/** * create * @param int $_user_no * @param array $_data * @return boolean */ public function insertUser($_user_no, $_data) { $adapter = GlobalAdapterFeature::getStaticAdapter(); $connection = $adapter->getDriver()->getConnection(); $connection->beginTransaction(); try { $this->db->exchanegArray($_data); $row = $this->db->insertRecord($_user_no); if ($row) { $row = $this->db->insertLoginId($row); } if ($row) { $new_pw = make_rand_str(8, 3); $row = $this->db->insertLoginPw($row, $new_pw, 1, 0); } if ($row) { $connection->commit(); return $new_pw; } } catch (\Exception $e) { $connection->rollback(); if (IS_TEST) { echo $e->getMessage(); } return false; } }
/** * create * @param array $_user_info * @param array $_data * @return boolean */ public function insertWorkRecord($_user_info, $_data) { if (!$_user_info || !$_data) { return false; } $adapter = GlobalAdapterFeature::getStaticAdapter(); $connection = $adapter->getDriver()->getConnection(); $connection->beginTransaction(); $work_no = $this->db->getMaxId('work_no') + 1; $row = false; do { $data = array('branch_no' => gv('branch_no', $_user_info), 'login_pw' => make_rand_str(8, 3), 'join_key' => sha1(time() . microtime() . rand(0, 1000)), 'work_no' => $work_no); try { $this->db->exchanegArray(array_merge(current($_data), $data)); $row = $this->db->insertRecord(gv('user_no', $_user_info)); } catch (\Exception $e) { if (IS_TEST) { $connection->rollback(); echo $e->getMessage(); } break; } } while (next($_data)); if ($row) { $this->db->checkLoginId($work_no); $connection->commit(); } return $row; }
function convert_user($user) { $user_data = array("user_id" => $user['id'], "user_active" => $user['enabled'] == 'yes' ? true : false, "username" => $user['username'], "user_password" => md5($user['password']), "user_lastvisit" => $user['last_access'], "user_regdate" => $user['added'], "user_level" => tp_user_level($user['class']), "user_lang" => $user['language'], "user_dateformat" => "Y-m-d H:i", "user_opt" => $user['opt'], "user_avatar" => !empty($user['avatar']) ? $user['avatar'] : null, "user_avatar_type" => !empty($user['avatar']) ? 2 : null, "user_email" => $user['email'], "user_website" => $user['website'], "user_icq" => $user['icq'], "user_skype" => $user['skype'], "user_twitter" => $user['twitter'], "user_gender" => $user['gender'], "user_birthday" => $user['user_birthday']); $columns = $values = array(); foreach ($user_data as $column => $value) { $columns[] = $column; $values[] = "'" . DB()->escape($value) . "'"; } $sql_columns = implode(',', $columns); $sql_values = implode(',', $values); DB()->query("INSERT IGNORE INTO " . BB_USERS . " ({$sql_columns}) VALUES ({$sql_values});"); $bt_user_data = array("user_id" => $user['id'], "auth_key" => make_rand_str(BT_AUTH_KEY_LENGTH), "u_up_total" => $user['uploaded'], "u_down_total" => $user['downloaded']); $columns = $values = array(); foreach ($bt_user_data as $column => $value) { $columns[] = $column; $values[] = "'" . DB()->escape($value) . "'"; } $sql_bt_columns = implode(',', $columns); $sql_bt_values = implode(',', $values); DB()->query("INSERT IGNORE INTO " . BB_BT_USERS . " ({$sql_bt_columns}) VALUES ({$sql_bt_values});"); }
function cron_touch_lock_file($lock_file) { file_write(make_rand_str(20), $lock_file, 0, true, true); }
