Example #1
0
 /**
  * create
  * @param int $_user_no
  * @param array $_data
  * @return boolean
  */
 public function insertUser($_user_no, $_data)
 {
     $adapter = GlobalAdapterFeature::getStaticAdapter();
     $connection = $adapter->getDriver()->getConnection();
     $connection->beginTransaction();
     try {
         $this->db->exchanegArray($_data);
         $row = $this->db->insertRecord($_user_no);
         if ($row) {
             $row = $this->db->insertLoginId($row);
         }
         if ($row) {
             $new_pw = make_rand_str(8, 3);
             $row = $this->db->insertLoginPw($row, $new_pw, 1, 0);
         }
         if ($row) {
             $connection->commit();
             return $new_pw;
         }
     } catch (\Exception $e) {
         $connection->rollback();
         if (IS_TEST) {
             echo $e->getMessage();
         }
         return false;
     }
 }
Example #2
0
 /**
  * create
  * @param array $_user_info
  * @param array $_data
  * @return boolean
  */
 public function insertWorkRecord($_user_info, $_data)
 {
     if (!$_user_info || !$_data) {
         return false;
     }
     $adapter = GlobalAdapterFeature::getStaticAdapter();
     $connection = $adapter->getDriver()->getConnection();
     $connection->beginTransaction();
     $work_no = $this->db->getMaxId('work_no') + 1;
     $row = false;
     do {
         $data = array('branch_no' => gv('branch_no', $_user_info), 'login_pw' => make_rand_str(8, 3), 'join_key' => sha1(time() . microtime() . rand(0, 1000)), 'work_no' => $work_no);
         try {
             $this->db->exchanegArray(array_merge(current($_data), $data));
             $row = $this->db->insertRecord(gv('user_no', $_user_info));
         } catch (\Exception $e) {
             if (IS_TEST) {
                 $connection->rollback();
                 echo $e->getMessage();
             }
             break;
         }
     } while (next($_data));
     if ($row) {
         $this->db->checkLoginId($work_no);
         $connection->commit();
     }
     return $row;
 }
Example #3
0
function convert_user($user)
{
    $user_data = array("user_id" => $user['id'], "user_active" => $user['enabled'] == 'yes' ? true : false, "username" => $user['username'], "user_password" => md5($user['password']), "user_lastvisit" => $user['last_access'], "user_regdate" => $user['added'], "user_level" => tp_user_level($user['class']), "user_lang" => $user['language'], "user_dateformat" => "Y-m-d H:i", "user_opt" => $user['opt'], "user_avatar" => !empty($user['avatar']) ? $user['avatar'] : null, "user_avatar_type" => !empty($user['avatar']) ? 2 : null, "user_email" => $user['email'], "user_website" => $user['website'], "user_icq" => $user['icq'], "user_skype" => $user['skype'], "user_twitter" => $user['twitter'], "user_gender" => $user['gender'], "user_birthday" => $user['user_birthday']);
    $columns = $values = array();
    foreach ($user_data as $column => $value) {
        $columns[] = $column;
        $values[] = "'" . DB()->escape($value) . "'";
    }
    $sql_columns = implode(',', $columns);
    $sql_values = implode(',', $values);
    DB()->query("INSERT IGNORE INTO " . BB_USERS . " ({$sql_columns}) VALUES ({$sql_values});");
    $bt_user_data = array("user_id" => $user['id'], "auth_key" => make_rand_str(BT_AUTH_KEY_LENGTH), "u_up_total" => $user['uploaded'], "u_down_total" => $user['downloaded']);
    $columns = $values = array();
    foreach ($bt_user_data as $column => $value) {
        $columns[] = $column;
        $values[] = "'" . DB()->escape($value) . "'";
    }
    $sql_bt_columns = implode(',', $columns);
    $sql_bt_values = implode(',', $values);
    DB()->query("INSERT IGNORE INTO " . BB_BT_USERS . " ({$sql_bt_columns}) VALUES ({$sql_bt_values});");
}
Example #4
0
function cron_touch_lock_file($lock_file)
{
    file_write(make_rand_str(20), $lock_file, 0, true, true);
}
Example #5
0
 /**
  * re-issue password2
  * @return ViewModel
  */
 public function remindStoreAction()
 {
     $this->layout('layout/index');
     // get temporary id
     $id = (string) $this->params()->fromRoute('id');
     if (!$id) {
         $this->flashMessenger()->addMessage('Not allowed');
         //            $this->flashMessenger()->addMessage('許可されていません。');
         return $this->redirect()->toRoute('app', array('controller' => 'index'));
