public static function restore()
{
if (!($user_logon = html_get_cookie('user_logon'))) {
return false;
}
if (!($user_token = html_get_cookie('user_token'))) {
return false;
}
if (!($uid = user_logon_token($user_logon, $user_token))) {
return false;
}
$user_logon = session::$db->escape($user_logon);
$user_token = session::$db->escape($user_token);
$current_datetime = date(MYSQL_DATETIME, time());
$sql = "SELECT SESSIONS.ID FROM USER_TOKEN INNER JOIN USER ON (USER.UID = USER_TOKEN.UID) ";
$sql .= "LEFT JOIN SESSIONS ON (SESSIONS.UID = USER_TOKEN.UID) WHERE USER.LOGON = '{$user_logon}'";
$sql .= "AND USER_TOKEN.TOKEN = '{$user_token}' AND USER_TOKEN.EXPIRES > '{$current_datetime}' ";
$sql .= "AND USER.UID = '{$uid}' GROUP BY USER.UID";
if (!($result = session::$db->query($sql))) {
return false;
}
if ($result->num_rows == 0) {
return false;
}
list($id) = $result->fetch_row();
if (isset($id) && !is_null($id)) {
html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS);
html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS);
return $id;
}
return false;
}
function logon_draw_form($logon_options)
{
$webtag = get_webtag();
forum_check_webtag_available($webtag);
// Make sure logon form argument is valid.
if (!is_numeric($logon_options)) {
$logon_options = LOGON_FORM_DEFAULT;
}
// Check for previously failed logon.
if (isset($_GET['logout_success']) && $_GET['logout_success'] == 'true') {
html_display_success_msg(gettext("You have successfully logged out."), '500', 'center');
} else {
if (isset($_GET['logon_failed']) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '500', 'center');
}
}
// Get the original requested page url.
$request_uri = get_request_uri();
// If the request is for logon.php then we are performing
// a normal login, otherwise potentially a failed session.
if (stristr($request_uri, 'logon.php')) {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
} else {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
}
// Check for any post data that we need to include in the form.
unset($_POST['user_logon'], $_POST['user_password'], $_POST['logon'], $_POST['webtag'], $_POST['register']);
// Add any post data into the form.
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Logon"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('user_logon', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('user_password', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
if (!($logon_options & LOGON_FORM_HIDE_TICKBOX) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"><hr class=\"bhseparatorlogon\" /></td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", form_checkbox('user_remember', 'Y', null, html_get_cookie('user_logon') && html_get_cookie('user_token')), "</td>\n";
echo " <td align=\"left\"><label for=\"user_remember\">", gettext("Remember me"), "</label></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"><span class=\"bhinputlogon_warning\">", gettext("Not recommended for shared computers"), "</span></td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
echo "<br />\n";
if (!($logon_options & LOGON_FORM_HIDE_LINKS)) {
echo "<hr class=\"bhlogonseparator\" />\n";
if (user_guest_enabled()) {
echo "<form accept-charset=\"utf-8\" name=\"guest\" action=\"logon.php?webtag={$webtag}\" method=\"post\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " <p>", sprintf(gettext("Enter as a %s"), form_submit('guest_logon', gettext("Guest"))), "</p>\n";
echo "</form>\n";
}
if (isset($_GET['final_uri']) && strlen(trim($_GET['final_uri'])) > 0) {
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", trim($_GET['final_uri'])) > 0) {
$final_uri = href_cleanup_query_keys($_GET['final_uri']);
}
}
if (isset($final_uri)) {
$final_uri = rawurlencode($final_uri);
$register_link = rawurlencode("register.php?webtag={$webtag}&final_uri={$final_uri}");
$forgot_pw_link = rawurlencode("forgot_pw.php?webtag={$webtag}&final_uri={$final_uri}");
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri={$register_link}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>") . "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes&final_uri={$final_uri}\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri={$forgot_pw_link}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
} else {
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri=register.php%3Fwebtag%3D{$webtag}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>"), "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri=forgot_pw.php%3Fwebtag%3D{$webtag}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
}
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Using a mobile device?"), "</h2>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&view=mobile\" target=\"", html_get_top_frame_name(), "\">", gettext("Mobile version"), "</a></p>\n";
}
}
function browser_mobile()
{
$mobile_browser = 0;
if (isset($_SERVER['HTTP_ACCEPT']) && strpos(strtolower($_SERVER['HTTP_ACCEPT']), 'application/vnd.wap.xhtml+xml') !== false) {
$mobile_browser++;
}
if (isset($_SERVER['HTTP_X_WAP_PROFILE'])) {