/** * re-issue password2 * @return ViewModel */ public function remindStoreAction() { $this->layout('layout/index'); // get temporary id $id = (string) $this->params()->fromRoute('id'); if (!$id) { $this->flashMessenger()->addMessage('Not allowed'); // $this->flashMessenger()->addMessage('許可されていません。'); return $this->redirect()->toRoute('app', array('controller' => 'index')); } $tmp = new TemporaryIdTable(); $row = $tmp->getFetchOne($id); if (!$row || !isset($row->create_user) || !$row->create_user) { $this->flashMessenger()->addMessage('Not allowed'); // $this->flashMessenger()->addMessage('許可されていません。'); return $this->redirect()->toRoute('app', array('controller' => 'index')); } $success = false; $request = $this->getRequest(); if ($request->isPost()) { $token_id = $this->container()->get('token_id'); $this->container()->clear('token_id'); if ($token_id != $request->getPost('token_id')) { $this->flashMessenger()->addMessage('Not allowed'); // $this->flashMessenger()->addMessage('許可されていません。'); return $this->redirect()->toRoute('app', array('controller' => 'index')); } $db = new UserEntity(); $chk = true; $i = 0; while ($chk) { $new_pw = make_rand_str(8, 3); $chk = $db->db()->checkLoginPw($row->create_user, $new_pw); ++$i; if (!$chk || 10 < $i) { // avoid infinite loop break; } } if (!$chk) { $success = $db->changePw($row->create_user, $new_pw, 1); } if ($success) { $mail = new Message(); $mail->setEncoding("UTF-8"); $mail->addFrom(AUTO_MAIL_FROM)->addTo($row->email)->setSubject($this->translator()->translate("About initialize password")); // ->setSubject($this->translator()->translate("パスワード初期化について")); $body_tpl = file_get_contents(APP_DIR . '/tpl/remind-store-mail.txt'); $body_tpl = trim(str_replace("\r\n", "\n", $body_tpl)); $body_tpl = $this->translator()->translate($body_tpl); $body_tpl .= "\n\n" . "PW:" . $new_pw; $body_tpl .= "\n\n\n" . "URL:" . BASE_URL; $mail->setBody($body_tpl); $transport = new SmtpTransport(); $options = new SmtpOptions(array('host' => 'smtp.gmail.com', 'connection_class' => 'plain', 'connection_config' => array('ssl' => 'tls', 'username' => AUTO_MAIL_FROM, 'password' => AUTO_MAIL_FROM_PASSWORD), 'port' => 587)); $transport->setOptions($options); } if ($success) { $success = $transport->send($mail); } else { if (IS_TEST) { $logger = new \Zend\Log\Logger(); $writer = new \Zend\Log\Writer\Stream(APP_DIR . '/log/debug.txt'); $logger->addWriter($writer); $logger->log(\Zend\Log\Logger::DEBUG, print_r($mail, 1)); } } $tmp->finishRecord($id); $message = $success ? 'Please confirm e-mail' : 'Failed'; // $message = $success ? 'メールを確認してください。' : '処理失敗'; $this->flashMessenger()->addMessage($message); return $this->redirect()->toRoute('app', array('controller' => 'index')); } // create token_id $token_id = make_token_id(); $this->container()->set('token_id', $token_id); $values = array('token_id' => $token_id, 'id' => $id); $view = new ViewModel($values); $view->setTemplate('/' . VIEW_DIR . '/index/remind-store.phtml'); return $view; }
if (isset($HTTP_POST_VARS['submit'])) { $username = !empty($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : ''; $email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : ''; $sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "'\n\t\t\tAND username = '******'", "''", $username) . "'"; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { if (!$row['user_active']) { message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']); } $username = $row['username']; $user_id = $row['user_id']; $user_actkey = make_rand_str(true); $key_len = 54 - strlen($server_url); $key_len = $str_len > 6 ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $user_password = make_rand_str(false); $sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id']; if (!DB()->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql); } require FT_ROOT . 