/**
* @return void
* @param
* @param
* @desc A generic function, that can be used by all programs. Does all the basic login stuff.
*/
function initProgramlib($ctype = null)
{
global $gbl, $sgbl, $login, $ghtml;
// /*
// --- solution for some scripts running well in slave
// REVERT - back to original
if ($sgbl->is_this_slave()) {
print "This is a Slave Server. Operate it at the Master server.\n";
exit;
}
// */
static $var = 0;
$var++;
$progname = $sgbl->__var_program_name;
lfile_put_contents($sgbl->__var_error_file, "");
set_exception_handler("lx_exception_handler");
//xdebug_disable();
set_error_handler("lx_error_handler");
//setcookie("XDEBUG_SESSION", "sess");
if ($var >= 2) {
dprint("initProgramlib called twice \n <br> ");
}
if ($ctype === 'superadmin') {
$sgbl->__var_dbf = $sgbl->__path_supernode_db;
$sgbl->__path_admin_pass = $sgbl->__path_super_pass;
$sgbl->__var_admin_user = $sgbl->__var_super_user;
$login = new SuperClient(null, null, 'superadmin', 'login', 'forced');
$login->get();
return;
} else {
if ($ctype === "guest") {
$login = new Client(null, null, "____________", "guest");
$login->get();
return;
} else {
if ($ctype != "") {
$login = new Client(null, null, $ctype, "login", "forced");
$login->get();
return;
}
}
}
$sessobj = null;
if ($ghtml->frm_consumedlogin === 'true') {
$clientname = $_COOKIE["{$progname}-consumed-clientname"];
$classname = $_COOKIE["{$progname}-consumed-classname"];
$session_id = $_COOKIE["{$progname}-consumed-session-id"];
get_login($classname, $clientname);
$login->__session_id = $session_id;
$sessobj = $login->getObject('ssession');
} else {
if (isset($_COOKIE["{$progname}-session-id"])) {
$clientname = $_COOKIE["{$progname}-clientname"];
$classname = $_COOKIE["{$progname}-classname"];
$session_id = $_COOKIE["{$progname}-session-id"];
if ($classname === 'superclient') {
$sgbl->__var_dbf = $sgbl->__path_supernode_db;
$sgbl->__path_admin_pass = $sgbl->__path_super_pass;
$sgbl->__var_admin_user = $sgbl->__var_super_user;
}
if ($classname === 'slave') {
$sgbl->__var_dbf = $sgbl->__path_slave_db;
}
if ($classname) {
get_login($classname, $clientname);
$login->__session_id = $session_id;
$sessobj = $login->getObject('ssession');
}
}
}
if (!$sessobj || $sessobj->dbaction === 'add') {
if ($ghtml->frm_ssl) {
$ssl = unserialize(base64_decode($ghtml->frm_ssl));
$string = $ssl['string'];
$ssl_param = $ssl['ssl_param'];
$encrypted_string = base64_decode($ssl['encrypted_string']);
if (!$string || !checkPublicKey($string, $encrypted_string)) {
print "SSL Connection Failed <br> \n";
exit;
}
$class = 'client';
$clientname = 'admin';
get_login($class, $clientname);
do_login($class, $clientname, $ssl_param);
$sessobj = $gbl->c_session;
$sessobj->write();
$sessobj->dbaction = 'clean';
}
}
//get_savedlogin($classname, $clientname);
//print_time('login_get', "Login Get");
//dprintr($login);
//avoid some php warnings
if (isset($login)) {
$gbl->client = $login->nname;
$gbl->client_ttype = $login->cttype;
}
//dprintr($login->hpfilter);
// This means the session object got created fresh.
if (!$sessobj || $sessobj->dbaction === 'add') {
dprint("Session id is empty. Clearing cookies and redirect to login.");
clear_all_cookie();
$ghtml->print_redirect_self("/login/");
}
$gbl->c_session = $sessobj;
if ($login->getClName() !== $sessobj->parent_clname) {
dprint_r($login->ssession_l);
dprint(" <br> {$session_id} <br> <br> <br> ");
print "Session error! Login again.";
clear_all_cookie();
$ghtml->print_redirect_self("/login/?frm_emessage=sessionname_not_client");
}
$gen = $login->getObject('general')->generalmisc_b;
if (!$gen->isOn('disableipcheck') && $_SERVER['REMOTE_ADDR'] != $sessobj->ip_address) {
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
log_message("An attempt to hack from {$hostname} (" . $_SERVER['REMOTE_ADDR'] . ") with sess {$sessobj->nname}, session ip: {$sessobj->ip_address}");
if ($gen->isOn('disableipcheck')) {
} else {
clear_all_cookie();
if ($gbl->c_session->ssl_param) {
$sessobj->delete();
$sessobj->write();
$ghtml->print_redirect("{$gbl->c_session->ssl_param['backurl']}&frm_emessage=ipaddress_changed_amidst_session");
} else {
$ghtml->print_redirect_self("/login/?frm_emessage=ipaddress_changed_amidst_session");
}
}
}
if (intval($login->getSpecialObject('sp_specialplay')->ssession_timeout) <= 100) {
$login->getSpecialObject('sp_specialplay')->ssession_timeout = 100;
$login->setUpdateSubaction();
}
$timeout = $sessobj->last_access + $login->getSpecialObject('sp_specialplay')->ssession_timeout;
$sessobj->timeout = $timeout;
//$timeout = $sessobj->last_access + 4;
$sessobj->last_access = time();
$sessobj->setUpdateSubaction();
if ($sessobj->auxiliary_id) {
$aux = new Auxiliary(null, null, $sessobj->auxiliary_id);
$aux->get();
$login->__auxiliary_object = $aux;
}
if (time() > $timeout) {
$sessobj->delete();
$sessobj->write();
//print("session error timeout");
if ($gbl->c_session->ssl_param) {
$ghtml->print_redirect("{$gbl->c_session->ssl_param['backurl']}&frm_emessage=session_timeout");
} else {
$ghtml->print_redirect_self("/login/?frm_emessage=session_timeout");
}
}
addToUtmp($sessobj, 'update');
}
function do_get_new_updates()
{
include_once MCWD . '/include/login.php';
do_login();
$out = array('pm_notices' => get_pm_unread(), 'sub_notices' => get_sub_thread_updates());
vB_User::processLogout();
return $out;
}
public function receive() {
global $config, $user;
if (request_method() != 'post') {
redirect(s_link());
}
// Init member
$user->init();
if (!$user->is('member')) {
do_login();
}
$this->ref = request_var('ref', $user->d('session_page'), true);
if (preg_match('#([0-9a-z\-]+)\.(.*?)\.([a-z]+){1,3}(/(.*?))?$#i', $this->ref, $part) && ($part[1] != 'www')) {
$this->ref = '//' . $part[2] . '.' . $part[3] . '/a/' . $part[1] . $part[4];
}
$this->store();
redirect($this->ref);
}
function do_logout($return = FALSE)
{
/* logout - destroy session data */
global $hide_dispatched, $hide_status_groups;
@session_start();
$_SESSION['expires'] = 0;
if (array_key_exists('user_id', $_SESSION)) {
// 7/27/10 - 8/10/10
$query = "DELETE FROM `{$GLOBALS['mysql_prefix']}ticket` WHERE `status` = {$GLOBALS['STATUS_RESERVED']} AND `_by` = {$_SESSION['user_id']};";
//8/10/10
$result = mysql_query($query);
}
$sid = session_id();
// 1/8/10
$query = "UPDATE `{$GLOBALS['mysql_prefix']}user` SET \n\t\t`sid` = NULL, \n\t\t`expires` = NULL \n\t\tWHERE `{$GLOBALS['mysql_prefix']}user`.`sid` = '{$sid}' LIMIT 1 ;";
// 8/10/10
$result = mysql_query($query);
// toss any error
$the_id = array_key_exists('user_id', $_SESSION) ? $_SESSION['user_id'] : 0;
// possibly already logged out
do_log($GLOBALS['LOG_SIGN_OUT'], 0, 0, $the_id);
// log this logout
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, '/');
}
// 8/25/10
unset($sid);
$_SESSION = array();
@session_destroy();
// 2/18/08
if ($return) {
return;
}
do_login('main.php', TRUE);
// wait for login
}
$sql = sql_query(" SELECT id FROM `users` WHERE email='{$email1}' LIMIT 1 ");
if (sql_count($sql) > 0) {
notices_set('Email already in use, please use a different email or reset your password', 'error');
$terror = true;
}
//last error check
if ($terror) {
//exit script
echo notices_get();
return false;
}
//create password
$hash_token = password_hash_create();
//creates a users unique hash
$password = password_encrypt($password1, $hash_token);
//create account confirm
$confirm = confirm_token_create($email1);
//add to database
sql_query(" INSERT INTO `users` (hash_token, email, password, confirm) VALUES('{$hash_token}', '{$email1}', '{$password}', '{$confirm}') ");
//set notices
notices_set('Account successfully created!', 'success');
//send email
email_send('register', 'Welcome to Planling!', array($email1 => $email1), array('{{%LINK%}}' => 'http://' . MAIN_URL . '/verify?e=' . $email1 . '&t=' . $confirm));
//log the user in
if (do_login($email1, $password1)) {
$main_data = set_main_data();
} else {
return false;
}
//success
return true;
$error_msg = $lang['users_msg_forbidden_chars'];
}
} else {
$error_msg = $lang['users_msg_values_length_short'];
}
} else {
$error_msg = $lang['users_msg_wrong_antispam_num'];
}
} else {
$error_msg = $lang['users_msg_empty_values'];
}
$var = array('username' => $_POST['username'], 'email' => $_POST['email']);
login_screen($lang['login_registration'], $error_msg, 'error');
} elseif (isset($_POST['action']) && $_POST['action'] == 'login') {
if (preg_match('/^[_ a-zA-Z0-9\\.\\-]+$/', $_POST['user_login']) && !empty($_POST['user_login']) && !empty($_POST['user_pass'])) {
do_login($_POST['user_login'], $_POST['user_pass'], $_POST['perm_login']);
if ($_SESSION['mn_logged']) {
if (isset($_POST['redir'])) {
header('location: ' . $_POST['redir']);
exit;
} else {
header('location: ./');
exit;
}
} elseif (isset($_SESSION['login_error'])) {
login_screen($lang['login_login'], $lang['login_msg_status_' . $_SESSION['login_error']], 'warning');
} else {
login_screen($lang['login_login'], $lang['login_msg_login_error'], 'error');
}
} else {
login_screen($lang['login_login'], $lang['login_msg_login_error'], 'error');
function print_index()
{
global $gbl, $sgbl, $ghtml, $login;
ob_start();
print_time('index');
$cgi_clientname = $ghtml->frm_clientname;
Htmllib::checkForScript($cgi_clientname);
$cgi_class = $ghtml->frm_class;
if (!$cgi_class) {
$cgi_class = getClassFromName($cgi_clientname);
}
$cgi_password = $ghtml->frm_password;
$cgi_forgotpwd = $ghtml->frm_forgotpwd;
$cgi_email = $ghtml->frm_email;
$cgi_key = $ghtml->frm_login_key;
if (!$cgi_password || !$cgi_clientname) {
$ghtml->print_redirect("/login/?frm_emessage=login_error");
}
$cgi_classname = 'client';
if ($cgi_class) {
$cgi_classname = $cgi_class;
}
if ($cgi_clientname == "" || $cgi_password == "" && $cgi_key == "") {
$cgi_forgotpwd = $ghtml->frm_forgotpwd;
return;
}
$ip = $_SERVER['REMOTE_ADDR'];
if (!check_login_success($cgi_classname, $cgi_clientname, $cgi_password, $cgi_key)) {
return;
}
log_log("login_success", "Successful Login to {$cgi_clientname} from " . $_SERVER['REMOTE_ADDR']);
/*
try {
$att = $gbl->g->getFromList("loginattempt", $ip);
$att->delete();
} catch (Exception $e) {
}
*/
if (check_disable_admin($cgi_clientname)) {
$ghtml->print_redirect("/login/?frm_emessage=login_error");
exit;
}
if (get_login($cgi_classname, $cgi_clientname)) {
do_login($cgi_classname, $cgi_clientname);
$login->was();
check_blocked_ip();
$ghtml->print_redirect("/");
} else {
$ghtml->cgiset("frm_emessage", "login_error");
}
$cgi_forgotpwd = $ghtml->frm_forgotpwd;
}
public function object() {
global $auth, $user, $config, $comments, $upload;
$mode = request_var('mode', '');
switch ($mode) {
case 'view':
case 'fav':
case 'rsvp':
$download_id = request_var('download_id', 0);
if (!$download_id) {
redirect(s_link('events', $this->v('event_alias')));
}
switch ($mode) {
case 'view':
$sql = 'SELECT e.*, COUNT(e2.image) AS prev_images
FROM _events_images e, _events_images e2
WHERE e.event_id = ?
