// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after the email is sent)
$redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
redirect(luna_htmlspecialchars($redirect_url));
} elseif ($action == 'out') {
if ($luna_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $luna_user['id']) {
header('Location: index.php');
exit;
}
check_csrf($_GET['csrf_token']);
// Remove user from "users online" list
$db->query('DELETE FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
// Update last_visit (make sure there's something to update it with)
if (isset($luna_user['logged'])) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
}
luna_setcookie(1, luna_hash(uniqid(rand(), true)), time() + 31536000);
redirect('index.php');
} elseif ($action == 'forget' || $action == 'forget_2') {
if (!$luna_user['is_guest']) {
header('Location: index.php');
exit;
}
if (isset($_POST['form_sent'])) {
// Start with a clean slate
$errors = array();
require FORUM_ROOT . 'include/email.php';
// Validate the email address
$email = strtolower(luna_trim($_POST['req_email']));
if (!is_valid_email($email)) {
message(__('The email address you entered is invalid.', 'luna'));
exit;
Login at <login_url> to activate the account.
--
<board_mailer> Mailer
(Do not reply to this message)', 'luna'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $luna_config['o_board_title'], $mail_subject);
$mail_message = str_replace('<base_url>', get_base_url() . '/', $mail_message);
$mail_message = str_replace('<username>', $username, $mail_message);
$mail_message = str_replace('<password>', $password1, $mail_message);
$mail_message = str_replace('<login_url>', get_base_url() . '/login.php', $mail_message);
$mail_message = str_replace('<board_mailer>', $luna_config['o_board_title'], $mail_message);
luna_mail($email1, $mail_subject, $mail_message);
message(__('Thank you for registering. Your password has been sent to the specified address. If it doesn\'t arrive you can contact the forum administrator at', 'luna') . ' <a href="mailto:' . luna_htmlspecialchars($luna_config['o_admin_email']) . '">' . luna_htmlspecialchars($luna_config['o_admin_email']) . '</a>.', true);
}
luna_setcookie($new_uid, $password_hash, time() + $luna_config['o_timeout_visit']);
redirect('index.php');
}
}
$page_title = array(luna_htmlspecialchars($luna_config['o_board_title']), __('Register', 'luna'));
$required_fields = array('req_user' => __('Username', 'luna'), 'req_password1' => __('Password', 'luna'), 'req_password2' => __('Confirm password', 'luna'), 'req_email1' => __('Email', 'luna'), 'req_email2' => __('Email', 'luna') . ' 2');
$focus_element = array('register', 'req_user');
define('LUNA_ACTIVE_PAGE', 'register');
require load_page('header.php');
require load_page('register.php');
require load_page('footer.php');
}
function check_cookie(&$luna_user)
{
global $db, $db_type, $luna_config, $cookie_name, $cookie_seed;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $cookie_seed . '_cookie_hash') != $cookie['cookie_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$luna_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($luna_user['id']) || forum_hmac($luna_user['password'], $cookie_seed . '_password_hash') !== $cookie['password_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $luna_config['o_timeout_visit'] ? $now + 1209600 : $now + $luna_config['o_timeout_visit'];
luna_setcookie($luna_user['id'], $luna_user['password'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(FORUM_ROOT . 'lang/' . $luna_user['language'])) {
$luna_user['language'] = $luna_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(FORUM_ROOT . 'themes/' . $luna_user['style'] . '/style.css')) {
$luna_user['style'] = $luna_config['o_default_style'];
}
if (!$luna_user['disp_topics']) {
$luna_user['disp_topics'] = $luna_config['o_disp_topics_default'];
}
if (!$luna_user['disp_posts']) {
$luna_user['disp_posts'] = $luna_config['o_disp_posts_default'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('FORUM_QUIET_VISIT')) {
// Update the online list
if (!$luna_user['logged']) {
$luna_user['logged'] = $now;
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ' WHERE NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($luna_user['logged'] < $now - $luna_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$luna_user['last_visit'] = $luna_user['logged'];
}
$idle_sql = $luna_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $luna_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $luna_config['o_timeout_visit']);
}
}
} else {
if (!$luna_user['logged']) {
$luna_user['logged'] = $luna_user['last_visit'];
}
}
$luna_user['is_guest'] = false;
$luna_user['is_admmod'] = $luna_user['g_id'] == FORUM_ADMIN || $luna_user['g_moderator'] == '1';
} else {
set_default_user();
}
}
$result = $db->query('SELECT * FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch password', __FILE__, __LINE__, $db->error());
$cur_user = $db->fetch_assoc($result);
$authorized = false;
if (!empty($cur_user['password'])) {
$old_password_hash = luna_hash($old_password);
if ($cur_user['password'] == $old_password_hash || $luna_user['is_admmod']) {
$authorized = true;
}
}
if (!$authorized) {
message(__('Wrong old password.', 'luna'));
}
$new_password_hash = luna_hash($new_password1);
$db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $new_password_hash . '\'' . (!empty($cur_user['salt']) ? ', salt=NULL' : '') . ' WHERE id=' . $id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
if ($luna_user['id'] == $id) {
luna_setcookie($luna_user['id'], $new_password_hash, time() + $luna_config['o_timeout_visit']);
}
redirect('settings.php?id=' . $id);
}
} elseif ($action == 'change_email') {
// Make sure we are allowed to change this user's email
if ($luna_user['id'] != $id) {
if (!$luna_user['is_admmod']) {
// A regular user trying to change another user's email?
message(__('You do not have permission to access this page.', 'luna'), false, '403 Forbidden');
} elseif ($luna_user['g_moderator'] == '1') {
// A moderator trying to change a user's email?
$result = $db->query('SELECT u.group_id, g.g_moderator FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON (g.g_id=u.group_id) WHERE u.id=' . $id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if (!$db->num_rows($result)) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
