/**
* Declare that an action succeeded - delete safety autosave cookies.
*/
function clear_ocp_autosave()
{
$or_list = '';
foreach (array_keys($_COOKIE) as $key) {
if (substr($key, 0, 13) == 'ocp_autosave_') {
require_code('users_active_actions');
// Has to do both, due to inconsistencies with how PHP reads and sets cookies -- reading de-urlencodes (although not strictly needed), whilst setting does not urlencode; may differ between versions
ocp_setcookie(urlencode($key), '0', true);
ocp_setcookie($key, '0', true);
if ($or_list != '') {
$or_list .= ' OR ';
}
$or_list .= db_string_equal_to('a_key', $key);
}
}
if ($or_list != '') {
$GLOBALS['SITE_DB']->query('DELETE FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'autosave WHERE a_time<' . strval(time() - 60 * 60 * 24) . ' OR (a_member_id=' . strval(intval(get_member())) . ' AND (' . $or_list . '))');
}
}
/**
* Determine whether the user's browser supports cookies or not.
* Unfortunately this function will only return true once a user has been to the site more than once... ocPortal will set a cookie, and if it perseveres, that indicates cookies work.
*
* @return boolean Whether the user has definitely got cookies
*/
function has_cookies()
{
global $HAS_COOKIES;
if ($HAS_COOKIES !== NULL) {
return $HAS_COOKIES;
}
/*if (($GLOBALS['DEBUG_MODE']) && (get_param_integer('keep_debug_has_cookies',0)==0) && (!running_script('occle'))) We know this works by now, was tested for years. Causes annoyance when developing
{
$_COOKIE=array();
return false;
}*/
if (isset($_COOKIE['has_cookies'])) {
$HAS_COOKIES = true;
return true;
}
require_code('users_active_actions');
ocp_setcookie('has_cookies', '1');
$HAS_COOKIES = false;
return false;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
global $SITE_INFO;
$cookie_prefix = preg_replace('/\\[logpass\\]/', '', $SITE_INFO['pass_cookie']);
unset($name);
unset($password);
$row = $this->get_member_row($id);
$logpass = $row['cookpass'];
//cookie var [logpass]
$loguid = $row['id'];
//cookie var [loguid]
if (empty($logpass)) {
$logpass = $this->generateRandStr(32);
$this->connection->query('UPDATE ' . $this->connection->get_table_prefix() . 'users SET cookpass=\'' . db_escape_string($logpass) . '\' WHERE id=' . strval((int) $id), 1);
}
//Set a COOKIE of User ID
ocp_setcookie($cookie_prefix . '[loguid]', $loguid);
//Set a CookPass
ocp_setcookie($cookie_prefix . '[logpass]', $logpass);
$session_row = $this->connection->query('SELECT * FROM ' . $this->connection->get_table_prefix() . 'sessions WHERE uid=' . strval((int) $id), 1);
$session_row = !empty($session_row[0]) ? $session_row[0] : array();
$session_id = !empty($session_row['sid']) ? $session_row['sid'] : '';
if (!empty($session_id)) {
$this->connection->query('UPDATE ' . $this->connection->get_table_prefix() . 'sessions SET time=' . strval(time()) . ' WHERE uid=' . strval((int) $id), 1);
} else {
$session_id = strtolower($this->generateRandStr(32));
$this->connection->query_insert('sessions', array('sid' => $session_id, 'uid' => $id, 'time' => time(), 'data' => '', 'ip' => $row['r_ip']));
}
//Now lets try and set a COOKIE of AEF Session ID
@ocp_setcookie($cookie_prefix . '[aefsid]', $session_id);
$_COOKIE[$cookie_prefix . '[logpass]'] = $logpass;
$_COOKIE[$cookie_prefix . '[loguid]'] = strval($loguid);
$_COOKIE[$cookie_prefix . '[aefsid]'] = $session_id;
}
/**
* The actualiser for toggling invisible mode.
*
* @return tempcode The UI.
