public function loginValidate()
{
// Remove old login attempts
$this->db->delete("loginattempts")->condition("attempt_time", time() - 1200, "<")->execute();
// Are we locked out still?
$results = $this->db->select("loginattempts")->fields("loginattempts", array("attempt_ip"))->condition("attempt_ip", $_SERVER['REMOTE_ADDR'])->execute()->fetchAll();
if (count($results) > 5) {
kxFunc::showError(_gettext('System lockout'), _gettext('Sorry, because of your numerous failed logins, you have been locked out from logging in for 20 minutes. Please wait and then try again.'));
} else {
// Find users with the username supplied to us
$results = $this->db->select("staff")->fields("staff", array("user_id", "user_name", "user_password", "user_salt"))->condition("user_name", $this->request['username'])->execute()->fetchAll();
if (count($results) > 0) {
if (md5($this->request['password'] . $results[0]->user_salt) == $results[0]->user_password) {
// Let's make our session
$session_id = md5(uniqid(microtime()));
$this->request['sid'] = $session_id;
// Delete any sessions that already exist for this user
$this->db->delete("manage_sessions")->condition("session_staff_id", $results[0]->user_id)->execute();
// Insert our new values
$this->db->insert("manage_sessions")->fields(array('session_id' => $session_id, 'session_ip' => $_SERVER['REMOTE_ADDR'], 'session_staff_id' => $results[0]->user_id, 'session_location' => "index", 'session_log_in_time' => time(), 'session_last_action' => time(), 'session_url' => ""))->execute();
// Set the cookies so ajax functions will load
$this->SetModerationCookies();
//$this->environment->get('kx:classes:core:logging:id')->manageLog(_gettext('Logged in'), 1);
// Let's figure out where we need to go
$whereto = "";
// Unfiltered on purpose
if ($_POST['qstring']) {
$whereto = stripslashes($_POST['qstring']);
$whereto = str_replace(kxEnv::Get('kx:paths:script:path'), "", $whereto);
$whereto = str_ireplace("?manage.php", "", $whereto);
$whereto = ltrim($whereto, '?');
$whereto = preg_replace("/sid=(\\w){32}/", "", $whereto);
$whereto = str_replace(array('old_&', 'old_&'), "", $whereto);
$whereto = str_replace("module=login", "", $whereto);
$whereto = str_replace("do=login-validate", "", $whereto);
$whereto = str_replace('&', '&', $whereto);
$whereto = preg_replace("/&{1,}/", "&", $whereto);
}
$url = kxEnv::Get('kx:paths:script:path') . kxEnv::Get('kx:paths:script:folder') . '/manage.php?sid=' . $session_id . '&' . $whereto;
if (!empty($_COOKIE['use_frames'])) {
$twigData['url'] = $url;
kxTemplate::output("manage/frames", $twigData);
} else {
kxFunc::doRedirect($url, true);
}
exit;
} else {
$this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute();
$this->showForm(_gettext('Incorrect username/password.'));
}
} else {
$this->db->insert("loginattempts")->fields(array('attempt_name' => $this->request['username'], 'attempt_ip' => $_SERVER['REMOTE_ADDR'], 'attempt_time' => time()))->execute();
$this->showForm(_gettext('Incorrect username/password.'));
}
}
}
public function exec(kxEnv $environment)
{
// Before we do anything, let's check if we even have any board info
if (!$this->request['board']) {
die;
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Grabing essential data about the board
$boardType = $this->db->select("boards")->fields("boards", array("board_type"))->condition("board_name", $this->request['board'])->execute()->fetchField();
// Uh oh! Someone's being naughty! Silently redirect them to the mainpage if they supply us with a non-existing board.
if ($boardType === false) {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
//Check against our built-in board types.
if (in_array($boardType, array(0, 1, 2, 3))) {
$types = array('image', 'text', 'oekaki', 'upload');
$module_to_load = $types[$boardType];
} else {
$result = $this->db->select("modules")->fields("modules", array("module_variables", "module_directory"))->condition("module_application", 1)->execute()->fetchAll();
foreach ($result as $line) {
$varibles = unserialize($line->module_variables);
if (isset($variables['board_type_id']) && $variables['board_type_id'] == $boardType) {
$module_to_load = $line->module_directory;
}
}
}
// Module loading time!
$moduledir = kxFunc::getAppDir("board") . '/modules/public/' . $module_to_load . '/';
if (file_exists($moduledir . $module_to_load . '.php')) {
require_once $moduledir . $module_to_load . '.php';
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Some routine checks...
$className = "public_board_" . $module_to_load . "_" . $module_to_load;
if (class_exists($className)) {
$module_class = new ReflectionClass($className);
if ($module_class->isSubClassOf(new ReflectionClass('kxCmd'))) {
$this->_boardClass = $module_class->newInstance($this->environment);
$this->_boardClass->execute($this->environment);
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
} else {
kxFunc::doRedirect(kxEnv::Get('kx:paths:main:webpath'));
}
// Include our posting class
require_once kxFunc::getAppDir('core') . '/classes/posting.php';
$this->_postingClass = new posting($this->environment);
$this->environment->set('kx:classes:board:posting:id', $this->_postingClass);
// Phew, that's over with. Let's now prepare our post for generation.