     }
     $tmp = new TemporaryIdTable();
     $row = $tmp->getFetchOne($id);
     if (!$row || !isset($row->create_user) || !$row->create_user) {
         $this->flashMessenger()->addMessage('Not allowed');
         //            $this->flashMessenger()->addMessage('許可されていません。');
         return $this->redirect()->toRoute('app', array('controller' => 'index'));
     }
     $success = false;
     $request = $this->getRequest();
     if ($request->isPost()) {
         $token_id = $this->container()->get('token_id');
         $this->container()->clear('token_id');
         if ($token_id != $request->getPost('token_id')) {
             $this->flashMessenger()->addMessage('Not allowed');
             //                $this->flashMessenger()->addMessage('許可されていません。');
             return $this->redirect()->toRoute('app', array('controller' => 'index'));
         }
         $db = new UserEntity();
         $chk = true;
         $i = 0;
         while ($chk) {
             $new_pw = make_rand_str(8, 3);
             $chk = $db->db()->checkLoginPw($row->create_user, $new_pw);
             ++$i;
             if (!$chk || 10 < $i) {
                 // avoid infinite loop
                 break;
             }
         }
         if (!$chk) {
             $success = $db->changePw($row->create_user, $new_pw, 1);
         }
         if ($success) {
             $mail = new Message();
             $mail->setEncoding("UTF-8");
             $mail->addFrom(AUTO_MAIL_FROM)->addTo($row->email)->setSubject($this->translator()->translate("About initialize password"));
             //                        ->setSubject($this->translator()->translate("パスワード初期化について"));
             $body_tpl = file_get_contents(APP_DIR . '/tpl/remind-store-mail.txt');
             $body_tpl = trim(str_replace("\r\n", "\n", $body_tpl));
             $body_tpl = $this->translator()->translate($body_tpl);
             $body_tpl .= "\n\n" . "PW:" . $new_pw;
             $body_tpl .= "\n\n\n" . "URL:" . BASE_URL;
             $mail->setBody($body_tpl);
             $transport = new SmtpTransport();
             $options = new SmtpOptions(array('host' => 'smtp.gmail.com', 'connection_class' => 'plain', 'connection_config' => array('ssl' => 'tls', 'username' => AUTO_MAIL_FROM, 'password' => AUTO_MAIL_FROM_PASSWORD), 'port' => 587));
             $transport->setOptions($options);
         }
         if ($success) {
             $success = $transport->send($mail);
         } else {
             if (IS_TEST) {
                 $logger = new \Zend\Log\Logger();
                 $writer = new \Zend\Log\Writer\Stream(APP_DIR . '/log/debug.txt');
                 $logger->addWriter($writer);
                 $logger->log(\Zend\Log\Logger::DEBUG, print_r($mail, 1));
             }
         }
         $tmp->finishRecord($id);
         $message = $success ? 'Please confirm e-mail' : 'Failed';
         //            $message = $success ? 'メールを確認してください。' : '処理失敗';
         $this->flashMessenger()->addMessage($message);
         return $this->redirect()->toRoute('app', array('controller' => 'index'));
     }
     // create token_id
     $token_id = make_token_id();
     $this->container()->set('token_id', $token_id);
     $values = array('token_id' => $token_id, 'id' => $id);
     $view = new ViewModel($values);
     $view->setTemplate('/' . VIEW_DIR . '/index/remind-store.phtml');
     return $view;
 }
Example #6
0
if (isset($HTTP_POST_VARS['submit'])) {
    $username = !empty($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : '';
    $email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
    $sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "'\n\t\t\tAND username = '******'", "''", $username) . "'";
    if ($result = DB()->sql_query($sql)) {
        if ($row = DB()->sql_fetchrow($result)) {
            if (!$row['user_active']) {
                message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']);
            }
            $username = $row['username'];
            $user_id = $row['user_id'];
            $user_actkey = make_rand_str(true);
            $key_len = 54 - strlen($server_url);
            $key_len = $str_len > 6 ? $key_len : 6;
            $user_actkey = substr($user_actkey, 0, $key_len);
            $user_password = make_rand_str(false);
