function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300); echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); if ($_POST['persistent']) { $persistent = 3600000; // 1000 hours } else { $persistent = 0; } // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto')); } elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta')); $previous_login_failed++; } else { UserAuth::check_clon_from_cookies(); if (!empty($_REQUEST['return'])) { header('Location: ' . $_REQUEST['return']); } else { header('Location: ./'); } die; } } echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" tabindex="4" />' . "\n"; echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</form>' . "\n"; echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n"; echo '<div style="margin-top: 30px">'; print_oauth_icons($_REQUEST['return']); echo '</div>' . "\n"; }
function show_profile() { global $user, $user_levels, $globals, $site_key, $current_user; echo '<div>'; echo '<form enctype="multipart/form-data" action="' . get_auth_link() . 'profile.php" method="post" id="thisform" AUTOCOMPLETE="off">'; echo '<fieldset><legend>'; echo '<span class="sign">' . _('opciones de usuario') . " <a href='" . get_user_uri($user->username) . "'>{$user->username}</a>: {$user->level}</span></legend>"; echo '<img class="thumbnail" src="' . $globals['base_url'] . 'backend/get_avatar.php?id=' . $user->id . '&size=80&t=' . time() . '" width="80" height="80" alt="' . $user->username . '" />'; echo '<input type="hidden" name="process" value="1" />'; echo '<input type="hidden" name="user_id" value="' . $user->id . '" />'; echo '<input type="hidden" name="form_hash" value="' . md5($site_key . $user->id . mnminclude) . '" />'; get_form_auth_ip(); echo '<p><label>' . _('usuario') . ':</label><br/>'; echo '<input type="text" autocomplete="off" name="username" id="username" value="' . $user->username . '"/>'; echo '</p>'; echo '<p><label>' . _('nombre real') . ':</label><br/>'; echo '<input type="text" autocomplete="off" name="names" id="names" value="' . $user->names . '"/>'; echo '</p>'; echo '<p><label>' . _('correo electrónico') . ':</label><br/>'; echo '<input type="text" autocomplete="off" name="email" id="email" value="' . $user->email . '"/>'; echo '</p>'; echo '<p><label>' . _('página web') . ':</label><br/>'; echo '<input type="text" autocomplete="off" name="url" id="url" value="' . $user->url . '" />'; echo '</p>'; if (is_avatars_enabled()) { echo '<input type="hidden" name="MAX_FILE_SIZE" value="300000" />'; echo '<p><label>' . _('avatar') . ':</label><br/>'; echo '<input type="file" autocomplete="off" name="image" />'; echo '</p>'; } echo '<p><label for="password">' . _("nueva clave") . ':</label><br />' . "\n"; echo '<input type="password" autocomplete="off" id="password" name="password" size="25" onkeyup="return securePasswordCheck(this.form.password);"/></p>' . "\n"; echo '<p><label for="verify">' . _("repite la clave") . ': </label><br />' . "\n"; echo '<input type="password" autocomplete="off" id="verify" name="password2" size="25" onkeyup="checkEqualFields(this.form.password2, this.form.password)"/></p>' . "\n"; echo '<p><input type="submit" name="save_profile" value="' . _('actualizar') . '"/></p>'; echo '</fieldset>'; echo "</form></div>\n"; }
function show_profile() { global $user, $admin_mode, $user_levels, $globals, $site_key, $current_user, $db; echo '<div class="genericform" style="margin: 0 50px">'; echo '<form enctype="multipart/form-data" action="'.get_auth_link().'profile.php" method="post" id="thisform" AUTOCOMPLETE="off">'; echo '<fieldset><legend>'; echo '<span class="sign">'._('opciones de usuario') . " <a href='".get_user_uri($user->username)."'>$user->username</a>: $user->level</span></legend>"; echo '<img class="thumbnail" src="'.get_avatar_url($user->id, $user->avatar, 80).'" width="80" height="80" alt="'.$user->username.'" />'; echo '<input type="hidden" name="process" value="1" />'; echo '<input type="hidden" name="user_id" value="'.$user->id.'" />'; echo '<input type="hidden" name="form_hash" value="'. md5($site_key.$user->id.mnminclude) .'" />'; get_form_auth_ip(); if ($admin_mode) echo '<input type="hidden" name="login" value="'.$user->username.'" />'; echo '<p><label>'._('usuario').':</label><br/>'; echo '<input type="text" autocomplete="off" name="username" id="username" value="'.$user->username.'" onkeyup="enablebutton(this.form.checkbutton1, null, this)" />'; echo ' <span id="checkit"><input type="button" class="button" id="checkbutton1" disabled="disabled" value="'._('verificar').'" onclick="checkfield(\'username\', this.form, this.form.username)"/></span>'; echo ' <span id="usernamecheckitvalue"></span>' . "\n"; echo '</p>'; echo '<p><label>'._('nombre real').':</label><br/>'; echo '<input type="text" autocomplete="off" name="names" id="names" value="'.$user->names.'" />'; echo '</p>'; echo '<p><label>'._('correo electrónico').':</label><br/>'; echo '<input type="text" autocomplete="off" name="email" id="email" value="'.$user->email.'" onkeyup="enablebutton(this.form.checkbutton2, null, this)"/>'; echo ' <input type="button" class="button" id="checkbutton2" disabled="disabled" value="'._('verificar').'" onclick="checkfield(\'email\', this.form, this.form.email)"/>'; echo ' <span id="emailcheckitvalue"></span>'; echo '</p>'; echo '<p style="padding-bottom:10px;"><label>'._('norma ortográfica').':</label><br/>'; echo '<select name="standard" >'; foreach ($globals['standards'] as &$val) { $selected = ""; if ($user->standard == $val['id']) $selected = 'selected="selected"'; echo '<option value="'.