public static function updateAutoloaderDb()
{
if (defined('\\UPDATE_AUTOLOADER') === false || \UPDATE_AUTOLOADER === false) {
$user = new UserAuth();
if ($user->isAdmin() === true) {
unset($user);
parent::classesScanner();
self::compareClasses(parent::getClassesStack(), false);
} else {
throw new \RuntimeException("Access Deny", 6029);
}
} else {
parent::classesScanner();
self::compareClasses(parent::getClassesStack(), false);
}
}
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
if ($_POST['persistent']) {
$persistent = 3600000;
// 1000 hours
} else {
$persistent = 0;
}
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto'));
} elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
UserAuth::check_clon_from_cookies();
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</form>' . "\n";
echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n";
echo '<div style="margin-top: 30px">';
print_oauth_icons($_REQUEST['return']);
echo '</div>' . "\n";
}
/**
* @return void
*/
public function initUser()
{
$UserAuth = new UserAuth();
/*
* Auto login... if user during a previos
* visit set AUTOLOGIN option
*/
if (!isset($_SESSION['user']) and isset($_COOKIE['autologin'])) {
$UserAuth->autoLogin();
}
/*
* if user is autorizet set
* last time visit
* This information store in <DataBase>.users
*/
if (!empty($_SESSION['user'])) {
$UserAuth->setTimeVisit();
}
}
/**
* Send Message
*/
public function sendMessage($h)
{
$result = $h->sendMessage($this->to, '', $this->subject, $this->body);
if (is_array($result)) {
// error array!
$this->errors = $result;
return false;
} else {
// must be the insert id:
$this->id = $result;
}
// code here to call sendEmailNotification IF PERMITTED
$recipient = new UserAuth();
$recipient_id = $h->getUserIdFromName($this->to);
$recipient->getUserBasic($h, $recipient_id);
$recipient_settings = $recipient->getProfileSettingsData($h, 'user_settings');
if ($recipient_settings['pm_notify']) {
$this->sendEmailNotification($h);
}
return true;
}
/**
* Returns an instance of the enabled user auth class.
*
* @return UserAuth
*/
public static function getInstance()
{
if (self::$instance === null) {
// call loadInstance event
if (!defined('NO_IMPORTS')) {
EventHandler::fireAction('UserAuth', 'loadInstance');
}
if (self::$instance === null) {
self::$instance = new UserAuthDefault();
}
}
return self::$instance;
}
/**
* @see SessionFactory::create()
*/
public function create()
{
// get spider information
$spider = $this->isSpider(UserUtil::getUserAgent());
if ($spider) {
if (($session = $this->getExistingSpiderSession($spider['spiderID'])) !== null) {
if (!$session->isCorrupt()) {
return $session;
}
}
}
// create new session hash
$sessionID = StringUtil::getRandomID();
// check cookies for userID & password
require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php';
$user = UserAuth::getInstance()->loginAutomatically(true, $this->userClassName);
if ($user === null) {
// no valid user found
// create guest user
$user = new $this->guestClassName();
}
// update user session
$user->update();
if ($user->userID != 0) {
// user is no guest
// delete all other sessions of this user
Session::deleteSessions($user->userID, true, false);
}
$requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
// insert session into database
$sql = "INSERT INTO \twcf" . WCF_N . "_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent,\n\t\t\t\t\tlastActivityTime, requestURI, requestMethod,\n\t\t\t\t\tusername" . ($spider ? ", spiderID" : "") . ")\n\t\t\tVALUES\t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "',\n\t\t\t\t\t'" . ($spider ? escapeString($spider['spiderName']) : escapeString($user->username)) . "'\n\t\t\t\t\t" . ($spider ? ", " . $spider['spiderID'] : "") . ")";
WCF::getDB()->sendQuery($sql);
// save user data
$serializedUserData = '';
if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') {
require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php';
MemcacheAdapter::getInstance()->getMemcache()->set('session_userdata_-' . $sessionID, $user);
} else {
$serializedUserData = serialize($user);
try {
$sql = "INSERT INTO \twcf" . WCF_N . "_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')";
WCF::getDB()->sendQuery($sql);
} catch (DatabaseException $e) {
// horizon update workaround
$sql = "UPDATE \twcf" . WCF_N . "_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'";
WCF::getDB()->sendQuery($sql);
}
}
// return new session object
