml_load_string($body); if ($xml && $xml->user) { $objQuery = $this->db->prepare("SELECT user_password FROM __users WHERE LOWER(username)=? AND user_active='1'")->limit(1)->execute(clean_username($xml->user)); if ($objQuery && $objQuery->numRows) { $row = $objQuery->fetchAssoc(); if (strpos($row['user_password'], ':') !== false) { list($user_password, $user_salt) = explode(':', $row['user_password']); $out = array('salt' => base64_encode($user_salt)); return $out; } } return $this->pex->error('user not found'); } }
function prepare_post(&$mode, &$post_data, &$error_msg, &$username, &$subject, &$message) { global $bb_cfg, $user, $userdata, $lang; // Check username if (!empty($username)) { $username = clean_username($username); if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $user->name) { require INC_DIR . 'functions_validate.php'; if ($err = validate_username($username)) { $error_msg .= $err; } } else { $username = ''; } } // Check subject if (!empty($subject)) { $subject = str_replace('&', '&', $subject); } else { if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['EMPTY_SUBJECT'] : $lang['EMPTY_SUBJECT']; } } // Check message if (!empty($message)) { } else { if ($mode != 'delete') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['EMPTY_MESSAGE'] : $lang['EMPTY_MESSAGE']; } } // Check smilies limit if ($bb_cfg['max_smilies']) { $count_smilies = substr_count(bbcode2html($message), '<img class="smile" src="' . $bb_cfg['smilies_path']); if ($count_smilies > $bb_cfg['max_smilies']) { $to_many_smilies = sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']); $error_msg .= !empty($error_msg) ? '<br />' . $to_many_smilies : $to_many_smilies; } } if (IS_GUEST && !bb_captcha('check')) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['CAPTCHA_WRONG'] : $lang['CAPTCHA_WRONG']; } }
if (!defined('IN_AJAX')) { die(basename(__FILE__)); } global $bb_cfg, $lang; if (!($user_id = intval($this->request['user_id'])) or !($profiledata = get_userdata($user_id))) { $this->ajax_die($lang['NO_USER_ID_SPECIFIED']); } if (!($field = (string) $this->request['field'])) { $this->ajax_die('invalid profile field'); } $table = BB_USERS; $value = $this->request['value'] = (string) isset($this->request['value']) ? $this->request['value'] : 0; switch ($field) { case 'username': require_once INC_DIR . 'functions_validate.php'; $value = clean_username($value); if ($err = validate_username($value)) { $this->ajax_die(strip_tags($err)); } $this->response['new_value'] = $this->request['value']; break; case 'user_email': require_once INC_DIR . 'functions_validate.php'; $value = htmlCHR($value); if ($err = validate_email($value)) { $this->ajax_die($err); } $this->response['new_value'] = $this->request['value']; break; case 'user_website': if ($value == '' || preg_match('#^https?://[\\w\\#!$%&~/.\\-;:=,?@а-яА-Я\\[\\]+]+$#iu', $value)) {
*/ case 'user_active': $active = isset($_POST['user_active']) ? (int) $_POST['user_active'] : $pr_data['user_active']; if ($submit && $adm_edit) { $pr_data['user_active'] = $active; $db_data['user_active'] = $active; } break; /** * Имя (edit, reg) */ /** * Имя (edit, reg) */ case 'username': $username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username']; if ($submit) { $err = validate_username($username); if (!$errors and $err && $mode == 'register') { $errors[] = $err; } if ($can_edit && $username != $pr_data['username'] || $mode == 'register') { $pr_data['username'] = $username; $db_data['username'] = $username; } } $tp_data['CAN_EDIT_USERNAME'] = $can_edit; $tp_data['USERNAME'] = $pr_data['username']; break; /** * Пароль (edit, reg)
/** * Login * * @param $args * @param bool $mod_admin_login * * @return array */ function login($args, $mod_admin_login = false) { $username = !empty($args['login_username']) ? clean_username($args['login_username']) : ''; $password = !empty($args['login_password']) ? $args['login_password'] : ''; if ($username && $password) { $username_sql = str_replace("\\'", "''", $username); $password_sql = md5($password); $sql = "\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username = '******'\n\t\t\t\t AND user_password = '******'\n\t\t\t\t AND user_active = 1\n\t\t\t\t AND user_id != " . GUEST_UID . "\n\t\t\t\tLIMIT 1\n\t\t\t"; if ($userdata = DB()->fetch_row($sql)) { if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == GUEST_UID || md5($password) !== $userdata['user_password'] || !$userdata['user_active']) { trigger_error('invalid userdata', E_USER_ERROR); } // Start mod/admin session if ($mod_admin_login) { DB()->query("\n\t\t\t\t\t\tUPDATE " . SESSIONS_TABLE . " SET\n\t\t\t\t\t\t\tsession_admin = " . $this->data['user_level'] . "\n\t\t\t\t\t\tWHERE session_user_id = " . $this->data['user_id'] . "\n\t\t\t\t\t\t\tAND session_id = '" . $this->data['session_id'] . "'\n\t\t\t\t\t"); $this->data['session_admin'] = $this->data['user_level']; cache_update_userdata($this->data); return $this->data; } else { if ($new_session_userdata = $this->session_create($userdata, false)) { // Removing guest sessions from this IP DB()->query("\n\t\t\t\t\t\tDELETE FROM " . SESSIONS_TABLE . "\n\t\t\t\t\t\tWHERE session_ip = '" . USER_IP . "'\n\t\t\t\t\t\t\tAND session_user_id = " . GUEST_UID . "\n\t\t\t\t\t"); return $new_session_userdata; } else { trigger_error("Could not start session : login", E_USER_ERROR); } } } } return array(); }