            $sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id'];
            if (!DB()->sql_query($sql)) {
                message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql);
            }
            require FT_ROOT . 'includes/emailer.php';
            $emailer = new emailer($ft_cfg['smtp_delivery']);
            $emailer->from($ft_cfg['board_email']);
            $emailer->replyto($ft_cfg['board_email']);
            $emailer->use_template('user_activate_passwd', $row['user_lang']);
            $emailer->email_address($row['user_email']);
            $emailer->set_subject($lang['New_password_activation']);
            $emailer->assign_vars(array('SITENAME' => $ft_cfg['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, 'EMAIL_SIG' => !empty($ft_cfg['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $ft_cfg['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey));
            $emailer->send();
            $emailer->reset();
            $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="15;url=' . append_sid("index.php") . '">'));
Example #7
0
 /**
  *  Create autologin_id
  *
  * @param      $userdata
  * @param bool $create_new
  *
  * @return string
  */
 function create_autologin_id($userdata, $create_new = true)
 {
     $autologin_id = $create_new ? make_rand_str(LOGIN_KEY_LENGTH) : '';
     DB()->query("\n\t\t\tUPDATE " . USERS_TABLE . " SET\n\t\t\t\tautologin_id = '{$autologin_id}'\n\t\t\tWHERE user_id = " . (int) $userdata['user_id'] . "\n\t\t\tLIMIT 1\n\t\t");
     return $autologin_id;
 }
Example #8
0
         require CLASS_DIR . 'emailer.php';
         $emailer = new emailer($bb_cfg['smtp_delivery']);
         $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>");
         $emailer->email_address($username . " <{$email}>");
         $emailer->use_template($email_template, $user_lang);
         $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'WELCOME_MSG' => sprintf($lang['WELCOME_SUBJECT'], $bb_cfg['sitename']), 'USERNAME' => html_entity_decode($username), 'PASSWORD' => $new_pass, 'U_ACTIVATE' => make_url('profile.php?mode=activate&' . POST_USERS_URL . '=' . $new_user_id . '&act_key=' . $db_data['user_actkey'])));
         $emailer->send();
         $emailer->reset();
     }
     bb_die($message);
 } else {
     set_pr_die_append_msg($pr_data['user_id']);
     // если что-то было изменено
     if ($db_data) {
         if (!$pr_data['user_active']) {
             $user_actkey = make_rand_str(12);
             $pr_data['user_actkey'] = $user_actkey;
             $db_data['user_actkey'] = $user_actkey;
             require CLASS_DIR . 'emailer.php';
             $emailer = new emailer($bb_cfg['smtp_delivery']);
             $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>");
             $emailer->email_address($username . " <{$email}>");
             $emailer->use_template('user_activate', $pr_data['user_lang']);
             $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'USERNAME' => html_entity_decode($username), 'U_ACTIVATE' => make_url("profile.php?mode=activate&u={$pr_data['user_id']}&act_key={$user_actkey}")));
             $emailer->send();
             $emailer->reset();
             $message = $lang['PROFILE_UPDATED_INACTIVE'];
             $user->session_end();
         } else {
             meta_refresh('index.php', 10);
             $message = $lang['PROFILE_UPDATED'];
Example #9
0
     bb_die($lang['CAPTCHA_WRONG']);
 }
 $email = !empty($_POST['email']) ? trim(strip_tags(htmlspecialchars($_POST['email']))) : '';
 $sql = "SELECT * FROM " . BB_USERS . " WHERE user_email = '" . DB()->escape($email) . "'";
 if ($result = DB()->sql_query($sql)) {
     if ($row = DB()->sql_fetchrow($result)) {
         if (!$row['user_active']) {
             bb_die($lang['NO_SEND_ACCOUNT_INACTIVE']);
         }
         if (in_array($row['user_level'], array(MOD, ADMIN))) {
             bb_die($lang['NO_SEND_ACCOUNT']);
         }
         $username = $row['username'];
         $user_id = $row['user_id'];
         $user_actkey = make_rand_str(12);
         $user_password = make_rand_str(8);
         $sql = "UPDATE " . BB_USERS . "\n\t\t\t\tSET user_newpasswd = '{$user_password}', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id'];
         if (!DB()->sql_query($sql)) {