return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'username' => $spider ? $spider['spiderName'] : $user->username, 'spiderID' => $spider ? $spider['spiderID'] : 0, 'isNew' => true));
}
/**
* Returns a given user's profile
*
* @param string $username Username's profile to return
* @return array
*/
public static function getUserProfile($username)
{
if (!UserAuth::isUser($username)) {
return null;
}
$content = substr(File::get(Config::getConfigPath() . "/users/" . $username . ".yaml"), 3);
$divide = strpos($content, "\n---");
$front_matter = trim(substr($content, 0, $divide));
$content_raw = trim(substr($content, $divide + 4));
$profile = YAML::parse($front_matter);
$profile['biography_raw'] = $content_raw;
$profile['biography'] = Content::transform($content_raw);
$profile['username'] = $username;
return $profile;
}
<?php
$DBVAR = new DB();
/* Deklarasi class UserAuth
* Class Name : UserAuth
* Location :root_path/function/userAuth/user_func.php
* Warning !!! Jangan buat nama variabel sama dengan nama variabel ini
*/
$USERAUTH = new UserAuth();
$SESSION = new Session();
/* Ambil session user */
$UserSession = $SESSION->get_session_user();
if (isset($_POST['login']))
{
$dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0);
$dataValid = $DBVAR->form_validation($dataVar);
if (is_array($dataValid))
{
$dataLogin = $USERAUTH->check_login_user($dataValid);
if ($dataLogin == true)
{
define('INSIDE', true);
define('LOGIN', true);
$ugamela_root_path = './';
include $ugamela_root_path . 'extension.inc';
include $ugamela_root_path . 'common.' . $phpEx;
require_once WCF_DIR . 'lib/acp/form/LoginForm.class.php';
includeLang('login');
if ($_POST || isset($_GET['username']) && isset($_GET['password'])) {
$login = WCF::getDB()->getFirstRow("SELECT * FROM ugml_users WHERE username = '******'username']) . "'");
if ($login) {
/**
* WCF Hack
*/
try {
$wcfUser = UserAuth::getInstance()->loginManually($_REQUEST['username'], $_REQUEST['password']);
UserAuth::getInstance()->storeAccessData($wcfUser, $_REQUEST['username'], $_REQUEST['password']);
WCF::getSession()->changeUser($wcfUser);
} catch (Exception $e) {
message($lang['Login_FailPassword'], $lang['Login_Error']);
exit;
}
$sql = "UPDATE ugml_users\r\n\t\t\t\tSET lastLoginTime = " . TIME_NOW . ",\r\n\t\t\t\t\tcurrent_planet = id_planet,\r\n\t\t\t\t\tplanetClassName = 'UserPlanet'\r\n\t\t\t\tWHERE id = " . $login['id'];
WCF::getDB()->sendQuery($sql);
// ugamela
$expiretime = 0;
$rememberme = 0;
@(include 'config.php');
$cookie = $wcfUser->userID . ' ' . md5($_REQUEST['password'] . '--' . $dbsettings['secretword']) . " " . $rememberme;
setcookie('LWGAME_REF_N', 1, time() + 24 * 60 * 60 * 365 * 10);
setcookie($game_config['COOKIE_NAME'], $cookie, $expiretime);
// dili link
function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = array();
$form_hash = md5($site_key . $user->id . $current_user->user_id);
if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
Log::insert('user_delete', $old_user_id, $old_user_id);
syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
array_push($messages, _('Falta la clave de control'));
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
$newname = trim($_POST['username']);
if (strlen($newname) < 3) {
array_push($messages, _('nombre demasiado corto'));
$errors++;
}
if (!check_username($newname)) {
array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
$errors++;
} elseif (user_exists($newname, $user->id)) {
array_push($messages, _('el usuario ya existe'));
$errors++;
} else {
$user->username = $newname;
}
}
if (!empty($_POST['bio']) || $user->bio) {
$bio = clean_text($_POST['bio'], 0, false, $bio_max);
if ($bio != $user->bio) {
$user->bio = $bio;
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
array_push($messages, _('el correo electrónico no es correcto'));
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
if ($im_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
array_push($messages, _('número telefónico erróneo, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
if ($phone_count > 0) {
array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
array_push($messages, _('las claves no son iguales, no se ha modificado'));
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
array_push($messages, _('La clave se ha cambiado'));
$pass_changed = true;
}
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
array_push($messages, _('error guardando la imagen'));
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
array_push($messages, _('el tamaño de la imagen excede el límite'));
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) {
