/**
* Create admin account
*
* @access public
* @return @e void
*/
public static function createAdminAccount()
{
/* Build Entry */
$_mke_time = ipsRegistry::$settings['login_key_expire'] ? time() + intval(ipsRegistry::$settings['login_key_expire']) * 86400 : 0;
$salt = IPSMember::generatePasswordSalt(5);
$passhash = IPSMember::generateCompiledPasshash($salt, md5(IPSSetUp::getSavedData('admin_pass')));
$_dname = IPSSetUp::getSavedData('admin_user');
$member = array('name' => $_dname, 'members_l_username' => strtolower($_dname), 'members_display_name' => $_dname, 'members_l_display_name' => strtolower($_dname), 'members_seo_name' => IPSText::makeSeoTitle($_dname), 'member_login_key' => IPSMember::generateAutoLoginKey(), 'member_login_key_expire' => $_mke_time, 'title' => 'Administrator', 'email' => IPSSetUp::getSavedData('admin_email'), 'member_group_id' => 4, 'posts' => 1, 'joined' => time(), 'last_visit' => time(), 'last_activity' => time(), 'ip_address' => my_getenv('REMOTE_ADDR'), 'view_sigs' => 1, 'restrict_post' => 0, 'msg_show_notification' => 1, 'msg_count_total' => 0, 'msg_count_new' => 0, 'coppa_user' => 0, 'language' => IPSLib::getDefaultLanguage(), 'members_auto_dst' => 1, 'member_uploader' => 'flash', 'allow_admin_mails' => 0, 'members_pass_hash' => $passhash, 'members_pass_salt' => $salt, 'has_blog' => '', 'fb_token' => '', 'ignored_users' => '', 'members_cache' => '', 'failed_logins' => '', 'bday_day' => 0, 'bday_month' => 0, 'bday_year' => 0);
/* Insert: MEMBERS */
ipsRegistry::DB()->setDataType(array('name', 'members_display_name', 'members_l_username', 'members_l_display_name'), 'string');
ipsRegistry::DB()->insert('members', $member);
$member_id = ipsRegistry::DB()->getInsertId();
$member['member_id'] = $member_id;
/* Insert into the custom profile fields DB */
ipsRegistry::DB()->insert('pfields_content', array('member_id' => $member_id));
/* Insert into pp */
ipsRegistry::DB()->insert('profile_portal', array('pp_member_id' => $member_id, 'pp_setting_count_friends' => 1, 'signature' => '', 'pconversation_filters' => '', 'pp_setting_count_comments' => 1, 'pp_setting_count_visitors' => 1));
}
/**
* Validates a lost password request
*
* @return @e void
*/
public function lostPasswordValidate()
{
/* Check for input and it's in a valid format. */
$in_user_id = intval(trim(urldecode($this->request['uid'])));
$in_validate_key = IPSText::md5Clean(trim(urldecode($this->request['aid'])));
/* Check Input */
if (!$in_validate_key) {
$this->registry->output->showError('validation_key_incorrect', 1015);
}
if (!preg_match('/^(?:\\d){1,}$/', $in_user_id)) {
$this->registry->output->showError('uid_key_incorrect', 1016);
}
/* Attempt to get the profile of the requesting user */
$member = IPSMember::load($in_user_id);
if (!$member['member_id']) {
$this->registry->output->showError('lostpass_no_member', 1017);
}
/* Get validating info.. */
$validate = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => 'member_id=' . $in_user_id . ' and lost_pass=1'));
if (!$validate['member_id']) {
$this->registry->output->showError('lostpass_not_validating', 1018);
}
if ($validate['new_reg'] == 1 && $this->settings['reg_auth_type'] == "admin") {
$this->registry->output->showError('lostpass_new_reg', 4010, true);
}
if ($validate['vid'] != $in_validate_key) {
$this->registry->output->showError('lostpass_key_wrong', 1019);
} else {
/* On the same page? */
if ($validate['lost_pass'] != 1) {
$this->registry->output->showError('lostpass_not_lostpass', 4011, true);
}
/* Send a new random password? */
if ($this->settings['lp_method'] == 'random') {
//-----------------------------------------
// INIT
//-----------------------------------------
$save_array = array();
//-----------------------------------------
// Generate a new random password
//-----------------------------------------
$new_pass = IPSMember::makePassword();
//-----------------------------------------
// Generate a new salt
//-----------------------------------------
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
//-----------------------------------------
// New log in key
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
//-----------------------------------------
// Update...
//-----------------------------------------
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . md5($new_pass));
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
$save_array['failed_logins'] = null;
$save_array['failed_login_count'] = 0;
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email'], md5($new_pass), $new_pass, $member);
//if ( $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' )
//{
// $this->registry->output->showError( $this->lang->words['lostpass_external_fail'], 2013 );
//}
IPSMember::save($member['member_id'], array('members' => $save_array));
/* Password has been changed! */
IPSLib::runMemberSync('onPassChange', $member['member_id'], $new_pass);
//-----------------------------------------
// Send out the email...
//-----------------------------------------
$message = array('NAME' => $member['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildUrl('app=core&module=usercp&tab=core&area=email', 'publicNoSession'), 'PASSWORD' => $new_pass, 'LOGIN' => $this->registry->getClass('output')->buildUrl('app=core&module=global§ion=login', 'publicNoSession'), 'USERNAME' => $member['name'], 'EMAIL' => $member['email'], 'ID' => $member['member_id']);
IPSText::getTextClass('email')->setPlainTextTemplate(IPSText::getTextClass('email')->getTemplate("lost_pass_email_pass", $member['language']));
IPSText::getTextClass('email')->buildPlainTextContent($message);
IPSText::getTextClass('email')->buildHtmlContent($message);
IPSText::getTextClass('email')->subject = $this->lang->words['lp_random_pass_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->registry->output->setTitle($this->lang->words['activation_form'] . ' - ' . ipsRegistry::$settings['board_name']);
$this->output = $this->registry->getClass('output')->getTemplate('register')->showLostPassWaitRandom($member);
} else {
if ($_POST['pass1'] == "") {
$this->registry->output->showError('pass_blank', 10184);
}
if ($_POST['pass2'] == "") {
$this->registry->output->showError('pass_blank', 10185);
}
$pass_a = trim($this->request['pass1']);
$pass_b = trim($this->request['pass2']);
/*
There's no reason for this - http://community.invisionpower.com/resources/bugs.html/_/ip-board/registrations-limit-passwords-to-32-characters-for-no-apparent-reason-r37770
if( strlen( $pass_a ) < 3 )
{
$this->registry->output->showError( 'pass_too_short', 10186 );
}
*/
if ($pass_a != $pass_b) {
$this->registry->output->showError('pass_no_match', 10187);
}
$new_pass = md5($pass_a);
/* Update Member Array */
$save_array = array();
/* Generate a new salt */
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
/* New log in key */
$key = IPSMember::generateAutoLoginKey();
/* Update Array */
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . $new_pass);
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
$save_array['failed_logins'] = null;
$save_array['failed_login_count'] = 0;
/* Change the password */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email'], $new_pass, $pass_a, $member);
//-----------------------------------------
// We'll ignore any remote errors
//-----------------------------------------
/*if( $this->han_login->return_code != 'METHOD_NOT_DEFINED' AND $this->han_login->return_code != 'SUCCESS' )
{
// Pass not changed remotely
}*/
/* Update the member */
IPSMember::save($member['member_id'], array('members' => $save_array));
/* Password has been changed! */
IPSLib::runMemberSync('onPassChange', $member['member_id'], $pass_a);
/* Remove "dead" validation */
$this->DB->delete('validating', "vid='{$validate['vid']}' OR (member_id={$member['member_id']} AND lost_pass=1)");
$this->registry->output->silentRedirect($this->registry->getClass('output')->buildUrl('app=core&module=global§ion=login&do=autologin&frompass=1'));
}
}
}
/**
* Create new member
* Very basic functionality at this point.
*
* @access public
* @param array Fields to save in the following format: array( 'members' => array( 'email' => '*****@*****.**',
* 'joined' => time() ),
* 'extendedProfile' => array( 'signature' => 'My signature' ) );
* Tables: members, pfields_content, profile_portal.
* You can also use the aliases: 'core [members]', 'extendedProfile [profile_portal]', and 'customFields [pfields_content]'
* @param bool Flag to attempt to auto create a name if the desired is taken
* @param bool Bypass custom field saving (if using the sso session integration this is required as member object isn't ready yet)
* @return array Final member Data including member_id
*
* EXCEPTION CODES
* CUSTOM_FIELDS_EMPTY - Custom fields were not populated
* CUSTOM_FIELDS_INVALID - Custom fields were invalid
* CUSTOM_FIELDS_TOOBIG - Custom fields too big
*/
public static function create($tables = array(), $autoCreateName = FALSE, $bypassCfields = FALSE)
{
//-----------------------------------------
// INIT
//-----------------------------------------
$finalTables = array();
$password = '';
$bitWiseFields = ipsRegistry::fetchBitWiseOptions('global');
//-----------------------------------------
// Remap tables if required
//-----------------------------------------
foreach ($tables as $table => $data) {
$_name = isset(self::$remap[$table]) ? self::$remap[$table] : $table;
if ($_name == 'members') {
/* Magic password field */
$password = isset($data['password']) ? trim($data['password']) : IPSLib::makePassword();
$md_5_password = md5($password);
unset($data['password']);
}
$finalTables[$_name] = $data;
}
//-----------------------------------------
// Custom profile field stuff
//-----------------------------------------
if (!$bypassCfields) {
require_once IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php';
$fields = new customProfileFields();
if (is_array($finalTables['pfields_content']) and count($finalTables['pfields_content'])) {
$fields->member_data = $finalTables['pfields_content'];
}
$_cfieldMode = 'normal';
$fields->initData('edit');
$fields->parseToSave($finalTables['pfields_content'], 'register');
/* Check */
if (count($fields->error_fields['empty'])) {
//throw new Exception( 'CUSTOM_FIELDS_EMPTY' );
}
if (count($fields->error_fields['invalid'])) {
//throw new Exception( 'CUSTOM_FIELDS_INVALID' );
}
if (count($fields->error_fields['toobig'])) {
//throw new Exception( 'CUSTOM_FIELDS_TOOBIG' );
}
}
//-----------------------------------------
// Make sure the account doesn't exist
//-----------------------------------------
if ($finalTables['members']['email']) {
$existing = IPSMember::load($finalTables['members']['email'], 'all');
if ($existing['member_id']) {
$existing['full'] = true;
$existing['timenow'] = time();
return $existing;
}
}
//-----------------------------------------
// Fix up usernames and display names
//-----------------------------------------
/* Ensure we have a display name */
$finalTables['members']['members_display_name'] = $finalTables['members']['members_display_name'] ? $finalTables['members']['members_display_name'] : $finalTables['members']['name'];
//-----------------------------------------
// Clean up characters
//-----------------------------------------
if ($finalTables['members']['name']) {
$userName = IPSMember::getFunction()->cleanAndCheckName($finalTables['members']['name'], array(), 'name');
if ($userName['errors']) {
$finalTables['members']['name'] = '';
} else {
$finalTables['members']['name'] = $userName['username'];
}
}
if ($finalTables['members']['members_display_name']) {
$displayName = IPSMember::getFunction()->cleanAndCheckName($finalTables['members']['members_display_name']);
if ($displayName['errors']) {
$finalTables['members']['members_display_name'] = '';
} else {
$finalTables['members']['members_display_name'] = $displayName['members_display_name'];
}
}
//-----------------------------------------
// Remove some basic HTML tags
//-----------------------------------------
$finalTables['members']['members_display_name'] = str_replace(array('<', '>', '"'), '', $finalTables['members']['members_display_name']);
$finalTables['members']['name'] = str_replace(array('<', '>', '"'), '', $finalTables['members']['name']);
//-----------------------------------------
// Make sure the names are unique
//-----------------------------------------
if ($finalTables['members']['members_display_name']) {
try {
if (IPSMember::getFunction()->checkNameExists($finalTables['members']['members_display_name'], array(), 'members_display_name', true) === true) {
if ($autoCreateName === TRUE) {
/* Now, make sure we have a unique display name */
$max = ipsRegistry::DB()->buildAndFetch(array('select' => 'MAX(member_id) as max', 'from' => 'members', 'where' => "members_l_display_name LIKE '" . $this->DB->addSlashes(strtolower($finalTables['members']['members_display_name'])) . "%'"));
if ($max['max']) {
$_num = $max['max'] + 1;
$finalTables['members']['members_display_name'] = $finalTables['members']['members_display_name'] . '_' . $_num;
}
} else {
$finalTables['members']['members_display_name'] = '';
}
}
} catch (Exception $e) {
}
}
if ($finalTables['members']['name']) {
try {
if (IPSMember::getFunction()->checkNameExists($finalTables['members']['name'], array(), 'name', true) === true) {
if ($autoCreateName === TRUE) {
/* Now, make sure we have a unique username */
$max = ipsRegistry::DB()->buildAndFetch(array('select' => 'MAX(member_id) as max', 'from' => 'members', 'where' => "members_l_username LIKE '" . $this->DB->addSlashes(strtolower($finalTables['members']['name'])) . "%'"));
