print_output($templater->render()); } // ############################### process request activation email ############################# if ($_POST['do'] == 'emailcode') { $vbulletin->input->clean_gpc('r', 'email', TYPE_NOHTML); $users = $db->query_read_slave("\r\n\t\tSELECT user.userid, user.usergroupid, username, email, activationid, languageid\r\n\t\tFROM " . TABLE_PREFIX . "user AS user\r\n\t\tLEFT JOIN " . TABLE_PREFIX . "useractivation AS useractivation ON(user.userid = useractivation.userid AND type = 0)\r\n\t\tWHERE email = '" . $db->escape_string($vbulletin->GPC['email']) . "'"); if ($db->num_rows($users)) { while ($user = $db->fetch_array($users)) { if ($user['usergroupid'] == 3) { // only do it if the user is in the correct usergroup // make random number if (empty($user['activationid'])) { //none exists so create one $user['activationid'] = build_user_activation_id($user['userid'], 2, 0); } else { $user['activationid'] = fetch_random_string(40); $db->query_write("\r\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "useractivation SET\r\n\t\t\t\t\t\t\tdateline = " . TIMENOW . ",\r\n\t\t\t\t\t\t\tactivationid = '{$user['activationid']}'\r\n\t\t\t\t\t\tWHERE userid = {$user['userid']}\r\n\t\t\t\t\t\t\tAND type = 0\r\n\t\t\t\t\t"); } $userid = $user['userid']; $username = $user['username']; $activateid = $user['activationid']; ($hook = vBulletinHook::fetch_hook('register_emailcode_user')) ? eval($hook) : false; eval(fetch_email_phrases('activateaccount', $user['languageid'])); vbmail($user['email'], $subject, $message, true); } } eval(print_standard_redirect('redirect_lostactivatecode', true, true)); } else { eval(standard_error(fetch_error('invalidemail', $vbulletin->options['contactuslink']))); } }
/** * (Re)Generates an Activation ID for a user * * @param integer User's ID * @param integer The group to move the user to when they are activated * @param integer 0 for Normal Activation, 1 for Forgotten Password * @param boolean Whether this is an email change or not * * @return string The Activation ID * */ function build_user_activation_id($userid, $usergroupid, $type, $emailchange = 0) { global $vbulletin; if ($usergroupid == 3 or $usergroupid == 0) { // stop them getting stuck in email confirmation group forever :) $usergroupid = 2; } $vbulletin->db->query_write("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = {$userid} AND type = {$type}"); $activateid = fetch_random_string(40); /*insert query*/ $vbulletin->db->query_write("\n\t\tREPLACE INTO " . TABLE_PREFIX . "useractivation\n\t\t\t(userid, dateline, activationid, type, usergroupid, emailchange)\n\t\tVALUES\n\t\t\t({$userid}, " . TIMENOW . ", '{$activateid}' , {$type}, {$usergroupid}, " . intval($emailchange) . ")\n\t"); if ($userinfo = fetch_userinfo($userid)) { $userdata =& datamanager_init('User', $vbulletin, ERRTYPE_SILENT); $userdata->set_existing($userinfo); $userdata->set_bitfield('options', 'noactivationmails', 0); $userdata->save(); } return $activateid; }
/** * Fetches a default session. Used when creating a new session. * * @param integer User ID the session should be for * * @return array Array of session variables */ function fetch_session($userid = 0) { $sessionhash = $this->fetch_sessionhash(); if (!defined('SKIP_SESSIONCREATE')) { vbsetcookie('sessionhash', $sessionhash, false, false, true); } $session = array('sessionhash' => $sessionhash, 'dbsessionhash' => $sessionhash, 'userid' => intval($userid), 'host' => $this->getIp(), 'idhash' => SESSION_IDHASH, 'lastactivity' => TIMENOW, 'location' => defined('LOCATION_BYPASS') ? '' : WOLPATH, 'styleid' => 0, 'languageid' => 0, 'loggedin' => intval($userid) ? 