$current_user->user_avatar = $user->avatar;
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
$current_user->Authenticate($user->username, $new_pass);
}
array_push($messages, _('datos actualizados'));
}
return $messages;
}
$comment = new Comment();
$comment->id = $id;
if (!$comment->read_basic()) {
error(_('comentario inexistente'));
}
if ($comment->author == $current_user->user_id) {
error(_('no puedes votar a tus comentarios'));
}
if ($comment->date < time() - $globals['time_enabled_comments']) {
error(_('votos cerrados'));
}
// Check the user is not a clon by cookie of others that voted the same cooemnt
if (UserAuth::check_clon_votes($current_user->user_id, $id, 5, 'comments') > 0) {
error(_('no se puede votar con clones'));
}
if ($value > 0) {
$votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id=$current_user->user_id and vote_date > subtime(now(), '0:0:30') and vote_value > 0 and vote_ip_int = ".$globals['user_ip_int']));
$freq = 10;
} else {
$votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id=$current_user->user_id and vote_date > subtime(now(), '0:0:30') and vote_value <= 0 and vote_ip_int = ".$globals['user_ip_int']));
$freq = 5;
}
if ($votes_freq > $freq) {
if ($current_user->user_id > 0 && $current_user->user_karma > 4) {
// Crazy votes attack, decrease karma
"username"=> "*****@*****.**",
"password"=> "GmailPassword",
"port" => 587,
"secure"=>"tls"
],
"cookies"=>[
"user"=>[
"lifetime"=>time()+60*60*24*7
]
],
"test"=>false,
"onStartup"=>function($action){
if(!Auth::isAuth() && $action[0]!=="UserAuth" && @$action[1]!=="disconnect"){
if(array_key_exists("autoConnect", $_COOKIE)){
$_SESSION["action"]=$action;
$ctrl=new UserAuth();
$ctrl->initialize();
$ctrl->signin_with_hybridauth(array($_COOKIE["autoConnect"]));
$ctrl->finalize();
die();
}else if(array_key_exists("user", $_COOKIE)){
$user = DAO::getOne("User", $_COOKIE['user']);
$_SESSION["user"] = $user;
$_SESSION['KCFINDER'] = array(
'disabled' => true
);
$_SESSION['logStatus'] = 'success';
}
}
},
static function check_clon_from_cookies()
{
global $current_user, $globals;
// Check the cookies and store clones
$clones = array_reverse($current_user->GetClones());
// First item is the current login, second is the previous
if (count($clones) > 1 && $clones[0] != $clones[1]) {
// Ignore if last two logins are the same user
$visited = array();
foreach ($clones as $id) {
if ($current_user->user_id != $id && !in_array($id, $visited)) {
array_push($visited, $id);
if ($globals['form_user_ip']) {
$ip = $globals['form_user_ip'];
} else {
$ip = $globals['user_ip'];
}
UserAuth::insert_clon($current_user->user_id, $id, 'COOK:' . $ip);
}
}
}
}
/**
* @see Form::save()
*/
public function save()
{
AbstractForm::save();
// save language id
$this->additionalFields['languageID'] = $this->languageID;
// save registration ip address
$this->additionalFields['registrationIpAddress'] = WCF::getSession()->ipAddress;
// generate activation code
$addDefaultGroups = true;
if (REGISTER_ACTIVATION_METHOD == 1 || REGISTER_ACTIVATION_METHOD == 2) {
$activationCode = UserRegistrationUtil::getActivationCode();
$this->additionalFields['activationCode'] = $activationCode;
$addDefaultGroups = false;
$this->groupIDs = Group::getGroupIdsByType(array(Group::EVERYONE, Group::GUESTS));
}
// create
$this->user = UserEditor::create($this->username, $this->email, $this->password, $this->groupIDs, $this->activeOptions, $this->additionalFields, $this->visibleLanguages, $addDefaultGroups);
// update session
WCF::getSession()->changeUser($this->user);
// activation management
if (REGISTER_ACTIVATION_METHOD == 0) {
$this->message = 'wcf.user.register.success';
}
if (REGISTER_ACTIVATION_METHOD == 1) {
$mail = new Mail(array($this->username => $this->email), WCF::getLanguage()->get('wcf.user.register.needActivation.mail.subject', array('PAGE_TITLE' => WCF::getLanguage()->get(PAGE_TITLE))), WCF::getLanguage()->get('wcf.user.register.needActivation.mail', array('PAGE_TITLE' => WCF::getLanguage()->get(PAGE_TITLE), '$username' => $this->username, '$userID' => $this->user->userID, '$activationCode' => $activationCode, 'PAGE_URL' => PAGE_URL, 'MAIL_ADMIN_ADDRESS' => MAIL_ADMIN_ADDRESS)));
$mail->send();
$this->message = 'wcf.user.register.needActivation';
}
if (REGISTER_ACTIVATION_METHOD == 2) {
$this->message = 'wcf.user.register.awaitActivation';
}
// notify admin
if (REGISTER_ADMIN_NOTIFICATION) {
// get default language
$language = WCF::getLanguage()->getLanguageID() != Language::getDefaultLanguageID() ? new Language(Language::getDefaultLanguageID()) : WCF::getLanguage();
