if (isset($_GET['key'])) {
$key = $_GET['key'];
$update = array(':id' => $id);
$ps = $db->select('users', 'activate_string, activate_key', $update, 'id=:id');
list($new_email, $new_email_key) = $ps->fetch(PDO::FETCH_NUM);
if ($key == '' || $key != $new_email_key) {
message(sprintf($lang_profile['Email key bad'], $panther_config['o_admin_email']));
} else {
$data = array(':id' => $id);
$db->run('UPDATE ' . $db->prefix . 'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id=:id', $data);
message($lang_profile['Email updated'], true);
}
} else {
if (isset($_POST['form_sent'])) {
confirm_referrer('profile.php');
if (panther_hash($_POST['req_password'] . $panther_user['salt']) !== $panther_user['password']) {
message($lang_profile['Wrong pass']);
}
require PANTHER_ROOT . 'include/email.php';
// Validate the email address
$new_email = isset($_POST['req_new_email']) ? strtolower(panther_trim($_POST['req_new_email'])) : '';
if (!$mailer->is_valid_email($new_email)) {
message($lang_common['Invalid email']);
}
// Check if it's a banned email address
if ($mailer->is_banned_email($new_email)) {
if ($panther_config['p_allow_banned_email'] == '0') {
message($lang_prof_reg['Banned email']);
} else {
if ($panther_config['o_mailing_list'] != '') {
$info = array('message' => array('<username>' => $panther_user['username'], '<email>' => $new_email, '<profile_url>' => panther_link($panther_url['profile_essentials'], array($id))));
if ($panther_config['p_allow_banned_email'] == '0') {
$errors[] = $lang_prof_reg['Banned email'];
}
}
if ($panther_config['p_allow_dupe_email'] == '0') {
$data = array(':email' => $email);
$ps = $db->select('users', 1, $data, 'email=:email');
if ($ps->rowCount()) {
$errors[] = $lang_prof_reg['Dupe email'];
}
}
if (empty($errors)) {
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$initial_group_id = $random_pass == 0 ? $panther_config['o_default_user_group'] : PANTHER_UNVERIFIED;
$password_hash = panther_hash($password1 . $password_salt);
// Add the user
$insert = array('username' => $username, 'group_id' => $initial_group_id, 'password' => $password_hash, 'salt' => $password_salt, 'email' => $email, 'email_setting' => $panther_config['o_default_email_setting'], 'timezone' => $panther_config['o_default_timezone'], 'dst' => $panther_config['o_default_dst'], 'language' => $panther_config['o_default_lang'], 'style' => $panther_config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now);
$db->insert('users', $insert);
$new_uid = $db->lastInsertId($db->prefix . 'users');
if ($random_pass == '1') {
$info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login'])));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info);
$mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']);
}
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
redirect(panther_link($panther_url['admin_maintenance']), $lang_admin_maintenance['User created message']);
($hook = get_extensions('forget_password_after_validation')) ? eval($hook) : null;
// Did everything go according to plan?
if (empty($errors)) {
$data = array(':email' => $email);
$ps = $db->select('users', 'id, username, last_email_sent', $data, 'email=:email');
if ($ps->rowCount()) {
// Loop through users we found
foreach ($ps as $cur_hit) {
if ($cur_hit['last_email_sent'] != '' && time() - $cur_hit['last_email_sent'] < 3600 && time() - $cur_hit['last_email_sent'] >= 0) {
message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit['last_email_sent'])) / 60)), true);
}
// Generate a new password and a new password activation code
$new_password = random_pass(12);
$new_salt = random_pass(16);
$new_password_key = random_pass(8);
$update = array('activate_string' => panther_hash($new_password . $new_salt), 'salt' => $new_salt, 'activate_key' => $new_password_key, 'last_email_sent' => time());
$data = array(':id' => $cur_hit['id']);
$db->update('users', $update, 'id=:id', $data);
$info = array('message' => array('<base_url>' => get_base_url(), '<username>' => $cur_hit['username'], '<activation_url>' => panther_link($panther_url['change_password_key'], array($cur_hit['id'], $new_password_key)), '<new_password>' => $new_password));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/activate_password.tpl', $info);
$mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']);
}
message($lang_login['Forget mail'] . ' ' . $panther_config['o_admin_email'], true);
} else {
$errors[] = $lang_login['No email match'] . ' ' . $email . '.';
}
}
}
$page_title = array($panther_config['o_board_title'], $lang_login['Request pass']);