if ($max['max']) {
$_num = $max['max'] + 1;
$finalTables['members']['name'] = $finalTables['members']['name'] . '_' . $_num;
}
} else {
$finalTables['members']['name'] = '';
}
}
} catch (Exception $e) {
}
}
//-----------------------------------------
// Populate member table(s)
//-----------------------------------------
$finalTables['members']['members_l_username'] = isset($finalTables['members']['name']) ? strtolower($finalTables['members']['name']) : '';
$finalTables['members']['joined'] = $finalTables['members']['joined'] ? $finalTables['members']['joined'] : time();
$finalTables['members']['email'] = $finalTables['members']['email'] ? $finalTables['members']['email'] : $finalTables['members']['name'] . '@' . $finalTables['members']['joined'];
$finalTables['members']['member_group_id'] = $finalTables['members']['member_group_id'] ? $finalTables['members']['member_group_id'] : ipsRegistry::$settings['member_group'];
$finalTables['members']['ip_address'] = $finalTables['members']['ip_address'] ? $finalTables['members']['ip_address'] : ipsRegistry::member()->ip_address;
$finalTables['members']['members_created_remote'] = intval($finalTables['members']['members_created_remote']);
$finalTables['members']['member_login_key'] = IPSMember::generateAutoLoginKey();
$finalTables['members']['member_login_key_expire'] = ipsRegistry::$settings['login_key_expire'] ? time() + intval(ipsRegistry::$settings['login_key_expire']) * 86400 : 0;
$finalTables['members']['view_sigs'] = 1;
$finalTables['members']['email_pm'] = 1;
$finalTables['members']['view_img'] = 1;
$finalTables['members']['view_avs'] = 1;
$finalTables['members']['restrict_post'] = intval($finalTables['members']['restrict_post']);
$finalTables['members']['view_pop'] = 1;
$finalTables['members']['msg_count_total'] = 0;
$finalTables['members']['msg_count_new'] = 0;
$finalTables['members']['msg_show_notification'] = 1;
$finalTables['members']['coppa_user'] = 0;
$finalTables['members']['auto_track'] = intval($finalTables['members']['auto_track']);
$finalTables['members']['last_visit'] = $finalTables['members']['last_visit'] ? $finalTables['members']['last_visit'] : time();
$finalTables['members']['last_activity'] = $finalTables['members']['last_activity'] ? $finalTables['members']['last_activity'] : time();
$finalTables['members']['language'] = IPSLib::getDefaultLanguage();
$finalTables['members']['members_editor_choice'] = ipsRegistry::$settings['ips_default_editor'];
$finalTables['members']['members_pass_salt'] = IPSMember::generatePasswordSalt(5);
$finalTables['members']['members_pass_hash'] = IPSMember::generateCompiledPasshash($finalTables['members']['members_pass_salt'], $md_5_password);
$finalTables['members']['members_display_name'] = isset($finalTables['members']['members_display_name']) ? $finalTables['members']['members_display_name'] : '';
$finalTables['members']['members_l_display_name'] = isset($finalTables['members']['members_display_name']) ? strtolower($finalTables['members']['members_display_name']) : '';
$finalTables['members']['fb_uid'] = isset($finalTables['members']['fb_uid']) ? $finalTables['members']['fb_uid'] : 0;
$finalTables['members']['fb_emailhash'] = isset($finalTables['members']['fb_emailhash']) ? strtolower($finalTables['members']['fb_emailhash']) : '';
$finalTables['members']['members_seo_name'] = IPSText::makeSeoTitle($finalTables['members']['members_display_name']);
$finalTables['members']['bw_is_spammer'] = intval($finalTables['members']['bw_is_spammer']);
//-----------------------------------------
// Insert: MEMBERS
//-----------------------------------------
ipsRegistry::DB()->force_data_type = array('name' => 'string', 'members_l_username' => 'string', 'members_display_name' => 'string', 'members_l_display_name' => 'string', 'members_seo_name' => 'string', 'email' => 'string');
/* Bitwise options */
if (is_array($bitWiseFields['members'])) {
$_freeze = array();
foreach ($bitWiseFields['members'] as $field) {
if (isset($finalTables['members'][$field])) {
/* Add to freezeable array */
$_freeze[$field] = $finalTables['members'][$field];
/* Remove it from the fields to save to DB */
unset($finalTables['members'][$field]);
}
}
if (count($_freeze)) {
$finalTables['members']['members_bitoptions'] = IPSBWOptions::freeze($_freeze, 'members', 'global');
}
}
ipsRegistry::DB()->insert('members', $finalTables['members']);
//-----------------------------------------
// Get the member id
//-----------------------------------------
$finalTables['members']['member_id'] = ipsRegistry::DB()->getInsertId();
//-----------------------------------------
// Insert: PROFILE PORTAL
//-----------------------------------------
$finalTables['profile_portal']['pp_member_id'] = $finalTables['members']['member_id'];
$finalTables['profile_portal']['pp_setting_count_friends'] = 1;
$finalTables['profile_portal']['pp_setting_count_comments'] = 1;
ipsRegistry::DB()->insert('profile_portal', $finalTables['profile_portal']);
//-----------------------------------------
// Insert into the custom profile fields DB
//-----------------------------------------
if (!$bypassCfields) {
$fields->out_fields['member_id'] = $finalTables['members']['member_id'];
ipsRegistry::DB()->delete('pfields_content', 'member_id=' . $finalTables['members']['member_id']);
ipsRegistry::DB()->insert('pfields_content', $fields->out_fields);
} else {
ipsRegistry::DB()->delete('pfields_content', 'member_id=' . $finalTables['members']['member_id']);
ipsRegistry::DB()->insert('pfields_content', array('member_id' => $finalTables['members']['member_id']));
}
//-----------------------------------------
// Insert into partial ID table
//-----------------------------------------
$full_account = false;
if ($finalTables['members']['members_display_name'] and $finalTables['members']['name'] and $finalTables['members']['email'] != $finalTables['members']['name'] . '@' . $finalTables['members']['joined']) {
$full_account = true;
}
if (!$full_account) {
ipsRegistry::DB()->insert('members_partial', array('partial_member_id' => $finalTables['members']['member_id'], 'partial_date' => $finalTables['members']['joined'], 'partial_email_ok' => $finalTables['members']['email'] == $finalTables['members']['name'] . '@' . $finalTables['members']['joined'] ? 0 : 1));
}
//IPSMember::updateSearchIndex( $finalTables['members']['member_id'] );
IPSLib::runMemberSync('onCreateAccount', $finalTables['members']);
return array_merge($finalTables['members'], $finalTables['profile_portal'], !$bypassCfields ? $fields->out_fields : array(), array('timenow' => $finalTables['members']['joined'], 'full' => $full_account));
}
/**
* Convert a member
*
* @access public
* @param array Basic data (id number, username, email, group, joined date, password)
* @param array Data to insert to members table
* @param array Data to insert to profile table
* @param array Data to insert to custom profile fields table
* @param string Path to avatars folder
* @param string Path to profile pictures folder
* @return boolean Success or fail
**/
public function convertMember($info, $members, $profile, $custom, $pic_path = '', $groupLink = TRUE)
{
//-----------------------------------------
// Make sure we have everything we need
//-----------------------------------------
if (!$info['id']) {
$this->logError($info['id'], 'No ID number provided');
return false;
}
if (!$info['username']) {
$this->logError($info['id'], 'No username provided');
return false;
}
if (!$info['email']) {
// See Tracker Report #28874 for reasons why this got changed.
$info['email'] = $info['id'] . '@' . time() . '.com';
//$info['email'] = rand(1, 100).'@'.time().'.com';
$this->logError($info['id'], 'No email address provided - member converted with ' . $info['email']);
}
// Check profile photo
if (!is_writeable($this->settings['upload_dir'] . '/profile')) {
$this->error($this->settings['upload_dir'] . '/profile is not writeable, cannot continue');
return false;
}
//-----------------------------------------
// Set some needed variables
//-----------------------------------------
$now = time();
$joined = $info['joined'] ? $info['joined'] : $now;
if ($info['md5pass']) {
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, $info['md5pass']);
} elseif ($info['plainpass']) {
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, md5($info['plainpass']));
} elseif ($info['pass_hash']) {
$salt = $info['pass_salt'];
$hash = $info['pass_hash'];
} elseif ($info['password'] !== NULL) {
$members['conv_password'] = $info['password'];
} else {
// give em a random pass, let's stop those posts by these users being lost and assigned to guests.
$randPass = IPSMember::makePassword();
$salt = IPSMember::generatePasswordSalt(5);
$hash = IPSMember::generateCompiledPasshash($salt, $randPass);
$this->logError($info['id'], 'No password provided. Member has still been converted with password: '******'email'], 'all');
if ($duplicateMember['member_id']) {
$this->logError($info['id'], "Duplicate member found. {$info['username']} has been merged with the account email {$duplicateMember['username']}");
$this->addLink($duplicateMember['member_id'], $info['id'], 'members');
$this->DB->update('conv_link', array('duplicate' => '1'), "type = 'members' AND app={$this->app['app_id']} AND foreign_id='{$info['id']}'");
if ($info['posts'] > 0) {
$this->DB->update('members', array('posts' => "posts+'{$info['posts']}'"), "member_id='{$duplicateMember['member_id']}'");
}
// we have a customavatar and the one we have on file does not match what we've been given, time to update it.
if ($profile['photo_type'] == 'custom' and $duplicateMember['pp_main_photo'] != $profile['pp_main_photo']) {
if ($profile['photo_data']) {
// open file for writing
if (!($handle = fopen($this->settings['upload_dir'] . '/profile/photo-' . $profile['pp_member_id'] . '.png', 'w'))) {
$this->logError($info['id'], 'Could not write to file.');
}
// Write image to our opened file.
if (fwrite($handle, $profile['photo_data']) === FALSE) {
$this->logError($info['id'], 'Could not write to file.');
}
// log it all into DB
$profile['pp_main_photo'] = 'profile/photo-' . $profile['pp_member_id'] . '.png';
}
}
return TRUE;
}
//-----------------------------------------
// Handle Names
//-----------------------------------------
// Apostrophe is an allowed character but needs converting
$info['username'] = str_replace("'", ''', $info['username']);
$info['username'] = str_replace("!", '!', $info['username']);
// as is an excalamation point.
$nameCheck = IPSMember::getFunction()->cleanAndCheckName($info['username'], array(), 'name');
// Check for illegal characters
if ($nameCheck['errors']['username'] == ipsRegistry::getClass('class_localization')->words['reg_error_chars']) {
// Illegal characters exist, clean them out with dashes
$nameCheckMap['disallowed'] = array("'", "\"", """, "<", ">", "\\", "\", "\$", "$", "]", "[", ",", "|");
$nameCheckMap['replace'] = array(''', '&#quot;', '&#quot;', '&#lt;', '&#gt;', '-', '-', '-', '-', '-', '-', '-', '-');
$nameCheck['members_display_name'] = str_replace($nameCheckMap['disallowed'], $nameCheckMap['replace'], $nameCheck['username']);
$this->logError($info['id'], "{$nameCheck['errors']['username']} with name {$info['username']}. Member has still been created but with username as {$nameCheck['username']}");
// Now check for duplicate username.
try {
if (IPSMember::getFunction()->checkNameExists($nameCheck['username'], array(), 'name', true, true)) {
$t = time();
$this->logError($info['id'], ipsRegistry::getClass('class_localization')->words['reg_error_username_taken'] . " with name {$nameCheck['username']}. Member has still been created but with username as {$nameCheck['username']}{$t}");
$nameCheck['username'] = $nameCheck['username'] . $t;
}
} catch (Exception $e) {
//-----------------------------------------
// Name exists, let's return appropriately
//-----------------------------------------
switch ($e->getMessage()) {
default:
$this->logError($info['id'], "Unexpected error with name: {$info['username']}. Member was skipped.");
return false;
}
}
} elseif ($nameCheck['errors']['username'] == 'reg_error_username_taken') {
$nameCheck['username'] = $nameCheck['username'] . time();
$this->logError($info['id'], "{$nameCheck['errors']['username']} with name: {$info['username']}. Member has still been created but with username as {$nameCheck['username']}");
}
$username = $displayname = $nameCheck['username'];
// Begin check and clean for display name if provided.
if (isset($info['displayname'])) {
// Apostrophe is an allowed character but needs converting
$info['displayname'] = str_replace("'", ''', $info['displayname']);
$displayname = NULL;
$nameCheck = IPSMember::getFunction()->cleanAndCheckName($info['displayname'], array(), 'members_display_name');
if ($nameCheck['errors']['dname'] == str_replace('{chars}', ipsRegistry::$settings['username_characters'], ipsRegistry::$settings['username_errormsg'])) {
$nameCheckMap['disallowed'] = array("'", "\"", """, "<", ">", "\\", "\", "\$", "$", "]", "[", ",", "|");
$nameCheckMap['replace'] = array(''', '&#quot;', '&#quot;', '&#lt;', '&#gt;', '-', '-', '-', '-', '-', '-', '-', '-');
$nameCheck['members_display_name'] = str_replace($nameCheckMap['disallowed'], $nameCheckMap['replace'], $nameCheck['members_display_name']);
$this->logError($info['id'], "{$nameCheck['errors']['dname']} with name: {$info['displayname']}. Member has still been created but with display name as {$nameCheck['members_display_name']}");
// Now check for duplicate display name.
