function valid_session($id)
{
if (preg_check("/^[0-9a-z]+\$/", $id)) {
return $id;
} else {
return "";
}
}
public function verifyCode($value)
{
global $locale, $userdata;
if (!preg_check("/^[0-9a-z]{32}\$/i", $value)) {
redirect("index.php");
}
$result = dbquery("SELECT * FROM " . DB_EMAIL_VERIFY . " WHERE user_code='" . $value . "'");
if (dbrows($result)) {
$data = dbarray($result);
if ($data['user_id'] == $userdata['user_id']) {
if ($data['user_email'] != $userdata['user_email']) {
$result = dbquery("SELECT user_email FROM " . DB_USERS . " WHERE user_email='" . $data['user_email'] . "'");
if (dbrows($result) > 0) {
addNotice("danger", $locale['u164'] . "<br />\n" . $locale['u121']);
} else {
$this->_completeMessage = $locale['u169'];
}
$result = dbquery("UPDATE " . DB_USERS . " SET user_email='" . $data['user_email'] . "' WHERE user_id='" . $data['user_id'] . "'");
$result = dbquery("DELETE FROM " . DB_EMAIL_VERIFY . " WHERE user_id='" . $data['user_id'] . "'");
}
} else {
redirect("index.php");
}
} else {
redirect("index.php");
}
}
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
include LOCALE . LOCALESET . "user_fields.php";
require_once THEMES . "templates/global/register.php";
include THEMES . "templates/global/profile.php";
$_GET['profiles'] = 1;
if (iMEMBER or $settings['enable_registration'] == 0) {
redirect("index.php");
}
$errors = array();
if (isset($_GET['email']) && isset($_GET['code'])) {
if (!preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $_GET['email'])) {
redirect("register.php?error=activate");
}
if (!preg_check("/^[0-9a-z]{40}\$/", $_GET['code'])) {
redirect("register.php?error=activate");
}
$result = dbquery("SELECT user_info FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['code'] . "' AND user_email='" . $_GET['email'] . "'");
if (dbrows($result) > 0) {
add_to_title($locale['global_200'] . $locale['u155']);
$data = dbarray($result);
$user_info = unserialize(base64_decode($data['user_info']));
dbquery_insert(DB_USERS, $user_info, 'save');
$result = dbquery("DELETE FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['code'] . "' LIMIT 1");
if (fusion_get_settings('admin_activation') == 1) {
addNotice("success", $locale['u171'] . " - " . $locale['u162'], 'all');
} else {
addNotice("success", $locale['u171'] . " - " . $locale['u161'], 'all');
}
redirect(fusion_get_settings('opening_page'));
private function _setUserEmail()
{
global $locale, $settings;
$this->_userEmail = isset($_POST['user_email']) ? stripinput(trim(preg_replace("/ +/i", " ", $_POST['user_email']))) : "";
if ($this->_userEmail != "" && $this->_userEmail != $this->userData['user_email']) {
// Require user password for email change
if ($this->_isValidCurrentPassword) {
// Require a valid email account
if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->_userEmail)) {
$email_domain = substr(strrchr($this->_userEmail, "@"), 1);
if (dbcount("(blacklist_id)", DB_BLACKLIST, "blacklist_email='" . $this->_userEmail . "' OR blacklist_email='" . $email_domain . "'") != 0) {
$this->_setError("user_email", $locale['u124']);
} else {
$email_active = dbcount("(user_id)", DB_USERS, "user_email='" . $this->_userEmail . "'");
$email_inactive = dbcount("(user_code)", DB_NEW_USERS, "user_email='" . $this->_userEmail . "'");
if ($email_active == 0 && $email_inactive == 0) {
if ($this->verifyNewEmail && $settings['email_verification'] == "1") {
$this->_verifyNewEmail();
} else {
$this->_userLogFields[] = "user_email";