*/
function invisible()
{
if (get_option('is_on_invisibility') == '1') {
$visible = array_key_exists(get_session_id(), $GLOBALS['SESSION_CACHE']) && $GLOBALS['SESSION_CACHE'][get_session_id()]['session_invisible'] == 0;
} else {
$visible = false;
// Small fudge: always say thay are not visible now, so this will make them visible -- because they don't have permission to be invisible
}
$title = get_page_title($visible ? 'INVISIBLE' : 'BE_VISIBLE');
$GLOBALS['SITE_DB']->query_update('sessions', array('session_invisible' => $visible ? 1 : 0), array('the_user' => get_member(), 'the_session' => get_session_id()), '', 1);
global $SESSION_CACHE;
if ($SESSION_CACHE[get_session_id()]['the_user'] == get_member()) {
$SESSION_CACHE[get_session_id()]['session_invisible'] = $visible ? 1 : 0;
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
decache('side_users_online');
// Store in cookie, if we have login cookies around
if (array_key_exists(get_member_cookie(), $_COOKIE)) {
require_code('users_active_actions');
ocp_setcookie(get_member_cookie() . '_invisible', strval($visible ? 1 : 0));
$_COOKIE[get_member_cookie() . '_invisible'] = strval($visible ? 1 : 0);
}
$url = get_param('redirect', NULL);
if (is_null($url)) {
$_url = build_url(array('page' => ''), '');
$url = $_url->evaluate();
}
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$real_session_cookie = 'sid';
} else {
$real_member_cookie = $member_cookie_name;
$real_pass_cookie = get_pass_cookie();
$real_session_cookie = preg_replace('#\\_u$#', '_sid', $real_member_cookie);
}
$hash = substr(uniqid(strval(mt_rand(0, 32000)), true), 0, 17);
$this->connection->query_insert('sessions_keys', array('key_id' => md5($hash), 'user_id' => $id, 'last_ip' => ip2long(get_ip_address()), 'last_login' => time()));
$session_id = uniqid(strval(mt_rand(0, 32000)), true);
$this->connection->query_insert('sessions', array('session_id' => $session_id, 'session_user_id' => $id, 'session_forum_id' => 0, 'session_last_visit' => time(), 'session_start' => time(), 'session_time' => time(), 'session_ip' => get_ip_address(), 'session_browser' => get_browser_string(), 'session_forwarded_for' => '', 'session_page' => '', 'session_viewonline' => 1, 'session_autologin' => 1, 'session_admin' => $this->_is_super_admin($id)));
$cookie = serialize(array($real_member_cookie => strval($id), $real_pass_cookie => $hash, $real_session_cookie => $session_id));
if ($colon_pos !== false) {
ocp_setcookie($base, $cookie);
$_COOKIE[$base] = $cookie;
} else {
ocp_setcookie($real_member_cookie, strval($id));
ocp_setcookie($real_pass_cookie, $hash);
ocp_setcookie($real_session_cookie, $session_id);
$_COOKIE[$real_member_cookie] = strval($id);
$_COOKIE[$real_pass_cookie] = $hash;
$_COOKIE[$real_session_cookie] = $session_id;
}
}
/**
* Save the user's options into a cookie.
*
* @return tempcode The UI
*/
function chat_options()
{
$title = get_page_title('ROOM');
$value = post_param('text_colour', get_option('chat_default_post_colour')) . ';' . post_param('font_name', get_option('chat_default_post_font')) . ';';
require_code('users_active_actions');
ocp_setcookie('ocp_chat_prefs', $value);
$url = build_url(array('page' => '_SELF', 'type' => 'room', 'id' => get_param('id'), 'no_reenter_message' => 1), '_SELF');
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
// User
ocp_setcookie(get_member_cookie(), strval($id));
$_COOKIE[get_member_cookie()] = strval($id);
// Password
$_password = $this->get_member_row_field($id, 'member_login_key');
ocp_setcookie(get_pass_cookie(), $_password);
$_COOKIE[get_pass_cookie()] = $_password;
// Set stronghold
global $SITE_INFO;
if (array_key_exists('stronghold_cookies', $SITE_INFO) && $SITE_INFO['stronghold_cookies'] == 1) {
$ip_octets = explode('.', ocp_srv('REMOTE_ADDR'));
$crypt_salt = md5(get_db_forums_password() . get_db_forums_user());
$a = get_member_cookie();
$b = get_pass_cookie();
for ($i = 0; $i < strlen($a) && $i < strlen($b); $i++) {
if ($a[$i] != $b[$i]) {
break;
}
}
$cookie_prefix = substr($a, 0, $i);
$stronghold = md5(md5(strval($id) . '-' . $ip_octets[0] . '-' . $ip_octets[1] . '-' . $_password) . $crypt_salt);
ocp_setcookie($cookie_prefix . 'ipb_stronghold', $stronghold);
}
}
/**
* Change the current working directory. Equivalent to Unix "cd".
