function do_redirect($matches, $post_id, $user_id) { global $forum_db, $lang_redirect_links; if (count($matches) > 0) { foreach ($matches as $cur_url) { if (forum_hash(forum_htmlencode($cur_url), '') == $_POST['hash']) { // update counters, add if not exist $subquery = array(); if ($post_id) { $subquery[] = ' post_id=' . $post_id; } if ($user_id) { $subquery[] = ' user_id=' . $user_id; } $query = array('SELECT' => '*', 'FROM' => 'hcs_redirect_links', 'WHERE' => 'link=\'' . $forum_db->escape($cur_url) . '\' AND ' . implode(' AND ', $subquery)); $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if (!$forum_db->num_rows($result)) { $query = array('INSERT' => 'link, counter, post_id, user_id', 'INTO' => 'hcs_redirect_links', 'VALUES' => '\'' . $forum_db->escape($cur_url) . '\', 1, \'' . $post_id . '\', \'' . $user_id . '\''); } else { $cur_redirect_link = $forum_db->fetch_assoc($result); $counter = $cur_redirect_link['counter'] + 1; $query = array('UPDATE' => 'hcs_redirect_links', 'SET' => 'counter = ' . $counter, 'WHERE' => 'link=\'' . $forum_db->escape($cur_url) . '\' AND ' . implode(' AND ', $subquery)); } $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); redirect($cur_url, $lang_redirect_links['Go redirect']); exit; } } } }
function check_redirect(&$url, &$link, &$full_url) { global $cur_post, $forum_url, $user; if (!is_reserved_url($full_url)) { if (isset($cur_post) && isset($cur_post['id']) && !isset($GLOBALS['hcs_sig_redirect'])) { $full_url = forum_link($forum_url['hcs_redirect'], array(forum_hash($full_url, ''), $cur_post['id'])) . '" target="_blank'; } else { if (!isset($cur_post) && !isset($cur_post['id']) && isset($GLOBALS['hcs_sig_redirect'])) { $full_url = forum_link($forum_url['hcs_redirect_sig'], array(forum_hash($full_url, ''), $user['id'])) . '" target="_blank'; } else { if (isset($cur_post) && isset($cur_post['id']) && isset($GLOBALS['hcs_sig_redirect'])) { $full_url = forum_link($forum_url['hcs_redirect_sigpost'], array(forum_hash($full_url, ''), $cur_post['id'], $cur_post['poster_id'])) . '" target="_blank'; } } } $link = str_replace('http://', '', $link); } }
$forum_db->query_build($query) or error(__FILE__, __LINE__); $expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire); ($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null; $_SESSION = array(); $_SESSION['NOT_BOT'] = 1; redirect(FORUM_ROOT . "search.php?action=show_new"); } } else { $_SESSION['GPG_VERIFICATION_REQUIRED'] = 0; // Remove this user's guest entry from the online list $query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\''); ($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire); ($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null; $_SESSION = array(); $_SESSION['NOT_BOT'] = 1; redirect(FORUM_ROOT . "search.php?action=show_new"); } } } } else { if ($action == 'out') { if ($forum_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $forum_user['id']) { header('Location: ' . forum_link($forum_url['index'])); exit; } // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid.
function cookie_login(&$forum_user) { global $forum_db, $db_type, $forum_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $forum_time_formats, $forum_date_formats; $now = time(); $expire = $now + 1209600; // The cookie expires after 14 days // We assume it's a guest $cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'expiration_time' => 0, 'expire_hash' => 'Guest'); $return = ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null; if ($return != null) { return; } // If a cookie is set, we get the user_id and password hash from it if (!empty($_COOKIE[$cookie_name])) { $cookie_data = explode('|', base64_decode($_COOKIE[$cookie_name])); if (!empty($cookie_data) && count($cookie_data) == 4) { list($cookie['user_id'], $cookie['password_hash'], $cookie['expiration_time'], $cookie['expire_hash']) = $cookie_data; } } ($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null; // If this a cookie for a logged in user and it shouldn't have already expired if (intval($cookie['user_id']) > 1 && intval($cookie['expiration_time']) > $now) { authenticate_user(intval($cookie['user_id']), $cookie['password_hash'], true); // We now validate the cookie hash if ($cookie['expire_hash'] !