'includes/emailer.php'; $emailer = new emailer($ft_cfg['smtp_delivery']); $emailer->from($ft_cfg['board_email']); $emailer->replyto($ft_cfg['board_email']); $emailer->use_template('user_activate_passwd', $row['user_lang']); $emailer->email_address($row['user_email']); $emailer->set_subject($lang['New_password_activation']); $emailer->assign_vars(array('SITENAME' => $ft_cfg['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, 'EMAIL_SIG' => !empty($ft_cfg['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $ft_cfg['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey)); $emailer->send(); $emailer->reset(); $template->assign_vars(array('META' => '<meta http-equiv="refresh" content="15;url=' . append_sid("index.php") . '">'));
/** * Create autologin_id * * @param $userdata * @param bool $create_new * * @return string */ function create_autologin_id($userdata, $create_new = true) { $autologin_id = $create_new ? make_rand_str(LOGIN_KEY_LENGTH) : ''; DB()->query("\n\t\t\tUPDATE " . USERS_TABLE . " SET\n\t\t\t\tautologin_id = '{$autologin_id}'\n\t\t\tWHERE user_id = " . (int) $userdata['user_id'] . "\n\t\t\tLIMIT 1\n\t\t"); return $autologin_id; }
require CLASS_DIR . 'emailer.php'; $emailer = new emailer($bb_cfg['smtp_delivery']); $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>"); $emailer->email_address($username . " <{$email}>"); $emailer->use_template($email_template, $user_lang); $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'WELCOME_MSG' => sprintf($lang['WELCOME_SUBJECT'], $bb_cfg['sitename']), 'USERNAME' => html_entity_decode($username), 'PASSWORD' => $new_pass, 'U_ACTIVATE' => make_url('profile.php?mode=activate&' . POST_USERS_URL . '=' . $new_user_id . '&act_key=' . $db_data['user_actkey']))); $emailer->send(); $emailer->reset(); } bb_die($message); } else { set_pr_die_append_msg($pr_data['user_id']); // если что-то было изменено if ($db_data) { if (!$pr_data['user_active']) { $user_actkey = make_rand_str(12); $pr_data['user_actkey'] = $user_actkey; $db_data['user_actkey'] = $user_actkey; require CLASS_DIR . 'emailer.php'; $emailer = new emailer($bb_cfg['smtp_delivery']); $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>"); $emailer->email_address($username . " <{$email}>"); $emailer->use_template('user_activate', $pr_data['user_lang']); $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'USERNAME' => html_entity_decode($username), 'U_ACTIVATE' => make_url("profile.php?mode=activate&u={$pr_data['user_id']}&act_key={$user_actkey}"))); $emailer->send(); $emailer->reset(); $message = $lang['PROFILE_UPDATED_INACTIVE']; $user->session_end(); } else { meta_refresh('index.php', 10); $message = $lang['PROFILE_UPDATED'];
bb_die($lang['CAPTCHA_WRONG']); } $email = !empty($_POST['email']) ? trim(strip_tags(htmlspecialchars($_POST['email']))) : ''; $sql = "SELECT * FROM " . BB_USERS . " WHERE user_email = '" . DB()->escape($email) . "'"; if ($result = DB()->sql_query($sql)) { if ($row = DB()->sql_fetchrow($result)) { if (!$row['user_active']) { bb_die($lang['NO_SEND_ACCOUNT_INACTIVE']); } if (in_array($row['user_level'], array(MOD, ADMIN))) { bb_die($lang['NO_SEND_ACCOUNT']); } $username = $row['username']; $user_id = $row['user_id']; $user_actkey = make_rand_str(12); $user_password = make_rand_str(8); $sql = "UPDATE " . BB_USERS . "\n\t\t\t\tSET user_newpasswd = '{$user_password}', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id']; if (!DB()->sql_query($sql)) { bb_die('Could not update new password information'); } require CLASS_DIR . 'emailer.php'; $emailer = new emailer($bb_cfg['smtp_delivery']); $emailer->from($bb_cfg['sitename'] . " <{$bb_cfg['board_email']}>"); $emailer->email_address("{$username} <{$row['user_email']}>"); $emailer->use_template('user_activate_passwd', $row['user_lang']); $emailer->assign_vars(array('SITENAME' => $bb_cfg['sitename'], 'USERNAME' => $username, 'PASSWORD' => $user_password, 'U_ACTIVATE' => make_url('profile.php?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey))); $emailer->send(); $emailer->reset(); bb_die($lang['PASSWORD_UPDATED']); } else { bb_die($lang['NO_EMAIL_MATCH']);