//Are we UTF-8?
$this->_postingClass->checkUTF8();
// Is post valid according to our board's spec?
if ($this->_boardClass->validPost()) {
$this->db->startTransaction();
// Do we have files?
$this->postData['files'] = isset($_FILES['imagefile']) ? $_FILES['imagefile']['name'] : '';
// Backwards compatability hack for dumpers that don't support multifile uploading
if ($this->postData['files'] && !is_array($this->postData['files'])) {
foreach ($_FILES['imagefile'] as $key => $value) {
$_FILES['imagefile'][$key] = array($value);
}
$this->postData['files'] = array($_FILES['imagefile']['name'][0]);
}
$this->postData['is_reply'] = $this->_postingClass->isReply($this->_boardClass->board->board_id);
$this->_postingClass->checkPostingTime($this->postData['is_reply'], $this->_boardClass->board->board_id);
$this->_postingClass->checkMessageLength($this->_boardClass->board->max_message_length);
$this->_postingClass->checkBlacklistedText($this->_boardClass->board->board_id);
$this->_postingClass->checkCaptcha($this->_boardClass->board, $this->postData);
$this->_postingClass->checkBannedHash($this->_boardClass->board);
//How many replies, is the thread locked, etc
if ($this->postData['is_reply']) {
$this->postData['thread_info'] = $this->_postingClass->threadInfo($this->_boardClass->board_id, $this->request['replythread']);
} else {
$this->postData['thread_info'] = array('replies' => 0, 'locked' => 0, 'parent' => 0);
}
// Subject, email, etc fields need special processing
$this->postData['post_fields'] = $this->_postingClass->parseFields();
$this->postData['post_fields']['postpassword'] = isset($this->request['postpassword']) ? $this->request['postpassword'] : '';
$nextid = $this->db->select("posts")->fields("posts", array("post_id"))->condition("post_board", $this->_boardClass->board->board_id)->execute()->fetchField();
if ($nextid) {
$this->postData['next_id'] = $nextid + 1;
} else {
$this->postData['next_id'] = 1;
}
// Are we modposting?
$this->postData['user_authority'] = $this->_postingClass->userAuthority();
if (isset($this->request['displaystaffstatus'])) {
$this->postData['flags'] .= 'D';
}
if (isset($this->request['lockonpost'])) {
$this->postData['flags'] .= 'L';
}
if (isset($this->request['stickyonpost'])) {
$this->postData['flags'] .= 'S';
}
if (isset($this->request['rawhtml'])) {
$this->postData['flags'] .= 'RH';
}
if (isset($this->request['usestaffname'])) {
$this->postData['flags'] .= 'N';
}
$this->postData['display_status'] = 0;
$this->postData['lock_on_post'] = 0;
$this->postData['sticky_on_post'] = 0;
// If they are just a normal user, or vip...
if ($this->postData['user_authority'] == 0 || $this->postData['user_authority'] > 2) {
// If the thread is locked
if ($this->postData['thread_info']['locked'] == 1) {
// Don't let the user post
kxFunc::showError(_gettext('Sorry, this thread is locked and can not be replied to.'));
}
$this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']);
// Or, if they are a moderator/administrator...
} else {
// If they checked the D checkbox, set the variable to tell the script to display their staff status (Admin/Mod) on the post during insertion
if (isset($this->request['displaystaffstatus'])) {
$this->postData['display_status'] = true;
}
// If they checked the RH checkbox, set the variable to tell the script to insert the post as-is...
if (isset($this->request['rawhtml'])) {
$this->postData['thread_info']['message'] = $this->request['message'];
// Otherwise, parse it as usual...
} else {
$this->postData['thread_info']['message'] = $this->_boardClass->parseData($this->request['message']);
}
// If they checked the L checkbox, set the variable to tell the script to lock the post after insertion
if (isset($this->request['lockonpost'])) {
$this->postData['lock_on_post'] = true;
}
// If they checked the S checkbox, set the variable to tell the script to sticky the post after insertion
if (isset($this->request['stickyonpost'])) {
$this->postData['sticky_on_post'] = true;
}
if (isset($this->request['usestaffname'])) {
$_POST['name'] = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed'));
$post_name = kxFunc::md5_decrypt($this->request['modpassword'], kxEnv::Get('kx:misc:randomseed'));
}
}
//kxFunc::checkBadUnicode($this->postData['post_fields']);
$this->_boardClass->processPost($this->postData);
$url = kxEnv::Get("kx:paths:boards:path") . '/' . $this->_boardClass->board->board_name;
if (!$this->postData['is_reply']) {
$url .= '/' . kxEnv::Get('kx:pages:first');
} else {
$url .= '/res/' . intval($this->request['replythread']) . '.html';
}
@header('Location: ' . $url);
}
}