try {
if (IPSMember::getFunction()->checkNameExists($nameCheck['members_display_name'], array(), 'members_display_name', true, true)) {
$t = time();
$this->logError($info['id'], ipsRegistry::getClass('class_localization')->words['reg_error_username_taken'] . " with name {$nameCheck['members_display_name']}. Member has still been created but with display name as {$nameCheck['members_display_name']}{$t}");
$nameCheck['members_display_name'] = $nameCheck['members_display_name'] . $t;
}
} catch (Exception $e) {
//-----------------------------------------
// Name exists, let's return appropriately
//-----------------------------------------
switch ($e->getMessage()) {
default:
$this->logError($info['id'], "Unexpected error with display name: {$info['displayname']}. Member was skipped.");
return false;
}
}
} elseif ($nameCheck['errors']['dname'] == 'reg_error_username_taken') {
$nameCheck['members_display_name'] = $nameCheck['members_display_name'] . time();
$this->logError($info['id'], "{$nameCheck['errors']['dname']} with name: {$info['displayname']}. Member has still been created but with display name as {$nameCheck['members_display_name']}");
}
$displayname = $nameCheck['members_display_name'];
}
// Check we have a path
if (!$this->settings['upload_dir']) {
$this->logError($info['id'], 'Your IP.Board uploads path has not been configured');
return false;
}
//-----------------------------------------
// Insert
//-----------------------------------------
$members['title'] = str_replace("'", ''', $members['title']);
//$members['member_id'] = $info['id'];
$members['name'] = $username;
$members['last_post'] = intval($members['last_post']);
if (empty($info['member_group_id'])) {
$members['member_group_id'] = $info['group'] ? $groupLink === TRUE ? $this->getLink($info['group'], 'groups') : $info['group'] : $this->settings['member_group'];
} else {
$members['member_group_id'] = $info['member_group_id'];
}
$members['email'] = $info['email'];
$members['joined'] = $joined;
$members['member_login_key'] = IPSMember::generateAutoLoginKey();
$members['member_login_key_expire'] = ipsRegistry::$settings['login_key_expire'] ? time() + intval(ipsRegistry::$settings['login_key_expire']) * 86400 : 0;
$members['members_display_name'] = $displayname;
$members['members_seo_name'] = IPSText::makeSeoTitle($displayname);
$members['members_l_display_name'] = IPSText::mbstrtolower($displayname);
$members['members_l_username'] = IPSText::mbstrtolower($username);
$members['members_pass_hash'] = $hash;
$members['members_pass_salt'] = $salt;
$members['posts'] = $members['posts'] ? $members['posts'] : 0;
$members['warn_level'] = (int) $members['warn_level'];
// Sort out secondary groups
if (!empty($info['secondary_groups'])) {
// explode so we can loop through for the getLink
$secondary_groups = explode(",", $info['secondary_groups']);
$_secondary = array();
if (!empty($secondary_groups)) {
foreach ($secondary_groups as $group) {
if (!empty($group)) {
$newGroup = $this->getLink($group, 'groups', true);
if ($newGroup) {
$_secondary[] = $newGroup;
}
}
/**else
{
$this->logError($info['id'] .' - '. $group, 'empty secondary group id');
}**/
}
}
$members['mgroup_others'] = implode(",", $_secondary);
}
// Sneaky hack with the comments and friends
if (!in_array('pp_setting_count_comments', $profile)) {
$profile['pp_setting_count_comments'] = 1;
}
if (!in_array('pp_setting_count_friends', $profile)) {
$profile['pp_setting_count_friends'] = 1;
}
// We better turn on allow_admin_mails if it isn't set
$members['allow_admin_mails'] = isset($members['allow_admin_mails']) ? $members['allow_admin_mails'] : 1;
// Fix up the birthday since STRICT complains..
$members['bday_day'] = intval($members['bday_day']);
$members['bday_month'] = intval($members['bday_month']);
$members['bday_year'] = intval($members['bday_year']);
// No idea why birthdays are messing up.., so I'll just hack this bit. - Alex
// #020372 tracker
if ($members['bday_year'] < 1900) {
// Don't think we can really be this old ya know.
$members['bday_day'] = 0;
$members['bday_month'] = 0;
$members['bday_year'] = 0;
}
// 3.1.3 dropped columns
unset($members['email_pm']);
// 3.2.0 Dropped columns
unset($members['hide_email']);
unset($members['view_avs']);
// 3.3.0 Dropped columns
unset($members['members_editor_choice']);
// First member?
if ($info['id'] != $this->memberData['member_id']) {
if ($this->usingExtendedInserts) {
// Add it to the extended insert array which runs on next()
$this->extendedInserts['members'][] = $this->DB->compileInsertString($members);
//$memberId = $members['member_id'];
$memberId = $info['id'];
} else {
//unset( $members['member_id'] );
$this->DB->insert('members', $members);
$memberId = $this->DB->getInsertId();
// Add a link
$this->addLink($memberId, $info['id'], 'members');
}
} else {
if ($this->usingExtendedInserts) {
// Unset important information to stop locking us out
$unset = array('member_id', 'members_pass_salt', 'members_pass_hash', 'name', 'members_l_username', 'members_display_name', 'members_l_display_name', 'members_seo_name', 'member_banned', 'conv_password', 'email', 'member_group_id');
foreach ($unset as $k) {
unset($members[$k]);
}
$this->DB->update('members', $members, "member_id=" . $this->memberData['member_id']);
$memberId = $this->memberData['member_id'];
$this->logError($memberId, "<strong><span style='size: 1.15em;'>{$username} has been merged with {$this->memberData['members_display_name']}. This is because you are logged in as {$this->memberData['members_display_name']} and due to both members sharing the same ID. You are not running the conversion in 'merge' mode and therefore you WILL have to manually update this members name, email address, AND member group.</span></strong><br /><ul><li>Username: {$username}</li><li>Email Address: {$info['email']}</li></ul>");
} else {
//unset( $members['member_id'] );
$this->DB->insert('members', $members);
$memberId = $this->DB->getInsertId();
// Add a link
$this->addLink($memberId, $info['id'], 'members');
}
}
// If user group is the auth group, add them to validating table.
if ($members['member_group_id'] == $this->settings['auth_group'] && ($this->settings['reg_auth_type'] == 'user' || $this->settings['reg_auth_type'] == 'admin' || $this->settings['reg_auth_type'] == 'admin_user')) {
//-----------------------------------------
// We want to validate all reg's via email,
// after email verificiation has taken place,
// we restore their previous group and remove the validate_key
//-----------------------------------------
$validating = array('vid' => md5(uniqid()), 'member_id' => $memberId, 'real_group' => $this->settings['member_group'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'new_reg' => 1, 'ip_address' => $members['ip_address'], 'spam_flag' => 0);
if ($this->usingExtendedInserts) {
$this->extendedInserts['validating'][] = $this->DB->compileInsertString($validating);
} else {
$this->DB->insert('validating', $validating);
}
}
$profile['pp_member_id'] = $memberId;
// Defaults if not specified (prevents "Column Count Mismatches" in MySQL)
$profile['pp_thumb_photo'] = $profile['pp_thumb_photo'] ? $profile['pp_thumb_photo'] : '';
$profile['pp_main_photo'] = $profile['pp_main_photo'] ? $profile['pp_main_photo'] : '';
$profile['pp_main_width'] = $profile['pp_main_width'] ? $profile['pp_main_width'] : 0;
$profile['pp_main_height'] = $profile['pp_main_height'] ? $profile['pp_main_height'] : 0;
$profile['pp_thumb_width'] = $profile['pp_thumb_width'] ? $profile['pp_thumb_width'] : 0;
$profile['pp_thumb_height'] = $profile['pp_thumb_height'] ? $profile['pp_thumb_height'] : 0;
//-----------------------------------------
// Sort out uploaded avatars / photos
//-----------------------------------------
// we send profile_type of custom if we have a photo at all
if ($profile['photo_type'] == 'custom') {
if ($profile['photo_data']) {
// open file for writing
if (!($handle = fopen($this->settings['upload_dir'] . '/profile/photo-' . $profile['pp_member_id'] . '.png', 'w'))) {
$this->logError($info['id'], 'Could not write to file.');
}
// Write image to our opened file.
if (fwrite($handle, $profile['photo_data']) === FALSE) {
$this->logError($info['id'], 'Could not write to file.');
}
// log it all into DB
$profile['pp_main_photo'] = 'profile/photo-' . $profile['pp_member_id'] . '.png';
}
}
if ($profile['photo_type'] == 'url') {
// Make an attempt at fetching the remote pic. If not, log an error.
$profile['pp_main_photo'] = '';
if ($remote = @file_get_contents($profile['photo_location'])) {
$image_dims = @getimagesize($profile['photo_location']);
if ($image_dims[0]) {
$profile['photo_data'] = $remote;
$profile['photo_type'] = 'custom';
$profile['pp_main_photo'] = $profile['photo_location'];
if (!isset($profile['photo_filesize'])) {
$profile['photo_filesize'] = strlen($remote);
}
} else {
$this->logError($info['id'], 'Remote picture file does not appear to be an image.');
}
} else {
$this->logError($info['id'], 'Could not fetch remote picture file.');
}
}
// Oops... I screwed up... workaround for now... will fix properly soon.
if ($profile['photo_type'] != 'url' and $profile['photo_location'] and !$profile['pp_main_photo']) {
$profile['pp_main_photo'] = $profile['photo_location'];
}
if (!is_dir($pic_path) and $profile['pp_main_photo'] and !$profile['photo_data']) {
$this->logError($info['id'], 'Incorrect profile pictures path');
//return false;
}
// Move em or create em
if ($profile['pp_main_photo']) {
//-----------------------------------------
// Already a dir?
//-----------------------------------------
$upload_path = $this->settings['upload_dir'];
$upload_dir;
if (!file_exists($upload_path . "/profile")) {
if (@mkdir($upload_path . "/profile", 0777)) {
@file_put_contents($upload_path . '/profile/index.html', '');
@chmod($upload_path . "/profile", 0777);
# Set path and dir correct
$upload_path .= "/profile";
$upload_dir = "profile/";
} else {
# Set path and dir correct
$upload_dir = "";
}
} else {
# Set path and dir correct
$upload_path .= "/profile";
$upload_dir = "profile/";
}
// What's the extension?
$e = explode('.', $profile['pp_main_photo']);
$extension = array_pop($e);
// There's an issue with profile photo thumbnail rebuilds. Waiting on the deal with that issue before adjusting this.
// For now, we'll just set the thumbnail the same as the main photo.
$profile['pp_thumb_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
if ($profile['photo_data']) {
//$this->createFile($profile['pp_main_photo'], $profile['photo_data'], $profile['photo_filesize'], $this->settings['upload_dir']);
$this->createFile("photo-{$memberId}.{$extension}", $profile['photo_data'], $profile['photo_filesize'], $upload_path);
$profile['pp_main_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
} else {
//$this->moveFiles(array($profile['pp_main_photo']), $profile_path, $this->settings['upload_dir']);
$this->moveFiles(array($profile['pp_main_photo']), $pic_path, $upload_path);
if ($upload_dir != '' && @rename($upload_path . "/{$profile['pp_main_photo']}", $upload_path . "/photo-{$memberId}.{$extension}")) {
$profile['pp_main_photo'] = "{$upload_dir}photo-{$memberId}.{$extension}";
}
}
// Try and get width and height.
$dimensions = @getimagesize($upload_dir . 'photo-' . $memberId . '.' . $extension);
// Add some triple checks.
$profile['pp_main_width'] = $dimensions[0] ? $dimensions[0] : 1;
$profile['pp_main_height'] = $dimensions[1] ? $dimensions[1] : 1;
$profile['pp_thumb_width'] = $dimensions[0] ? $dimensions[0] : 1;
$profile['pp_thumb_height'] = $dimensions[1] ? $dimensions[1] : 1;
}
$profile['pp_photo_type'] = $profile['photo_type'];
unset($profile['avatar_data']);
unset($profile['photo_data']);
unset($profile['photo_filesize']);
unset($profile['avatar_filesize']);
unset($profile['photo_type']);
unset($profile['photo_location']);
unset($profile['notes']);
// need to stop fields which have been added by hooks getting through. See ticket 854980 as to why this is needed.
if (is_array($profile)) {
// set the fields we're allowed (I can't think of a better way of populating this array unfortunately)
$allowedFields = array('pp_member_id', 'pp_last_visitors', 'pp_rating_hits', 'pp_rating_value', 'pp_rating_real', 'pp_main_photo', 'pp_main_width', 'pp_main_height', 'pp_thumb_photo', 'pp_thumb_width', 'pp_thumb_height', 'pp_setting_moderate_comments', 'pp_setting_moderate_friends', 'pp_setting_count_friends', 'pp_setting_count_comments', 'pp_setting_count_visitors', 'pp_about_me', 'pp_reputation_points', 'pp_gravatar', 'pp_photo_type', 'signature', 'avatar_location', 'avatar_size', 'avatar_type', 'pconversation_filters', 'fb_photo', 'fb_photo_thumb', 'fb_bwoptions', 'tc_last_sid_import', 'tc_photo', 'tc_bwoptions', 'pp_customization', 'pp_profile_update');
foreach ($profile as $k => $v) {
// not in allowed array? unset. (this stops fields from hooks making it through)
if (!in_array($k, $allowedFields)) {
unset($profile[$k]);
}
}
}
// check if we passed in custom..
$profileFields = array();
$profileFields['member_id'] = $memberId;
if (!empty($custom)) {
$profileFields = array_merge($profileFields, $custom);
}
// First member?
if ($info['id'] != $this->memberData['member_id']) {
if ($this->usingExtendedInserts) {
// Add it to the extended insert array which runs on next()
$this->extendedInserts['profile_portal'][] = $this->DB->compileInsertString($profile);
// Custom profile fields
$this->extendedInserts['pfields_content'][] = $this->DB->compileInsertString($profileFields);
} else {
$this->DB->insert('profile_portal', $profile);
$this->DB->insert('pfields_content', $profileFields);
}
} else {
if ($this->usingExtendedInserts) {
unset($profileFields['member_id']);
unset($profile['pp_member_id']);
$this->DB->update('profile_portal', $profile, "pp_member_id=" . $this->memberData['member_id']);
$this->DB->update('pfields_content', $profileFields, "member_id=" . $this->memberData['member_id']);
} else {
$this->DB->insert('profile_portal', $profile);
$this->DB->insert('pfields_content', $profileFields);
}
}
// Conversion cycle complete
return true;
}
public function changePW($newPass, $member, $currentPass = false)
{
//-----------------------------------------
// INIT
//-----------------------------------------
$save_array = array();
//-----------------------------------------
// Generate a new random password
//-----------------------------------------
$new_pass = IPSText::parseCleanValue(urldecode($newPass));
//-----------------------------------------
// Generate a new salt
//-----------------------------------------
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
//-----------------------------------------
// New log in key
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
//-----------------------------------------
// Update...