message_die(GENERAL_MESSAGE, $message); } else { $sql = "SELECT MAX(user_id) AS total\n\t\t\t\tFROM " . USERS_TABLE; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql); } if (!($row = DB()->sql_fetchrow($result))) { message_die(GENERAL_ERROR, 'Could not obtain next user_id information', '', __LINE__, __FILE__, $sql); } $user_id = $row['total'] + 1; // // Get current date // $sql = "INSERT INTO " . USERS_TABLE . "\t(user_id, username, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_sig_bbcode_uid, user_avatar, user_avatar_type, user_viewemail, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_timezone, user_dateformat, user_lang, user_style, user_level, user_allow_pm, user_active, user_actkey)\n\t\t\t\tVALUES ({$user_id}, '" . str_replace("\\'", "''", $username) . "', " . time() . ", '" . str_replace("\\'", "''", $new_password) . "', '" . str_replace("\\'", "''", $email) . "', '" . str_replace("\\'", "''", $icq) . "', '" . str_replace("\\'", "''", $website) . "', '" . str_replace("\\'", "''", $occupation) . "', '" . str_replace("\\'", "''", $location) . "', '" . str_replace("\\'", "''", $interests) . "', '" . str_replace("\\'", "''", $signature) . "', '{$signature_bbcode_uid}', {$avatar_sql}, {$viewemail}, {$attachsig}, {$allowsmilies}, {$allowhtml}, {$allowbbcode}, {$allowviewonline}, {$notifyreply}, {$notifypm}, {$popup_pm}, {$user_timezone}, '" . str_replace("\\'", "''", $user_dateformat) . "', '" . str_replace("\\'", "''", $user_lang) . "', {$user_style}, 0, 1, "; if ($ft_cfg['require_activation'] == USER_ACTIVATION_SELF || $ft_cfg['require_activation'] == USER_ACTIVATION_ADMIN || $coppa) { $user_actkey = make_rand_str(true); $key_len = 54 - strlen($server_url); $key_len = $key_len > 6 ? $key_len : 6; $user_actkey = substr($user_actkey, 0, $key_len); $sql .= "0, '" . str_replace("\\'", "''", $user_actkey) . "')"; } else { $sql .= "1, '')"; } if (!($result = DB()->sql_query($sql, BEGIN_TRANSACTION))) { message_die(GENERAL_ERROR, 'Could not insert data into users table', '', __LINE__, __FILE__, $sql); } $sql = "INSERT INTO " . GROUPS_TABLE . " (group_name, group_description, group_single_user, group_moderator)\n\t\t\t\tVALUES ('', '', 1, 0)"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not insert data into groups table', '', __LINE__, __FILE__, $sql); } $group_id = DB()->sql_nextid();
case 'yse': $_sql = 'avatar, '; break; default: $_sql = ''; break; } for ($i = 0; $i < $loops; $i++) { $start = $i * C_USERS_PER_ONCE; $offset = C_USERS_PER_ONCE; $sql = "\n\t\t\tSELECT\n\t\t\t\tid, username, email, status, UNIX_TIMESTAMP(added) AS added, UNIX_TIMESTAMP(last_access) AS last_access,\n\t\t\t\tclass, icq, msn, aim, yahoo, website, {$_sql}\n\t\t\t\tuploaded, downloaded, enabled, language\n\t\t\tFROM " . TB_USERS_TABLE . "\n\t\t\tORDER BY id\n\t\t\tLIMIT {$start}, {$offset}"; $users = DB()->fetch_rowset($sql); DB()->sql_freeresult(); foreach ($users as $user) { $user['id'] += $max_uid; $user['password'] = make_rand_str(15); convert_user($user); $pass[] = array('tb_user_id' => $user['id'] - $max_uid, 'username' => $user['username'], 'new_passwd' => $user['password']); } } $passf = fopen('./converter/passwords.php', 'w'); $to_write = "<?php \n"; $to_write .= '$passwords = ' . var_export($pass, true) . ';'; fwrite($passf, $to_write); fclose($passf); set_auto_increment(BB_USERS, 'user_id'); print_ok("Total {$users_count} users from TBDev converted"); unset($users, $pass, $to_write); } if (CONVERT_TORRENTS) { require_once INC_DIR . 'functions_post.php';