AND e.event_id = e2.event_id
AND e.image = ?
AND e2.image <= ?
GROUP BY e.image
ORDER BY e.image ASC';
$sql = sql_filter($sql, $this->v('id'), $download_id, $download_id);
break;
case 'rsvp':
$sql = '';
break;
default:
$sql = 'SELECT e2.*
FROM _events_images e2
LEFT JOIN _events e ON e.id = e2.event_id
WHERE e2.event_id = ?
AND e2.image = ?';
$sql = sql_filter($sql, $this->v('id'), $download_id);
break;
}
if (!empty($sql)) {
if (!$imagedata = sql_fieldrow($sql)) {
redirect(s_link('events', $this->v('event_alias')));
}
}
break;
}
switch ($mode) {
case 'fav':
if (!$user->is('member')) {
do_login();
}
$sql = 'SELECT *
FROM _events_fav
WHERE event_id = ?
AND image_id = ?
AND member_id = ?';
if ($row = sql_fieldrow(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')))) {
$sql = 'UPDATE _events_fav SET fav_date = ?
WHERE event_id = ?
AND image_id = ?';
sql_query(sql_filter($sql, time(), $this->v('id'), $imagedata['image']));
} else {
$sql_insert = array(
'event_id' => (int) $this->v('id'),
'image_id' => (int) $imagedata['image'],
'member_id' => (int) $user->d('user_id'),
'fav_date' => time()
);
sql_insert('events_fav', $sql_insert);
}
redirect(s_link('events', $this->v('event_alias'), $imagedata['image'], 'view'));
break;
case 'rsvp':
$choice = array_key(array_keys(request_var('choice', array(0 => ''))), 0);
$topic_id = $this->v('event_topic');
if (!$topic_id) {
fatal_error();
}
if (!$choice) {
redirect(s_link('events', $this->v('event_alias')));
}
if (!$user->is('member')) {
do_login();
}
$sql = 'SELECT vd.vote_id
FROM _poll_options vd, _poll_results vr
WHERE vd.topic_id = ?
AND vr.vote_id = vd.vote_id
AND vr.vote_option_id = ?
GROUP BY vd.vote_id';
if (!$vote_id = sql_field(sql_filter($sql, $topic_id, $choice), 'vote_id', 0)) {
fatal_error();
}
$sql = 'SELECT *
FROM _poll_voters
WHERE vote_id = ?
AND vote_user_id = ?';
if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) {
$sql = 'UPDATE _poll_results SET vote_result = vote_result + 1
WHERE vote_id = ?
AND vote_option_id = ?';
sql_query(sql_filter($sql, $vote_id, $choice));
$insert_vote = array(
'vote_id' => (int) $vote_id,
'vote_user_id' => (int) $user->d('user_id'),
'vote_user_ip' => $user->ip,
'vote_cast' => (int) $choice
);
sql_insert('poll_voters', $insert_vote);
}
redirect(s_link('events', $this->v('event_alias')));
break;
case 'view':
default:
/**
* Generate thumbnail for events list.
*/
if ($user->is('colab') && !$this->v('images') && _button('create_thumbnail')) {
$location_large = $config['events_path'] . 'future/' . $this->v('id') . '.jpg';
$location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg';
$x1 = request_var('x1', 0);
$y1 = request_var('y1', 0);
$x2 = request_var('x2', 0);
$y2 = request_var('y2', 0);
$w = request_var('w', 0);
$h = request_var('h', 0);
//Scale the image to the thumb_width set above
$scale = $config['events_thumb_width'] / $w;
$cropped = $upload->resizeThumbnailImage($location_mini, $location_large, $w, $h, $x1, $y1, $scale);
redirect(s_link('events'));
}
/**
* Normal operations
*/
$t_offset = request_var('offset', 0);
if ($mode == 'view') {
$sql = 'UPDATE _events_images
SET views = views + 1
WHERE event_id = ?
AND image = ?';
sql_query(sql_filter($sql, $this->v('id'), $imagedata['image']));
_style('selected', array(
'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $imagedata['image'] . '.jpg',
'WIDTH' => $imagedata['width'],
'HEIGHT' => $imagedata['height'],
'FOOTER' => $imagedata['image_footer'])
);
if ($user->is('founder')) {
_style('selected.update', array(
'URL' => s_link('async eif'),
'EID' => $this->v('id'),
'PID' => $imagedata['image'])
);
}
$is_fav = false;
if ($user->is('member')) {
$sql = 'SELECT member_id
FROM _events_fav
WHERE event_id = ?
AND image_id = ?
AND member_id = ?';
if (sql_field(sql_filter($sql, $this->v('id'), $imagedata['image'], $user->d('user_id')), 'member_id', 0)) {
$is_fav = true;
}
}
if (!$is_fav || !$user->is('member')) {
_style('selected.fav', array(
'URL' => s_link('events', $this->v('id'), $imagedata['image'], 'fav'))
);
}
} else {
if (!$t_offset && $user->is('founder')) {
$sql = 'UPDATE _events SET views = views + 1
WHERE id = ?';
sql_query(sql_filter($sql, $this->v('id')));
}
}
$sql = 'SELECT t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_featured, t.topic_points, t.topic_last_post_id, f.forum_alias, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote
FROM _forum_topics t, _forums f
WHERE t.topic_id = ?
AND f.forum_id = t.forum_id';
if (!$event_topic = sql_fieldrow(sql_filter($sql, $this->v('event_topic')))) {
fatal_error();
}
$mod_auth = $user->is('mod');
$error = w();
$forum_id = $event_topic['forum_id'];
$submit_reply = _button('post');
$reply = request_var('reply', 0);
if ($reply) {
$post_reply = request_var('p', 0);
$sql = 'SELECT p.*, u.user_id, u.username
FROM _forum_posts p, _members u
WHERE p.post_id = ?
AND u.user_id = p.poster_id
AND p.post_deleted = 0';
if (!$post_data = sql_fieldrow(sql_filter($sql, $post_reply))) {
redirect(s_link('events', $this->v('event_alias')));
}
}
$is_auth = $auth->forum(AUTH_ALL, $forum_id, $event_topic);
$u_event_alias = s_link('events', $this->v('event_alias'));
$u_event_publish = ($reply) ? s_link('events', $this->v('event_alias'), $post_reply, 'reply') : $u_event_alias;
if ($submit_reply) {
$auth_key = 'auth_reply';
if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) {
if (!$user->is('member')) {
do_login();
}
$can_reply_closed = $auth->option(array('forum', 'topics', 'delete'));
if (!$can_reply_closed && ($event_topic['forum_locked'] || $event_topic['topic_locked'])) {
$error[] = 'TOPIC_LOCKED';
}
if (sizeof($error)) {
redirect($u_event_alias);
}
}
$post_message = request_var('message', '', true);
if ($reply) {
$post_reply_message = request_var('reply_message', '', true);
}
// Check message
if (empty($post_message)) {
$error[] = 'EMPTY_MESSAGE';
}
if (sizeof($error)) {
redirect($u_event_alias);
}
if (!$mod_auth) {
$sql = 'SELECT MAX(post_time) AS last_post_time
FROM _forum_posts
WHERE poster_id = ?';
if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
$error[] = 'FLOOD_ERROR';
}
}
}
if (sizeof($error)) {
redirect($u_event_alias);
}
$update_topic = w();
if (strstr($post_message, '-Anuncio-') && $user->is('mod')) {
$topic_announce = 1;
$post_message = str_replace('-Anuncio-', '', $post_message);
$update_topic['topic_announce'] = $topic_announce;
}
if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
$topic_locked = 1;
$post_message = str_replace('-Cerrado-', '', $post_message);
$update_topic['topic_locked'] = $topic_locked;
}
$post_message = $comments->prepare($post_message);
if ($reply && $post_reply_message != '') {
$post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message);
}
if ($reply && empty($post_reply_message)) {
$post_reply_message = '...';
}
if ($reply && $post_reply_message != '') {
$post_message = '<blockquote><strong>' . $post_data['username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message;
} else {
$reply = 0;
}
$insert_data = array(
'topic_id' => (int) $this->v('event_topic'),
'forum_id' => (int) $forum_id,
'poster_id' => (int) $user->d('user_id'),
'post_time' => time(),
'poster_ip' => $user->ip,
'post_text' => $post_message,
'post_np' => ''
);
if ($reply) {
$insert_data['post_reply'] = $post_reply;
}
$post_id = sql_insert('forum_posts', $insert_data);
$user->delete_unread(UH_T, $this->v('event_topic'));
$user->save_unread(UH_T, $this->v('event_topic'));
//
$a_list = forum_for_team_list($forum_id);
if (count($a_list)) {
$sql_delete_unread = 'DELETE FROM _members_unread
WHERE element = ?
AND item = ?
AND user_id NOT IN (??)';
sql_query(sql_filter($sql, 8, $this->v('event_topic'), implode(', ', $a_list)));
}
$update_topic['topic_last_post_id'] = $post_id;
if ($topic_locked) {
topic_feature($topic_id, 0);
}
$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?