$required_fields = array('req_email' => $lang_common['Email']);
$focus_element = array('request_pass', 'req_email');
// Insert the five preset groups
$db->insert('groups', $insert);
$insert = array('g_id' => 2, 'g_title' => $lang_install['Global Moderators'], 'g_user_title' => $lang_install['Global Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 1, 'g_mod_edit_users' => 1, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 1, 'g_mod_ban_users' => 1, 'g_post_polls' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 1, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#0000CC', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760);
$db->insert('groups', $insert);
$insert = array('g_id' => 3, 'g_title' => $lang_install['Moderators'], 'g_user_title' => $lang_install['Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#00AA00', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760, 'g_pm_folder_limit' => 10);
$db->insert('groups', $insert);
$insert = array('g_id' => 4, 'g_title' => $lang_install['Guests'], 'g_moderator' => 0, 'g_mod_cp' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 0, 'g_post_replies' => 0, 'g_post_topics' => 0, 'g_edit_posts' => 0, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 0, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 0, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '', 'g_attach_files' => 0);
$db->insert('groups', $insert);
$insert = array('g_id' => 5, 'g_title' => $lang_install['Members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_polls' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 5, 'g_use_pm' => 1, 'g_pm_limit' => 100, 'g_search_flood' => 30, 'g_email_flood' => 30, 'g_report_flood' => 30, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 10, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 1, 'g_max_attachments' => 2, 'g_max_size' => 5242880, 'g_pm_folder_limit' => 5);
$db->insert('groups', $insert);
$insert = array('g_id' => 6, 'g_title' => $lang_install['New members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_promote_min_posts' => 5, 'g_promote_next_group' => 5, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 0, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_deledit_interval' => 600, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 1, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 60, 'g_report_flood' => 60, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 5, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 0, 'g_max_attachments' => 0, 'g_max_size' => 1, 'g_pm_folder_limit' => 1);
$db->insert('groups', $insert);
$insert = array('group_id' => 4, 'username' => $lang_install['Guest'], 'password' => $lang_install['Guest'], 'email' => $lang_install['Guest']);
// Insert guest and first admin user
$db->insert('users', $insert);
$insert = array('group_id' => 1, 'username' => $username, 'password' => panther_hash($password1 . $password_salt), 'salt' => $password_salt, 'email' => $email, 'language' => $default_lang, 'style' => $default_style, 'num_posts' => 1, 'last_post' => $now, 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now, 'pm_enabled' => 1, 'use_gravatar' => 1);
$db->insert('users', $insert);
$insert = array('rank' => $lang_install['New member'], 'min_posts' => 0);
$db->insert('ranks', $insert);
$insert = array('rank' => $lang_install['Member'], 'min_posts' => 10);
$db->insert('ranks', $insert);
$avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0;
// Enable/disable avatars depending on file_uploads setting in PHP configuration
$panther_smilies = array(':)' => 'smile.png', '=)' => 'smile.png', ':|' => 'neutral.png', '=|' => 'neutral.png', ':(' => 'sad.png', '=(' => 'sad.png', ':D' => 'big_smile.png', '=D' => 'big_smile.png', ':o' => 'yikes.png', ':O' => 'yikes.png', ';)' => 'wink.png', ':/' => 'hmm.png', ':P' => 'tongue.png', ':p' => 'tongue.png', ':lol:' => 'lol.png', ':mad:' => 'mad.png', ':rolleyes:' => 'roll.png', ':cool:' => 'cool.png', 'xD' => 'xd.png', 'XD' => 'xd.png', ':what:' => 'what.png', 'ZzZz' => 'sleep.png', ':angel:' => 'angel.png', ':angry:' => 'angry.png', ':\'(' => 'cry.png', ':\')' => 'happycry.png', ':blush:' => 'ashame.png');
$i = 0;
foreach ($panther_smilies as $code => $image) {
$insert = array('code' => $code, 'image' => $image, 'disp_position' => $i);
$db->insert('smilies', $insert);
$i++;
}
// Take an educated guess at the correct path- and replace backslashes with forward slashes in case we're using a Windows server.