// // Define initial vars // if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode'])) { $mode = isset($HTTP_POST_VARS['mode']) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode']; } else { $mode = ''; } if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) { $search_keywords = isset($HTTP_POST_VARS['search_keywords']) ? $HTTP_POST_VARS['search_keywords'] : $HTTP_GET_VARS['search_keywords']; } else { $search_keywords = ''; } if (isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author'])) { $search_author = isset($HTTP_POST_VARS['search_author']) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author']; $search_author = clean_username($search_author); } else { $search_author = ''; } $search_id = isset($HTTP_GET_VARS['search_id']) ? $HTTP_GET_VARS['search_id'] : ''; $show_results = isset($HTTP_POST_VARS['show_results']) ? $HTTP_POST_VARS['show_results'] : 'posts'; $show_results = $show_results == 'topics' ? 'topics' : 'posts'; if (isset($HTTP_POST_VARS['search_terms'])) { $search_terms = $HTTP_POST_VARS['search_terms'] == 'all' ? 1 : 0; } else { $search_terms = 0; } if (isset($HTTP_POST_VARS['search_fields'])) { $search_fields = $HTTP_POST_VARS['search_fields'] == 'all' ? 1 : 0; } else { $search_fields = 0;
public function step_posts() { $defaultUser = $this->in->get('user', 0); $intDefaultCategoryPosts = $this->in->get('category_posts', 0); $arrUser = $this->pdh->aget('user', 'name', 0, array($this->pdh->get('user', 'id_list'))); $arrUserMapping = array(); foreach ($arrUser as $userid => $strUsername) { $arrUserMapping[clean_username($strUsername)] = $userid; } $objDatabase = $this->objCIFunctions->createConnection(); $objResult = $objDatabase->query('SELECT p.*, u.user_login FROM __posts p, __users u WHERE p.post_author = u.ID AND (post_type="post") AND (post_status="publish" OR post_status="draft");'); if ($objResult) { while ($arrRow = $objResult->fetchAssoc()) { //add($strTitle, $strText, $arrTags, $strPreviewimage, $strAlias, $intPublished, //$intFeatured, $intCategory, $intUserID, $intComments, $intVotes,$intDate, //$strShowFrom,$strShowTo, $intHideHeader){ $intArticleID = $this->pdh->put('articles', 'add', array($arrRow['post_title'], $this->replace_images($arrRow['post_content']), array(), '', $arrRow['post_name'] != "" ? $arrRow['post_name'] : $arrRow['post_title'], $arrRow['post_status'] == 'publish' ? 1 : 0, 0, $intDefaultCategoryPosts, isset($arrUserMapping[clean_username($arrRow['user_login'])]) ? $arrUserMapping[clean_username($arrRow['user_login'])] : $defaultUser, $arrRow['comment_status'] == 'open' ? 1 : 0, $arrRow['comment_status'] == 'open' ? 1 : 0, strtotime($arrRow['post_date_gmt']) ? strtotime($arrRow['post_date_gmt']) : strtotime($arrRow['post_modified_gmt']), '', '', 0)); $arrImported[] = $arrRow['post_title']; if ($intArticleID && (int) $arrRow['comment_count'] > 0) { $objCommentResult = $objDatabase->prepare('SELECT c.*, u.user_login FROM __comments c, __users u WHERE c.user_id = u.ID AND comment_post_ID = ? AND user_id > 0;')->execute($arrRow['ID']); if ($objCommentResult) { while ($arrCommentRow = $objCommentResult->fetchAssoc()) { //insert($attach_id, $user_id, $comment, $page, $reply_to) $userId = isset($arrUserMapping[clean_username($arrCommentRow['user_login'])]) ? $arrUserMapping[clean_username($arrCommentRow['user_login'])] : false; if ($userId) { $objQuery = $this->db->prepare("INSERT INTO __comments :p")->set(array('attach_id' => $intArticleID, 'date' => strtotime($arrCommentRow['comment_date_gmt']), 'userid' => $userId, 'text' => str_replace("\n", "[br]", filter_var($arrCommentRow['comment_content'])), 'page' => 'articles', 'reply_to' => 0))->execute(); if ($objQuery) { $id = $objQuery->insertId; $this->pdh->enqueue_hook('comment_update', $id); } } } } } } } $this->pdh->process_hook_queue(); //Display imported Posts $out = '<h2>' . $this->user->lang('ci_imported_posts') . '</h2> <table class="table">'; foreach ($arrImported as $val) { $out .= '<tr><td>' . $val . '</td></tr>'; } $out .= '</table>'; return $out; }
function get_userdata($u, $force_name = false, $allow_guest = false) { if (!$u) { return false; } if (intval($u) == GUEST_UID && $allow_guest) { if ($u_data = CACHE('ft_cache')->get('guest_userdata')) { return $u_data; } } $u_data = array(); $name_search = false; $exclude_anon_sql = !$allow_guest ? "AND user_id != " . GUEST_UID : ''; if ($force_name || !is_numeric($u)) { $name_search = true; $where_sql = "WHERE username = '******'"; } else { $where_sql = "WHERE user_id = " . (int) $u; } $sql = "SELECT * FROM " . USERS_TABLE . " {$where_sql} {$exclude_anon_sql} LIMIT 1"; if (!($u_data = DB()->fetch_row($sql))) { if (!is_int($u) && !$name_search) { $where_sql = "WHERE username = '******'"; $sql = "SELECT * FROM " . USERS_TABLE . " {$where_sql} {$exclude_anon_sql} LIMIT 1"; $u_data = DB()->fetch_row($sql); } } if ($u_data['user_id'] == GUEST_UID) { CACHE('ft_cache')->set('guest_userdata', $u_data); } return $u_data; }
