function forum_check_password($forum_fid)
{
if (!is_numeric($forum_fid)) {
return false;
}
$webtag = get_webtag();
if (!($forum_passhash = forum_get_password($forum_fid))) {
return true;
}
$forum_passhash_check = session::get_value("{$webtag}_PASSWORD");
if (isset($_POST['forum_password']) && strlen($_POST['forum_password']) > 0) {
$forum_passhash_check = md5($_POST['forum_password']);
}
if ($forum_passhash == $forum_passhash_check) {
session::set_value("{$webtag}_PASSWORD", $forum_passhash_check);
return true;
}
html_draw_top(sprintf("title=%s", gettext("Password Protected Forum")));
echo "<h1>", gettext("Password Protected Forum"), "</h1>\n";
if (session::get_value("{$webtag}_PASSWORD")) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '550', 'center');
}
if ($password_protected_message = forum_get_setting('password_protected_message')) {
echo fix_html($password_protected_message);
} else {
html_display_warning_msg(gettext("This forum is password protected. To gain access enter the password below."), '400', 'center');
}
echo "<br />\n";
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"400\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"400\">\n";
echo " <tr>\n";
echo " <td class=\"posthead\" align=\"center\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Enter Password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"90%\">\n";
echo " <tr>\n";
echo " <td align=\"left\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('forum_password', '', 40, false, ''), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\">", form_submit("logon", gettext("Logon")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
if (session::check_perm(USER_PERM_ADMIN_TOOLS, 0) || session::check_perm(USER_PERM_FORUM_TOOLS, 0)) {
html_display_warning_msg(gettext("If you want to change some settings on your forum click the Admin link in the navigation bar above."), '400', 'center');
}
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
echo " <tr>\n";
echo " <td align=\"left\" width=\"100\">", gettext("Posted from"), ":</td>\n";
echo " <td align=\"left\">", form_date_dropdowns($from_year, $from_month, $from_day, "from_", 2002), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" width=\"100\">", gettext("Posted to"), ":</td>\n";
echo " <td align=\"left\">", form_date_dropdowns($to_year, $to_month, $to_day, "to_", 2002), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td colspan=\"2\" align=\"center\">", form_submit("update", gettext("Update")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </form>\n";
echo " </div>\n";
html_draw_bottom();
// Bootstrap
require_once 'boot.php';
// Includes required by this page.
require_once BH_INCLUDE_PATH . 'cache.inc.php';
require_once BH_INCLUDE_PATH . 'constants.inc.php';
require_once BH_INCLUDE_PATH . 'header.inc.php';
require_once BH_INCLUDE_PATH . 'html.inc.php';
require_once BH_INCLUDE_PATH . 'lang.inc.php';
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
// Don't cache this page - fixes problems with Opera.
cache_disable();
// Get the user's saved left frame width.
if (($left_frame_width = session::get_value('LEFT_FRAME_WIDTH')) === false) {
$left_frame_width = 280;
}
html_draw_top('frame_set_html', 'pm_popup_disabled');
$frameset = new html_frameset_cols('start', "{$left_frame_width},*");
if (isset($_GET['left']) && $_GET['left'] == "threadlist") {
$frameset->html_frame("thread_list.php?webtag={$webtag}", html_get_frame_name('left'));
} else {
$frameset->html_frame("start_left.php?webtag={$webtag}", html_get_frame_name('left'));
}
if (isset($_GET['show']) && $_GET['show'] == "visitors") {
$frameset->html_frame("visitor_log.php?webtag={$webtag}", html_get_frame_name('right'));
} else {
$frameset->html_frame("start_main.php?webtag={$webtag}", html_get_frame_name('right'));
}
$frameset->output_html();
html_draw_bottom(true);
function forum_start_page_get_html($content)
{
ob_start();
html_draw_top();
echo $content;
html_draw_bottom();
$content = ob_get_contents();
ob_end_clean();
return word_filter_rem_ob_tags($content);
}
function html_draw_error($error_msg, $href = false, $method = 'get', $button_array = false, $var_array = false, $target = "_self", $align = "left", $id = false)
{
html_draw_top(gettext('Error'));
html_display_msg(gettext("Error"), $error_msg, $href, $method, $button_array, $var_array, $target, $align, $id);
html_draw_bottom();
exit;
}
function html_draw_error($message, $href = null, $method = 'get', array $buttons = array(), array $vars = array(), $target = "_self", $align = "left", $id = null)
{
html_draw_top(array('title' => gettext('Error')));
html_display_msg(gettext("Error"), $message, $href, $method, $buttons, $vars, $target, $align, $id);
html_draw_bottom();
exit;
}
function admin_check_credentials()
{
$webtag = get_webtag();
if (($admin_timeout = session::get_value('ADMIN_TIMEOUT')) && $admin_timeout > time()) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
}
if (isset($_POST['admin_logon']) && isset($_POST['admin_password'])) {
$admin_logon = $_POST['admin_logon'];
$admin_password = $_POST['admin_password'];
if (($admin_uid = user_logon($admin_logon, $admin_password)) && $admin_uid == session::get_value('UID')) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
} else {
html_display_error_msg(gettext("The username or password you supplied are not valid."), '500', 'center');
}
}
html_draw_top();
if (isset($error_message) && strlen(trim($error_message)) > 0) {
html_display_error_msg($error_message, '500', 'center');
}
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
html_display_warning_msg(gettext('To save any changes you must re-authenticate yourself'), '500', 'center');
} else {
html_display_warning_msg(gettext('To access the Admin area you must re-authenticate yourself'), '500', 'center');
}
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Please enter your password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('admin_logon', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('admin_password', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