*
* @param array The target directory path
* @return boolean Success?
*/
function change_directory($target_directory)
{
//Change the current directory
if ($this->_is_dir($target_directory)) {
$this->pwd = $target_directory;
ocp_setcookie('occle_dir', $this->_pwd_to_string($target_directory));
return true;
} else {
return false;
}
}
/**
* Handle flood control for members.
*
* @param MEMBER The member ID that just got detected
*/
function ocf_flood_control($id)
{
global $NON_PAGE_SCRIPT;
if ($NON_PAGE_SCRIPT == 1) {
return;
}
global $FLOOD_CONTROL_ONCE;
if ($FLOOD_CONTROL_ONCE) {
return;
}
$FLOOD_CONTROL_ONCE = true;
if (get_page_name() == 'join') {
return;
}
if (!running_script('index') && !running_script('iframe')) {
return;
}
require_code('ocf_groups');
// Set last visit time session cookie if it doesn't exist
if (!array_key_exists('last_visit', $_COOKIE) && $GLOBALS['FORUM_DRIVER']->get_guest_id() != $id) {
require_code('users_active_actions');
$lvt = $this->get_member_row_field($id, 'm_last_visit_time');
ocp_setcookie('last_visit', is_null($lvt) ? strval(time()) : strval($lvt), true);
$new_visit = true;
} else {
$new_visit = false;
}
// Do some flood control
$submitting = count($_POST) > 0 && get_param('type', NULL) !== 'ed' && get_param('type', NULL) !== 'ec' && !running_script('preview');
$restrict = $submitting ? 'flood_control_submit_secs' : 'flood_control_access_secs';
$restrict_setting = $submitting ? 'm_last_submit_time' : 'm_last_visit_time';
$restrict_answer = ocf_get_best_group_property($this->get_members_groups($id), $restrict);
if (!$submitting && array_key_exists('redirect', $_GET)) {
$restrict_answer = 0;
}
if ($restrict_answer < 0) {
$restrict_answer = 0;
}
$last = $this->get_member_row_field($id, $restrict_setting);
if ($last > time()) {
$last = time() - $restrict_answer;
}
// Weird clock problem
$wait_time = $restrict_answer - time() + $last;
if ($wait_time > 0 && addon_installed('stats')) {
require_code('site');
log_stats('/flood', 0);
$time_threshold = 30;
$count_threshold = 50;
$query = 'SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'stats WHERE date_and_time>' . strval(time() - $time_threshold) . ' AND date_and_time<' . strval(time()) . ' AND ' . db_string_equal_to('ip', get_ip_address());
$count = $GLOBALS['SITE_DB']->query_value_null_ok_full($query);
if ($count >= $count_threshold && addon_installed('securitylogging')) {
$ip = get_ip_address();
require_code('failure');
add_ip_ban($ip);
require_code('notifications');
dispatch_notification('auto_ban', NULL, do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()), do_lang('AUTO_BAN_DOS_MESSAGE', $ip, integer_format($count_threshold), integer_format($time_threshold), get_site_default_lang()), NULL, A_FROM_SYSTEM_PRIVILEGED);
}
if (!function_exists('require_lang')) {
require_code('lang');
}
if (!function_exists('do_lang_tempcode')) {
require_code('tempcode');
}
require_lang('ocf');
warn_exit(do_lang_tempcode('FLOOD_CONTROL_RESTRICT', integer_format($wait_time)));
}
$extra = $submitting ? array('m_last_submit_time' => time()) : array();
$dif = time() - $this->get_member_row_field($id, 'm_last_visit_time');
if ($dif < 0) {
$dif = 0;
}
// can happen if system clock changes
if (is_guest($id)) {
if (get_value('session_prudence') !== '1') {
global $SESSION_CACHE;
$num_guests = 0;
foreach ($SESSION_CACHE as $c) {
if (!array_key_exists('the_user', $c)) {
continue;
}
// Workaround to HipHop PHP weird bug
if ($c['last_activity'] > time() - 60 * 4 && is_guest($c['the_user'])) {
$num_guests++;
}
}
$dif *= $num_guests;
} else {
$restrict_answer = 0;
}
}
if ($submitting || count($_POST) == 0 && $dif > $wait_time) {
if ($restrict_answer != 0 || $dif > 180 || $new_visit) {
$old_ip = $this->get_member_row_field($id, 'm_ip_address');