WHERE forum_id = ?';
sql_query(sql_filter($sql, $this->v('event_topic'), $forum_id));
$sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter('
WHERE topic_id = ?', $this->v('event_topic'));
sql_query($sql);
$sql = 'UPDATE _members SET user_posts = user_posts + 1
WHERE user_id = ?';
sql_query(sql_filter($sql, $user->d('user_id')));
redirect($u_event_alias);
}
// Get event thumbnails
$t_per_page = 18;
if ($mode == 'view' && $download_id) {
$val = 1;
$sql = 'SELECT MAX(image) AS total
FROM _events_images
WHERE event_id = ?';
if ($maximage = sql_field(sql_filter($sql, $this->v('id')), 'total', 0)) {
$val = ($download_id == $maximage) ? 2 : 1;
}
$t_offset = floor(($imagedata['prev_images'] - $val) / $t_per_page) * $t_per_page;
}
if ($this->v('images')) {
$exception_sql = (isset($download_id) && $download_id) ? sql_filter(' AND g.image <> ? ', $download_id) : '';
$sql = 'SELECT g.*
FROM _events e, _events_images g
WHERE e.id = ?
AND e.id = g.event_id ' .
$exception_sql . '
ORDER BY g.image ASC
LIMIT ??, ??';
if (!$result = sql_rowset(sql_filter($sql, $this->v('id'), $t_offset, $t_per_page))) {
redirect(s_link('events', $this->v('id')));
}
build_num_pagination(s_link('events', $this->v('id'), 's%d'), $this->v('images'), $t_per_page, $t_offset, 'IMG_');
_style('thumbnails');
foreach ($result as $row) {
_style('thumbnails.item', array(
'URL' => s_link('events', $this->v('event_alias'), $row['image'], 'view'),
'IMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/thumbnails/' . $row['image'] . '.jpg',
'RIMAGE' => $config['events_url'] . 'gallery/' . $this->v('id') . '/' . $row['image'] . '.jpg',
'FOOTER' => $row['image_footer'],
'WIDTH' => $row['width'],
'HEIGHT' => $row['height'])
);
}
// Credits
$sql = 'SELECT *
FROM _events_colab c, _members m
WHERE c.colab_event = ?
AND c.colab_uid = m.user_id
ORDER BY m.username';
if ($result = sql_rowset(sql_filter($sql, $this->v('id')))) {
_style('collab');
foreach ($result as $row) {
_style('collab.row', array(
'PROFILE' => s_link('m', $row['username_base']),
'USERNAME' => $row['username'])
);
}
}
} else {
_style('event_flyer', array(
'IMAGE_SRC' => $config['events_url'] . 'future/' . $this->v('id') . '.jpg?u=' . $this->v('event_update'))
);
$location_mini = $config['events_path'] . 'mini/' . $this->v('id') . '.jpg';
if ($user->is('colab') && !$this->v('images') && !@file_exists($location_mini)) {
$large_filepath = $config['events_path'] . 'future/' . $this->v('id') . '.jpg';
_style('event_flyer.thumbnail', array(
'ACTION' => $u_event_alias,
'SCALE' => ($config['events_thumb_height'] / $config['events_thumb_width']),
'THUMB_WIDTH' => $config['events_thumb_width'],
'THUMB_HEIGHT' => $config['events_thumb_height'],
'LARGE_WIDTH' => $upload->getWidth($large_filepath),
'LARGE_HEIGHT' => $upload->getHeight($large_filepath)
));
}
}
list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $user->timezone + $user->dst));
$midnight = gmmktime(0, 0, 0, $m, $d, $y) - $user->timezone - $user->dst;
$event_date = $user->format_date($this->v('date'), 'j F Y \a \l\a\s H:i') . ' horas.';
if ($this->v('date') >= $midnight) {
if ($this->v('date') >= $midnight && $this->v('date') < $midnight + 86400) {
$event_date_format = lang('event_today');
} else if ($this->v('date') >= $midnight + 86400 && $this->v('date') < $midnight + (86400 * 2)) {
$event_date_format = lang('event_tomorrow');
} else {
$event_date_format = sprintf(lang('event_after'), $event_date);
}
} else {
if ($this->v('date') >= ($midnight - 86400)) {
$event_date_format = lang('event_yesterday');
} else {
$event_date_format = sprintf(lang('event_before'), $event_date);
}
}
v_style(array(
'EVENT_NAME' => $this->v('title'),
'EVENT_DATE' => $event_date_format,
'EVENT_URL' => $u_event_alias,
'EVENT_PUBLISH' => $u_event_publish)
);
$posts_offset = request_var('ps', 0);
$topic_id = $this->v('event_topic');
// START RSVP
if ($topic_id) {
$sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result
FROM _poll_options vd, _poll_results vr
WHERE vd.topic_id = ?
AND vr.vote_id = vd.vote_id
ORDER BY vr.vote_option_order, vr.vote_option_id ASC';
if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) {
$sql = 'SELECT vote_id
FROM _poll_voters
WHERE vote_id = ?
AND vote_user_id = ?';
$user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0);
$poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < time()) ? true : false) : false;
_style('poll', array(
'POLL_TITLE' => $vote_info[0]['vote_text'])
);
if ($user_voted || $poll_expired) {
_style('poll.results');
foreach ($vote_info as $row) {
if ($this->v('date') >= $midnight) {
$caption = ($row['vote_result'] == 1) ? lang('rsvp_future_one') : lang('rsvp_future_more');
} else {
$caption = ($row['vote_result'] == 1) ? lang('rsvp_past_one') : lang('rsvp_past_more');
}
_style('poll.results.item', array(
'CAPTION' => $caption,
'RESULT' => $row['vote_result'])
);
break;
}
} else {
_style('poll.options', array(
'S_VOTE_ACTION' => s_link('events', $this->v('event_alias'), 1, 'rsvp'))
);
foreach ($vote_info as $row) {
$caption = ($this->v('date') >= $midnight) ? lang('rsvp_future') : lang('rsvp_past');
_style('poll.options.item', array(
'ID' => $row['vote_option_id'],
'CAPTION' => $caption)
);
break;
}
}
}
}
// END RSVP
$sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank
FROM _forum_posts p, _members u
WHERE p.topic_id = ?
AND u.user_id = p.poster_id
AND p.post_deleted = 0
ORDER BY p.post_time DESC
LIMIT ??, ??';
if (!$messages = sql_rowset(sql_filter($sql, $topic_id, $posts_offset, $config['posts_per_page']))) {
redirect(s_link('events', $this->v('event_alias')));
}
if (!$posts_offset) {
//unset($messages[0]);
}
$i = 0;
foreach ($messages as $row) {
if (!$i) {
$controls = w();
$user_profile = w();
$unset_user_profile = array('user_id', 'user_posts', 'user_gender');
_style('messages');
}
if ($user->is('member')) {
$controls[$row['post_id']]['reply'] = s_link('events', $this->v('event_alias'), $row['post_id'], 'reply');
if ($mod_auth) {
$controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id']));
$controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id']));
}
}
$user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile);
$data = array(
'POST_ID' => $row['post_id'],
'DATETIME' => $user->format_date($row['post_time']),
'MESSAGE' => $comments->parse_message($row['post_text']),
'PLAYING' => $row['post_np'],
'DELETED' => $row['post_deleted']
);
foreach ($user_profile[$row['user_id']] as $key => $value) {
$data[strtoupper($key)] = $value;
}
_style('messages.row', $data);
if (isset($controls[$row['post_id']])) {
_style('messages.row.controls');
foreach ($controls[$row['post_id']] as $item => $url) {
_style('messages.row.controls.' . $item, array(
'URL' => $url)
);
}
}
$i++;
}
build_num_pagination(s_link('events', $this->v('event_alias'), 'ps%d'), $event_topic['topic_replies'], $config['posts_per_page'], $posts_offset, 'MSG_');
$publish_ref = ($posts_offset) ? s_link('events', $this->v('event_alias'), 's' . $t_offset) : s_link('events', $this->v('event_alias'));
// Posting box
if ($user->is('member')) {
_style('publish', array(
'REF' => $publish_ref)
);
if ($reply) {
if (empty($post_reply_message)) {
$post_reply_message = $comments->remove_quotes($post_data['post_text']);
}
if (!empty($post_reply_message)) {
$rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is');
$post_reply_message = preg_replace($rx, '', $post_reply_message);
}
if (empty($post_reply_message)) {
$post_reply_message = '...';
}
_style('publish.reply', array(
'MESSAGE' => $post_reply_message)
);
}
}
break;
}
$this->_title = $this->v('title');
$this->_template = 'events.view';
return true;
}
public function user_ban() {
global $user;
if (!$user->is('member')) {
do_login();
}
if ($user->d('user_id') == $this->data['user_id']) {
redirect(s_link('m', $this->data['username_base']));
}
if ($epbi) {
fatal_error();
}
$sql = 'SELECT ban_id
FROM _members_ban
WHERE user_id = ?
AND banned_user = ?';
if ($row = sql_fieldrow(sql_filter($sql, $user->d('user_id'), $this->data['user_id']))) {
$sql = 'DELETE FROM _members_ban
WHERE ban_id = ?';
sql_query(sql_filter($sql, $row['ban_id']));
redirect(s_link('m', $this->data['username_base']));
}
$sql_insert = array(
'user_id' => $user->d('user_id'),
'banned_user' => $this->data['user_id'],
'ban_time' => $user->time
);
sql_insert('members_ban', $sql_insert);
$sql = 'DELETE FROM _members_friends
WHERE user_id = ?
AND buddy_id = ?';
sql_query(sql_filter($sql, $user->d('user_id'), $this->data['user_id']));
$sql = 'DELETE FROM _members_friends
WHERE user_id = ?
AND buddy_id = ?';
sql_query(sql_filter($sql, $this->data['user_id'], $user->d('user_id')));
$sql = 'DELETE FROM _members_viewers
WHERE user_id = ?