== sha1($forum_user['salt'] . $forum_user['password'] . forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))) { set_default_user(); } // If we got back the default user, the login failed if ($forum_user['id'] == '1') { forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire); return; } // Send a new, updated cookie with a new expiration timestamp $expire = intval($cookie['expiration_time']) > $now + $forum_config['o_timeout_visit'] ? $now + 1209600 : $now + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($forum_user['id'] . '|' . $forum_user['password'] . '|' . $expire . '|' . sha1($forum_user['salt'] . $forum_user['password'] . forum_hash($expire, $forum_user['salt']))), $expire); // Set a default language if the user selected language no longer exists if (!file_exists(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/common.php')) { $forum_user['language'] = $forum_config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(FORUM_ROOT . 'style/' . $forum_user['style'] . '/' . $forum_user['style'] . '.php')) { $forum_user['style'] = $forum_config['o_default_style']; } if (!$forum_user['disp_topics']) { $forum_user['disp_topics'] = $forum_config['o_disp_topics_default']; } if (!$forum_user['disp_posts']) { $forum_user['disp_posts'] = $forum_config['o_disp_posts_default']; } // Check user has a valid date and time format if (!isset($forum_time_formats[$forum_user['time_format']])) { $forum_user['time_format'] = 0; } if (!isset($forum_date_formats[$forum_user['date_format']])) { $forum_user['date_format'] = 0; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('FORUM_QUIET_VISIT')) { // Update the online list if (!$forum_user['logged']) { $forum_user['logged'] = $now; $forum_user['csrf_token'] = random_key(40, false, true); $forum_user['prev_url'] = get_current_url(255); // REPLACE INTO avoids a user having two rows in the online table $query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => $forum_user['id'] . ', \'' . $forum_db->escape($forum_user['username']) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=' . $forum_user['id']); if ($forum_user['prev_url'] != null) { $query['REPLACE'] .= ', prev_url'; $query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\''; } ($hook = get_hook('fn_cookie_login_qr_add_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Reset tracked topics set_tracked_topics(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($forum_user['logged'] < $now - $forum_config['o_timeout_visit']) { $query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']); ($hook = get_hook('fn_cookie_login_qr_update_user_visit')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $forum_user['last_visit'] = $forum_user['logged']; } // Now update the logged time and save the current URL in the online list $query = array('UPDATE' => 'online', 'SET' => 'logged=' . $now, 'WHERE' => 'user_id=' . $forum_user['id']); $current_url = get_current_url(255); if ($current_url != null) { $query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\''; } if ($forum_user['idle'] == '1') { $query['SET'] .= ', idle=0'; } ($hook = get_hook('fn_cookie_login_qr_update_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Update tracked topics with the current expire time if (isset($_COOKIE[$cookie_name . '_track'])) { forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $forum_config['o_timeout_visit']); } } } $forum_user['is_guest'] = false; $forum_user['is_admmod'] = $forum_user['g_id'] == FORUM_ADMIN || $forum_user['g_moderator'] == '1'; } else { set_default_user(); } ($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null; }
} if (isset($_GET['key'])) { $key = $_GET['key']; ($hook = get_hook('pf_change_email_key_supplied')) ? eval($hook) : null; if ($key == '' || $key != $user['activate_key']) { message(sprintf($lang_profile['E-mail key bad'], '<a href="mailto:' . forum_htmlencode($forum_config['o_admin_email']) . '">' . forum_htmlencode($forum_config['o_admin_email']) . '</a>')); } else { $query = array('UPDATE' => 'users', 'SET' => 'email=activate_string, activate_string=NULL, activate_key=NULL', 'WHERE' => 'id=' . $id); ($hook = get_hook('pf_change_email_key_qr_update_email')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); message($lang_profile['E-mail updated']); } } else { if (isset($_POST['form_sent'])) { ($hook = get_hook('pf_change_email_normal_form_submitted')) ? eval($hook) : null; if (forum_hash($_POST['req_password'], $forum_user['salt']) !== $forum_user['password']) { $errors[] = $lang_profile['Wrong password']; } if (!defined('FORUM_EMAIL_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/email.php'; } // Validate the email-address $new_email = strtolower(forum_trim($_POST['req_new_email'])); if (!is_valid_email($new_email)) { $errors[] = $lang_common['Invalid e-mail']; } // Check if it's a banned e-mail address if (is_banned_email($new_email)) { ($hook = get_hook('pf_change_email_normal_banned_email')) ? eval($hook) : null; if ($forum_config['p_allow_banned_email'] == '0') { $errors[] = $lang_profile['Banned e-mail'];
