} if (empty($error)) { $result = mysql_query("SELECT user_name, user_email, logins, activate_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($id) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error()); if (mysql_num_rows($result) != 1) { $errors[] = true; } $data = mysql_fetch_array($result); mysql_free_result($result); } if (empty($error)) { if (trim($data['activate_code']) == '') { $error = true; } } if (empty($error)) { if (is_pw_correct($key, $data['activate_code'])) { @mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET activate_code = '' WHERE user_id=" . intval($id), $connid) or raise_error('database_error', mysql_error()); // E-mail notification to mods and admins: if ($data['logins'] == 0) { if ($settings['register_mode'] == 1) { $new_user_notif_txt = $lang['new_user_notif_txt_locked']; } else { $new_user_notif_txt = $lang['new_user_notif_txt']; } $new_user_notif_txt = str_replace("[name]", $data['user_name'], $new_user_notif_txt); $new_user_notif_txt = str_replace("[email]", $data['user_email'], $new_user_notif_txt); $new_user_notif_txt = str_replace("[user_link]", $settings['forum_address'] . "index.php?mode=user&show_user="******"SELECT user_name, user_email FROM " . $db_settings['userdata_table'] . " WHERE user_type>0 AND new_user_notification=1", $connid); if (!$admin_result) {
exit; } if (isset($_GET['activate'])) { mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, activate_code='' WHERE user_id=" . intval($_GET['activate']) . " LIMIT 1", $connid); header('Location: index.php?mode=admin&edit_user='******'activate'])); exit; } if (isset($_POST['reset_forum_confirmed']) || isset($_POST['uninstall_forum_confirmed'])) { if (empty($_POST['confirm_pw'])) { $errors[] = 'error_password_wrong'; } if (empty($errors)) { $pw_result = @mysql_query("SELECT user_pw FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($_SESSION[$settings['session_prefix'] . 'user_id']) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error()); $field = mysql_fetch_array($pw_result); mysql_free_result($pw_result); if (!is_pw_correct($_POST['confirm_pw'], $field['user_pw'])) { $errors[] = 'error_password_wrong'; } #if($field['user_pw'] != md5($_POST['confirm_pw'])) $errors[] = 'error_password_wrong'; } if (empty($errors)) { if (isset($_POST['reset_forum_confirmed'])) { if (empty($_POST['delete_postings']) && empty($_POST['delete_userdata'])) { $errors[] = 'error_no_selection_made'; } else { if (isset($_POST['delete_postings'])) { @mysql_query("TRUNCATE TABLE " . $db_settings['forum_table'], $connid) or raise_error('database_error', mysql_error()); @mysql_query("TRUNCATE TABLE " . $db_settings['entry_cache_table'], $connid) or raise_error('database_error', mysql_error()); } if (isset($_POST['delete_userdata'])) { @mysql_query("DELETE FROM " . $db_settings['userdata_table'] . " WHERE user_id != " . intval($_SESSION[$settings['session_prefix'] . 'user_id']), $connid) or raise_error('database_error', mysql_error());
header("Location: index.php?mode=login&login_message=mail_error"); exit; } } header("Location: index.php?mode=login&login_message=pwf_failed"); exit; break; case "activate": if (isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "") { $pwf_result = mysql_query("SELECT user_id, user_name, user_email, pwf_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = '" . intval($_GET["activate"]) . "'", $connid); if (!$pwf_result) { raise_error('database_error', mysql_error()); } $field = mysql_fetch_array($pwf_result); mysql_free_result($pwf_result); if ($field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'], $field['pwf_code'])) { // generate new password: if ($settings['min_pw_length'] < 8) { $pwl = 8; } else { $pwl = $settings['min_pw_length']; } $new_pw = random_string($pwl); $pw_hash = generate_pw_hash($new_pw); $update_result = mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, user_pw='" . mysql_real_escape_string($pw_hash) . "', pwf_code='' WHERE user_id='" . $field["user_id"] . "' LIMIT 1", $connid); // send new password: $smarty->config_load($settings['language_file'], 'emails'); $lang = $smarty->get_config_vars(); $lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']); $lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']); $lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'] . basename($_SERVER['PHP_SELF']) . "?mode=login&username="******"&userpw=" . $new_pw, $lang['new_pw_email_txt']);
/** * checks permission to edit a posting * * @return int : 0 = not authorized, 1 = edit period expired, 2 = locked, 3 = posting has replies, 4 = no replies */ function get_edit_authorization($id, $posting_user_id, $edit_key, $time, $locked) { global $settings, $db_settings, $connid; $authorization['edit'] = false; $authorization['delete'] = false; $reply_result = mysql_query("SELECT COUNT(*) FROM " . $db_settings['forum_table'] . " WHERE pid = " . intval($id), $connid); list($replies) = mysql_fetch_row($reply_result); #$authorization['replies'] = $replies; if ($settings['edit_min_time_period'] != 0 && time() - $settings['edit_min_time_period'] * 60 < $time) { $edit_min_time_period_expired = false; } else { $edit_min_time_period_expired = true; } if ($settings['edit_max_time_period'] == 0 || time() - $settings['edit_max_time_period'] * 60 < $time) { $edit_max_time_period_expired = false; } else { $edit_max_time_period_expired = true; } if ($locked == 0) { $locked = false; } else { $locked = true; } if (isset($_SESSION[$settings['session_prefix'] . 