function forum_check_password($forum_fid)
{
$frame_top_target = html_get_top_frame_name();
if (!($db_forum_check_password = db_connect())) {
return false;
}
$webtag = get_webtag($webtag_search);
if (!is_numeric($forum_fid)) {
return false;
}
if ($forum_passhash = forum_get_password($forum_fid)) {
forum_get_saved_password($password, $passhash, $sesshash);
if ($sesshash == $forum_passhash) {
return true;
}
// If we got this far then the password verification failed or
// the user hasn't seen the password dialog before.
$lang = load_language_file();
html_draw_top();
echo "<h1>{$lang['passwdprotectedforum']}</h1>\n";
if (isset($_COOKIE["bh_{$webtag}_sesshash"]) && strlen(trim(_stripslashes($_COOKIE["bh_{$webtag}_sesshash"]))) > 0) {
bh_setcookie("bh_{$webtag}_sesshash", "", time() - YEAR_IN_SECONDS);
html_display_error_msg($lang['usernameorpasswdnotvalid'], '550', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form method=\"post\" action=\"forum_password.php\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_input_hidden('webtag', _htmlentities($webtag)), "\n";
echo " ", form_input_hidden('final_uri', _htmlentities(get_request_uri())), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n";
if ($password_protected_message = forum_get_setting('password_protected_message', false)) {
echo " <tr>\n";
echo " <td align=\"left\">", fix_html($password_protected_message), "</td>\n";
echo " </tr>\n";
} else {
echo " <tr>\n";
echo " <td align=\"center\">{$lang['passwdprotectedwarning']}</td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">{$lang['enterpasswd']}</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">{$lang['passwd']}:</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', _htmlentities($password), 40, false, "autocomplete=\"off\""), form_input_hidden("forum_passhash", _htmlentities($passhash)), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\">", form_checkbox('remember_password', 'Y', $lang['rememberpassword'], strlen($password) > 0 && strlen($passhash) > 0), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("submit", $lang['logon']), " ", form_submit("cancel", $lang['cancel']), "</td>\n";
echo " </tr>\n";
if (bh_session_check_perm(USER_PERM_ADMIN_TOOLS, 0) || bh_session_check_perm(USER_PERM_FORUM_TOOLS, 0)) {
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">{$lang['adminforumclosedtip']}</td>\n";
echo " </tr>\n";
}
echo " </table>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
return true;
}
function forum_check_password($forum_fid)
{
if (!is_numeric($forum_fid)) {
return false;
}
$webtag = get_webtag();
if (!($forum_passhash = forum_get_password($forum_fid))) {
return true;
}
$forum_passhash_check = session::get_value("{$webtag}_PASSWORD");
if (isset($_POST['forum_password']) && strlen($_POST['forum_password']) > 0) {
$forum_passhash_check = md5($_POST['forum_password']);
}
if ($forum_passhash == $forum_passhash_check) {
session::set_value("{$webtag}_PASSWORD", $forum_passhash_check);
return true;
}
html_draw_top(sprintf("title=%s", gettext("Password Protected Forum")));
echo "<h1>", gettext("Password Protected Forum"), "</h1>\n";
if (session::get_value("{$webtag}_PASSWORD")) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '550', 'center');
}
if ($password_protected_message = forum_get_setting('password_protected_message')) {
echo fix_html($password_protected_message);
} else {
html_display_warning_msg(gettext("This forum is password protected. To gain access enter the password below."), '400', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"400\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Enter Password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', '', 40, false, ''), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("logon", gettext("Logon")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
if (session::check_perm(USER_PERM_ADMIN_TOOLS, 0) || session::check_perm(USER_PERM_FORUM_TOOLS, 0)) {
html_display_warning_msg(gettext("If you want to change some settings on your forum click the Admin link in the navigation bar above."), '400', 'center');
}
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit("changepermissions", gettext("Change Permissions")), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
} else {
if ($forum_settings['access_level'] == FORUM_PASSWD_PROTECTED) {
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
if (!forum_get_password($forum_settings['fid'])) {
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">\n";
html_display_warning_msg(gettext("You have not set a forum password. If you do not set a password the password protection functionality will be automatically disabled!"), '95%', 'center');
echo " </td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit("changepassword", gettext("Change Password")), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
}
}