//-----------------------------------------
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . md5($new_pass));
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
$save_array['failed_logins'] = null;
$save_array['failed_login_count'] = 0;
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email'], md5($new_pass), $new_pass, $member);
IPSMember::save($member['member_id'], array('members' => $save_array));
IPSMember::updatePassword($member['member_id'], md5($new_pass));
IPSLib::runMemberSync('onPassChange', $member['member_id'], $new_pass);
}
/**
* Constructor :: Authorizes the session
*
* @access public
* @return mixed Void normally, but can print error message
*/
public function __construct()
{
/* Make object */
$this->registry = ipsRegistry::instance();
$this->DB = $this->registry->DB();
$this->settings =& $this->registry->fetchSettings();
$this->request =& $this->registry->fetchRequest();
$this->cache = $this->registry->cache();
$this->caches =& $this->registry->cache()->fetchCaches();
$this->_member = self::instance();
$this->_memberData =& self::instance()->fetchMemberData();
/* Delete immediately */
$this->_deleteNow = true;
/**
* If the sso.php file is present in this folder, we'll load it.
* This file can be used to easily integrate single-sign on in
* situations where you need to check session data
*/
if (file_exists(IPS_ROOT_PATH . '/sources/classes/session/sso.php')) {
require_once IPS_ROOT_PATH . '/sources/classes/session/sso.php';
if (class_exists("ssoSessionExtension")) {
$this->sso = new ssoSessionExtension($this->registry);
}
}
//-----------------------------------------
// INIT
//-----------------------------------------
$cookie = array();
$this->_userAgent = substr($this->_member->user_agent, 0, 200);
//-----------------------------------------
// Fix up app / section / module
//-----------------------------------------
$this->current_appcomponent = IPS_APP_COMPONENT;
$this->current_module = IPSText::alphanumericalClean($this->request['module']);
$this->current_section = IPSText::alphanumericalClean($this->request['section']);
$this->settings['session_expiration'] = $this->settings['session_expiration'] ? $this->settings['session_expiration'] : 3600;
//-----------------------------------------
// Return as guest if running a task
//-----------------------------------------
if (IPS_IS_TASK) {
self::$data_store = IPSMember::setUpGuest();
self::$data_store['last_activity'] = time();
self::$data_store['last_visit'] = time();
return true;
}
//-----------------------------------------
// no new headers if we're simply viewing an attachment..
//-----------------------------------------
if ($this->request['section'] == 'attach') {
$this->settings['no_print_header'] = 1;
}
//-----------------------------------------
// no new headers if we're updating chat
//-----------------------------------------
if (IPS_IS_AJAX && $this->request['section'] != 'login' or $this->request['section'] == 'attach' or $this->request['section'] == 'captcha') {
$this->settings['no_print_header'] = 1;
$this->do_update = 0;
}
//-----------------------------------------
// Continue!
//-----------------------------------------
$cookie['session_id'] = IPSCookie::get('session_id');
$cookie['member_id'] = IPSCookie::get('member_id');
$cookie['pass_hash'] = IPSCookie::get('pass_hash');
if ($cookie['session_id']) {
$this->getSession($cookie['session_id']);
$this->session_type = 'cookie';
} elseif (isset($this->request['s']) and $this->request['s']) {
$this->getSession($this->request['s']);
$this->session_type = 'url';
} else {
$this->session_id = 0;
}
//-----------------------------------------
// Do we have a valid session ID?
//-----------------------------------------
if ($this->session_id) {
//-----------------------------------------
// We've checked the IP addy and browser, so we can assume that this is
// a valid session.
//-----------------------------------------
if ($this->session_user_id != 0 and !empty($this->session_user_id)) {
//-----------------------------------------
// It's a member session, so load the member.
//-----------------------------------------
self::setMember($this->session_user_id);
//-----------------------------------------
// Did we get a member?
//-----------------------------------------
if (!self::$data_store['member_id'] or self::$data_store['member_id'] == 0) {
$this->_updateGuestSession();
/**
* If we have an SSO object, run it for the update guest session call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('update');
}
} else {
$this->_updateMemberSession();
/**
* If we have an SSO object, run it for the update member call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForMember')) {
$this->sso->checkSSOForMember('update');
}
}
} else {
$this->_updateGuestSession();
/**
* If we have an SSO object, run it for the update guest call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('update');
}
}
} else {
//-----------------------------------------
// We didn't have a session, or the session didn't validate
// Do we have cookies stored?
//-----------------------------------------
if ($cookie['member_id'] != "" and $cookie['pass_hash'] != "") {
//-----------------------------------------
// Load member
//-----------------------------------------
self::setMember($cookie['member_id']);
//-----------------------------------------
// INIT log in key stuff
//-----------------------------------------
$_ok = 1;
$_days = 0;
$_sticky = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
if (!self::$data_store['member_id'] or self::$data_store['member_id'] == 0) {
$this->_createGuestSession();
/**
* If we have an SSO object, run it for the create guest call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('create');
}
} else {
if (self::$data_store['member_login_key'] == $cookie['pass_hash']) {
//-----------------------------------------
// Key expired?
//-----------------------------------------
if ($this->settings['login_key_expire']) {
$_sticky = 0;
$_days = $this->settings['login_key_expire'];
if (time() > self::$data_store['member_login_key_expire']) {
$_ok = 0;
}
}
if ($_ok == 1) {
$this->_createMemberSession();
/**
* If we have an SSO object, run it for the create member call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForMember')) {
$this->sso->checkSSOForMember('create');
}
//-----------------------------------------
// Change the log in key to make each authentication
// use a unique token. This means that if a cookie is
// stolen, the hacker can only use the auth once.
//-----------------------------------------
if ($this->settings['login_change_key']) {
self::$data_store['member_login_key'] = IPSMember::generateAutoLoginKey();
IPSMember::save(self::$data_store['member_id'], array('core' => array('member_login_key' => self::$data_store['member_login_key'], 'member_login_key_expire' => $_time)));
IPSCookie::set("pass_hash", self::$data_store['member_login_key'], $_sticky, $_days);
}
} else {
self::setMember(0);
$this->_createGuestSession();
/**
* If we have an SSO object, run it for the create guest call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('create');
}
}
} else {
self::setMember(0);
$this->_createGuestSession();
/**
* If we have an SSO object, run it for the create guest call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('create');
}
}
}
} else {
$this->_createGuestSession();
/**
* If we have an SSO object, run it for the create guest call
*/
if (is_object($this->sso) and method_exists($this->sso, 'checkSSOForGuest')) {
$this->sso->checkSSOForGuest('create');
}
}
}
//-----------------------------------------
// Knock out Google Web Accelerator
//-----------------------------------------
if (ipsRegistry::$settings['disable_prefetching']) {
if (my_getenv('HTTP_X_MOZ') and strstr(strtolower(my_getenv('HTTP_X_MOZ')), 'prefetch') and self::$data_store['member_id']) {
if (IPB_PHP_SAPI == 'cgi-fcgi' or IPB_PHP_SAPI == 'cgi') {
@header('Status: 403 Forbidden');
} else {
@header('HTTP/1.1 403 Forbidden');
}
@header("Cache-Control: no-cache, must-revalidate, max-age=0");
@header("Expires: 0");
@header("Pragma: no-cache");
print "Prefetching or precaching is not allowed. If you have Google Accelerator enabled, please disable";
exit;
}
}
//-----------------------------------------
// Still no member id and not a bot?
//-----------------------------------------
if (!self::$data_store['member_id'] and !$this->_member->is_not_human) {
self::setMember(0);
self::$data_store['last_activity'] = time();
$this->request['last_visit'] = time();
}
//-----------------------------------------
// Set a session ID cookie
//-----------------------------------------
$this->_member->session_type = $this->session_type;
$this->_member->session_id = $this->session_id;
IPSCookie::set("session_id", $this->session_id, -1);
}
/**
* UserCP Save Form: Password
*
* @access public
* @param array Array of member / core_sys_login information (if we're editing)
* @return mixed Array of errors / boolean true
*/
public function saveFormPassword($member = array())
{
//-----------------------------------------
// INIT
//-----------------------------------------
$cur_pass = trim($this->request['current_pass']);
$new_pass = trim($this->request['new_pass_1']);
$chk_pass = trim($this->request['new_pass_2']);
//-----------------------------------------
// Checks...
//-----------------------------------------
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass)) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Do the passwords actually match?
//-----------------------------------------
if ($new_pass != $chk_pass) {
return array(0 => $this->lang->words['passwords_not_matchy']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if ($this->_checkPassword($cur_pass) !== TRUE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
/*if ( IPSText::mbstrlen( $new_pass ) > 32)
{
return array( 0 => $this->lang->words['new_pw_too_long'] );
}*/
//-----------------------------------------
// Create new password...
//-----------------------------------------
$md5_pass = md5($new_pass);
//-----------------------------------------
// han_login was loaded during check_password
//-----------------------------------------
$this->han_login->changePass($this->memberData['email'], $md5_pass);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['hanlogin_pw_failed']);
}
//-----------------------------------------
// Update the DB
//-----------------------------------------
IPSMember::updatePassword($this->memberData['email'], $md5_pass);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass);
//-----------------------------------------
// Update members log in key...
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key)));
$this->ok_message = $this->lang->words['pw_change_successful'];
return TRUE;
}
/**
* Converge_Server::__create_user_session()
*
* Has to return at least the member ID, member log in key and session ID
*
* @access protected
* @param object $member Member object (can access as an array of member information thx to SPL)
* @return array $session Session information
*
* @deprecated Doesn't seem to be used anymore, need to verify properly for the next major revision
*/
protected function __create_user_session($member)
{
//-----------------------------------------
// INIT
//-----------------------------------------
$update = array();
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
if (!$member['member_login_key']) {
$update['member_login_key'] = IPSMember::generateAutoLoginKey();
}
//-----------------------------------------
// Set our privacy status
//-----------------------------------------
$update['login_anonymous'] = '0&1';
//-----------------------------------------
// Update member?
//-----------------------------------------
if (is_array($update) and count($update)) {
IPSMember::save($member['member_id'], array('core' => $update));
}
//-----------------------------------------
// Still here? Create a new session
//-----------------------------------------
$this->registry->member()->setMember($member['member_id']);
require_once IPS_ROOT_PATH . 'sources/classes/session/publicSessions.php';
/*noLibHook*/
require_once IPS_ROOT_PATH . 'sources/classes/session/convergeSessions.php';
/*noLibHook*/
$session = new convergeSessions($this->registry);
$session->time_now = time();
$update['publicSessionID'] = $session->createMemberSession();
return array_merge($this->memberData, $update);
}
function step_11()
{
$this->DB->return_die = 1;
$start = intval($this->request['st']) ? intval($this->request['st']) : 0;
$lend = 300;
$end = $start + $lend;
$max = 0;
$this->DB->build(array('select' => 'id', 'from' => 'members', 'where' => "id > {$end}"));
$this->DB->execute();
$max = $this->DB->fetch();
$o = $this->DB->query($this->sql_members_converge($start, $end));
$found = 0;
//-----------------------------------------
// Do it...