$change_map = array('m_last_visit_time' => time());
if (get_ip_address() != $old_ip) {
$change_map['m_ip_address'] = get_ip_address();
}
if (get_db_type() != 'xml') {
$this->connection->query_update('f_members', $change_map + $extra, array('id' => $id), '', 1, NULL, false, true);
}
}
}
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
// User
ocp_setcookie(get_member_cookie(), strval($id));
$_COOKIE[get_member_cookie()] = strval($id);
// Password
$password_hashed = $this->get_member_row_field($id, 'password');
global $SITE_INFO;
$_password = md5($password_hashed . $SITE_INFO['vb_unique_id']);
ocp_setcookie(get_pass_cookie(), $_password);
$_COOKIE[get_pass_cookie()] = $_password;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
/*// User
ocp_setcookie(get_member_cookie(),$id);
$_COOKIE[get_member_cookie()]=$id;
// Password
$_password=md5($id.$password);
ocp_setcookie(get_pass_cookie(),$_password);
$_COOKIE[get_pass_cookie()]=$_password;*/
if (is_null($name)) {
$name = $this->get_username($id);
}
$data = $name . '||' . md5($password) . '||0||||||||';
ocp_setcookie('wowbb', $data);
$_COOKIE['wowbb'] = $data;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
$base = substr($member_cookie_name, 0, $colon_pos);
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$hash = substr(uniqid(strval(mt_rand(0, 32000)), true), 0, 17);
$cookie = serialize(array($real_member_cookie => strval($id), $real_pass_cookie => $hash));
$this->connection->query_insert('sessions', array('session_id' => md5($hash), 'session_user_id' => $id, 'session_ip' => ip2long(get_ip_address()), 'session_time' => time()));
ocp_setcookie($base, $cookie);
$_COOKIE[$base] = $cookie;
}
/**
* Detect calendar matches in a time period, in user-time.
*
* @param MEMBER The member to detect conflicts for
* @param boolean Whether to restrict only to viewable events for the current member
* @param ?TIME The timestamp that found times must exceed. In user-time (NULL: use find_periods_recurrence default)
* @param ?TIME The timestamp that found times must not exceed. In user-time (NULL: use find_periods_recurrence default)
* @param ?array The type filter (NULL: none)
* @param boolean Whether to include RSS events in the results
* @return array A list of events happening, with time details
*/
function calendar_matches($member_id, $restrict, $period_start, $period_end, $filter = NULL, $do_rss = true)
{
if (is_null($period_start)) {
$period_start = utctime_to_usertime(time());
}
if (is_null($period_end)) {
$period_end = utctime_to_usertime(time() + 60 * 60 * 24 * 360 * 20);
}
$matches = array();
$where = '';
if ($restrict) {
if ($where != '') {
$where .= ' AND ';
}
$where .= '(e_submitter=' . strval((int) $member_id) . ' OR e_is_public=1)';
}
if (!is_null($filter)) {
foreach ($filter as $a => $b) {
if ($b == 0) {
if ($where != '') {
$where .= ' AND ';
}
$where .= 'e_type<>' . strval((int) substr($a, 4));
}
}
}
if ($where != '') {
$where .= ' AND ';
}
$where .= '(validated=1 OR e_is_public=0)';
if (addon_installed('syndication_blocks')) {
// Determine what feeds to overlay
$feed_urls_todo = array();
for ($i = 0; $i < 10; $i++) {
$feed_url = post_param('feed_' . strval($i), ocp_admirecookie('feed_' . strval($i), ''));
require_code('users_active_actions');
ocp_setcookie('feed_' . strval($i), $feed_url);
if ($feed_url != '' && preg_match('#^[\\w\\d\\-\\_]*$#', $feed_url) == 0) {
$feed_urls_todo[$feed_url] = NULL;
}
}
$_event_types = list_to_map('id', $GLOBALS['SITE_DB']->query_select('calendar_types', array('id', 't_title', 't_logo', 't_external_feed')));
foreach ($_event_types as $j => $_event_type) {
if ($_event_type['t_external_feed'] != '' && (is_null($filter) || !array_key_exists($_event_type['id'], $filter) || $filter[$_event_type['id']] == 1) && has_category_access(get_member(), 'calendar', strval($_event_type['id']))) {