$val['id'].'" '.$selected.' > '.$val['name'].' </option>'; } echo '</select><br/>'; echo '</p>'; echo '<p><label>'._('página web').':</label><br/>'; echo '<input type="text" autocomplete="off" name="url" id="url" value="'.$user->url.'" />'; echo '</p>'; echo '<p><label>'._('mensajero instantáneo público, invisible para los demás').':</label><br/>'; echo '<span class="note">' . _('necesario si te conectarás vía Jabber/Google Talk') . '</span><br/>'; echo '<input type="text" autocomplete="off" name="public_info" id="public_info" value="'.$user->public_info.'" />'; echo '</p>'; if ($user->id == $current_user->user_id) { echo '<p><label>'._('teléfono móvil').':</label><br/>'; echo '<span class="note">' . _('sólo necesario si enviarás notas al nótame vía SMS') . '</span><br/>'; echo '<span class="note">' . _('pon el número completo, con código de país: +34123456789') . '</span><br/>'; echo '<input type="text" autocomplete="off" name="phone" id="phone" value="'.$user->phone.'" />'; echo '</p>'; } if ($globals['external_user_ads']) { echo '<p><label for="adcode">'._('codigo AdSense').':</label><br/>'; echo '<span class="note">' . _('tu código de usuario de AdSense, del tipo pub-123456789') . '</span><br/>'; echo '<input type="text" autocomplete="off" name="adcode" id="adcode" maxlength="20" value="'.$user->adcode.'" /><br />'; echo '<span class="note">' . _('canal AdSense (opcional), del tipo 1234567890') . '</span><br/>'; echo '<input type="text" autocomplete="off" name="adchannel" id="adchannel" maxlength="12" value="'.$user->adchannel.'" />'; echo '</p>'; } if (is_avatars_enabled()) { echo '<input type="hidden" name="MAX_FILE_SIZE" value="400000" />'; echo '<p><label>'._('avatar').':</label><br/>'; echo '<span class="note">' . _('imagen cuadrada de no más de 400 KB, sin transparencias') . '</span><br/>'; echo '<input type="file" class="button" autocomplete="off" name="image" />'; if ($user->avatar > 0) { echo ' '._('Eliminar avatar').': <input type="checkbox" name="avatar_delete" value="1"/>'; } echo '</p>'; } echo '<fieldset><legend>'._('opciones de visualización') . '</legend>'; echo '<p><label>'._('mostrar todos los comentarios').': '; print_checkbox('comment_pref', $user->comment_pref & 1); echo '</label></p>'; echo '</fieldset>'; echo '<p>'._('introduce la nueva clave para cambiarla -no se cambiará si la dejas en blanco-:').'</p>'; echo '<p><label for="password">' . _("clave") . ':</label><br />' . "\n"; echo '<input type="password" autocomplete="off" id="password" name="password" size="25" onkeyup="return securePasswordCheck(this.form.password);"/></p>' . "\n"; echo '<p><label for="verify">' . _("repite la clave") . ': </label><br />' . "\n"; echo '<input type="password" autocomplete="off" id="verify" name="password2" size="25" onkeyup="checkEqualFields(this.form.password2, this.form.password)"/></p>' . "\n"; if ($admin_mode) { echo '<p><label for="verify">' . _("estado") . ': </label><br />' . "\n"; echo '<select name="user_level">'; foreach ($user_levels as $level) { echo '<option value="'.$level.'"'; if ($user->level == $level) echo ' selected="selected"'; echo '>'.$level.'</option>'; } echo '</select>'; echo '<p><label for="karma">'._('karma').':</label><br/>'; echo '<input type="text" autocomplete="off" name="karma" id="karma" value="'.$user->karma.'" />'; echo '</p>'; } echo '<p><input type="submit" name="save_profile" value="'._('actualizar').'" class="button" /></p>'; echo '</fieldset>'; // Disable the account if ($user->id == $current_user->user_id) { echo '<br/><fieldset><legend>'._('deshabilitar cuenta') . '</legend>'; echo '<p>'._('¡atención! la cuenta será deshabilitada.').'</p>'; echo '<p class="note">'._('se eliminarán automáticamente los datos personales.').'<br/>'; echo _('las notas serán eliminadas, los envíos y comentarios NO se borrarán.').'</p>'; echo '<p><label>'._('sí, quiero deshabilitarla').': <input name="disable" type="checkbox" value="1"/>'; echo '</label></p>'; echo '<p><input type="submit" name="disabledme" value="'._('deshabilitar cuenta').'" class="button" /></p>'; echo '</fieldset>'; } echo "</form></div>\n"; }
function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300); // Show menéame intro only if first try and the there were not previous logins if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) { echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n"; // Only prints if the user was redirected from submit.php if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) { echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n"; } echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n"; echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n"; echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n"; echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n"; echo '<ul style="margin-left: 1.5em">' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n"; echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n"; echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n"; echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n"; echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n"; echo '</li>' . "\n"; echo '</ul>' . "\n"; echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n"; echo '</div>' . "\n"; echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n"; } else { echo '<div class="genericform" style="float:auto;">' . "\n"; } echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header('HTTP/1.1 303 Load'); header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})"); } elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); $previous_login_failed++; recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})"); } else { UserAuth::check_clon_from_cookies(); // If the user is authenticating from a mobile device, keep her in the standard version if ($globals['mobile']) { setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain()); } header('HTTP/1.1 303 Load'); if (!empty($_REQUEST['return'])) { header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']); } else { header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']); } die; } } echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n"; echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n"; print_oauth_icons($_REQUEST['return']); echo '<input type="hidden" name="processlogin" value="1"/>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</fieldset>' . "\n"; echo '</form>' . "\n"; echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n"; echo '</div>' . "\n"; echo '<br/> '; }
function do_register1() { global $db, $globals; if($_POST["acceptlegal"] !== 'accept' ) { register_error(_("no has aceptado las condiciones de uso")); return; } if (!check_user_fields()) return; echo '<br style="clear:both" />'; // f**k spammers $re_test = Array(); preg_match("/.*(outlook.com)|(fr)|(co.uk)|(ru)|(ua)|(aol.com)|(.tk)|(hotmail.*)$/i", clean_input_string($_POST["email"]), $re_test); if($re_test || !empty($_POST['email2'])) { register_error(_("Dominio nom permitido. Ponte em contato com nos em chuza.gl@gmail.com")); return; } echo '<form action="'.get_auth_link().'register.php" method="post" id="thisform">' . "\n"; echo '<fieldset><legend><span class="sign">'._('validación').'</span></legend>'."\n"; ts_print_form(); echo '<input type="submit" name="submit" class="button" value="'._('continuar').'" />'; echo '<input type="hidden" name="process" value="2" />'; echo '<input type="hidden" name="email" value="'.clean_input_string($_POST["email"]).'" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="username" value="'.clean_input_string($_POST["username"]).'" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password" value="'.clean_input_string($_POST["password"]).'" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password2" value="'.clean_input_string($_POST["password2"]).'" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="standard" value="'.clean_input_string($_POST["standard"]).'" />'; // extra sanity, in fact not needed get_form_auth_ip(); echo '</fieldset></form>'."\n"; }
function do_register1() { global $db, $globals; if ($_POST["acceptlegal"] !== 'accept') { register_error(_("no has aceptado las condiciones de uso")); return; } if (!check_user_fields()) { return; } echo '<br style="clear:both" />'; echo '<form action="' . get_auth_link() . 'register.php" method="post" id="thisform">' . "\n"; echo '<fieldset><legend><span class="sign">' . _('validación') . '</span></legend>' . "\n"; ts_print_form(); echo '<input type="submit" name="submit" class="button" value="' . _('continuar') . '" />'; echo '<input type="hidden" name="process" value="2" />'; echo '<input type="hidden" name="email" value="' . clean_input_string($_POST["email"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="username" value="' . clean_input_string($_POST["username"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password" value="' . clean_input_string($_POST["password"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password2" value="' . clean_input_string($_POST["password2"]) . '" />'; // extra sanity, in fact not needed get_form_auth_ip(); echo '</fieldset></form>' . "\n"; }
function do_register1() { global $db, $globals; if ($_POST["acceptlegal"] !== 'accept') { register_error(_("no has aceptado las condiciones de uso")); return; } if (!check_user_fields()) { return; } echo '<br style="clear:both" />'; echo '<form action="' . get_auth_link() . 'register" method="post" id="thisform">' . "\n"; echo '<fieldset><legend><span class="sign">' . _('validación') . '</span></legend>' . "\n"; ts_print_form(); echo '<input type="submit" name="submit" class="button" value="' . _('continuar') . '" />'; echo '<input type="hidden" name="process" value="2" />'; echo '<input type="hidden" name="email" value="' . clean_input_string($_POST["email"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="username" value="' . clean_input_string($_POST["username"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password" value="' . clean_input_string($_POST["password"]) . '" />'; // extra sanity, in fact not needed echo '<input type="hidden" name="password2" value="' . clean_input_string($_POST["password2"]) . '" />'; // extra sanity, in fact not needed get_form_auth_ip(); echo '</fieldset></form>'; // Add extra check: base_key is added on submit echo '<script type="text/javascript">addPostCode(function () { $("#thisform").submit(function () { $(this).append($("<input>", { type: "hidden", name: "base_key", value: base_key})); return true; });})</script>'; }