1 : 0, 'inforum' => 0, 'inthread' => 0, 'incalendar' => 0, 'badlocation' => 0, 'profileupdate' => 0, 'useragent' => USER_AGENT, 'bypass' => SESSION_BYPASS); if (defined('VB_API') and VB_API === true) { if ($this->registry->apiclient['apiaccesstoken']) { // Access Token is valid here because it's validated in init.php $accesstoken = $this->registry->apiclient['apiaccesstoken']; } else { // Generate an accesstoken $accesstoken = fetch_random_string(); $this->registry->apiclient['apiaccesstoken'] = $accesstoken; } $session['apiaccesstoken'] = $accesstoken; if ($this->registry->apiclient['apiclientid']) { $session['apiclientid'] = intval($this->registry->apiclient['apiclientid']); // Save accesstoken to apiclient table $this->registry->db->query_write("UPDATE " . TABLE_PREFIX . "apiclient SET\n\t\t\t\t\tapiaccesstoken = '" . $this->registry->db->escape_string($accesstoken) . "',\n\t\t\t\t\tlastactivity = " . TIMENOW . "\n\t\t\t\t\tWHERE apiclientid = {$session['apiclientid']}"); } } ($hook = vBulletinHook::fetch_hook('fetch_session_complete')) ? eval($hook) : false; return $session; }
public function sendActivateEmail($userid) { $userinfo = vB_User::fetchUserinfo($userid); if (empty($userinfo)) { throw new vB_Exception_Api('invaliduserid'); } if ($userinfo['usergroupid'] != 3) { // Already activated throw new vB_Exception_Api('activate_wrongusergroup'); } $vboptions = vB::getDatastore()->getValue('options'); $coppauser = false; if (!empty($userinfo['birthdaysearch'])) { $birthday = $userinfo['birthdaysearch']; } else { //we want YYYY-MM-DD for the coppa check but normally we store MM-DD-YYYY $birthday = $userinfo['birthday']; if (strlen($birthday) >= 6 and $birthday[2] == '-' and $birthday[5] == '-') { $birthday = substr($birthday, 6) . '-' . substr($birthday, 0, 2) . '-' . substr($birthday, 3, 2); } } if ($vboptions['usecoppa'] == 1 and $this->needsCoppa($birthday)) { $coppauser = true; } $username = trim(unhtmlspecialchars($userinfo['username'])); require_once DIR . '/includes/functions_user.php'; // Try to get existing activateid from useractivation table $useractivation = vB::getDbAssertor()->getRow('useractivation', array('userid' => $userinfo['userid'])); if ($useractivation) { $activateid = fetch_random_string(40); vB::getDbAssertor()->update('useractivation', array('dateline' => vB::getRequest()->getTimeNow(), 'activationid' => $activateid), array('userid' => $userinfo['userid'], 'type' => 0)); } else { $activateid = build_user_activation_id($userinfo['userid'], ($vboptions['moderatenewmembers'] or $coppauser) ? 4 : 2, 0); } $maildata = vB_Api::instanceInternal('phrase')->fetchEmailPhrases('activateaccount', array($username, $vboptions['bbtitle'], $vboptions['frontendurl'], $userinfo['userid'], $activateid, $vboptions['webmasteremail']), array($username), $userinfo['languageid']); vB_Mail::vbmail($userinfo['email'], $maildata['subject'], $maildata['message'], true); }
/** * Code to run before saving * * @param boolean Do the query? * * @return boolean Whether this code executed correctly * */ function pre_save($doquery = true) { if ($this->presave_called !== null) { return $this->presave_called; } if (!$this->fetch_field('idhash')) { $this->set('idhash', md5(fetch_random_string())); } if (!$this->fetch_field('thumbnail_dateline')) { $this->set('thumbnail_dateline', TIMENOW); } // Set picture moderated if need be if (!$this->condition and !$this->fetch_field('state')) { $should_moderate = ($this->registry->options['albums_pictures_moderation'] or !($this->registry->userinfo['permissions']['albumpermissions'] & $this->registry->bf_ugp_albumpermissions['picturefollowforummoderation'])); if ($should_moderate and !can_moderate(0, 'canmoderatepictures')) { $this->set('state', 'moderation'); } else { $this->set('state', 'visible'); } } $return_value = true; ($hook = vBulletinHook::fetch_hook('picturedata_presave')) ? eval($hook) : false; $this->presave_called = $return_value; return $return_value; }
