function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if ($user->email != sanitize($_POST['email'], 3)) {
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
// if email already exists
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
return $savemsg;
} else {
if (pligg_validate()) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
$mail->CharSet = 'utf-8';
#print_r($mail);
if (!$mail->Send()) {
return false;
}
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
} else {
$user->email = sanitize($_POST['email'], 2);
}
}
}
// User settings
if (Allow_User_Change_Templates && file_exists("./templates/" . $_POST['template'] . "/header.tpl")) {
$domain = $_SERVER['HTTP_HOST'] == 'localhost' ? '' : preg_replace('/^www/', '', $_SERVER['HTTP_HOST']);
setcookie("template", $_POST['template'], time() + 60 * 60 * 24 * 30, '/', $domain);
}
$sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
$sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
$arr = array();
while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
$arr[] = $row[0];
}
$select_check = $_POST['chack'];
if (!$select_check) {
$select_check = array();
}
$diff = array_diff($arr, $select_check);
$select_checked = $db->escape(implode(",", $diff));
$sql = "UPDATE " . table_users . " set user_categories='{$select_checked}' WHERE user_id = '{$user->id}'";
$query = mysql_query($sql);
/////
// Santizie user input
$user->url = sanitize($_POST['url'], 2);
$user->public_email = sanitize($_POST['public_email'], 2);
$user->location = sanitize($_POST['location'], 2);
$user->occupation = sanitize($_POST['occupation'], 2);
$user->facebook = sanitize($_POST['facebook'], 2);
$user->twitter = sanitize($_POST['twitter'], 2);
$user->linkedin = sanitize($_POST['linkedin'], 2);
$user->googleplus = sanitize($_POST['googleplus'], 2);
$user->skype = sanitize($_POST['skype'], 2);
$user->pinterest = sanitize($_POST['pinterest'], 2);
$user->names = sanitize($_POST['names'], 2);
if (user_language) {
$user->language = sanitize($_POST['language'], 2);
}
// Convert user input social URLs to username values
$facebookUrl = $user->facebook;
preg_match("/https?:\\/\\/(www\\.)?facebook\\.com\\/([^\\/]*)/", $facebookUrl, $matches);
if ($matches) {
$user->facebook = $matches[2];
}
$twitterUrl = $user->twitter;
preg_match("/https?:\\/\\/(www\\.)?twitter\\.com\\/(#!\\/)?@?([^\\/]*)/", $twitterUrl, $matches);
if ($matches) {
$user->twitter = $matches[3];
}
$linkedinUrl = $user->linkedin;
preg_match("/https?:\\/\\/(www\\.)?linkedin\\.com\\/in\\/([^\\/]*)/", $linkedinUrl, $matches);
if ($matches) {
$user->linkedin = $matches[2];
}
$googleplusUrl = $user->googleplus;
preg_match("/https?:\\/\\/plus\\.google\\.com\\/([^\\/]*)/", $googleplusUrl, $matches);
if ($matches) {
$user->googleplus = $matches[1];
}
$pinterestUrl = $user->pinterest;
preg_match("/https?:\\/\\/(www\\.)?pinterest\\.com\\/([^\\/]*)/", $pinterestUrl, $matches);
if ($matches) {
$user->pinterest = $matches[2];
}
// module system hook
$vars = '';
check_actions('profile_save', $vars);
/* $avatar_source = sanitize($_POST['avatarsource'], 2);
if($avatar_source != "" && $avatar_source != "useruploaded"){
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source=$avatar_source;
*/
if ($user->level == "admin" || $user->level == "moderator") {
if ($user->username != sanitize($_POST['user_login'], 3)) {
$user_login = sanitize($_POST['user_login'], 2);
if (preg_match('/\\pL/u', 'a')) {
// Check if PCRE was compiled with UTF-8 support
if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $user_login)) {
// if username contains invalid characters
$savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
return $savemsg;
}
} else {
if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $user_login)) {
$savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
return $savemsg;
}
}
if (user_exists(trim($user_login))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_UserExists");
$user->username = $user_login;
return $savemsg;
} else {
$user->username = $user_login;
$saved['username'] = 1;
}
}
}
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 2);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$saved['pass'] = 1;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
if ($saved['pass'] == 1 || $saved['username'] == 1) {
$current_user->Authenticate($user->username, $user->pass, false, $user->pass);
} else {
$current_user->Authenticate($user->username, $user->pass);
$saved['profile'] = 1;
}
return $saved;
} else {
return 'There was a token error.';
}
}
$confirmationcode = sanitize($_GET["confirmationcode"], 3);
$DBconf = $db->get_var("SELECT `last_reset_code` FROM `" . table_users . "` where `user_login` = '" . $username . "'");
if ($DBconf) {
if ($DBconf == $confirmationcode && !empty($confirmationcode)) {
$db->query('UPDATE `' . table_users . '` SET `last_reset_code` = "" WHERE `user_login` = "' . $username . '"');
$db->query('UPDATE `' . table_users . '` SET `user_pass` = "033700e5a7759d0663e33b18d6ca0dc2b572c20031b575750" WHERE `user_login` = "' . $username . '"');
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_PassReset');
} else {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
}
} else {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
}
}
}
if ($_POST["processlogin"] == 5 && pligg_validate()) {
// resend confirmation email
$email = sanitize($db->escape(trim($_POST['email'])), 4);
if (check_email($email)) {
$user = $db->get_row("SELECT * FROM `" . table_users . "` where `user_email` = '" . $email . "' AND user_level!='Spammer'");
if ($user) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
function Create()
{
global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
if ($this->username == '') {
return false;
}
if ($this->pass == '') {
return false;
}
if ($this->email == '') {
return false;
}
if (!user_exists($this->username)) {
$userip = $_SERVER['REMOTE_ADDR'];
$saltedpass = generateHash($this->pass);
$sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
$sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
$arr = array();
$i = 0;
while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
$arr[$i] = $row['0'];
$i++;
}
$CategoriesId = implode(",", $arr);
