if ($ar_pw_conf != $ar_pw) {
$errors[] = 'error_pw_conf_wrong';
}
}
// save user if no errors:
if (empty($errors)) {
// generate password if not specified:
if ($ar_pw == '') {
if ($settings['min_pw_length'] < 8) {
$pwl = 8;
} else {
$pwl = $settings['min_pw_length'];
}
$ar_pw = random_string($pwl);
}
$pw_hash = generate_pw_hash($ar_pw);
mysql_query("INSERT INTO " . $db_settings['userdata_table'] . " (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, signature, profile, auto_login_code, pwf_code, activate_code) VALUES (0,'" . mysql_real_escape_string($ar_username) . "', '', '" . mysql_real_escape_string($pw_hash) . "','" . mysql_real_escape_string($ar_email) . "', '', '', " . $settings['default_email_contact'] . ", NOW(), NOW(),'" . $_SERVER["REMOTE_ADDR"] . "',NOW()," . intval($settings['default_view']) . "," . intval($settings['fold_threads']) . ",'','','','','')", $connid) or die(mysql_error());
//raise_error('database_error',mysql_error());
// send userdata:
$send_error = '';
if (isset($ar_send_userdata)) {
$smarty->config_load($settings['language_file'], 'emails');
$lang = $smarty->get_config_vars();
$ip = $_SERVER['REMOTE_ADDR'];
$lang['admin_reg_user_email_text'] = str_replace("[name]", $ar_username, $lang['admin_reg_user_email_text']);
$lang['admin_reg_user_email_text'] = str_replace("[password]", $ar_pw, $lang['admin_reg_user_email_text']);
$lang['admin_reg_user_email_text'] = str_replace("[login_link]", $settings['forum_address'] . "index.php?mode=login&username="******"&userpw=" . $ar_pw, $lang['admin_reg_user_email_text']);
$lang['admin_reg_user_email_text'] = stripslashes($lang['admin_reg_user_email_text']);
$header = "From: " . $settings['forum_name'] . " <" . $settings['forum_email'] . ">\n";
$header .= "X-Mailer: Php/" . phpversion() . "\n";
$header .= "X-Sender-ip: " . $_SERVER["REMOTE_ADDR"] . "\n";
if ($settings['captcha_register'] == 2) {
if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_captcha($_SESSION['captcha_session'], $_POST['captcha_code']) != true) {
$errors[] = 'captcha_check_failed';
}
} else {
if (empty($_SESSION['captcha_session']) || empty($_POST['captcha_code']) || $captcha->check_math_captcha($_SESSION['captcha_session'][2], $_POST['captcha_code']) != true) {
$errors[] = 'captcha_check_failed';
}
}
unset($_SESSION['captcha_session']);
}
// save user if no errors:
if (empty($errors)) {
$pw_hash = generate_pw_hash($reg_pw);
$activate_code = random_string(32);
$activate_code_hash = generate_pw_hash($activate_code);
if ($settings['register_mode'] == 1) {
$user_lock = 1;
} else {
$user_lock = 0;
}
@mysql_query("INSERT INTO " . $db_settings['userdata_table'] . " (user_type, user_name, user_real_name, user_pw, user_email, user_hp, user_location, signature, profile, email_contact, last_login, last_logout, user_ip, registered, user_view, fold_threads, user_lock, auto_login_code, pwf_code, activate_code) VALUES (0,'" . mysql_real_escape_string($new_user_name) . "','','" . mysql_real_escape_string($pw_hash) . "','" . mysql_real_escape_string($new_user_email) . "','','','',''," . $settings['default_email_contact'] . ",NOW(),NOW(),'" . mysql_real_escape_string($_SERVER["REMOTE_ADDR"]) . "',NOW()," . intval($settings['default_view']) . ", " . intval($settings['fold_threads']) . ", " . $user_lock . ", '', '', '" . mysql_real_escape_string($activate_code_hash) . "')", $connid) or raise_error('database_error', mysql_error());
// get new user ID:
$new_user_id_result = mysql_query("SELECT user_id FROM " . $db_settings['userdata_table'] . " WHERE user_name = '" . mysql_real_escape_string($new_user_name) . "' LIMIT 1", $connid);