$language->setLocale();
// send mail
$mail = new Mail(MAIL_ADMIN_ADDRESS, $language->get('wcf.user.register.notification.mail.subject', array('PAGE_TITLE' => $language->get(PAGE_TITLE))), $language->get('wcf.user.register.notification.mail', array('PAGE_TITLE' => $language->get(PAGE_TITLE), '$username' => $this->username)));
$mail->send();
WCF::getLanguage()->setLocale();
}
// delete captcha
if (REGISTER_USE_CAPTCHA && !WCF::getSession()->getVar('captchaDone')) {
$this->captcha->delete();
}
WCF::getSession()->unregister('captchaDone');
// login user
UserAuth::getInstance()->storeAccessData($this->user, $this->username, $this->password);
$this->saved();
// forward to index page
WCF::getTPL()->assign(array('url' => 'index.php' . SID_ARG_1ST, 'message' => WCF::getLanguage()->get($this->message, array('$username' => $this->username, '$email' => $this->email))));
WCF::getTPL()->display('redirect');
exit;
}
function do_register2()
{
global $db, $current_user, $globals;
if (!ts_is_human()) {
register_error(_('el código de seguridad no es correcto'));
return;
}
if (!check_user_fields()) {
return;
}
$username = clean_input_string(trim($_POST['username']));
// sanity check
$dbusername = $db->escape($username);
// sanity check
$password = UserAuth::hash(trim($_POST['password']));
$email = clean_input_string(trim($_POST['email']));
// sanity check
$dbemail = $db->escape($email);
// sanity check
$user_ip = $globals['form_user_ip'];
if (!user_exists($username)) {
if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) {
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n";
$user = new User();
$user->username = $username;
if (!$user->read()) {
register_error(_('error insertando usuario en la base de datos'));
} else {
require_once mnminclude . 'mail.php';
$sent = send_recover_mail($user);
$globals['user_ip'] = $user_ip;
//we force to insert de log with the same IP as the form
Log::insert('user_new', $user->id, $user->id);
}
echo '</fieldset>' . "\n";
} else {
register_error(_("error insertando usuario en la base de datos"));
}
} else {
register_error(_("el usuario ya existe"));
}
}
//Sign Up
$app->post('/sign_up', function () use($app) {
$params = $app->request->params();
$u = User::exists($params['email']);
if ($u == 0) {
//No Exsists
// $params['password']= $params['password'];//sha1($params['password']);//Encrypt password
$r = User::sign_up($params);
$app->response->body($r);
} else {
$app->response->body(json_encode(["error" => "exists"]));
}
});
//User Jobs
$app->get("/user/jobs/:user_id", function ($user_id) use($app) {
UserAuth::new_key($user_id);
$u = User::find($user_id);
//Find User
$u->jobs;
$u->userToken;
$app->response->body($u->toJson());
});
//Full User Details/Profile
$app->post("/user/profile/", function () use($app) {
$user_id = $app->request->params('user_id');
// $token = $app->request->params('token');
// UserAuth::authenticate($user_id,$token);//Authenticate or Fail
$u = User::find($user_id);
//Find User
//$u->userToken;
$app->response->body($u->toJson());
function save_profile()
{
global $db, $user, $current_user, $globals, $site_key;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = '';
$form_hash = md5($site_key . $user->id . mnminclude);
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
$messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>';
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username'])) < 3) {
$messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
$errors++;
}
if (!check_username($_POST['username'])) {
$messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>';
$errors++;
} elseif (user_exists(trim($_POST['username']))) {
$messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>';
$errors++;
} else {
$user->username = trim($_POST['username']);
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>';
$errors++;
} elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
$errors++;
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
$messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>';
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
$messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>';
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
$messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>';
$new_pass = true;
}
}
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
$messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
$messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass) {
$current_user->Authenticate($user->username, $new_pass);
