==============================================
(c) 2000-2004 by ThWboard Development Group
download the latest version:
http://www.thwboard.de
This program is free software; you can
redistribute it and/or modify it under the
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
include "./inc/header.inc.php";
// http://www.securiteam.com/securitynews/5FP0C204KE.html
$login_name = isset($HTTP_POST_VARS['login_name']) ? $HTTP_POST_VARS['login_name'] : '';
if (is_flooding(FLOOD_LOGIN)) {
message('Fehler', 'IP wegen ' . $config['flood_login_count'] . ' fehlerhafter Loginversuche für ' . $config['flood_login_timeout'] . ' Minuten gesperrt.');
}
if (!isset($login_cookie)) {
$login_cookie = 0;
}
$msg = '';
if (!isset($login_password)) {
$login_password = '';
}
$navpath .= "Login";
if (!$login_name) {
$msg .= "Sie haben vergessen einen Usernamen anzugeben.<br>";
}
if (!$login_password) {
$msg .= "Sie haben vergessen ein Passwort anzugeben.<br>";
terms of the GNU General Public License as
published by the Free Software Foundation;
either version 2 of the License, or (at
your option) any later version.
==============================================
*/
include "./inc/header.inc.php";
if (!$config['allowregister']) {
$navpath .= "User Registrierung » Fehler";
message('Registrierung nicht mölich!', 'Eine Registrierung ist derzeit leider nicht mölich.<br>Bitte versuchen Sie es zu einem späteren Zeitpunkt erneut.');
}
if ($g_user['userid']) {
$navpath .= 'User Registrierung';
message('Fehler', 'Sie sind bereits registriert.<br>Eine weitere Registrierung ist deshalb nicht möglich.');
}
if (is_flooding(FLOOD_REGISTER)) {
message('Fehler', 'IP wegen ' . $config['flood_login_count'] . ' Registrierungen für ' . $config['flood_login_timeout'] . ' Minuten gesperrt.');
}
if (!isset($accept) || !$accept) {
$rules = '';
$TRules = new Template('templates/' . $style['styletemplate'] . '/forumrules.html');
eval($TRules->GetTemplate("rules"));
$navpath .= "User Registrierung";
message("Forumregeln", $rules, 0, 0);
} else {
$Tframe = new Template("templates/" . $style['styletemplate'] . "/frame.html");
$Tregform = new Template("templates/" . $style['styletemplate'] . "/register.html");
$passwordfield = '';
$navpath .= "User Registrierung » Dateneingabe";
$TPasswordfield = new Template('./templates/' . $style['styletemplate'] . '/register_pwdfield.html');
eval($TPasswordfield->GetTemplate('passwordfield'));
$navpath .= "Private Messages";
message('Fehler', 'Die Nachricht konnte nicht versendet werden: Die Private Message Box des Empfängers ist voll.');
} else {
// send msg!
thwb_query("INSERT INTO " . $pref . "pm (pmfromid, pmtoid, pmtopic, pmtext, pmtime, pmflags, pmfolder)\n VALUES ({$g_user['userid']}, {$user['userid']},'" . addslashes($pm['pmtopic']) . "','" . addslashes($pm['pmtext']) . "'," . time() . ", 1, 0);");
if (($frompmcount < $config['max_privmsg'] || $P->has_permission(P_NOPMLIMIT)) && $pm['pmsaveinoutbox'] == 1) {
thwb_query("INSERT INTO " . $pref . "pm (pmtoid, pmfromid, pmtopic, pmtext, pmtime, pmflags, pmfolder)\n VALUES ({$g_user['userid']}, {$user['userid']},'" . addslashes($pm['pmtopic']) . "','" . addslashes($pm['pmtext']) . "'," . time() . ",0 , 1);");
}
$navpath .= "Private Messages";
message("Message verschickt", "Ihre Private Message wurde verschickt!<br><a href=\"" . build_link('pm.php') . "\">Private Message Center</a>");
}
} elseif ($pm['pmmethod'] == 'email') {
// SEND PM as E-Mail
$Pmmail = new Template("templates/mail/pmsg.mail");
possible_flood(FLOOD_MAIL, $g_user['userid']);
if (is_flooding(FLOOD_MAIL, $g_user['userid'])) {
message('Fehler', 'Sie können nur ' . $config['flood_mail_count'] . ' E-Mails pro ' . $config['flood_mail_timeout'] . ' Minuten verschicken.');
}
$mail_body = "";
eval($Pmmail->GetTemplate("mail_body"));
@mail($user['useremail'], "Private Nachricht: " . $pm['pmtopic'], $mail_body, "From: " . $g_user['username'] . " <" . $g_user['useremail'] . ">");
if ($frompmcount < $config['max_privmsg'] and $pm['pmsaveinoutbox'] == 1) {
thwb_query("INSERT INTO " . $pref . "pm (pmtoid, pmfromid, pmtopic, pmtext, pmtime, pmflags, pmfolder)\n VALUES ({$g_user['userid']}, {$user['userid']},'" . addslashes($pm['pmtopic'] . " *E-Mail*") . "','" . addslashes($pm['pmtext']) . "'," . time() . ",0 , 1);");
}
$navpath .= "Private Messages";
message("Message verschickt", "Ihre Private Message wurde als E-Mail verschickt!<br><a href=\"" . build_link('pm.php') . "\">Private Message Center</a>");
}
} else {
$TFrame = new Template("templates/" . $style['styletemplate'] . "/frame.html");
$TMsg = new Template("templates/" . $style['styletemplate'] . "/newprivmsg.html");
if ($config['use_email'] == 1) {
if ($next_url['scheme'] != $current_url['scheme'] || $next_url['host'] != $current_url['host']) {
return;
}
}
if ($com_captcha && !is_valid_captcha_code($code, $confirm_id, $id, 'comments')) {
echo $com13;
} else {
if (!$name || !$comment) {
echo $com1;
} else {
if ($comlength > 0 && strlen($comment) > $comlength) {
printf($com14, $comlength);
} else {
if (!is_valid_email($email) && $email != '') {
echo $com2;
} elseif (is_flooding()) {
echo $com4 . ' ' . $floodtime . ' ' . $com5;
} else {
$news_user = false;
$passok = false;
$file = file(FNEWS_ROOT_PATH . 'users.php');
array_shift($file);
$passhash = md5($pass);
foreach ($file as $value) {
$user = get_line_data('users', $value);
if ($name == $user['username'] || $name == $user['nickname']) {
$news_user = true;
if ($passhash == $user['passwordhash']) {
$name = $user['nickname'];
$passok = true;
if (!$email) {