$feed_urls_todo[$_event_type['t_external_feed']] = $_event_type['id'];
}
$_event_types[$j]['text_original'] = get_translated_text($_event_type['t_title']);
}
$event_types = collapse_2d_complexity('text_original', 't_logo', $_event_types);
// Overlay it
foreach ($feed_urls_todo as $feed_url => $event_type) {
$temp_file_path = ocp_tempnam('feed');
require_code('files');
$write_to_file = fopen($temp_file_path, 'wb');
http_download_file($feed_url, 1024 * 512, false, false, 'ocPortal', NULL, NULL, NULL, NULL, NULL, $write_to_file);
if ($GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'] == 'text/calendar' || $GLOBALS['HTTP_DOWNLOAD_MIME_TYPE'] == 'application/octet-stream') {
$data = file_get_contents($temp_file_path);
require_code('calendar_ical');
$whole = end(explode('BEGIN:VCALENDAR', $data));
$events = explode('BEGIN:VEVENT', $whole);
$calendar_nodes = array();
foreach ($events as $key => $items) {
$items = preg_replace('#(.+)\\n +(.*)\\n#', '${1}${2}' . "\n", $items);
// Merge split lines
$nodes = explode("\n", $items);
foreach ($nodes as $_child) {
if (strpos($_child, ':') === false) {
continue;
}
$child = array('', '');
$in_quotes = false;
$j = 0;
for ($i = 0; $i < strlen($_child); $i++) {
$char = $_child[$i];
if ($char == '"') {
$in_quotes = !$in_quotes;
}
if ($j != 1 && !$in_quotes && $char == ':') {
$j++;
} else {
$child[$j] .= $char;
}
}
$matches2 = array();
if (preg_match('#;TZID=(.*)#', $child[0], $matches2)) {
$calendar_nodes[$key]['TZID'] = $matches2[1];
}
$child[0] = preg_replace('#;.*#', '', $child[0]);
if (array_key_exists("1", $child) && $child[0] !== 'PRODID' && $child[0] !== 'VERSION' && $child[0] !== 'END') {
$calendar_nodes[$key][$child[0]] = str_replace(array('\\n', '\\,'), array("\n", ','), trim($child[1]));
}
}
if ($key != 0) {
list($full_url, $type_id, $type, $recurrence, $recurrences, $seg_recurrences, $title, $content, $priority, $is_public, $start_year, $start_month, $start_day, $start_hour, $start_minute, $end_year, $end_month, $end_day, $end_hour, $end_minute, $timezone, $validated, $allow_rating, $allow_comments, $allow_trackbacks, $notes) = get_event_data_ical($calendar_nodes[$key]);
$is_public = 1;
$event = array('e_recurrence' => $recurrence, 'e_content' => $content, 'e_title' => $title, 'e_id' => $feed_url, 'e_priority' => $priority, 't_logo' => 'calendar/rss', 'e_recurrences' => $recurrences, 'e_seg_recurrences' => $seg_recurrences, 'e_is_public' => $is_public, 'e_start_year' => $start_year, 'e_start_month' => $start_month, 'e_start_day' => $start_day, 'e_start_hour' => $start_hour, 'e_start_minute' => $start_minute, 'e_end_year' => $end_year, 'e_end_month' => $end_month, 'e_end_day' => $end_day, 'e_end_hour' => $end_hour, 'e_end_minute' => $end_minute, 'e_timezone' => $timezone);
if (!is_null($event_type)) {
$event['t_logo'] = $_event_types[$event_type]['t_logo'];
}
if (!is_null($type)) {
$event['t_title'] = $type;
if (array_key_exists($type, $event_types)) {
$event['t_logo'] = $event_types[$type];
}
}
$their_times = find_periods_recurrence($timezone, 0, $start_year, $start_month, $start_day, $start_hour, $start_minute, $end_year, $end_month, $end_day, $end_hour, $end_minute, $recurrence, $recurrences, $period_start, $period_end);
// Now search every combination to see if we can get a hit
foreach ($their_times as $their) {
$matches[] = array($full_url, $event, $their[0], $their[1], $their[2], $their[3], $their[4], $their[5]);
}
}
}
} else {
require_code('rss');
$rss = new rss($temp_file_path, true);
$content = new ocp_tempcode();
foreach ($rss->gleamed_items as $item) {
if (array_key_exists('guid', $item)) {
$full_url = $item['guid'];
} elseif (array_key_exists('comment_url', $item)) {
$full_url = $item['comment_url'];