//-----------------------------------------
while ($r = $this->DB->fetch($o)) {
if (!$r['cid'] or !$r['id']) {
$r['password'] = $r['password'] ? $r['password'] : $r['legacy_password'];
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
$this->DB->insert('members_converge', array('converge_id' => $r['id'], 'converge_email' => strtolower($r['email']), 'converge_joined' => $r['joined'], 'members_pass_hash' => md5(md5($salt) . $r['password']), 'members_pass_salt' => $salt));
$member_login_key = IPSMember::generateAutoLoginKey();
$this->DB->update('members', array('member_login_key' => $member_login_key, 'email' => strtolower($r['email'])), 'id=' . $r['id']);
if ($r['id'] == IPSSetUp::getSavedData('mid')) {
// Reset loginkey
IPSSetUp::setSavedData('loginkey', $member_login_key);
$this->member->setProperty('member_login_key', $member_login_key);
IPSSetUp::setSavedData('securekey', $this->member->form_hash);
}
}
$found++;
}
if (!$found and !$max['id']) {
$this->registry->output->addMessage("Converge completed, converting personal messages...");
$this->request['workact'] = 'step_12';
$this->request['st'] = 0;
} else {
$this->request['st'] = $end;
$this->registry->output->addMessage("Converge added: {$start} to {$end} completed....");
$this->request['workact'] = 'step_11';
}
}
/**
* Save new email and/or pass
*
* @return @e void
*/
protected function _saveForm()
{
if (!$this->request['email'] and !$this->request['password']) {
$this->registry->output->global_error = $this->lang->words['change_nothing_update'];
$this->_showForm();
return;
}
if ($this->request['email']) {
if (!$this->request['email_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_both_fields'];
$this->_showForm();
return;
} else {
if ($this->request['email'] != $this->request['email_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_not_match'];
$this->_showForm();
return;
}
}
$email = trim($this->request['email']);
if (!IPSText::checkEmailAddress($email)) {
$this->registry->output->global_error = $this->lang->words['bad_email_supplied'];
$this->_showForm();
return;
}
$email_check = IPSMember::load(strtolower($email));
if ($email_check['member_id']) {
if ($email_check['member_id'] == $this->memberData['member_id']) {
$this->registry->output->global_error = $this->lang->words['already_using_email'];
} else {
$this->registry->output->global_error = $this->lang->words['change_email_already_used'];
}
$this->_showForm();
return;
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->changeEmail(trim(strtolower($this->memberData['email'])), trim(strtolower($email)), $this->memberData);
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($email), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => strtolower($email))));
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['changed_email'], $email));
}
if ($this->request['password']) {
if (!$this->request['password_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_both_fields'];
$this->_showForm();
return;
} else {
if ($this->request['password'] != $this->request['password_confirm']) {
$this->registry->output->global_error = $this->lang->words['change_not_match_pw'];
$this->_showForm();
return;
}
}
$password = $this->request['password'];
$salt = str_replace('\\', "\\\\", IPSMember::generatePasswordSalt(5));
$key = IPSMember::generateAutoLoginKey();
$md5_once = md5(trim($password));
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->changePass($this->memberData['email'], $md5_once, $password, $this->memberData);
IPSMember::save($this->memberData['member_id'], array('core' => array('members_pass_salt' => $salt, 'member_login_key' => $key)));
IPSMember::updatePassword($this->memberData['member_id'], $md5_once);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $password);
ipsRegistry::getClass('adminFunctions')->saveAdminLog($this->lang->words['changed_password']);
}
$this->registry->output->global_message = $this->lang->words['details_updated'];
$this->registry->output->silentRedirectWithMessage($this->settings['base_url']);
}
/**
* Action: Log in as member
*/
protected function _loginAsMember()
{
$memberID = intval($this->request['member_id']);
//-----------------------------------------
// Load member
//-----------------------------------------
$member = IPSMember::load($memberID, 'all');
if (!$member['member_id']) {
return $this->_memberView();
}
if ($member['g_access_cp']) {
$this->registry->getClass('class_permissions')->checkPermissionAutoMsg('member_edit_admin');
}
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
$_ok = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
$_sticky = $_time ? 0 : 1;
$_days = $_time ? $this->settings['login_key_expire'] : 365;
if ($this->settings['login_change_key'] or !$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) {
$member['member_login_key'] = IPSMember::generateAutoLoginKey();
$core['member_login_key'] = $member['member_login_key'];
$core['member_login_key_expire'] = $_time;
}
//-----------------------------------------
// Cookie me softly?
//-----------------------------------------
if ($setCookies) {
IPSCookie::set("member_id", $member['member_id'], 1);
IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days);
} else {
IPSCookie::set("member_id", $member['member_id'], 0);
IPSCookie::set("pass_hash", $member['member_login_key'], 0);
}
//-----------------------------------------
// Create / Update session
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/session/publicSessions.php', 'publicSessions');
$sessionClass = new $classToLoad();
$session_id = $sessionClass->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => 0));
//-----------------------------------------
// Boink
//-----------------------------------------
$this->registry->output->silentRedirect($this->settings['board_url']);
}
/**
* Create new member
* Very basic functionality at this point.
*
* @param array Fields to save in the following format: array( 'members' => array( 'email' => '*****@*****.**',
* 'joined' => time() ),
* 'extendedProfile' => array( 'signature' => 'My signature' ) );
* Tables: members, pfields_content, profile_portal.
* You can also use the aliases: 'core [members]', 'extendedProfile [profile_portal]', and 'customFields [pfields_content]'
* @param bool Flag to attempt to auto create a name if the desired is taken
* @param bool Bypass custom field saving (if using the sso session integration this is required as member object isn't ready yet)
* @param bool Whether or not to recache the stats so as to update the board's last member data
* @return array Final member Data including member_id
*
* EXCEPTION CODES
* CUSTOM_FIELDS_EMPTY - Custom fields were not populated
* CUSTOM_FIELDS_INVALID - Custom fields were invalid
* CUSTOM_FIELDS_TOOBIG - Custom fields too big
*/
public static function create($tables = array(), $autoCreateName = FALSE, $bypassCfields = FALSE, $doStatsRecache = TRUE)
{
//-----------------------------------------
// INIT
//-----------------------------------------
$finalTables = array();
$password = '';
$plainPassword = '';
$bitWiseFields = ipsRegistry::fetchBitWiseOptions('global');
$md_5_password = '';
//-----------------------------------------
// Remap tables if required
//-----------------------------------------
foreach ($tables as $table => $data) {
$_name = isset(self::$remap[$table]) ? self::$remap[$table] : $table;
if ($_name == 'members') {
/* Magic password field */
if (!empty($data['md5_hash_password'])) {
$md_5_password = trim($data['md5_hash_password']);
$plainPassword = null;
unset($data['md5_hash_password']);
} else {
$password = isset($data['password']) ? trim($data['password']) : self::makePassword();
$plainPassword = $password;
$md_5_password = md5($password);
unset($data['password']);
}
}
$finalTables[$_name] = $data;
}
//-----------------------------------------
// Custom profile field stuff
//-----------------------------------------
if (!$bypassCfields) {
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/customfields/profileFields.php', 'customProfileFields');
$fields = new $classToLoad();
if (is_array($finalTables['pfields_content']) and count($finalTables['pfields_content'])) {
$fields->member_data = $finalTables['pfields_content'];
}
$fields->initData('edit');
$fields->parseToSave($finalTables['pfields_content'], 'register');
/* Check */
/*if( count( $fields->error_fields['empty'] ) )
{
throw new Exception( 'CUSTOM_FIELDS_EMPTY' );
}
if( count( $fields->error_fields['invalid'] ) )
{
throw new Exception( 'CUSTOM_FIELDS_INVALID' );
}
if( count( $fields->error_fields['toobig'] ) )
{
throw new Exception( 'CUSTOM_FIELDS_TOOBIG' );
}*/
}
//-----------------------------------------
// Make sure the account doesn't exist
//-----------------------------------------
if ($finalTables['members']['email']) {
if (IPSText::mbstrlen($finalTables['members']['email']) > 150 or strstr($finalTables['members']['email'], ' ')) {
/* Allow it to be auto created */
$finalTables['members']['email'] = false;
} else {
$existing = IPSMember::load($finalTables['members']['email'], 'all');
if ($existing['member_id']) {
$existing['full'] = true;
$existing['timenow'] = time();
return $existing;
}
}
}
//-----------------------------------------
// Fix up usernames and display names
//-----------------------------------------
/* Ensure we have a display name */
if ($autoCreateName and $finalTables['members']['members_display_name'] !== FALSE) {
$finalTables['members']['members_display_name'] = $finalTables['members']['members_display_name'] ? $finalTables['members']['members_display_name'] : $finalTables['members']['name'];
}
//-----------------------------------------
// Remove some basic HTML tags
//-----------------------------------------
if ($finalTables['members']['members_display_name']) {
if (IPSText::mbstrlen($finalTables['members']['members_display_name']) > 255) {
$finalTables['members']['members_display_name'] = false;
}
$finalTables['members']['members_display_name'] = str_replace(array('<', '>', '"'), '', $finalTables['members']['members_display_name']);
}
if ($finalTables['members']['name']) {
if (IPSText::mbstrlen($finalTables['members']['name']) > 255) {
$finalTables['members']['name'] = false;
}
$finalTables['members']['name'] = str_replace(array('<', '>', '"'), '', $finalTables['members']['name']);
}
//-----------------------------------------
// Make sure the names are unique
//-----------------------------------------
/* Can specify display name of FALSE to force no entry to force partial member */
if ($finalTables['members']['members_display_name'] !== FALSE) {
try {
if (IPSMember::getFunction()->checkNameExists($finalTables['members']['members_display_name'], array(), 'members_display_name', true) === true) {
if ($autoCreateName === TRUE) {
/* Now, make sure we have a unique display name */
$max = ipsRegistry::DB()->buildAndFetch(array('select' => 'MAX(member_id) as max', 'from' => 'members', 'where' => "members_l_display_name LIKE '" . ipsRegistry::DB()->addSlashes(strtolower($finalTables['members']['members_display_name'])) . "%'"));
if ($max['max']) {
$_num = $max['max'] + 1;
$finalTables['members']['members_display_name'] = $finalTables['members']['members_display_name'] . '_' . $_num;
}
} else {
$finalTables['members']['members_display_name'] = '';
}
}
} catch (Exception $e) {
}
}
if ($finalTables['members']['name']) {
try {
if (IPSMember::getFunction()->checkNameExists($finalTables['members']['name'], array(), 'name', true) === true) {
if ($autoCreateName === TRUE) {
/* Now, make sure we have a unique username */
$max = ipsRegistry::DB()->buildAndFetch(array('select' => 'MAX(member_id) as max', 'from' => 'members', 'where' => "members_l_username LIKE '" . ipsRegistry::DB()->addSlashes(strtolower($finalTables['members']['name'])) . "%'"));
if ($max['max']) {
$_num = $max['max'] + 1;
$finalTables['members']['name'] = $finalTables['members']['name'] . '_' . $_num;
}
} else {
$finalTables['members']['name'] = '';
}
}
} catch (Exception $e) {
}
}
//-----------------------------------------
// Clean up characters
//-----------------------------------------
if ($finalTables['members']['name']) {
$userName = IPSMember::getFunction()->cleanAndCheckName($finalTables['members']['name'], array(), 'name');
if ($userName['errors']) {
$finalTables['members']['name'] = $finalTables['members']['email'];
} else {
$finalTables['members']['name'] = $userName['username'];
}
}
if ($finalTables['members']['members_display_name']) {
$displayName = IPSMember::getFunction()->cleanAndCheckName($finalTables['members']['members_display_name']);
if ($displayName['errors']) {
$finalTables['members']['members_display_name'] = '';
} else {
$finalTables['members']['members_display_name'] = $displayName['members_display_name'];
}
}
//-----------------------------------------
// Populate member table(s)
//-----------------------------------------
$finalTables['members']['members_l_username'] = isset($finalTables['members']['name']) ? strtolower($finalTables['members']['name']) : '';
$finalTables['members']['joined'] = $finalTables['members']['joined'] ? $finalTables['members']['joined'] : time();
$finalTables['members']['email'] = $finalTables['members']['email'] ? $finalTables['members']['email'] : $finalTables['members']['name'] . '@' . $finalTables['members']['joined'];
$finalTables['members']['member_group_id'] = $finalTables['members']['member_group_id'] ? $finalTables['members']['member_group_id'] : ipsRegistry::$settings['member_group'];
$finalTables['members']['ip_address'] = $finalTables['members']['ip_address'] ? $finalTables['members']['ip_address'] : ipsRegistry::member()->ip_address;
$finalTables['members']['members_created_remote'] = intval($finalTables['members']['members_created_remote']);
$finalTables['members']['member_login_key'] = IPSMember::generateAutoLoginKey();
$finalTables['members']['member_login_key_expire'] = ipsRegistry::$settings['login_key_expire'] ? time() + intval(ipsRegistry::$settings['login_key_expire']) * 86400 : 0;
$finalTables['members']['view_sigs'] = 1;
$finalTables['members']['bday_day'] = intval($finalTables['members']['bday_day']);
$finalTables['members']['bday_month'] = intval($finalTables['members']['bday_month']);
$finalTables['members']['bday_year'] = intval($finalTables['members']['bday_year']);
$finalTables['members']['restrict_post'] = intval($finalTables['members']['restrict_post']);
$finalTables['members']['auto_track'] = $finalTables['members']['auto_track'] ? $finalTables['members']['auto_track'] : ipsRegistry::$settings['auto_track_method'];
$finalTables['members']['msg_count_total'] = 0;
$finalTables['members']['msg_count_new'] = 0;
$finalTables['members']['msg_show_notification'] = 1;
$finalTables['members']['coppa_user'] = 0;
$finalTables['members']['auto_track'] = substr($finalTables['members']['auto_track'], 0, 50);
$finalTables['members']['last_visit'] = $finalTables['members']['last_visit'] ? $finalTables['members']['last_visit'] : time();
$finalTables['members']['last_activity'] = $finalTables['members']['last_activity'] ? $finalTables['members']['last_activity'] : time();
$finalTables['members']['language'] = $finalTables['members']['language'] ? $finalTables['members']['language'] : IPSLib::getDefaultLanguage();
$finalTables['members']['member_uploader'] = ipsRegistry::$settings['uploadFormType'] ? 'flash' : 'default';
$finalTables['members']['members_pass_salt'] = IPSMember::generatePasswordSalt(5);
$finalTables['members']['members_pass_hash'] = IPSMember::generateCompiledPasshash($finalTables['members']['members_pass_salt'], $md_5_password);
$finalTables['members']['members_display_name'] = isset($finalTables['members']['members_display_name']) ? $finalTables['members']['members_display_name'] : '';
$finalTables['members']['members_l_display_name'] = isset($finalTables['members']['members_display_name']) ? strtolower($finalTables['members']['members_display_name']) : '';
$finalTables['members']['fb_uid'] = isset($finalTables['members']['fb_uid']) ? $finalTables['members']['fb_uid'] : 0;
$finalTables['members']['fb_emailhash'] = isset($finalTables['members']['fb_emailhash']) ? strtolower($finalTables['members']['fb_emailhash']) : '';