AND viewer_id = ?';
sql_query(sql_filter($sql, $this->data['user_id'], $user->d('user_id')));
redirect(s_link('m', $this->data['username_base']));
}
function process($user, $msg)
{
$action = unwrap($msg);
say("< " . $action);
$request_body = json_decode($action, true);
if (empty($request_body)) {
say("ERROR: invalid request body");
return;
}
if (!array_key_exists("method", $request_body) || !array_key_exists("resource", $request_body) || !array_key_exists("msg_id", $request_body)) {
say("ERROR: missing mandatory property");
return;
}
$method = $request_body["method"];
$resource = $request_body["resource"];
$result = NULL;
if ($method == "POST" && $resource == "/user") {
$result = do_signup($request_body);
} else {
if ($method == "POST" && $resource == "/contact") {
say("process login");
$result = do_login($request_body, $user);
} else {
if ($method == "GET" && $resource == "/contact") {
say("process whoisonline");
$result = do_whoisonline($user);
} else {
if ($method == "DELETE" && $resource == "/contact") {
say("process logout");
$result = do_logout($user);
} else {
if ($method == "NOTIFY" && $resource == "/contact") {
say("process notify");
$result = do_notify($request_body, $user);
} else {
if ($resource != "/user" && $resource != "/contact") {
if ($method == "POST") {
$result = do_post_resource($request_body, $user);
} else {
if ($method == "PUT") {
$result = do_put_resource($request_body, $user);
} else {
if ($method == "GET") {
$result = do_get_resource($request_body, $user);
} else {
if ($method == "DELETE") {
$result = do_delete_resource($request_body, $user);
} else {
if ($method == "SUBSCRIBE") {
$result = do_subscribe_resource($request_body, $user);
} else {
if ($method == "NOTIFY") {
$result = do_publish_resource($request_body, $user);
}
}
}
}
}
}
} else {
// this is an unknown request
$result = array("code" => "failed", "reason" => "unknown command " . $method . " " . $resource);
}
}
}
}
}
}
$result['msg_id'] = $request_body['msg_id'];
header("Content-type: application/json");
$param = json_encode($result);
send($user->socket, $param);
}
function handleAction()
{
global $uid, $formhash;
$status = -1;
$msg = '未登录!';
$data = array('time' => time());
if ($_SERVER['HTTP_USER_AGENT'] != 'Android Client For Tieba Signer') {
exit(json_encode(array('status' => -2, 'msg' => '非法操作', 'data' => $data)));
} else {
if ($_GET['a'] == 'api_info') {
$status = 0;
$data = array('version' => '1.0.0', 'site' => $_SERVER["HTTP_HOST"]);
} elseif ($_GET['a'] == 'do_login') {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = daddslashes($_POST['username']);
$un = strtolower($username);
if (strlen($username) > 24) {
$msg = '用户名过长,请修改';
$status = 3;
} else {
$user = DB::fetch_first("SELECT * FROM member WHERE username='******'");
$verified = Widget_Password::verify($user, $_POST['password']);
if ($verified) {
$login_exp = TIMESTAMP + 3600;
do_login($user['uid']);
$status = 0;
$msg = "欢迎回来,{$user['username']}!";
$data = array('uid' => $user['uid'], 'username' => $user['username'], 'email' => $user['email'], 'formhash' => substr(md5(substr(TIMESTAMP, 0, -7) . $user['username'] . $user['uid'] . ENCRYPT_KEY . ROOT), 8, 8));
} else {
$status = 2;
$msg = "对不起,您的用户名或密码错误,无法登录";
}
}
} else {
$status = 1;
$msg = '用户名或密码不得为空!';
}
} elseif ($_GET['a'] == 'check_login') {
if ($uid) {
$status = 0;
}
if ($uid) {
$msg = '您已登录';
}
} elseif ($formhash != $_GET['formhash']) {
$status = -2;
$msg = '非法操作';
} elseif ($uid) {
$status = 0;
$msg = "";
require_once ROOT . './plugins/zw_client_api/BaiduUtil.php';
$binded_baidu = true;
$cookie = get_cookie($uid);
if (empty($cookie)) {
$binded_baidu = false;
} else {
try {
$baiduUtil = new BaiduUtil(get_cookie($uid));
} catch (Exception $e) {
if ($e->getCode() == -99) {
$binded_baidu = false;
}
}
}
switch ($_GET['a']) {
case 'baidu_info':
if ($binded_baidu) {
$msg = '百度账号信息';
try {
$baidu_account_info = $baiduUtil->fetchClientUserInfo();
$baidu_account_tieba_list = $baiduUtil->fetchClientLikedForumList();
$baidu_account_follow_list = $baiduUtil->fetchFollowList(4);
$baidu_account_fans_list = $baiduUtil->fetchFansList(4);
$data = array('id' => $baidu_account_info['data']['id'], 'username' => $baidu_account_info['data']['un'], 'avatar' => $baidu_account_info['data']['head_photo_h'], 'sex' => $baidu_account_info['data']['sex'], 'tb_age' => $baidu_account_info['data']['tb_age'], 'fans_num' => $baidu_account_info['data']['fans_num'], 'follow_num' => $baidu_account_info['data']['concern_num'], 'tb_num' => $baidu_account_info['data']['like_forum_num'], 'intro' => $baidu_account_info['data']['intro'] ? $baidu_account_info['data']['intro'] : '这个家伙很懒,什么也没有留下', 'tiebas' => $baidu_account_tieba_list['data'] ? $baidu_account_tieba_list['data'] : array(), 'follow' => $baidu_account_follow_list['data'], 'fans' => $baidu_account_fans_list['data']);
} catch (Exception $e) {
$status = "3";
$msg = '助手站点错误:' . $e->getMessage();
}
} else {
$status = 1;
$msg = "未绑定百度账号";
}
break;
case 'unbind_baidu':
DB::query("UPDATE member_setting SET cookie='' WHERE uid='{$uid}'");
DB::query("DELETE FROM my_tieba WHERE uid='{$uid}'");
DB::query("DELETE FROM sign_log WHERE uid='{$uid}'");
$msg = "已经解除百度账号绑定,您可以稍后重新进行绑定";
break;
case 'sign_log':
$msg = '获取成功';
$date = intval($_GET['date']);
$data['date'] = $date;
$data['log'] = array();
$query = DB::query("SELECT * FROM sign_log l LEFT JOIN my_tieba t ON t.tid=l.tid WHERE l.uid='{$uid}' AND l.date='{$date}'");
while ($result = DB::fetch($query)) {
$data['log'][] = $result;
}
$data['count'] = count($data['log']);
$previous_date = DB::result_first("SELECT date FROM sign_log WHERE uid='{$uid}' AND date<'{$date}' ORDER BY date DESC LIMIT 0,1");
$next_date = DB::result_first("SELECT date FROM sign_log WHERE uid='{$uid}' AND date>'{$date}' ORDER BY date ASC LIMIT 0,1");
$data['previous_date'] = $previous_date ? $previous_date : '0';
$data['next_date'] = $next_date ? $next_date : '0';
break;
case 'cloud_info':
$msg = '获取成功';
$data['sid'] = cloud::id();
break;
case 'plugin_info':
$msg = '获取成功';
$plugin_info = CACHE::get('plugins');
$data['plugins'] = array();
$plugin_supported = array('zw_custom_page' => array('name' => '自定义页面', 'author' => 'JerryLocke'), 'zw_blockid' => array('name' => '循环封禁', 'author' => 'JerryLocke'), 'x_tdou' => array('name' => 'T豆', 'author' => '星弦雪'), 'xxx_post' => array('name' => '客户端回帖', 'author' => '星弦雪'), 'xxx_meizi' => array('name' => '妹纸认证', 'author' => '星弦雪'));
foreach ($plugin_info as $plugin) {
if (isset($plugin_supported[$plugin['id']])) {
$data['plugins'][] = $plugin + $plugin_supported[$plugin['id']];
}
}
$data['count'] = count($data['plugins']);
break;
}
}
echo json_encode(array('status' => $status, 'msg' => $msg, 'data' => $data));
}
}
public function run() {
global $config, $auth, $user, $comments;
$topic_id = request_var('t', 0);
$post_id = request_var('p', 0);
if (!$topic_id && !$post_id) {
fatal_error();
}
//
// Get topic data
//
if ($post_id) {
$sql_from = ', _forum_posts p, _forum_posts p2, _members m ';
$sql_where = sql_filter('p.post_id = ? AND p.poster_id = m.user_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= ?', $post_id, $post_id);
$sql_count = ', p.post_text, m.username AS reply_username, COUNT(p2.post_id) AS prev_posts, p.post_deleted';
$sql_order = ' GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_locked, t.topic_replies, t.topic_time, t.topic_important, t.topic_vote, t.topic_last_post_id, f.forum_name, f.forum_locked, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_announce, f.auth_pollcreate, f.auth_vote ORDER BY p.post_id ASC';
} else {
$sql_from = $sql_count = $sql_order = '';
$sql_where = sql_filter('t.topic_id = ?', $topic_id);
}
$sql = 'SELECT t.*, f.*' . $sql_count . '
FROM _forum_topics t, _forums f' . $sql_from . '
WHERE ' . $sql_where . ' AND f.forum_id = t.forum_id' . $sql_order;
if (!$topic_data = sql_fieldrow($sql)) {
fatal_error();
}
switch ($topic_data['forum_alias']) {
case 'events':
$sql = 'SELECT event_alias
FROM _events
WHERE event_topic = ?';
if ($event_alias = sql_field(sql_filter($sql, $topic_data['topic_id']), 'event_alias', '')) {
redirect(s_link('events', $event_alias));
}
break;
}
//
// Hide deleted posts
if (isset($topic_data['post_deleted']) && $topic_data['post_deleted']) {
fatal_error();
}
//
// Check mod auth
$mod_auth = $user->is('mod');
//
// Init vars
//
$forum_id = (int) $topic_data['forum_id'];
$topic_id = (int) $topic_data['topic_id'];
$topic_url = s_link('topic', $topic_id);
$reply = request_var('reply', 0);
$start = request_var('offset', 0);
$submit_reply = _button('post');
$submit_vote = _button('vote');
$post_message = '';
$post_reply_message = '';
$post_np = '';
$current_time = time();
$error = $is_auth = w();
if (!$post_id && $reply) {
$reply = 0;
}
//
// Start member auth
//
$is_auth = $auth->forum(AUTH_ALL, $forum_id, $topic_data);
if ($submit_reply || $submit_vote) {
$auth_key = ($submit_reply) ? 'auth_reply' : 'auth_vote';
if (((!$is_auth['auth_view'] || !$is_auth['auth_read'])) || !$is_auth[$auth_key]) {
if (!$user->is('member')) {
do_login();
}
$can_reply_closed = $auth->option(w('forum topics delete'));
if (!$can_reply_closed && ($topic_data['forum_locked'] || $topic_data['topic_locked'])) {
$error[] = 'TOPIC_LOCKED';
if ($submit_vote && !$topic_data['topic_vote']) {
$error[] = 'POST_HAS_NO_POLL';
}
}
if (!sizeof($error)) {
redirect($topic_url);
}
}
if (!sizeof($error)) {
if ($submit_vote) {
$vote_option = request_var('vote_id', 0);
if ($vote_option) {
$sql = 'SELECT vd.vote_id
FROM _poll_options vd, _poll_results vr
WHERE vd.topic_id = ?
AND vr.vote_id = vd.vote_id
AND vr.vote_option_id = ?
GROUP BY vd.vote_id';
if ($vote_id = sql_field(sql_filter($sql, $topic_id, $vote_option), 'vote_id', 0)) {
$sql = 'SELECT *
FROM _poll_voters
WHERE vote_id = ?
AND vote_user_id = ?';
if (!sql_fieldrow(sql_filter($sql, $vote_id, $user->d('user_id')))) {
$sql = 'UPDATE _poll_results SET vote_result = vote_result + 1
WHERE vote_id = ?