} elseif (array_key_exists('full_url', $item)) {
$full_url = $item['full_url'];
} else {
$full_url = '';
}
if (array_key_exists('title', $item) && array_key_exists('clean_add_date', $item) && $full_url != '') {
$event = array('e_recurrence' => 'none', 'e_content' => array_key_exists('news', $item) ? $item['news'] : '', 'e_title' => $item['title'], 'e_id' => $full_url, 'e_priority' => 'na', 't_logo' => 'calendar/rss', 'e_recurrences' => 1, 'e_seg_recurrences' => '', 'e_is_public' => 1, 'e_timezone' => get_users_timezone());
if (!is_null($event_type)) {
$event['t_logo'] = $_event_types[$event_type]['t_logo'];
}
if (array_key_exists('category', $item)) {
$event['t_title'] = $item['category'];
if (array_key_exists($item['category'], $event_types)) {
$event['t_logo'] = $event_types[$item['category']];
}
}
$from = utctime_to_usertime($item['clean_add_date']);
if ($from >= $period_start && $from < $period_end) {
$event += array('e_start_year' => date('Y', $from), 'e_start_month' => date('m', $from), 'e_start_day' => date('D', $from), 'e_start_hour' => date('H', $from), 'e_start_minute' => date('i', $from), 'e_end_year' => NULL, 'e_end_month' => NULL, 'e_end_day' => NULL, 'e_end_hour' => NULL, 'e_end_minute' => NULL);
$matches[] = array($full_url, $event, $from, NULL, $from, NULL, $from, NULL);
}
}
}
}
@unlink($temp_file_path);
}
}
if ($where != '') {
$where .= ' AND ';
}
$where .= '(((e_start_month>=' . strval(intval(date('m', $period_start)) - 1) . ' AND e_start_year=' . date('Y', $period_start) . ' OR e_start_year>' . date('Y', $period_start) . ') AND (e_start_month<=' . strval(intval(date('m', $period_end)) + 1) . ' AND e_start_year=' . date('Y', $period_end) . ' OR e_start_year<' . date('Y', $period_end) . ')) OR ' . db_string_not_equal_to('e_recurrence', 'none') . ')';
$where = ' WHERE ' . $where;
$event_count = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_events e LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_types t ON e.e_type=t.id' . $where);
if ($event_count > 2000) {
attach_message(do_lang_tempcode('TOO_MANY_TO_CHOOSE_FROM'), 'inform');
return array();
}
$events = $GLOBALS['SITE_DB']->query('SELECT *,e.id AS e_id FROM ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_events e LEFT JOIN ' . $GLOBALS['SITE_DB']->get_table_prefix() . 'calendar_types t ON e.e_type=t.id' . $where);
foreach ($events as $event) {
if (!has_category_access(get_member(), 'calendar', strval($event['e_type']))) {
continue;
}
$their_times = find_periods_recurrence($event['e_timezone'], $event['e_do_timezone_conv'], $event['e_start_year'], $event['e_start_month'], $event['e_start_day'], $event['e_start_hour'], $event['e_start_minute'], $event['e_end_year'], $event['e_end_month'], $event['e_end_day'], $event['e_end_hour'], $event['e_end_minute'], $event['e_recurrence'], $event['e_recurrences'], $period_start, $period_end);
// Now search every combination to see if we can get a hit
foreach ($their_times as $their) {
$matches[] = array($event['e_id'], $event, $their[0], $their[1], $their[2], $their[3], $their[4], $their[5]);
}
}
global $M_SORT_KEY;
$M_SORT_KEY = 2;
usort($matches, 'multi_sort');
return $matches;
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
unset($name);
unset($password);
list($stub, ) = explode(':', get_member_cookie());
if (!$GLOBALS['SMF_NEW'] || !function_exists('sha1')) {
$row = $this->get_member_row($id);
$_password = $this->forum_md5($row['passwd'], 'ys');
$bits = explode('::', $_password);
$_password = $bits[0];
} elseif (function_exists('sha1')) {
$row = $this->get_member_row($id);
$_password = sha1($row['passwd'] . $row['passwordSalt']);
}
$data = array($id, $_password, time() + get_cookie_days() * 24 * 60 * 60, 3);
ocp_setcookie($stub, serialize($data));
$_COOKIE[$stub] = strval($id);
}
/**
* Process a login.