$tor_list_sql = ''; $tor_count = 0; } else { foreach (DB()->fetch_rowset($SQL) as $row) { $tor_list_ary[] = $row['topic_id']; } $tor_list_sql = join(',', $tor_list_ary); $tor_count = count($tor_list_ary); } } if (!$tor_list_sql || $start > $tor_count) { $template->assign_vars(array('TOR_NOT_FOUND' => true, 'NO_MATCH_MSG' => $lang['NO_MATCH'])); } else { // Save result in DB if ($tor_count > $per_page && !$search_id) { $search_id = make_rand_str(SEARCH_ID_LENGTH); $search_type = SEARCH_TYPE_TRACKER; $columns = 'session_id, search_type, search_id, search_time, search_settings, search_array'; $values = "'{$session_id}', {$search_type}, '{$search_id}', " . TIMENOW . ", '{$curr_set_sql}', '{$tor_list_sql}'"; DB()->query("REPLACE INTO " . BB_SEARCH . " ({$columns}) VALUES ({$values})"); } unset($columns, $values, $curr_set_sql, $tor_list_sql); $tor_to_show = $tor_count > $per_page ? array_slice($tor_list_ary, $start, $per_page) : $tor_list_ary; if (!($tor_to_show = join(',', $tor_to_show))) { bb_die($lang['NO_SEARCH_MATCH']); } // SELECT $select = "\n\t\t\tSELECT\n\t\t\t\ttor.topic_id, tor.post_id, tor.attach_id, tor.size, tor.reg_time, tor.complete_count, tor.seeder_last_seen, tor.tor_status, tor.tor_type,\n\t\t\t\tt.topic_title, t.topic_time, t.topic_replies, t.topic_views, sn.seeders, sn.leechers, tor.info_hash\n\t\t"; $select .= !$hide_speed ? ", sn.speed_up, sn.speed_down" : ''; $select .= !$hide_forum ? ", tor.forum_id" : ''; $select .= !$hide_cat ? ", f.cat_id" : '';
/** * Upload an Attachment to Filespace (intern) */ function upload_attachment() { global $error, $error_msg, $lang, $attach_config, $userdata, $upload_dir, $forum_id; $this->post_attach = $this->filename != '' ? TRUE : FALSE; if ($this->post_attach) { $r_file = trim(basename($this->filename)); $file = $_FILES['fileupload']['tmp_name']; $this->type = $_FILES['fileupload']['type']; if (isset($_FILES['fileupload']['size']) && $_FILES['fileupload']['size'] == 0) { bb_die('Tried to upload empty file'); } $this->type = strtolower($this->type); $this->extension = strtolower(get_extension($this->filename)); $this->filesize = @filesize($file); $this->filesize = intval($this->filesize); $sql = 'SELECT g.allow_group, g.max_filesize, g.cat_id, g.forum_permissions FROM ' . BB_EXTENSION_GROUPS . ' g, ' . BB_EXTENSIONS . " e\n\t\t\t\tWHERE g.group_id = e.group_id\n\t\t\t\t\tAND e.extension = '" . attach_mod_sql_escape($this->extension) . "'\n\t\t\t\tLIMIT 1"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query extensions'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $allowed_filesize = $row['max_filesize'] ? $row['max_filesize'] : $attach_config['max_filesize']; $cat_id = intval($row['cat_id']); $auth_cache = trim($row['forum_permissions']); // check Filename if (preg_match("#[\\/:*?\"<>|]#i", $this->filename)) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['INVALID_FILENAME'], htmlspecialchars($this->filename)); } // check php upload-size if (!$error && $file == 'none') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $ini_val = 'ini_get'; $max_size = @$ini_val('upload_max_filesize'); if ($max_size == '') { $error_msg .= $lang['ATTACHMENT_PHP_SIZE_NA']; } else { $error_msg .= sprintf($lang['ATTACHMENT_PHP_SIZE_OVERRUN'], $max_size); } } // Check Extension if (!