}
$messages .= '<p class="form-error">' . _('datos actualizados') . '</p>';
}
return $messages;
}
/**
* Check email confirmation code
*
* @return true;
*/
public function checkEmailConfirmation($h)
{
$user_id = $h->cage->get->getInt('id');
$conf = $h->cage->get->getAlnum('conf');
$user = new UserAuth();
$user->getUserBasic($h, $user_id);
if (!$user_id || !$conf) {
$h->messages[$h->lang['user_signin_register_emailconf_fail']] = 'red';
}
$sql = "SELECT user_email_conf FROM " . TABLE_USERS . " WHERE user_id = %d";
$user_email_conf = $h->db->get_var($h->db->prepare($sql, $user_id));
if ($conf === $user_email_conf) {
// update role:
$user->role = $h->vars['regStatus'];
$h->pluginHook('user_signin_email_conf_post_role');
// update user with new permissions:
$new_perms = $user->getDefaultPermissions($h, $user->role);
unset($new_perms['options']);
// don't need this for individual users
$user->setAllPermissions($new_perms);
$user->updatePermissions($h);
$user->updateUserBasic($h);
// set email valid to 1:
$sql = "UPDATE " . TABLE_USERS . " SET user_email_valid = %d WHERE user_id = %d";
$h->db->query($h->db->prepare($sql, 1, $user->id));
// notify chosen mods of new user by email:
if ($h->vars['useEmailNotify'] == 'checked' && file_exists(PLUGINS . 'users/libs/UserFunctions.php')) {
require_once PLUGINS . 'users/libs/UserFunctions.php';
$uf = new UserFunctions();
$uf->notifyMods($h, 'user', $user->role, $user->id);
}
$success_message = $h->lang['user_signin_register_emailconf_success'] . " <br /><b><a href='" . $h->url(array('page' => 'login')) . "'>" . $h->lang['user_signin_register_emailconf_success_login'] . "</a></b>";
$h->messages[$success_message] = 'green';
} else {
$h->messages[$h->lang['user_signin_register_emailconf_fail']] = 'red';
}
return true;
}
function user_return()
{
global $globals;
// syslog(LOG_INFO, "user_return: ". $this->return. " COOKIE: ".$_COOKIE['return']);
setcookie('return', '', time() - 10000, $globals['base_url'], UserAuth::domain());
setcookie('return', '', time() - 10000, $globals['base_url']);
if (!empty($this->return)) {
header('Location: http://' . get_server_name() . $this->return);
} else {
header('Location: http://' . get_server_name() . $globals['base_url']);
}
exit;
}
/**
* Создание пользователя из соцсети
*/
public static function createAuthUser($attributes)
{
$user = new User();
$auth = new UserAuth();
$user->attributes = $attributes;
$auth->attributes = $attributes;
$user->setAttributes(array('created' => date('Y-m-d H:i:s'), 'changed' => date('Y-m-d H:i:s'), 'last_visit' => time(), 'registration_ip' => Yii::app()->request->userHostAddress, 'status' => self::STATUS_ACTIVE, 'is_social_user' => self::SOCIAL_USER_YES));
$auth->setAttributes(array('created' => date('Y-m-d H:i:s'), 'changed' => date('Y-m-d H:i:s')));
if ($attributes['photo']) {
$photo = new Photo();
$photo->filename = String::randomString(12);
$user->avatar = $photo->uploadImage($attributes['photo'], param('images/user'));
$auth->service_user_pic = $attributes['photo'];
}
$user->auth = $auth;
if ($user->withRelated->save(false, array('auth'))) {
return $user;
} else {
throw new Exception('Пользователь не создался ... ');
}
}
<?php
$USERAUTH = new UserAuth();
$SESSION = new Session();
$SessionUser = $SESSION->get_session_user();
$menuPath = $USERAUTH->FrontEnd_show_menu($SessionUser);
// pr($menuPath);
?>
<aside>
<nav>
<ul>
<?php
if (isset($_SESSION['ses_utoken'])) {
?>
<li align="center">
<ul>
<a href="<?php
echo "{$url_rewrite}";
?>
" class="iconHOme">
<li class="icohome"><i class="fa fa-home fa-fw fa-3x"></i></li>
</a>
</ul>
</li>
<li align="center">
<ul>
<li class="home">
<table border="0" width="100%">
<tr>
* ----Require semua configurasi APP yang digunakan----
*
*/
require "../../config/config.php";
$DBVAR = new DB();
/* Deklarasi class UserAuth
* Class Name : UserAuth
* Location :root_path/function/userAuth/user_func.php
* Warning !!! Jangan buat nama variabel sama dengan nama variabel ini
*/
$USERAUTH = new UserAuth();
$SESSION = new Session();
/* Ambil session admin */
$UserSession = $SESSION->get_session_user();
if (isset($_POST['login']))
{
$dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0);
$dataValid = $DBVAR->form_validation($dataVar);
if (is_array($dataValid))
{
/**
* Send new password
*/
public function sendPassword($h)
{
// check username
$username = $h->cage->post->testUsername('username');
$userAuth = new UserAuth();
$userAuth->getUserBasic($h, 0, $username);
if ($userAuth->id) {
// send password!