AND vote_option_id = ?';
sql_query(sql_filter($sql, $vote_id, $vote_option));
$insert_vote = array(
'vote_id' => (int) $vote_id,
'vote_user_id' => (int) $user->d('user_id'),
'vote_user_ip' => $user->ip,
'vote_cast' => (int) $vote_option
);
sql_insert('poll_voters', $insert_vote);
}
}
}
redirect(s_link('topic', $topic_id));
} else {
$post_message = request_var('message', '', true);
$post_np = request_var('np', '');
if ($reply) {
$post_reply_message = request_var('reply_message', '', true);
}
// Check message
if (empty($post_message)) {
$error[] = 'EMPTY_MESSAGE';
}
if (!sizeof($error) && !$mod_auth)
{
$sql = 'SELECT MAX(post_time) AS last_post_time
FROM _forum_posts
WHERE poster_id = ?';
if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
$error[] = 'FLOOD_ERROR';
}
}
}
if (!sizeof($error)) {
$update_topic = w();
if (strstr($post_message, '-Anuncio-') && $user->is('mod')) {
$topic_announce = 1;
$post_message = str_replace('-Anuncio-', '', $post_message);
$update_topic['topic_announce'] = $topic_announce;
}
if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
$topic_locked = 1;
$post_message = str_replace('-Cerrado-', '', $post_message);
$update_topic['topic_locked'] = $topic_locked;
}
$post_message = $comments->prepare($post_message);
if ($reply && $post_reply_message != '') {
$post_reply_message = preg_replace('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#ie', '', $post_reply_message);
}
if ($reply && empty($post_reply_message)) {
$post_reply_message = '...';
}
if ($reply && $post_reply_message != '') {
$post_message = '<blockquote><strong>' . $topic_data['reply_username'] . "</strong>" . nr(false, 2) . $post_reply_message . '</blockquote><br /> ' . $post_message;
} else {
$reply = 0;
}
$insert_data = array(
'topic_id' => (int) $topic_id,
'forum_id' => (int) $forum_id,
'poster_id' => (int) $user->d('user_id'),
'post_time' => (int) $current_time,
'poster_ip' => $user->ip,
'post_text' => $post_message,
'post_np' => $post_np
);
if ($reply) {
$insert_data['post_reply'] = $post_id;
}
$post_id = sql_insert('forum_posts', $insert_data);
$user->delete_unread(UH_T, $topic_id);
$user->save_unread(UH_T, $topic_id);
if (!in_array($forum_id, forum_for_team_array()) && $topic_data['topic_points']) {
//$user->points_add(1);
}
//
$a_list = forum_for_team_list($forum_id);
if (count($a_list)) {
$sql_delete_unread = 'DELETE FROM _members_unread
WHERE element = ?
AND item = ?
AND user_id NOT IN (??)';
sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list)));
}
$update_topic['topic_last_post_id'] = $post_id;
if ($topic_locked) {
topic_feature($topic_id, 0);
}
$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?
WHERE forum_id = ?';
sql_query(sql_filter($sql, $topic_id, $forum_id));
$sql = 'UPDATE _forum_topics SET topic_replies = topic_replies + 1, ' . sql_build('UPDATE', $update_topic) . sql_filter('
WHERE topic_id = ?', $topic_id);
sql_query($sql);
$sql = 'UPDATE _members SET user_posts = user_posts + 1
WHERE user_id = ?';
sql_query(sql_filter($sql, $user->d('user_id')));
redirect(s_link('post', $post_id) . '#' . $post_id);
}
}
}
}
if (!$is_auth['auth_view'] || !$is_auth['auth_read']) {
if (!$user->is('member')) {
do_login();
}
fatal_error();
}
if ($post_id) {
$start = floor(($topic_data['prev_posts'] - 1) / (int) $config['posts_per_page']) * (int) $config['posts_per_page'];
$user->d('user_topic_order', 0);
}
if ($user->is('member')) {
//
// Is user watching this topic?
//
$sql = 'SELECT notify_status
FROM _forum_topics_fav
WHERE topic_id = ?
AND user_id = ?';
if (!sql_field(sql_filter($sql, $topic_id, $user->d('user_id')), 'notify_status')) {
if (_button('watch')) {
$sql_insert = array(
'user_id' => $user->d('user_id'),
'topic_id' => $topic_id,
'notify_status' => 0
);
sql_insert('forum_topics_fav', $sql_insert);
redirect($topic_url . (($start) ? 's' . $start . '/' : ''));
}
_style('watch_topic');
}
}
//
// Get all data for the topic
//
$get_post_id = ($reply) ? 'post_id' : 'topic_id';
$get_post_data['p.' . $get_post_id] = ${$get_post_id};
if (!$user->is('founder')) {
$get_post_data['p.post_deleted'] = 0;
}
$sql = 'SELECT p.*, u.user_id, u.username, u.username_base, u.user_avatar, u.user_posts, u.user_gender, u.user_rank, u.user_sig
FROM _forum_posts p, _members u
WHERE u.user_id = p.poster_id
AND p.post_deleted = 0
AND ' . sql_build('SELECT', $get_post_data) . '
ORDER BY p.post_time ' . (($user->d('user_topic_order')) ? 'DESC' : 'ASC') .
((!$reply) ? ' LIMIT ' . (int) $start . ', ' . (int) $config['posts_per_page'] : '');
if (!$messages = sql_rowset($sql)) {
if ($topic_data['topic_replies'] + 1) {
fatal_error();
}
redirect(s_link('topic', $topic_id));
}
//
// Re-count topic replies
//
if ($user->is('founder')) {
$sql = 'SELECT COUNT(p.post_id) AS total
FROM _forum_posts p, _members u
WHERE p.topic_id = ?
AND u.user_id = p.poster_id';
if ($total = sql_field(sql_filter($sql, $topic_id), 'total')) {
$topic_data['topic_replies2'] = $total - 1;
}
}
//
// Update the topic views
//
if (!$start && !$user->is('founder')) {
$sql = 'UPDATE _forum_topics
SET topic_views = topic_views + 1
WHERE topic_id = ?';
sql_query(sql_filter($sql, $topic_id));
}
//
// If the topic contains a poll, then process it
//
if ($topic_data['topic_vote']) {
$sql = 'SELECT vd.vote_id, vd.vote_text, vd.vote_start, vd.vote_length, vr.vote_option_id, vr.vote_option_text, vr.vote_result
FROM _poll_options vd, _poll_results vr
WHERE vd.topic_id = ?
AND vr.vote_id = vd.vote_id
ORDER BY vr.vote_option_order, vr.vote_option_id ASC';
if ($vote_info = sql_rowset(sql_filter($sql, $topic_id))) {
$sql = 'SELECT vote_id
FROM _poll_voters
WHERE vote_id = ?
AND vote_user_id = ?';
$user_voted = sql_field(sql_filter($sql, $vote_info[0]['vote_id'], $user->d('user_id')), 'vote_id', 0);
$poll_expired = ($vote_info[0]['vote_length']) ? (($vote_info[0]['vote_start'] + $vote_info[0]['vote_length'] < $current_time) ? true : 0) : 0;
_style('poll', array(
'POLL_TITLE' => $vote_info[0]['vote_text'])
);
if ($user_voted || $poll_expired || !$is_auth['auth_vote'] || $topic_data['topic_locked']) {
$vote_results_sum = 0;
foreach ($vote_info as $row) {
$vote_results_sum += $row['vote_result'];
}
_style('poll.results');
foreach ($vote_info as $row) {
$vote_percent = ($vote_results_sum > 0) ? $row['vote_result'] / $vote_results_sum : 0;
_style('poll.results.item', array(
'CAPTION' => $row['vote_option_text'],
'RESULT' => $row['vote_result'],
'PERCENT' => sprintf("%.1d", ($vote_percent * 100)))
);
}
} else {
_style('poll.options', array(
'S_VOTE_ACTION' => $topic_url)
);
foreach ($vote_info as $row) {
_style('poll.options.item', array(
'POLL_OPTION_ID' => $row['vote_option_id'],
'POLL_OPTION_CAPTION' => $row['vote_option_text'])
);
}
}
}
}
//
// Advanced auth
//
$controls = $user_profile = w();
$unset_user_profile = w('user_id user_posts user_gender');
_style('posts');
foreach ($messages as $row) {
if ($user->is('member')) {
$poster = ($row['user_id'] != GUEST) ? $row['username'] : (($row['post_username'] != '') ? $row['post_username'] : lang('guest'));
$controls[$row['post_id']]['reply'] = s_link('post', $row['post_id'], 'reply');
if ($mod_auth) {
$controls[$row['post_id']]['edit'] = s_link('acp', array('forums_post_modify', 'msg_id' => $row['post_id']));
$controls[$row['post_id']]['delete'] = s_link('acp', array('forums_post_delete', 'msg_id' => $row['post_id']));
}
}
$user_profile[$row['user_id']] = $comments->user_profile($row, '', $unset_user_profile);
$data = array(
'POST_ID' => $row['post_id'],
'POST_DATE' => $user->format_date($row['post_time']),
'MESSAGE' => $comments->parse_message($row['post_text']),
'PLAYING' => $row['post_np'],
'DELETED' => $row['post_deleted'],
'UNREAD' => 0
);
foreach ($user_profile[$row['user_id']] as $key => $value) {
$data[strtoupper($key)] = $value;
}
_style('posts.item', $data);
_style('posts.item.' . (($row['user_id'] != GUEST) ? 'username' : 'guestuser'));
if (isset($controls[$row['post_id']])) {
_style('posts.item.controls');
foreach ($controls[$row['post_id']] as $item => $url) {
_style('posts.item.controls.'.$item, array('URL' => $url));
}
}
}
//
// Display Member topic auth
//
/*
if ($mod_auth) {
$mod = array((($topic_data['topic_important']) ? 'important' : 'normal'), 'delete', 'move', ((!$topic_data['topic_locked']) ? 'lock' : 'unlock'), 'split', 'merge');
$mod_topic = w();
foreach ($mod as $item) {
if ($auth->option(array('forum', 'topics', $item))) {
$mod_topic[strtoupper($item)] = s_link('acp', array('topic', topic' => $topic_id, 'mode' => $item));
}
}
if (sizeof($mod_topic)) {
_style('auth');
foreach ($mod_topic as $k => $v) {
_style('auth.item', array(
'URL' => $v,
'LANG' => lang($k . '_topic'))
);
}
}
}
*/
build_num_pagination($topic_url . 's%d/', ($topic_data['topic_replies'] + 1), $config['posts_per_page'], $start, '', 'TOPIC_');
//
// Posting box
if (sizeof($error)) {
_style('post_error', array(
'MESSAGE' => parse_error($error))
);
}
$can_reply_closed = $auth->option(array('forum', 'topics', 'delete'));
if ((!$topic_data['forum_locked'] && !$topic_data['topic_locked']) || $can_reply_closed) {
if ($user->is('member')) {
if ($is_auth['auth_reply']) {
$s_post_action = (($reply) ? s_link('post', $post_id, 'reply') : $topic_url) . '#e';
_style('post_box', array(
'MESSAGE' => $post_message,
'NP' => $post_np,
'S_POST_ACTION' => $s_post_action)
);
if ($reply) {
if (empty($post_reply_message)) {
$post_reply_message = $comments->remove_quotes($topic_data['post_text']);
}
if (!empty($post_reply_message)) {
$rx = array('#(^|[\n ]|\()(http|https|ftp)://([a-z0-9\-\.,\?!%\*_:;~\\&$@/=\+]+)(gif|jpg|jpeg|png)#is', '#\[yt:[0-9a-zA-Z\-\=\_]+\]#is', '#\[sb\]#is', '#\[\/sb\]#is');
$post_reply_message = preg_replace($rx, '', $post_reply_message);
}
if (empty($post_reply_message)) {
$post_reply_message = '...';
}
_style('post_box.reply', array(
'MESSAGE' => $post_reply_message)
);
}
}
}
}
// MOD: Featured topic
if ($user->is('mod')) {
$v_lang = ($topic_data['topic_featured']) ? 'REM' : 'ADD';
_style('feature', array(
'U_FEAT' => s_link('acp', array('forums_topic_feature', 'msg_id', $topic_data['topic_id'])),
'V_LANG' => lang('topic_featured_' . $v_lang))
);
}
//
// Send vars to template
//
v_style(array(
'FORUM_NAME' => $topic_data['forum_name'],
'TOPIC_TITLE' => $topic_data['topic_title'],
'TOPIC_REPLIES' => $topic_data['topic_replies'],
'S_TOPIC_ACTION' => $topic_url . (($start) ? 's' . $start . '/' : ''),
'U_VIEW_FORUM' => s_link('forum', $topic_data['forum_alias']))
);
$layout_file = 'topic';
if (@file_exists('./template/custom/topics_' . $forum_id . '.htm')) {
$layout_file = 'custom/topics_' . $forum_id;
}
if (@file_exists('./template/custom/topic_' . $topic_id . '.htm')) {
$layout_file = 'custom/topic_' . $topic_id;
}
$this->_title = $topic_data['topic_title'];
$this->_template = $layout_file;
return;
}
/**************************************
*** File: main.php *****************
Project: ticket2 (phpTicket New Generation)
***************************************
*** Author: Sinner from the Prairy ***
*** email: sinnerbofh@gmail.com *****
*** Comment: phpTicket New Generation, based on ticket.sf.net*
**************************************/
require_once 'conf.inc';
require_once 'functions01.inc';
require_once 'functions02.inc';
require_once 'functions03.inc';
$page = $GLOBALS['MAIN_PAGE'];
// name of this current php page. Use 'index' for 'index.php'.
