function upgrade15_dbchanges()
{
global $db, $output, $mybb, $cache;
$output->print_header("Performing Queries");
echo "<p>Performing necessary upgrade queries..</p>";
flush();
if ($db->type != "pgsql") {
$db->update_query("settinggroups", array('isdefault' => '1'), "isdefault='yes'");
$db->update_query("settinggroups", array('isdefault' => '0'), "isdefault='no'");
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "events CHANGE timezone timezone varchar(4) NOT NULL default '0'");
}
if ($db->type == "pgsql") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN revokereason SET default ''");
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN notes SET default ''");
}
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
if ($db->type != "sqlite2" && $db->type != "sqlite3") {
$ip_index = $db->index_exists("sessions", "ip");
if ($ip_index == false) {
if ($db->type == "pgsql") {
$db->write_query("CREATE INDEX ip ON " . TABLE_PREFIX . "sessions (ip)");
} else {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "sessions ADD INDEX (`ip`)");
}
}
}
$contents .= "Click next to continue with the upgrade process.</p>";
$output->print_contents($contents);
$output->print_footer("15_usernameverify");
}
function upgrade15_dbchanges()
{
global $db, $output, $mybb, $cache;
$output->print_header("Wykonywanie zapytań");
echo "<p>Trwa wykonywanie wymaganych zapytań do bazy danych...</p>";
flush();
if ($db->type != "pgsql") {
$db->update_query("settinggroups", array('isdefault' => '1'), "isdefault='yes'");
$db->update_query("settinggroups", array('isdefault' => '0'), "isdefault='no'");
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "events CHANGE timezone timezone varchar(4) NOT NULL default '0'");
}
if ($db->type == "pgsql") {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN revokereason SET default ''");
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN notes SET default ''");
}
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
if ($db->type != "sqlite") {
$ip_index = $db->index_exists("sessions", "ip");
if ($ip_index == false) {
if ($db->type == "pgsql") {
$db->write_query("CREATE INDEX ip ON " . TABLE_PREFIX . "sessions (ip)");
} else {
$db->write_query("ALTER TABLE " . TABLE_PREFIX . "sessions ADD INDEX (`ip`)");
}
}
}
$contents .= "Naciśnij przycisk Dalej, aby kontynuować proces aktualizacji.</p>";
$output->print_contents($contents);
$output->print_footer("15_usernameverify");
}
function create($a)
{
if (!$a["id"]) {
$a["id"] = random_str();
}
$a['created_at'] = date("Y/m/d H:i:s");
//$a['cookie']=@$_COOKIE['cookie'];
$this->lastid = $a["id"];
$lines = $this->get_lines();
$head = explode("\t", array_shift($lines));
$head_num = count($head);
$b = array();
for ($i = 0; $i < $head_num; $i++) {
if ($a[$head[$i]]) {
$b[] = $this->escape($a[$head[$i]]);
} else {
$b[] = "";
}
}
$handle = fopen(SAFEPATH . $this->tablename, 'a');
if (flock($handle, LOCK_EX)) {
$line = implode("\t", $b);
fwrite($handle, $line . "\n");
flock($handle, LOCK_UN);
// ロックを解放します
} else {
fclose($fp);
return false;
}
fclose($fp);
return $a;
}
function authpic()
{
$random = random_str(4, "123456789");
$_SESSION["authcode"] = $random;
code2pic($random);
exit;
}
function upload_attach_func($xmlrpc_params)
{
global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups;
$lang->load("member");
$parser = new postParser();
$input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params);
$fid = $input['forum_id'];
//return xmlrespfalse(print_r($_FILES, true));
// Fetch forum information.
$forum = get_forum($fid);
if (!$forum) {
return xmlrespfalse($lang->error_invalidforum);
}
$forumpermissions = forum_permissions($fid);
if ($forum['open'] == 0 || $forum['type'] != "f") {
return xmlrespfalse($lang->error_closedinvalidforum);
}
if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) {
return tt_no_permission();
}
// Check if this forum is password protected and we have a valid password
tt_check_forum_password($forum['fid']);
$posthash = $input['group_id'];
if (empty($posthash)) {
$posthash = md5($mybb->user['uid'] . random_str());
}
$mybb->input['posthash'] = $posthash;
if (!empty($mybb->input['pid'])) {
$attachwhere = "pid='{$mybb->input['pid']}'";
} else {
$attachwhere = "posthash='{$posthash}'";
}
$query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere);
$attachcount = $db->fetch_field($query, "numattachs");
//if(is_array($_FILES['attachment']['name'])){
foreach ($_FILES['attachment'] as $k => $v) {
if (is_array($_FILES['attachment'][$k])) {
$_FILES['attachment'][$k] = $_FILES['attachment'][$k][0];
}
}
//}
if ($_FILES['attachment']['type'] == 'image/jpg') {
$_FILES['attachment']['type'] = 'image/jpeg';
}
// If there's an attachment, check it and upload it
if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) {
require_once MYBB_ROOT . "inc/functions_upload.php";
$attachedfile = upload_attachment($_FILES['attachment'], false);
}
if (empty($attachedfile)) {
return xmlrespfalse("No file uploaded");
}
//return xmlrespfalse(print_r($attachedfile, true));
if ($attachedfile['error']) {
return xmlrespfalse(implode(" :: ", $attachedfile['error']));
}
$result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct');
return new xmlrpcresp($result);
}
/**
* Create & Assign a new payment ID to user
*
* @param object User
* @return string payment id
*/
public function create_payment_id($user)
{
$res = false;
// Keep generating payment id until successfully inserted.
while (!$res) {
$payment_id = random_str(64);
$sql = insert_query('users_cn_payment_ids', array('asset_id' => $this->id, 'payment_id' => $payment_id, 'user_id' => $user->id(), 'date_created' => array('UTC_TIMESTAMP()')));
$res = db()->query($sql);
}
return $payment_id;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest()) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('/token/314159265?state=' . random_str(20));
}
}
return $next($request);
}
/**
* This function return user if user is logged in and update It's expire time.
* If user is not logged in , returns false;
* @return bool|WP_USER
*/
function get_user_from_cookie()
{
if (!isset($_COOKIE[COOKIE_NAME])) {
return false;
}
$user = get_user_by('ID', substr($_COOKIE[COOKIE_NAME], 34, strlen($_COOKIE[COOKIE_NAME]) - 56));
if ($user) {
setcookie(COOKIE_NAME, random_str(34) . strval($user->ID) . random_str(22), time() + 21600, '/');
return $user;
}
return false;
}
function convert_data($data)
{
global $db, $error_notice, $mybb;
$error_notice = "";
$insert_data = array();
// Invision Power Board 2 values
$insert_data['import_aid'] = $data['attach_id'];
$posthash = $this->get_import->post_attachment_details($data['attach_pid']);
$insert_data['pid'] = $posthash['pid'];
if ($posthash['posthash']) {
$insert_data['posthash'] = $posthash['posthash'];
} else {
$insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str());
}
$insert_data['filetype'] = $this->get_attach_type($data['attach_ext']);
// Check if it is it an image
switch (strtolower($insert_data['filetype'])) {
case "image/gif":
case "image/jpeg":
case "image/x-jpg":
case "image/x-jpeg":
case "image/pjpeg":
case "image/jpg":
case "image/png":
case "image/x-png":
$is_image = 1;
break;
default:
$is_image = 0;
break;
}
// should have thumbnail if it's an image
if ($is_image == 1) {
$insert_data['thumbnail'] = 'SMALL';
} else {
$insert_data['thumbnail'] = '';
}
$insert_data['posthash'] = $data['attach_post_key'];
$insert_data['uid'] = $this->get_import->uid($data['attach_member_id']);
$insert_data['filename'] = $data['attach_file'];
$insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['attach_date'] . ".attach";
$insert_data['filesize'] = $data['attach_filesize'];
$insert_data['downloads'] = $data['attach_hits'];
$insert_data['visible'] = $data['attach_approved'];
if ($data['attach_thumb_location']) {
$ext = get_extension($data['attach_thumb_location']);
$insert_data['thumbnail'] = str_replace(".attach", "_thumb.{$ext}", basename($insert_data['attachname']));
}
return $insert_data;
}
/**
* Adds user to the databse.
* Creates a temporary randomly generated password string
* for user, emails the user a confirmation message about account creation
* along with
* temporary password string.