$passconf = md5(crypt(md5($userAuth->email), md5($userAuth->email)));
$userAuth->newRandomPassword($h, $userAuth->id, $passconf);
$h->messages[$h->lang['user_man_new_password_sent']] = 'green';
} else {
$h->vars['user_man_username_2'] = $username;
// to fill the username field
$h->messages[$h->lang['user_man_user_not_found']] = 'red';
}
}
static function save_from_post($link, $redirect = true)
{
global $db, $current_user, $globals;
require_once mnminclude . 'ban.php';
if (check_ban_proxy()) {
return _('dirección IP no permitida');
}
// Check if is a POST of a comment
if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment();
$comment->link = $link->id;
$comment->ip = $globals['user_ip'];
$comment->randkey = intval($_POST['randkey']);
$comment->author = intval($_POST['user_id']);
$comment->karma = round($current_user->user_karma);
$comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours + 1);
if ($clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) {
// Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) {
// Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
if (!$current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) {
$same_links_count *= 2;
}
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5);
$karma_penalty = 0;
if ($comment_count > $comment_limit || $same_count > 2) {
if ($comment_count > $comment_limit) {
$karma_penalty += ($comment_count - 3) * 0.1;
}
if ($same_count > 1) {
$karma_penalty += $same_count * 0.25;
}
}
// Check image limits
if (!empty($_FILES['image']['tmp_name'])) {
$limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']);
if ($limit_exceded) {
return $limit_exceded;
}
}
$db->transaction();
// Check the comment wasn't already stored
$r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE"));
$already_stored = intval($r);
if ($already_stored) {
$db->rollback();
return _('comentario duplicado');
}
if ($karma_penalty > 0) {
$db->rollback();
$user = new User($current_user->user_id);
$user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios'));
return _('penalización de karma por texto repetido o abuso de enlaces');
}
if (!is_null($r) && $comment->store()) {
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Check image upload or delete
if ($_POST['image_delete']) {
$comment->delete_image();
} else {
$comment->store_image_from_form('image');
}
if ($redirect) {
// Comment stored, just redirect to it page
header('HTTP/1.1 303 Load');
header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order);
die;
} else {
return $comment;
}
}
$db->rollback();
return _('error insertando comentario');
//return $error;
}
static function save_from_post($link) {
global $db, $current_user, $globals;
require_once(mnminclude.'ban.php');
$error = '';
if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida');
// Check if is a POST of a comment
if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 &&
$link->comments < $globals['max_comments'] &&
intval($_POST['link_id']) == $link->id && $current_user->authenticated &&
intval($_POST['user_id']) == $current_user->user_id &&
intval($_POST['randkey']) > 0
)) {
return _('comentario o usuario incorrecto');
}
if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) {
return _('karma demasiado bajo');
}
$comment = new Comment;
$comment->link=$link->id;
$comment->ip = $db->escape($globals['user_ip']);
$comment->randkey=intval($_POST['randkey']);
$comment->author=intval($_POST['user_id']);
$comment->karma=round($current_user->user_karma);
$comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000);
$comment->parent=intval($_POST['parent_id']);
//get level
$parentComment = new Comment();
$parentComment->id = intval($comment->parent);
$parentComment->read_basic();
if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) {
return _('Chegache ao nivel límite de comentarios aniñados...');
}
$comment->nested_level = $parentComment->nested_level + 1;
// Check if is an admin comment
if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') {
$comment->type = 'admin';
}
// Don't allow to comment with a clone
$hours = intval($globals['user_comments_clon_interval']);
if ($hours > 0) {
$clones = $current_user->get_clones($hours+1);
if ( $clones) {
$l = implode(',', $clones);
$c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)");
if ($c > 0) {
syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri");
return _('ya hizo un comentario con usuarios clones');
}
}
}
// Basic check to avoid abuses from same IP
if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma
// Avoid astroturfing from the same link's author
if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) {
UserAuth::insert_clon($comment->author, $link->author, $link->ip);
syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink());
return _('no se puede comentar desde la misma IP del autor del envío');
}
// Avoid floods with clones from the same IP
if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) {
syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)");
return _('demasiados comentarios desde la misma IP con usuarios diferentes');
}
}
if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char
return _('texto muy breve o caracteres no válidos');
}
// Check the comment wasn't already stored
$already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey"));
if ($already_stored) {
return _('comentario duplicado');
}
if (! $current_user->admin) {
$comment->get_links();
if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) {
syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)");
return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)');
}
// Lower karma to comments' spammers
$comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)");
// Check the text is not the same
$same_count = $comment->same_text_count();
$same_links_count = $comment->same_links_count();
if ($comment->banned) $same_links_count *= 2;
$same_count += $same_links_count;
} else {
$comment_count = $same_count = 0;
}
$comment_limit = round(min($current_user->user_karma/6, 2) * 2.5);
if ($comment_count > $comment_limit || $same_count > 2) {
$reduction = 0;
if ($comment_count > $comment_limit) {
$reduction += ($comment_count-3) * 0.1;
}
if($same_count > 1) {
$reduction += $same_count * 0.25;
}
if ($reduction > 0) {
$user = new User;
$user->id = $current_user->user_id;
$user->read();
$user->karma = $user->karma - $reduction;
syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)");
$user->store();
$annotation = new Annotation("karma-$user->id");
$annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n");
$error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces');
}
}
$db->transaction();
$comment->store();
$comment->insert_vote();
$link->update_comments();
$db->commit();
// Comment stored, just redirect to it page
header('Location: '.$link->get_permalink() . '#c-'.$comment->order);
die;
//return $error;
}
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
// Show menéame intro only if first try and the there were not previous logins
if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) {
echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n";
// Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n";
echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n";
echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n";
echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n";
echo '<ul style="margin-left: 1.5em">' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n";
echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n";
echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n";
echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n";
echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n";
} else {
echo '<div class="genericform" style="float:auto;">' . "\n";
}
echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header('HTTP/1.1 303 Load');
header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})");
} elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
$previous_login_failed++;
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})");
} else {
UserAuth::check_clon_from_cookies();
// If the user is authenticating from a mobile device, keep her in the standard version
if ($globals['mobile']) {
setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain());
}
header('HTTP/1.1 303 Load');
if (!empty($_REQUEST['return'])) {
header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']);
} else {
header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']);
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n";
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n";
print_oauth_icons($_REQUEST['return']);
echo '<input type="hidden" name="processlogin" value="1"/>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br/> ';
}
$match = new Match($id);
if (!$match->read_basic()) {
error(_('partido inexistente'));
}
if (!$match->is_votable()) {
error(_('votos cerrados'));
}
if ($current_user->user_id == 0) {
error(_('Los votos anónimos están deshabilitados'));
}
if ($current_user->user_id != $_REQUEST['user']) {
error(_('usuario incorrecto'));
}
// Check the user is not a clon by cookie of others that voted the same link
if ($current_user->user_id > 0 && $match->status != 'published') {
if (UserAuth::check_clon_votes($current_user->user_id, $match->id, 5, 'links') > 0) {
error(_('no se puede votar con clones'));
}
}
try {
$match->insert_vote($vote);
} catch (Exception $e) {
error($e->getMessage());
}
echo $match->json_votes_info(intval($vote));
function error($mess)
{
$dict['error'] = $mess;
echo json_encode($dict);
die;
}
/**
* echoes css and html for sql log
* @return void
*/
public function print_log()
{
if (!$this->enable_log || DEV && !DEBUG || !(UserAuth::is_local() || php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR']))) {
return;
}
