function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $template, $phpbb_container; if (!$config['allow_password_reset']) { trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')); } $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); $submit = isset($_POST['submit']) ? true : false; if ($submit) { $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_EMAIL_USER'); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error('NO_USER'); } if ($user_row['user_type'] == USER_INACTIVE) { if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) { trigger_error('ACCOUNT_DEACTIVATED'); } else { trigger_error('ACCOUNT_NOT_ACTIVATED'); } } // Check users permissions $auth2 = new \phpbb\auth\auth(); $auth2->acl($user_row); if (!$auth2->acl_get('u_chgpasswd')) { trigger_error('NO_AUTH_PASSWORD_REMINDER'); } $server_url = generate_board_url(); // Make password at least 8 characters long, make it longer if admin wants to. // gen_rand_string() however has a limit of 12 or 13. $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); // For the activation key a random length between 6 and 10 will do. $user_actkey = gen_rand_string(mt_rand(6, 10)); // Instantiate passwords manager $passwords_manager = $phpbb_container->get('passwords.manager'); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\tWHERE user_id = " . $user_row['user_id']; $db->sql_query($sql); include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template('user_activate_passwd', $user_row['user_lang']); $messenger->set_addresses($user_row); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}")); $messenger->send($user_row['user_notify_type']); meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } $template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))); $this->tpl_name = 'ucp_remind'; $this->page_title = 'UCP_REMIND'; }
function login($phpbb_user_id) { define('IN_PHPBB', true); define('PBB_ROOT_PATH', "D://www/phpBB3"); global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template; $phpEx = "php"; $phpbb_root_path = defined('PHPBB_ROOT_PATH') ? PHPBB_ROOT_PATH : PBB_ROOT_PATH . '/'; require_once $phpbb_root_path . 'config.' . $phpEx; include $phpbb_root_path . 'common.' . $phpEx; // $session_id = $user->session_begin($phpbb_user_id, $user_ip, 0, FALSE, 0); // $auth->acl($user->data); // $user->setup(); // // if ($session_id) { // return $session_id; // } // else // { // message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); // } $user->session_begin(); $auth->acl($user->data); $user->setup(); //Does user have phpBB3 account? $sql = 'SELECT user_id FROM ' . USERS_TABLE . "\r\n\t\t WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($user)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); if (!$row) { //Create phpBB3 user } //Signin automaticly for phpBB3 $user->session_create($row['user_id'], true, true, true); return true; }
/** * Run Tool * * Does the actual stuff we want the tool to do after submission */ function run_tool() { global $db, $template; $part = request_var('part', 0); $limit = 500; $i = 0; $sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE; $result = $db->sql_query_limit($sql, $limit, ($part * $limit)); while ($row = $db->sql_fetchrow($result)) { $i++; $username_clean = utf8_clean_string($row['username']); if ($username_clean != $row['username_clean']) { $db->sql_query('UPDATE ' . USERS_TABLE . " SET username_clean = '$username_clean' WHERE user_id = {$row['user_id']}"); } } $db->sql_freeresult($result); if ($i == $limit) { meta_refresh(0, append_sid(STK_INDEX, 't=reclean_usernames&submit=1&part=' . (++$part))); $template->assign_var('U_BACK_TOOL', false); trigger_error('RECLEAN_USERNAMES_NOT_COMPLETE'); } else { trigger_error('RECLEAN_USERNAMES_COMPLETE'); } }
public function create_welcome_topic($user_id) { if (!$this->config['welcomerobot_enable']) { return false; } if (!function_exists('get_username_string')) { include $this->root_path . 'includes/functions_content.' . $this->phpEx; } if (!function_exists('submit_post')) { include $this->root_path . 'includes/functions_posting.' . $this->phpEx; } $sql = 'SELECT * FROM ' . USERS_TABLE . "\n\t\t\tWHERE user_id = " . intval($user_id) . ""; $dbresult = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($dbresult); $this->db->sql_freeresult($dbresult); if (empty($row)) { return false; } $username = get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']); $clean_username = utf8_clean_string($row['username']); $topic_title = str_replace(array('%user', '%robot', '%board'), array($clean_username, $this->config['welcomerobot_username'], $this->config['sitename']), $this->config['welcomerobot_title']); $topic_content = str_replace(array('%user', '%robot', '%board'), array($clean_username, $this->config['welcomerobot_username'], $this->config['sitename']), $this->config['welcomerobot_detail']); $poll = $uid = $bitfield = $options = ''; // will be modified by generate_text_for_storage $allow_bbcode = $allow_urls = $allow_smilies = true; generate_text_for_storage($topic_content, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies); $data = array('forum_id' => $this->config['welcomerobot_forum'], 'topic_id' => 0, 'icon_id' => false, 'robot_name' => $this->config['welcomerobot_username'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $topic_content, 'message_md5' => md5($topic_content), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'post_edit_locked' => 0, 'topic_title' => $topic_title, 'notify_set' => false, 'notify' => false, 'post_time' => 0, 'forum_name' => '', 'enable_indexing' => true, 'force_approved_state' => true); submit_post('post', $topic_title, 'robot_name', POST_NORMAL, $poll, $data); return true; }