*
* @param $DB_con -
* PDO Database connection object
*/
public function add_user($DB_con)
{
// generate random password string
$temp_password = random_str(10);
// not currently needed
// hash password
// if (isset($password)) {
// $password = crypt($password);
// }
// prepare and executer query to add user to database
$add_user_query = 'INSERT INTO `tat_user` (`employee_number`, `First_Name`, `Last_Name`, `Email`, `Phone_Number`, `GPA`, `Gender`, `Password`, `Access_Level`)
VALUES (:sid, :first_name, :last_name, :email, :phone_number, :gpa, :gender, :password, :access_level)';
$statement = $DB_con->prepare($add_user_query);
// bind query parameters
$statement->bindParam(':sid', $this->id, PDO::PARAM_STR);
$statement->bindParam(':first_name', $this->first_name, PDO::PARAM_STR);
$statement->bindParam(':last_name', $this->last_name, PDO::PARAM_STR);
$statement->bindParam(':email', $this->email, PDO::PARAM_STR);
$statement->bindParam(':phone_number', $this->phone_number, PDO::PARAM_STR);
$statement->bindParam(':gpa', $this->gpa, PDO::PARAM_STR);
$statement->bindParam(':gender', $this->gender, PDO::PARAM_STR);
$statement->bindParam(':password', $temp_password, PDO::PARAM_STR);
$statement->bindParam(':access_level', $this->access_level, PDO::PARAM_STR);
// execute query
if (!$statement->execute()) {
// set error message and redirect user
$_SESSION['add_user_error'] = 'An unknown error has occurred. Please contact system support and provide a detailed description of what you were trying to accomplish when this error occurred. (Error: -1)';
header('Location: ../add_user_gui.php');
die;
} else {
// redirect to dash board
$_SESSION['user_added'] = 1;
$fullName = $this->first_name . " " . $this->last_name;
// finally send them an email
if ($this->access_level == 'lecturer') {
$email = new Emailer();
$email->sendLecturerTempEmail($_POST['user_email'], $fullName, $temp_password);
header('Location: ../add_user_gui.php');
die;
} else {
if ($this->access_level == 'student') {
$email = new Emailer();
$email->sendStudentTempEmail($_POST['user_email'], $fullName, $temp_password);
header('Location: ../add_user_gui.php');
die;
}
}
}
}
function convert_data($data)
{
$insert_data = array();
// vBulletin 3 values
$insert_data['import_aid'] = $data['attachmentid'];
$insert_data['filetype'] = $this->get_attach_type($data['extension']);
// Check if it is it an image
switch (strtolower($insert_data['filetype'])) {
case "image/gif":
case "image/jpeg":
case "image/x-jpg":
case "image/x-jpeg":
case "image/pjpeg":
case "image/jpg":
case "image/png":
case "image/x-png":
$is_image = 1;
break;
default:
$is_image = 0;
break;
}
// Should have thumbnail if it's an image
if ($is_image == 1) {
$insert_data['thumbnail'] = 'SMALL';
} else {
$insert_data['thumbnail'] = '';
}
$posthash = $this->get_import->post_attachment_details($data['postid']);
$insert_data['pid'] = $posthash['pid'];
if ($posthash['posthash']) {
$insert_data['posthash'] = $posthash['posthash'];
} else {
$insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str());
}
$insert_data['uid'] = $this->get_import->uid($data['userid']);
$insert_data['filename'] = $data['filename'];
$insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['dateline'] . ".attach";
$insert_data['filesize'] = $data['filesize'];
$insert_data['downloads'] = $data['counter'];
$insert_data['visible'] = $data['visible'];
if ($data['thumbnail']) {
$insert_data['thumbnail'] = str_replace(".attach", "_thumb.{$data['extension']}", $insert_data['attachname']);
}
return $insert_data;
}
function convert_data($data)
{
$insert_data = array();
// phpBB 3 values
$insert_data['import_aid'] = $data['attach_id'];
$insert_data['uid'] = $this->get_import->uid($data['poster_id']);
$insert_data['filename'] = $data['real_filename'];
$insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['filetime'] . ".attach";
$insert_data['filetype'] = $data['mimetype'];
$insert_data['filesize'] = $data['filesize'];
$insert_data['downloads'] = $data['download_count'];
$posthash = $this->get_import->post_attachment_details($data['post_msg_id']);
$insert_data['pid'] = $posthash['pid'];
if ($posthash['posthash']) {
$insert_data['posthash'] = $posthash['posthash'];
} else {
$insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str());
}
// Check if this is an image
switch (strtolower($insert_data['filetype'])) {
case "image/gif":
case "image/jpeg":
case "image/x-jpg":
case "image/x-jpeg":
case "image/pjpeg":
case "image/jpg":
case "image/png":
case "image/x-png":
$is_image = 1;
break;
default:
$is_image = 0;
break;
}
// Check if this is an image
if ($is_image == 1) {
$insert_data['thumbnail'] = 'SMALL';
} else {
$insert_data['thumbnail'] = '';
}
return $insert_data;
}
public function addUser($user_info)
{
$result = array('success' => false, 'message' => "Something went wrong.");
if (sizeof($user_info) > 0) {
$result['success'] = (isset($user_info['name']) and ctype_alnum($user_info['name']) and strlen($user_info['name']) > 2 or isset($user_info['email']) and filter_var($user_info['email'], FILTER_VALIDATE_EMAIL) or isset($user_info['country']) and ctype_alpha($user_info['country']) or isset($user_info['password']) and strlen($user_info['password']) < 5 or isset($user_info['confirm_password'])) ? true : false;
if ($user_info['password'] != $user_info['confirm_password']) {
$result['success'] = false;
$result['message'] = "Password did not match.";
$result['field'] = "password";
return $result;
}
if ($this->db->checkExists($this->user_table, 'email', $user_info['email'])) {
$result['success'] = false;
$result['message'] = "Email already exists.";
$result['field'] = "email";
return $result;
}
if ($result['success']) {
$salt = random_str(20);
$password = crypt($user_info['password'], $salt);
unset($user_info['password']);
unset($user_info['confirm_password']);
$user_result = $this->db->add($this->user_table, $user_info);
if ($user_result['success']) {
$result['user_id'] = $user_result['lastInsertId'];
$result['secret_id'] = $this->_saveUserSecret(array('user_id' => $result['user_id'], 'password' => $password, 'email_confirmation' => random_str(20)));
if ($result['secret_id']) {
/* TO DO :
* Email Confirmation
*/
$result['success'] = true;
unset($result['message']);
}
}
}
}
return $result;
}
}
if (isset($mybb->input['code']) && $user) {
$query = $db->simple_select("awaitingactivation", "code", "uid='" . $user['uid'] . "' AND type='p'");
$activationcode = $db->fetch_field($query, 'code');
$now = TIME_NOW;
if (!$activationcode || $activationcode != $mybb->get_input('code')) {
error($lang->error_badlostpwcode);
}
$db->delete_query("awaitingactivation", "uid='" . $user['uid'] . "' AND type='p'");
$username = $user['username'];
// Generate a new password, then update it
$password_length = (int) $mybb->settings['minpasswordlength'];
if ($password_length < 8) {
$password_length = 8;
}
$password = random_str($password_length);
$logindetails = update_password($user['uid'], md5($password), $user['salt']);
$email = $user['email'];
$plugins->run_hooks("member_resetpassword_process");
$emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
$emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
my_mail($email, $emailsubject, $emailmessage);
$plugins->run_hooks("member_resetpassword_reset");
error($lang->redirect_passwordreset);
} else {
$plugins->run_hooks("member_resetpassword_form");
switch ($mybb->settings['username_method']) {
case 0:
$lang_username = $lang->username;
break;
case 1:
/**
* Installation is finished
*/
function install_done()
{
global $output, $db, $mybb, $errors, $cache, $lang;
if (empty($mybb->input['adminuser'])) {
$errors[] = $lang->admin_step_error_nouser;
}
if (empty($mybb->input['adminpass'])) {
$errors[] = $lang->admin_step_error_nopassword;
}
if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) {
$errors[] = $lang->admin_step_error_nomatch;
}
if (empty($mybb->input['adminemail'])) {
$errors[] = $lang->admin_step_error_noemail;