             bb_die('Could not update new password information');
         }
         require CLASS_DIR . 'emailer.php';
         $emailer = new emailer($bb_cfg['smtp_delivery']);
         $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>");
         $emailer->email_address("{$username} <{$row['user_email']}>");
         $emailer->use_template('user_activate_passwd', $row['user_lang']);
         $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, 'U_ACTIVATE' => make_url('profile.php?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)));
         $emailer->send();
         $emailer->reset();
         bb_die($lang['PASSWORD_UPDATED']);
     } else {
         bb_die($lang['NO_EMAIL_MATCH']);
Example #10
0
     message_die(GENERAL_MESSAGE, $message);
 } else {
     $sql = "SELECT MAX(user_id) AS total\n\t\t\t\tFROM " . USERS_TABLE;
     if (!($result = DB()->sql_query($sql))) {
         message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
     }
     if (!($row = DB()->sql_fetchrow($result))) {
         message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql);
     }
     $user_id = $row['total'] + 1;
     //
     // Get current date
     //
     $sql = "INSERT INTO " . USERS_TABLE . "\t(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)\n\t\t\t\tVALUES ({$user_id}, '" . str_replace("\\'", "''", $username) . "', " . time() . ", '" . str_replace("\\'", "''", $new_password) . "', '" . str_replace("\\'", "''", $email) . "', '" . str_replace("\\'", "''", $icq) . "', '" . str_replace("\\'", "''", $website) . "', '" . str_replace("\\'", "''", $occupation) . "', '" . str_replace("\\'", "''", $location) . "', '" . str_replace("\\'", "''", $interests) . "', '" . str_replace("\\'", "''", $signature) . "', '{$signature_bbcode_uid}', {$avatar_sql}, {$viewemail}, {$attachsig}, {$allowsmilies}, {$allowhtml}, {$allowbbcode}, {$allowviewonline}, {$notifyreply}, {$notifypm}, {$popup_pm}, {$user_timezone}, '" . str_replace("\\'", "''", $user_dateformat) . "', '" . str_replace("\\'", "''", $user_lang) . "', {$user_style}, 0, 1, ";
     if ($ft_cfg['require_activation'] == USER_ACTIVATION_SELF || $ft_cfg['require_activation'] == USER_ACTIVATION_ADMIN || $coppa) {
         $user_actkey = make_rand_str(true);
         $key_len = 54 - strlen($server_url);
         $key_len = $key_len > 6 ? $key_len : 6;
         $user_actkey = substr($user_actkey, 0, $key_len);
         $sql .= "0, '" . str_replace("\\'", "''", $user_actkey) . "')";
     } else {
         $sql .= "1, '')";
     }
     if (!($result = DB()->sql_query($sql, BEGIN_TRANSACTION))) {
         message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql);
     }
     $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)\n\t\t\t\tVALUES ('', '', 1, 0)";
     if (!($result = DB()->sql_query($sql))) {
         message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql);
     }
     $group_id = DB()->sql_nextid();
Example #11
0
         case 'yse':
             $_sql = 'avatar, ';
             break;
         default:
             $_sql = '';
             break;
     }
     for ($i = 0; $i < $loops; $i++) {
         $start = $i * C_USERS_PER_ONCE;
         $offset = C_USERS_PER_ONCE;
         $sql = "\n\t\t\tSELECT\n\t\t\t\tid, username, email, status, UNIX_TIMESTAMP(added) AS added, UNIX_TIMESTAMP(last_access) AS last_access,\n\t\t\t\tclass, icq, msn, aim, yahoo, website, {$_sql}\n\t\t\t\tuploaded, downloaded, enabled, language\n\t\t\tFROM " . TB_USERS_TABLE . "\n\t\t\tORDER BY id\n\t\t\tLIMIT {$start}, {$offset}";
         $users = DB()->fetch_rowset($sql);
         DB()->sql_freeresult();
         foreach ($users as $user) {
             $user['id'] += $max_uid;
             $user['password'] = make_rand_str(15);
             convert_user($user);
             $pass[] = array('tb_user_id' => $user['id'] - $max_uid, 'username' => $user['username'], 'new_passwd' => $user['password']);
         }
     }
     $passf = fopen('./converter/passwords.php', 'w');
     $to_write = "<?php \n";
     $to_write .= '$passwords = ' . var_export($pass, true) . ';';
     fwrite($passf, $to_write);
     fclose($passf);
     set_auto_increment(BB_USERS, 'user_id');
     print_ok("Total {$users_count} users from TBDev converted");
     unset($users, $pass, $to_write);
 }
 if (CONVERT_TORRENTS) {
     require_once INC_DIR . 'functions_post.php';