public function update_bots() { // Update bots if (!function_exists('user_delete')) { include $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext; } $bots_updates = array('NG-Search [Bot]' => false, 'Nutch/CVS [Bot]' => false, 'OmniExplorer [Bot]' => false, 'Seekport [Bot]' => false, 'Synoo [Bot]' => false, 'WiseNut [Bot]' => false, 'Baidu [Spider]' => 'Baiduspider', 'Exabot [Bot]' => 'Exabot', 'Voyager [Bot]' => 'voyager/', 'W3C [Validator]' => 'W3C_Validator'); foreach ($bots_updates as $bot_name => $bot_agent) { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' WHERE user_type = ' . USER_IGNORE . "\n\t\t\t\t\tAND username_clean = '" . $this->db->sql_escape(utf8_clean_string($bot_name)) . "'"; $result = $this->db->sql_query($sql); $bot_user_id = (int) $this->db->sql_fetchfield('user_id'); $this->db->sql_freeresult($result); if ($bot_user_id) { if ($bot_agent === false) { $sql = 'DELETE FROM ' . BOTS_TABLE . "\n\t\t\t\t\t\tWHERE user_id = {$bot_user_id}"; $this->sql_query($sql); user_delete('retain', $bot_user_id); } else { $sql = 'UPDATE ' . BOTS_TABLE . "\n\t\t\t\t\t\tSET bot_agent = '" . $this->db->sql_escape($bot_agent) . "'\n\t\t\t\t\t\tWHERE user_id = {$bot_user_id}"; $this->sql_query($sql); } } } }
/** * Checks to see if we can use this username for a merge, based on a few factors. * * @param string $username - The username to check * @param array &$errors - Errors array to work with * @return mixed - Return the user's ID (integer) if valid, return void if there was an error */ function check_user($username, &$errors, $old_user) { global $db, $user; // Grabbeth the old user's ID if (!empty($username)) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_id = (int) $db->sql_fetchfield('user_id'); $user_type = (int) $db->sql_fetchfield('user_type'); $db->sql_freeresult($result); // No such user. o_0 if (!$user_id) { $errors[] = $user->lang['NO_USER']; return; } } else { $errors[] = $user->lang['NO_USER_SPECIFIED']; return; } // Check to see if it is ourselves here if ($user_id === (int) $user->data['user_id'] && $old_user) { $errors[] = $user->lang['CANNOT_MERGE_SELF']; return; } // Make sure we aren't messing with a founder if ($user_type === USER_FOUNDER && $old_user && $user->data['user_type'] !== USER_FOUNDER) { $errors[] = $user->lang['CANNOT_MERGE_FOUNDER']; return; } return $user_id; }
/** * Run Tool * * Does the actual stuff we want the tool to do after submission */ function run_tool() { global $db, $template, $user, $phpbb_root_path, $phpEx; $part = request_var('part', 0); $limit = 500; $i = 0; $sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE; $result = $db->sql_query_limit($sql, $limit, $part * $limit); while ($row = $db->sql_fetchrow($result)) { $i++; $username_clean = $db->sql_escape(utf8_clean_string($row['username'])); if ($username_clean != $row['username_clean']) { $sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE . ' WHERE username_clean LIKE \'' . $username_clean . '\''; $res = $db->sql_query_limit($sql, 1); $duplicate = $db->sql_fetchrow($res); $db->sql_freeresult($res); if (!empty($duplicate)) { $url = append_sid("{$phpbb_root_path}adm/index.{$phpEx}", 'i=users&mode=overview&u=' . $duplicate['user_id'] . '&sid=' . $user->data['session_id']); $problem = append_sid("{$phpbb_root_path}adm/index.{$phpEx}", 'i=users&mode=overview&u=' . $row['user_id'] . '&sid=' . $user->data['session_id']); trigger_error(sprintf($user->lang['USER_ALREADY_EXISTS'], $duplicate['username'], $url, $row['username'], $problem), E_USER_WARNING); } $db->sql_query('UPDATE ' . USERS_TABLE . " SET username_clean = '{$username_clean}' WHERE user_id = {$row['user_id']}"); } } $db->sql_freeresult($result); if ($i == $limit) { meta_refresh(0, append_sid(STK_INDEX, 't=reclean_usernames&submit=1&part=' . ++$part)); $template->assign_var('U_BACK_TOOL', false); trigger_error('RECLEAN_USERNAMES_NOT_COMPLETE'); } else { trigger_error('RECLEAN_USERNAMES_COMPLETE'); } }
function onEdit($record, $old_record) { $auth_model = Configure::read('security.auth_model'); $username_field = $this->_controller->Auth->authenticate->userField; $email_field = $this->_controller->Auth->authenticate->emailField; // phpBB3 files need these global $phpbb_root_path, $phpEx; $phpbb_root_path = Configure::read('phpbb3.root_path'); $phpEx = 'php'; include $phpbb_root_path . 'config.php'; $bb3_class = "{$table_prefix}users"; $bb3_model = ClassRegistry::init($bb3_class); $bb3_user = $bb3_model->find('first', array('conditions' => array('username' => $old_record[$auth_model][$username_field]))); // We only care about username and email address changes if (empty($bb3_user) || $bb3_user[$bb3_class]['username'] == $record[$auth_model][$username_field] && $bb3_user[$bb3_class]['user_email'] == $record[$auth_model][$email_field]) { return; } // Includ a couple of things needed for function definitions define('IN_PHPBB', true); include $phpbb_root_path . 'includes/functions.php'; include $phpbb_root_path . 'includes/utf/utf_tools.php'; $clean = utf8_clean_string($record[$auth_model][$username_field]); $hash = phpbb_email_hash($record[$auth_model][$email_field]); $bb3_model->updateAll(array('username' => "'{$record[$auth_model][$username_field]}'", 'username_clean' => "'{$clean}'", 'user_email' => "'{$record[$auth_model][$email_field]}'", 'user_email_hash' => "'{$hash}'"), array('user_id' => $bb3_user[$bb3_class]['user_id'])); }