}
if (is_array($errors)) {
create_admin_user();
}
require MYBB_ROOT . 'inc/config.php';
$db = db_connection($config);
require MYBB_ROOT . 'inc/settings.php';
$mybb->settings =& $settings;
ob_start();
$output->print_header($lang->finish_setup, 'finish');
echo $lang->done_step_usergroupsinserted;
// Insert all of our user groups from the XML file
$usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml');
$parser = new XMLParser($usergroup_settings);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$admin_gid = '';
$group_count = 0;
foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) {
// usergroup[cancp][0][value]
$new_group = array();
foreach ($usergroup as $key => $value) {
if (!is_array($value)) {
continue;
}
$new_group[$key] = $db->escape_string($value[0]['value']);
}
$db->insert_query("usergroups", $new_group, false);
// If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs)
if ($new_group['cancp'] == 1 && !$admin_gid) {
$admin_gid = $usergroup['gid'][0]['value'];
}
$group_count++;
}
// Restart usergroup sequence with correct # of groups
if ($config['database']['type'] == "pgsql") {
$db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));");
}
echo $lang->done . '</p>';
echo $lang->done_step_admincreated;
$now = TIME_NOW;
$salt = random_str();
$loginkey = generate_loginkey();
$saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass')));
$newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => '');
$db->insert_query('users', $newuser);
echo $lang->done . '</p>';
echo $lang->done_step_adminoptions;
$adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml');
$parser = new XMLParser($adminoptions);
$parser->collapse_dups = 0;
$tree = $parser->get_tree();
$insertmodule = array();
$db->delete_query("adminoptions");
// Insert all the admin permissions
foreach ($tree['adminoptions'][0]['user'] as $users) {
$uid = $users['attributes']['uid'];
foreach ($users['permissions'][0]['module'] as $module) {
foreach ($module['permission'] as $permission) {
$insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value'];
}
}
$defaultviews = array();
foreach ($users['defaultviews'][0]['view'] as $view) {
$defaultviews[$view['attributes']['type']] = $view['value'];
}
$adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews)));
$insertmodule = array();
$db->insert_query('adminoptions', $adminoptiondata);
}
echo $lang->done . '</p>';
// Automatic Login
my_unsetcookie("sid");
my_unsetcookie("mybbuser");
my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true);
ob_end_flush();
// Make fulltext columns if supported
if ($db->supports_fulltext('threads')) {
$db->create_fulltext_index('threads', 'subject');
}
if ($db->supports_fulltext_boolean('posts')) {
$db->create_fulltext_index('posts', 'message');
}
echo $lang->done_step_cachebuilding;
require_once MYBB_ROOT . 'inc/class_datacache.php';
$cache = new datacache();
$cache->update_version();
$cache->update_attachtypes();
$cache->update_smilies();
$cache->update_badwords();
$cache->update_usergroups();
$cache->update_forumpermissions();
$cache->update_stats();
$cache->update_statistics();
$cache->update_forums();
$cache->update_moderators();
$cache->update_usertitles();
$cache->update_reportedcontent();
$cache->update_awaitingactivation();
$cache->update_mycode();
$cache->update_profilefields();
$cache->update_posticons();
$cache->update_spiders();
$cache->update_bannedips();
$cache->update_banned();
$cache->update_bannedemails();
$cache->update_birthdays();
$cache->update_groupleaders();
$cache->update_threadprefixes();
$cache->update_forumsdisplay();
$cache->update("plugins", array());
$cache->update("internal_settings", array('encryption_key' => random_str(32)));
$cache->update_default_theme();
$version_history = array();
$dh = opendir(INSTALL_ROOT . "resources");
while (($file = readdir($dh)) !== false) {
if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) {
$version_history[$match[1]] = $match[1];
}
}
sort($version_history, SORT_NUMERIC);
$cache->update("version_history", $version_history);
// Schedule an update check so it occurs an hour ago. Gotta stay up to date!
$update['nextrun'] = TIME_NOW - 3600;
$db->update_query("tasks", $update, "tid='12'");
$cache->update_update_check();
$cache->update_tasks();
echo $lang->done . '</p>';
echo $lang->done_step_success;
$written = 0;
if (is_writable('./')) {
$lock = @fopen('./lock', 'w');
$written = @fwrite($lock, '1');
@fclose($lock);
if ($written) {
echo $lang->done_step_locked;
}
}
if (!$written) {
echo $lang->done_step_dirdelete;
}
echo $lang->done_whats_next;
$output->print_footer('');
}
// Wrong code -> close session (aka logout)
$db->delete_query("adminsessions", "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'");
my_unsetcookie('adminsid');
// Now test whether we need to lock this guy completly
$db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='{$mybb->user['uid']}'", '', true);
$loginattempts = login_attempt_check_acp($mybb->user['uid'], true);
// Have we attempted too many times?
if ($loginattempts['loginattempts'] > 0) {
// Have we set an expiry yet?
if ($loginattempts['loginlockoutexpiry'] == 0) {
$db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW + (int) $mybb->settings['loginattemptstimeout'] * 60), "uid='{$mybb->user['uid']}'");
}
// Did we hit lockout for the first time? Send the unlock email to the administrator
if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) {
$db->delete_query("awaitingactivation", "uid='{$mybb->user['uid']}' AND type='l'");
$lockout_array = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l");
$db->insert_query("awaitingactivation", $lockout_array);
$subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']);
$message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->user['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']);
my_mail($mybb->user['email'], $subject, $message);
}
log_admin_action(array('type' => 'admin_locked_out', 'uid' => $mybb->user['uid'], 'username' => $mybb->user['username']));
$page->show_lockedout();
}
// Still here? Show a custom login page
$page->show_login($lang->my2fa_failed, "error");
}
}
// Show our 2FA page
if (!empty($admin_options['authsecret']) && $admin_session['authenticated'] != 1) {
$page->show_2fa();
$captcha = $post_captcha->html;
}
}
$postoptionschecked = array('signature' => '', 'emailnotify' => '');
if ($mybb->user['signature']) {
$postoptionschecked['signature'] = 'checked="checked"';
}
// Hide signature option if no permission
$option_signature = '';
if ($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature']) {
eval("\$option_signature = \"" . $templates->get('showthread_quickreply_options_signature') . "\";");
}
if (isset($mybb->user['emailnotify']) && $mybb->user['emailnotify'] == 1) {
$postoptionschecked['emailnotify'] = 'checked="checked"';
}
$posthash = md5($mybb->user['uid'] . random_str());
eval("\$quickreply = \"" . $templates->get("showthread_quickreply") . "\";");
}
// If the user is a moderator, show the moderation tools.
if ($ismod) {
$customthreadtools = $customposttools = '';
if (is_moderator($forum['fid'], "canusecustomtools") && (!empty($forum_stats[-1]['modtools']) || !empty($forum_stats[$forum['fid']]['modtools']))) {
switch ($db->type) {
case "pgsql":
case "sqlite":
$query = $db->simple_select("modtools", "tid, name, type", "','||forums||',' LIKE '%,{$fid},%' OR ','||forums||',' LIKE '%,-1,%' OR forums=''");
break;
default:
$query = $db->simple_select("modtools", "tid, name, type", "CONCAT(',',forums,',') LIKE '%,{$fid},%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums=''");
}
while ($tool = $db->fetch_array($query)) {
if ($mybb->input['action'] == "do_email" && $mybb->request_method == "post") {
$errors = array();
$plugins->run_hooks("usercp_do_email_start");
if (validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false) {
$errors[] = $lang->error_invalidpassword;
} else {
// Set up user handler.