Example #12
0
         $tor_list_sql = '';
         $tor_count = 0;
     } else {
         foreach (DB()->fetch_rowset($SQL) as $row) {
             $tor_list_ary[] = $row['topic_id'];
         }
         $tor_list_sql = join(',', $tor_list_ary);
         $tor_count = count($tor_list_ary);
     }
 }
 if (!$tor_list_sql || $start > $tor_count) {
     $template->assign_vars(array('TOR_NOT_FOUND' => true, 'NO_MATCH_MSG' => $lang['NO_MATCH']));
 } else {
     // Save result in DB
     if ($tor_count > $per_page && !$search_id) {
         $search_id = make_rand_str(SEARCH_ID_LENGTH);
         $search_type = SEARCH_TYPE_TRACKER;
         $columns = 'session_id,   search_type,   search_id,   search_time,   search_settings,  search_array';
         $values = "'{$session_id}', {$search_type}, '{$search_id}', " . TIMENOW . ", '{$curr_set_sql}', '{$tor_list_sql}'";
         DB()->query("REPLACE INTO " . BB_SEARCH . " ({$columns}) VALUES ({$values})");
     }
     unset($columns, $values, $curr_set_sql, $tor_list_sql);
     $tor_to_show = $tor_count > $per_page ? array_slice($tor_list_ary, $start, $per_page) : $tor_list_ary;
     if (!($tor_to_show = join(',', $tor_to_show))) {
         bb_die($lang['NO_SEARCH_MATCH']);
     }
     // SELECT
     $select = "\n\t\t\tSELECT\n\t\t\t\ttor.topic_id, tor.post_id, tor.attach_id, tor.size, tor.reg_time, tor.complete_count, tor.seeder_last_seen, tor.tor_status, tor.tor_type,\n\t\t\t\tt.topic_title, t.topic_time, t.topic_replies, t.topic_views, sn.seeders, sn.leechers, tor.info_hash\n\t\t";
     $select .= !$hide_speed ? ", sn.speed_up, sn.speed_down" : '';
     $select .= !$hide_forum ? ", tor.forum_id" : '';
     $select .= !$hide_cat ? ", f.cat_id" : '';
    /**
     * Upload an Attachment to Filespace (intern)
     */
    function upload_attachment()
    {
        global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id;
        $this->post_attach = $this->filename != '' ? TRUE : FALSE;
        if ($this->post_attach) {
            $r_file = trim(basename($this->filename));
            $file = $_FILES['fileupload']['tmp_name'];
            $this->type = $_FILES['fileupload']['type'];
            if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) {
                bb_die('Tried to upload empty file');
            }
            $this->type = strtolower($this->type);
            $this->extension = strtolower(get_extension($this->filename));
            $this->filesize = @filesize($file);
            $this->filesize = intval($this->filesize);
            $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions
				FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1";
            if (!($result = DB()->sql_query($sql))) {
                bb_die('Could not query extensions');
            }
            $row = DB()->sql_fetchrow($result);
            DB()->sql_freeresult($result);
            $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize'];
            $cat_id = intval($row['cat_id']);
            $auth_cache = trim($row['forum_permissions']);
            // check Filename
            if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename));
            }
            // check php upload-size
            if (!$error && $file == 'none') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $ini_val = 'ini_get';
                $max_size = @$ini_val('upload_max_filesize');
                if ($max_size == '') {
                    $error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA'];
                } else {
                    $error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size);
                }
            }
            // Check Extension
            if (!$error && intval($row['allow_group']) == 0) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension));
            }
            // Check Forum Permissions
            if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension));
            }
            //bt
            // Check if user can post torrent
            global $post_data;
            if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) {
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH'];
            }
            //bt end
            // Upload File
            $this->thumbnail = 0;
            if (!$error) {
                //