*
* @param ID_TEXT Username
*/
function handle_active_login($username)
{
global $SESSION_CACHE;
$result = array();
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$serialized = true;
} else {
$real_member_cookie = get_member_cookie();
$base = $real_member_cookie;
$real_pass_cookie = get_pass_cookie();
$serialized = false;
}
$password = trim(post_param('password'));
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant($password, $username), $password);
$member = $login_array['id'];
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if (is_null($ob)) {
continue;
}
$ob->run(true, $username, $member);
// true means "a new login attempt"
}
if (!is_null($member)) {
$remember = post_param_integer('remember', 0);
// Create invisibility cookie
if (array_key_exists(get_member_cookie() . '_invisible', $_COOKIE) || $remember == 1) {
$invisible = post_param_integer('login_invisible', 0);
ocp_setcookie(get_member_cookie() . '_invisible', strval($invisible));
$_COOKIE[get_member_cookie() . '_invisible'] = strval($invisible);
}
// Store the cookies
if ($remember == 1) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
// Create user cookie
if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_create_cookie')) {
$GLOBALS['FORUM_DRIVER']->forum_create_cookie($member, NULL, $password);
} else {
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$name = $GLOBALS['FORUM_DRIVER']->get_username($member);
if ($serialized) {
$result[$real_member_cookie] = $name;
} else {
ocp_setcookie(get_member_cookie(), $name, false, true);
$_COOKIE[get_member_cookie()] = $name;
}
} else {
if ($serialized) {
$result[$real_member_cookie] = $member;
} else {
ocp_setcookie(get_member_cookie(), strval($member), false, true);
$_COOKIE[get_member_cookie()] = strval($member);
}
}
// Create password cookie
if (!$serialized) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
ocp_setcookie(get_pass_cookie(), apply_forum_driver_md5_variant($password, $username), false, true);
} else {
ocp_setcookie(get_pass_cookie(), $password, false, true);
}
} else {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
$result[$real_pass_cookie] = apply_forum_driver_md5_variant($password, $username);
} else {
$result[$real_pass_cookie] = $password;
}
$_result = serialize($result);
ocp_setcookie($base, $_result, false, true);
}
}
}
// Create session
require_code('users_inactive_occasionals');
create_session($member, 1, post_param_integer('login_invisible', 0) == 1);
} else {
$GLOBALS['SITE_DB']->query_insert('failedlogins', array('failed_account' => substr(trim(post_param('login_username')), 0, 80), 'date_and_time' => time(), 'ip' => get_ip_address()));
$count = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'failedlogins WHERE date_and_time>' . strval(time() - 60 * 15) . ' AND ' . db_string_equal_to('ip', get_ip_address()));
if ($count > 30) {
log_hack_attack_and_exit('BRUTEFORCE_LOGIN_HACK');
}
}
}
/**
* Create a member login cookie.
*
* @param MEMBER The member id
* @param ?SHORT_TEXT The username (NULL: lookup)
* @param string The password
*/
function forum_create_cookie($id, $name, $password)
{
global $SITE_INFO;
unset($name);
unset($password);
$row = $this->get_member_row($id);
$loginkey = $row['loginkey'];
//used for 'mybbuser' memberid.'_'.'loginkey'
$loguid = $row['uid'];
//member id
//Set a User COOKIE
ocp_setcookie('mybbuser', $loguid . '_' . $loginkey);
$current_ip = get_ip_address();
$session_row = $this->connection->query('SELECT * FROM ' . $this->connection->get_table_prefix() . 'sessions WHERE ' . db_string_equal_to('ip', $current_ip), 1);
$session_row = !empty($session_row[0]) ? $session_row[0] : array();
$session_id = !empty($session_row['sid']) ? $session_row['sid'] : '';
if (!empty($session_id)) {
$this->connection->query('UPDATE ' . $this->connection->get_table_prefix() . 'sessions SET time=' . strval(time()) . ', uid=' . strval($loguid) . ' WHERE ' . db_string_equal_to('sid', $session_id), 1);
} else {
$session_id = md5(strval(time()));
$this->connection->query_insert('sessions', array('sid' => $session_id, 'uid' => $id, 'time' => time(), 'ip' => $current_ip));
}
//Now lets try and set a COOKIE of MyBB Session ID
@ocp_setcookie('sid', $session_id);
$_COOKIE['mybbuser'] = strval($loguid) . '_' . $loginkey;
$_COOKIE['sid'] = $session_id;
}