/** * Insert the image into the database */ public static function upload_image(&$image_data, $album_id) { global $user, $db; $sql_ary = array('image_filename' => $image_data['filename'], 'image_name' => $image_data['image_name'], 'image_name_clean' => utf8_clean_string($image_data['image_name']), 'image_user_id' => $user->data['user_id'], 'image_user_colour' => $user->data['user_colour'], 'image_username' => $image_data['username'], 'image_username_clean' => utf8_clean_string($image_data['username']), 'image_user_ip' => $user->ip, 'image_time' => $image_data['image_time'], 'image_album_id' => $image_data['image_album_id'], 'image_status' => phpbb_gallery::$auth->acl_check('i_approve', $album_id) ? phpbb_gallery_image::STATUS_APPROVED : phpbb_gallery_image::STATUS_UNAPPROVED, 'filesize_upload' => $image_data['image_filesize'], 'image_contest' => $image_data['image_contest'], 'image_exif_data' => $image_data['image_exif_data'], 'image_has_exif' => $image_data['image_has_exif']); $message_parser = new parse_message(); $message_parser->message = utf8_normalize_nfc($image_data['image_desc']); if ($message_parser->message) { $message_parser->parse(true, true, true, true, false, true, true, true); $sql_ary['image_desc'] = $message_parser->message; $sql_ary['image_desc_uid'] = $message_parser->bbcode_uid; $sql_ary['image_desc_bitfield'] = $message_parser->bbcode_bitfield; } else { $sql_ary['image_desc'] = ''; $sql_ary['image_desc_uid'] = ''; $sql_ary['image_desc_bitfield'] = ''; } $sql = 'INSERT INTO ' . GALLERY_IMAGES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); $image_id = $db->sql_nextid(); if (phpbb_gallery::$user->get_data('watch_own')) { $sql_ary = array('image_id' => $image_id, 'user_id' => $user->data['user_id']); $sql = 'INSERT INTO ' . GALLERY_WATCH_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql); } return array('image_id' => $image_id, 'image_name' => $image_data['image_name']); }
/** * Reset all bots */ function bots($error) { global $config, $db; if (isset($_POST['yes'])) { $sql = 'SELECT group_id, group_colour FROM ' . GROUPS_TABLE . "\n\t\t\t\tWHERE group_name = 'BOTS'"; $result = $db->sql_query($sql); $group_id = (int) $db->sql_fetchfield('group_id', false, $result); $group_colour = $db->sql_fetchfield('group_colour', 0, $result); $db->sql_freeresult($result); if (!$group_id) { // If we reach this point then something has gone very wrong $error[] = 'NO_BOT_GROUP'; return $error; } else { if (!function_exists('user_add')) { include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT; } // Remove existing bots $uids = array(); $sql = 'SELECT user_id FROM ' . BOTS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $uids[] = $row['user_id']; } $db->sql_freeresult($result); if (!empty($uids)) { // Remove all the bots foreach ($uids as $uid) { user_delete('remove', $uid); } // Clear out the bots table $db->sql_query('DELETE FROM ' . BOTS_TABLE); } // Add the bots foreach ($this->db_cleaner->data->bots as $bot_name => $bot_ary) { /* Clean the users table of any bots matching this... * this is an issue if a default bot was removed from the bots group. */ $username_clean = utf8_clean_string($bot_name); if (empty($username_clean)) { // This shouldn't happen but we should handle it anyway... continue; } $sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE username_clean = \'' . $db->sql_escape($username_clean) . '\''; $db->sql_query($sql); // `$bot_ary` can be false, if a bot was removed in a certain phpBB version if ($bot_ary === false) { continue; } $user_row = array('user_type' => USER_IGNORE, 'group_id' => $group_id, 'username' => $bot_name, 'user_regdate' => time(), 'user_password' => '', 'user_colour' => $group_colour, 'user_email' => '', 'user_lang' => $config['default_lang'], 'user_style' => 1, 'user_timezone' => 0, 'user_dateformat' => $config['default_dateformat'], 'user_allow_massemail' => 0); $user_id = user_add($user_row); if ($user_id) { $sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array('bot_active' => 1, 'bot_name' => (string) $bot_name, 'user_id' => (int) $user_id, 'bot_agent' => (string) $bot_ary[0], 'bot_ip' => (string) $bot_ary[1])); $result = $db->sql_query($sql); } } } } }
/** * If login failed set the conter +1 * * @param object $event The event object * @return null * @access public */ public function login_box_failed($event) { // Set the counter +1 $sql = 'UPDATE ' . USERS_TABLE . " SET failed_logins_count = failed_logins_count + 1\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($event['username'])) . "'"; $this->db->sql_query($sql); // Add to user log $this->log->add('user', ANONYMOUS, $this->user->ip, 'TRY_TO_LOGIN_FAIL', time(), array('reportee_id' => ANONYMOUS, 'username' => $event['username'])); }
function search_user_func() { global $user, $config, $auth, $db, $phpbb_root_path; // Start session management $user->session_begin(); $auth->acl($user->data); $user->setup(array('memberlist', 'groups')); if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('NO_VIEW_USERS'); } trigger_error('LOGIN_EXPLAIN_MEMBERLIST'); } if ($config['load_search'] || $auth->acl_get('a_')) { $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); $sql_where .= $username ? ' AND u.username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : ''; $sql_where .= $auth->acl_get('a_user') && $email ? ' OR u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : ''; } else { trigger_error('NO_VIEW_USERS'); } $page = request_var('page', 1); $per_page = request_var('perpage', 20); $start = ($page - 1) * $per_page; $default_key = 'c'; $sort_key = request_var('sk', $default_key); $sort_dir = request_var('sd', 'a'); $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber'); // Sorting and order if (!isset($sort_key_sql[$sort_key])) { $sort_key = $default_key; } $order_by .= $sort_key_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC'); // Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly if ($sort_key == 'm') { $order_by .= ', u.user_posts DESC'; } // Count the users ... if ($sql_where) { $sql = 'SELECT COUNT(u.user_id) AS total_users FROM ' . USERS_TABLE . " u\r\r\n\t\t\tWHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")\r\r\n\t\t\t{$sql_where}"; $result = $db->sql_query($sql); $total_users = (int) $db->sql_fetchfield('total_users'); $db->sql_freeresult($result); } else { $total_users = $config['num_users']; } // Get us some users :D $sql = "SELECT u.