                // Prepare Values
                $this->filetime = TIMENOW;
                $this->filename = $r_file;
                // physical filename
                //$this->attach_filename = strtolower($this->filename);
                $this->attach_filename = $this->filename;
                //bt
                if (FILENAME_CRYPTIC) {
                    $this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH);
                } else {
                    // original
                    $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename)));
                    $this->attach_filename = delete_extension($this->attach_filename);
                    $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename);
                    $this->attach_filename = str_replace('__', '_', $this->attach_filename);
                    $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename);
                    $this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename);
                    // Remove non-latin characters
                    $this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename);
                    $this->attach_filename = rawurlencode($this->attach_filename);
                    $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename);
                    $this->attach_filename = trim($this->attach_filename);
                }
                $this->attach_filename = str_replace(array('&amp;', '&', ' '), '_', $this->attach_filename);
                $this->attach_filename = str_replace('php', '_php_', $this->attach_filename);
                $this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH);
                for ($i = 0, $max_try = 5; $i <= $max_try; $i++) {
                    $fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_';
                    $new_physical_filename = clean_filename($fn_prefix . $this->attach_filename);
                    if (!physical_filename_already_stored($new_physical_filename)) {
                        break;
                    }
                    if ($i == $max_try) {
                        bb_die('Could not create filename for attachment');
                    }
                }
                $this->attach_filename = $new_physical_filename;
                // Do we have to create a thumbnail ?
                if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) {
                    $this->thumbnail = 1;
                }
            }
            if ($error) {
                $this->post_attach = FALSE;
                return;
            }
            // Upload Attachment
            if (!$error) {
                // Descide the Upload method
                $ini_val = 'ini_get';
                $safe_mode = @$ini_val('safe_mode');
                if (@$ini_val('open_basedir')) {
                    $upload_mode = 'move';
                } else {
                    if (@$ini_val('safe_mode')) {
                        $upload_mode = 'move';
                    } else {
                        $upload_mode = 'copy';
                    }
                }
                // Ok, upload the Attachment
                if (!$error) {
                    $this->move_uploaded_attachment($upload_mode, $file);
                }
            }
            // Now, check filesize parameters
            if (!$error) {
                if (!$this->filesize) {
                    $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename));
                }
            }
            // Check Image Size, if it's an image
            if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) {
                list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename);
                if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) {
                    if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) {
                        $error = TRUE;
                        if (!empty($error_msg)) {
                            $error_msg .= '<br />';
                        }
                        $error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height']));
                    }
                }
            }
            // check Filesize
            if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) {