require_once "inc/datahandlers/user.php";
$userhandler = new UserDataHandler("update");
$user = array("uid" => $mybb->user['uid'], "email" => $mybb->input['email'], "email2" => $mybb->input['email2']);
$userhandler->set_data($user);
if (!$userhandler->validate_user()) {
$errors = $userhandler->get_friendly_errors();
} else {
if ($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1) {
$activationcode = random_str();
$now = TIME_NOW;
$db->delete_query("awaitingactivation", "uid='" . $mybb->user['uid'] . "'");
$newactivation = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => $activationcode, "type" => "e", "oldgroup" => $mybb->user['usergroup'], "misc" => $db->escape_string($mybb->input['email']));
$db->insert_query("awaitingactivation", $newactivation);
$username = $mybb->user['username'];
$uid = $mybb->user['uid'];
$lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']);
$lang->email_changeemail = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->input['email'], $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']);
my_mail($mybb->input['email'], $lang->emailsubject_changeemail, $lang->email_changeemail);
$plugins->run_hooks("usercp_do_email_verify");
$result_text = $lang->redirect_changeemail_activation;
$verify_result = true;
} else {
$userhandler->update_user();
$plugins->run_hooks("usercp_do_email_changed");
<?php
$NameFirst = my_fix($_POST['inputNameFirst']);
$NameLast = my_fix($_POST['inputNameLast']);
$Email = my_fix($_POST['inputEmail2']);
$Blowfish = encrypt_password(random_str(16));
$Connection = get_connection();
try {
$Connection->beginTransaction();
$q0 = gq_insert('framy_Personal', 'NameFirst,NameLast,Email', ':a,:b,:c');
$s0 = $Connection->prepare($q0);
$s0->bindValue(':a', $NameFirst, PDO::PARAM_STR);
$s0->bindValue(':b', $NameLast, PDO::PARAM_STR);
$s0->bindValue(':c', $Email, PDO::PARAM_STR);
$s0->execute();
$s0->closeCursor();
$PersonalId = $Connection->lastInsertId('framy_Personal_PersonalId_seq');
$q1 = gq_insert('framy_Blowfish', 'PersonalId,Blowfish', ':a,:b');
$s1 = $Connection->prepare($q1);
$s1->bindValue(':a', $PersonalId, PDO::PARAM_INT);
$s1->bindValue(':b', $Blowfish, PDO::PARAM_STR);
$s1->execute();
$s1->closeCursor();
$Connection->commit();
} catch (Exception $e) {
$Connection->rollBack();
superendsession();
exception_error($e);
die;
}
$_SESSION['PersonalId'] = $PersonalId;
/**
* Upload an attachment in to the file system
*
* @param array $attachment Attachment data (as fed by PHPs $_FILE)
* @param boolean $update_attachment Whether or not we are updating a current attachment or inserting a new one
* @return array Array of attachment data if successful, otherwise array of error data
*/
function upload_attachment($attachment, $update_attachment = false)
{
global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache;
$posthash = $db->escape_string($mybb->get_input('posthash'));
$pid = (int) $pid;
if (isset($attachment['error']) && $attachment['error'] != 0) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
switch ($attachment['error']) {
case 1:
// UPLOAD_ERR_INI_SIZE
$ret['error'] .= $lang->error_uploadfailed_php1;
break;
case 2:
// UPLOAD_ERR_FORM_SIZE
$ret['error'] .= $lang->error_uploadfailed_php2;
break;
case 3:
// UPLOAD_ERR_PARTIAL
$ret['error'] .= $lang->error_uploadfailed_php3;
break;
case 4:
// UPLOAD_ERR_NO_FILE
$ret['error'] .= $lang->error_uploadfailed_php4;
break;
case 6:
// UPLOAD_ERR_NO_TMP_DIR
$ret['error'] .= $lang->error_uploadfailed_php6;
break;
case 7:
// UPLOAD_ERR_CANT_WRITE
$ret['error'] .= $lang->error_uploadfailed_php7;
break;
default:
$ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']);
break;
}
return $ret;
}
if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_php4;
return $ret;
}
$attachtypes = $cache->read('attachtypes');
$attachment = $plugins->run_hooks("upload_attachment_start", $attachment);
$ext = get_extension($attachment['name']);
// Check if we have a valid extension
if (!isset($attachtypes[$ext])) {
$ret['error'] = $lang->error_attachtype;
return $ret;
} else {
$attachtype = $attachtypes[$ext];
}
// Check the size
if ($attachment['size'] > $attachtype['maxsize'] * 1024 && $attachtype['maxsize'] != "") {
$ret['error'] = $lang->sprintf($lang->error_attachsize, $attachtype['maxsize']);
return $ret;
}
// Double check attachment space usage
if ($mybb->usergroup['attachquota'] > 0) {
$query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='" . $mybb->user['uid'] . "'");
$usage = $db->fetch_array($query);
$usage = $usage['ausage'] + $attachment['size'];
if ($usage > $mybb->usergroup['attachquota'] * 1024) {
$friendlyquota = get_friendly_size($mybb->usergroup['attachquota'] * 1024);
$ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota);
return $ret;
}
}
// Gather forum permissions
$forumpermissions = forum_permissions($forum['fid']);
// Check if an attachment with this name is already in the post
if ($pid != 0) {
$uploaded_query = "pid='{$pid}'";
} else {
$uploaded_query = "posthash='{$posthash}'";
}
$query = $db->simple_select("attachments", "*", "filename='" . $db->escape_string($attachment['name']) . "' AND " . $uploaded_query);
$prevattach = $db->fetch_array($query);
if ($prevattach['aid'] && $update_attachment == false) {
if (!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) {
$ret['error'] = $lang->error_alreadyuploaded_perm;
return $ret;
}
$ret['error'] = $lang->error_alreadyuploaded;
return $ret;
}
// Check to see how many attachments exist for this post already
if ($mybb->settings['maxattachments'] > 0 && $update_attachment == false) {
$query = $db->simple_select("attachments", "COUNT(aid) AS numattachs", $uploaded_query);
$attachcount = $db->fetch_field($query, "numattachs");
if ($attachcount >= $mybb->settings['maxattachments']) {
$ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']);
return $ret;
}
}
$month_dir = '';
if ($mybb->safemode == false) {
// Check if the attachment directory (YYYYMM) exists, if not, create it
$month_dir = gmdate("Ym");
if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
@mkdir($mybb->settings['uploadspath'] . "/" . $month_dir);
// Still doesn't exist - oh well, throw it in the main directory
if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) {
$month_dir = '';
}
}
}
// All seems to be good, lets move the attachment!
$filename = "post_" . $mybb->user['uid'] . "_" . TIME_NOW . "_" . md5(random_str()) . ".attach";
$file = upload_file($attachment, $mybb->settings['uploadspath'] . "/" . $month_dir, $filename);
// Failed to create the attachment in the monthly directory, just throw it in the main directory
if (!empty($file['error']) && $month_dir) {
$file = upload_file($attachment, $mybb->settings['uploadspath'] . '/', $filename);
} elseif ($month_dir) {
$filename = $month_dir . "/" . $filename;
}
if (!empty($file['error'])) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail;
switch ($file['error']) {
case 1:
$ret['error'] .= $lang->error_uploadfailed_nothingtomove;
break;
case 2:
$ret['error'] .= $lang->error_uploadfailed_movefailed;
break;
}
return $ret;
}
// Lets just double check that it exists
if (!file_exists($mybb->settings['uploadspath'] . "/" . $filename)) {
$ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost;
return $ret;
}
// Generate the array for the insert_query
$attacharray = array("pid" => $pid, "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']), "filetype" => $db->escape_string($file['type']), "filesize" => (int) $file['size'], "attachname" => $filename, "downloads" => 0, "dateuploaded" => TIME_NOW);
// If we're uploading an image, check the MIME type compared to the image type and attempt to generate a thumbnail
if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") {
// Check a list of known MIME types to establish what kind of image we're uploading
switch (my_strtolower($file['type'])) {
case "image/gif":
$img_type = 1;
break;
case "image/jpeg":
case "image/x-jpg":
case "image/x-jpeg":
case "image/pjpeg":
case "image/jpg":
$img_type = 2;
break;
case "image/png":
case "image/x-png":
$img_type = 3;
break;
default:
$img_type = 0;
}
$supported_mimes = array();
foreach ($attachtypes as $attachtype) {
if (!empty($attachtype['mimetype'])) {
$supported_mimes[] = $attachtype['mimetype'];
}
}
// Check if the uploaded file type matches the correct image type (returned by getimagesize)
$img_dimensions = @getimagesize($mybb->settings['uploadspath'] . "/" . $filename);
$mime = "";
$file_path = $mybb->settings['uploadspath'] . "/" . $filename;
if (function_exists("finfo_open")) {
$file_info = finfo_open(FILEINFO_MIME);
list($mime, ) = explode(';', finfo_file($file_info, MYBB_ROOT . $file_path), 1);
finfo_close($file_info);
} else {
if (function_exists("mime_content_type")) {
$mime = mime_content_type(MYBB_ROOT . $file_path);
}
}
if (!is_array($img_dimensions) || $img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes)) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $filename);
$ret['error'] = $lang->error_uploadfailed;
return $ret;
}
require_once MYBB_ROOT . "inc/functions_image.php";
$thumbname = str_replace(".attach", "_thumb.{$ext}", $filename);
$attacharray = $plugins->run_hooks("upload_attachment_thumb_start", $attacharray);
$thumbnail = generate_thumbnail($mybb->settings['uploadspath'] . "/" . $filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']);
if ($thumbnail['filename']) {
$attacharray['thumbnail'] = $thumbnail['filename'];
} elseif ($thumbnail['code'] == 4) {
$attacharray['thumbnail'] = "SMALL";
}
}
if ($forumpermissions['modattachments'] == 1 && !is_moderator($forum['fid'], "canapproveunapproveattachs")) {
$attacharray['visible'] = 0;
} else {
$attacharray['visible'] = 1;
}
$attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray);
if ($prevattach['aid'] && $update_attachment == true) {
unset($attacharray['downloads']);
// Keep our download count if we're updating an attachment
$db->update_query("attachments", $attacharray, "aid='" . $db->escape_string($prevattach['aid']) . "'");
// Remove old attachment file
// Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file.
$query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='" . $db->escape_string($prevattach['attachname']) . "'");
if ($db->fetch_field($query, "numreferences") == 0) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['attachname']);
if ($prevattach['thumbnail']) {
delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['thumbnail']);
}
$date_directory = explode('/', $prevattach['attachname']);
if (@is_dir($mybb->settings['uploadspath'] . "/" . $date_directory[0])) {
delete_upload_directory($mybb->settings['uploadspath'] . "/" . $date_directory[0]);
}
}
$aid = $prevattach['aid'];
} else {
$aid = $db->insert_query("attachments", $attacharray);
if ($pid) {
update_thread_counters($tid, array("attachmentcount" => "+1"));
}
}
$ret['aid'] = $aid;
return $ret;
}
/**
* Generates a security question for registration.