*\r\r\n\t\tFROM " . USERS_TABLE . " u\r\r\n\t\tWHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")\r\r\n\t\t\t{$sql_where}\r\r\n\t\tORDER BY {$order_by}"; $result = $db->sql_query_limit($sql, $per_page, $start); $user_list = array(); while ($row = $db->sql_fetchrow($result)) { $return_user_lists[] = new xmlrpcval(array('username' => new xmlrpcval(basic_clean($row['username']), 'base64'), 'user_id' => new xmlrpcval($row['user_id'], 'string'), 'icon_url' => new xmlrpcval(get_user_avatar_url($row['user_avatar'], $row['user_avatar_type']), 'string')), 'struct'); } $db->sql_freeresult($result); $suggested_users = new xmlrpcval(array('total' => new xmlrpcval($total_users, 'int'), 'list' => new xmlrpcval($return_user_lists, 'array')), 'struct'); return new xmlrpcresp($suggested_users); }
function clean_url($url) { $url = str_replace(array('Re:', 're:', ' '), '', $url); $find = array('?', '#', '%', '¿', '^', '.', '/', ' ', '_', ')', '[', ']', ':', '.'); $url = str_replace($find, '-', censor_text($url)); $url = str_replace(array('---', '--'), '-', $url); return utf8_clean_string($url); }
function main($id, $mode) { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $template; $username = request_var('username', '', true); $email = strtolower(request_var('email', '')); $submit = isset($_POST['submit']) ? true : false; if ($submit) { $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email = '" . $db->sql_escape($email) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_EMAIL_USER'); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error('NO_USER'); } if ($user_row['user_type'] == USER_INACTIVE) { if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) { trigger_error('ACCOUNT_DEACTIVATED'); } else { trigger_error('ACCOUNT_NOT_ACTIVATED'); } } // Check users permissions $auth2 = new auth(); $auth2->acl($user_row); if (!$auth2->acl_get('u_chgpasswd')) { trigger_error('NO_AUTH_PASSWORD_REMINDER'); } $server_url = generate_board_url(); $key_len = 54 - strlen($server_url); $key_len = max(6, $key_len); // we want at least 6 $key_len = $config['max_pass_chars'] ? min($key_len, $config['max_pass_chars']) : $key_len; // we want at most $config['max_pass_chars'] $user_actkey = substr(gen_rand_string(10), 0, $key_len); $user_password = gen_rand_string(8); $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\tWHERE user_id = " . $user_row['user_id']; $db->sql_query($sql); include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template('user_activate_passwd', $user_row['user_lang']); $messenger->to($user_row['user_email'], $user_row['username']); $messenger->im($user_row['user_jabber'], $user_row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}")); $messenger->send($user_row['user_notify_type']); meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}")); $message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } $template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword'))); $this->tpl_name = 'ucp_remind'; $this->page_title = 'UCP_REMIND'; }
public function get_user_id($username) { $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE username_clean = \'' . $this->db->sql_escape(utf8_clean_string($username)) . '\''; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); return $row['user_id']; }
/** * Display the output for this extension * * @return null * @access public */ public function display_output() { // Add the language file $this->language->add_lang('acp_activesessions', 'david63/activesessions'); // Start initial var setup $action = $this->request->variable('action', ''); $start = $this->request->variable('start', 0); $fc = $this->request->variable('fc', ''); $sort_key = $this->request->variable('sk', 's'); $sd = $sort_dir = $this->request->variable('sd', 'd'); $sort_dir = $sort_dir == 'd' ? ' DESC' : ' ASC'; $order_ary = array('i' => 's.session_ip' . $sort_dir . ', u.username_clean ASC', 's' => 's.session_start' . $sort_dir . ', u.username_clean ASC', 'u' => 'u.username_clean' . $sort_dir); $filter_by = ''; if ($fc == 'other') { for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) { $filter_by .= ' AND u.username_clean ' . $this->db->sql_not_like_expression(utf8_clean_string(chr($i)) . $this->db->get_any_char()); } } else { if ($fc) { $filter_by .= ' AND u.username_clean ' . $this->db->sql_like_expression(utf8_clean_string(substr($fc, 0, 1)) . $this->db->get_any_char()); } } $sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, s.*, f.forum_id, f.forum_name', 'FROM' => array(USERS_TABLE => 'u', SESSIONS_TABLE => 's'), 'LEFT_JOIN' => array(array('FROM' => array(FORUMS_TABLE => 'f'), 'ON' => 's.session_forum_id = f.forum_id')), 'WHERE' => 'u.user_id = s.session_user_id AND s.session_time >= ' . (time() - $this->config['session_length'] * 60) . $filter_by, 'ORDER_BY' => $sort_key == '' ? 