function check_cookie(&$pun_user)
{
global $db, $pun_config, $cookie_name, $cookie_seed;
$now = time();
$expire = $now + 31536000;
// The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
if (isset($_COOKIE[$cookie_name])) {
list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
}
if ($cookie['user_id'] > 1) {
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
pun_setcookie(0, random_pass(8), $expire);
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!(@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css') || defined('PUN_STYLE_DIR') && defined('PUN_STYLE_PATH') && @file_exists(PUN_STYLE_DIR . $pun_user['style'] . '.css'))) {
trigger_error('resetting');
$pun_user['style'] = $pun_config['o_default_style'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
if ($pun_user['save_pass'] == '0') {
$expire = 0;
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $now . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
} else {
set_default_user();
}
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $panther_user;
$field = is_int($user) ? 'u.id' : 'u.username';
$ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE ' . $field . '=?', array($user));
// Check if there's a user matching $user and $password
$panther_user = $ps->fetch();
if (!isset($panther_user['id']) || $password_is_hash && !panther_hash_equals($password, $panther_user['password']) || !$password_is_hash && !panther_hash_equals($password, $panther_user['password'])) {
set_default_user();
} else {
$panther_user['is_guest'] = false;
}
}
function check_cookie()
{
global $cookie_name, $cookie_seed;
// Get Slim current session
$feather = \Slim\Slim::getInstance();
$now = time();
// Get FeatherBB cookie
$cookie_raw = $feather->getCookie($cookie_name);
// Check if cookie exists and is valid (getCookie method returns false if the data has been tampered locally so it can't decrypt the cookie);
if (isset($cookie_raw)) {
$cookie = json_decode($cookie_raw, true);
$checksum = hash_hmac('sha1', $cookie['user_id'] . $cookie['expires'], $cookie_seed . '_checksum');
// If cookie has a non-guest user, hasn't expired and is legit
if ($cookie['user_id'] > 1 && $cookie['expires'] > $now && $checksum == $cookie['checksum']) {
// Get user info from db
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$where_check_cookie = array('u.id' => intval($cookie['user_id']));
$result = \DB::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o')->where($where_check_cookie)->find_result_set();
foreach ($result as $feather->user) {
}
// Another security check, to prevent identity fraud by changing the user id in the cookie) (might be useless considering the strength of encryption)
if (isset($feather->user->id) && hash_hmac('sha1', $feather->user->password, $cookie_seed . '_password_hash') === $cookie['password_hash']) {
$expires = $cookie['expires'] > $now + $feather->config['o_timeout_visit'] ? $now + 1209600 : $now + $feather->config['o_timeout_visit'];
$feather->user->is_guest = false;
$feather->user->is_admmod = $feather->user->g_id == FEATHER_ADMIN || $feather->user->g_moderator == '1';
feather_setcookie($feather->user->id, $feather->user->password, $expires);
set_preferences();
return true;
}
}
}
// If there is no cookie, or cookie is guest or expired, let's reconnect.
$expires = $now + 31536000;
// The cookie expires after a year
feather_setcookie(1, feather_hash(uniqid(rand(), true)), $expires);
return set_default_user();
}
function cookie_login(&$forum_user)
{
global $forum_db, $db_type, $forum_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $forum_time_formats, $forum_date_formats;
$now = time();
$expire = $now + 1209600;
// The cookie expires after 14 days
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'expiration_time' => 0, 'expire_hash' => 'Guest');
$return = ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// If a cookie is set, we get the user_id and password hash from it
if (!empty($_COOKIE[$cookie_name])) {
$cookie_data = explode('|', base64_decode($_COOKIE[$cookie_name]));
if (!empty($cookie_data) && count($cookie_data) == 4) {
list($cookie['user_id'], $cookie['password_hash'], $cookie['expiration_time'], $cookie['expire_hash']) = $cookie_data;
}
}
($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null;
// If this a cookie for a logged in user and it shouldn't have already expired
if (intval($cookie['user_id']) > 1 && intval($cookie['expiration_time']) > $now) {
authenticate_user(intval($cookie['user_id']), $cookie['password_hash'], true);
// We now validate the cookie hash
if ($cookie['expire_hash'] !== sha1($forum_user['salt'] . $forum_user['password'] . forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))) {
set_default_user();
}
// If we got back the default user, the login failed
if ($forum_user['id'] == '1') {
forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire);
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = intval($cookie['expiration_time']) > $now + $forum_config['o_timeout_visit'] ? $now + 1209600 : $now + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($forum_user['id'] . '|' . $forum_user['password'] . '|' . $expire . '|' . sha1($forum_user['salt'] . $forum_user['password'] . forum_hash($expire, $forum_user['salt']))), $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/common.php')) {