function pun_stop_bots_check_cookie() { global $forum_user, $forum_db; $query = array('SELECT' => 'pun_stop_bots_question_id', 'FROM' => 'users', 'WHERE' => 'id = ' . $forum_user['id']); $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $row = $forum_db->fetch_assoc($result); if ($row) { $question_id = $row['pun_stop_bots_question_id']; $pun_stop_bots_cookie = explode('|', base64_decode($_COOKIE[PUN_STOP_BOTS_COOKIE_NAME])); if (count($pun_stop_bots_cookie) != 4) { return FALSE; } else { list($user_id, $question_hash, $expire_time, $expire_hash) = $pun_stop_bots_cookie; if ($forum_user['id'] == $user_id && forum_hash($question_id, $forum_user['salt']) == $question_hash && sha1($forum_user['salt'] . forum_hash($expire_time, $forum_user['salt'])) == $expire_hash) { return TRUE; } else { return FALSE; } } } else { return FALSE; } }
$forum_db->query_build($query) or error(__FILE__, __LINE__); $query = array('INSERT' => 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood', 'INTO' => 'groups', 'VALUES' => '\'Moderators\', \'Moderator\', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0'); if ($db_type != 'pgsql') { $query['INSERT'] .= ', g_id'; $query['VALUES'] .= ', 4'; } $forum_db->query_build($query) or error(__FILE__, __LINE__); // Insert guest and first admin user $query = array('INSERT' => 'group_id, username, password, email', 'INTO' => 'users', 'VALUES' => '2, \'Guest\', \'Guest\', \'Guest\''); if ($db_type != 'pgsql') { $query['INSERT'] .= ', id'; $query['VALUES'] .= ', 1'; } $forum_db->query_build($query) or error(__FILE__, __LINE__); $salt = random_key(12); $query = array('INSERT' => 'group_id, username, password, email, language, num_posts, last_post, registered, registration_ip, last_visit, salt', 'INTO' => 'users', 'VALUES' => '1, \'' . $forum_db->escape($username) . '\', \'' . forum_hash($password1, $salt) . '\', \'' . $forum_db->escape($email) . '\', \'' . $forum_db->escape($default_lang) . '\', 1, ' . $now . ', ' . $now . ', \'127.0.0.1\', ' . $now . ', \'' . $forum_db->escape($salt) . '\''); $forum_db->query_build($query) or error(__FILE__, __LINE__); $new_uid = $forum_db->insert_id(); // Enable/disable avatars depending on file_uploads setting in PHP configuration $avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0; // Enable/disable automatic check for updates depending on PHP environment (require cURL, fsockopen or allow_url_fopen) $check_for_updates = function_exists('curl_init') || function_exists('fsockopen') || in_array(strtolower(@ini_get('allow_url_fopen')), array('on', 'true', '1')) ? 1 : 0; // Insert config data $config = array('o_cur_version' => "'" . FORUM_VERSION . "'", 'o_database_revision' => "'" . FORUM_DB_REVISION . "'", 'o_board_title' => "'" . $forum_db->escape($board_title) . "'", 'o_board_desc' => "'" . $forum_db->escape($board_descrip) . "'", 'o_default_timezone' => "'0'", 'o_time_format' => "'H:i:s'", 'o_date_format' => "'Y-m-d'", 'o_check_for_updates' => "'{$check_for_updates}'", 'o_check_for_versions' => "'{$check_for_updates}'", 'o_timeout_visit' => "'5400'", 'o_timeout_online' => "'300'", 'o_redirect_delay' => "'0'", 'o_show_version' => "'0'", 'o_show_user_info' => "'1'", 'o_show_post_count' => "'1'", 'o_signatures' => "'1'", 'o_smilies' => "'1'", 'o_smilies_sig' => "'1'", 'o_make_links' => "'1'", 'o_default_lang' => "'" . $forum_db->escape($default_lang) . "'", 'o_default_style' => "'Oxygen'", 'o_default_user_group' => "'3'", 'o_topic_review' => "'15'", 'o_disp_topics_default' => "'30'", 'o_disp_posts_default' => "'25'", 'o_indent_num_spaces' => "'4'", 'o_quote_depth' => "'3'", 'o_quickpost' => "'1'", 'o_users_online' => "'1'", 'o_censoring' => "'0'", 'o_ranks' => "'1'", 'o_show_dot' => "'0'", 'o_topic_views' => "'1'", 'o_quickjump' => "'1'", 'o_gzip' => "'0'", 'o_additional_navlinks' => "''", 'o_report_method' => "'0'", 'o_regs_report' => "'0'", 'o_default_email_setting' => "'1'", 'o_mailing_list' => "'" . $forum_db->escape($email) . "'", 'o_avatars' => "'{$avatars}'", 'o_avatars_dir' => "'img/avatars'", 'o_avatars_width' => "'60'", 'o_avatars_height' => "'60'", 'o_avatars_size' => "'15360'", 'o_search_all_forums' => "'1'", 'o_sef' => "'Default'", 'o_admin_email' => "'" . $forum_db->escape($email) . "'", 'o_webmaster_email' => "'" . $forum_db->escape($email) . "'", 'o_subscriptions' => "'1'", 'o_smtp_host' => "NULL", 'o_smtp_user' => "NULL", 'o_smtp_pass' => "NULL", 'o_smtp_ssl' => "'0'", 'o_regs_allow' => "'1'", 'o_regs_verify' => "'0'", 'o_announcement' => "'0'", 'o_announcement_heading' => "'" . $lang_install['Default announce heading'] . "'", 