'u.username_clean' : $order_ary[$sort_key])); $result = $this->db->sql_query_limit($sql, $this->config['topics_per_page'], $start); while ($row = $this->db->sql_fetchrow($result)) { $this->template->assign_block_vars('active_sessions', array('ADMIN' => $row['session_admin'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'AUTO_LOGIN' => $row['session_autologin'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'BROWSER' => $row['session_browser'], 'FORUM' => $row['forum_id'] > 0 ? $row['forum_name'] : '', 'LAST_VISIT' => $this->user->format_date($row['session_last_visit']), 'SESSION_FORWARD' => $row['session_forwarded_for'], 'SESSION_ID' => $row['session_id'], 'SESSION_IP' => $row['session_ip'], 'SESSION_KEY' => $row['session_id'] . $row['user_id'], 'SESSION_ONLINE' => $row['session_viewonline'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'SESSION_PAGE' => $row['session_page'], 'SESSION_START' => $this->user->format_date($row['session_start']), 'SESSION_TIME' => $this->user->format_date($row['session_time']), 'USERNAME' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']))); } $this->db->sql_freeresult($result); $sort_by_text = array('u' => $this->language->lang('SORT_USERNAME'), 'i' => $this->language->lang('SESSION_IP'), 's' => $this->language->lang('SESSION_START')); $limit_days = array(); $s_sort_key = $s_limit_days = $s_sort_dir = $u_sort_param = ''; gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param); // Get total session count for output $sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'COUNT(s.session_id) AS total_sessions', 'FROM' => array(USERS_TABLE => 'u', SESSIONS_TABLE => 's'), 'WHERE' => 'u.user_id = s.session_user_id' . $filter_by)); $result = $this->db->sql_query($sql); $session_count = (int) $this->db->sql_fetchfield('total_sessions'); $this->db->sql_freeresult($result); $action = "{$this->u_action}&sk={$sort_key}&sd={$sd}"; $link = $session_count ? adm_back_link($action . '&start=' . $start) : ''; if ($session_count == 0) { trigger_error($this->language->lang('NO_SESSION_DATA') . $link); } $start = $this->pagination->validate_start($start, $this->config['topics_per_page'], $session_count); $this->pagination->generate_template_pagination($action, 'pagination', 'start', $session_count, $this->config['topics_per_page'], $start); $first_characters = array(); $first_characters[''] = $this->language->lang('ALL'); for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) { $first_characters[chr($i)] = chr($i); } $first_characters['other'] = $this->language->lang('OTHER'); foreach ($first_characters as $char => $desc) { $this->template->assign_block_vars('first_char', array('DESC' => $desc, 'U_SORT' => $action . '&fc=' . $char)); } $this->template->assign_vars(array('ACTIVE_SESSIONS_VERSION' => ext::ACTIVE_SESSIONS_VERSION, 'S_SORT_DIR' => $s_sort_dir, 'S_SORT_KEY' => $s_sort_key, 'TOTAL_USERS' => $this->language->lang('TOTAL_SESSIONS', (int) $session_count), 'U_ACTION' => $action)); }
function repair() { global $db; $stylelist = filelist(PHPBB_ROOT_PATH . 'styles/', '', 'cfg'); ksort($stylelist); // Loop throught the files and try to find a style we can use. // To be usable the directory name in the style.cfg is the same as the directory. foreach (array_keys($stylelist) as $styledirname) { if (!in_array('style.cfg', $stylelist[$styledirname])) { continue; } // Read the cfg, should always be index 0 $items = parse_cfg_file(PHPBB_ROOT_PATH . 'styles/' . $styledirname . 'style.cfg'); // Unify the name in the cfg to something used as a directory // Spaces -> '_' // All lowercase $stylename = utf8_clean_string(str_replace(' ', '_', $items['name'])); // Clean up the dirname $dirname = substr($styledirname, -1) == '/' ? substr($styledirname, 0, -1) : $styledirname; // If not the same switch to the next one if ($dirname != $stylename) { continue; } // If this style isn't installed we will install the style at this point. $sql = 'SELECT style_id FROM ' . STYLES_TABLE . "\n\t\t\t\tWHERE style_name = '" . $db->sql_escape($items['name']) . "'"; $result = $db->sql_query($sql); $this->sid = $db->sql_fetchfield('style_id', false, $result); $db->sql_freeresult($result); if (empty($this->sid)) { // Nasty, but the style installer fetches these in the method o_0 $GLOBALS['_REQUEST']['path'] = $stylename; $GLOBALS['_POST']['update'] = true; // Call the style installer $this->ac->install('style'); // Fetch the id $sql = 'SELECT style_id FROM ' . STYLES_TABLE . "\n\t\t\t\t\tWHERE style_name = '" . $db->sql_escape($items['name']) . "'"; $result = $db->sql_query($sql); $this->sid = $db->sql_fetchfield('style_id', false, $result); $db->sql_freeresult($result); } // Set this style as the active style set_config('default_style', $this->sid); set_config('override_user_style', 1); // Overriding the style should enable the board for everyone return; } echo 'The support toolkit couldn\'t find an available style. Please seek further assistance in the support forums on <a href="http://www.phpbb.com/community/viewforum.php?f=46" title="phpBB.com Support forum">phpbb.com</a>'; garbage_collection(); exit_handler(); }
public function edit_user_ranks() { $this->template->assign_vars(array('U_ACTION' => $this->u_action, 'S_FIND_USER' => true, 'U_FIND_USERNAME' => append_sid("{$this->root_path}memberlist.{$this->php_ext}", 'mode=searchuser&form=select_user&field=username&select_single=true'))); $submit = isset($_POST['submit-user']) ? true : false; if ($submit) { $username = utf8_normalize_nfc(request_var('username', '', true)); $user_sql = 'SELECT * FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $user_result = $this->db->sql_query($user_sql); $user_row = $this->db->sql_fetchrow($user_result); $user_id = (int) $user_row['user_id']; $this->db->sql_freeresult($user_result); if (!$user_id) { trigger_error($this->user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING); } $rank_sql = 'SELECT * FROM ' . RANKS_TABLE . ' WHERE rank_special = 1 ORDER BY rank_title'; $rank_result = $this->db->sql_query($rank_sql); $s_rank_one_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; $s_rank_two_options = '<option value="0"' . (!$user_row['user_rank_two'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; $s_rank_three_options = '<option value="0"' . (!$user_row['user_rank_three'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>'; while ($row = $this->db->sql_fetchrow($rank_result)) { $selected1 = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : ''; $s_rank_one_options .= '<option value="' . $row['rank_id'] . '"' . $selected1 . '>' . $row['rank_title'] . '</option>'; $selected2 = $user_row['user_rank_two'] && $row['rank_id'] == $user_row['user_rank_two'] ? ' selected="selected"' : ''; $s_rank_two_options .