                $allowed_filesize = humn_size($allowed_filesize);
                $error = TRUE;
                if (!empty($error_msg)) {
                    $error_msg .= '<br />';
                }
                $error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize);
            }
            // Check our complete quota
            if ($attach_config['attachment_quota']) {
                $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC;
                if (!($result = DB()->sql_query($sql))) {
                    bb_die('Could not query total filesize #1');
                }
                $row = DB()->sql_fetchrow($result);
                DB()->sql_freeresult($result);
                $total_filesize = $row['total'];
                if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) {
                    $error = TRUE;
                    if (!empty($error_msg)) {
                        $error_msg .= '<br />';
                    }
                    $error_msg .= $lang['ATTACH_QUOTA_REACHED'];
                }
            }
            $this->get_quota_limits($userdata);
            // Check our user quota
            if ($attach_config['upload_filesize_limit']) {
                $sql = 'SELECT attach_id
					FROM ' . BB_ATTACHMENTS . '
					WHERE user_id_1 = ' . (int) $userdata['user_id'] . '
					GROUP BY attach_id';
                if (!($result = DB()->sql_query($sql))) {
                    bb_die('Could not query attachments');
                }
                $attach_ids = DB()->sql_fetchrowset($result);
                $num_attach_ids = DB()->num_rows($result);
                DB()->sql_freeresult($result);
                $attach_id = array();
                for ($i = 0; $i < $num_attach_ids; $i++) {
                    $attach_id[] = intval($attach_ids[$i]['attach_id']);
                }
                if ($num_attach_ids > 0) {
                    // Now get the total filesize
                    $sql = 'SELECT sum(filesize) as total
						FROM ' . BB_ATTACHMENTS_DESC . '
						WHERE attach_id IN (' . implode(', ', $attach_id) . ')';
                    if (!($result = DB()->sql_query($sql))) {
                        bb_die('Could not query total filesize #2');
                    }
                    $row = DB()->sql_fetchrow($result);
                    DB()->sql_freeresult($result);
                    $total_filesize = $row['total'];
                } else {
                    $total_filesize = 0;
                }
                if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) {
                    $upload_filesize_limit = $attach_config['upload_filesize_limit'];
                    $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']);
                    if ($upload_filesize_limit >= 1048576) {
                        $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100;
                    } else {
                        if ($upload_filesize_limit >= 1024) {
                            $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100;
                        }
                    }
                    $error = TRUE;
                    if (!empty($error_msg)) {
                        $error_msg .= '<br />';
                    }
                    $error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang);
                }
            }
            if ($error) {
                unlink_attach($this->attach_filename);
                unlink_attach($this->attach_filename, MODE_THUMBNAIL);
                $this->post_attach = FALSE;
            }
        }
    }
function generate_passkey($user_id, $new_user)
{
    global $lang, $sql;
    $user_id = intval($user_id);
    if ($new_user) {
        $u_up_total = $u_down_total = $u_bonus_total = 0;
    } else {
        $sql = 'SELECT *
			FROM ' . BT_USERS_TABLE . "\r\n\t\t\tWHERE user_id = {$user_id}";
        if (!($result = DB()->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not query userdata for passkey', '', __LINE__, __FILE__, $sql);
        }
        $row = DB()->sql_fetchrow($result);
        $u_up_total = $row['u_up_total'] ? $row['u_up_total'] : 0;
        $u_down_total = $row['u_down_total'] ? $row['u_down_total'] : 0;
        $u_bonus_total = $row['u_bonus_total'] ? $row['u_bonus_total'] : 0;
    }
    if (!$new_user) {