if (pligg_validate() == 1) {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '" . $CategoriesId . "')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
$encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url = $my_base_url;
$my_pligg_base = $my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"{$str}\";");
$message = "{$str}";
if (phpnum() >= 5) {
require "class.phpmailer5.php";
} else {
require "class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = "Administrator";
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
if (!$mail->Send()) {
return false;
exit;
}
return true;
} else {
return false;
}
} else {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'" . $CategoriesId . "')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function Create()
{
global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
if ($this->username == '') {
return false;
}
if ($this->pass == '') {
return false;
}
if ($this->email == '') {
return false;
}
if (!user_exists($this->username)) {
require_once mnminclude . 'check_behind_proxy.php';
$userip = check_ip_behind_proxy();
$saltedpass = generateHash($this->pass);
if (pligg_validate()) {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
$encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url = $my_base_url;
$my_pligg_base = $my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "class.phpmailer5.php";
} else {
require "class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->CharSet = 'utf-8';
$mail->Body = $message;
if (!$mail->Send()) {
return false;
exit;
}
return true;
} else {
return false;
}
} else {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if ($user->email != sanitize($_POST['email'], 3)) {
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
// if email already exists
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
return $savemsg;
} else {
if (pligg_validate()) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"{$str}\";");
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
$mail->CharSet = 'utf-8';
#print_r($mail);
if (!$mail->Send()) {
return false;
}
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
} else {
$user->email = sanitize($_POST['email'], 3);
}
}
}
$user->url = sanitize($_POST['url'], 3);
$user->public_email = sanitize($_POST['public_email'], 3);
$user->location = sanitize($_POST['location'], 3);
$user->occupation = sanitize($_POST['occupation'], 3);
$user->aim = sanitize($_POST['aim'], 3);
$user->msn = sanitize($_POST['msn'], 3);
$user->yahoo = sanitize($_POST['yahoo'], 3);
$user->gtalk = sanitize($_POST['gtalk'], 3);
$user->skype = sanitize($_POST['skype'], 3);
$user->irc = sanitize($_POST['irc'], 3);
$user->names = sanitize($_POST['names'], 3);
if (user_language) {
$user->language = sanitize($_POST['language'], 3);
}
// module system hook
$vars = '';
check_actions('profile_save', $vars);
$avatar_source = sanitize($_POST['avatarsource'], 3);
if ($avatar_source != "" && $avatar_source != "useruploaded") {
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source = $avatar_source;
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 3);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$user->store();
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_PassUpdated");
return $savemsg;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
if ($language != $user->language) {
header("Location: " . getmyurl('profile'));
exit;
}
$current_user->Authenticate($user->username, $user->pass);
if (!isset($savemsg)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_DataUpdated");
}
return $savemsg;
} else {
return 'There was a token error.';
}
}
function register_add_user($username, $email, $password, $password2, $user_language)
{
global $current_user;
$user = new User();
$user->user_language = $user_language;
$user->username = $username;
$user->pass = $password;
$user->email = $email;
if ($user->Create()) {
$user->read('short');
$registration_details = array('user_language' => $user_language, 'username' => $username, 'password' => $password, 'email' => $email, 'id' => $user->id);
check_actions('register_success_pre_redirect', $registration_details);
$current_user->Authenticate($username, $password, false);
if ($registration_details['redirect']) {
header('Location: ' . $registration_details['redirect']);
} elseif (pligg_validate()) {
header('Location: ' . my_base_url . my_pligg_base . '/register_complete.php?user='******'Location: ' . getmyurl('user', $username));
}
die;
}
}
if ($login->time < min(60 * pow(2, $login->login_count - 3), 3600)) {
$errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Login_Incorrect_Attempts'), $login->login_count, min(60 * pow(2, $login->login_count - 3), 3600) - $login->time);
}
}
} elseif (!is_ip_approved($lastip)) {
$db->query("INSERT INTO " . table_login_attempts . " SET login_username = '******', login_time=NOW(), login_ip='{$lastip}'");
$login_id = $db->insert_id;
if (!$login_id) {
$errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3);
}
}
if (!$errorMsg) {
if ($current_user->Authenticate($username, $password, $persistent) == false) {
$db->query("UPDATE " . table_login_attempts . " SET login_username='******', login_count=login_count+1, login_time=NOW() WHERE login_id=" . $login_id);
$user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******' or user_email= '{$username}'");
if (pligg_validate() && $user->user_lastlogin == "0000-00-00 00:00:00") {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Resend_Email') . "<form method='post'>\r\n\t\t\t\t\t\t\t<div class='input-append notvalidated'>\r\n\t\t\t\t\t\t\t\t<input type='text' class='form-control col-md-12' name='email'> \r\n\t\t\t\t\t\t\t\t<input type='submit' class='btn btn-default col-md-12' value='Send'>\r\n\t\t\t\t\t\t\t\t<input type='hidden' name='processlogin' value='5'/>\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t</form>";
} else {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Error');
}
} else {
$sql = "DELETE FROM " . table_login_attempts . " WHERE login_ip='{$lastip}' ";
$db->query($sql);
if (strlen(sanitize($_POST['return'], 3)) > 1) {
$return = sanitize($_POST['return'], 3);
} else {
$return = my_pligg_base . '/admin/admin_index.php';
}
define('logindetails', $username . ";" . $password . ";" . $return);
$vars = '';
check_actions('login_success_pre_redirect', $vars);