$this->_setDBValue("user_email", $this->_userEmail);
}
} else {
$this->_setError("user_email", $locale['u125']);
}
}
} else {
$this->_setError("user_email", $locale['u123']);
}
} else {
$this->_setError("user_email", $locale['u156']);
}
} else {
$this->_setError("user_email", $locale['u126'], true);
}
}
private function validate_email($value, $default, $name, $id, $required = FALSE, $safemode = FALSE, $error_text = FALSE)
{
$value = stripinput(trim(preg_replace("/ +/i", " ", $value)));
if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $value)) {
return $value;
} else {
$this->stop();
$this->addError($id);
$this->addHelperText($id, $error_text);
$this->addNotice("<b>{$name}</b> is not a valid email address.");
}
}
/**
* Checks if is a valid email address
* accepts only 50 characters + @ + 4 characters
* returns str the input or bool FALSE if check fails
*/
protected function verify_email()
{
if ($this->field_config['required'] && !$this->field_value) {
self::setInputError($this->field_name);
}
if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->field_value)) {
return $this->field_value;
}
return FALSE;
}
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
require_once INCLUDES . "suspend_include.php";
include LOCALE . LOCALESET . "reactivate.php";
if (iMEMBER) {
redirect("index.php");
}
if (isset($_GET['user_id']) && isnum($_GET['user_id']) && isset($_GET['code']) && preg_check("/^[0-9a-z]{32}\$/", $_GET['code'])) {
$result = dbquery("SELECT user_name, user_email, user_actiontime, user_password FROM " . DB_USERS . " WHERE user_id='" . $_GET['user_id'] . "' AND user_actiontime>'0' AND user_status='7'");
if (dbrows($result)) {
$data = dbarray($result);
$code = md5($data['user_actiontime'] . $data['user_password']);
if ($_GET['code'] == $code) {
if ($data['user_actiontime'] > time()) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0', user_lastvisit='" . time() . "' WHERE user_id='" . $_GET['user_id'] . "'");
unsuspend_log($_GET['user_id'], 7, $locale['506'], true);
$message = str_replace("[USER_NAME]", $data['user_name'], $locale['505']);
require_once INCLUDES . "sendmail_include.php";
sendemail($data['user_name'], $data['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['504'], $message);
redirect(BASEDIR . "login.php");
} else {
redirect(FUSION_SELF . "?error=1");
}
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
include LOCALE . LOCALESET . "members.php";
add_to_title($locale['global_200'] . $locale['400']);
opentable($locale['400']);
if (iMEMBER) {
if (!isset($_GET['sortby']) || !ctype_alnum($_GET['sortby'])) {
$_GET['sortby'] = "all";
}
$orderby = $_GET['sortby'] == "all" ? "" : " AND user_name LIKE '" . stripinput($_GET['sortby']) . "%'";
$search_text = isset($_GET['search_text']) && preg_check("/^[-0-9A-Z_@\\s]+\$/i", $_GET['search_text']) ? $orderby = ' AND user_name LIKE "' . stripinput($_GET['search_text']) . '%"' : $_GET['sortby'];
$result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_status='0'" . $orderby);
$rows = dbrows($result);
if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) {
$_GET['rowstart'] = 0;
}
if ($rows) {
$i = 0;
echo "<table cellpadding='0' cellspacing='0' width='100%'>\n<tr>\n";
echo "<td class='tbl2'><strong>" . $locale['401'] . "</strong></td>\n";
echo "<td class='tbl2'><strong>" . $locale['405'] . "</strong></td>\n";
echo "<td align='center' width='1%' class='tbl2' style='white-space:nowrap'><strong>" . $locale['402'] . "</strong></td>\n";