$forum_user['language'] = $forum_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(FORUM_ROOT . 'style/' . $forum_user['style'] . '/' . $forum_user['style'] . '.php')) {
$forum_user['style'] = $forum_config['o_default_style'];
}
if (!$forum_user['disp_topics']) {
$forum_user['disp_topics'] = $forum_config['o_disp_topics_default'];
}
if (!$forum_user['disp_posts']) {
$forum_user['disp_posts'] = $forum_config['o_disp_posts_default'];
}
// Check user has a valid date and time format
if (!isset($forum_time_formats[$forum_user['time_format']])) {
$forum_user['time_format'] = 0;
}
if (!isset($forum_date_formats[$forum_user['date_format']])) {
$forum_user['date_format'] = 0;
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('FORUM_QUIET_VISIT')) {
// Update the online list
if (!$forum_user['logged']) {
$forum_user['logged'] = $now;
$forum_user['csrf_token'] = random_key(40, false, true);
$forum_user['prev_url'] = get_current_url(255);
// REPLACE INTO avoids a user having two rows in the online table
$query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => $forum_user['id'] . ', \'' . $forum_db->escape($forum_user['username']) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=' . $forum_user['id']);
if ($forum_user['prev_url'] != null) {
$query['REPLACE'] .= ', prev_url';
$query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\'';
}
($hook = get_hook('fn_cookie_login_qr_add_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($forum_user['logged'] < $now - $forum_config['o_timeout_visit']) {
$query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']);
($hook = get_hook('fn_cookie_login_qr_update_user_visit')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$forum_user['last_visit'] = $forum_user['logged'];
}
// Now update the logged time and save the current URL in the online list
$query = array('UPDATE' => 'online', 'SET' => 'logged=' . $now, 'WHERE' => 'user_id=' . $forum_user['id']);
$current_url = get_current_url(255);
if ($current_url != null) {
$query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\'';
}
if ($forum_user['idle'] == '1') {
$query['SET'] .= ', idle=0';
}
($hook = get_hook('fn_cookie_login_qr_update_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $forum_config['o_timeout_visit']);
}
}
}
$forum_user['is_guest'] = false;
$forum_user['is_admmod'] = $forum_user['g_id'] == FORUM_ADMIN || $forum_user['g_moderator'] == '1';
} else {
set_default_user();
}
($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null;
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $pun_user;
// Check if there's a user matching $user and $password
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE ' . (is_int($user) ? 'u.id=' . intval($user) : 'u.username=\'' . $db->escape($user) . '\'')) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
$is_password_authorized = pun_hash_equals($password, $pun_user['password']);
$is_hash_authorized = pun_hash_equals(pun_hash($password), $pun_user['password']);
if (!isset($pun_user['id']) || ($password_is_hash && !$is_password_authorized || !$password_is_hash && !$is_hash_authorized)) {
set_default_user();
} else {
$pun_user['is_guest'] = false;
}
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $feather;
// Check if there's a user matching $user and $password
$select_check_cookie = array('u.*', 'g.*', 'o.logged', 'o.idle');
$result = ORM::for_table('users')->table_alias('u')->select_many($select_check_cookie)->inner_join('groups', array('u.group_id', '=', 'g.g_id'), 'g')->left_outer_join('online', array('o.user_id', '=', 'u.id'), 'o');
if (is_int($user)) {
$result = $result->where('u.id', intval($user));
} else {
$result = $result->where('u.username', $user);
}
$result = $result->find_result_set();
foreach ($result as $feather->user) {
}
if (!isset($feather->user->id) || $password_is_hash && $password != $feather->user->password || !$password_is_hash && feather_hash($password) != $feather->user->password) {
set_default_user();
} else {
$feather->user->is_guest = false;
}
}
function check_cookie(&$pun_user)
{
global $db, $pun_config, $cookie_name, $cookie_seed;
$expire = time() + 31536000;
// The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
/*
if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\d+:"(\d+)";i:1;s:\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches)) {
list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
}
*/
if (isset($_COOKIE[$cookie_name])) {
list($cookie['user_id'], $cookie['password_hash']) = unserialize($_COOKIE[$cookie_name]);
}
if ($cookie['user_id'] > 1) {
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('
SELECT u.*, g.*, o.logged, o.idle
FROM ' . $db->prefix . 'users AS u
INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id
LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id
WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
pun_setcookie(1, md5(uniqid(mt_rand(), true)), $expire);
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
$pun_user['style'] = $pun_config['o_default_style'];
}
// Set a default style if the user selected style no longer exists