$finalTables['members']['members_seo_name'] = IPSText::makeSeoTitle($finalTables['members']['members_display_name']);
$finalTables['members']['bw_is_spammer'] = intval($finalTables['members']['bw_is_spammer']);
//-----------------------------------------
// Insert: MEMBERS
//-----------------------------------------
ipsRegistry::DB()->setDataType(array('name', 'members_l_username', 'members_display_name', 'members_l_display_name', 'members_seo_name', 'email'), 'string');
/* Bitwise options */
if (is_array($bitWiseFields['members'])) {
$_freeze = array();
foreach ($bitWiseFields['members'] as $field) {
if (isset($finalTables['members'][$field])) {
/* Add to freezeable array */
$_freeze[$field] = $finalTables['members'][$field];
/* Remove it from the fields to save to DB */
unset($finalTables['members'][$field]);
}
}
if (count($_freeze)) {
$finalTables['members']['members_bitoptions'] = IPSBWOptions::freeze($_freeze, 'members', 'global');
}
}
ipsRegistry::DB()->insert('members', $finalTables['members']);
//-----------------------------------------
// Get the member id
//-----------------------------------------
$finalTables['members']['member_id'] = ipsRegistry::DB()->getInsertId();
//-----------------------------------------
// Insert: PROFILE PORTAL
//-----------------------------------------
$finalTables['profile_portal']['pp_member_id'] = $finalTables['members']['member_id'];
$finalTables['profile_portal']['pp_setting_count_friends'] = 1;
$finalTables['profile_portal']['pp_setting_count_comments'] = 1;
$finalTables['profile_portal']['pp_setting_count_visitors'] = 1;
$finalTables['profile_portal']['pp_customization'] = serialize(array());
foreach (array('pp_last_visitors', 'pp_about_me', 'signature', 'fb_photo', 'fb_photo_thumb', 'pconversation_filters') as $f) {
$finalTables['profile_portal'][$f] = $finalTables['profile_portal'][$f] ? $finalTables['profile_portal'][$f] : '';
}
ipsRegistry::DB()->insert('profile_portal', $finalTables['profile_portal']);
//-----------------------------------------
// Insert into the custom profile fields DB
//-----------------------------------------
if (!$bypassCfields) {
/* Check the website url field */
$website_field = $fields->getFieldIDByKey('website');
if ($website_field && $fields->out_fields['field_' . $website_field]) {
if (stristr($fields->out_fields['field_' . $website_field], 'http://') === FALSE && stristr($fields->out_fields['field_' . $website_field], 'https://') === FALSE) {
$fields->out_fields['field_' . $website_field] = 'http://' . $fields->out_fields['field_' . $website_field];
}
}
$fields->out_fields['member_id'] = $finalTables['members']['member_id'];
ipsRegistry::DB()->delete('pfields_content', 'member_id=' . $finalTables['members']['member_id']);
ipsRegistry::DB()->insert('pfields_content', $fields->out_fields);
} else {
ipsRegistry::DB()->delete('pfields_content', 'member_id=' . $finalTables['members']['member_id']);
ipsRegistry::DB()->insert('pfields_content', array('member_id' => $finalTables['members']['member_id']));
}
//-----------------------------------------
// Insert into partial ID table
//-----------------------------------------
$full_account = false;
if ($finalTables['members']['members_display_name'] and $finalTables['members']['name'] and $finalTables['members']['email'] and $finalTables['members']['email'] != $finalTables['members']['name'] . '@' . $finalTables['members']['joined']) {
$full_account = true;
}
if (!$full_account) {
ipsRegistry::DB()->insert('members_partial', array('partial_member_id' => $finalTables['members']['member_id'], 'partial_date' => $finalTables['members']['joined'], 'partial_email_ok' => $finalTables['members']['email'] == $finalTables['members']['name'] . '@' . $finalTables['members']['joined'] ? 0 : 1));
}
/* Add plain password and run sync */
$finalTables['members']['plainPassword'] = $plainPassword;
IPSLib::runMemberSync('onCreateAccount', $finalTables['members']);
/* Remove plain password */
unset($finalTables['members']['plainPassword']);
//-----------------------------------------
// Recache our stats (Ticket 627608)
//-----------------------------------------
if ($doStatsRecache == TRUE) {
ipsRegistry::cache()->rebuildCache('stats', 'global');
}
return array_merge($finalTables['members'], $finalTables['profile_portal'], !$bypassCfields ? $fields->out_fields : array(), array('timenow' => $finalTables['members']['joined'], 'full' => $full_account));
}
/**
* Wrapper for loginAuthenticate - returns more information
*
* @access public
* @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key]
*/
public function verifyLogin()
{
$url = "";
$member = array();
$username = '';
$email = '';
$password = trim($this->request['password']);
$errors = '';
$core = array();
//-----------------------------------------
// Is this a username or email address?
//-----------------------------------------
if (IPSText::checkEmailAddress($this->request['username'])) {
$email = $this->request['username'];
} else {
$username = $this->request['username'];
}
//-----------------------------------------
// Check auth
//-----------------------------------------
$this->loginAuthenticate($username, $email, $password);
$member = $this->member_data;
//-----------------------------------------
// Check return code...
//-----------------------------------------
if ($this->return_code != 'SUCCESS') {
if ($this->return_code == 'MISSING_DATA') {
return array(null, null, 'complete_form');
}
if ($this->return_code == 'ACCOUNT_LOCKED') {
$extra = "<!-- -->";
if ($this->settings['ipb_bruteforce_unlock']) {
if ($this->account_unlock) {
$time = time() - $this->account_unlock;
$time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1;
}
}
return array(null, null, 'bruteforce_account_unlock', $time);
} else {
if ($this->return_code == 'WRONG_OPENID') {
return array(null, null, 'wrong_openid');
} else {
if ($this->return_code == 'FLAGGED_REMOTE') {
return array(null, null, 'flagged_remote');
} else {
return array(null, null, 'wrong_auth');
}
}
}
}
//-----------------------------------------
// Is this a partial member?
// Not completed their sign in?
//-----------------------------------------
if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) {
return array($this->lang->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']);
}
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
$_ok = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
$_sticky = $_time ? 0 : 1;
$_days = $_time ? $this->settings['login_key_expire'] : 365;
if ($this->settings['login_change_key'] or !$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) {
$member['member_login_key'] = IPSMember::generateAutoLoginKey();
$core['member_login_key'] = $member['member_login_key'];
$core['member_login_key_expire'] = $_time;
}
//-----------------------------------------
// Cookie me softly?
//-----------------------------------------
if ($this->request['rememberMe']) {
IPSCookie::set("member_id", $member['member_id'], 1);
IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days);
} else {
IPSCookie::set("member_id", $member['member_id'], 0);
IPSCookie::set("pass_hash", $member['member_login_key'], 0);
}
//-----------------------------------------
// Remove any COPPA cookies previously set
//-----------------------------------------
IPSCookie::set("coppa", '0', 0);
//-----------------------------------------
// Update profile if IP addr missing
//-----------------------------------------
if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') {
$core['ip_address'] = $this->member->ip_address;
}
//-----------------------------------------
// Create / Update session
//-----------------------------------------
$privacy = $this->request['anonymous'] ? 1 : 0;
if ($member['g_hide_online_list']) {
$privacy = 1;
}
$session_id = $this->member->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
if ($this->request['referer'] and $this->request['referer'] and $this->request['section'] != 'register') {
if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) {
$url = $this->settings['base_url'] . '?';
} else {
$url = str_replace('&', '&', $this->request['referer']);
$url = preg_replace("#s=(\\w){32}#", "", $url);
if ($this->member->session_type != 'cookie') {
$url = $this->settings['board_url'] . '/index.php?s=' . $session_id;
}
}
} else {
$url = $this->settings['base_url'] . '?';
}
//-----------------------------------------
// Set our privacy status
//-----------------------------------------
$core['login_anonymous'] = intval($privacy) . '&1';
$core['failed_logins'] = '';
$core['failed_login_count'] = 0;
IPSMember::save($member['member_id'], array('core' => $core));
//-----------------------------------------
// Clear out any passy change stuff
//-----------------------------------------
$this->DB->delete('validating', 'member_id=' . $this->memberData['member_id'] . ' AND lost_pass=1');
//-----------------------------------------
// Redirect them to either the board
// index, or where they came from
//-----------------------------------------
if ($this->request['return']) {
$return = urldecode($this->request['return']);
if (strpos($return, "http://") === 0) {
return array($this->lang->words['partial_login'], $return);
}
}
//-----------------------------------------
// Still here?
//-----------------------------------------
/* Member Sync */
IPSLib::runMemberSync('onLogin', $member);
return array($this->lang->words['partial_login'], $url);
}
/**
* Change a member's password
*
* @access protected
* @return void [Outputs to screen]
*/
protected function save_password()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$member_id = intval($this->request['member_id']);
$password = $this->request['password'];
$password2 = $this->request['password2'];
$new_key = intval($this->request['new_key']);
$new_salt = intval($this->request['new_salt']);
$salt = str_replace('\\', "\\\\", IPSMember::generatePasswordSalt(5));
$key = IPSMember::generateAutoLoginKey();
$md5_once = md5(trim($password));
//-----------------------------------------
// Check
//-----------------------------------------
if (!$password or !$password2) {
$this->returnJsonError($this->lang->words['password_nogood']);
exit;
}
if ($password != $password2) {
$this->returnJsonError($this->lang->words['m_passmatch']);
exit;
}
//-----------------------------------------
// Get member
//-----------------------------------------
$member = IPSMember::load($member_id);
//-----------------------------------------
// Allowed to edit administrators?
//-----------------------------------------
if ($member['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_edit_admin', 'members', 'members')) {
$this->returnJsonError($this->lang->words['m_editadmin']);
exit;
}
//-----------------------------------------
// Check Converge: Password
//-----------------------------------------
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$han_login = new han_login($this->registry);
$han_login->init();
$han_login->changePass($member['email'], $md5_once);
/*if ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' )
{
$this->returnJsonError( $this->lang->words['m_passchange']);
exit();
}*/
//-----------------------------------------
// Local DB
//-----------------------------------------
$update = array();
if ($new_salt) {
$update['members_pass_salt'] = $salt;
}
if ($new_key) {
$update['member_login_key'] = $key;
}
if (count($update)) {
IPSMember::save($member_id, array('core' => $update));
}
IPSMember::updatePassword($member_id, $md5_once);
IPSLib::runMemberSync('onPassChange', $member_id, $password);
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_passlog'], $member_id));
$_string = <<<EOF
\t\t{
\t\t\t'success' : true,
\t\t\t'password' : "*************"
\t\t}
\t\t
EOF;
$this->returnString($_string);
}
/**
* Validation completion. This is the action hit when a user clicks a validation link from their email for
* lost password, email change and new registration.
*
* @access private
* @return void
*/
private function _autoValidate()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$in_user_id = intval(trim(urldecode($this->request['uid'])));
$in_validate_key = substr(IPSText::alphanumericalClean(urldecode($this->request['aid'])), 0, 32);
$in_type = trim($this->request['type']);
$in_type = $in_type ? $in_type : 'reg';
//-----------------------------------------
// Attempt to get the profile of the requesting user
//-----------------------------------------
$member = IPSMember::load($in_user_id, 'members');
if (!$member['member_id']) {
$this->_showManualForm($in_type, 'reg_error_validate');
return;
}
//-----------------------------------------
// Get validating info..
//-----------------------------------------
if ($in_type == 'lostpass') {
$validate = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => 'member_id=' . $in_user_id . " AND lost_pass=1"));
} else {
if ($in_type == 'newemail') {
$validate = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => 'member_id=' . $in_user_id . " AND email_chg=1"));
} else {
$validate = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => 'member_id=' . $in_user_id));
}
}
//-----------------------------------------
// Checks...
//-----------------------------------------
if (!$validate['member_id']) {
$this->registry->output->showError('no_validate_key', 10120);
}
if ($validate['new_reg'] == 1 && $this->settings['reg_auth_type'] == "admin") {
$this->registry->output->showError('validate_admin_turn', 10121);
}
if ($validate['vid'] != $in_validate_key) {
$this->registry->output->showError('validation_key_invalid', 10122);
}
//-----------------------------------------
// Captcha (from posted form, not GET)
//-----------------------------------------
if ($this->settings['use_captcha'] and $this->request['uid']) {
if ($this->registry->getClass('class_captcha')->validate($this->request['captcha_unique_id'], $this->request['captcha_input']) !== TRUE) {
$this->_showManualForm($in_type, 'reg_error_anti_spam');
return;
}
}
//-----------------------------------------
// REGISTER VALIDATE
//-----------------------------------------
if ($validate['new_reg'] == 1) {
if (!$validate['real_group']) {
$validate['real_group'] = $this->settings['member_group'];
}
//-----------------------------------------
// SELF-VERIFICATION...
//-----------------------------------------
if ($this->settings['reg_auth_type'] != 'admin_user') {
IPSMember::save($member['member_id'], array('members' => array('member_group_id' => $validate['real_group'])));
/* Reset newest member */
$stat_cache = $this->caches['stats'];
if ($member['members_display_name'] and $member['member_id']) {
$stat_cache['last_mem_name'] = $member['members_display_name'];
$stat_cache['last_mem_id'] = $member['member_id'];
}
$stat_cache['mem_count'] += 1;
$this->cache->setCache('stats', $stat_cache, array('array' => 1, 'deletefirst' => 0));
//-----------------------------------------
// Remove "dead" validation
//-----------------------------------------
$this->DB->delete('validating', "vid='" . $validate['vid'] . "'");
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromreg=1');
} else {
//-----------------------------------------
// Update DB row...
//-----------------------------------------
$this->DB->update('validating', array('user_verified' => 1), 'vid="' . $validate['vid'] . '"');
//-----------------------------------------
// Print message
//-----------------------------------------
$this->registry->output->setTitle($this->lang->words['validation_complete']);
$this->output = $this->registry->getClass('output')->getTemplate('register')->showPreview($member);
}
} else {
if ($validate['lost_pass'] == 1) {
//-----------------------------------------
// INIT
//-----------------------------------------
$save_array = array();
//-----------------------------------------
// Generate a new random password
//-----------------------------------------
$new_pass = IPSLib::makePassword();
//-----------------------------------------
// Generate a new salt
//-----------------------------------------
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
//-----------------------------------------
// New log in key
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
//-----------------------------------------
// Update...
