function au_login()
{
global $aulis;
// Error messages!
$errormsg = array();
// Are we currently attempting to login?
if (isset($_POST['au_login'])) {
// Did we provide our username?
if (empty($_POST['au_username'])) {
$errormsg[] = LOGIN_NO_USERNAME;
}
// What about our password?
if (empty($_POST['au_password'])) {
$errormsg[] = LOGIN_NO_PASSWORD;
}
// Create variables that are easier to type
$login['username'] = $_POST['au_username'];
$login['password'] = $_POST['au_password'];
// Usernames don't contain HTML
if ($login['username'] != htmlspecialchars($login['username'], ENT_NOQUOTES, 'UTF-8', false)) {
$errormsg[] = LOGIN_USERNAME_NO_HTML;
}
// We don't want to mess up the database
$login['username'] = mysqli_real_escape_string($aulis['connection'], $login['username']);
// Hash the password
$login['password'] = au_hash($login['password']);
// Okay. Now check if the database has any record of the user
$result = au_query("\n\t\t\tSELECT user_id, user_username, user_password\n\t\t\t\tFROM users\n\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t");
// This is only run if the user exists
foreach ($result as $userlogin) {
// Get the user id
$userid = $userlogin['user_id'];
// Does the password match?
if ($userlogin['user_password'] == $login['password']) {
$correctpass = true;
} else {
$errormsg[] = LOGIN_PASSWORD_FAIL;
}
}
// Can we login?
if (!empty($correctpass)) {
// The user agent
$login['user_agent'] = mysqli_real_escape_string($aulis['connection'], $_SERVER['HTTP_USER_AGENT']);
// The IP address
$login['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
// How long should we keep the session active?
$sessionlength = !empty($_POST['au_forever']) ? '0' : '60';
// Set the session
$_SESSION[$setting['session_name']] = array('user' => $userid, 'agent' => $login['user_agent'], 'ip' => $login['user_ip'], 'sessionlength' => $sessionlength);
// Show a nice information page
template_info('login_success', 'login_success_title', 'user_green.png', $basefilenq, 'login_link');
}
}
// This array is used in the login template
$logindata = array('errors' => empty($_POST['au_login']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($login['username']) ? $login['username'] : '');
// Okay, load this app's template
au_load_template('login', false);
// Show the registration template
au_template_login(!empty($login_complete) ? true : false);
}
function au_show_entry()
{
// Praise the big $aulis
global $aulis;
// We can't access this file, if not from index.php, so let's check
if (!defined('aulis')) {
header("Location: index.php");
}
// We need to decrypt the blog id, if numeric
if (isset($_GET['id']) and is_numeric($_GET['id'])) {
$entry_id = au_decrypt_blog_id($_GET['id']);
} else {
$entry_id = 0;
}
// Try to obtain the entry from the big (or small, it all depends) database
if ($aulis['blog']['entry'] = au_get_blog_entry($entry_id)) {
// Prepare some url inputs
$aulis['blog']['url_input'] = array("app" => "blogentry", "id" => $aulis['blog']['entry']->entry_id, "title" => $aulis['blog']['entry']->blog_name);
// Load the template
au_load_template("blog_entry");
} else {
au_error_box(BLOG_NOT_FOUND);
}
}
function au_template_blog_index()
{
// Our template needs the big $aulis
global $aulis;
// What error do we need to show if no entries are found?