echo "</tr>\n";
$result = dbquery("SELECT user_id, user_name, user_status, user_level, user_groups FROM " . DB_USERS . " WHERE user_status='0'" . $orderby . " ORDER BY user_level DESC, user_name LIMIT " . $_GET['rowstart'] . ",20");
while ($data = dbarray($result)) {
$cell_color = $i % 2 == 0 ? "tbl1" : "tbl2";
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "../maincore.php";
require_once THEMES . "templates/admin_header.php";
include LOCALE . LOCALESET . "admin/comments.php";
if (!checkrights("C") || !defined("iAUTH") || $_GET['aid'] != iAUTH) {
redirect("../index.php");
}
if (!isset($_GET['ctype']) || !preg_check("/^[0-9A-Z]+\$/i", $_GET['ctype'])) {
redirect("../index.php");
}
if (!isset($_GET['cid']) || !isnum($_GET['cid'])) {
redirect("../index.php");
}
if (isset($_GET['status']) && !isset($message)) {
if ($_GET['status'] == "su") {
$message = $locale['410'];
} elseif ($_GET['status'] == "del") {
$message = $locale['411'];
}
if ($message) {
echo "<div class='admin-message'>" . $message . "</div>\n";
}
}
if (!preg_match("/^[0-9A-Z@]{6,20}\$/i", $user_new_admin_password)) {
$error .= $locale['440'] . "<br />\n";
}
if (encrypt_pw($user_new_admin_password) == encrypt_pw($user_new_password) || encrypt_pw($user_new_admin_password) == $user_data['user_password']) {
$error .= $locale['439'] . "<br><br>\n";
}
}
}
}
$user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";
if (!$error && !$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) {
require_once INCLUDES . "photo_functions_include.php";
$file_types = array(".gif", ".jpg", ".jpeg", ".png");
$avatar_name = str_replace(" ", "_", strtolower(substr($_FILES['user_avatar']['name'], 0, strrpos($_FILES['user_avatar']['name'], "."))));
$avatar_ext = strtolower(strrchr($_FILES['user_avatar']['name'], "."));
if (!preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatar_name)) {
$error .= "Avatar file name is invalid.<br />\n";
} elseif ($_FILES['user_avatar']['size'] > $settings['avatar_filesize']) {
$error .= "Avatar file size is too big.<br />\n";
} elseif (!in_array($avatar_ext, $file_types)) {
$error .= "Avatar file type is invalid.<br />\n";
} else {
$avatar_temp = image_exists(IMAGES . "avatars/", "temp" . $avatar_ext);
move_uploaded_file($_FILES['user_avatar']['tmp_name'], IMAGES . "avatars/" . $avatar_temp);
chmod(IMAGES . "avatars/" . $avatar_temp, 0644);
if (!verify_image(IMAGES . "avatars/" . $avatar_temp)) {
@unlink(IMAGES . "avatars/" . $avatar_temp);
$set_avatar = "";
} else {
$imagefile = getimagesize(IMAGES . "avatars/" . $avatar_temp);
$avatar_file = image_exists(IMAGES . "avatars/", $avatar_name . $avatar_ext);
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
include_once INCLUDES . "bbcode_include.php";
include LOCALE . LOCALESET . "submit.php";
if (!iMEMBER) {
redirect("index.php");
}
if (!isset($_GET['stype']) || !preg_check("/^[a-z]\$/", $_GET['stype'])) {
redirect("index.php");
}
$submit_info = array();
if ($_GET['stype'] == "l") {
if (isset($_POST['submit_link'])) {
if ($_POST['link_name'] != "" && $_POST['link_url'] != "" && $_POST['link_description'] != "") {
$submit_info['link_category'] = stripinput($_POST['link_category']);
$submit_info['link_name'] = stripinput($_POST['link_name']);
$submit_info['link_url'] = stripinput($_POST['link_url']);
$submit_info['link_description'] = stripinput($_POST['link_description']);