/** * Attempt to log in a user * * @param $strUsername * @param $strPassword * @param $boolSetAutoLogin Save login in cookie? * @param $boolUseHash Use Hash for comparing * @return bool */ public function login($strUsername, $strPassword, $boolSetAutoLogin = false, $boolUseHash = false) { if (!$this->pdl->type_known("login")) { $this->pdl->register_type("login", false, array($this, 'pdl_html_format_login'), array(3, 4)); } $arrStatus = false; $this->error = false; //Bridge-Login, only if using not a hash if ($this->config->get('cmsbridge_active') == 1 && $this->config->get('pk_maintenance_mode') != 1 && $boolUseHash == false) { $this->pdl->log('login', 'Try Bridge Login'); $arrStatus = $this->bridge->login($strUsername, $strPassword, $boolSetAutoLogin, false); } //Bridge Login failed, Specific Auth-Method Login if (!$arrStatus) { $this->pdl->log('login', 'Bridge Login failed or Bridge not activated'); //Login-Method Login like OpenID, Facebook, ... if ($this->in->get('lmethod') != "") { $this->pdl->log('login', 'Try Auth-Method Login ' . $this->in->get('lmethod')); $arrAuthObject = $this->get_login_objects($this->in->get('lmethod')); if ($arrAuthObject) { $arrStatus = $arrAuthObject->login($strUsername, $strPassword, $boolUseHash); } if ($arrStatus) { $this->pdl->log('login', 'Auth-Method Login ' . $this->in->get('lmethod') . ' successful'); } } //Auth Login, because all other failed if (!$arrStatus) { $this->pdl->log('login', 'Try EQdkp Plus Login'); $objQuery = $this->db->prepare("SELECT user_id, username, user_password, user_email, user_active, failed_login_attempts, user_login_key\n\t\t\t\t\t\t\t\tFROM __users\n\t\t\t\t\t\t\t\tWHERE LOWER(username) =?")->execute(clean_username($strUsername)); if ($objQuery && $objQuery->numRows) { $row = $objQuery->fetchAssoc(); list($strUserPassword, $strUserSalt) = explode(':', $row['user_password']); //If it's an old password without salt or there is a better algorythm $blnNeedsUpdate = $this->checkIfHashNeedsUpdate($strUserPassword) || !$strUserSalt; if ($blnNeedsUpdate) { if ((int) $row['user_active']) { $this->pdl->log('login', 'EQDKP User needs update'); if ($this->checkPassword($strPassword, $row['user_password'], $boolUseHash)) { $strNewSalt = $this->generate_salt(); $strNewPassword = $this->encrypt_password($strPassword, $strNewSalt); $this->db->prepare("UPDATE __users :p WHERE user_id=?")->set(array('user_password' => $strNewPassword . ':' . $strNewSalt))->execute($row['user_id']); $arrStatus = array('status' => 1, 'user_id' => (int) $row['user_id'], 'password_hash' => $strNewPassword, 'user_login_key' => $row['user_login_key']); } else { $this->pdl->log('login', 'EQDKP Login failed: wrong password'); $this->error = 'wrong_password'; } } else { $this->error = 'user_inactive'; if ($row['failed_login_attempts'] >= (int) $this->config->get('failed_logins_inactivity')) { $this->error = 'user_inactive_failed_logins'; } $this->pdl->log('login', 'EQDKP Login failed: ' . $this->error); } } else { $strLoginPassword = $this->checkPassword($strPassword, $row['user_password'], $boolUseHash, true); if ((int) $row['user_active']) { if ($strLoginPassword) { $arrStatus = array('status' => 1, 'user_id' => (int) $row['user_id'], 'password_hash' => $strLoginPassword, 'user_login_key' => $row['user_login_key']); } else { $this->error = 'wrong_password'; $this->pdl->log('login', 'EQDKP Login failed: ' . $this->error); } } else { $this->error = 'user_inactive'; if ($row['failed_login_attempts'] >= (int) $this->config->get('failed_logins_inactivity')) { $this->error = 'user_inactive_failed_logins'; } $this->pdl->log('login', 'EQDKP Login failed: ' . $this->error); } } } else { $this->error = 'wrong_username'; $this->pdl->log('login', 'EQDKP Login failed: ' . $this->error); } } //If Bridge is active, check if EQdkp User is allowed to login if ($arrStatus && $this->config->get('cmsbridge_active') == 1 && (int) $this->config->get('pk_maintenance_mode') != 1) { $this->pdl->log('login', 'Check EQdkp Plus User against Bridge Groups'); //Only CMS User are allowed to login if ((int) $this->config->get('cmsbridge_onlycmsuserlogin')) { $this->pdl->log('login', 'Only CMS User are allowed to login'); //check if user is Superadmin, if yes, login $blnIsSuperadmin = $this->check_group(2, false, (int) $arrStatus['user_id']); //try Bridge-Login without passwort if (!$blnIsSuperadmin) { $this->pdl->log('login', 'User ist not Superadmin, check against Bridge Groups'); $arrStatus = $this->bridge->login($this->pdh->get('user', 'name', array((int) $arrStatus['user_id'])), false, false, $boolUseHash, false, false); } //deny access if not Superadmin and not in the groups if (!$blnIsSuperadmin && !$arrStatus) { $arrStatus = false; } } else { //Everyone is allowed to login $this->pdl->log('login', 'Checks complete, call Bridge SSO if needed'); //Bridge-Login without password, for settings Single Sign On $this->bridge->login($this->pdh->get('user', 'name', array((int) $arrStatus['user_id'])), false, false, $boolUseHash, false, false); } } } //Auth Method After-Login - reading only $this->pdl->log('login', 'Possible Intercept by Auth Methods'); $this->handle_login_functions("after_login", false, array($arrStatus, $strUsername, $strPassword, $boolUseHash, isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin)); if (!$arrStatus) { $this->pdl->log('login', 'User login failed'); $this->db->prepare("UPDATE __sessions SET session_failed_logins = session_failed_logins + 1 WHERE session_id=?")->execute($this->sid); $this->data['session_failed_logins']++; //Failed Login if ($this->config->get('pk_maintenance_mode') != 1) { //Only do this if not in MMode $userid = $this->pdh->get('user', 'userid', array($strUsername)); if ($userid != ANONYMOUS && $this->pdh->get('user', 'active', array($userid))) { $intFailedLogins = $this->pdh->get('user', 'failed_logins', array($userid)); $intFailedLogins++; $this->pdh->put('user', 'update_failed_logins', array($userid, $intFailedLogins)); //Set him inactive if ((int) $this->config->get('failed_logins_inactivity') > 0 && $intFailedLogins == (int) $this->config->get('failed_logins_inactivity')) { $this->pdh->put('user', 'activate', array($userid, 0)); //Write to admin-Log $this->logs->add('action_user_failed_logins', '', $userid, $strUsername, false, '', 1, $userid); //Send the User an Email with activation link $user_key = $this->pdh->put('user', 'create_new_activationkey', array($userid)); // Email them their new key $email = registry::register('MyMailer'); $bodyvars = array('USERNAME' => $strUsername, 'U_ACTIVATE' => $this->env->link . $this->controller_path_plain . 