'o_announcement_message' => "'" . $lang_install['Default announce message'] . "'", 'o_rules' => "'0'", 'o_rules_message' => "'" . $lang_install['Default rules'] . "'", 'o_maintenance' => "'0'", 'o_maintenance_message' => "'" . $lang_admin_settings['Maintenance message default'] . "'", 'o_default_dst' => "'0'", 'p_message_bbcode' => "'1'", 'p_message_img_tag' => "'1'", 'p_message_all_caps' => "'1'", 'p_subject_all_caps' => "'1'", 'p_sig_all_caps' => "'1'", 'p_sig_bbcode' => "'1'", 'p_sig_img_tag' => "'0'", 'p_sig_length' => "'400'", 'p_sig_lines' => "'4'", 'p_allow_banned_email' => "'1'", 'p_allow_dupe_email' => "'0'", 'p_force_guest_email' => "'1'", 'o_show_moderators' => "'0'", 'o_mask_passwords' => "'1'"); foreach ($config as $conf_name => $conf_value) { $query = array('INSERT' => 'conf_name, conf_value', 'INTO' => 'config', 'VALUES' => '\'' . $conf_name . '\', ' . $conf_value . ''); $forum_db->query_build($query) or error(__FILE__, __LINE__); } // Insert some other default data $query = array('INSERT' => 'cat_name, disp_position', 'INTO' => 'categories', 'VALUES' => '\'' . $lang_install['Default category name'] . '\', 1'); $forum_db->query_build($query) or error(__FILE__, __LINE__);
private function user_register($profile, $prev_url) { global $forum_config, $lang_fancy_login_loginza, $forum_user, $forum_db, $forum_url; // Load the profile language file if (!isset($lang_profile)) { require FORUM_ROOT . 'lang/' . $forum_user['language'] . '/profile.php'; } // We allowed register new users? if ($forum_config['o_regs_allow'] == '0') { message($lang_profile['No new regs']); } // Check that someone from this IP didn't register a user within the last hour (DoS prevention) $query = array('SELECT' => 'COUNT(u.id)', 'FROM' => 'users AS u', 'WHERE' => 'u.registration_ip=\'' . $forum_db->escape(get_remote_address()) . '\' AND u.registered>' . (time() - 3600)); ($hook = get_hook('rg_register_qr_check_register_flood')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if ($forum_db->result($result) > 0) { message($lang_profile['Registration flood']); } // Get user info from Loginza Profile $username = $this->get_username_for_new_user($profile); $loginza_identity = isset($profile->identity) ? forum_trim($profile->identity) : FALSE; $lup = new LoginzaUserProfile($profile); $email = $lup->get_email(); if (!$username) { message($lang_fancy_login_loginza['Error empty username']); } if (!$loginza_identity) { message($lang_fancy_login_loginza['Error empty identity']); } // Check e-mail address $banned_email = FALSE; $dupe_list = array(); if ($email) { $error = $this->check_email($email, $banned_email, $dupe_list); if (TRUE !== $error) { message($error); } } // Clean old unverified registrators - delete older than 72 hours $query = array('DELETE' => 'users', 'WHERE' => 'group_id=' . FORUM_UNVERIFIED . ' AND activate_key IS NOT NULL AND registered < ' . (time() - 259200)); ($hook = get_hook('rg_register_qr_delete_unverified')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); ($hook = get_hook('rg_register_end_validation')) ? eval($hook) : null; // User default info $language = $forum_config['o_default_lang']; $password = random_key(12, TRUE); $salt = random_key(12); $password_hash = forum_hash($password, $salt); $initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED; // Timezone & DST $this->get_timezone_and_dst($timezone, $dst); // Insert the new user into the database. // We do this now to get the last inserted id for later use. $user_info = array('username' => $username, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password, 'password_hash' => $password_hash, 'email' => $email, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $forum_config['o_default_lang'], 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, TRUE) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1', 'loginza_profile' => $profile, 'loginza_return_url' => $prev_url, 'loginza_banned_email' => $banned_email, 'loginza_dupe_list' => $dupe_list); ($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null; // If we dont have email — save userdata to session and show form if (!$email) { if (!isset($_SESSION)) { session_start(); } $session_id = 'fancy_login_loginza_' . random_key(12, TRUE, TRUE); $_SESSION[$session_id] = $user_info; $this->form_end_reg($session_id); } else { if ($forum_config['o_regs_verify'] == '1' && $forum_config['o_fancy_login_loginza_trust_openid_emails'] == '1') { // Skip activate email from OpenID $user_info['activate_key'] = 'NULL'; $user_info['require_verification'] = FALSE; $user_info['group_id'] = $forum_config['o_default_user_group']; } $this->register($user_info); } }