$result = dbquery("INSERT INTO " . DB_SUBMISSIONS . " (submit_type, submit_user, submit_datestamp, submit_criteria) VALUES ('l', '" . $userdata['user_id'] . "', '" . time() . "', '" . addslashes(serialize($submit_info)) . "')");
add_to_title($locale['global_200'] . $locale['400']);
opentable($locale['400']);
echo "<div style='text-align:center'><br />\n" . $locale['410'] . "<br /><br />\n";
echo "<a href='submit.php?stype=l'>" . $locale['411'] . "</a><br /><br />\n";
$alias_uid = $userdata['user_id'];
} else {
$alias_uid = $GLOBALS['user_id'];
}
$alias_foo1 = dbarray(dbquery('SELECT user_aliases FROM ' . DB_PREFIX . 'users WHERE user_id = ' . $alias_uid));
$user_data['user_aliases'] = alias1($alias_foo1['user_aliases']);
unset($alias_foo1);
if ($profile_method == "input") {
echo "<tr>\n";
echo "<td valign='top' class='tbl'>Vælg 3 aliaser - Det er tilladt at lade standart-værdien stå</td>\n";
echo "<td class='tbl'>1: <input type='text' name='user_alias0' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][0] : '') . "' /><br />2: <input type='text' name='user_alias1' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][1] : '') . "' /><br />3: <input type='text' name='user_alias2' value='" . (isset($user_data['user_aliases']) ? $user_data['user_aliases'][2] : '') . "' /></td>\n";
echo "</tr>\n";
} elseif ($profile_method == "display") {
//Empty
} elseif ($profile_method == "validate_insert") {
//Empty
} elseif ($profile_method == "validate_update") {
global $user_data;
if (!isset($_POST['user_alias0'], $_POST['user_alias1'], $_POST['user_alias2'])) {
$this->_setError("user_aliases", 'Et eller flere af aliaserne er tomme!');
} elseif (preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias0']) && preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias1']) && preg_check("/^[-0-9A-Z_@\\sæøåÆØÅ]{3,30}\$/i", $_POST['user_alias2']) && $_POST['user_alias0'] !== $_POST['user_alias1'] && $_POST['user_alias1'] !== $_POST['user_alias2'] && $_POST['user_alias2'] !== $_POST['user_alias0']) {
$ualias1_result = dbquery('SELECT user_aliases, user_id FROM ' . DB_PREFIX . 'users WHERE user_aliases REGEXP "^.*,(' . $_POST['user_alias0'] . '|' . $_POST['user_alias1'] . '|' . $_POST['user_alias2'] . '),.*$" AND user_id != ' . $alias_uid);
if (dbrows($ualias1_result) > 0) {
$this->_setError("user_aliases", 'Et eller flere af aliaserne er optagede!');
} else {
$db_values .= ', user_aliases=",' . $_POST['user_alias0'] . ',' . $_POST['user_alias1'] . ',' . $_POST['user_alias2'] . ',"';
}
} else {
$this->_setError("user_aliases", 'Et eller flere af aliaserne er ugyldige!');
}
}
private function setInbox()
{
global $locale, $userdata;
/**
* Sanitize environment
*/
$myStatus = self::get_pm_settings($userdata['user_id']);
//print_p($myStatus);
if (!isset($_GET['folder']) || !preg_check("/^(inbox|outbox|archive|options)\$/", $_GET['folder'])) {
$_GET['folder'] = "inbox";
}
function validate_user($user_id)
{
if (isnum($user_id) && dbcount("(user_id)", DB_USERS, "user_id='" . intval($user_id) . "' AND user_status ='0'")) {
return TRUE;
}
return FALSE;
}
if (isset($_POST['msg_send']) && isnum($_POST['msg_send']) && validate_user($_POST['msg_send'])) {
$_GET['msg_send'] = $_POST['msg_send'];
}
// prohibits send message to non-existing group
$user_group = fusion_get_groups();
unset($user_group[0]);
if (isset($_POST['msg_to_group']) && isnum($_POST['msg_to_group']) && isset($user_group[$_POST['msg_to_group']])) {
$_GET['msg_to_group'] = $_POST['msg_to_group'];
}