'Register/Activate/?key=' . $user_key); $email->SendMailFromAdmin($this->pdh->get('user', 'email', array($userid)), $this->lang('email_subject_activation_self'), 'user_activation_failed_logins.html', $bodyvars); } } } } else { $this->pdl->log('login', 'User successfull authenticated'); $this->hooks->process('user_login_successful', array('auth_method' => 'db', 'user_id' => $arrStatus['user_id'], 'autologin' => isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin)); //User successfull authenticated - destroy old session and create a new one $this->db->prepare("UPDATE __users :p WHERE user_id=?")->set(array('failed_login_attempts' => 0))->execute($arrStatus['user_id']); $this->destroy(); $this->create($arrStatus['user_id'], isset($arrStatus['user_login_key']) ? $arrStatus['user_login_key'] : '', isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin); return true; } return false; }
<?php if (!defined('FT_ROOT')) { die(basename(__FILE__)); } if (isset($HTTP_POST_VARS['submit'])) { $username = !empty($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : ''; $email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "'\n\t\t\tAND username = '******'", "''", $username) . "'"; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { if (!$row['user_active']) { message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']); } $username = $row['username']; $user_id = $row['user_id']; $user_actkey = make_rand_str(true); $key_len = 54 - strlen($server_url); $key_len = $str_len > 6 ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = make_rand_str(false); $sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id']; if (!DB()->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql); } require FT_ROOT . 'includes/emailer.php'; $emailer = new emailer($ft_cfg['smtp_delivery']); $emailer->from($ft_cfg['board_email']); $emailer->replyto($ft_cfg['board_email']); $emailer->use_template('user_activate_passwd', $row['user_lang']); $emailer->email_address($row['user_email']);
$is_moderator = TRUE; } // // Handle Additions, removals, approvals and denials // if (!empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['remove']) || isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny'])) { if (!$userdata['session_logged_in']) { redirect(append_sid("login.php?redirect=groupcp.php&" . POST_GROUPS_URL . "={$group_id}", true)); } if (!$is_moderator) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("index.php") . '">')); $message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.php") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } if (isset($HTTP_POST_VARS['add'])) { $username = isset($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : ''; $sql = "SELECT user_id, user_email, user_lang, user_level\n\t\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username = '******'", "''", $username) . "'"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql); } if (!($row = DB()->sql_fetchrow($result))) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">')); $message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . append_sid("index.php") . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } if ($row['user_id'] == GUEST_UID) { $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">')); $message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.php") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } $sql = "SELECT ug.user_id, u.user_level\n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
function get_userdata($user, $force_str = false) { global $db; if (intval($user) == 0 || $force_str) { $user = clean_username($user); } else { $user = intval($user); } $sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE '; $sql .= (is_integer($user) ? "user_id='{$user}'" : "username='******'") . ' AND user_id<>' . ANONYMOUS; $result = $db->Execute($sql); return $result->fields ? $result->fields : false; }
// show array forms foreach ($sxml->{'string-array'} as $stringarray) { $k = $stringarray['name']; $tstringarrays = $txml->xpath('//string-array[@name="' . $k . '"]'); if (is_array($tstringarrays) && array_key_exists(0, $tstringarrays)) { $tstringarray = $tstringarrays[0]; } else { $tstringarray = array(); // FIXME } $formcolor = $color_green; $form = ''; $form = $form.'<form method="post" action="edit.php?lang='.$lang.'&file='.$file.'&hidegreen='.$hidegreen.'#'.$k.'" id="'.$k.'">'."\n"; $form = $form.' String name: <b>'.$k."</b><br/>\n"; if (!empty($username) && !empty($tstringarray['username'])) { $form = $form.' translator: <input type="text" disabled="disabled" value="'.clean_username($tstringarray['username']).'" size="50" />'."<br/>\n"; } $form = $form.' <input name="action" value="edit-string-array" type="hidden" />'."\n"; $form = $form.' <table>'; $i = 0; foreach ($stringarray->item as $item) { $av = (string) $item; $tv = (string) $tstringarray; if (count($tstringarray) > $i && empty($tstringarray->item[$i]['notranslation'])) { $atv = (string) $tstringarray->item[$i]; } else { $atv = ''; } $decodedv = decode_string($av); $decodedtv = decode_string($atv); if (