$error && intval($row['allow_group']) == 0) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['DISALLOWED_EXTENSION'], htmlspecialchars($this->extension)); } // Check Forum Permissions if (!$error && !IS_ADMIN && !is_forum_authed($auth_cache, $forum_id) && trim($auth_cache) != '') { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['DISALLOWED_EXTENSION_WITHIN_FORUM'], htmlspecialchars($this->extension)); } //bt // Check if user can post torrent global $post_data; if (!$error && $this->extension === TORRENT_EXT && !$post_data['first_post']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['ALLOWED_ONLY_1ST_POST_ATTACH']; } //bt end // Upload File $this->thumbnail = 0; if (!$error) { // // Prepare Values $this->filetime = TIMENOW; $this->filename = $r_file; // physical filename //$this->attach_filename = strtolower($this->filename); $this->attach_filename = $this->filename; //bt if (FILENAME_CRYPTIC) { $this->attach_filename = make_rand_str(FILENAME_CRYPTIC_LENGTH); } else { // original $this->attach_filename = html_entity_decode(trim(stripslashes($this->attach_filename))); $this->attach_filename = delete_extension($this->attach_filename); $this->attach_filename = str_replace(array(' ', '-'), array('_', '_'), $this->attach_filename); $this->attach_filename = str_replace('__', '_', $this->attach_filename); $this->attach_filename = str_replace(array(',', '.', '!', '?', 'ь', 'Ь', 'ц', 'Ц', 'д', 'Д', ';', ':', '@', "'", '"', '&'), array('', '', '', '', 'ue', 'ue', 'oe', 'oe', 'ae', 'ae', '', '', '', '', '', 'and'), $this->attach_filename); $this->attach_filename = str_replace(array('$', 'Я', '>', '<', '§', '%', '=', '/', '(', ')', '#', '*', '+', "\\", '{', '}', '[', ']'), array('dollar', 'ss', 'greater', 'lower', 'paragraph', 'percent', 'equal', '', '', '', '', '', '', '', '', '', '', ''), $this->attach_filename); // Remove non-latin characters $this->attach_filename = preg_replace('#([\\xC2\\xC3])([\\x80-\\xBF])#', 'chr(ord(\'$1\')<<6&0xC0|ord(\'$2\')&0x3F)', $this->attach_filename); $this->attach_filename = rawurlencode($this->attach_filename); $this->attach_filename = preg_replace("/(%[0-9A-F]{1,2})/i", '', $this->attach_filename); $this->attach_filename = trim($this->attach_filename); } $this->attach_filename = str_replace(array('&', '&', ' '), '_', $this->attach_filename); $this->attach_filename = str_replace('php', '_php_', $this->attach_filename); $this->attach_filename = substr(trim($this->attach_filename), 0, FILENAME_MAX_LENGTH); for ($i = 0, $max_try = 5; $i <= $max_try; $i++) { $fn_prefix = make_rand_str(FILENAME_PREFIX_LENGTH) . '_'; $new_physical_filename = clean_filename($fn_prefix . $this->attach_filename); if (!physical_filename_already_stored($new_physical_filename)) { break; } if ($i == $max_try) { bb_die('Could not create filename for attachment'); } } $this->attach_filename = $new_physical_filename; // Do we have to create a thumbnail ? if ($cat_id == IMAGE_CAT && intval($attach_config['img_create_thumbnail'])) { $this->thumbnail = 1; } } if ($error) { $this->post_attach = FALSE; return; } // Upload Attachment if (!$error) { // Descide the Upload method $ini_val = 'ini_get'; $safe_mode = @$ini_val('safe_mode'); if (@$ini_val('open_basedir')) { $upload_mode = 'move'; } else { if (@$ini_val('safe_mode')) { $upload_mode = 'move'; } else { $upload_mode = 'copy'; } } // Ok, upload the Attachment if (!$error) { $this->move_uploaded_attachment($upload_mode, $file); } } // Now, check filesize parameters if (!$error) { if (!$this->filesize) { $this->filesize = intval(@filesize($upload_dir . '/' . $this->attach_filename)); } } // Check Image Size, if it's an image if (!