$this->info = array("folders" => array("inbox" => array("link" => BASEDIR . "messages.php?folder=inbox", "title" => $locale['402']), "outbox" => array("link" => BASEDIR . "messages.php?folder=outbox", "title" => $locale['403']), "archive" => array("link" => BASEDIR . "messages.php?folder=archive", "title" => $locale['404']), "options" => array("link" => BASEDIR . "messages.php?folder=options", "title" => $locale['425'])), "inbox_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='0'")), "outbox_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='1'")), "archive_total" => dbrows(dbquery("SELECT message_id FROM " . DB_MESSAGES . " WHERE message_user='******'user_id'] . "' and message_to='" . $userdata['user_id'] . "' AND message_folder='2'")), "button" => array("new" => array('link' => BASEDIR . "messages.php?msg_send=new", 'name' => $locale['401']), "options" => array('link' => BASEDIR . "messages.php?folder=options", 'name' => $locale['425'])), "actions_form" => "");
add_to_title($locale['global_200'] . $locale['400']);
add_to_meta("description", $locale['400']);
}
$page_content .= "<strong>" . $locale['global_411'] . "</strong><br /><br />\n";
$page_refresh = "10";
} elseif (isset($_GET['error']) && $_GET['error'] == 6) {
// anonymized/deleted
$page_content .= "<strong>" . $locale['global_412'] . "</strong><br /><br />\n";
$page_refresh = "10";
} elseif (isset($_GET['error']) && $_GET['error'] == 8) {
// username/password does not match
$page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n";
} else {
if ($settings['login_method'] == "cookies" && isset($_COOKIE[COOKIE_PREFIX . 'user']) || $settings['login_method'] == "sessions" && isset($_SESSION[COOKIE_PREFIX . 'user_id']) && isset($_SESSION[COOKIE_PREFIX . 'user_pass'])) {
if ($settings['login_method'] == "cookies") {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']);
$user_pass = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : "";
} elseif ($settings['login_method'] == "sessions") {
$user_pass = preg_check("/^[0-9a-z]{32}\$/", $_SESSION[COOKIE_PREFIX . 'user_pass']) ? $_SESSION[COOKIE_PREFIX . 'user_pass'] : "";
}
$user_name = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($_GET['user']));
if (!dbcount("(user_id)", DB_USERS, "user_name='" . $user_name . "' AND user_password='******'")) {
$page_content .= "<strong>" . $locale['global_196'] . "</strong><br /><br />\n";
} else {
$result = dbquery("DELETE FROM " . DB_ONLINE . " WHERE online_user='******' AND online_ip='" . USER_IP . "'");
$page_content .= "<strong>" . $locale['global_193'] . $_GET['user'] . "</strong><br /><br />\n";
}
}
}
}
echo "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n";
echo "<html>\n<head>\n";
echo "<title>" . $settings['sitename'] . "</title>\n";
echo "<meta http-equiv='Content-Type' content='text/html; charset=" . $locale['charset'] . "' />\n";
}
} else {
$result = dbquery("SELECT user_id FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' LIMIT 1");
// Pimped ->
if (dbrows($result)) {
$data = dbarray($result);
dbquery("INSERT INTO " . DB_FAILED_LOGINS . " (user_id, datestamp, logged_ip) VALUES ('" . $data['user_id'] . "', '" . time() . "', '" . USER_IP . "')");
}
// Pimped <-
redirect(BASEDIR . "setuser.php?error=8");
}
}
if (isset($_COOKIE[COOKIE_PREFIX . 'user'])) {
$cookie_vars = explode(".", $_COOKIE[COOKIE_PREFIX . 'user']);
$cookie_1 = isnum($cookie_vars['0']) ? $cookie_vars['0'] : "0";
$cookie_2 = preg_check("/^[0-9a-z]{32}\$/", $cookie_vars['1']) ? $cookie_vars['1'] : "";
