Esempio n. 1
0
                 $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_PassReset');
             } else {
                 $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
             }
         } else {
             $errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
         }
     }
 }
 if ($_POST["processlogin"] == 5 && pligg_validate()) {
     // resend confirmation email
     $email = sanitize($db->escape(trim($_POST['email'])), 4);
     if (check_email($email)) {
         $user = $db->get_row("SELECT * FROM `" . table_users . "` where `user_email` = '" . $email . "' AND user_level!='Spammer'");
         if ($user) {
             $encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
             $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
             $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
             $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
             eval('$str = "' . str_replace('"', '\\"', $str) . '";');
             $message = "{$str}";
             if (phpnum() >= 5) {
                 require "libs/class.phpmailer5.php";
             } else {
                 require "libs/class.phpmailer4.php";
             }
             $mail = new PHPMailer();
             $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
             $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
             $mail->AddAddress($_POST['email']);
             $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
Esempio n. 2
0
function save_profile()
{
    global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
    if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
        if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
            return;
        }
        if ($user->email != sanitize($_POST['email'], 3)) {
            if (!check_email(sanitize($_POST['email'], 3))) {
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
                return $savemsg;
            } elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
                // if email already exists
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
                return $savemsg;
            } else {
                if (pligg_validate()) {
                    $encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
                    $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
                    $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
                    $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
                    eval('$str = "' . str_replace('"', '\\"', $str) . '";');
                    $message = "{$str}";
                    if (phpnum() >= 5) {
                        require "libs/class.phpmailer5.php";
                    } else {
                        require "libs/class.phpmailer4.php";
                    }
                    $mail = new PHPMailer();
                    $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
                    $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
                    $mail->AddAddress($_POST['email']);
                    $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                    $mail->IsHTML(false);
                    $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
                    $mail->Body = $message;
                    $mail->CharSet = 'utf-8';
                    #print_r($mail);
                    if (!$mail->Send()) {
                        return false;
                    }
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                } else {
                    $user->email = sanitize($_POST['email'], 2);
                }
            }
        }
        // User settings
        if (Allow_User_Change_Templates && file_exists("./templates/" . $_POST['template'] . "/header.tpl")) {
            $domain = $_SERVER['HTTP_HOST'] == 'localhost' ? '' : preg_replace('/^www/', '', $_SERVER['HTTP_HOST']);
            setcookie("template", $_POST['template'], time() + 60 * 60 * 24 * 30, '/', $domain);
        }
        $sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
        $sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
        $arr = array();
        while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
            $arr[] = $row[0];
        }
        $select_check = $_POST['chack'];
        if (!$select_check) {
            $select_check = array();
        }
        $diff = array_diff($arr, $select_check);
        $select_checked = $db->escape(implode(",", $diff));
        $sql = "UPDATE " . table_users . " set user_categories='{$select_checked}' WHERE user_id = '{$user->id}'";
        $query = mysql_query($sql);
        /////
        // Santizie user input
        $user->url = sanitize($_POST['url'], 2);
        $user->public_email = sanitize($_POST['public_email'], 2);
        $user->location = sanitize($_POST['location'], 2);
        $user->occupation = sanitize($_POST['occupation'], 2);
        $user->facebook = sanitize($_POST['facebook'], 2);
        $user->twitter = sanitize($_POST['twitter'], 2);
        $user->linkedin = sanitize($_POST['linkedin'], 2);
        $user->googleplus = sanitize($_POST['googleplus'], 2);
        $user->skype = sanitize($_POST['skype'], 2);
        $user->pinterest = sanitize($_POST['pinterest'], 2);
        $user->names = sanitize($_POST['names'], 2);
        if (user_language) {
            $user->language = sanitize($_POST['language'], 2);
        }
        // Convert user input social URLs to username values
        $facebookUrl = $user->facebook;
        preg_match("/https?:\\/\\/(www\\.)?facebook\\.com\\/([^\\/]*)/", $facebookUrl, $matches);
        if ($matches) {
            $user->facebook = $matches[2];
        }
        $twitterUrl = $user->twitter;
        preg_match("/https?:\\/\\/(www\\.)?twitter\\.com\\/(#!\\/)?@?([^\\/]*)/", $twitterUrl, $matches);
        if ($matches) {
            $user->twitter = $matches[3];
        }
        $linkedinUrl = $user->linkedin;
        preg_match("/https?:\\/\\/(www\\.)?linkedin\\.com\\/in\\/([^\\/]*)/", $linkedinUrl, $matches);
        if ($matches) {
            $user->linkedin = $matches[2];
        }
        $googleplusUrl = $user->googleplus;
        preg_match("/https?:\\/\\/plus\\.google\\.com\\/([^\\/]*)/", $googleplusUrl, $matches);
        if ($matches) {
            $user->googleplus = $matches[1];
        }
        $pinterestUrl = $user->pinterest;
        preg_match("/https?:\\/\\/(www\\.)?pinterest\\.com\\/([^\\/]*)/", $pinterestUrl, $matches);
        if ($matches) {
            $user->pinterest = $matches[2];
        }
        // module system hook
        $vars = '';
        check_actions('profile_save', $vars);
        /*		$avatar_source = sanitize($_POST['avatarsource'], 2);
        		if($avatar_source != "" && $avatar_source != "useruploaded"){