= '<option value="' . $row['rank_id'] . '"' . $selected2 . '>' . $row['rank_title'] . '</option>'; $selected3 = $user_row['user_rank_three'] && $row['rank_id'] == $user_row['user_rank_three'] ? ' selected="selected"' : ''; $s_rank_three_options .= '<option value="' . $row['rank_id'] . '"' . $selected3 . '>' . $row['rank_title'] . '</option>'; } $this->db->sql_freeresult($result); $this->template->assign_vars(array('ACP_MR_USER' => sprintf($this->user->lang['ACP_EDIT_USER_RANK'], $user_row['username']), 'S_EDIT_RANKS' => true, 'S_FIND_USER' => false, 'S_RANK_ONE_OPTIONS' => $s_rank_one_options, 'S_RANK_TWO_OPTIONS' => $s_rank_two_options, 'S_RANK_THREE_OPTIONS' => $s_rank_three_options, 'HIDDEN_RANK_USER_ID' => $user_id)); } add_form_key('submit-rank-key'); $upd_rank = isset($_POST['submit-rank']) ? true : false; if ($upd_rank) { if (check_form_key('submit-rank-key')) { $rank_one = request_var('user_rank_one', 0); $rank_two = request_var('user_rank_two', 0); $rank_thr = request_var('user_rank_three', 0); $upd_user_id = request_var('hidden_user_id', 0); $upd_sql = 'UPDATE ' . USERS_TABLE . ' SET user_rank = ' . $rank_one . ', user_rank_two = ' . $rank_two . ', user_rank_three = ' . $rank_thr . ' WHERE user_id = ' . $upd_user_id; $this->db->sql_query($upd_sql); trigger_error($this->user->lang('ACP_MR_SAVED') . adm_back_link($this->u_action)); } } }
/** * Load a user by username * * Stores the full data in the user cache so they do not need to be loaded again * Returns the user id so you may use get_user() from the returned value * * @param string $username Raw username to load (will be cleaned) * @return int User ID for the username */ public function load_user_by_username($username) { $sql = 'SELECT * FROM ' . $this->users_table . "\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'"; $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); if ($row) { $this->users[$row['user_id']] = $row; return $row['user_id']; } return ANONYMOUS; }
/** * Run Tool * * Does the actual stuff we want the tool to do after submission */ function run_tool(&$error) { global $db, $plugin, $user; if (!confirm_box(true) && !check_form_key('make_founder')) { $error[] = 'FORM_INVALID'; return; } $user_req = utf8_normalize_nfc(request_var('user_to_founder', '', true)); if (!$user_req) { $error[] = 'NO_USER'; return; } $sql = 'SELECT user_id, username, user_type FROM ' . USERS_TABLE . ' WHERE ' . ((!is_numeric($user_req)) ? 'username_clean = \'' . $db->sql_escape(utf8_clean_string($user_req)) . '\'' : 'user_id = ' . (int) $user_req); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_id = (int) $row['user_id']; $username = $row['username']; if (!$user_id) { $error[] = 'NO_USER'; return; } if ($row['user_type'] == USER_FOUNDER) { $error[] = sprintf($user->lang['USER_ALREADY_FOUNDER'], $username); return; } // Let's confirm just in case they enter the wrong username (and that username happens to be registered). if (confirm_box(true)) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_FOUNDER)) . ' WHERE user_id = ' . $user_id); trigger_error(sprintf($user->lang['MAKE_FOUNDER_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username)); } else { $hidden_fields = build_hidden_fields(array('user_to_founder' => $user_req, 'submit' => true)); confirm_box(false, sprintf($user->lang['MAKE_FOUNDER_CONFIRM'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username), $hidden_fields); } redirect(append_sid(STK_INDEX, 't=make_founder', true, $user->session_id)); }
function getWhereClause($username) { $phpbb_db = $this->getDb(); $fields = $phpbb_db->getTableFields('#__users'); $where_clause = ""; if (isset($username)) { if (isset($fields['#__users']['login_name'])) { $where_clause = "login_name = '" . $username . "'"; } else { $where_clause = "username_clean = " . $phpbb_db->Quote(utf8_clean_string($username)); } } return $where_clause; }
/** * Validate that all the data is correct * * @return array empty array on success, array with (string) errors ready for output on failure */ public function validate() { $error = array(); if (utf8_clean_string($this->faq_subject) === '') { $error[] = phpbb::$user->lang['EMPTY_SUBJECT']; } $message_length = utf8_strlen($this->faq_text); if ($message_length < (int) phpbb::$config['min_post_chars']) { $error[] = sprintf(phpbb::$user->lang['TOO_FEW_CHARS_LIMIT'], $message_length, (int) phpbb::$config['min_post_chars']); } else { if (phpbb::$config['max_post_chars'] > 0 && $message_length > (int) phpbb::$config['max_post_chars']) { $error[] = sprintf(phpbb::$user->lang['TOO_MANY_CHARS_POST'], $message_length, (int) phpbb::$config['max_post_chars']); } } return $error; }
/** * Load the category * * @param int|string $category The category (category_name_clean, category_id) * * @return bool True if the category exists, false if not */ public function load($category) { $sql = 'SELECT * FROM ' . $this->sql_table . ' WHERE '; if (is_numeric($category)) { $sql .= 'category_id = ' . (int) $category; } else { $sql .= 'category_name_clean = \'' . phpbb::$db->sql_escape(utf8_clean_string($category)) . '\''; } $result = phpbb::$db->sql_query($sql); $this->sql_data = phpbb::$db->sql_fetchrow($result); phpbb::$db->sql_freeresult($result); if (empty($this->sql_data)) { return false; } foreach ($this->sql_data as $key => $value) { $this->{$key} = $value; } return true; }