$mobile_browser++;
}
if (isset($_SERVER['HTTP_PROFILE'])) {
$mobile_browser++;
}
// User Agent from https://code.google.com/p/the-devices-detection/source/list
$mobile_agents = array('iPhone', 'iPad', 'iPod', 'incognito', 'webmate', 'dream', 'CUPCAKE', 'webOS', 's8000', 'Googlebot-Mobile', 'Palm', 'EudoraWeb', 'Blazer', 'AvantGo', 'Android', 'Windows CE', 'Cellphone', 'Small', 'MMEF20', 'Danger', 'hiptop', 'Proxinet', 'ProxiNet', 'Newt', 'PalmOS', 'NetFront', 'SHARP-TQ-GX10', 'SonyEricsson', 'SymbianOS', 'UP.Browser', 'UP.Link', 'TS21i-10', 'MOT-V', 'portalmmm', 'DoCoMo', 'Opera Mini', 'Palm', 'Handspring', 'Nokia', 'Kyocera', 'Samsung', 'Motorola', 'Mot', 'Smartphone', 'Blackberry', 'WAP', 'SonyEricsson', 'PlayStation Portable', 'LG', 'MMP', 'OPWV', 'Symbian', 'EPOC');
$mobile_agents_preg = implode('|', array_map('preg_quote_callback', $mobile_agents));
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/({$mobile_agents_preg})/u", $_SERVER['HTTP_USER_AGENT'])) {
$mobile_browser++;
}
if (isset($_SERVER['ALL_HTTP']) && strpos(strtolower($_SERVER['ALL_HTTP']), 'operamini') !== false) {
$mobile_browser++;
}
// Exclude Windows desktop browsers
if (isset($_SERVER['ALL_HTTP']) && strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'windows') !== false) {
$mobile_browser = 0;
}
// Windows Phone 7
if (isset($_SERVER['ALL_HTTP']) && strpos(strtolower($_SERVER['HTTP_USER_AGENT']), 'windows phone') !== false) {
$mobile_browser++;
}
if (html_get_cookie('view', 'full')) {
$mobile_browser = 0;
}
if (session::is_search_engine() || html_get_cookie('view', 'mobile')) {
$mobile_browser++;
}
return $mobile_browser > 0;
}
function html_get_user_style_path()
{
static $user_style = false;
if ($user_style === false) {
if (!($user_style = session::get_value('STYLE'))) {
$user_style = html_get_cookie('forum_style', null, forum_get_setting('default_style', null, 'default'));
}
if (!style_exists($user_style)) {
$user_style = forum_get_setting('default_style', null, 'default');
}
}
return $user_style;
}
require_once 'boot.php';
// Includes required by this page.
require_once BH_INCLUDE_PATH . 'constants.inc.php';
require_once BH_INCLUDE_PATH . 'format.inc.php';
require_once BH_INCLUDE_PATH . 'html.inc.php';
require_once BH_INCLUDE_PATH . 'lang.inc.php';
require_once BH_INCLUDE_PATH . 'logon.inc.php';
require_once BH_INCLUDE_PATH . 'session.inc.php';
require_once BH_INCLUDE_PATH . 'user.inc.php';
// User font size
if (($font_size = session::get_value('FONT_SIZE')) === false) {
$font_size = 10;
}
// User style
if (($user_style = session::get_value('STYLE')) === false) {
$user_style = html_get_cookie("forum_style", null, forum_get_setting('default_style', null, 'default'));
}
// User emoticons
if (($user_emoticons = session::get_value('EMOTICONS')) === false) {
$user_emoticons = forum_get_setting('default_emoticons');
}
// Get the user's saved left frame width.
if (($left_frame_width = session::get_value('LEFT_FRAME_WIDTH')) === false) {
$left_frame_width = 280;
}
// Construct the Javascript / JSON array
$json_data = array('webtag' => $webtag, 'uid' => session::get_value('UID'), 'lang' => array('imageresized' => gettext("This image has been resized (original size %dx%d). To view the full-size image click here."), 'deletemessagesconfirmation' => gettext("Are you sure you want to delete all of the selected messages?"), 'unquote' => gettext("Unquote"), 'quote' => gettext("Quote"), 'searchsuccessfullycompleted' => gettext("Search successfully completed."), 'confirmmarkasread' => gettext("Are you sure you want to mark the selected threads as read?"), 'waitdotdotdot' => gettext("Wait..."), 'more' => gettext("More"), 'pollquestion' => gettext("Poll Question"), 'deletequestion' => gettext("Delete question"), 'allowmultipleoptions' => gettext("Allow multiple options to be selected"), 'addnewoption' => gettext("Add new option"), 'deleteoption' => gettext("Delete option"), 'code' => gettext('code'), 'quote' => gettext('quote')), 'images' => array(), 'font_size' => $font_size, 'user_style' => $user_style, 'emoticons' => $user_emoticons, 'top_frame' => html_get_top_page(), 'left_frame_width' => $left_frame_width, 'forum_path' => server_get_forum_path(), 'use_mover_spoiler' => session::get_value('USE_MOVER_SPOILER'), 'frames' => array('index' => html_get_frame_name('index'), 'admin' => html_get_frame_name('admin'), 'start' => html_get_frame_name('start'), 'discussion' => html_get_frame_name('discussion'), 'user' => html_get_frame_name('user'), 'pm' => html_get_frame_name('pm'), 'main' => html_get_frame_name('main'), 'ftop' => html_get_frame_name('ftop'), 'fnav' => html_get_frame_name('fnav'), 'left' => html_get_frame_name('left'), 'right' => html_get_frame_name('right'), 'pm_folders' => html_get_frame_name('pm_folders'), 'pm_messages' => html_get_frame_name('pm_messages')));
if ($images_array = glob("styles/{$user_style}/images/*.png")) {
foreach ($images_array as $image_filename) {
$image_filename = basename($image_filename);
$json_data['images'][$image_filename] = html_style_image($image_filename);