/** * (Re)Generates an Activation ID for a user * * @param integer User's ID * @param integer The group to move the user to when they are activated * @param integer 0 for Normal Activation, 1 for Forgotten Password * @param boolean Whether this is an email change or not * * @return string The Activation ID * */ function build_user_activation_id($userid, $usergroupid, $type, $emailchange = 0) { global $vbulletin; if ($usergroupid == 3 or $usergroupid == 0) { // stop them getting stuck in email confirmation group forever :) $usergroupid = 2; } vB::getDbAssertor()->assertQuery('useractivation', array(vB_dB_Query::TYPE_KEY => vB_dB_Query::QUERY_DELETE, 'userid' => $userid, 'type' => $type)); $activateid = fetch_random_string(40); /*insert query*/ vB::getDbAssertor()->assertQuery('user_replaceuseractivation', array('userid' => $userid, 'timenow' => vB::getRequest()->getTimeNow(), 'activateid' => $activateid, 'type' => $type, 'usergroupid' => $usergroupid, 'emailchange' => intval($emailchange))); if ($userinfo = vB_User::fetchUserinfo($userid)) { $userdata = new vB_Datamanager_User($vbulletin, vB_DataManager_Constants::ERRTYPE_SILENT); $userdata->set_existing($userinfo); $userdata->set_bitfield('options', 'noactivationmails', 0); $userdata->save(); } return $activateid; }
public function requestact_user($email) { //Get user info from email given/check they actually exist $users = $this->db->query_read_slave("\r\n\t\tSELECT user.userid, user.usergroupid, username, email, activationid, languageid\r\n\t\tFROM " . TABLE_PREFIX . "user AS user\r\n\t\tLEFT JOIN useractivation AS useractivation ON(user.userid = useractivation.userid AND type = 0)\r\n\t\tWHERE email = '" . $this->db->escape_string($email) . "'"); //If they exist then carry on if ($this->db->num_rows($users)) { //Loop through everyone with the same email address while ($user = $this->db->fetch_array($users)) { //Only work on those who are still not activated if ($user['usergroupid'] == NOACTIVATION_USERGROUP) { //If they for some crazy reason do not have an activation ID then... if (empty($user['activationid'])) { //Create a new activation ID for the user $user['activationid'] = build_user_activation_id($user['userid'], 2, 0); } else { //If they already have an activation ID we'll update the current entry with a new ID $user['activationid'] = fetch_random_string(40); $this->db->query_write("\r\n\t\t\t\t\t\tUPDATE " . TABLE_PREFIX . "useractivation SET\r\n\t\t\t\t\t\t\tdateline = " . TIMENOW . ",\r\n\t\t\t\t\t\t\tactivationid = '{$user['activationid']}'\r\n\t\t\t\t\t\tWHERE userid = {$user['userid']}\r\n\t\t\t\t\t\t\tAND type = 0\r\n\t\t\t\t\t"); } //Set some required VB variables (for the email) $userid = $user['userid']; $username = $user['username']; $activateid = $user['activationid']; //Send out activation email, note the custom vbulletin phrase for the "main" site! eval(fetch_email_phrases('activateaccount', $user['languageid'])); //Actually send the email vbmail($user['email'], $subject, $message, true); } } //Return as a success return false; } else { return "No account with that email address exists, please try again."; } }
protected function fetch_session($userid = 0) { $session = parent::fetch_session($userid); if ($this->apiclient['apiaccesstoken']) { // Access Token is valid here because it's validated in init.php $accesstoken = $this->apiclient['apiaccesstoken']; } else { // Generate an accesstoken $accesstoken = fetch_random_string(); $this->apiclient['apiaccesstoken'] = $accesstoken; } $session['apiaccesstoken'] = $accesstoken; if ($this->apiclient['apiclientid']) { $session['apiclientid'] = intval($this->apiclient['apiclientid']); // Save accesstoken to apiclient table $this->dBAssertor->update('apiclient', array('apiaccesstoken' => $accesstoken, 'lastactivity' => TIMENOW), array('apiclientid' => $session['apiclientid'])); } return $session; }