*
* @param int $old_qid Optional ID of the old question.
* @return string The question session id.
*/
function generate_question($old_qid = 0)
{
global $db;
if ($db->type == 'pgsql' || $db->type == 'sqlite') {
$order_by = 'RANDOM()';
} else {
$order_by = 'RAND()';
}
if ($old_qid) {
$excl_old = ' AND qid != ' . (int) $old_qid;
}
$query = $db->simple_select('questions', 'qid, shown', "active=1{$excl_old}", array('limit' => 1, 'order_by' => $order_by));
$question = $db->fetch_array($query);
if (!$db->num_rows($query)) {
// No active questions exist
return false;
} else {
$sessionid = random_str(32);
$sql_array = array("sid" => $sessionid, "qid" => $question['qid'], "dateline" => TIME_NOW);
$db->insert_query("questionsessions", $sql_array);
$update_question = array("shown" => $question['shown'] + 1);
$db->update_query("questions", $update_question, "qid = '{$question['qid']}'");
return $sessionid;
}
}
*/
// Disallow direct access to this file for security reasons
if (!defined("IN_MYBB")) {
die("Direct initialization of this file is not allowed.<br /><br />\n Please make sure IN_MYBB is defined.");
}
/* --- Global Variables: --- */
global $db, $mybb, $settings, $plugins, $cache;
// Required for database queries to the google_seo table. In theory this
// could be used to coerce Google SEO into managing URLs of other types.
// In practice there is no guarantee that this API will stay stable.
$db->google_seo_url = array(GOOGLE_SEO_USER => array('table' => TABLE_PREFIX . 'users', 'id' => 'uid', 'name' => 'username', 'scheme' => str_replace('&', '&', $settings['google_seo_url_users'])), GOOGLE_SEO_ANNOUNCEMENT => array('table' => TABLE_PREFIX . 'announcements', 'id' => 'aid', 'name' => 'subject', 'scheme' => str_replace('&', '&', $settings['google_seo_url_announcements'])), GOOGLE_SEO_FORUM => array('table' => TABLE_PREFIX . 'forums', 'id' => 'fid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_forums'])), GOOGLE_SEO_THREAD => array('table' => TABLE_PREFIX . 'threads', 'id' => 'tid', 'name' => 'subject', 'scheme' => str_replace('&', '&', $settings['google_seo_url_threads'])), GOOGLE_SEO_EVENT => array('table' => TABLE_PREFIX . 'events', 'id' => 'eid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_events'])), GOOGLE_SEO_CALENDAR => array('table' => TABLE_PREFIX . 'calendars', 'id' => 'cid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_calendars'])));
// Lazy Mode.
global $google_seo_url_lazy;
$google_seo_url_lazy = false;
if ($settings['google_seo_url_mode'] == 'lazy' && $mybb->request_method != 'post') {
$google_seo_url_lazy = random_str(4);
$db->google_seo_url[GOOGLE_SEO_ANNOUNCEMENT]['lazy'] = "announcements.php?aid={id}&google_seo={$google_seo_url_lazy}";
$db->google_seo_url[GOOGLE_SEO_CALENDAR]['lazy'] = "calendar.php?calendar={id}&google_seo={$google_seo_url_lazy}";
$db->google_seo_url[GOOGLE_SEO_EVENT]['lazy'] = "calendar.php?action=event&eid={id}&google_seo={$google_seo_url_lazy}";
$db->google_seo_url[GOOGLE_SEO_FORUM]['lazy'] = "forumdisplay.php?fid={id}&google_seo={$google_seo_url_lazy}";
$db->google_seo_url[GOOGLE_SEO_THREAD]['lazy'] = "showthread.php?tid={id}&google_seo={$google_seo_url_lazy}";
$db->google_seo_url[GOOGLE_SEO_USER]['lazy'] = "member.php?action=profile&uid={id}&google_seo={$google_seo_url_lazy}";
$google_seo_url_lazy = true;
}
// Thread Prefix
if ($settings['google_seo_url_threadprefix']) {
$db->google_seo_url[GOOGLE_SEO_THREAD]['extra'] .= ',prefix';
}
// Parents
if ($db->google_seo_url[GOOGLE_SEO_FORUM]['scheme']) {
if ($settings['google_seo_url_parent_announcement']) {
function passw()
{
$usernamelist = array("lank", "lapidary", "lapse", "larch", "lard", "largesse", "lark", "larva", "laryngitis", "larynx", "lascivious", "lash", "lassitude", "lasso", "latent", "latency", "lathe", "latitude", "lattice", "laud", "laudable", "laudatory", "laurel", "laurels", "lava", "lave", "lax", "laxity", "laxative", "layman", "leach", "leaflet", "leakage", "lean", "lease", "leaven", "lecherous", "lechery", "ledger", "leer", "leeward", "legacy", "legend", "legerdemain", "legible", "legion", "legislate", "legislature", "legitimate", "lengthy", "lenient", "lenience", "leonine", "leprosy", "lesion", "lessee", "lethal", "lethargy", "leucocyte", "levee", "leviathan", "levitate", "levity", "levy", "lewd", "lexical", "lexicographer", "lexicon", "liability", "liable", "liaison", "libation", "libel", "libellous", "liberality", "liberated", "libertine", "libido", "libidinous", "libretto", "licence", "licentious", "licit", "lido", "lien", "ligature", "ligneous", "lilliputian", "limb", "limber", "limbo", "limerick", "limn", "limnetic", "limousine", "limpid", "lineal", "linear", "linger", "lingering", "lingual", "linguistics", "linoleum", "lint", "lionize", "liquefy", "liquidate", "liquidation", "lissom", "listless", "literal", "literati", "lithe", "litigant", "litigious", "litter", "litterbin", "littoral", "liturgy", "liturgical", "livable", "lively", "liverish", "livid", "loaf", "loam", "loathe", "loathsome", "lobby", "lobe", "lobster", "locale", "locomotion", "locomotive", "locus", "locust", "locution", "lodge", "lodger", "loft", "lofty", "log", "logistics", "logjam", "loiter", "loll", "longevity", "longitude", "longueur", "loom", "loon", "loop", "loot", "lope", "loquacious", "lore", "lottery", "lounge", "lounger", "lout", "loutish", "lowbred", "lubricant", "lubricious", "lucrative", "lucre", "lucubrate", "lucubration", "lugubrious", "lukewarm", "lullaby", "lumber", "luminary", "luminous", "lump", "lumpish", "lunacy", "lunatic", "lurch", "lure", "lurk", "luscious", "lust", "lusty", "lustre", "lustrous", "luxuriant", "lynch", "lyric", "macabre", "mace", "macerate", "machination", "macrocosm", "maddening", "madrigal", "maelstrom", "maestro", "magenta", "magisterial", "magistrate", "magistracy", "magnanimous", "magnate", "magnetism", "magnify", "magnification", "magniloquent", "magnitude", "magpie", "maim", "makeshift", "maladroit", "malapropism", "malcontent", "malcontented", "malediction", "malevolent", "malfunction", "malice", "malicious", "malign", "malignant", "malignity", "malinger", "malleable", "mallet", "malnutrition", "malodorous", "maltreat", "mammal", "manacle", "mandate", "mandatory", "maneuver", "maneuverable", "mangle", "mania", "maniacal", "manifest", "manifesto", "manifold", "manipulative", "mannequin", "mansion", "mantle", "manumit", "manuscript", "maple", "mar", "maraud", "mare", "margarine", "marginal", "marine", "mariner", "marionette", "marital", "marrow", "marsh", "marsupial", "martinet", "martyr", "mash", "mask", "mason", "masonry", "masquerade", "massacre", "massive", "mast", "masticate", "matador", "materialize", "matriarchy", "matrix", "mattress", "maturity", "maudlin", "maul", "maverick", "mawkish", "maxim", "mayhem", "maze", "meadow", "meager", "meander", "measles", "measured", "medal", "meddlesome", "median", "mediate", "medieval", "mediocre", "mediocrity", "meditative", "medium", "medley", "megalomania", "melancholy", "mellifluous", "melodrama", "melody", "melodious", "melon", "membrane", "memento", "menace", "mendacity", "menial", "mentor", "merchandise", "mercurial", "mere", "meretricious", "meritorious", "mermaid", "mesa", "mesmerize", "metabolism", "metamorphosis", "metaphor", "metaphorical", "metaphysics", "meteoric", "meticulous", "mettle", "mettlesome", "miasma", "microbe", "microscopic", "midget", "mien", "migrant", "mildew", "milieu", "militant", "miller", "millinery", "mime", "mimic", "mimicry", "minaret", "minatory", "mince", "miniature", "minion", "minnow", "minuet", "minutia", "mirage", "mire", "mirth", "misanthrope", "miscellany", "miscellaneous", "mischievous", "misconstrue", "miscreant", "mishap", "missile", "mistimed", "mistral", "mists", "mite", "mitigate", "mitten", "mnemonics", "moan", "moat", "mock", "moderate", "moderator", "modicum", "modify", "modification", "modish", "modulate", "mogul", "moiety", "molar", "molest", "mollify", "mollusk", "mollycoddle", "momentary", "momentous", "momentum", "monarch", "monastery", "monasticism", "mongrel", "monogamy", "monograph", "monolithic", "monologue", "monopoly", "monotonous", "monsoon", "monster", "monstrous", "moor", "mope", "morale", "moralist", "moralistic", "morass", "moratorium", "morbid", "morbidity", "mordant", "mores", "moribund", "moron", "morose", "morphemics", "morsel", "mortar", "mortgage", "mortify", "mortification", "mortuary", "mosaic", "mote", "motif", "motivate", "motivation", "motley", "mottled", "motto", "mountebank", "mourn", "mournful", "movement", "muddle", "muffle", "muffler", "muggy", "multifarious", "multitude", "mundane", "munificent", "muniments", "munitions", "murky", "murmur", "muse", "muster", "mutation", "mute", "mutilate", "mutineer", "mutinous", "mutton", "muzzy", "myopia", "myriad", "myth", "mythology", "nadir", "nag", "naivete", "nap", "narcissism", "nasal", "nascent", "nativity", "natty", "nausea", "nauseate", "nautical", "nave", "nebula", "nebulous", "necessitous", "necromancy", "necropolis", "needle", "nefarious", "negate", "negation", "negligence", "negligible", "negotiable", "nemesis", "neolithic", "neologism", "neonate", "neophyte", "nephritis", "nepotism", "nerveless", "nestle", "nestling", "nethermost", "nettle", "neurology", "neurosis", "neurotic", "neutral", "neutralize", "nexus", "nib", "nibble", "niche", "nick", "nicotine", "niggard", "niggardly", "niggling", "nightmare", "nihilism", "nimble", "nippers", "nipping", "nirvana", "nitpick", "nocturnal", "noisome", "nomad", "nomadic", "nomenclature", "nominal", "nomination", "nonchalance", "nonchalant", "noncommittal", "nonconformist", "nonconformity", "nondescript", "nonentity", "nonesuch", "nonflammable", "nonobservance", "nonpareil", "nonplus", "nonskid", "nonviolent", "noose", "norm", "normative", "nostalgia", "nostrum", "notability", "notched", "notify", "notoriety", "notorious", "novelettish", "novelty", "novice", "novocaine", "noxious", "nuance", "nubile", "nude", "nudity", "nudge", "nugatory", "nullify", "nullity", "numb", "numerology", "numinous", "numismatic", "numismatist", "nunnery", "nuptial", "nuptials", "nymph", "oafish", "oak", "oar", "oasis", "oath", "obdurate", "obedient", "obeisance", "obese", "obesity", "obfuscate", "objection", "objectionable", "oblation", "obligation", "obligatory", "obliging", "oblique", "obliterate", "oblivion", "oblivious", "obloquy", "obnoxious", "obscure", "obscurity", "obsequies", "obsequious", "observance", "obsession", "obsolescent", "obsolete", "obstacle", "obstetrics", "obstinate", "obstreperous", "obstruct", "obstruction", "obtrude", "obtrusive", "obtuse", "obverse", "obviate", "occidental", "occult", "occurrence", "octogenarian", "ocular", "oculist", "oddments", "ode", "odious", "odium", "odoriferous", "oesophagus", "offense", "offensive", "officious", "ogle", "ointment", "olfactory", "oligarchy", "omen", "ominous", "omission", "omnipotent", "omniscient", "omnivorous", "onerous", "onlooker", "onslaught", "ontology", "onus", "ooze", "opalescent", "opaque", "opacity", "operetta", "operative", "ophthalmology", "opiate", "opinionated", "opponent", "opportune", "oppressive", "opprobrious", "opprobrium", "optimism", "optimum", "optional", "opulent", "opulence", "oracle", "oracular", "oration", "oratorio", "orchid", "ordain", "ordeal", "ordinance", "ordination", "ordnance", "ore", "organism", "orient", "orientation", "orifice", "originality", "ornate", "ornithology", "orotund", "orthodontics", "orthodox", "orthodoxy", "orthopedics", "oscillate", "oscillation", "osmosis", "osseous", "ossify", "ostensible", "ostentation", "ostracize", "ostrich", "otiose", "outbid", "outfox", "outgoing", "outlandish", "outmoded", "outrage", "outrageous", "outset", "outskirts", "outstrip", "outwit", "ovation", "overact", "overbearing", "overdose", "overhaul", "overlap", "overreach", "override", "overriding", "overrule", "overshadow", "overt", "overture", "overweening", "overwhelm", "overwhelming", "overwrought", "owl", "oxidize", "oyster", "pabulum", "pachyderm", "pacifier", "packed", "pact", "paean", "pagan", "paganism", "pageant", "painkiller", "pal", "palatable", "palate", "palatial", "palaver", "paleography", "paleolithic", "palette", "palings", "palliate", "palliation", "pallid", "palpable", "palpitate", "paltry", "pamper", "pamphlet", "pan", "panacea", "pancreas", "pandemic", "pandemonium", "panegyric", "panel", "panic", "panoply", "panorama", "pantheon", "pantomime", "pantry", "papyrus", "par", "parable", "paradigm", "paradigmatic", "paradox", "paragon", "paralyze", "paralysis", "paramount", "paranoia", "paranoid", "parasite", "parasitic", "parch", "parchment", "parenthesis", "pariah", "parley", "parlous", "parochial", "parody", "paroxysm", "parquet", "parquetry", "parry");
$username = $usernamelist[array_rand($usernamelist)] . random_str(2);
$password = random_str(12);
$lines = $this->get_wiki_source("password");
$find = false;
foreach ($lines as &$i) {
$i = str_replace(" ", "", $i);
$i = str_replace(" ", "", $i);
$i = explode('|', chop($i));
if (strstr(f('url'), $i[1])) {
$singleline = $i;
$find = true;
}
}
//var_dump($lines);exit;
$this->sv("list", array($singleline));
$this->sv("username", $username);
$this->sv("password", $password);
if (!$find) {
$this->fmodel("password")->save(array("url" => "", 'name' => $username, 'pass' => $password));
}
}
/**
* This private method sets a tracking code for ticket if that has not a tracking code;
*/
private function create_tracking_code()
{
if (empty($this->tracking_code) || is_null($this->tracking_code)) {
$this->tracking_code = random_str(10);
}
}
$rating = $mybb->settings['useravatarrating'];
if (!in_array($rating, $types)) {
$rating = 'g';
}
$s = "?s={$maxheight}&r={$rating}&d=mm";
$updated_avatar = array("avatar" => "http://www.gravatar.com/avatar/{$email}{$s}.jpg", "avatardimensions" => "{$maxheight}|{$maxheight}", "avatartype" => "gravatar");
$db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'");
} else {
$mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl'));
$ext = get_extension($mybb->input['avatarurl']);
// Copy the avatar to the local server (work around remote URL access disabled for getimagesize)
$file = fetch_remote_file($mybb->input['avatarurl']);
if (!$file) {
$avatar_error = $lang->error_invalidavatarurl;
} else {
$tmp_name = $mybb->settings['avataruploadpath'] . "/remote_" . md5(random_str());
$fp = @fopen($tmp_name, "wb");
if (!$fp) {
$avatar_error = $lang->error_invalidavatarurl;
} else {
fwrite($fp, $file);
fclose($fp);
list($width, $height, $type) = @getimagesize($tmp_name);
@unlink($tmp_name);
if (!$type) {
$avatar_error = $lang->error_invalidavatarurl;
}
}
}
if (empty($avatar_error)) {
if ($width && $height && $mybb->settings['maxavatardims'] != "") {
$plugins->run_hooks("member_do_lostpw_start");
$username = $db->escape_string(trim($_POST['username']));
$query = $db->simple_select("users", "*", "username='******'");
$user = $db->fetch_array($query);
if (empty($user)) {
error("Username does not exist");
} else {
$result = tt_register_verify($_POST['tt_token'], $_POST['tt_code']);
if ($result->result && $user['email'] == $result->email) {
$verify_result = true;
$verified = true;
} else {
$verify_result = true;
$verified = false;
$db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
$user['activationcode'] = random_str();
$now = TIME_NOW;
$uid = $user['uid'];
$awaitingarray = array("uid" => $user['uid'], "dateline" => TIME_NOW, "code" => $user['activationcode'], "type" => "p");
$db->insert_query("awaitingactivation", $awaitingarray);
$username = $user['username'];
$email = $user['email'];
$activationcode = $user['activationcode'];
$emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
switch ($mybb->settings['username_method']) {
case 0:
$emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
break;
case 1:
$emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
break;
function build_users_view($view)
{
global $mybb, $db, $cache, $lang, $user_view_fields, $page;
$view_title = '';
if ($view['title']) {
$title_string = "view_title_{$view['vid']}";
if ($lang->{$title_string}) {
$view['title'] = $lang->{$title_string};
}
$view_title .= " (" . htmlspecialchars_uni($view['title']) . ")";
}
// Build the URL to this view
if (!isset($view['url'])) {
$view['url'] = "index.php?module=user-users";
}
if (!is_array($view['conditions'])) {
$view['conditions'] = unserialize($view['conditions']);
}
if (!is_array($view['fields'])) {
$view['fields'] = unserialize($view['fields']);
}
if (!is_array($view['custom_profile_fields'])) {
$view['custom_profile_fields'] = unserialize($view['custom_profile_fields']);
}
if (isset($mybb->input['username'])) {
$view['conditions']['username'] = $mybb->input['username'];
}
if ($view['vid']) {
$view['url'] .= "&vid={$view['vid']}";
} else {
// If this is a custom view we need to save everything ready to pass it on from page to page
global $admin_session;
if (!$mybb->input['search_id']) {
$search_id = md5(random_str());
$admin_session['data']['user_views'][$search_id] = $view;
update_admin_session('user_views', $admin_session['data']['user_views']);
$mybb->input['search_id'] = $search_id;
}
$view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']);
}
if (isset($mybb->input['username'])) {
$view['url'] .= "&username="******"&", "&", $view['url'])) {
update_admin_session('last_users_url', str_replace("&", "&", $view['url']));
}
if (isset($view['conditions']['referrer'])) {
$view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']);
}
// Do we not have any views?