do_login($page . '.php');
$portal_user = $_SESSION['ticket_username'];
global $debug;
$debug = get_variable("debug_value");
$title = $GLOBALS['ELEMENT'];
// String identifying the contents
$start_id = "0";
// Field number to start showing on show_data()
$linking_field = "ticket_id";
$option_url = $GLOBALS['SECOND_PAGE'] . '.php';
$id = $_GET['id'];
if ($id == "" and $_POST['id'] != "") {
$id = $_POST['id'];
}
$aid = $_GET['vid'];
$action = $_GET['action'];
define('DEFAULT_LANGUAGE', 'de');
$_SESSION['TABLE_PREFIX'] = TABLE_PREFIX;
if (file_exists(BACKEND . "/setup.php")) {
$_SESSION['cmt_login'] = false;
}
require_once BACKEND . 'function/predo.inc.php';
load_cmt_scripts();
if (isset($_GET['setup']) && $_GET['setup'] == 'success') {
if (file_exists(BACKEND . "/setup.php")) {
unlink(BACKEND . "/setup.php");
}
}
if (!file_exists(BACKEND . "/setup.php")) {
$conn = db_mysql_connect();
load_cmt_text();
$login_alert = do_login();
define_user();
}
$_POST = parse_addslashes_array($_POST);
$_GET = parse_addslashes_array($_GET);
###################################
###################################
##### #####
##### $_GET variablen #####
##### #####
###################################
###################################
if (isset($_GET['modul'])) {
$modul = parse($_GET['modul'], 'string');
}
if (isset($_GET['id'])) {
public function _vote() {
if ($this->make) {
return;
}
if (!$this->auth['user']) {
do_login();
}
$option_id = request_var('vote_id', 0);
$url = s_link('a', $this->data['subdomain']);
if ($this->auth['mod'] || !$option_id || !in_array($option_id, $this->voting['ub'])) {
redirect($url);
}
global $user;
$sql = 'SELECT user_id
FROM _artists_voters
WHERE ub = ?
AND user_id = ?';
if ($row = sql_fieldrow(sql_filter($sql, $this->data['ub'], $user->d('user_id')))) {
redirect($url);
}
//
$sql = 'UPDATE _artists_votes SET vote_result = vote_result + 1
WHERE ub = ?
AND option_id = ?';
sql_query(sql_filter($sql, $this->data['ub'], $option_id));
if (!sql_affectedrows()) {
$sql_insert = array(
'ub' => $this->data['ub'],
'option_id' => $option_id,
'vote_result' => 1
);
sql_insert('artists_votes', $sql_insert);
}
$sql_insert = array(
'ub' => $this->data['ub'],
'user_id' => $user->d('user_id'),
'user_option' => $option_id
);
sql_insert('artists_voters', $sql_insert);
$sql = 'UPDATE _artists SET votes = votes + 1
WHERE ub = ?';
sql_query(sql_filter($sql, $this->data['ub']));
redirect($url);
}
if ($Category != "ADVISER") {
$query = 'INSERT INTO Clients (User_ID, Client_Type, Title, GivenName, Surname, Street, Suburb, State,
PostCode, Email, DOB, COB, Phone, Country, Adviser_ID, Date_Created)
VALUES ("' . $User_ID . '", "' . $Category . '", "' . $Title . '", "' . $GivenName . '", "' . $Surname . '", "' . $Street . '", "' . $Suburb . '", "' . $State . '",
"' . $PostCode . '", "' . $Email . '", "' . $DOB . '","' . $COB . '", "' . $Phone . '", "' . $Country . '","' . $Adviser_ID . '", NOW())';
} else {
$names = explode(" ", $GivenName);
$query = 'INSERT INTO Adviser (User_ID, Given_Name, Surname, Email, Date_Created)
VALUES (' . $User_ID . ', "' . $names[0] . '", "' . $names[1] . '", "' . $Email . '", NOW())';
}
$result = $mysqli->query($query);
if (!$result) {
getErrorResponse($query);
exit;
}
do_login($User_ID);
}
}
}
function do_login($user_id)
{
global $mysqli;
session_start();
$response = "";
$query = "SELECT u.User_ID, u.Facebook_ID, Password, User_Level, Category, Colour,\n\t\t\t\t\tCase \n\t\t\t\t\t\twhen (u.Category = 'CONSUMER' or u.Category = 'SELF-DIRECTED' or u.Category = 'ADVISER-DIRECTED') then concat(c.GivenName, ' ',c.Surname) \n\t\t\t\t\t\twhen Category = 'ADVISER' then concat(a.Given_Name, ' ', a.Surname) \n\t\t\t\t\t\twhen Category = 'GROUP' then ag.Group_Description \n\t\t\t\t\t\twhen Category = 'ISSUER' then i.Name \n\t\t\t\t\t\telse u.User_Name end AS User_Name \n\t\t\t\tFROM Users u \n\t\t\t\tleft join Clients c on c.User_ID = u.id \n\t\t\t\tleft join Adviser a on a.User_ID = u.ID \n\t\t\t\tleft join Adviser_Groups ag on ag.ID = u.Category_ID \n\t\t\t\tleft join Issuer i on i.ID = u.Category_ID \n\t\t\t\twhere u.ID = '" . $user_id . "' and u.Status = 'ACTIVE' ";
$result = $mysqli->query($query);
if ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
$loginData = array("user_id" => $row["User_ID"], "facebook_id" => $row["Facebook_ID"], "user_name" => $row["User_Name"], "user_level" => $row["User_Level"], "category" => $row["Category"], "colour" => $row["Colour"], "theme" => "bootstrap");
$myDomain = $_SERVER['SERVER_NAME'];
if ($myDomain != "www.sunwindwater.com.au") {
$myDomain = "inferwise.com.au";
<?php
if (is_logged_in()) {
redirect();
}
if (is_post()) {
if (do_login()) {
redirect();
}
}
if (isset($_COOKIE["email"])) {
$_POST["email"] = $_COOKIE["email"];
}
include_header(array("title" => "login"));
?>
<div class="row">
<div class="col-md-4 col-md-offset-4">
<form id="login-form" method="post">
<div class="form-group">
<label for="inputEmail" class="sr-only">email address</label>
<input type="email" name="email" id="inputEmail" class="form-control" placeholder="email address"
value="<?php
echo isset($_POST["email"]) ? plain($_POST["email"]) : "";
?>
" required autofocus>
</div>
<div class="form-group">
<label for="inputPassword" class="sr-only">password</label>
<input type="password" name="password" id="inputPassword" class="form-control"
placeholder="password"
required>
<?php
// Réception des données de formulaire de login/logout
//var_dump($_SESSION);
$username = null;
$password = null;
if (array_key_exists('dologin', $_POST) && array_key_exists('username', $_POST) && array_key_exists('password', $_POST)) {
// User cherche à se connecter
require_once 'db/_user.php';
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
if ($auth = user_authenticate($username, $password)) {
//authentifié
do_login($username);
// Connecté
} else {
//( ! array_key_exists($_POST['username'] && array_key_exists($_POST['password'])));
echo "Vous devez entrer un indentifiant et mot de passe valide";
// TODO Gérer le bla bla de authentification invalide ici
}
// var_dump($auth);exit();
} elseif (array_key_exists('dologout', $_POST)) {
// User cherche à se déconnecter
do_logout();
// On le déconnecte
header('Location:' . HOME_PAGE);
}
//
?>
<?php
$user->init();
$chat = new _chat();
if ($chat->_setup()) {
$mode = request_var('mode', '');
$csid = request_var('csid', '');
$s_process = in_array($mode, array('logout', 'send', 'get'));
if (request_method() == 'post' && !$s_process) {
redirect(s_link('chat', $chat->data['ch_int_name']));
}
if (!$user->data['is_member']) {
do_login('LOGIN_TO_CHAT');
}
if (!$chat->auth()) {
trigger_error('CHAT_NO_ACCESS');
}
$user->setup('chat');
if ($s_process && $mode == 'logout') {
return $chat->process_data($csid, $mode);
}
$chat->session($csid);
if ($s_process) {
}
}
header('Location: member.php');
exit;
} elseif ($_POST) {
if ($_POST['username'] && $_POST['password']) {
$username = daddslashes($_POST['username']);
$un = strtolower($username);
if (strlen($username) > 24) {
showmessage('用户名过长,请修改', dreferer(), 5);
}
$user = DB::fetch_first("SELECT * FROM member WHERE username='******' OR email='{$username}'");
$verified = Widget_Password::verify($user, $_POST['password']);
if ($verified) {
$login_exp = TIMESTAMP + 3600;
do_login($user['uid']);
$username = $user['username'];
showmessage("欢迎回来,{$username}!", dreferer(), 1);
} else {
showmessage('对不起,您的用户名或密码错误,无法登录.', 'member.php', 3);
}
}
}
$count = DB::result_first('SELECT COUNT(*) FROM member');
$hash = random(6);
$time = TIMESTAMP;
dsetcookie('key', authcode("{$time}\t{$hash}\t{$count}", 'ENCODE'));
$form_username = authcode('username', 'ENCODE', $hash);
$form_password = authcode('password', 'ENCODE', $hash);
$form_email = authcode('email', 'ENCODE', $hash);
include template('member');
/*
7/28/10 Initial Release - no maps version of incident popup.
