}
// Should we alert people on the admin mailing list that a new user has registered?
if ($panther_config['o_regs_report'] == '1') {
$info = array('message' => array('<username>' => $username, '<base_url>' => get_base_url(), '<profile_url>' => panther_link($panther_url['profile'], array($new_uid, $url_username)), '<admin_url>' => panther_link($panther_url['profile_admin'], array($new_uid))));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/new_user.tpl', $info);
$mailer->send($panther_config['o_mailing_list'], $mail_tpl['subject'], $mail_tpl['message']);
}
}
// Must the user verify the registration or do we log him/her in right now?
if ($panther_config['o_regs_verify'] == '1') {
$info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login'])));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info);
$mailer->send($email1, $mail_tpl['subject'], $mail_tpl['message']);
message(sprintf($lang_register['Reg email'], $panther_config['o_admin_email']), true);
}
panther_setcookie($new_uid, $login_key, time() + $panther_config['o_timeout_visit']);
redirect(panther_link($panther_url['index']), $lang_register['Reg complete']);
}
}
$page_title = array($panther_config['o_board_title'], $lang_register['Register']);
$required_fields = array('req_user' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['Email'], 'req_email2' => $lang_common['Email'] . ' 2');
$focus_element = array('register', 'req_user');
if (!empty($panther_robots)) {
$required_fields['answer'] = $lang_common['Robot title'];
}
($hook = get_extensions('register_before_header')) ? eval($hook) : null;
define('PANTHER_ACTIVE_PAGE', 'register');
require PANTHER_ROOT . 'header.php';
$timezone = isset($timezone) ? $timezone : $panther_config['o_default_timezone'];
$dst = isset($dst) ? $dst : $panther_config['o_default_dst'];
$email_setting = isset($email_setting) ? $email_setting : $panther_config['o_default_email_setting'];
if ($panther_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $panther_user['id']) {
header('Location: ' . panther_link($panther_url['index']));
exit;
}
confirm_referrer('login.php');
$data = array(':id' => $panther_user['id']);
// Remove user from "users online" list
$db->delete('online', 'user_id=:id', $data);
generate_login_key();
// Update last_visit (make sure there's something to update it with)
if (isset($panther_user['logged'])) {
$update = array('last_visit' => $panther_user['logged']);
$data = array(':id' => $panther_user['id']);
$db->update('users', $update, 'id=:id', $data);
}
panther_setcookie(1, panther_hash(uniqid(rand(), true)), time() + 31536000);
redirect(panther_link($panther_url['index']), $lang_login['Logout redirect']);
} else {
if ($action == 'forget') {
if (!$panther_user['is_guest']) {
header('Location: ' . panther_link($panther_url['index']));
exit;
}
if (isset($_POST['form_sent'])) {
confirm_referrer('login.php');
($hook = get_extensions('forget_password_before_validation')) ? eval($hook) : null;
// Start with a clean slate
$errors = array();
require PANTHER_ROOT . 'include/email.php';
// Validate the email address
$email = isset($_POST['req_email']) ? strtolower(panther_trim($_POST['req_email'])) : '';
if (!empty($cur_user['password'])) {
$old_password_hash = panther_hash($old_password . $cur_user['salt']);
if ($cur_user['password'] == $old_password_hash || $panther_user['is_admmod']) {
$authorized = true;
}
}
if (!$authorized) {
message($lang_profile['Wrong pass']);
}
$new_salt = random_pass(16);
$new_password_hash = panther_hash($new_password1 . $new_salt);
$update = array('password' => $new_password_hash, 'salt' => $new_salt);
$data = array(':id' => $id);
$db->update('users', $update, 'id=:id', $data);
if ($panther_user['id'] == $id) {
panther_setcookie($panther_user['id'], $new_password_hash, time() + $panther_config['o_timeout_visit']);
}
redirect(panther_link($panther_url['profile_essentials'], array($id)), $lang_profile['Pass updated redirect']);
}
$page_title = array($panther_config['o_board_title'], $lang_common['Profile'], $lang_profile['Change pass']);
$required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']);