if (empty($view)) {
return false;
}
$table = new Table();
// Build header for table based view
if ($view['view_type'] != "card") {
foreach ($view['fields'] as $field) {
if (!$user_view_fields[$field]) {
continue;
}
$view_field = $user_view_fields[$field];
$field_options = array();
if ($view_field['width']) {
$field_options['width'] = $view_field['width'];
}
if ($view_field['align']) {
$field_options['class'] = "align_" . $view_field['align'];
}
$table->construct_header($view_field['title'], $field_options);
}
$table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />");
// Create a header for the "select" boxes
}
$search_sql = '1=1';
// Build the search SQL for users
// List of valid LIKE search fields
$user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "msn", "signature", "usertitle");
foreach ($user_like_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) {
$search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'";
} else {
if (!empty($view['conditions'][$search_field . '_blank'])) {
$search_sql .= " AND u.{$search_field} != ''";
}
}
}
// EXACT matching fields
$user_exact_fields = array("referrer");
foreach ($user_exact_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
$search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// LESS THAN or GREATER THAN
$direction_fields = array("postnum");
foreach ($direction_fields as $search_field) {
$direction_field = $search_field . "_dir";
if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) {
switch ($view['conditions'][$direction_field]) {
case "greater_than":
$direction = ">";
break;
case "less_than":
$direction = "<";
break;
default:
$direction = "=";
}
$search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'";
}
}
// Registration searching
$reg_fields = array("regdate");
foreach ($reg_fields as $search_field) {
if (!empty($view['conditions'][$search_field]) && intval($view['conditions'][$search_field])) {
$threshold = TIME_NOW - intval($view['conditions'][$search_field]) * 24 * 60 * 60;
$search_sql .= " AND u.{$search_field} >= '{$threshold}'";
}
}
// IP searching
$ip_fields = array("regip", "lastip");
foreach ($ip_fields as $search_field) {
if (!empty($view['conditions'][$search_field])) {
// IPv6 IP
if (strpos($view['conditions'][$search_field], ":") !== false) {
$view['conditions'][$search_field] = str_replace("*", "%", $view['conditions'][$search_field]);
$ip_sql = "{$search_field} LIKE '" . $db->escape_string($view['conditions'][$search_field]) . "'";
} else {
$ip_range = fetch_longipv4_range($view['conditions'][$search_field]);
if (!is_array($ip_range)) {
$ip_sql = "long{$search_field}='{$ip_range}'";
} else {
$ip_sql = "long{$search_field} > '{$ip_range[0]}' AND long{$search_field} < '{$ip_range[1]}'";
}
}
$search_sql .= " AND {$ip_sql}";
}
}
// Post IP searching
if (!empty($view['conditions']['postip'])) {
// IPv6 IP
if (strpos($view['conditions']['postip'], ":") !== false) {
$view['conditions']['postip'] = str_replace("*", "%", $view['conditions']['postip']);
$ip_sql = "ipaddress LIKE '" . $db->escape_string($view['conditions']['postip']) . "'";
} else {
$ip_range = fetch_longipv4_range($view['conditions']['postip']);
if (!is_array($ip_range)) {
$ip_sql = "longipaddress='{$ip_range}'";
} else {
$ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'";
}
}
$ip_uids = array(0);
$query = $db->simple_select("posts", "uid", $ip_sql);
while ($uid = $db->fetch_field($query, "uid")) {
$ip_uids[] = $uid;
}
$search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")";
unset($ip_uids);
}
// Custom Profile Field searching
if ($view['custom_profile_fields']) {
$userfield_sql = '1=1';
foreach ($view['custom_profile_fields'] as $column => $input) {
if (is_array($input)) {
foreach ($input as $value => $text) {
if ($value == $column) {
$value = $text;
}
if ($value == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'";
}
}
} else {
if (!empty($input)) {
if ($input == $lang->na) {
continue;
}
if (strpos($column, '_blank') !== false) {
$column = str_replace('_blank', '', $column);
$userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''";
} else {
$userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string($input) . "%'";
}
}
}
}
if ($userfield_sql != '1=1') {
$userfield_uids = array(0);
$query = $db->simple_select("userfields", "ufid", $userfield_sql);
while ($userfield = $db->fetch_array($query)) {
$userfield_uids[] = $userfield['ufid'];
}
$search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")";
unset($userfield_uids);
}
}
// Usergroup based searching
if (isset($view['conditions']['usergroup'])) {
if (!is_array($view['conditions']['usergroup'])) {
$view['conditions']['usergroup'] = array($view['conditions']['usergroup']);
}
foreach ($view['conditions']['usergroup'] as $usergroup) {
$usergroup = intval($usergroup);
if (!$usergroup) {
continue;
}
switch ($db->type) {
case "pgsql":
case "sqlite":
$additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'";
break;
default:
$additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'";
}
}
$search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})";
}
// COPPA users only?
if (isset($view['conditions']['coppa'])) {
$search_sql .= " AND u.coppauser=1 AND u.usergroup=5";
}
// Extra SQL?