/** * Run Tool * * Does the actual stuff we want the tool to do after submission */ function run_tool(&$error) { global $config, $db, $user; if (!check_form_key('change_password')) { $error[] = 'FORM_INVALID'; return; } $user_req = utf8_normalize_nfc(request_var('user_req', '', true)); if (!$user_req) { $error[] = 'NO_USER'; return; } $sql = 'SELECT user_id, username, user_type FROM ' . USERS_TABLE . ' WHERE ' . (!is_numeric($user_req) ? 'username_clean = \'' . $db->sql_escape(utf8_clean_string($user_req)) . '\'' : 'user_id = ' . (int) $user_req); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $user_id = (int) $row['user_id']; $username = $row['username']; if (!$user_id) { $error[] = 'NO_USER'; return; } $user->add_lang('ucp'); if (!function_exists('validate_data')) { include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT; } $data = array('new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true)); if ($data['new_password'] != $data['password_confirm']) { $error[] = 'NEW_PASSWORD_ERROR'; return; } $error = validate_data($data, array('new_password' => array('password'), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']))); if (!empty($error)) { return; } $db->sql_query('UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_password' => phpbb_hash($data['new_password']))) . ' WHERE user_id = ' . $user_id); add_log('admin', 'LOG_USER_NEW_PASSWORD', $user_req); trigger_error(sprintf($user->lang['CHANGE_PASSWORD_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username)); }
/** * Display the form * * @access public */ public function displayform() { $this->user->add_lang_ext('rmcgirr83/applicationform', 'application'); // user can't be a guest and can't be a bot if ($this->user->data['is_bot'] || $this->user->data['user_id'] == ANONYMOUS) { throw new http_exception(401, 'LOGIN_APPLICATION_FORM'); } add_form_key('appform'); if ($this->request->is_set_post('submit')) { // Test if form key is valid if (!check_form_key('appform')) { trigger_error($this->user->lang['FORM_INVALID'], E_USER_WARNING); } if (utf8_clean_string($this->request->variable('name', '')) === '' || utf8_clean_string($this->request->variable('why', '')) === '') { trigger_error($this->user->lang['APP_NOT_COMPLETELY_FILLED'], E_USER_WARNING); } $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' WHERE forum_id = ' . (int) $this->config['appform_forum_id']; $result = $this->db->sql_query($sql); $forum_name = $this->db->sql_fetchfield('forum_name'); $this->db->sql_freeresult($result); // Setting the variables we need to submit the post to the forum where all the applications come in $subject = sprintf($this->user->lang['APPLICATION_SUBJECT'], $this->user->data['username']); $apply_post = sprintf($this->user->lang['APPLICATION_MESSAGE'], get_username_string('full', $this->user->data['user_id'], $this->user->data['username'], $this->user->data['user_colour']), utf8_normalize_nfc($this->request->variable('name', '', true)), $this->user->data['user_email'], $this->request->variable('postion', '', true), utf8_normalize_nfc($this->request->variable('why', '', true))); // variables to hold the parameters for submit_post $uid = $bitfield = $options = ''; generate_text_for_storage($apply_post, $uid, $bitfield, $options, true, true, true); $data = array('forum_id' => $this->config['appform_forum_id'], 'icon_id' => false, 'poster_id' => $this->user->data['user_id'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $apply_post, 'message_md5' => md5($apply_post), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'poster_ip' => $this->user->ip, 'post_edit_locked' => 0, 'topic_title' => $subject, 'notify_set' => false, 'notify' => false, 'post_time' => time(), 'forum_name' => $forum_name, 'enable_indexing' => true, 'force_approved_state' => true, 'force_visibility' => true); $poll = array(); // Submit the post! submit_post('post', $subject, $this->user->data['username'], POST_NORMAL, $poll, $data); $message = $this->user->lang['APPLICATION_SEND']; $message = $message . '<br /><br />' . sprintf($this->user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>'); trigger_error($message); } $this->template->assign_vars(array('APPLICATION_POSITIONS' => $this->display_positions(explode("\n", $this->config['appform_positions'])))); // Send all data to the template file return $this->helper->render('appform_body.html', $this->user->lang('APPLICATION_PAGETITLE')); }
public function main() { global $config, $phpbb_root_path, $phpEx; global $db, $user, $auth, $template; $username = request_var('username', '', true); $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason FROM ' . USERS_TABLE . "\r\r\n\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$user_row) { trigger_error('NO_EMAIL_USER'); } if ($user_row['user_type'] == USER_IGNORE) { trigger_error('NO_USER'); } if ($user_row['user_type'] == USER_INACTIVE) { if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) { trigger_error('ACCOUNT_DEACTIVATED'); } else { trigger_error('ACCOUNT_NOT_ACTIVATED'); } } // Check users permissions $auth2 = new auth(); $auth2->acl($user_row); if (!$auth2->acl_get('u_chgpasswd')) { trigger_error('NO_AUTH_PASSWORD_REMINDER'); } $result = tt_register_verify($_POST['tt_token'], $_POST['tt_code']); if ($result->result && $user_row['user_email'] == $result->email) { $this->result = true; $this->verify = true; return; } $this->result = false; $this->result_text = 'Sorry, you can only retrieve your password from browser.'; return; }
/** * Load Author * * @param mixed $user The user name/user id to load, false to use the already given user_id */ public function load($user = false) { if ($user === false) { $sql_where = 'u.user_id = ' . $this->user_id; } else { if (!is_numeric($user)) { $sql_where = 'u.username_clean = \'' . phpbb::$db->sql_escape(utf8_clean_string($user)) . '\''; } else { $sql_where = 'u.user_id = ' . (int) $user; } } $sql_ary = array('SELECT' => 'a.*, u.*', 'FROM' => array(USERS_TABLE => 'u'), 'LEFT_JOIN' => array(array('FROM' => array($this->sql_table => 'a'), 'ON' => 'a.user_id = u.user_id')), 'WHERE' => $sql_where); $sql = phpbb::$db->sql_build_query('SELECT', $sql_ary); $result = phpbb::$db->sql_query($sql); if (!($this->sql_data = phpbb::$db->sql_fetchrow($result))) { return false; } $this->__set_array($this->sql_data); // Store in the users overlord as well users_overlord::$users[$this->user_id] = $this->sql_data; return true; }