$select_letter .= $by_letter == chr($i) ? '<b>' . chr($i) . '</b> ' : '<a class="genmed" href="' . ("memberlist.php?letter=" . chr($i) . "&mode={$mode}&order={$sort_order}") . '">' . chr($i) . '</a> '; } // RUS $select_letter .= ': '; for ($i = 224, $cnt = 255; $i <= $cnt; $i++) { $select_letter .= $by_letter == iconv('windows-1251', 'UTF-8', chr($i)) ? '<b>' . iconv('windows-1251', 'UTF-8', chr($i - 32)) . '</b> ' : '<a class="genmed" href="' . ("memberlist.php?letter=%" . strtoupper(base_convert($i, 10, 16)) . "&mode={$mode}&order={$sort_order}") . '">' . iconv('windows-1251', 'UTF-8', chr($i - 32)) . '</a> '; } $select_letter .= ': '; $select_letter .= $by_letter == 'others' ? '<b>' . $lang['OTHERS'] . '</b> ' : '<a class="genmed" href="' . "memberlist.php?letter=others&mode={$mode}&order={$sort_order}" . '">' . $lang['OTHERS'] . '</a> '; $select_letter .= ': '; $select_letter .= $by_letter == 'all' ? '<b>' . $lang['ALL'] . '</b>' : '<a class="genmed" href="' . "memberlist.php?letter=all&mode={$mode}&order={$sort_order}" . '">' . $lang['ALL'] . '</a>'; $template->assign_vars(array('S_LETTER_SELECT' => $select_letter, 'S_LETTER_HIDDEN' => '<input type="hidden" name="letter" value="' . $by_letter . '">')); // per-letter selection end $sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS_CSV . ")"; if ($username) { $username = preg_replace('/\\*/', '%', clean_username($username)); $letter_sql = "username LIKE '" . DB()->escape($username) . "'"; } $sql .= $letter_sql ? " AND {$letter_sql}" : ''; $sql .= " ORDER BY {$order_by}"; if ($result = DB()->fetch_rowset($sql)) { foreach ($result as $i => $row) { $user_id = $row['user_id']; $from = $row['user_from']; $joined = bb_date($row['user_regdate'], $bb_cfg['date_format']); $posts = $row['user_posts']; $pm = $bb_cfg['text_buttons'] ? '<a class="txtb" href="' . (PM_URL . "?mode=post&" . POST_USERS_URL . "={$user_id}") . '">' . $lang['SEND_PM_TXTB'] . '</a>' : '<a href="' . (PM_URL . "?mode=post&" . POST_USERS_URL . "={$user_id}") . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['SEND_PRIVATE_MESSAGE'] . '" title="' . $lang['SEND_PRIVATE_MESSAGE'] . '" border="0" /></a>'; if (bf($row['user_opt'], 'user_opt', 'user_viewemail') || IS_ADMIN) { $email_uri = $bb_cfg['board_email_form'] ? "profile.php?mode=email&" . POST_USERS_URL . "={$user_id}" : 'mailto:' . $row['user_email']; $email = '<a class="editable" href="' . $email_uri . '">' . $row['user_email'] . '</a>'; } else {
if ($forum_val && $forum_val != $search_all) { $search_in_forums_ary = array_slice(explode(',', $forum_val), 0, $max_forums_selected); $search_in_forums_fary = array_flip($search_in_forums_ary); $search_in_forums_csv = join(',', $search_in_forums_ary); $forum_val = $search_in_forums_csv; } else { $forum_val = $search_all; } // Get poster_id if (!$my_val) { $req_poster_id = ''; if (isset($_GET[$poster_id_key]) && !$search_id) { $req_poster_id = intval($_GET[$poster_id_key]); } else { if (isset($_POST[$poster_name_key]) && !$search_id) { if ($req_poster_name = clean_username($_POST[$poster_name_key])) { $poster_name_sql = str_replace("\\'", "''", $req_poster_name); if ($poster_id = get_user_id($poster_name_sql)) { $poster_id_val = $poster_id; $poster_name_val = stripslashes(html_entity_decode($req_poster_name)); } else { $poster_name_val = $lang['BT_USER_NOT_FOUND']; $tr_error = $poster_error = true; } } } else { if ($search_id && $previous_settings[$poster_id_key]) { $poster_id_val = intval($previous_settings[$poster_id_key]); $poster_name_val = $previous_settings[$poster_name_key] ? $previous_settings[$poster_name_key] : ''; } }
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length) { global $ft_cfg, $userdata, $lang; // Check username if (!empty($username)) { $username = clean_username($username); if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) { require FT_ROOT . 'includes/functions_validate.php'; $result = validate_username($username); if ($result['error']) { $error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg']; } } else { $username = ''; } } // Check subject if (!empty($subject)) { $subject = htmlspecialchars(trim($subject)); } else { if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject']; } } // Check message if (!empty($message)) { $bbcode_uid = $bbcode_on ? make_bbcode_uid() : ''; $message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid); } else { if ($mode != 'delete' && $mode != 'poll_delete') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message']; } } // // Handle poll stuff // if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) { $poll_length = isset($poll_length) ? max(0, intval($poll_length)) : 0; if (!empty($poll_title)) { $poll_title = htmlspecialchars(trim($poll_title)); } if (!empty($poll_options)) { $temp_option_text = array(); while (list($option_id, $option_text) = @each($poll_options)) { $option_text = trim($option_text); if (!empty($option_text)) { $temp_option_text[$option_id] = htmlspecialchars($option_text); } } $option_text = $temp_option_text; if (count($poll_options) < 2) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options']; } else { if (count($poll_options) > $ft_cfg['max_poll_options']) { $error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options']; } else { if ($poll_title == '') { $error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title']; } } } } } return; }
/** * Cleans the username * * @param string $user * @return string */ private function clean_username($user) { if (strpos($user, '---') !== false) { $user = str_replace('---', '–––', $user); clean_username($user); } return $user; }