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_id='" . $cookie_1 . "' AND user_password='******' LIMIT 1");
unset($cookie_vars, $cookie_2);
// Pimped
if (dbrows($result)) {
$userdata = dbarray($result);
if ($userdata['user_status'] == 0) {
if ($userdata['user_theme'] != "Default" && file_exists(THEMES . $userdata['user_theme'] . "/theme.php") && ($settings['userthemes'] == 1 || $userdata['user_level'] >= nADMIN)) {
if (!theme_exists($userdata['user_theme'])) {
echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n";
echo $locale['global_301'];
die;
}
} else {
if (!theme_exists($settings['theme'])) {
echo "<strong>" . $settings['sitename'] . " - " . $locale['global_300'] . ".</strong><br /><br />\n";
/**
* Validate the code to the user code
* @access private
*/
function validate()
{
if (preg_check("/^[0-9a-z]+\$/", strtolower(trim($this->code_entered)))) {
$result = dbquery("SELECT * FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_string='" . strtolower(trim($this->code_entered)) . "'");
if (dbrows($result)) {
$result = dbquery("DELETE FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_string='" . strtolower(trim($this->code_entered)) . "'");
$this->correct_code = TRUE;
} else {
$this->correct_code = FALSE;
}
} else {
$this->correct_code = FALSE;
}
}
/**
* Checks if is a valid email address
* accepts only 50 characters + @ + 4 characters
* returns str the input or bool FALSE if check fails
*/
protected function verify_email()
{
// TODO: This regex was reported previously as flawed and should be reviewed and fixed
if ($this->field_config['required'] && !$this->field_value) {
self::setInputError($this->field_name);
}
if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $this->field_value)) {
return $this->field_value;
}
return FALSE;
}
$user_new_admin_password = "";
}
if ($user_name == "" || $user_email == "") {
$error .= $locale['430'] . "<br />\n";
} else {
if (preg_check("/^[-0-9A-Z_@\\s]+\$/i", $user_name)) {
if ($user_name != $userdata['user_name']) {
$result = dbquery("SELECT user_name FROM " . DB_USERS . " WHERE user_name='" . $user_name . "' AND user_id<>'" . $userdata['user_id'] . "'");
if (dbrows($result)) {
$error .= $locale['432'] . "<br />\n";
}
}
} else {
$error .= $locale['431'] . "<br />\n";
}
if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $user_email)) {
if ($user_email != $userdata['user_email']) {
if (isset($_POST['user_password']) && md5(md5($_POST['user_password'])) == $userdata['user_password']) {
$result = dbquery("SELECT user_email FROM " . DB_USERS . " WHERE user_email='" . $user_email . "'");
if (dbrows($result)) {
$error .= $locale['434'] . "<br />\n";
}
} else {
$error .= $locale['437'] . "<br />\n";
}
}
} else {
$error .= $locale['433'] . "<br />\n";
}
}
if ($user_new_password) {
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
include LOCALE . LOCALESET . "messages.php";
if (!iMEMBER) {
redirect("index.php");
}
add_to_title($locale['global_200'] . $locale['400']);
$msg_settings = dbarray(dbquery("SELECT * FROM " . DB_MESSAGES_OPTIONS . " WHERE user_id='0'"));
if (iADMIN || $userdata['user_id'] == 1) {
$msg_settings['pm_inbox'] = 0;
$msg_settings['pm_savebox'] = 0;
$msg_settings['pm_sentbox'] = 0;
}
if (!isset($_GET['folder']) || !preg_check("/^(inbox|outbox|archive|options)\$/", $_GET['folder'])) {
$_GET['folder'] = "inbox";
}
if (isset($_POST['msg_send']) && isnum($_POST['msg_send'])) {
$_GET['msg_send'] = $_POST['msg_send'];
}