        $sql = 'SELECT user_allow_passkey
			FROM ' . USERS_TABLE . "\r\n\t\t\tWHERE user_id = {$user_id}";
        if (!($result = DB()->sql_query($sql))) {
            message_die(GENERAL_ERROR, 'Could not query userdata for passkey', '', __LINE__, __FILE__, $sql);
        }
        $row = DB()->sql_fetchrow($result);
        if (!$row['user_allow_passkey']) {
            message_die(GENERAL_MESSAGE, $lang['Not_Authorised']);
        }
    }
    $sql = 'DELETE FROM ' . BT_USERS_TABLE . "\r\n\t\tWHERE user_id = {$user_id}\r\n\t\tLIMIT 1";
    if (!DB()->sql_query($sql)) {
        message_die(GENERAL_ERROR, 'Could not delete current passkey', '', __LINE__, __FILE__, $sql);
    }
    for ($i = 0; $i < 20; $i++) {
        $auth_key = make_rand_str(BT_AUTH_KEY_LENGTH);
        $columns = 'user_id,   auth_key,   u_up_total,  u_down_total,  u_bonus_total';
        $values = "{$user_id}, '{$auth_key}', {$u_up_total}, {$u_down_total},  {$u_bonus_total}";
        $sql = 'INSERT INTO ' . BT_USERS_TABLE . " ({$columns}) VALUES ({$values})";
        if (DB()->sql_query($sql)) {
            define('AUTH_KEY_INSERT_OK', 1);
            break;
        }
    }
    return $auth_key;
}
Example #15
0
function fetch_search_ids($sql, $search_type = SEARCH_TYPE_POST)
{
    global $lang, $search_id, $session_id, $items_found, $per_page;
    $items_found = array();
    foreach (DB()->fetch_rowset($sql) as $row) {
        $items_found[] = $row['item_id'];
    }
    if (!($items_count = count($items_found))) {
        bb_die($lang['NO_SEARCH_MATCH']);
    }
    // Save results in DB
    $search_id = make_rand_str(SEARCH_ID_LENGTH);
    if ($items_count > $per_page) {
        $search_array = join(',', $items_found);
        $save_in_db = array('order', 'sort', 'display_as', 'chars');
        if ($GLOBALS['dl_cancel_val']) {
            $save_in_db[] = 'dl_cancel';
        }
        if ($GLOBALS['dl_compl_val']) {
            $save_in_db[] = 'dl_compl';
        }
        if ($GLOBALS['dl_down_val']) {
            $save_in_db[] = 'dl_down';
        }
        if ($GLOBALS['dl_will_val']) {
            $save_in_db[] = 'dl_will';
        }
        $curr_set = array();
        foreach ($save_in_db as $name) {
            $curr_set[$GLOBALS["{$name}_key"]] = $GLOBALS["{$name}_val"];
        }
        $search_settings = DB()->escape(serialize($curr_set));
        $columns = 'session_id,   search_type,   search_id,   search_time,    search_settings,    search_array';
        $values = "'{$session_id}', {$search_type}, '{$search_id}', " . TIMENOW . ", '{$search_settings}', '{$search_array}'";
        DB()->query("REPLACE INTO " . BB_SEARCH . " ({$columns}) VALUES ({$values})");
    }
    return array_slice($items_found, 0, $per_page);
}
Example #16
0
function generate_passkey($user_id, $force_generate = false)
{
    global $bb_cfg, $lang, $sql;
    $user_id = (int) $user_id;
    // Check if user can change passkey
    if (!$force_generate) {
        $sql = "SELECT user_opt FROM " . BB_USERS . " WHERE user_id = {$user_id} LIMIT 1";
        if (!($result = DB()->sql_query($sql))) {
            bb_die('Could not query userdata for passkey');
        }
        if ($row = DB()->sql_fetchrow($result)) {
            if (bf($row['user_opt'], 'user_opt', 'dis_passkey')) {
                bb_die($lang['NOT_AUTHORISED']);
            }
        }
    }
    for ($i = 0; $i < 20; $i++) {
        $passkey_val = make_rand_str(BT_AUTH_KEY_LENGTH);
        $old_passkey = null;
        if ($row = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = {$user_id} LIMIT 1")) {
            $old_passkey = $row['auth_key'];
        }
        // Insert new row
        DB()->query("INSERT IGNORE INTO " . BB_BT_USERS . " (user_id, auth_key) VALUES ({$user_id}, '{$passkey_val}')");
        if (DB()->affected_rows() == 1) {
            return $passkey_val;
        }
        // Update
        DB()->query("UPDATE IGNORE " . BB_BT_USERS . " SET auth_key = '{$passkey_val}' WHERE user_id = {$user_id} LIMIT 1");
        if (DB()->affected_rows() == 1) {
            // Ocelot
            if ($bb_cfg['ocelot']['enabled']) {
                ocelot_update_tracker('change_passkey', array('oldpasskey' => $old_passkey, 'newpasskey' => $passkey_val));
            }
            return $passkey_val;
        }
    }
    return false;
}