3/15/11 changed stylesheet.php to stylesheet.php
*/
error_reporting(E_ALL);
@session_start();
@session_start();
require_once $_SESSION['fip'];
$api_key = get_variable('gmaps_api_key');
// empty($_GET)
if (!empty($_GET) && (isset($_GET['logout']) && $_GET['logout'] == 'true')) {
do_logout();
exit;
} else {
// snap(__LINE__, basename(__FILE__));
do_login(basename(__FILE__));
}
if ($istest) {
print "GET<BR/>\n";
if (!empty($_GET)) {
dump($_GET);
}
print "POST<BR/>\n";
if (!empty($_POST)) {
dump($_POST);
}
}
// $remotes = get_current(); // set auto-refresh if any mobile units
// $interval = intval(get_variable('auto_poll'));
// $refresh = ((($remotes['aprs']) || ($remotes['instam']) || ($remotes['locatea']) || ($remotes['gtrack']) || ($remotes['glat'])) && ($interval>0))? "\t<META HTTP-EQUIV='REFRESH' CONTENT='" . intval($interval*60) . "'>\n": "";
$temp = get_variable('auto_poll');
require "./.include/header.php";
require "./.include/footer.php";
require "./.include/error.php";
ob_start();
// prevent unwanted output
require_once "./.include/login.php";
ob_end_clean();
// get rid of cached unwanted output
$tmp_msg = $GLOBALS["login_prompt"][$GLOBALS["language"]];
if (isset($tmp_msg)) {
$GLOBALS["messages"]["actloginheader"] = $tmp_msg;
}
ob_end_clean();
// get rid of cached unwanted output
//------------------------------------------------------------------------------
do_login();
//------------------------------------------------------------------------------
$abs_dir = get_abs_dir($GLOBALS["dir"]);
if (!@file_exists($GLOBALS["home_dir"])) {
if ($GLOBALS["require_login"]) {
$extra = "<A HREF=\"" . make_link("logout", NULL, NULL) . "\">" . $GLOBALS["messages"]["btnlogout"] . "</A>";
} else {
$extra = NULL;
}
show_error($GLOBALS["error_msg"]["home"], $extra);
}
if (!down_home($abs_dir)) {
show_error($GLOBALS["dir"] . " : " . $GLOBALS["error_msg"]["abovehome"]);
}
if (!is_dir($abs_dir)) {
show_error($GLOBALS["dir"] . " : " . $GLOBALS["error_msg"]["direxist"]);
}
$mn_users = load_basic_data('users');
$post = get_post_data($_POST['post_id']);
$mn_redir = isset($_POST['redir']) && !empty($_POST['redir']) ? $_POST['redir'] : str_replace('&mn_msg=c_added', '', $_SERVER['HTTP_REFERER']);
$conf['comments_antiflood'] = isset($conf['comments_antiflood']) && is_numeric($conf['comments_antiflood']) ? $conf['comments_antiflood'] : '30';
if (isset($_SESSION['mn_logged']) && $_SESSION['mn_logged'] && !check_hash()) {
session_destroy();
$url_data = explode('/', $conf['admin_url']);
setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
setcookie('mn_logged', '', time() - 3600, '/', $_SERVER['SERVER_NAME']);
header('location: ' . $mn_redir . '#mn-comment-form');
exit;
} elseif (isset($_SESSION['mn_logged']) && !$_SESSION['mn_logged'] && isset($_COOKIE['mn_user_name']) && isset($_COOKIE['mn_user_hash']) && $conf['users_perm_login']) {
permanent_login();
} elseif (in_array(@$_POST['comment_author'], $mn_users) || isset($_POST['comment_pass']) && !empty($_POST['comment_pass'])) {
do_login($_POST['comment_author'], $_POST['comment_pass'], false);
}
if ($post['comments'] == '1' && ($conf['comments'] === true || $conf['comments'] >= 1) && !check_ip_ban($_SERVER['REMOTE_ADDR'], $banned_ips)) {
// Check for correct captcha code
if ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha']) {
require_once './stuff/inc/recaptchalib.php';
$captcha = recaptcha_check_answer('6LfnaQoAAAAAAPi1X1HiWwEWBnCmJ7jLUc5biRpE', $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
}
if (isset($_POST['preview']) && isset($_POST['comment_text']) && !empty($_POST['comment_text'])) {
$preview = true;
} elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && in_array($_POST['comment_author'], $mn_users)) {
$error_msg = $lang['comm_msg_password'];
} elseif (isset($_SESSION['mn_comm_time']) && $_SESSION['mn_comm_time'] + $conf['comments_antiflood'] > time()) {
$error_msg = $lang['comm_msg_flood'];
} elseif ((!isset($_SESSION['mn_logged']) || !$_SESSION['mn_logged']) && isset($conf['comments_captcha']) && $conf['comments_captcha'] && !$captcha->is_valid) {
$error_msg = $lang['comm_msg_captcha'];
$password = set_post('password', '');
//check if ready
if (!isset($_POST['user']) && !isset($_POST['password'])) {
return false;
}
//variables not set yet
//error checking
$terror = false;
//if an error occurred
if (empty($user)) {
notices_set('Please provide an email or username', 'error');
$terror = true;
}
if (!password_is_valid($password)) {
notices_set('Invalid password - Passwords must be at least ' . REQ_PASSWORD_LENGTH, 'error');
$terror = true;
}
//last error check
if ($terror) {
//exit script
echo notices_get();
//show errors
return false;
}
//login
if (do_login($user, $password)) {
do_redirect();
} else {
echo notices_get();
}
//show errors
<?php
ini_set("include_path", dirname(__FILE__) . '/../library/');
include "Zend/OpenId/Consumer.php";
include "Zend/OpenId/Extension/Sreg.php";
$logged_in = do_login();
if ($logged_in == true) {
if (!isset($_SESSION)) {
session_start();
//echo 'starting session';
}
header("Location: " . $_SESSION['client_url']);
exit;
} else {
echo "Error! " . $logged_in;
}
function do_login()
{
$status = "";
if (!empty($_POST['openid_identifier'])) {
$sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1);
$consumer = new Zend_OpenId_Consumer();
if (!$consumer->login($_POST['openid_identifier'], '', null, $sreg)) {
$status = "FAILED";
}
} else {
if (isset($_GET['openid_mode'])) {
if ($_GET['openid_mode'] == "id_res") {
$consumer = new Zend_OpenId_Consumer();
$sreg = new Zend_OpenId_Extension_Sreg(array('nickname' => false, 'email' => false, 'fullname' => false), null, 1.1);
if ($consumer->verify($_GET, $id, $sreg)) {
public function __construct() {
global $user;
if (!$user->is('member')) {
do_login();
}
if ($arg = request_var('args', '')) {
foreach (explode('.', $arg) as $str_pair) {
$pair = explode(':', $str_pair);
if (isset($pair[0]) && isset($pair[1]) && !empty($pair[0])) {
$_REQUEST[$pair[0]] = $pair[1];
}
}
}
return;
}
<?php
define('DarkCoreCMS', TRUE);
include 'header.php';
if (isset($_SESSION['usr'])) {
$user_prw = $_SESSION['usr'];
}
if (isset($_POST['login'])) {
do_login($_POST['login_username'], $_POST['login_password']);
}
if (isset($_GET["errlogin"])) {
?>
<div id="notify">There was an error when logging in recheck your account and password corectly acc and pass are case sensitive</div>
<?php
}
?>
<div id='content'>
<div id='index-content-left'>
<div id='main-tools'>
<div class='main-tools-box'>
<h1 class="main-tools-head-text">WELCOME TO <?php
echo strtoupper($website_title);
?>
</h1>
<div class="main-tools-description"><?php
echo $website_description;
?>
</div>
<ul>
<li class="main-tools-li"><a href="armory">ARMORY</a></li>
<li class="main-tools-li"><a href="guides">GUIDES & DOWNLOADS</a></li>
$menus = retrieve_menus();
$user = $_SESSION['user'];
$resp = array('result' => 1, 'menu' => $menus, 'user' => $user);
echo json_encode($resp);
} else {
// no user exist in session
$resp = array('result' => -1, 'menu' => '');
echo json_encode($resp);
}
break;
case 2:
// processing login information
if (isset($_POST['username']) and isset($_POST['password'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
if (true == do_login($user, $pass)) {
$_SESSION['user'] = $user;
// adding session var with current user' kecamatan rights
$_SESSION['region'] = get_kecamatan($user);
$resp = array('result' => 1, 'menu' => retrieve_menus(), 'user' => $user);
echo json_encode($resp);
} else {
$resp = array('result' => -1, 'menu' => array(), 'user' => '');
echo json_encode($resp);
}
} else {
$resp = array('result' => -1, 'menu' => array(), 'user' => '');
echo json_encode($resp);
}
break;
case 3:
public function dl_fav() {
if (!$this->auth['user']) {
do_login();
}
global $user;
$is_fav = false;
$sql = 'SELECT dl_id
FROM _dl_fav
WHERE dl_id = ?