if (isset($_POST['msg_to_group']) && isnum($_POST['msg_to_group'])) {
$_GET['msg_to_group'] = $_POST['msg_to_group'];
}
$error = "";
$msg_ids = "";
$check_count = 0;
if (isset($_POST['check_mark'])) {
if (is_array($_POST['check_mark']) && count($_POST['check_mark']) > 1) {
foreach ($_POST['check_mark'] as $thisnum) {
if (isnum($thisnum)) {
function check_captcha($captchs_encode, $captcha_string)
{
if (preg_check("/^[0-9A-Za-z]+\$/", $captchs_encode) && preg_check("/^[0-9A-Za-z]+\$/", $captcha_string)) {
$result = dbquery("SELECT * FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_encode='" . $captchs_encode . "' AND captcha_string='" . $captcha_string . "'");
if (dbrows($result)) {
$result = dbquery("DELETE FROM " . DB_CAPTCHA . " WHERE captcha_ip='" . USER_IP . "' AND captcha_encode='" . $captchs_encode . "' AND captcha_string='" . $captcha_string . "'");
return true;
} else {
return false;
}
} else {
return false;
}
}
if ($_POST['user_hash'] == $user_data['user_password']) {
if (!preg_match("/^[0-9A-Z@]{6,20}\$/i", $user_new_password)) {
$error .= $locale['457'] . "<br />\n";
}
} else {
$error .= $locale['458'] . "<br />\n";
}
}
}
$user_hide_email = isnum($_POST['user_hide_email']) ? $_POST['user_hide_email'] : "1";
if ($error == "") {
if (!$user_data['user_avatar'] && !empty($_FILES['user_avatar']['name']) && is_uploaded_file($_FILES['user_avatar']['tmp_name'])) {
$newavatar = $_FILES['user_avatar'];
$avatarext = strrchr($newavatar['name'], ".");
$avatarname = substr($newavatar['name'], 0, strrpos($newavatar['name'], "."));
if (preg_check("/^[-0-9A-Z_\\[\\]]+\$/i", $avatarname) && preg_check("/(\\.gif|\\.GIF|\\.jpg|\\.JPG|\\.jpeg|\\.JPEG|\\.png|\\.PNG)\$/", $avatarext) && $newavatar['size'] <= 30720) {
$avatarname = $avatarname . "[" . $userdata['user_id'] . "]" . $avatarext;
move_uploaded_file($newavatar['tmp_name'], IMAGES . "avatars/" . $avatarname);
chmod(IMAGES . "avatars/" . $avatarname, 0644);
$set_avatar = ", user_avatar='" . $avatarname . "'";
if ($size = @getimagesize(IMAGES . "avatars/" . $avatarname)) {
if ($size['0'] > 100 || $size['1'] > 100) {
@unlink(IMAGES . "avatars/" . $avatarname);
$set_avatar = "";
} elseif (!verify_image(IMAGES . "avatars/" . $avatarname)) {
@unlink(IMAGES . "avatars/" . $avatarname);
$set_avatar = "";
}
} else {
@unlink(IMAGES . "avatars/" . $avatarname);
$set_avatar = "";
echo "<ul class='dropdown-menu text-left' role='action-menu' style='left:70px;'>\n";
echo "<li><a href='{$ban_link}'>" . getsuspension(1, TRUE) . "</a></li>\n";
echo "<li><a href='{$suspend_link}'>" . getsuspension(3, TRUE) . "</a></li>\n";
echo "<li><a href='{$cancel_link}'>" . getsuspension(5, TRUE) . "</a></li>\n";
echo "<li><a href='{$anon_link}'>" . getsuspension(6, TRUE) . "</a></li>\n";
echo "<li><a href='{$deac_link}'>" . getsuspension(7, TRUE) . "</a></li>\n";
echo "<li><a href='{$inac_link}'>" . getsuspension(8, TRUE) . "</a></li>\n";
echo "</ul>\n";
}
echo "</div>\n";
echo "</td>\n</tr>\n";
$i++;
}
echo "</tbody>\n</table>\n";
} else {
if (isset($_GET['search_text']) && preg_check("/^[-0-9A-Z_@\\s]+\$/i", $_GET['search_text'])) {
echo "<div style='text-align:center'><br />" . sprintf($locale['411'], $status == 0 ? "" : getsuspension($status)) . $locale['413'] . "'" . stripinput($_GET['search_text']) . "'<br /><br />\n</div>\n";
} else {
echo "<div style='text-align:center'><br />" . sprintf($locale['411'], $status == 0 ? "" : getsuspension($status)) . ($_GET['sortby'] == "all" ? "" : $locale['412'] . $_GET['sortby']) . ".<br /><br />\n</div>\n";