$no_entries = BLOG_NO_ENTRIES_FOUND;
// The sidebar, needs to be on top
au_load_template('blog_sidebar');
// If we are searching, we need to have a title and such
if (isset($_GET['search']) && !isset($_GET['category'], $_GET['tag']) && ($no_entries = sprintf(BLOG_SEARCH_NO_ENTRIES, $aulis['blog_search']))) {
au_out('<div class="blog_preview_page_title"><span class="float-right lowercase">' . sprintf(BLOG_SEARCH_FOUND_HITS, au_format_number($aulis['blog_count'], 0), $aulis['blog_count'] > 1 || $aulis['blog_count'] == 0 ? BLOG_SEARCH_FOUND_HITS_PLURAL : BLOG_SEARCH_FOUND_HITS_SINGULAR) . '</span>
<h1>' . sprintf(BLOG_SEARCH_TITLE, '\'' . $aulis['blog_search'] . '\'') . '</h1></div>
<div class="blog_preview_page_title_sub"><a class="button" href="' . au_blog_url() . '">' . au_icon('arrow_left', 8) . 'Back to blog</a><br /><br /></div>');
}
// If we are in category, the title needs to show that
if (isset($_GET['category']) && is_numeric($_GET['category']) && !isset($_GET['search'], $_GET['tag']) and $no_entries = BLOG_CATEGORY_NO_ENTRIES) {
au_out('<div class="blog_preview_page_title"><span class="float-right lowercase">' . sprintf(BLOG_FOUND_HITS, au_format_number($aulis['blog_count'], 0), $aulis['blog_count'] > 1 || $aulis['blog_count'] == 0 ? BLOG_FOUND_HITS_PLURAL : BLOG_FOUND_HITS_SINGULAR) . '</span>
<h1>' . sprintf(BLOG_CATEGORY_TITLE, '\'' . au_get_blog_category_name($aulis['blog_category']) . '\'') . '</h1></div>
<div class="blog_preview_page_title_sub"><a class="button" href="' . au_blog_url() . '">' . au_icon('arrow_left', 8) . 'Back to blog</a><br /><br /></div>');
}
// If there are no entries parsed, we need to show that
if (!isset($aulis['page']['blog_preview']) || empty($aulis['page']['blog_preview'])) {
au_error_box($no_entries, 'blog_preview');
}
// Let's output the page links we want into $aulis['blog_preview'], so that it gets parsed in a nice wrapper
au_out('<br /><div class="maxwidth">' . au_blog_index_timeline_links() . '</div>', $aulis['blog_count'] != 0 and $aulis['blog_max_offset'] != 0, 'blog_preview');
// Finalize the output; rendering it into nice wrappers.
$output = '';
foreach ($aulis['page']['blog_preview'] as $number => $entry) {
$output .= '<div class="blog_preview_wrapper w-' . $number . '">' . $entry . '</div>';
}
// Wrap it again, for easy jQuery selection of all preview elements
au_out('<div class="blog_previews">' . $output . '</div>');
// We want a clean page
au_out('<br class="clear" />');
}
function au_error_box($error, $output = 'content')
{
// Hello there, $aulis...
global $aulis;
// Transfer the error via the $aulis variable
$aulis['error_box_contents'] = $error;
$aulis['error_box_output'] = $output;
// Load the error box template
return au_load_template("global_error_box");
}
function au_register()
{
global $aulis, $setting, $language;
// We might need this later
$errormsg = array();
$register = array();
// Ok, so are we currently attempting to add a new account to the database?
if (!empty($_POST['aulis_register'])) {
// Let's check if we've filled out the entire form
$reg_fields = array('username', 'password', 'password2', 'email', 'month', 'day', 'year');
// Have they?
foreach ($reg_fields as $impfield) {
// It's empty...
if (empty($_POST['aulis_' . $impfield])) {
// The error message
$errormsg[] = constant('REGISTER_PLEASE_NO_BLANK_' . ($impfield == 'month' || $impfield == 'day' || $impfield == 'year' ? 'BIRTHDATE' : strtoupper($impfield)));
// We don't want to continue
$fail = true;
} else {
// But first, make sure we don't screw up the database
$_POST['aulis_' . $impfield] = au_db_escape($_POST['aulis_' . $impfield]);
// And now let's do what we came here to do
$register[$impfield] = $_POST['aulis_' . $impfield];
}
}
// Continue if we didn't mess up
if (empty($fail)) {
// The username shouldn't be too long
if (strlen($register['username']) > 16) {
$errormsg[] = REGISTER_USERNAME_TOO_LONG;
} elseif (strlen($register['username']) < 5) {
$errormsg[] = REGISTER_USERNAME_TOO_SHORT;
}
// Does it contain HTML?
if ($register['username'] != htmlspecialchars($register['username'], ENT_NOQUOTES, 'UTF-8', false)) {
$errormsg[] = REGISTER_USERNAME_NO_HTML;
}
// Check the password length
if (strlen($register['password']) > 16) {
$errormsg[] = REGISTER_PASSWORD_TOO_LONG;
} elseif (strlen($register['password']) < 5) {
$errormsg[] = REGISTER_PASSWORD_TOO_SHORT;
}
// Does it contain both letters and numbers? Thanks to Mohammad Naji (Stackoverflow)
if (!preg_match('/[A-Z]+[a-z]+[0-9]+/', $register['password'])) {
$errormsg[] = REGISTER_PASSWORD_WEAK;
}
// Is the password the same as the username?
if ($register['username'] == $register['password']) {
$errormsg[] = REGISTER_PASSWORD_NO_USERNAME;
}
// Do the passwords match?
if (!$register['password'] == $register['password2']) {
$errormsg[] = REGISTER_PASSWORD_NO_MATCH;
}
// Let's proceed with the email.
if (!filter_var($register['email'], FILTER_VALIDATE_EMAIL)) {
$errormsg[] = REGISTER_EMAIL_INVALID;
}
// Okay, so now let's check the day of birth
if (!is_numeric($register['day'])) {
$errormsg[] = REGISTER_BIRTHDATE_DAY_NOT_NUMERIC;
}
// The month should also be numeric
if (!is_numeric($register['month'])) {
$errormsg[] = REGISTER_BIRTHDATE_MONTH_NOT_NUMERIC;
}
// And the year?
if (!is_numeric($register['year'])) {
$errormsg[] = REGISTER_BIRTHDATE_YEAR_NOT_NUMERIC;
}
// Okay, so can the user actually be born on this date?