//-----------------------------------------
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . md5($new_pass));
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
//-----------------------------------------
// Load handler...
//-----------------------------------------
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email_address'], md5($new_pass));
if ($this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
$this->registry->output->showError('lostpass_external_fail', 2015, true);
}
IPSMember::save($member['member_id'], array('members' => $save_array));
//-----------------------------------------
// Send out the email...
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("lost_pass_email_pass");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['members_display_name'], 'THE_LINK' => $this->settings['base_url'] . 'app=core&module=usercp&tab=core&area=password', 'PASSWORD' => $new_pass, 'LOGIN' => $this->settings['base_url'] . 'app=core&module=global§ion=login', 'USERNAME' => $member['name'], 'EMAIL' => $member['email'], 'ID' => $member['member_id']));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_random_pass_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->registry->output->setTitle($this->lang->words['validation_complete']);
//-----------------------------------------
// Remove "dead" validation
//-----------------------------------------
$this->DB->delete('validating', "vid='" . $validate['vid'] . "' OR (member_id={$member['member_id']} AND lost_pass=1)");
$this->output = $this->registry->getClass('output')->getTemplate('register')->showLostPassWaitRandom($member);
} else {
if ($validate['email_chg'] == 1) {
if (!$validate['real_group']) {
$validate['real_group'] = $this->settings['member_group'];
}
IPSMember::save($member['member_id'], array('members' => array('member_group_id' => intval($validate['real_group']))));
IPSCookie::set("member_id", $member['member_id'], 1);
IPSCookie::set("pass_hash", $member['member_login_key'], 1);
//-----------------------------------------
// Remove "dead" validation
//-----------------------------------------
$this->DB->delete('validating', "vid='" . $validate['vid'] . "' OR (member_id={$member['member_id']} AND email_chg=1)");
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&fromemail=1');
}
}
}
}
/**
* UserCP Save Form: Email Address
*
* @return mixed Array of errors / boolean true
*/
public function saveFormEmailPassword()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$_emailOne = strtolower(trim($this->request['in_email_1']));
$_emailTwo = strtolower(trim($this->request['in_email_2']));
$cur_pass = trim($this->request['current_pass']);
$new_pass = trim($this->request['new_pass_1']);
$chk_pass = trim($this->request['new_pass_2']);
$isRemote = (!$this->memberData['bw_local_password_set'] and $this->memberData['members_created_remote']) ? true : false;
if ($cur_pass or $new_pass) {
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if ($isRemote === false and (!$_POST['current_pass'] or empty($new_pass) or empty($chk_pass))) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Do the passwords actually match?
//-----------------------------------------
if ($new_pass != $chk_pass) {
return array(0 => $this->lang->words['passwords_not_matchy']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if ($isRemote === false) {
if ($this->_checkPassword($cur_pass) !== TRUE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
} else {
/* This is INIT in _checkPassword */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
}
//-----------------------------------------
// Create new password...
//-----------------------------------------
$md5_pass = md5($new_pass);
//-----------------------------------------
// han_login was loaded during check_password
//-----------------------------------------
$this->han_login->changePass($this->memberData['email'], $md5_pass, $new_pass, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['hanlogin_pw_failed']);
}
//-----------------------------------------
// Update the DB
//-----------------------------------------
IPSMember::updatePassword($this->memberData['email'], $md5_pass);
IPSLib::runMemberSync('onPassChange', $this->memberData['member_id'], $new_pass);
//-----------------------------------------
// Update members log in key...
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
IPSMember::save($this->memberData['member_id'], array('core' => array('member_login_key' => $key, 'bw_local_password_set' => 1)));
$this->ok_message = $this->lang->words['pw_change_successful'];
}
if ($_emailOne or $_emailTwo) {
//-----------------------------------------
// Do not allow validating members to change
// email when admin validation is on
// @see http://community.invisionpower.com/tracker/issue-19964-loophole-in-registration-procedure/
//-----------------------------------------
if ($this->memberData['member_group_id'] == $this->settings['auth_group'] and in_array($this->settings['reg_auth_type'], array('admin', 'admin_user'))) {
$this->registry->output->showError($this->lang->words['admin_val_no_email_chg'], 10190);
}
//-----------------------------------------
// Check input
//-----------------------------------------
if ($this->memberData['g_access_cp']) {
return array(0 => $this->lang->words['admin_emailpassword']);
}
if (!$_POST['in_email_1'] or !$_POST['in_email_2']) {
return array(0 => $this->lang->words['complete_entire_form']);
}
//-----------------------------------------
// Check password...
//-----------------------------------------
if (!$this->_isFBUser) {
if ($this->_checkPassword($this->request['password']) === FALSE) {
return array(0 => $this->lang->words['current_pw_bad']);
}
}
//-----------------------------------------
// Test email addresses
//-----------------------------------------
if ($_emailOne != $_emailTwo) {
return array(0 => $this->lang->words['emails_no_matchy']);
}
if (IPSText::checkEmailAddress($_emailOne) !== TRUE) {
return array(0 => $this->lang->words['email_not_valid']);
}
//-----------------------------------------
// Is this email addy taken?
//-----------------------------------------
if (IPSMember::checkByEmail($_emailOne) == TRUE) {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Load ban filters
//-----------------------------------------
$banfilters = array();
$this->DB->build(array('select' => '*', 'from' => 'banfilters'));
$this->DB->execute();
while ($r = $this->DB->fetch()) {
$banfilters[$r['ban_type']][] = $r['ban_content'];
}
//-----------------------------------------
// Check in banned list
//-----------------------------------------
if (isset($banfilters['email']) and is_array($banfilters['email']) and count($banfilters['email'])) {
foreach ($banfilters['email'] as $email) {
$email = str_replace('\\*', '.*', preg_quote($email, "/"));
if (preg_match("/^{$email}\$/i", $_emailOne)) {
return array(0 => $this->lang->words['email_is_taken']);
}
}
}
//-----------------------------------------
// Load handler...
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$this->han_login = new $classToLoad($this->registry);
$this->han_login->init();
if ($this->han_login->emailExistsCheck($_emailOne) !== FALSE) {
return array(0 => $this->lang->words['email_is_taken']);
}
$this->han_login->changeEmail($this->memberData['email'], $_emailOne, $this->memberData);
if ($this->han_login->return_code and $this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
return array(0 => $this->lang->words['email_is_taken']);
}
//-----------------------------------------
// Want a new validation? NON ADMINS ONLY
//-----------------------------------------
if ($this->settings['reg_auth_type'] and !$this->memberData['g_access_cp']) {
//-----------------------------------------
// Remove any existing entries
//-----------------------------------------
$_previous = $this->DB->buildAndFetch(array('select' => 'prev_email, real_group', 'from' => 'validating', 'where' => "member_id={$this->memberData['member_id']} AND email_chg=1"));
if ($_previous['prev_email']) {
$this->DB->delete('validating', "member_id={$this->memberData['member_id']} AND email_chg=1");
$this->memberData['email'] = $_previous['prev_email'];
$this->memberData['member_group_id'] = $_previous['real_group'];
}
$validate_key = md5(IPSMember::makePassword() . time());
//-----------------------------------------
// Update the new email, but enter a validation key
// and put the member in "awaiting authorisation"
// and send an email..
//-----------------------------------------
$db_str = array('vid' => $validate_key, 'member_id' => $this->memberData['member_id'], 'temp_group' => $this->settings['auth_group'], 'entry_date' => time(), 'coppa_user' => 0, 'email_chg' => 1, 'ip_address' => $this->member->ip_address, 'prev_email' => $this->memberData['email']);
if ($this->memberData['member_group_id'] != $this->settings['auth_group']) {
$db_str['real_group'] = $this->memberData['member_group_id'];
}
$this->DB->insert('validating', $db_str);
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('member_group_id' => $this->settings['auth_group'], 'email' => $_emailOne)));
//-----------------------------------------
// Update their session with the new member group
//-----------------------------------------
if ($this->member->session_id) {
$this->member->sessionClass()->convertMemberToGuest();
}
//-----------------------------------------
// Kill the cookies to stop auto log in
//-----------------------------------------
IPSCookie::set('pass_hash', '-1', 0);
IPSCookie::set('member_id', '-1', 0);
IPSCookie::set('session_id', '-1', 0);
//-----------------------------------------
// Dispatch the mail, and return to the activate form.
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("newemail");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $this->memberData['members_display_name'], 'THE_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=auto_validate&type=newemail&uid=" . $this->memberData['member_id'] . "&aid=" . $validate_key, 'publicNoSession', 'false'), 'ID' => $this->memberData['member_id'], 'MAN_LINK' => $this->registry->getClass('output')->buildSEOUrl("app=core&module=global§ion=register&do=07", 'publicNoSession', 'false'), 'CODE' => $validate_key));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $_emailOne;
IPSText::getTextClass('email')->sendMail();
$this->registry->getClass('output')->silentRedirect($this->settings['base_url'] . 'app=core&module=global&section=register&do=07');
} else {
//-----------------------------------------
// No authorisation needed, change email addy and return
//-----------------------------------------
IPSLib::runMemberSync('onEmailChange', $this->memberData['member_id'], strtolower($_emailOne), $this->memberData['email']);
IPSMember::save($this->memberData['member_id'], array('core' => array('email' => $_emailOne)));
//-----------------------------------------
// Add to OK message
//-----------------------------------------
$this->ok_message = $this->lang->words['ok_email_changed'];
}
}
return TRUE;
}
/**
* Wrapper for loginAuthenticate - returns more information
*
* @return mixed array [0=Words to show, 1=URL to send to, 2=error message language key]
*/
public function verifyLogin()
{
$url = "";
$member = array();
$username = '';
$email = '';
$password = trim($this->request['ips_password']);
$errors = '';
$core = array();
$mobileSSO = false;
$memberData = $this->registry->member()->fetchMemberData();
/* Mobile app + sso */
if ($memberData['userAgentType'] == 'mobileApp') {
$file = IPS_ROOT_PATH . 'sources/classes/session/ssoMobileAppLogIn.php';
if (is_file($file)) {
require_once $file;
if (class_exists('ssoMobileAppLogIn')) {
$mobileSSO = true;
$logIn = new ssoMobileAppLogIn($this->registry);
$done = $logIn->authenticate($this->request['ips_username'], $password);
$this->return_code = $done['code'];
$this->member_data = IPSMember::load(intval($done['memberId']));
$member = $this->member_data;
}
}
}
/* No mobile log in? Log in normally */
if (!$mobileSSO) {
//-----------------------------------------
// Is this a username or email address?
//-----------------------------------------
if (IPSText::checkEmailAddress($this->request['ips_username'])) {
$email = $this->request['ips_username'];
} else {
$username = $this->request['ips_username'];
}
//-----------------------------------------
// Check auth
//-----------------------------------------
$this->loginAuthenticate($username, $email, $password);
$member = $this->member_data;
}
//-----------------------------------------
// Check return code...
//-----------------------------------------
if ($this->return_code != 'SUCCESS') {
if ($this->return_code == 'MISSING_DATA') {
return array(null, null, 'complete_form');
}
if ($this->return_code == 'ACCOUNT_LOCKED') {
$extra = "<!-- -->";
if ($this->settings['ipb_bruteforce_unlock']) {
if ($this->account_unlock) {
$time = time() - $this->account_unlock;
$time = $this->settings['ipb_bruteforce_period'] - ceil($time / 60) > 0 ? $this->settings['ipb_bruteforce_period'] - ceil($time / 60) : 1;
}
}
return array(null, null, $this->settings['ipb_bruteforce_unlock'] ? 'bruteforce_account_unlock' : 'bruteforce_account_lock', $time);
} else {
if ($this->return_code == 'MISSING_EXTENSIONS') {
return array(null, null, 'missing_extensions');
} else {
if ($this->return_code == 'FLAGGED_REMOTE') {
return array(null, null, 'flagged_remote');
} else {
if ($this->return_code == 'VALIDATING') {
if ($this->revalidate_url == 'ADMIN_VALIDATION') {
return array(null, null, 'validating_remote', ipsRegistry::getClass('class_localization')->words['admin_validation_msg']);
} else {
return array(null, null, 'validating_remote', "<a href='{$this->revalidate_url}' target='_blank'>" . ipsRegistry::getClass('class_localization')->words['resend_val'] . "</a>");
}
} else {
return array(null, null, 'wrong_auth');
}
}
}
}
}
//-----------------------------------------
// Is this a partial member?
// Not completed their sign in?
//-----------------------------------------
if ($member['members_created_remote'] and isset($member['full']) and !$member['full']) {
return array($this->registry->getClass('class_localization')->words['partial_login'], $this->settings['base_url'] . 'app=core&module=global&section=register&do=complete_login&mid=' . $member['member_id'] . '&key=' . $member['timenow']);
}
//-----------------------------------------
// Generate a new log in key
//-----------------------------------------
$_ok = 1;
$_time = $this->settings['login_key_expire'] ? time() + intval($this->settings['login_key_expire']) * 86400 : 0;
$_sticky = $_time ? 0 : 1;
$_days = $_time ? $this->settings['login_key_expire'] : 365;
if (!$member['member_login_key'] or $this->settings['login_key_expire'] and time() > $member['member_login_key_expire']) {
$member['member_login_key'] = IPSMember::generateAutoLoginKey();
$core['member_login_key'] = $member['member_login_key'];
$core['member_login_key_expire'] = $_time;
}
//-----------------------------------------
// Cookie me softly?