if (!$new_user_id_result) {
raise_error('database_error', mysql_error());
}
$field = mysql_fetch_array($new_user_id_result);
$new_user_id = $field['user_id'];
mysql_free_result($new_user_id_result);
// send e-mail with activation key to new user:
if (isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "") {
$pwf_result = mysql_query("SELECT user_id, user_name, user_email, pwf_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = '" . intval($_GET["activate"]) . "'", $connid);
if (!$pwf_result) {
raise_error('database_error', mysql_error());
}
$field = mysql_fetch_array($pwf_result);
mysql_free_result($pwf_result);
if ($field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'], $field['pwf_code'])) {
// generate new password:
if ($settings['min_pw_length'] < 8) {
$pwl = 8;
} else {
$pwl = $settings['min_pw_length'];
}
$new_pw = random_string($pwl);
$pw_hash = generate_pw_hash($new_pw);
$update_result = mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, user_pw='" . mysql_real_escape_string($pw_hash) . "', pwf_code='' WHERE user_id='" . $field["user_id"] . "' LIMIT 1", $connid);
// send new password:
$smarty->config_load($settings['language_file'], 'emails');
$lang = $smarty->get_config_vars();
$lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']);
$lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']);
$lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'] . basename($_SERVER['PHP_SELF']) . "?mode=login&username="******"&userpw=" . $new_pw, $lang['new_pw_email_txt']);
$lang['new_pw_email_txt'] = stripslashes($lang['new_pw_email_txt']);
$header = "From: " . my_mb_encode_mimeheader($settings['forum_name'], CHARSET, "Q") . " <" . $settings['forum_email'] . ">" . MAIL_HEADER_SEPARATOR;
$header .= "Content-Type: text/plain; charset=" . CHARSET . MAIL_HEADER_SEPARATOR;
$header .= "Content-transfer-encoding: 8bit" . MAIL_HEADER_SEPARATOR;
$new_pw_mailto = my_mb_encode_mimeheader($field['user_name'], CHARSET, "Q") . " <" . $field['user_email'] . ">";
if ($settings['mail_parameter'] != '') {
if (@mail($new_pw_mailto, my_mb_encode_mimeheader($lang['new_pw_email_sj'], CHARSET, "Q"), $lang['new_pw_email_txt'], $header, $settings['mail_parameter'])) {
header("location: index.php?mode=login&login_message=pw_sent");
if ($line != '' && my_substr($line, 0, 1, $lang['charset']) != '#') {
$cleared_lines[] = $line;
}
}
@mysql_query("START TRANSACTION", $connid) or die(mysql_error());
foreach ($cleared_lines as $line) {
if (!@mysql_query($line, $connid)) {
$errors[] = $lang['error_sql'] . " (MySQL: " . mysql_error($connid) . ")";
#break;
}
}
@mysql_query("COMMIT", $connid);
}
// insert admin in userdata table:
if (empty($errors)) {
$pw_hash = generate_pw_hash($_POST['admin_pw']);
@mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET user_name='" . mysql_real_escape_string($_POST['admin_name']) . "', user_pw = '" . mysql_real_escape_string($pw_hash) . "', user_email = '" . mysql_real_escape_string($_POST['admin_email']) . "' WHERE user_id=1", $connid) or $errors[] = $lang['error_create_admin'] . " (MySQL: " . mysql_error($connid) . ")";
}
// set forum name, address and email address:
if (empty($errors)) {
@mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_name']) . "' WHERE name='forum_name' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")";
@mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_address']) . "' WHERE name='forum_address' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")";
@mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['forum_email']) . "' WHERE name='forum_email' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")";
@mysql_query("UPDATE " . $db_settings['settings_table'] . " SET value='" . mysql_real_escape_string($_POST['language_file']) . "' WHERE name='language_file' LIMIT 1", $connid) or $errors[] = $lang['error_update_settings'] . " (MySQL: " . mysql_error($connid) . ")";
}
if (empty($errors)) {
header('Location: ../');
exit;
}
}
if (empty($action)) {
$errors[] = 'error_form_uncomplete';
}
if (empty($errors)) {
$dbr = Database::$userdata->prepare("SELECT pw FROM " . Database::$db_settings['userdata_table'] . " WHERE id=:id LIMIT 1");
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT);
$dbr->execute();
$data = $dbr->fetch();
if (!is_pw_correct($_POST['old_pw'], $data['pw'])) {
$errors[] = 'error_pw_wrong';
}
if ($_POST['new_pw'] !== $_POST['new_pw_r']) {
$errors[] = 'error_pw_doesnt_comply';
}
}
if (empty($errors)) {
$pw_hash = generate_pw_hash($_POST['new_pw']);
$dbr = Database::$userdata->prepare("UPDATE " . Database::$db_settings['userdata_table'] . " SET pw=:pw WHERE id=:id");
$dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR);
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT);
$dbr->execute();
}
if (empty($errors)) {
header('Location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users&edit=' . $_SESSION[$settings['session_prefix'] . 'user_id'] . '&saved=true');
exit;
}
}
if (isset($errors)) {
$template->assign('errors', $errors);
if (isset($_POST['id'])) {
$userdata['id'] = intval($_POST['id']);
}
} else {
$spam_check_status = 1;
}
}
}
// end check data
if (empty($errors)) {
// save new posting:
if (isset($_POST['save_entry']) && $posting_mode == 0) {
if ($settings['entries_by_users_only'] != 0 && empty($_SESSION[$settings['session_prefix'] . 'user_name'])) {
die('No autorisation!');
}
// if editing own postings by unregistered users, generate edit_key:
if (empty($_SESSION[$settings['session_prefix'] . 'user_id']) && $settings['user_edit'] == 2) {
$edit_key = random_string(32);
$edit_key_hash = generate_pw_hash($edit_key);
} else {
$edit_key = '';
$edit_key_hash = '';
}
$locked = $spam == 0 ? 0 : 1;
if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
$savename = '';
} else {
$savename = $name;
}
@mysql_query("INSERT INTO " . $db_settings['forum_table'] . " (pid, tid, uniqid, time, last_reply, user_id, name, subject, email, hp, location, ip, text, tags, show_signature, email_notification, category, locked, sticky, spam, spam_check_status, edit_key) VALUES (" . intval($id) . "," . intval($thread) . ",'" . mysql_real_escape_string($uniqid) . "',NOW(), NOW()," . intval($user_id) . ",'" . mysql_real_escape_string($savename) . "','" . mysql_real_escape_string($subject) . "','" . mysql_real_escape_string($email) . "','" . mysql_real_escape_string($hp) . "','" . mysql_real_escape_string($location) . "','" . mysql_real_escape_string($_SERVER["REMOTE_ADDR"]) . "','" . mysql_real_escape_string($text) . "','" . mysql_real_escape_string($s_tags) . "'," . intval($show_signature) . "," . intval($email_notification) . "," . intval($p_category) . "," . intval($locked) . "," . intval($sticky) . "," . intval($spam) . ", " . intval($spam_check_status) . ", '" . mysql_real_escape_string($edit_key_hash) . "')", $connid) or raise_error('database_error', mysql_error());
if ($id == 0) {
// new thread, set thread id:
@mysql_query("UPDATE " . $db_settings['forum_table'] . " SET tid=id, time=time WHERE id = LAST_INSERT_id()", $connid) or raise_error('database_error', mysql_error());
}