function check_authentication()
{
global $lang_admin_common, $db, $panther_config, $panther_user;
function send_authentication()
{
global $lang_admin_common;
header('WWW-Authenticate: Basic realm="Panther Admin CP"');
header('HTTP/1.1 401 Unauthorized');
message($lang_admin_common['Unauthorised']);
}
if ($panther_config['o_http_authentication'] == '1') {
if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) {
send_authentication();
} else {
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$form_username = panther_trim($_SERVER['PHP_AUTH_USER']);
$form_password = panther_trim($_SERVER['PHP_AUTH_PW']);
$data = array(':id' => $panther_user['id'], ':username' => $form_username);
$ps = $db->select('users', 'password, salt', $data, 'username=:username AND id=:id');
if (!$ps->rowCount()) {
send_authentication();
} else {
$cur_user = $ps->fetch();
if (panther_hash($form_password . $cur_user['salt']) != $cur_user['password']) {
send_authentication();
}
}
}
}
}
}
public function handle_forum_subscriptions($post_data, $replier, $tid)
{
if ($this->config['o_forum_subscriptions'] != '1') {
return;
}
$forum_id = isset($post_data['forum_id']) ? $post_data['forum_id'] : $post_data['id'];
$poster_id = isset($post_data['poster_id']) ? $post_data['poster_id'] : $this->user['id'];
// Get any subscribed users that should be notified (banned users are excluded)
$data = array(':id' => $this->user['id'], ':post_id' => $forum_id, ':forum_id' => $forum_id);
$ps = $this->db->run('SELECT u.id, u.username, u.email, u.salt, u.login_key, u.notify_with_post, u.language, u.group_id, g.g_global_moderator, g.g_admin FROM ' . $this->db->prefix . 'users AS u INNER JOIN ' . $this->db->prefix . 'forum_subscriptions AS s ON u.id=s.user_id LEFT JOIN ' . $this->db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $this->db->prefix . 'forum_perms AS fp ON (fp.forum_id=:post_id AND fp.group_id=u.group_id) LEFT JOIN ' . $this->db->prefix . 'bans AS b ON u.username=b.username WHERE b.username IS NULL AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.forum_id=:forum_id AND u.id!=:id', $data);
if ($ps->rowCount()) {
$cleaned_message = $this->bbcode2email($post_data['message'], -1);
$moderators = $this->forums[$forum_id]['moderators'] != '' ? unserialize($this->forums[$forum_id]['moderators']) : array();
// Loop through subscribed users and send emails
foreach ($ps as $cur_subscriber) {
if ($this->forums[$forum_id]['protected'] == '1' && $cur_subscriber['g_global_moderator'] != '1' && $cur_subscriber['g_admin'] != '1' && $cur_subscriber['group_id'] != PANTHER_ADMIN && !in_array($cur_subscriber['username'], $moderators) && $cur_subscriber['id'] != $poster_id || !file_exists(PANTHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/new_topic.tpl')) {
continue;
}
$token = panther_hash($cur_subscriber['id'] . 'viewforum.php' . $cur_subscriber['salt'] . $cur_subscriber['login_key']);
$info = array('subject' => array('<forum_name>' => $post_data['forum_name']), 'message' => array('<username>' => $cur_subscriber['username'], '<topic_subject>' => $post_data['subject'], '<forum_name>' => $post_data['forum_name'], '<poster>' => $replier, '<topic_url>' => panther_link($this->url['topic'], array($tid, url_friendly($post_data['subject']))), '<unsubscribe_url>' => panther_link($this->url['forum_unsubscribe'], array($forum_id, $token)), '<message>' => $cleaned_message));
// Load the "new topic" template
$mail_tpl = $this->parse(PANTHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/' . ($cur_subscriber['notify_with_post'] == '0' ? 'new_topic' : 'new_topic_full') . '.tpl', $info);
$this->send($cur_subscriber['email'], $mail_tpl['subject'], $mail_tpl['message']);
}
}
}
$increment_posts = isset($_POST['increment_posts']) ? intval($_POST['increment_posts']) : 1;
if ($forum_name == '') {
message($lang_admin_forums['Must enter name message']);
}
if ($cat_id < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$data = array(':id' => $forum_id);
if ($change_password == '1') {
if ($forum_password1 == $forum_password2) {
if ($forum_password1 == '') {
$update = array('password' => '', 'salt' => '');
$db->update('forums', $update, 'id=:id', $data);
} else {
$salt = random_key(12, true);
$update = array('password' => panther_hash($forum_password1 . panther_hash($salt)), 'salt' => $salt);
$db->update('forums', $update, 'id=:id', $data);
}
} else {
message($lang_admin_forums['passwords do not match']);
}
}
$forum_desc = $forum_desc != '' ? $forum_desc : null;
$redirect_url = $redirect_url != '' ? $redirect_url : null;
$update = array('forum_name' => $forum_name, 'forum_desc' => $forum_desc, 'use_reputation' => $use_reputation, 'parent_forum' => $parent_forum, 'redirect_url' => $redirect_url, 'force_approve' => $force_approve, 'sort_by' => $sort_by, 'cat_id' => $cat_id, 'show_post_info' => $show_post_info, 'quickjump' => $quickjump, 'protected' => $protected, 'increment_posts' => $increment_posts);
$db->update('forums', $update, 'id=:id', $data);
// Now let's deal with the permissions
if (isset($_POST['read_forum_old'])) {
foreach ($panther_groups as $cur_group) {
if ($cur_group['g_id'] != PANTHER_ADMIN) {
$read_forum_new = $cur_group['g_read_board'] == '1' ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]);