AND user_id = ?';
if (sql_field(sql_filter($sql, $this->dl_data['id'], $user->d('user_id')), 'dl_id', 0)) {
$is_fav = true;
}
$url = s_link('a', $this->data['subdomain'], 'downloads', $this->dl_data['id']);
if ($is_fav) {
redirect($url);
}
$sql_insert = array(
'dl_id' => $this->dl_data['id'],
'user_id' => $user->d('user_id'),
'favtime' => time()
);
sql_insert('dl_fav', $sql_insert);
$sql = 'UPDATE _members SET user_dl_favs = user_dl_favs + 1
WHERE user_id = ?';
sql_query(sql_filter($sql, $user->d('user_id')));
return redirect($url);
}
public function run() {
global $config, $auth, $user, $comments, $cache;
$forum_id = request_var('f', '');
$start = request_var('offset', 0);
$submit_topic = _button('post');
if (empty($forum_id)) {
fatal_error();
}
$is_int_forumid = false;
if (preg_match('#^(\d+)$#is', $forum_id)) {
$is_int_forumid = true;
$forum_id = intval($forum_id);
$sql = 'SELECT *
FROM _forums
WHERE forum_id = ?';
$sql = sql_filter($sql, $forum_id);
} else {
$sql = 'SELECT *
FROM _forums
WHERE forum_alias = ?';
$sql = sql_filter($sql, $forum_id);
}
if (!$forum_row = sql_fieldrow($sql)) {
fatal_error();
}
if ($is_int_forumid) {
redirect(s_link('forum', $forum_row['forum_alias']), true);
}
$forum_id = $forum_row['forum_id'];
//
// Start auth check
//
$is_auth = w();
$is_auth = $auth->forum(AUTH_ALL, $forum_id, $forum_row);
if (!$is_auth['auth_view'] || !$is_auth['auth_read']) {
if (!$user->is('member')) {
do_login();
}
fatal_error();
}
$error_msg = '';
$post_title = '';
$post_message = '';
$post_np = '';
$poll_title = '';
$poll_options = '';
$poll_length = '';
$current_time = time();
if ($submit_topic) {
$topic_important = _button('topictype');
$auth_key = ($topic_important) ? 'auth_announce' : 'auth_post';
if ($forum_row['forum_locked'] && !$is_auth['auth_mod']) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('forum_locked');
}
if (!$is_auth[$auth_key]) {
if (!$user->is('member')) {
do_login();
}
if (empty($error_msg)) {
redirect($topic_url);
}
}
if (empty($error_msg)) {
$post_title = request_var('topic_title', '');
$post_message = request_var('message', '', true);
$post_np = request_var('np', '', true);
$poll_title = '';
$poll_options = '';
$poll_length = 0;
if ($is_auth['auth_pollcreate']) {
$poll_title = request_var('poll_title', '');
$poll_options = request_var('poll_options', '');
$poll_length = request_var('poll_length', 0);
}
// Check subject
if (empty($post_title)) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_subject');
}
// Check message
if (empty($post_message)) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_message');
}
if (!empty($poll_options)) {
$real_poll_options = w();
$poll_options = explode(nr(), $poll_options);
foreach ($poll_options as $option) {
if ($option != '') {
$real_poll_options[] = $option;
}
}
$sizeof_poll_options = sizeof($real_poll_options);
if ($sizeof_poll_options < 2) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('few_poll_options');
} else if ($sizeof_poll_options > $config['max_poll_options']) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('many_poll_options');
} else if ($poll_title == '') {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('empty_poll_title');
}
}
if (empty($error_msg) && !$is_auth['auth_mod']) {
$sql = 'SELECT MAX(post_time) AS last_post_time
FROM _forum_posts
WHERE poster_id = ?';
if ($last_post_time = sql_field(sql_filter($sql, $user->d('user_id')))) {
if (intval($last_post_time) > 0 && ($current_time - intval($last_post_time)) < intval($config['flood_interval'])) {
$error_msg .= (($error_msg != '') ? '<br />' : '') . lang('flood_error');
}
}
}
if (empty($error_msg)) {
$topic_announce = 0;
$topic_locked = 0;
if ((strstr($post_message, '-Anuncio-') && $user->is('all')) || in_array($forum_id, array(15, 16, 17))) {
$topic_announce = 1;
$post_message = str_replace('-Anuncio-', '', $post_message);
}
if (strstr($post_message, '-Cerrado-') && $user->is('mod')) {
$topic_locked = 1;
$post_message = str_replace('-Cerrado-', '', $post_message);
}
$post_message = $comments->prepare($post_message);
$topic_vote = (!empty($poll_title) && $sizeof_poll_options >= 2) ? 1 : 0;
if (!$user->is('founder')) {
$post_title = strnoupper($post_title);
}
$insert_data['TOPIC'] = array(
'topic_title' => $post_title,
'topic_poster' => (int) $user->d('user_id'),
'topic_time' => (int) $current_time,
'forum_id' => (int) $forum_id,
'topic_locked' => $topic_locked,
'topic_announce' => $topic_announce,
'topic_important' => (int) $topic_important,
'topic_vote' => (int) $topic_vote,
'topic_featured' => 1,
'topic_points' => 1
);
$topic_id = sql_insert('forum_topics', $insert_data['TOPIC']);
$insert_data['POST'] = array(
'topic_id' => (int) $topic_id,
'forum_id' => (int) $forum_id,
'poster_id' => (int) $user->d('user_id'),
'post_time' => (int) $current_time,
'poster_ip' => $user->ip,
'post_text' => $post_message,
'post_np' => $post_np
);
$post_id = sql_insert('forum_posts', $insert_data['POST']);
if ($topic_vote) {
$insert_data['POLL'] = array(
'topic_id' => (int) $topic_id,
'vote_text' => $poll_title,
'vote_start' => (int) $current_time,
'vote_length' => (int) ($poll_length * 86400)
);
$poll_id = sql_insert('poll_options', $insert_data['POLL']);
$poll_option_id = 1;
foreach ($real_poll_options as $option) {
$insert_data['POLLRESULTS'] = array(
'vote_id' => (int) $poll_id,
'vote_option_id' => (int) $poll_option_id,
'vote_option_text' => $option,
'vote_result' => 0
);
sql_insert('poll_results', $insert_data['POLLRESULTS']);
$poll_option_id++;
}
if ($forum_id == $config['main_poll_f']) {
$cache->delete('last_poll_id');
}
}
$user->save_unread(UH_T, $topic_id);
if (!in_array($forum_id, forum_for_team_array())) {
//$user->points_add(2);
}
$a_list = forum_for_team_list($forum_id);
if (count($a_list)) {
$sql_delete_unread = 'DELETE FROM _members_unread
WHERE element = ?
AND item = ?
AND user_id NOT IN (??)';
sql_query(sql_filter($sql_delete_unread, 8, $topic_id, implode(', ', $a_list)));
}
if (count($a_list) || in_array($forum_id, array(20, 39))) {
topic_feature($topic_id, 0);
topic_arkane($topic_id, 0);
}
$sql = 'UPDATE _forums SET forum_posts = forum_posts + 1, forum_last_topic_id = ?, forum_topics = forum_topics + 1
WHERE forum_id = ?';
sql_query(sql_filter($sql, $topic_id, $forum_id));
$sql = 'UPDATE _forum_topics SET topic_first_post_id = ?, topic_last_post_id = ?
WHERE topic_id = ?';
sql_query(sql_filter($sql, $post_id, $post_id, $topic_id));
$sql = 'UPDATE _members SET user_posts = user_posts + 1
WHERE user_id = ?';
sql_query(sql_filter($sql, $user->d('user_id')));
redirect(s_link('topic', $topic_id));
}
}
}
//
// End Submit
//
$topics_count = ($forum_row['forum_topics']) ? $forum_row['forum_topics'] : 1;
$topics = new stdClass();
$total = new stdClass();
//
// All announcement data
//
$sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_time, p.post_username as post_username2
FROM _forum_topics t, _members u, _forum_posts p, _members u2
WHERE t.forum_id = ?
AND t.topic_poster = u.user_id
AND p.post_id = t.topic_last_post_id
AND p.poster_id = u2.user_id
AND t.topic_announce = 1
ORDER BY t.topic_last_post_id DESC';
$topics->important = sql_rowset(sql_filter($sql, $forum_id));
$total->important = (is_array($topics->important)) ? count($topics->important) : 0;
//
// Grab all the topics data for this forum
//
$sql = 'SELECT t.*, u.user_id, u.username, u.username_base, u2.user_id as user_id2, u2.username as username2, u2.username_base as username_base2, p.post_username, p2.post_username AS post_username2, p2.post_time
FROM _forum_topics t, _members u, _forum_posts p, _forum_posts p2, _members u2
WHERE t.forum_id = ?
AND t.topic_poster = u.user_id
AND p.post_id = t.topic_first_post_id
AND p2.post_id = t.topic_last_post_id
AND u2.user_id = p2.poster_id
AND t.topic_announce = 0
ORDER BY t.topic_important DESC, /*t.topic_last_post_id*/p2.post_time DESC
LIMIT ??, ??';
$topics->normal = sql_rowset(sql_filter($sql, $forum_id, $start, $config['topics_per_page']));
$total->normal = (is_array($topics->normal)) ? count($topics->normal) : 0;
//
// Total topics ...
//
//$total_topics += $total_announcements;
//$total_topics = $total->important + $total->normal;
//
// Post URL generation for templating vars
//
if ($is_auth['auth_post'] || $is_auth['auth_mod']) {
_style('topic_create', array(
'L_POST_NEW_TOPIC' => ($forum_row['forum_locked']) ? lang('forum_locked') : lang('post_newtopic'))
);
}
//
// Dump out the page header and load viewforum template
//
v_style(array(
'FORUM_ID' => $forum_id,
'FORUM_NAME' => $forum_row['forum_name'],
'U_VIEW_FORUM' => s_link('forum', $forum_row['forum_alias']))
);
//
// End header
//
//
// Let's build the topics
//
$i = 0;
foreach ($topics as $alias => $list) {
foreach ($list as $j => $row) {
if (!$i) {
_style('topics');
$topics_count -= $total->important;
build_num_pagination(s_link('forum', $forum_row['forum_alias'], 's%d'), $topics_count, $config['topics_per_page'], $start, '', 'TOPICS_');
}
if (!$j) {
_style('topics.alias', array(
'NAME' => lang('topic_' . $alias),
'SHOW' => ($total->important && $total->normal > 1))
);
}
$row = (object) $row;
if ($row->user_id != GUEST) {
$row->author = '<a href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>';
} else {
$row->author = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>';
}
if ($row->user_id2 != GUEST) {
$row->poster = '<a href="' . s_link('m', $row->username_base2) . '">' . $row->username2 . '</a>';
} else {
$row->poster = '<span>*' . (($row->post_username2 != '') ? $row->post_username2 : lang('guest')) . '</span>';
}
_style('topics.alias.row', array(
'FORUM_ID' => $forum_id,
'TOPIC_ID' => $row->topic_id,
'TOPIC_AUTHOR' => $row->author,
'REPLIES' => $row->topic_replies,
'VIEWS' => ($user->is('founder')) ? $row->topic_views : '',
'TOPIC_TITLE' => $row->topic_title,
'TOPIC_CREATION_TIME' => $user->format_date($row->topic_time),
'LAST_POST_TIME' => $user->format_date($row->post_time),
'LAST_POST_AUTHOR' => $row->poster,
'U_TOPIC' => s_link('topic', $row->topic_id))
);
$i++;
}
}
if (!$topics_count) {
if ($start) {
redirect(s_link('forum', $forum_row['forum_alias']), true);
}
_style('no_topics');
}
//
// Posting box
//
if (!empty($error_msg) || (!$is_auth['auth_mod'] && $forum_row['forum_locked']) || (!$is_auth['auth_post'] && $forum_row['auth_post'] == AUTH_REG) || $is_auth['auth_post']) {
if ($is_auth['auth_post']) {
if (!empty($poll_options)) {
$poll_options = implode(nr(), $poll_options);
}
_style('publish', array(
'S_POST_ACTION' => s_link('forum', $forum_row['forum_alias']),
'TOPIC_TITLE' => $post_title,
'MESSAGE' => $post_message,
'NP' => $post_np,
'POLL_TITLE' => $poll_title,
'POLL_OPTIONS' => $poll_options,
'POLL_LENGTH' => $poll_length)
);
if ($is_auth['auth_pollcreate']) {
_style('publish.poll');
if (empty($poll_options)) {
_style('publish.poll.hide');
}
}
}
if (!empty($error_msg)) {
_style('publish.alert', array(
'MESSAGE' => $error_msg)
);
}
}
$layout_file = 'topics';
$use_m_template = 'custom/forum_' . $forum_id;
if (@file_exists(ROOT . 'template/' . $use_m_template . '.htm')) {
$layout_file = $use_m_template;
}
$this->_title = $forum_row['forum_name'];
$this->_template = $layout_file;
return;
}