// if (!@file_exists(PUN_ROOT . 'style_wap/' . $pun_user['style_wap'] . '.css')) {
// $pun_user['style_wap'] = $pun_config['o_default_style_wap'];
// }
if (!@is_file(PUN_ROOT . '/include/template/wap/' . $pun_user['style_wap'] . '/style.css')) {
$pun_user['style_wap'] = $pun_config['o_default_style_wap'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$pun_user['logged'] = $_SERVER['REQUEST_TIME'];
$db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $_SERVER['REQUEST_TIME'] - $pun_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = $pun_user['idle'] == 1 ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $_SERVER['REQUEST_TIME'] . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
} else {
set_default_user();
}
}
function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $pun_user;
// Check if there's a user matching $user and $password
$query = $db->select(array('users' => 'u.*', 'group' => 'g.*', 'logged' => 'o.logged', 'idle' => 'o.idle'), 'users AS u');
$query->innerJoin('g', 'groups AS g', 'g.g_id = u.group_id');
$query->leftJoin('o', 'online AS o', 'o.user_id = u.id');
$params = array();
if (is_int($user)) {
$query->where = 'u.id = :user_id';
$params[':user_id'] = $user;
} else {
$query->where = 'u.username = :username';
$params[':username'] = $user;
}
$result = $query->run($params);
if (empty($result)) {
set_default_user();
return;
}
$pun_user = $result[0];
unset($result, $query, $params);
if ($password_is_hash && $password != $pun_user['password'] || !$password_is_hash && pun_hash($password) != $pun_user['password']) {
set_default_user();
} else {
$pun_user['is_guest'] = false;
}
}
function check_cookie(&$pun_user)
{
global $db, $db_type, $pun_config, $cookie_name, $cookie_seed;
$now = time();
$expire = $now + 31536000;
// The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest');
// If a cookie is set, we get the user_id and password hash from it
// security fix from http://punbb.informer.com/trac/changeset/1663
// if (isset($_COOKIE[$cookie_name]))
if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\\d+:"(\\d+)";i:1;s:\\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches)) {
list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
}
// list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
if ($cookie['user_id'] > 1) {
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle, COUNT(pm.id) AS total_pm FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id LEFT JOIN ' . $db->prefix . 'messages AS pm ON pm.owner=u.id WHERE u.id=' . intval($cookie['user_id']) . ' GROUP BY u.id') or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
//$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM '.$db->prefix.'users AS u INNER JOIN '.$db->prefix.'groups AS g ON u.group_id=g.g_id LEFT JOIN '.$db->prefix.'online AS o ON o.user_id=u.id WHERE u.id='.intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error()); //before private messaging
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
pun_setcookie(1, md5(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
$pun_user['style'] = $pun_config['o_default_style'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
if ($pun_user['save_pass'] == '0') {
$expire = 0;
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$pun_user['logged'] = $now;
// With MySQL/MySQLi, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type) {
case 'mysql':
case 'mysqli':
$db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $pun_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
} else {
set_default_user();
}
}
function check_cookie(&$panther_user)
{
global $db, $panther_config;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$panther_config['o_cookie_name']]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$panther_config['o_cookie_name']], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (!panther_hash_equals(hash_hmac('sha512', $cookie['user_id'] . '|' . $cookie['expiration_time'], $panther_config['o_cookie_seed'] . '_cookie_hash'), $cookie['cookie_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
$data = array(':id' => $cookie['user_id']);
// Check if there's a user with the user ID and password hash from the cookie
$ps = $db->run('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=:id', $data);
$panther_user = $ps->fetch();
// If user authorisation failed
if (!isset($panther_user['id']) || !panther_hash_equals(hash_hmac('sha512', $panther_user['login_key'], $panther_config['o_cookie_seed'] . '_password_hash'), $cookie['password_hash'])) {
$expire = $now + 31536000;
// The cookie expires after a year
panther_setcookie(1, panther_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $panther_config['o_timeout_visit'] ? $now + 1209600 : $now + $panther_config['o_timeout_visit'];
panther_setcookie($panther_user['id'], $panther_user['login_key'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(PANTHER_ROOT . 'lang/' . $panther_user['language'])) {
$panther_user['language'] = $panther_config['o_default_lang'];
}
$style_root = ($panther_config['o_style_path'] != 'style' ? $panther_config['o_style_path'] : PANTHER_ROOT . $panther_config['o_style_path']) . '/';
// Set a default style if the user selected style no longer exists