$error && !IS_ADMIN && $cat_id == IMAGE_CAT) { list($width, $height) = image_getdimension($upload_dir . '/' . $this->attach_filename); if ($width != 0 && $height != 0 && intval($attach_config['img_max_width']) != 0 && intval($attach_config['img_max_height']) != 0) { if ($width > intval($attach_config['img_max_width']) || $height > intval($attach_config['img_max_height'])) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['ERROR_IMAGESIZE'], intval($attach_config['img_max_width']), intval($attach_config['img_max_height'])); } } } // check Filesize if (!$error && $allowed_filesize != 0 && $this->filesize > $allowed_filesize && !(IS_ADMIN || IS_MOD || IS_GROUP_MEMBER)) { $allowed_filesize = humn_size($allowed_filesize); $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['ATTACHMENT_TOO_BIG'], $allowed_filesize); } // Check our complete quota if ($attach_config['attachment_quota']) { $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query total filesize #1'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $total_filesize = $row['total']; if ($total_filesize + $this->filesize > $attach_config['attachment_quota']) { $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= $lang['ATTACH_QUOTA_REACHED']; } } $this->get_quota_limits($userdata); // Check our user quota if ($attach_config['upload_filesize_limit']) { $sql = 'SELECT attach_id FROM ' . BB_ATTACHMENTS . ' WHERE user_id_1 = ' . (int) $userdata['user_id'] . ' GROUP BY attach_id'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query attachments'); } $attach_ids = DB()->sql_fetchrowset($result); $num_attach_ids = DB()->num_rows($result); DB()->sql_freeresult($result); $attach_id = array(); for ($i = 0; $i < $num_attach_ids; $i++) { $attach_id[] = intval($attach_ids[$i]['attach_id']); } if ($num_attach_ids > 0) { // Now get the total filesize $sql = 'SELECT sum(filesize) as total FROM ' . BB_ATTACHMENTS_DESC . ' WHERE attach_id IN (' . implode(', ', $attach_id) . ')'; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query total filesize #2'); } $row = DB()->sql_fetchrow($result); DB()->sql_freeresult($result); $total_filesize = $row['total']; } else { $total_filesize = 0; } if ($total_filesize + $this->filesize > $attach_config['upload_filesize_limit']) { $upload_filesize_limit = $attach_config['upload_filesize_limit']; $size_lang = $upload_filesize_limit >= 1048576 ? $lang['MB'] : ($upload_filesize_limit >= 1024 ? $lang['KB'] : $lang['BYTES']); if ($upload_filesize_limit >= 1048576) { $upload_filesize_limit = round($upload_filesize_limit / 1048576 * 100) / 100; } else { if ($upload_filesize_limit >= 1024) { $upload_filesize_limit = round($upload_filesize_limit / 1024 * 100) / 100; } } $error = TRUE; if (!empty($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['USER_UPLOAD_QUOTA_REACHED'], $upload_filesize_limit, $size_lang); } } if ($error) { unlink_attach($this->attach_filename); unlink_attach($this->attach_filename, MODE_THUMBNAIL); $this->post_attach = FALSE; } } }
function generate_passkey($user_id, $new_user) { global $lang, $sql; $user_id = intval($user_id); if ($new_user) { $u_up_total = $u_down_total = $u_bonus_total = 0; } else { $sql = 'SELECT * FROM ' . BT_USERS_TABLE . "\r\n\t\t\tWHERE user_id = {$user_id}"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query userdata for passkey', '', __LINE__, __FILE__, $sql); } $row = DB()->sql_fetchrow($result); $u_up_total = $row['u_up_total'] ? $row['u_up_total'] : 0; $u_down_total = $row['u_down_total'] ? $row['u_down_total'] : 0; $u_bonus_total = $row['u_bonus_total'] ? $row['u_bonus_total'] : 0; } if (!