/** * Get the user ids from a list of usernames * * @param \phpbb\db\driver\driver_interface $db * @param string $list List of usernames * @param string $separator Delimiter. Defaults to new line character * @return array Returns array in form of * array( * 'ids' => array(), * 'missing' => array(), * ) */ public static function get_user_ids_from_list(\phpbb\db\driver\driver_interface $db, $list, $separator = "\n") { $users = array('ids' => array(), 'missing' => array()); if (!$list) { return $users; } $usernames = explode($separator, $list); foreach ($usernames as &$username) { $users['missing'][$username] = $username; $username = utf8_clean_string($username); } $sql = 'SELECT username, username_clean, user_id FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $usernames) . ' AND user_type != ' . USER_IGNORE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { unset($users['missing'][$row['username']], $users['missing'][$row['username_clean']]); $users['ids'][$row['username']] = $row['user_id']; } $db->sql_freeresult($result); return $users; }
/** * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { global $config, $db, $user, $phpbb_root_path, $phpEx; $method = trim(basename($config['auth_method'])); include_once $phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx; $method = 'login_' . $method; if (function_exists($method)) { $login = $method($username, $password); // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) { // we are going to use the user_add function so include functions_user.php if it wasn't defined yet if (!function_exists('user_add')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } user_add($login['user_row'], isset($login['cp_data']) ? $login['cp_data'] : false); $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . "\n\t\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'AUTH_NO_PROFILE_CREATED', 'user_row' => array('user_id' => ANONYMOUS)); } $login = array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row); } // If login succeeded, we will log the user in... else we pass the login array through... if ($login['status'] == LOGIN_SUCCESS) { $old_session_id = $user->session_id; if ($admin) { global $SID, $_SID; $cookie_expire = time() - 31536000; $user->set_cookie('u', '', $cookie_expire); $user->set_cookie('sid', '', $cookie_expire); unset($cookie_expire); $SID = '?sid='; $user->session_id = $_SID = ''; } $result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline); // Successful session creation if ($result === true) { // If admin re-authentication we remove the old session entry because a new one has been created... if ($admin) { // the login array is used because the user ids do not differ for re-authentication $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($old_session_id) . "'\n\t\t\t\t\t\t\tAND session_user_id = {$login['user_row']['user_id']}"; $db->sql_query($sql); } return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $login['user_row']); } return array('status' => LOGIN_BREAK, 'error_msg' => $result, 'user_row' => $login['user_row']); } return $login; } trigger_error('Authentication method not found', E_USER_ERROR); }
/** * Login function */ function login_ldap(&$username, &$password) { global $db, $config, $user; // do not allow empty password if (!$password) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS)); } if (!$username) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } if (!@extension_loaded('ldap')) { return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', 'user_row' => array('user_id' => ANONYMOUS)); } $config['ldap_port'] = (int) $config['ldap_port']; if ($config['ldap_port']) { $ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']); } else { $ldap = @ldap_connect($config['ldap_server']); } if (!$ldap) { return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 'user_row' => array('user_id' => ANONYMOUS)); } @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); if ($config['ldap_user'] || $config['ldap_password']) { if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password']))) { return $user->lang['LDAP_NO_SERVER_CONNECTION']; } } $search = @ldap_search($ldap, $config['ldap_base_dn'], ldap_user_filter($username), empty($config['ldap_email']) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1); $ldap_result = @ldap_get_entries($ldap, $search); if (is_array($ldap_result) && sizeof($ldap_result) > 1) { if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) { @ldap_close($ldap); $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($row) { unset($ldap_result); // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } // Successful login... set user_login_attempts to zero... return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row); } else { // retrieve default group id $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } // generate user account data $ldap_user_row = array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => !empty($config['ldap_email']) ? $ldap_result[0][$config['ldap_email']][0] : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip); unset($ldap_result); // this is the user's first login so create an empty profile return array('status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, 'user_row' => $ldap_user_row); } } else { unset($ldap_result); @ldap_close($ldap); // Give status about wrong password... return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => array('user_id' => ANONYMOUS)); } } @ldap_close($ldap); return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); }