}
}
$alphanum = array("A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
echo "<div style='margin-top:10px;'></div>\n";
echo "<table cellpadding='0' cellspacing='1' width='450' class='table table-responsive tbl-border center'>\n<tr>\n";
echo "<td rowspan='2' class='tbl2'><a href='" . FUSION_SELF . $aidlink . "&status=" . $status . "'>" . $locale['414'] . "</a></td>";
for ($i = 0; $i < 36; $i++) {
echo "<td align='center' class='tbl1'><div class='small'><a href='" . FUSION_SELF . $aidlink . "&sortby=" . $alphanum[$i] . "&status={$status}'>" . $alphanum[$i] . "</a></div></td>";
echo $i == 17 ? "<td rowspan='2' class='tbl2'><a href='" . FUSION_SELF . $aidlink . "&status=" . $status . "'>" . $locale['414'] . "</a></td>\n</tr>\n<tr>\n" : "\n";
}
echo "</tr>\n</table>\n";
echo "<hr />\n";
require_once TEMPLATES . "header.php";
include LOCALE . LOCALESET . "register.php";
include LOCALE . LOCALESET . "user_fields.php";
if (iMEMBER || !$settings['enable_registration']) {
redirect("index.php");
}
if ($settings['display_validation'] == "2" && ($settings['recaptcha_publickey'] == "" || $settings['recaptcha_privatekey'] == "")) {
$settings['display_validation'] = "1";
}
if ($settings['display_validation'] == "2") {
require_once INCLUDES . "recaptcha/recaptchalib.php";
$resp = null;
$recaptcha_error = null;
}
if (isset($_GET['activate'])) {
if (!preg_check("/^[0-9a-z]{32}\$/", $_GET['activate'])) {
redirect("index.php");
}
$result = dbquery("SELECT user_info FROM " . DB_NEW_USERS . " WHERE user_code='" . $_GET['activate'] . "'");
if (dbrows($result)) {
$data = dbarray($result);
$user_info = unserialize($data['user_info']);
$user_status = $settings['admin_activation'] == "1" ? "2" : "0";
$profile_method = "validate_insert";
$db_fields = "";
$db_values = "";
$result = dbquery("SELECT tuf.field_name FROM " . DB_USER_FIELDS . " tuf\r\n\t\t\tINNER JOIN " . DB_USER_FIELD_CATS . " tufc ON tuf.field_cat = tufc.field_cat_id\r\n\t\t\tORDER BY field_cat_order, field_order");
if (dbrows($result)) {
while ($data = dbarray($result)) {
if (file_exists(LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php")) {
include LOCALE . LOCALESET . "user_fields/" . $data['field_name'] . ".php";
$valid = $passAuth->isValidNewPassword();
if ($valid === 0) {
$result = true;
$msg = "<span style='color:green;'><img src='images/yes.png' width='12' /> OK</span>";
} else {
$result = false;
$msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Incorrect password</span>";
}
$e = array("result" => $result, "msg" => $msg);
print json_encode($e);
}
if (isset($_POST['action']) && $_POST['action'] == "check_name") {
$name = $_POST['username'];
$name = stripinput(trim(preg_replace("/ +/i", " ", $name)));
if (!empty($name)) {
if (!preg_check("/^[-0-9A-Z_@\\s]+\$/i", $name) || strlen($name) < 3 || strlen($name) > 25) {
$msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Invalid symbols or incorrect lenght</span>";
$result = false;
} else {
$check1 = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $name . "'");
$check2 = dbquery("SELECT * FROM " . DB_RM_USERS . " WHERE rmuser_username='******'");
if (dbrows($check1) || dbrows($check2)) {
$msg = "<span style='color:red;'><img src='images/no.png' width='12' /> Name already exist</span>";
$result = false;
} else {
$msg = "<span style='color:green;'><img src='images/yes.png' width='12' /> OK</span> ";
$result = true;
}
}
} else {
$result = false;