//-----------------------------------------
if ($this->request['rememberMe']) {
IPSCookie::set("member_id", $member['member_id'], 1, 0, FALSE, TRUE);
IPSCookie::set("pass_hash", $member['member_login_key'], $_sticky, $_days, FALSE, TRUE);
IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', $_sticky, $_days, FALSE, FALSE);
} else {
// Ticket 824266
// IPSCookie::set( "member_id" , $member['member_id'], 0 );
// IPSCookie::set( "pass_hash" , $member['member_login_key'], 0 );
IPSCookie::set("ipsconnect_" . md5($this->settings['board_url'] . '/interface/ipsconnect/ipsconnect.php'), '1', 0, 0, FALSE, FALSE);
}
//-----------------------------------------
// Remove any COPPA cookies previously set
//-----------------------------------------
IPSCookie::set("coppa", '0', 0);
//-----------------------------------------
// Update profile if IP addr missing
//-----------------------------------------
if ($member['ip_address'] == "" or $member['ip_address'] == '127.0.0.1') {
$core['ip_address'] = $this->registry->member()->ip_address;
}
//-----------------------------------------
// Create / Update session
//-----------------------------------------
$privacy = $member['g_hide_online_list'] || empty($this->settings['disable_anonymous']) && !empty($this->request['anonymous']) ? 1 : 0;
$session_id = $this->registry->member()->sessionClass()->convertGuestToMember(array('member_name' => $member['members_display_name'], 'member_id' => $member['member_id'], 'member_group' => $member['member_group_id'], 'login_type' => $privacy));
if (!empty($this->request['referer']) and $this->request['section'] != 'register') {
if (stripos($this->request['referer'], 'section=register') or stripos($this->request['referer'], 'section=login') or stripos($this->request['referer'], 'section=lostpass') or stripos($this->request['referer'], CP_DIRECTORY . '/')) {
$url = $this->settings['base_url'];
} else {
$url = str_replace('&', '&', $this->request['referer']);
if ($this->registry->member()->session_type == 'cookie') {
$url = preg_replace('#s=(\\w){32}#', "", $url);
}
}
} else {
$url = $this->settings['base_url'];
}
//-----------------------------------------
// Set our privacy status
//-----------------------------------------
$core['login_anonymous'] = intval($privacy) . '&1';
$core['failed_logins'] = '';
$core['failed_login_count'] = 0;
IPSMember::save($member['member_id'], array('core' => $core));
//-----------------------------------------
// Clear out any passy change stuff
//-----------------------------------------
$this->DB->delete('validating', 'member_id=' . $this->registry->member()->getProperty('member_id') . ' AND lost_pass=1');
//-----------------------------------------
// Run member sync
//-----------------------------------------
$member['plainPassword'] = $password;
IPSLib::runMemberSync('onLogin', $member);
unset($member['plainPassword']);
//-----------------------------------------
// Redirect them to either the board
// index, or where they came from
//-----------------------------------------
if (!empty($this->request['return'])) {
$return = urldecode($this->request['return']);
if (strpos($return, "http://") === 0 || strpos($return, "https://") === 0) {
return array($this->registry->getClass('class_localization')->words['partial_login'], $return);
}
}
//-----------------------------------------
// Still here?
//-----------------------------------------
return array($this->registry->getClass('class_localization')->words['partial_login'], $url);
}
/**
* Change a member's password
*
* @return @e void [Outputs to screen]
*/
protected function save_password()
{
//-----------------------------------------
// INIT
//-----------------------------------------
$member_id = intval($this->request['member_id']);
$password = IPSText::parseCleanValue($_POST['password']);
$password2 = IPSText::parseCleanValue($_POST['password2']);
$new_key = intval($this->request['new_key']);
$new_salt = intval($this->request['new_salt']);
$salt = str_replace('\\', "\\\\", IPSMember::generatePasswordSalt(5));
$key = IPSMember::generateAutoLoginKey();
$md5_once = md5(trim($password));
//-----------------------------------------
// AJAX debug
//-----------------------------------------
IPSDebug::fireBug('info', array('Password: '******'password_nogood']);
}
if ($password != $password2) {
$this->registry->output->showError($this->lang->words['m_passmatch']);
}
//-----------------------------------------
// Get member
//-----------------------------------------
$member = IPSMember::load($member_id);
//-----------------------------------------
// Allowed to edit administrators?
//-----------------------------------------
if ($member['g_access_cp'] and !$this->registry->getClass('class_permissions')->checkPermission('member_edit_admin', 'members', 'members')) {
$this->registry->output->showError($this->lang->words['m_editadmin']);
}
//-----------------------------------------
// Check Converge: Password
//-----------------------------------------
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/handlers/han_login.php', 'han_login');
$han_login = new $classToLoad($this->registry);
$han_login->init();
$han_login->changePass($member['email'], $md5_once, $password, $member);
/*if ( $han_login->return_code != 'METHOD_NOT_DEFINED' AND $han_login->return_code != 'SUCCESS' )
{
$this->returnJsonError( $this->lang->words['m_passchange']);
exit();
}*/
//-----------------------------------------
// Local DB
//-----------------------------------------
$update = array();
if ($new_salt) {
$update['members_pass_salt'] = $salt;
}
if ($new_key) {
$update['member_login_key'] = $key;
}
if (count($update)) {
IPSMember::save($member_id, array('core' => $update));
}
IPSMember::updatePassword($member_id, $md5_once);
IPSLib::runMemberSync('onPassChange', $member_id, $password);
ipsRegistry::getClass('adminFunctions')->saveAdminLog(sprintf($this->lang->words['m_passlog'], $member_id));
$this->registry->output->global_message = $this->lang->words['pw_updated_success'];
$this->registry->output->silentRedirectWithMessage($this->settings['base_url'] . 'module=members&do=viewmember&member_id=' . $member_id);
}
function step_11()
{
$this->DB->return_die = 1;
$start = intval($this->request['st']) ? intval($this->request['st']) : 0;
$lend = 300;
$end = $start + $lend;
$max = 0;
$this->DB->build(array('select' => 'id', 'from' => 'members', 'where' => "id > {$end}"));
$this->DB->execute();
$max = $this->DB->fetch();
$found = 0;
/* Grab session user */
$sessionUser = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'upgrade_sessions', 'where' => 'session_id=\'' . addslashes($this->request['s']) . '\''));
$o = $this->DB->query($this->sql_members_converge($start, $end));
$this->DB->build(array('select' => 'm.*', 'from' => array('members' => 'm'), 'where' => 'm.id >=' . $start . ' AND id < ' . $end, 'add_join' => array(array('select' => 'c.converge_id as cid', 'from' => array('members_converge' => 'c'), 'where' => 'c.converge_id=m.id', 'type' => 'left'))));
$o = $this->DB->execute();
//-----------------------------------------
// Do it...
//-----------------------------------------
while ($r = $this->DB->fetch($o)) {
if (!$r['cid'] or !$r['id']) {
$r['password'] = $r['password'] ? $r['password'] : $r['legacy_password'];
$salt = IPSMember::generatePasswordSalt();
$this->DB->insert('members_converge', array('converge_id' => $r['id'], 'converge_email' => strtolower($r['email']), 'converge_joined' => $r['joined'], 'converge_pass_hash' => md5(md5($salt) . $r['password']), 'converge_pass_salt' => $salt));
$member_login_key = IPSMember::generateAutoLoginKey();
/* Current session user? */
if ($sessionUser['session_member_id'] and $sessionUser['session_member_id'] == $r['id']) {
$member_login_key = $sessionUser['session_member_key'];
}
$this->DB->update('members', array('member_login_key' => $member_login_key, 'email' => strtolower($r['email'])), 'id=' . $r['id']);
}
$found++;
}
if (!$found and !$max['id']) {
$this->registry->output->addMessage("Converge completed, converting personal messages...");
$this->request['workact'] = 'step_12';
$this->request['st'] = 0;
} else {
$this->request['st'] = $end;
$this->registry->output->addMessage("Converge added: {$start} to {$end} completed....");
$this->request['workact'] = 'step_11';
}
}
/**
* Validates a lost password request
*
* @access public
* @return void
*/
public function lostPasswordValidate()
{
/* Check for input and it's in a valid format. */
$in_user_id = intval(trim(urldecode($this->request['uid'])));
$in_validate_key = IPSText::md5Clean(trim(urldecode($this->request['aid'])));
/* Check Input */
if (!$in_validate_key) {
$this->registry->output->showError('validation_key_incorrect', 1015);
}
if (!preg_match("/^(?:\\d){1,}\$/", $in_user_id)) {
$this->registry->output->showError('uid_key_incorrect', 1016);
}
/* Attempt to get the profile of the requesting user */
$member = IPSMember::load($in_user_id);
if (!$member['member_id']) {
$this->registry->output->showError('lostpass_no_member', 1017);
}
/* Get validating info.. */
$validate = $this->DB->buildAndFetch(array('select' => '*', 'from' => 'validating', 'where' => 'member_id=' . $in_user_id . ' and lost_pass=1'));
if (!$validate['member_id']) {
$this->registry->output->showError('lostpass_not_validating', 1018);
}
if ($validate['new_reg'] == 1 && $this->settings['reg_auth_type'] == "admin") {
$this->registry->output->showError('lostpass_new_reg', 4010, true);
}
if ($validate['vid'] != $in_validate_key) {
$this->registry->output->showError('lostpass_key_wrong', 1019);
} else {
/* On the same page? */
if ($validate['lost_pass'] != 1) {
$this->registry->output->showError('lostpass_not_lostpass', 4011, true);
}
/* Test GD image */
if ($this->settings['bot_antispam']) {
if ($this->registry->getClass('class_captcha')->validate() !== TRUE) {
$this->lostPasswordValidateForm('err_reg_code');
return;
}
}
/* Send a new random password? */
if ($this->settings['lp_method'] == 'random') {
//-----------------------------------------
// INIT
//-----------------------------------------
$save_array = array();
//-----------------------------------------
// Generate a new random password
//-----------------------------------------
$new_pass = IPSLib::makePassword();
//-----------------------------------------
// Generate a new salt
//-----------------------------------------
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
//-----------------------------------------
// New log in key
//-----------------------------------------
$key = IPSMember::generateAutoLoginKey();
//-----------------------------------------
// Update...
//-----------------------------------------
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . md5($new_pass));
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
$save_array['failed_logins'] = null;
$save_array['failed_login_count'] = 0;
//-----------------------------------------
// Load handler...
//-----------------------------------------
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email'], md5($new_pass));
if ($this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
$this->registry->output->showError($this->lang->words['lostpass_external_fail'], 2013);
}
IPSMember::save($member['member_id'], array('members' => $save_array));
//-----------------------------------------
// Send out the email...
//-----------------------------------------
IPSText::getTextClass('email')->getTemplate("lost_pass_email_pass");
IPSText::getTextClass('email')->buildMessage(array('NAME' => $member['members_display_name'], 'THE_LINK' => $this->settings['base_url'] . 'app=core&module=usercp&tab=core&area=password', 'PASSWORD' => $new_pass, 'LOGIN' => $this->settings['base_url'] . 'app=core&module=global§ion=login', 'USERNAME' => $member['name'], 'EMAIL' => $member['email'], 'ID' => $member['member_id']));
IPSText::getTextClass('email')->subject = $this->lang->words['lp_random_pass_subject'] . ' ' . $this->settings['board_name'];
IPSText::getTextClass('email')->to = $member['email'];
IPSText::getTextClass('email')->sendMail();
$this->registry->output->setTitle($this->lang->words['activation_form']);
$this->output = $this->registry->getClass('output')->getTemplate('register')->showLostPassWaitRandom($member);
} else {
if ($_POST['pass1'] == "") {
$this->registry->output->showError('pass_blank', 10184);
}
if ($_POST['pass2'] == "") {
$this->registry->output->showError('pass_blank', 10185);
}
$pass_a = trim($this->request['pass1']);
$pass_b = trim($this->request['pass2']);
if (strlen($pass_a) < 3) {
$this->registry->output->showError('pass_too_short', 10186);
}
if ($pass_a != $pass_b) {
$this->registry->output->showError('pass_no_match', 10187);
}
$new_pass = md5($pass_a);
/* Update Member Array */
$save_array = array();
/* Generate a new salt */
$salt = IPSMember::generatePasswordSalt(5);
$salt = str_replace('\\', "\\\\", $salt);
/* New log in key */
$key = IPSMember::generateAutoLoginKey();
/* Update Array */
$save_array['members_pass_salt'] = $salt;
$save_array['members_pass_hash'] = md5(md5($salt) . $new_pass);
$save_array['member_login_key'] = $key;
$save_array['member_login_key_expire'] = $this->settings['login_key_expire'] * 60 * 60 * 24;
$save_array['failed_logins'] = null;
$save_array['failed_login_count'] = 0;
/* Change the password */
require_once IPS_ROOT_PATH . 'sources/handlers/han_login.php';
$this->han_login = new han_login($this->registry);
$this->han_login->init();
$this->han_login->changePass($member['email'], md5($new_pass));
//-----------------------------------------
// We'll ignore any remote errors
//-----------------------------------------
if ($this->han_login->return_code != 'METHOD_NOT_DEFINED' and $this->han_login->return_code != 'SUCCESS') {
// Pass not changed remotely
}
/* Update the member */
IPSMember::save($member['member_id'], array('members' => $save_array));
/* Remove "dead" validation */
$this->DB->delete('validating', "vid='{$validate['vid']}' OR (member_id={$member['member_id']} AND lost_pass=1)");
$this->registry->output->silentRedirect($this->settings['base_url'] . '&app=core&module=global§ion=login&do=autologin&frompass=1');
}
}
}