function username_search($search_match) { global $ft_cfg, $template, $lang, $images, $theme; global $starttime, $gen_simple_header; $gen_simple_header = TRUE; $username_list = ''; if (!empty($search_match)) { $username_search = preg_replace('/\\*/', '%', clean_username($search_match)); $sql = "SELECT username\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username LIKE '" . str_replace("\\'", "''", $username_search) . "' AND user_id <> " . GUEST_UID . "\n\t\t\tORDER BY username"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql); } if ($row = DB()->sql_fetchrow($result)) { do { $username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>'; } while ($row = DB()->sql_fetchrow($result)); } else { $username_list .= '<option>' . $lang['No_match'] . '</option>'; } DB()->sql_freeresult($result); } $page_title = $lang['Search']; require FT_ROOT . 'includes/page_header.php'; $template->set_filenames(array('search_user_body' => 'search_username.tpl')); $template->assign_vars(array('USERNAME' => !empty($search_match) ? clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.php?mode=searchuser"))); if ($username_list != '') { $template->assign_block_vars('switch_select_name', array()); } $template->pparse('search_user_body'); require FT_ROOT . 'includes/page_tail.php'; return; }
public function process_resend_activation() { if ((int) $this->config->get('cmsbridge_active') == 1 && strlen($this->config->get('cmsbridge_reg_url'))) { redirect($this->config->get('cmsbridge_reg_url'), false, true); } $username = $this->in->exists('username') ? trim(strip_tags($this->in->get('username'))) : ''; // Look up record based on the username and e-mail $objQuery = $this->db->prepare("SELECT user_id, username, user_email, user_active, user_lang\n\t\t\t\tFROM __users\n\t\t\t\tWHERE LOWER(user_email) = ?\n\t\t\t\tOR LOWER(username)=?")->limit(1)->execute(utf8_strtolower($username), clean_username($username)); if ($objQuery) { if ($objQuery->numRows) { $row = $objQuery->fetchAssoc(); // Account's inactive, can't give them their password if ($row['user_active'] || $this->config->get('account_activation') != 1) { message_die($this->user->lang('error_already_activated')); } $username = $row['username']; // Create a new activation key $user_key = $this->pdh->put('user', 'create_new_activationkey', array($row['user_id'])); // Email them their new password $bodyvars = array('USERNAME' => $row['username'], 'DATETIME' => $this->time->user_date($this->time->time, true), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key); if ($this->email->SendMailFromAdmin($row['user_email'], $this->user->lang('email_subject_activation_self'), 'register_activation_self.html', $bodyvars)) { message_die(sprintf($this->user->lang('register_activation_self'), $this->in->get('user_email')), $this->user->lang('get_new_password')); } else { message_die($this->user->lang('error_email_send'), $this->user->lang('get_new_password')); } } else { message_die($this->user->lang('error_invalid_user_or_mail'), $this->user->lang('get_new_activation_mail'), '', '', '', array('value' => $this->user->lang('back'), 'onclick' => 'javascript:history.back()')); } } else { message_die('Could not obtain user information', '', 'error', false, __FILE__, __LINE__, $sql); } }
function event_login_signup() { if (!$this->component) { return false; } global $username, $email, $lastname, $webpage, $icq, $mail_news, $mail_works, $mail_comments, $g_usr, $g_ini, $HTTP_SERVER_VARS; if (empty($username) || empty($email)) { $this->error = 'praðom uþpildyti abu privalomus laukus<br>'; empty($username) && ($username = ''); empty($email) && ($email = ''); } if (strlen($username) != strlen(clean_username($username))) { $this->error .= 'vartotojo varde galimi tik ðie þenklai: 0-9a-zA-Z_<br>'; $username = clean_username($username); } if ($g_usr->exists_username($username)) { $this->error .= 'toks vartotojas jau yra<br>'; } if (!empty($email) && $g_usr->exists_email($email)) { $this->error .= 'toks e-mailas jau yra<br>'; } if (!valid_email($email)) { $this->error .= 'nekorektiðkas e-mailas<br>'; } /* if ('217.147.34.6' == $HTTP_SERVER_VARS['REMOTE_ADDR']) { $this->error .= 'didelës problemos, brûkðtelk laiðkà <a href="mailto:art@scene.lt">art@scene.lt</a><br>'; } */ if ($this->error) { return false; } // get hostname if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) { $proxy = @gethostbyaddr($HTTP_SERVER_VARS['REMOTE_ADDR']); $host = @gethostbyaddr($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']); $host = "{$host} [proxy: {$proxy}]"; } else { $host = @gethostbyaddr($HTTP_SERVER_VARS['REMOTE_ADDR']); } $password = genpass(); // everything ok, create user $mas['username'] = $username; $mas['email'] = $email; $mas['password'] = md5($password); $mas['group_id'] = $g_ini->read_var('users', 'default_group'); $mas['active'] = 1; $mas['lastlogin'] = date('Y.m.d H.i'); $mas['lasthost'] = "[new] {$host}"; $this->db->insert_query($mas, $this->table); isset($lastname) || ($lastname = ''); isset($webpage) || ($webpage = ''); isset($icq) || ($icq = ''); isset($mail_news) || ($mail_news = '0'); isset($mail_comments) || ($mail_comments = '0'); isset($mail_works) || ($mail_works = '0'); if ('http://' == $webpage) { $webpage = ''; } $mas = array(); $mas['uid'] = $this->db->get_insert_id(); $mas['lastname'] = $lastname; $mas['url'] = $webpage; $mas['icq'] = $icq; $mas['mail_news'] = $mail_news; $mas['mail_comments'] = $mail_comments; $mas['mail_works'] = $mail_works; $mas['reg_date'] = date('Y.m.d H.i'); $this->db->insert_query($mas, 'u_user_info'); setcookie("cookie_user_name", $username, time() + 3600 * 24 * 30); $this->result = $password; return true; }