if (!file_exists($style_root . $panther_user['style'] . '.css')) {
$panther_user['style'] = $panther_config['o_default_style'];
}
if (!$panther_user['disp_topics']) {
$panther_user['disp_topics'] = $panther_config['o_disp_topics_default'];
}
if (!$panther_user['disp_posts']) {
$panther_user['disp_posts'] = $panther_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PANTHER_QUIET_VISIT')) {
// Update the online list
if (!$panther_user['logged']) {
$panther_user['logged'] = $now;
$data = array(':id' => $panther_user['id'], ':ident' => $panther_user['username'], ':logged' => $panther_user['logged']);
// REPLACE INTO avoids a user having two rows in the online table
$db->run('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES (:id, :ident, :logged)', $data);
// Reset tracked topics
set_tracked_topics(null);
} else {
$data = array(':id' => $panther_user['id']);
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($panther_user['logged'] < $now - $panther_config['o_timeout_visit']) {
$update = array('last_visit' => $panther_user['logged']);
$db->update('users', $update, 'id=:id', $data);
$panther_user['last_visit'] = $panther_user['logged'];
}
$update = array('logged' => $now);
if ($panther_user['idle'] == '1') {
$update['idle'] = 0;
}
$db->update('online', $update, 'user_id=:id', $data);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$panther_config['o_cookie_name'] . '_track'])) {
forum_setcookie($panther_config['o_cookie_name'] . '_track', $_COOKIE[$panther_config['o_cookie_name'] . '_track'], $now + $panther_config['o_timeout_visit']);
}
}
} else {
if (!$panther_user['logged']) {
$panther_user['logged'] = $panther_user['last_visit'];
}
}
$panther_user['is_guest'] = false;
$panther_user['is_admmod'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1';
$panther_user['is_admin'] = $panther_user['g_id'] == PANTHER_ADMIN || $panther_user['g_moderator'] == '1' && $panther_user['g_admin'] == '1';
$panther_user['is_bot'] = false;
} else {
set_default_user();
}
}
function check_cookie(&$pun_user)
{
# hacked to change interface language without a logged user
global $db, $pun_config, $cookie_name, $cookie_path, $cookie_seed, $tmplang;
$now = time();
$expire = $now + 31536000;
// The cookie expires after a year
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Invité');
// If a cookie is set, we get the user_id and password hash from it
if (isset($_COOKIE[$cookie_name])) {
list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
}
if (isset($_COOKIE[$cookie_name]) && preg_match('/a:2:{i:0;s:\\d+:"(\\d+)";i:1;s:\\d+:"([0-9a-f]+)";}/', $_COOKIE[$cookie_name], $matches)) {
list(, $cookie['user_id'], $cookie['password_hash']) = $matches;
}
if (isset($_GET['language'])) {
$tmplang = $_GET['language'];
} elseif (isset($_COOKIE['language'])) {
$tmplang = $_COOKIE['language'];
} else {
$tmplang = "French";
}
if ($cookie['user_id'] > 1) {
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Impossible de retrouver les informations utilisateur', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($pun_user['id']) || md5($cookie_seed . $pun_user['password']) !== $cookie['password_hash']) {
pun_setcookie(0, random_pass(8), $expire);
set_default_user();
return;
}
// Set a default language if the user selected language no longer exists
if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!@file_exists(PUN_ROOT . 'style/' . $pun_user['style'] . '.css')) {
$pun_user['style'] = $pun_config['o_default_style'];
}
if (!$pun_user['disp_topics']) {
$pun_user['disp_topics'] = $pun_config['o_disp_topics_default'];
}
if (!$pun_user['disp_posts']) {
$pun_user['disp_posts'] = $pun_config['o_disp_posts_default'];
}
if ($pun_user['save_pass'] == '0') {
$expire = 0;
}
if ($pun_user['read_topics']) {
$pun_user['read_topics'] = unserialize($pun_user['read_topics']);
} else {
$pun_user['read_topics'] = array();
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('PUN_QUIET_VISIT')) {
// Update the online list
if (!$pun_user['logged']) {
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $pun_user['id'] . ', \'' . $db->escape($pun_user['username']) . '\', ' . $now . ' FROM ' . $db->prefix . 'users WHERE id = ' . $pun_user['id'] . ' AND NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id = ' . $pun_user['id'] . ')') or error('Impossible d\'insérer un élément dans la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error());
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($pun_user['logged'] < $now - $pun_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ', read_topics=NULL WHERE id=' . $pun_user['id']) or error('Impossible de mettre à jour les données de visite de l\'utilisateur', __FILE__, __LINE__, $db->error());
$pun_user['last_visit'] = $pun_user['logged'];
}
$idle_sql = $pun_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $pun_user['id']) or error('Impossible de mettre à jour la liste des utilisateurs en ligne', __FILE__, __LINE__, $db->error());
}
}
$pun_user['is_guest'] = false;
} else {
set_default_user();
if (!@file_exists(PUN_ROOT . 'lang/' . $pun_user['language'])) {
$pun_user['language'] = $pun_config['o_default_lang'];
}
if ($pun_user['read_topics']) {
$pun_user['read_topics'] = array();
}
}
}