} // Update the status if this is the first time the user logged in if ($cur_user['group_id'] == LUNA_UNVERIFIED) { $db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $luna_config['o_default_user_group'] . ' WHERE id=' . $cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error()); // Regenerate the users info cache if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) { require LUNA_ROOT . 'include/cache.php'; } generate_users_info_cache(); } // Remove this user's guest entry from the online list $db->query('DELETE FROM ' . $db->prefix . 'online WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); $expire = $save_pass == '1' ? time() + 1209600 : time() + $luna_config['o_timeout_visit']; luna_setcookie($cur_user['id'], $form_password_hash, $expire); // Reset tracked threads set_tracked_threads(null); // Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after the email is sent) $redirect_url = validate_redirect($_POST['redirect_url'], 'index.php'); redirect(luna_htmlspecialchars($redirect_url)); } elseif ($action == 'out') { if ($luna_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $luna_user['id']) { header('Location: index.php'); exit; } check_csrf($_GET['csrf_token']); // Remove user from "users online" list $db->query('DELETE FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); // Update last_visit (make sure there's something to update it with) if (isset($luna_user['logged'])) { $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); }
// The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $username, $mail_message); $mail_message = str_replace('<email>', $email, $mail_message); $mail_message = str_replace('<comment_url>', get_base_url() . '/thread.php?pid=' . $new_pid . '#p' . $new_pid, $mail_message); $mail_message = str_replace('<board_mailer>', $luna_config['o_board_title'], $mail_message); luna_mail($luna_config['o_mailing_list'], $mail_subject, $mail_message); } // If the commenting user is logged in, increment his/her comment count if (!$luna_user['is_guest']) { $db->query('UPDATE ' . $db->prefix . 'users SET num_comments=num_comments+1, last_comment=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); $tracked_threads = get_tracked_threads(); $tracked_threads['threads'][$new_tid] = time(); set_tracked_threads($tracked_threads); } else { $db->query('UPDATE ' . $db->prefix . 'online SET last_comment=' . $now . ' WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to update user', __FILE__, __LINE__, $db->error()); } redirect('thread.php?pid=' . $new_pid . '#p' . $new_pid); } } // If a thread ID was specified in the url (it's a reply) if ($tid) { $action = __('Add comment', 'luna'); $form = '<form id="comment" method="post" action="comment.php?action=comment&tid=' . $tid . '" onsubmit="window.onbeforeunload=null;this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'; // If a quote ID was specified in the url if (isset($_GET['qid'])) { $qid = intval($_GET['qid']); if ($qid < 1) { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
function check_cookie(&$luna_user) { global $db, $db_type, $luna_config, $cookie_name, $cookie_seed; $now = time(); // If the cookie is set and it matches the correct pattern, then read the values from it if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) { $cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]); } // If it has a non-guest user, and hasn't expired if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) { // If the cookie has been tampered with if (forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $cookie_seed . '_cookie_hash') != $cookie['cookie_hash']) { $expire = $now + 31536000; // The cookie expires after a year luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Check if there's a user with the user ID and password hash from the cookie $result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error()); $luna_user = $db->fetch_assoc($result); // If user authorisation failed if (!isset($luna_user['id']) || forum_hmac($luna_user['password'], $cookie_seed . '_password_hash') !== $cookie['password_hash']) { $expire = $now + 31536000; // The cookie expires after a year luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire); set_default_user(); return; } // Send a new, updated cookie with a new expiration timestamp $expire = $cookie['expiration_time'] > $now + $luna_config['o_timeout_visit'] ? $now + 1209600 : $now + $luna_config['o_timeout_visit']; luna_setcookie($luna_user['id'], $luna_user['password'], $expire); // Set a default language if the user selected language no longer exists if (!file_exists(LUNA_ROOT . 'lang/' . $luna_user['language'])) { $luna_user['language'] = $luna_config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(LUNA_ROOT . 'themes/' . $luna_user['style'] . '/style.css')) { $luna_user['style'] = $luna_config['o_default_style']; } if (!$luna_user['disp_threads']) { $luna_user['disp_threads'] = $luna_config['o_disp_threads']; } if (!$luna_user['disp_comments']) { $luna_user['disp_comments'] = $luna_config['o_disp_comments']; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('LUNA_QUIET_VISIT')) { // Update the online list if (!$luna_user['logged']) { $luna_user['logged'] = $now; // With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table switch ($db_type) { case 'mysql': case 'mysqli': case 'mysql_innodb': case 'mysqli_innodb': case 'sqlite': $db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); break; default: $db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ' WHERE NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error()); break; } // Reset tracked threads set_tracked_threads(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($luna_user['logged'] < $now - $luna_config['o_timeout_visit']) { $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); $luna_user['last_visit'] = $luna_user['logged']; } $idle_sql = $luna_user['idle'] == '1' ? ', idle=0' : ''; $db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $luna_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error()); // Update tracked threads with the current expire time if (isset($_COOKIE[$cookie_name . '_track'])) { forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $luna_config['o_timeout_visit']); } } } else { if (!$luna_user['logged']) { $luna_user['logged'] = $luna_user['last_visit']; } } $luna_user['is_guest'] = false; $luna_user['is_admmod'] = $luna_user['g_id'] == LUNA_ADMIN || $luna_user['g_moderator'] == '1'; } else { set_default_user(); } }