        			loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
        			$avatar_source == "";
        		}
        		$user->avatar_source=$avatar_source;
        */
        if ($user->level == "admin" || $user->level == "moderator") {
            if ($user->username != sanitize($_POST['user_login'], 3)) {
                $user_login = sanitize($_POST['user_login'], 2);
                if (preg_match('/\\pL/u', 'a')) {
                    // Check if PCRE was compiled with UTF-8 support
                    if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $user_login)) {
                        // if username contains invalid characters
                        $savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
                        return $savemsg;
                    }
                } else {
                    if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $user_login)) {
                        $savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
                        return $savemsg;
                    }
                }
                if (user_exists(trim($user_login))) {
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_UserExists");
                    $user->username = $user_login;
                    return $savemsg;
                } else {
                    $user->username = $user_login;
                    $saved['username'] = 1;
                }
            }
        }
        if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
            $oldpass = sanitize($_POST['oldpassword'], 2);
            $userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
            $saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
            if ($userX->user_pass == $saltedpass) {
                if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
                    return $savemsg;
                } else {
                    $saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
                    $user->pass = $saltedpass;
                    $saved['pass'] = 1;
                }
            } else {
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
                return $savemsg;
            }
        }
        $user->store();
        $user->read();
        if ($saved['pass'] == 1 || $saved['username'] == 1) {
            $current_user->Authenticate($user->username, $user->pass, false, $user->pass);
        } else {
            $current_user->Authenticate($user->username, $user->pass);
            $saved['profile'] = 1;
        }
        return $saved;
    } else {
        return 'There was a token error.';
    }
}
Esempio n. 3
0
 function Create()
 {
     global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
     if ($this->username == '') {
         return false;
     }
     if ($this->pass == '') {
         return false;
     }
     if ($this->email == '') {
         return false;
     }
     if (!user_exists($this->username)) {
         $userip = $_SERVER['REMOTE_ADDR'];
         $saltedpass = generateHash($this->pass);
         $sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
         $sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
         $arr = array();
         $i = 0;
         while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
             $arr[$i] = $row['0'];
             $i++;
         }
         $CategoriesId = implode(",", $arr);
         if (pligg_validate() == 1) {
             if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '" . $CategoriesId . "')")) {
                 $result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
                 $encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
                 $username = $this->username;
                 $password = $this->pass;
                 $my_base_url = $my_base_url;
                 $my_pligg_base = $my_pligg_base;
                 $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
                 $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
                 $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
                 eval("\$str = \"{$str}\";");
                 $message = "{$str}";
                 if (phpnum() >= 5) {
                     require "class.phpmailer5.php";
                 } else {
                     require "class.phpmailer4.php";
                 }
                 $mail = new PHPMailer();
                 $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
                 $mail->FromName = "Administrator";
                 $mail->AddAddress($this->email);
                 $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                 $mail->IsHTML(false);
                 $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
                 $mail->Body = $message;
                 if (!$mail->Send()) {
                     return false;
                     exit;
                 }
                 return true;
             } else {
                 return false;
             }
         } else {
             if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'" . $CategoriesId . "')")) {
                 return true;
             } else {
                 return false;
             }
         }
     } else {
         die('User already exists');
     }
 }
Esempio n. 4
0
 function Create()
 {
     global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
     if ($this->username == '') {
         return false;
     }
     if ($this->pass == '') {
         return false;
     }
     if ($this->email == '') {
         return false;
     }
     if (!user_exists($this->username)) {
         require_once mnminclude . 'check_behind_proxy.php';
         $userip = check_ip_behind_proxy();
         $saltedpass = generateHash($this->pass);
         if (pligg_validate()) {
             if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '')")) {
                 $result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
                 $encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
                 $username = $this->username;
                 $password = $this->pass;
                 $my_base_url = $my_base_url;
                 $my_pligg_base = $my_pligg_base;
                 $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
                 $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
                 $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
                 eval('$str = "' . str_replace('"', '\\"', $str) . '";');
                 $message = "{$str}";
                 if (phpnum() >= 5) {
                     require "class.phpmailer5.php";
                 } else {
                     require "class.phpmailer4.php";
                 }
                 $mail = new PHPMailer();
                 $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
                 $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