$months = array(1 => 31, 2 => 29, 3 => 31, 4 => 30, 5 => 31, 6 => 30, 7 => 31, 8 => 31, 9 => 30, 10 => 31, 11 => 30, 12 => 31);
// Please tell me we didn't somehow mess up the month
if ($register['month'] > 12 || $register['month'] < 1) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
} elseif ($register['day'] > $months[$register['month']]) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
}
// It should at least be on the first day of the specified month
if ($register['day'] < 1) {
$errormsg[] = REGISTER_BIRTHDATE_WRONG;
}
// Validate the age
if (date("Y") - $register['year'] > 100) {
$errormsg[] = REGISTER_CONFIRM_AGE;
} elseif (date("Y") - $register['year'] < $setting['minimum_age']) {
$errormsg[] = REGISTER_TOO_YOUNG;
}
// Registration questions!
if (!$setting['security_questions'] == 0) {
// Start with 0 questions
$questions = 0;
// Get all the questions from the database
$result = au_query("\n\t\t\t\t\tSELECT *\n\t\t\t\t\t\tFROM questions\n\t\t\t\t", true);
// Now check them
foreach ($result as $question) {
// Was it in the form?
if (!empty($_POST['aulis_squestion_' . $question['question_id']])) {
// Convert the answer to lowercase
$_POST['aulis_squestion_' . $question['question_id']] = strtolower($_POST['aulis_squestion_' . $question['question_id']]);
// Wrong answer.
if (!$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer1'] && !$_POST['aulis_squestion_' . $question['question_id']] == $question['question_answer2']) {
$errormsg[] = REGISTER_QUESTION_WRONG . $question['question_title'];
}
// Increase the number of questions that have been answered, but only if it's the right language
if ($question['question_language'] == 'English' || $question['question_language'] == $setting['lang_current']) {
$questions + 1;
}
} else {
$errormsg[] = REGISTER_QUESTION_FRAUD;
}
}
// So do we have all of them?
if ($questions < $setting['security_questions']) {
// Apparently not. How many questions SHOULD it have shown?
$number_questions = 0;
// Let's find out
foreach ($result as $question) {
if ($question['question_language'] == $setting['lang_current']) {
$number_questions + 1;
}
}
// Is there a reason for us to fall back to English questions?
if ($number_questions < $setting['security_questions'] && $setting['lang_current'] != 'English') {
// So how many ENGLISH questions are there
$result = au_query("\n\t\t\t\t\t\t\tSELECT *\n\t\t\t\t\t\t\t\tFROM questions\n\t\t\t\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\t\t");
// Let's count
foreach ($result as $anotherquestion) {
$number_questions + 1;
}
}
// Okay, so do we have enough now?
if (!$questions == $number_questions) {
$errormsg[] = REGISTER_QUESTION_FRAUD;
}
}
}
// Do we already have a user registered with the same name?
$result = au_query("\n\t\t\t\tSELECT user_id, user_username\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_username = '******'username'] . "'\n\t\t\t", true);
// Let's check.
foreach ($result as $foundusername) {
$errormsg[] = REGISTER_USERNAME_UNAVAILABLE;
}
// What about the email?
$result2 = au_query("\n\t\t\t\tSELECT user_id, user_email\n\t\t\t\t\tFROM users\n\t\t\t\t\tWHERE user_email = '" . $register['email'] . "'\n\t\t\t", true);
// Let's check again
foreach ($result2 as $foundemail) {
$errormsg[] = REGISTER_EMAIL_IN_USE;
}
// Generate a random activation code
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
// Start with an empty code
$register['activation_code'] = '';
// Now let's walk through the characters we want to use
for ($chars = 0; $chars < 15; $chars++) {
$register['activation_code'] .= $characters[rand(0, 61)];
}
// Okay, somehow we still haven't messed up. Let's proceed with the registration process
if (empty($errormsg)) {
// Hash the password
$register['password'] = au_hash_password($register['password'], $register['username'], $register['activation_code']);
// Create a joint birthdate string
$register['birthdate'] = $register['month'] . '/' . $register['day'] . '/' . $register['year'];
// What's the date?