$sql = "SELECT MAX(privmsgs_date) AS last_post_time\r\n\t\t\tFROM " . PRIVMSGS_TABLE . "\r\n\t\t\tWHERE privmsgs_from_userid = " . $userdata['user_id']; if ($result = DB()->sql_query($sql)) { $db_row = DB()->sql_fetchrow($result); $last_post_time = $db_row['last_post_time']; $current_time = time(); if ($current_time - $last_post_time < $ft_cfg['flood_interval']) { message_die(GENERAL_MESSAGE, $lang['Flood_Error']); } } // // End Flood control // } if ($submit) { if (!empty($HTTP_POST_VARS['username'])) { $to_username = clean_username($HTTP_POST_VARS['username']); // DelUsrKeepPM $to_username_sql = str_replace("\\'", "''", $to_username); $sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active\r\n\t\t\t\tFROM " . USERS_TABLE . "\r\n\t\t\t\tWHERE username = '******'"; $to_userdata = DB()->sql_fetchrow(DB()->sql_query($sql)); if (!$to_userdata || $to_userdata['user_id'] == GUEST_UID) { $error = TRUE; $error_msg = $lang['No_such_user']; } // DelUsrKeepPM end } else { $error = TRUE; $error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['No_to_user']; } $privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject'])); if (empty($privmsg_subject)) {
$emailer->email_address($to_userdata['username'] . " <{$to_userdata['user_email']}>"); $emailer->use_template('privmsg_notify', $to_userdata['user_lang']); $emailer->assign_vars(array('USERNAME' => html_entity_decode($to_username), 'NAME_FROM' => $userdata['username'], 'MSG_SUBJECT' => html_entity_decode($privmsg_subject), 'SITENAME' => $bb_cfg['sitename'], 'U_INBOX' => make_url(PM_URL . "?folder=inbox&mode=read&p={$privmsg_sent_id}"))); $emailer->send(); $emailer->reset(); } } pm_die($lang['MESSAGE_SENT']); } else { if ($preview || $refresh || $error) { // // If we're previewing or refreshing then obtain the data // passed to the script, process it a little, do some checks // where neccessary, etc. // $to_username = isset($_POST['username']) ? clean_username($_POST['username']) : ''; $privmsg_subject = isset($_POST['subject']) ? clean_title($_POST['subject']) : ''; $privmsg_message = isset($_POST['message']) ? prepare_message($_POST['message']) : ''; // // Do mode specific things // if ($mode == 'post') { $page_title = $lang['POST_NEW_PM']; } else { if ($mode == 'reply') { $page_title = $lang['POST_REPLY_PM']; } else { if ($mode == 'edit') { $page_title = $lang['EDIT_PM']; $sql = "SELECT u.user_id\n\t\t\t\tFROM " . BB_PRIVMSGS . " pm, " . BB_USERS . " u\n\t\t\t\tWHERE pm.privmsgs_id = {$privmsg_id}\n\t\t\t\t\tAND u.user_id = pm.privmsgs_from_userid"; if (!($result = DB()->sql_query($sql))) {
<?php if (!defined('IN_AJAX')) { die(basename(__FILE__)); } global $bb_cfg, $lang, $userdata; $mode = (string) $this->request['mode']; $html = '<img src="./styles/images/good.gif">'; switch ($mode) { case 'check_name': $username = clean_username($this->request['username']); if (empty($username)) { $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_A_NAME'] . '</span>'; } elseif ($err = validate_username($username)) { $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>'; } break; case 'check_email': $email = (string) $this->request['email']; if (empty($email)) { $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_E_MAIL'] . '</span>'; } elseif ($err = validate_email($email)) { $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>'; } break; case 'check_pass': $pass = (string) $this->request['pass']; $pass_confirm = (string) $this->request['pass_confirm']; if (empty($pass) || empty($pass_confirm)) { $html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_PASS'] . '</span>'; } else {
public function process_lost_password() { if ((int) $this->config->get('cmsbridge_reg_redirect') == 1 && (int) $this->config->get('cmsbridge_active') == 1) { if (strlen($this->config->get('cmsbridge_reg_url')) > 1) { redirect($this->config->get('cmsbridge_reg_url'), false, true); } else { redirect('index.php' . $this->SID); } } $username = $this->in->exists('username') ? trim(strip_tags($this->in->get('username'))) : ''; // Look up record based on the username $sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\t\t\tFROM __users\n\t\t\t\tWHERE LOWER(username)='" . $this->db->escape(clean_username($username)) . "'"; $result = $this->db->query($sql); $row = $this->db->fetch_record($result); //Check if email if (!$row) { $userid = $this->pdh->get('user', 'userid_for_email', array($username)); if ($userid) { $row = $this->pdh->get('user', 'data', array($userid)); } } else { $row['user_email'] = $this->crypt->decrypt($row['user_email']); } //We have an hit if ($row) { // Account's inactive, can't give them their password if (!$row['user_active']) { message_die($this->user->lang('error_account_inactive')); } $username = $row['username']; // Create a new activation key $user_key = $this->pdh->put('user', 'create_new_activationkey', array($row['user_id'])); if (!strlen($user_key)) { $this->core->message($this->user->lang('error_set_new_pw'), $this->user->lang('error'), 'red'); $this->display(); } // Email them their new password $bodyvars = array('USERNAME' => $row['username'], 'DATETIME' => $this->time->user_date(false, true), 'U_ACTIVATE' => $this->env->link . 'login.php?mode=newpassword&key=' . $user_key); if ($this->email->SendMailFromAdmin($row['user_email'], $this->user->lang('email_subject_new_pw'), 'user_new_password.html', $bodyvars)) { message_die($this->user->lang('password_sent'), $this->user->lang('get_new_password')); } else { message_die($this->user->lang('error_email_send'), $this->user->lang('get_new_password')); } } else { message_die($this->user->lang('error_invalid_user_or_mail'), $this->user->lang('get_new_password')); } }