$focus_element = array('change_pass', !$panther_user['is_admmod'] ? 'req_old_password' : 'req_new_password1');
define('PANTHER_ACTIVE_PAGE', 'profile');
require PANTHER_ROOT . 'header.php';
$tpl = load_template('change_password.tpl');
echo $tpl->render(array('lang_profile' => $lang_profile, 'lang_common' => $lang_common, 'csrf_token' => generate_csrf_token(), 'form_action' => panther_link($panther_url['change_password'], array($id)), 'panther_user' => $panther_user));
require PANTHER_ROOT . 'footer.php';
} else {
if ($action == 'change_email') {
// Make sure we are allowed to change this user's email
if ($panther_user['id'] != $id) {
function check_cookie(&$panther_user)
{
global $db, $panther_config;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$panther_config['o_cookie_name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$panther_config['o_cookie_name']], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (!panther_hash_equals(hash_hmac('sha512', $cookie['user_id'] . '|' . $cookie['expiration_time'], $panther_config['o_cookie_seed'] . '_cookie_hash'), $cookie['cookie_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
$data = array(':id' => $cookie['user_id']);
// Check if there's a user with the user ID and password hash from the cookie
$ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=:id', $data);
$panther_user = $ps->fetch();
// If user authorisation failed
if (!isset($panther_user['id']) || !panther_hash_equals(hash_hmac('sha512', $panther_user['login_key'], $panther_config['o_cookie_seed'] . '_password_hash'), $cookie['password_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $panther_config['o_timeout_visit'] ? $now + 1209600 : $now + $panther_config['o_timeout_visit'];
panther_setcookie($panther_user['id'], $panther_user['login_key'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PANTHER_ROOT . 'lang/' . $panther_user['language'])) {
$panther_user['language'] = $panther_config['o_default_lang'];
}
$style_root = ($panther_config['o_style_path'] != 'style' ? $panther_config['o_style_path'] : PANTHER_ROOT . $panther_config['o_style_path']) . '/';
// Set a default style if the user selected style no longer exists
if (!file_exists($style_root . $panther_user['style'] . '.css')) {
$panther_user['style'] = $panther_config['o_default_style'];
}
if (!$panther_user['disp_topics']) {
$panther_user['disp_topics'] = $panther_config['o_disp_topics_default'];
}
if (!$panther_user['disp_posts']) {
$panther_user['disp_posts'] = $panther_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PANTHER_QUIET_VISIT')) {
// Update the online list
if (!$panther_user['logged']) {
$panther_user['logged'] = $now;
$data = array(':id' => $panther_user['id'], ':ident' => $panther_user['username'], ':logged' => $panther_user['logged']);
// REPLACE INTO avoids a user having two rows in the online table
$db->run('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES (:id, :ident, :logged)', $data);
// Reset tracked topics
set_tracked_topics(null);
} else {
$data = array(':id' => $panther_user['id']);
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($panther_user['logged'] < $now - $panther_config['o_timeout_visit']) {
$update = array('last_visit' => $panther_user['logged']);
$db->update('users', $update, 'id=:id', $data);
$panther_user['last_visit'] = $panther_user['logged'];
}
$update = array('logged' => $now);
if ($panther_user['idle'] == '1') {
$update['idle'] = 0;
}
$db->update('online', $update, 'user_id=:id', $data);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$panther_config['o_cookie_name'] . '_track'])) {
forum_setcookie($panther_config['o_cookie_name'] . '_track', $_COOKIE[$panther_config['o_cookie_name'] . '_track'], $now + $panther_config['o_timeout_visit']);
}
}
} else {
if (!$panther_user['logged']) {
$panther_user['logged'] = $panther_user['last_visit'];
}
}
$panther_user['is_guest'] = false;
$panther_user['is_admmod'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1';
$panther_user['is_admin'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1' && $panther_user['g_admin'] == '1';
$panther_user['is_bot'] = false;
} else {
set_default_user();
}
}