'user_id']) && isset($_SESSION[$settings['session_prefix'] . 'user_type'])) { if ($_SESSION[$settings['session_prefix'] . 'user_type'] > 0) { $authorization['edit'] = true; $authorization['delete'] = true; } elseif ($_SESSION[$settings['session_prefix'] . 'user_type'] == 0) { if ($posting_user_id == $_SESSION[$settings['session_prefix'] . 'user_id'] && $settings['user_edit'] > 0 && $edit_max_time_period_expired == false && $locked == false) { if ($settings['user_edit_if_no_replies'] == 0 || $settings['user_edit_if_no_replies'] == 1 && ($replies == 0 || $edit_min_time_period_expired == false)) { $authorization['edit'] = true; } if ($replies == 0) { $authorization['delete'] = true; } } } } elseif ($settings['user_edit'] > 1 && isset($_SESSION[$settings['session_prefix'] . 'edit_keys'])) { if (isset($_SESSION[$settings['session_prefix'] . 'edit_keys'][$id]) && is_pw_correct($_SESSION[$settings['session_prefix'] . 'edit_keys'][$id], $edit_key) && trim($edit_key) != '' && $edit_max_time_period_expired == false && $locked == false) { if ($settings['user_edit_if_no_replies'] == 0 || $settings['user_edit_if_no_replies'] == 1 && ($replies == 0 || $edit_min_time_period_expired == false)) { $authorization['edit'] = true; } if ($replies == 0) { $authorization['delete'] = true; } } } return $authorization; }
$errors[] = 'error_form_uncompl'; } if (empty($errors)) { if ($new_email != $new_email_confirm) { $errors[] = 'error_email_confirmation'; } if (my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) { $errors[] = 'error_email_too_long'; } if ($new_email == $data['user_email']) { $errors[] = 'error_identic_email'; } if (!preg_match(EMAIL_PATTERN, $new_email)) { $errors[] = 'error_email_invalid'; } if (!is_pw_correct($pw_new_email, $data['user_pw'])) { $errors[] = 'pw_wrong'; } } if (empty($errors)) { $smarty->config_load($settings['language_file'], 'emails'); $lang = $smarty->get_config_vars(); $activate_code = random_string(32); $activate_code_hash = generate_pw_hash($activate_code); // send mail with activation key: $lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']); $lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address'] . "index.php?mode=register&id=" . $data['user_id'] . "&key=" . $activate_code, $lang['edit_address_email_txt']); $lang['edit_address_email_txt'] = stripslashes($lang['edit_address_email_txt']); $new_user_mailto = my_mb_encode_mimeheader($data['user_name'], CHARSET, "Q") . " <" . $new_email . ">"; if (!my_mail($new_user_mailto, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) { $errors[] = 'error_mailserver';
} } if (empty($errors)) { header('location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users'); exit; } } elseif ($_SESSION[$settings['session_prefix'] . 'user_type'] == 0) { if (empty($_POST['old_pw']) || empty($_POST['new_pw']) || empty($_POST['new_pw_r'])) { $errors[] = 'error_form_uncomplete'; } if (empty($errors)) { $dbr = Database::$userdata->prepare("SELECT pw FROM " . Database::$db_settings['userdata_table'] . " WHERE id=:id LIMIT 1"); $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT); $dbr->execute(); $data = $dbr->fetch(); if (!is_pw_correct($_POST['old_pw'], $data['pw'])) { $errors[] = 'error_pw_wrong'; } if ($_POST['new_pw'] !== $_POST['new_pw_r']) { $errors[] = 'error_pw_doesnt_comply'; } } if (empty($errors)) { $pw_hash = generate_pw_hash($_POST['new_pw']); $dbr = Database::$userdata->prepare("UPDATE " . Database::$db_settings['userdata_table'] . " SET pw=:pw WHERE id=:id"); $dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR); $dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT); $dbr->execute(); } if (empty($errors)) { header('Location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users&edit=' . $_SESSION[$settings['session_prefix'] . 'user_id'] . '&saved=true');
exit; } if (isset($_SESSION[$settings['session_prefix'] . 'user_id']) && empty($action)) { session_destroy(); header("Location: ../"); } elseif (empty($_SESSION[$settings['session_prefix'] . 'user_id']) && isset($_POST['username']) && isset($_POST['userpw'])) { $username = $_POST['username']; $userpw = $_POST['userpw']; if (isset($_POST['username']) && trim($_POST['username']) != '' && isset($_POST['userpw']) && trim($_POST['userpw']) != '') { $dbr = Database::$userdata->prepare('SELECT id, name, pw, type, wysiwyg FROM ' . Database::$db_settings['userdata_table'] . ' WHERE lower(name)=lower(:name) LIMIT 1'); #$dbr->bindValue(':name',mb_strtolower($_POST['username'],CHARSET), PDO::PARAM_STR); $dbr->bindValue(':name', $_POST['username'], PDO::PARAM_STR); $dbr->execute(); $row = $dbr->fetch(); if (isset($row['id'])) { if (is_pw_correct($_POST['userpw'], $row['pw'])) { $_SESSION[$settings['session_prefix'] . 'user_id'] = $row['id']; $_SESSION[$settings['session_prefix'] . 'user_name'] = $row['name']; $_SESSION[$settings['session_prefix'] . 'user_type'] = $row['type']; $_SESSION[$settings['session_prefix'] . 'wysiwyg'] = $row['wysiwyg']; $dbr = Database::$userdata->prepare('UPDATE ' . Database::$db_settings['userdata_table'] . ' SET last_login=:now WHERE id=:id'); $dbr->bindValue(':now', time(), PDO::PARAM_INT); $dbr->bindValue(':id', $row['id'], PDO::PARAM_INT); $dbr->execute(); header('Location: ../'); exit; } else { $login_failed = true; } } else { $login_failed = true;