public function user_login_successful($arrOptions) { $user_id = $arrOptions['user_id']; $blnAutologin = $arrOptions['autologin']; //Include SSO Class include_once $this->root_path . 'plugins/eqdkp_sso/includes/eqdkp_sso.class.php'; $this->sso = register('eqdkp_sso_class'); //Hole Daten aus Cache $arrMasterData = $this->pdc->get('eqdkp_sso_masterdata'); if ($arrMasterData === NULL) { //Hole Daten aus Master $objMasterDB = $this->sso->getMasterConnection(); if ($objMasterDB) { $objQuery = $objMasterDB->query('SELECT * FROM __plugin_sso'); if ($objQuery) { while ($drow = $objQuery->fetchAssoc()) { $arrMasterData[(int) $drow['id']] = array('id' => (int) $drow['id'], 'name' => $drow['name'], 'domain' => $drow['domain'], 'uniqueid' => $drow['uniqueid'], 'db_type' => (int) $drow['db_type'], 'db_host' => $drow['db_host'], 'db_user' => $drow['db_user'], 'db_password' => $drow['db_password'], 'db_database' => $drow['db_database'], 'db_prefix' => $drow['db_prefix'], 'cookie_name' => $drow['cookie_name']); } } //Und Cache sie $this->pdc->put('eqdkp_sso_masterdata', $arrMasterData, 60 * 10); } else { //No connection to Master return; } } $strUsername = clean_username($this->pdh->get('user', 'name', array($user_id))); $strMyDomain = $this->env->server_name; $strMyCookiename = $this->config->get('cookie_name'); $strMyUniqueID = $this->sso->get_uniqueid(); $crypt = register('encrypt', array($this->sso->get_master_key())); foreach ($arrMasterData as $arrValue) { //UniqueID checken if ($arrValue['uniqueid'] != "" && $arrValue['uniqueid'] == $strMyUniqueID) { continue; } //Verbindung aufbauen $mydb = false; if ((int) $arrValue['db_type'] === 0) { //Same Connection as Master $mydb = isset($objMasterDB) ? $objMasterDB : $this->sso->getMasterConnection(); } elseif ((int) $arrValue['db_type'] === 1) { //External Connection. Decrypt the data $arrValue['db_host'] = $crypt->decrypt($arrValue['db_host']); $arrValue['db_user'] = $crypt->decrypt($arrValue['db_user']); $arrValue['db_password'] = $crypt->decrypt($arrValue['db_password']); $arrValue['db_database'] = $crypt->decrypt($arrValue['db_database']); $arrValue['db_prefix'] = $crypt->decrypt($arrValue['db_prefix']); //Check if it's the same connection as ours if ($arrValue['db_user'] === registry::get_const('dbuser') && $arrValue['db_database'] === registry::get_const('dbname') && $arrValue['db_password'] === registry::get_const('dbpass')) { $mydb = $this->sso->createConnection(0, $arrValue['db_host'], $arrValue['db_user'], $arrValue['db_password'], $arrValue['db_database'], $arrValue['db_prefix']); } else { $mydb = $this->sso->createConnection(1, $arrValue['db_host'], $arrValue['db_user'], $arrValue['db_password'], $arrValue['db_database'], $arrValue['db_prefix']); } } if ($mydb) { //UserID suchen $objUserQuery = $mydb->prepare("SELECT * FROM __users WHERE LOWER(username)=?")->execute($strUsername); if ($objUserQuery) { $arrUserdata = $objUserQuery->fetchAssoc(); $intUserID = $arrUserdata['user_id']; if ($intUserID) { //Session anlegen $sid = substr(md5(generateRandomBytes(55)) . md5(generateRandomBytes()), 0, 40); $strSessionKey = $this->user->generate_session_key(); $arrData = array('session_id' => $sid, 'session_user_id' => $intUserID, 'session_last_visit' => $this->time->time, 'session_start' => $this->time->time, 'session_current' => $this->time->time, 'session_ip' => $this->env->ip, 'session_browser' => $this->env->useragent, 'session_page' => $this->env->current_page ? utf8_strtolower($this->env->current_page) : '', 'session_key' => $strSessionKey, 'session_type' => defined('SESSION_TYPE') ? SESSION_TYPE : ''); $mydb->prepare('INSERT INTO __sessions :p')->set($arrData)->execute(); //Cookie Daten auslesen $objCookieQuery = $mydb->prepare("SELECT * FROM __config")->execute(); if ($objCookieQuery) { $lookingFor = array('cookie_name', 'cookie_path', 'cookie_domain'); while ($row = $objCookieQuery->fetchAssoc()) { if (in_array($row['config_name'], $lookingFor)) { $arrCookieConf[$row['config_name']] = $row['config_value']; } } } //Cookie Domain if (!isset($arrCookieConf['cookie_domain'])) { $strDomain = $arrValue['domain']; if (!strpos($strDomain, '://')) { $strDomain = 'http://' . $strDomain; } $parsedURL = parse_url($strDomain); $arrCookieConf['cookie_domain'] = $parsedURL['host']; } //Autologin $arrCookieData['user_id'] = $intUserID; if ($blnAutologin && $arrUserdata['user_login_key'] != "") { $arrCookieData['auto_login_id'] = $arrUserdata['user_login_key']; } //Set Cookies setcookie($arrCookieConf['cookie_name'] . '_sid', $sid, 0, $arrCookieConf['cookie_path'], $arrCookieConf['cookie_domain']); setcookie($arrCookieConf['cookie_name'] . '_data', base64_encode(serialize($arrCookieData)), $this->time->time + 2592000, $arrCookieConf['cookie_path'], $arrCookieConf['cookie_domain']); } } //Verbindung beenden unset($mydb); } } }
public function get_userid($name) { $name = clean_username($name); if (is_array(search_in_array($name, $this->users, true, 'username_clean'))) { $array = array_keys(search_in_array($name, $this->users, true, 'username_clean')); return $array[0]; } else { return ANONYMOUS; } }