if (isset($view['extra_sql'])) {
$search_sql .= $view['extra_sql'];
}
// Lets fetch out how many results we have
$query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t");
$num_results = $db->fetch_field($query, "num_results");
// No matching results then return false
if (!$num_results) {
return false;
} else {
if (!$view['perpage']) {
$view['perpage'] = 20;
}
$view['perpage'] = intval($view['perpage']);
// Establish which page we're viewing and the starting index for querying
// Establish which page we're viewing and the starting index for querying
if (!isset($mybb->input['page'])) {
$mybb->input['page'] = 1;
} else {
$mybb->input['page'] = intval($mybb->input['page']);
}
if ($mybb->input['page']) {
$start = ($mybb->input['page'] - 1) * $view['perpage'];
} else {
$start = 0;
$mybb->input['page'] = 1;
}
$from_bit = "";
if (isset($mybb->input['from']) && $mybb->input['from'] == "home") {
$from_bit = "&from=home";
}
switch ($view['sortby']) {
case "regdate":
case "lastactive":
case "postnum":
case "reputation":
$view['sortby'] = $db->escape_string($view['sortby']);
break;
case "numposts":
$view['sortby'] = "postnum";
break;
case "warninglevel":
$view['sortby'] = "warningpoints";
break;
default:
$view['sortby'] = "username";
}
if ($view['sortorder'] != "desc") {
$view['sortorder'] = "asc";
}
$usergroups = $cache->read("usergroups");
// Fetch matching users
$query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t");
$users = '';
while ($user = $db->fetch_array($query)) {
$comma = $groups_list = '';
$user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>";
$user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']);
if ($user['additionalgroups']) {
$additional_groups = explode(",", $user['additionalgroups']);
foreach ($additional_groups as $group) {
$groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']);
$comma = $lang->comma;
}
}
if (!$groups_list) {
$groups_list = $lang->none;
}
$user['view']['additionalgroups'] = "<small>{$groups_list}</small>";
$user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>";
$user['view']['regdate'] = my_date($mybb->settings['dateformat'], $user['regdate']) . ", " . my_date($mybb->settings['timeformat'], $user['regdate']);
$user['view']['lastactive'] = my_date($mybb->settings['dateformat'], $user['lastactive']) . ", " . my_date($mybb->settings['timeformat'], $user['lastactive']);
// Build popup menu
$popup = new PopupMenu("user_{$user['uid']}", $lang->options);
$popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}");
$popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username");
if ($user['usergroup'] == 5) {
if ($user['coppauser']) {
$popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
} else {
$popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}");
}
}
$popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')");
$popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}");
$popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}");
$popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-";
}
if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) {
$warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100);
if ($warning_level > 100) {
$warning_level = 100;
}
$user['view']['warninglevel'] = get_colored_warning_level($warning_level);
}
if ($user['avatar'] && !stristr($user['avatar'], 'http://')) {
$user['avatar'] = "../{$user['avatar']}";
}
if ($view['view_type'] == "card") {
$scaled_avatar = fetch_scaled_avatar($user, 80, 80);
} else {
$scaled_avatar = fetch_scaled_avatar($user, 34, 34);
}
if (!$user['avatar']) {
$user['avatar'] = "styles/{$page->style}/images/default_avatar.gif";
}
$user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />";
if ($view['view_type'] == "card") {
$users .= build_user_view_card($user, $view, $i);
} else {
build_user_view_table($user, $view, $table);
}
}
// If card view, we need to output the results
if ($view['view_type'] == "card") {
$table->construct_cell($users);
$table->construct_row();
}
}
if (!isset($view['table_id'])) {
$view['table_id'] = "users_list";
}
$switch_view = "<div class=\"float_right\">";
$switch_url = $view['url'];
if ($mybb->input['page'] > 0) {
$switch_url .= "&page=" . intval($mybb->input['page']);
}
if ($view['view_type'] != "card") {
$switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>";
} else {
$switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>";
}
$switch_view .= "</div>";
// Do we need to construct the pagination?
if ($num_results > $view['perpage']) {
$pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}");
$search_class = "float_right";
$search_style = "";
} else {
$search_class = '';
$search_style = "text-align: right;";
}
$search_action = $view['url'];
// stop &username= in the query string
if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true);
$built_view = $search->construct_return;
$built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">";
$built_view .= $search->generate_hidden_field('action', 'search') . "\n";
if (isset($view['conditions']['username'])) {
$default_class = '';
$value = $view['conditions']['username'];
} else {
$default_class = "search_default";
$value = $lang->search_for_user;
}
$built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n";
$built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n";
if ($view['popup']) {
$built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n";
}
$built_view .= "<script type='text/javascript'>\n\t\tvar form = document.getElementById('search_form');\n\t\tform.onsubmit = function() {\n\t\t\tvar search = document.getElementById('search_keywords');\n\t\t\tif(search.value == '' || search.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tvar search = document.getElementById('search_keywords');\n\t\tsearch.onfocus = function()\n\t\t{\n\t\t\tif(this.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\t\$(this).removeClassName('search_default');\n\t\t\t\tthis.value = '';\n\t\t\t}\n\t\t}\n\t\tsearch.onblur = function()\n\t\t{\n\t\t\tif(this.value == '')\n\t\t\t{\n\t\t\t\t\$(this).addClassName('search_default');\n\t\t\t\tthis.value = '" . addcslashes($lang->search_for_user, "'") . "';\n\t\t\t}\n\t\t}\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.value != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClassName('search_default');\n\t\t}\n\t\t</script>\n";
$built_view .= "</div>\n";
// Autocompletion for usernames
$built_view .= '
<script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script>
<script type="text/javascript">
<!--
new autoComplete("search_keywords", "../xmlhttp.php?action=get_users", {valueSpan: "username"});
// -->
</script>';
$built_view .= $search->end();
if (isset($pagination)) {
$built_view .= $pagination;
}
if ($view['view_type'] != "card") {
$checkbox = '';
} else {
$checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> ";
}
$built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']);
if (isset($pagination)) {
$built_view .= $pagination;
}
$built_view .= '
<script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1400"></script>
<form action="index.php?module=user-users" method="post">
<input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" />
<input type="hidden" name="action" value="inline_edit" />
<div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span>
<select name="inline_action" class="inline_select">
<option value="multiactivate">' . $lang->inline_activate . '</option>
<option value="multiban">' . $lang->inline_ban . '</option>
<option value="multiusergroup">' . $lang->inline_usergroup . '</option>
<option value="multidelete">' . $lang->inline_delete . '</option>
<option value="multiprune">' . $lang->inline_prune . '</option>
</select>
<input type="submit" class="button" name="go" value="' . $lang->go . ' (0)" id="inline_go" />
<input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="button" />
</div>
</form>
<br style="clear: both;" />
<script type="text/javascript">
<!--
var go_text = "' . $lang->go . '";
var all_text = "1";
var inlineType = "user";
var inlineId = "acp";
// -->
</script>';
return $built_view;
}
public function yeni_uye($t_mesaj = null, $fmesaj = null)
{
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($this->oturum() && $this->uye['grup'] != 4) {
return 'Oturum açık iken yalnızca yöneticiler yeni üye oluşturabilir!';
} else {
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
return 'Lütfen tüm alanları doldurunuz';
} else {
$_POST['password'] = md5(md5(random_str(8)) . md5($_POST['password']));
$ekle = $this->insert('users')->set($_POST);
if ($ekle) {
if ($t_mesaj == null) {
return 'Kayıt başarılı!';
} else {
return $t_mesaj;
}
} else {
if ($f_mesaj == null) {
return 'Kayıt başarısız!';
} else {
return $f_mesaj;
}
}
}
}
}
}
}
// Send our headers.
header("Content-type: application/json; charset={$charset}");
$plugins->run_hooks("xmlhttp_get_multiquoted_end");
echo json_encode(array("message" => $message));
exit;
} else {
if ($mybb->input['action'] == "refresh_captcha") {
$imagehash = $db->escape_string($mybb->get_input('imagehash'));
$query = $db->simple_select("captcha", "dateline", "imagehash='{$imagehash}'");
if ($db->num_rows($query) == 0) {
xmlhttp_error($lang->captcha_not_exists);
}
$db->delete_query("captcha", "imagehash='{$imagehash}'");
$randomstr = random_str(5);
$imagehash = md5(random_str(12));
$regimagearray = array("imagehash" => $imagehash, "imagestring" => $randomstr, "dateline" => TIME_NOW);
$plugins->run_hooks("xmlhttp_refresh_captcha");
$db->insert_query("captcha", $regimagearray);
header("Content-type: application/json; charset={$charset}");
echo json_encode(array("imagehash" => $imagehash));
exit;
} else {
if ($mybb->input['action'] == "validate_captcha") {
header("Content-type: application/json; charset={$charset}");
$imagehash = $db->escape_string($mybb->get_input('imagehash'));
$query = $db->simple_select("captcha", "imagestring", "imagehash='{$imagehash}'");
if ($db->num_rows($query) == 0) {
echo json_encode($lang->captcha_valid_not_exists);
exit;
}
admin_redirect("index.php?module=tools-backupdb&action=backup");
}
@set_time_limit(0);
if ($mybb->input['method'] == 'disk') {
$file = MYBB_ADMIN_DIR . 'backups/backup_' . substr(md5($mybb->user['uid'] . TIME_NOW), 0, 10) . random_str(54);
if ($mybb->input['filetype'] == 'gzip') {
if (!function_exists('gzopen')) {
flash_message($lang->error_no_zlib, 'error');
admin_redirect("index.php?module=tools-backupdb&action=backup");
}
$fp = gzopen($file . '.sql.gz', 'w9');
} else {
$fp = fopen($file . '.sql', 'w');
}
} else {
$file = 'backup_' . substr(md5($mybb->user['uid'] . TIME_NOW), 0, 10) . random_str(54);
if ($mybb->input['filetype'] == 'gzip') {
if (!function_exists('gzopen')) {
flash_message($lang->error_no_zlib, 'error');
admin_redirect("index.php?module=tools-backupdb&action=backup");
}
// Send headers for gzip file
header('Content-Encoding: gzip');
header('Content-Type: application/x-gzip');
header('Content-Disposition: attachment; filename="' . $file . '.sql.gz"');
} else {
// Send standard headers for .sql
header('Content-Type: text/x-sql');
header('Content-Disposition: attachment; filename="' . $file . '.sql"');
}
}