                 $mail->AddAddress($this->email);
                 $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                 $mail->IsHTML(false);
                 $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
                 $mail->CharSet = 'utf-8';
                 $mail->Body = $message;
                 if (!$mail->Send()) {
                     return false;
                     exit;
                 }
                 return true;
             } else {
                 return false;
             }
         } else {
             if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'')")) {
                 return true;
             } else {
                 return false;
             }
         }
     } else {
         die('User already exists');
     }
 }
Esempio n. 5
0
function save_profile()
{
    global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
    if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
        if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
            return;
        }
        if ($user->email != sanitize($_POST['email'], 3)) {
            if (!check_email(sanitize($_POST['email'], 3))) {
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
                return $savemsg;
            } elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
                // if email already exists
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
                return $savemsg;
            } else {
                if (pligg_validate()) {
                    $encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
                    $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
                    $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
                    $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
                    eval("\$str = \"{$str}\";");
                    $message = "{$str}";
                    if (phpnum() >= 5) {
                        require "libs/class.phpmailer5.php";
                    } else {
                        require "libs/class.phpmailer4.php";
                    }
                    $mail = new PHPMailer();
                    $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
                    $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
                    $mail->AddAddress($_POST['email']);
                    $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                    $mail->IsHTML(false);
                    $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
                    $mail->Body = $message;
                    $mail->CharSet = 'utf-8';
                    #print_r($mail);
                    if (!$mail->Send()) {
                        return false;
                    }
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
                } else {
                    $user->email = sanitize($_POST['email'], 3);
                }
            }
        }
        $user->url = sanitize($_POST['url'], 3);
        $user->public_email = sanitize($_POST['public_email'], 3);
        $user->location = sanitize($_POST['location'], 3);
        $user->occupation = sanitize($_POST['occupation'], 3);
        $user->aim = sanitize($_POST['aim'], 3);
        $user->msn = sanitize($_POST['msn'], 3);
        $user->yahoo = sanitize($_POST['yahoo'], 3);
        $user->gtalk = sanitize($_POST['gtalk'], 3);
        $user->skype = sanitize($_POST['skype'], 3);
        $user->irc = sanitize($_POST['irc'], 3);
        $user->names = sanitize($_POST['names'], 3);
        if (user_language) {
            $user->language = sanitize($_POST['language'], 3);
        }
        // module system hook
        $vars = '';
        check_actions('profile_save', $vars);
        $avatar_source = sanitize($_POST['avatarsource'], 3);
        if ($avatar_source != "" && $avatar_source != "useruploaded") {
            loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
            $avatar_source == "";
        }
        $user->avatar_source = $avatar_source;
        if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
            $oldpass = sanitize($_POST['oldpassword'], 3);
            $userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
            $saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
            if ($userX->user_pass == $saltedpass) {
                if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
                    return $savemsg;
                } else {
                    $saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
                    $user->pass = $saltedpass;
                    $user->store();
                    $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_PassUpdated");
                    return $savemsg;
                }
            } else {
                $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
                return $savemsg;
            }
        }
        $user->store();
        $user->read();
        if ($language != $user->language) {
            header("Location: " . getmyurl('profile'));
            exit;
        }
        $current_user->Authenticate($user->username, $user->pass);
        if (!isset($savemsg)) {
            $savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_DataUpdated");
        }
        return $savemsg;
    } else {
        return 'There was a token error.';
    }
}
Esempio n. 6
0
include 'config.php';
include mnminclude . 'html1.php';
include mnminclude . 'link.php';
include mnminclude . 'smartyvariables.php';
// Get values from the end user
$rcode = $db->escape(trim($_GET['code']));
$username = $db->escape(trim($_GET['uid']));
// Retrieve values from database
$user = "******" . table_users . " WHERE user_login = '******'";
global $db;
$result = $db->get_row($user);
if ($result) {
    if ($_GET['email']) {
        $decode = md5($_GET['email'] . $result->user_karma . $username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
    } else {
        $decode = md5($result->user_email . $result->user_karma . $username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
    }
} else {
    $main_smarty->assign('error', $main_smarty->get_config_vars('PLIGG_Validation_No_Results'));
}
// Compare values
if ($rcode == $decode) {
    $lastlogin = $db->get_var("SELECT user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
    if ($lastlogin == "0000-00-00 00:00:00") {
        $login_url = getmyurl("loginNoVar");
        $message = sprintf($main_smarty->get_config_vars('PLIGG_Validation_Message'), $login_url);
        $main_smarty->assign('message', $message);
        $sql = "UPDATE " . table_users . " SET user_lastlogin = now() WHERE user_login='******'";
        if (!@mysql_query($sql)) {
            $main_smarty->assign('error', $main_smarty->get_config_vars('PLIGG_Validation_Mysql_Error'));
        }