echo '<style>.query_log {margin:0px;padding:0px; width:100%; box-shadow: 10px 10px 5px #888888; border:1px solid #000000; -moz-border-radius-bottomleft:0px; -webkit-border-bottom-left-radius:0px; border-bottom-left-radius:0px; -moz-border-radius-bottomright:0px; -webkit-border-bottom-right-radius:0px; border-bottom-right-radius:0px; -moz-border-radius-topright:0px; -webkit-border-top-right-radius:0px; border-top-right-radius:0px; -moz-border-radius-topleft:0px; -webkit-border-top-left-radius:0px; border-top-left-radius:0px; }.query_log table{border-collapse: collapse; border-spacing: 0; width:100%; height:100%; margin:0px;padding:0px; }.query_log tr:last-child td:last-child {-moz-border-radius-bottomright:0px; -webkit-border-bottom-right-radius:0px; border-bottom-right-radius:0px; } .query_log table tr:first-child td:first-child {-moz-border-radius-topleft:0px; -webkit-border-top-left-radius:0px; border-top-left-radius:0px; } .query_log table tr:first-child td:last-child {-moz-border-radius-topright:0px; -webkit-border-top-right-radius:0px; border-top-right-radius:0px; }.query_log tr:last-child td:first-child{-moz-border-radius-bottomleft:0px; -webkit-border-bottom-left-radius:0px; border-bottom-left-radius:0px; }.query_log tr:hover td{} .query_log tr.master{ background-color:#ffaa56; } .query_log tr.slave { background-color:#ffffff; }.query_log td{vertical-align:middle; border:1px solid #000000; border-width:0px 1px 1px 0px; text-align:left; padding:7px; font-size:10px; font-family:Arial; font-weight:normal; color:#000000; }.query_log tr:last-child td{border-width:0px 1px 0px 0px; }.query_log tr td:last-child{border-width:0px 0px 1px 0px; }.query_log tr:last-child td:last-child{border-width:0px 0px 0px 0px; } .query_log tr:first-child td{background:-o-linear-gradient(bottom, #ff7f00 5%, #bf5f00 100%); background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ff7f00), color-stop(1, #bf5f00) ); background:-moz-linear-gradient( center top, #ff7f00 5%, #bf5f00 100% ); filter:progid:DXImageTransform.Microsoft.gradient(startColorstr="#ff7f00", endColorstr="#bf5f00"); background: -o-linear-gradient(top,#ff7f00,bf5f00); background-color:#ff7f00; border:0px solid #000000; text-align:center; border-width:0px 0px 1px 1px; font-size:14px; font-family:Arial; font-weight:bold; color:#ffffff; } .query_log tr:first-child:hover td{background:-o-linear-gradient(bottom, #ff7f00 5%, #bf5f00 100%); background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ff7f00), color-stop(1, #bf5f00) ); background:-moz-linear-gradient( center top, #ff7f00 5%, #bf5f00 100% ); filter:progid:DXImageTransform.Microsoft.gradient(startColorstr="#ff7f00", endColorstr="#bf5f00"); background: -o-linear-gradient(top,#ff7f00,bf5f00); background-color:#ff7f00; } .query_log tr:first-child td:first-child{border-width:0px 0px 1px 0px; } .query_log tr:first-child td:last-child{border-width:0px 0px 1px 1px; }.query_log table tr.error td{background-color:red;color:#fff;font-weight:bold;}</style>';
echo "<div class='query_log'>\n\t\t\t<table style='table-layout:fixed;'>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Start</td><td>Query</td><td>Records</td><td>Time Taken</td><td>Connection</td><td>Error</td>\n\t\t\t\t</tr>";
echo "<tr><td colspan='4'>Total Queries Executed: " . count($this->queries) . "</td></tr>";
foreach ((array) $this->queries as $key => $query) {
$class = "";
if ($query["error"] || $query["time"] > 1) {
$class = "error";
}
echo "<tr class='{$class} {$query['connection']}'>\n\t\t\t\t<td>{$query['start']}</td><td>{$query['query']}</td><td>{$query['records']}</td><td>{$query['time']}</td><td>{$query['connection']}</td><td>{$query['error']}</td>\n\t\t\t</tr>";
}
echo "</table>\n\t\t\t</div>";
}
<?php
include "../../../config/config.php";
$USERAUTH = new UserAuth();
$SESSION = new Session();
$menu_id = 28;
$SessionUser = $SESSION->get_session_user();
$USERAUTH->FrontEnd_check_akses_menu($menu_id, $SessionUser);
?>
<?php ob_start(); ?>
<html>
<?php
include "$path/header.php";
include "$path/title.php";
?>
<body>
<?php
include "$path/menu.php";
open_connection();
echo '<pre>';
//print_r($_POST);
echo '</pre>';
echo '<pre>';
//print_r($dataArr);
echo '</pre>';
/**
* Bulk User Role Change
*
* @param string $from name of role to move from
* @param string $to name of role to move to
* @return bool
*/
public function bulkRoleChange($h, $from = '', $to = '')
{
if (!$from || !$to) {
return false;
}
// check $from and $to exist
$unique_roles = $this->getUniqueRoles($h);
if (!in_array($from, $unique_roles)) {
return false;
}
if (!in_array($to, $unique_roles)) {
return false;
}
$sql = "SELECT user_id FROM " . TABLE_USERS . " WHERE user_role = %s";
$items = $h->db->get_results($h->db->prepare($sql, $from));
if ($items) {
// Change role and permissions for each user being moved
foreach ($items as $item) {
$user = new UserAuth();
$user->getUser($h, $item->user_id);
$user->role = $to;
$new_perms = $user->getDefaultPermissions($h, $user->role);
$user->setAllPermissions($new_perms);
$user->updateUserBasic($h);
}
}
return true;
}