$new_user) { $sql = 'SELECT user_allow_passkey FROM ' . USERS_TABLE . "\r\n\t\t\tWHERE user_id = {$user_id}"; if (!($result = DB()->sql_query($sql))) { message_die(GENERAL_ERROR, 'Could not query userdata for passkey', '', __LINE__, __FILE__, $sql); } $row = DB()->sql_fetchrow($result); if (!$row['user_allow_passkey']) { message_die(GENERAL_MESSAGE, $lang['Not_Authorised']); } } $sql = 'DELETE FROM ' . BT_USERS_TABLE . "\r\n\t\tWHERE user_id = {$user_id}\r\n\t\tLIMIT 1"; if (!DB()->sql_query($sql)) { message_die(GENERAL_ERROR, 'Could not delete current passkey', '', __LINE__, __FILE__, $sql); } for ($i = 0; $i < 20; $i++) { $auth_key = make_rand_str(BT_AUTH_KEY_LENGTH); $columns = 'user_id, auth_key, u_up_total, u_down_total, u_bonus_total'; $values = "{$user_id}, '{$auth_key}', {$u_up_total}, {$u_down_total}, {$u_bonus_total}"; $sql = 'INSERT INTO ' . BT_USERS_TABLE . " ({$columns}) VALUES ({$values})"; if (DB()->sql_query($sql)) { define('AUTH_KEY_INSERT_OK', 1); break; } } return $auth_key; }
function fetch_search_ids($sql, $search_type = SEARCH_TYPE_POST) { global $lang, $search_id, $session_id, $items_found, $per_page; $items_found = array(); foreach (DB()->fetch_rowset($sql) as $row) { $items_found[] = $row['item_id']; } if (!($items_count = count($items_found))) { bb_die($lang['NO_SEARCH_MATCH']); } // Save results in DB $search_id = make_rand_str(SEARCH_ID_LENGTH); if ($items_count > $per_page) { $search_array = join(',', $items_found); $save_in_db = array('order', 'sort', 'display_as', 'chars'); if ($GLOBALS['dl_cancel_val']) { $save_in_db[] = 'dl_cancel'; } if ($GLOBALS['dl_compl_val']) { $save_in_db[] = 'dl_compl'; } if ($GLOBALS['dl_down_val']) { $save_in_db[] = 'dl_down'; } if ($GLOBALS['dl_will_val']) { $save_in_db[] = 'dl_will'; } $curr_set = array(); foreach ($save_in_db as $name) { $curr_set[$GLOBALS["{$name}_key"]] = $GLOBALS["{$name}_val"]; } $search_settings = DB()->escape(serialize($curr_set)); $columns = 'session_id, search_type, search_id, search_time, search_settings, search_array'; $values = "'{$session_id}', {$search_type}, '{$search_id}', " . TIMENOW . ", '{$search_settings}', '{$search_array}'"; DB()->query("REPLACE INTO " . BB_SEARCH . " ({$columns}) VALUES ({$values})"); } return array_slice($items_found, 0, $per_page); }
function generate_passkey($user_id, $force_generate = false) { global $bb_cfg, $lang, $sql; $user_id = (int) $user_id; // Check if user can change passkey if (!$force_generate) { $sql = "SELECT user_opt FROM " . BB_USERS . " WHERE user_id = {$user_id} LIMIT 1"; if (!($result = DB()->sql_query($sql))) { bb_die('Could not query userdata for passkey'); } if ($row = DB()->sql_fetchrow($result)) { if (bf($row['user_opt'], 'user_opt', 'dis_passkey')) { bb_die($lang['NOT_AUTHORISED']); } } } for ($i = 0; $i < 20; $i++) { $passkey_val = make_rand_str(BT_AUTH_KEY_LENGTH); $old_passkey = null; if ($row = DB()->fetch_row("SELECT auth_key FROM " . BB_BT_USERS . " WHERE user_id = {$user_id} LIMIT 1")) { $old_passkey = $row['auth_key']; } // Insert new row DB()->query("INSERT IGNORE INTO " . BB_BT_USERS . " (user_id, auth_key) VALUES ({$user_id}, '{$passkey_val}')"); if (DB()->affected_rows() == 1) { return $passkey_val; } // Update DB()->query("UPDATE IGNORE " . BB_BT_USERS . " SET auth_key = '{$passkey_val}' WHERE user_id = {$user_id} LIMIT 1"); if (DB()->affected_rows() == 1) { // Ocelot if ($bb_cfg['ocelot']['enabled']) { ocelot_update_tracker('change_passkey', array('oldpasskey' => $old_passkey, 'newpasskey' => $passkey_val)); } return $passkey_val; } } return false; }