$register['regdate'] = date("n/j/Y");
// Are we using email verification?
if ($setting['email_activation'] == 1) {
$register['activated'] = 0;
} else {
$register['activated'] = 1;
}
// Exiting times. Let's add the account to the database.
$result = au_query("\n\t\t\t\t\tINSERT INTO users (user_username, user_password, user_email, user_birthdate, user_regdate, user_ip, user_language, user_theme, user_activated, user_actcode)\n\t\t\t\t\tVALUES (\n\t\t\t\t\t\t'" . $register['username'] . "',\n\t\t\t\t\t\t'" . $register['password'] . "',\n\t\t\t\t\t\t'" . $register['email'] . "',\n\t\t\t\t\t\t'" . $register['birthdate'] . "',\n\t\t\t\t\t\t'" . $register['regdate'] . "',\n\t\t\t\t\t\t'" . $_SERVER['REMOTE_ADDR'] . "',\n\t\t\t\t\t\t'" . $setting['lang_current'] . "',\n\t\t\t\t\t\t'" . $setting['theme'] . "',\n\t\t\t\t\t\t'" . $register['activated'] . "',\n\t\t\t\t\t\t'" . $register['activation_code'] . "'\n\t\t\t\t\t)\n\t\t\t\t");
// Did it work?
if (!$result == true) {
$errormsg[] = REGISTRATION_FAILED;
}
// Send an activation email
if ($setting['email_activation'] == 1) {
// Get the email app
include $setting['dir_apps'] . '/Email.app.php';
// Send it
$result = au_activation_mail($register['activation_code'], $register['username'], $register['email']);
// Did it actually work?
if (!$result) {
$errormsg[] = REGISTER_FAIL_MAIL;
}
}
// We've just registered our account. Let's show a 'Thank you!'-message
if (empty($errormsg)) {
$registration_complete = true;
}
}
}
}
// This array is used in the template, and determines what should be shown, i.e. if there are any errors, what fields have already been filled in, etc.
$reg_data = array('errors' => empty($_POST['aulis_register']) ? 0 : 1, 'error_message' => $errormsg, 'username' => !empty($register['username']) ? $register['username'] : '', 'email' => !empty($register['email']) ? $register['email'] : '', 'birthdate_year' => !empty($register['year']) ? $register['year'] : '', 'birthdate_month' => !empty($register['month']) ? $register['month'] : '', 'birthdate_day' => !empty($register['day']) ? $register['day'] : '', 'questions' => array());
// Do we have any registration questions set?
if (!$setting['security_questions'] == 0) {
// Okay, so what we're going to do now is pretty simple. We're just going to load the questions from the database, and the template deals with showing them.
$result = au_query("\n\t\t\tSELECT *\n\t\t\t\tFROM questions\n\t\t\t\tWHERE question_language = '" . $setting['lang_current'] . "'\n\t\t\t\tORDER BY RAND()\n\t\t\t\tLIMIT " . $setting['security_questions'] . "\n\t\t", true);
$questions = 0;
// Walk through each of them
foreach ($result as $question) {
// Add it to the array
$reg_data['questions'][] = $question;
// Increase the number of questions
$questions + 1;
}
// Do we have enough questions? It's possible this language doesn't have too many, but maybe English does
if (!$questions == $setting['security_questions'] && !$setting['lang_current'] == 'English') {
// How many are we missing?
$missing = $questions['security_questions'] - $questions;
// Now get those questions from the ENGLISH list
$result = au_query("\n\t\t\t\tSELECT *\n\t\t\t\t\tFROM questions\n\t\t\t\t\tWHERE question_language = 'English'\n\t\t\t\t\tORDER BY RAND()\n\t\t\t\t\tLIMIT " . $missing . "\n\t\t\t", true);
// Add these to the template as well. This time we don't need to increase the number of questions.
foreach ($result as $question) {
$reg_data['questions'][] = $question;
}
}
}
// Okay, load this app's template
au_load_template('Register', false);
// Show the registration template
au_template_register($reg_data, !empty($registration_complete) ? true : false);
}
function au_show_blog_preview($entry)
{
// Oh big $aulis, hear my prayer
global $aulis;
// The au_blog_url input for this entry
$aulis['blog_url_input'] = array("app" => "blogentry", "id" => $entry->entry_id, "title" => $entry->blog_name);
// Transfer the entry
$aulis['blog_entry'] = $entry;
// We need to know how many comments we have though
$aulis['blog_comment_count'] = $entry->comment_count;
// Load the preview template
return au_load_template("blog_preview");
}