public function send()
{
if (!$this->_to || !$this->_subject || !$this->_view) {
return FALSE;
}
if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
ini_set('sendmail_from', $this->_from);
}
$headers = array('From: ' . $this->_from, 'Reply-to: ' . $this->_from);
$this->config->base_url = 'http://' . $_SERVER['HTTP_HOST'] . url();
$this->template->parse_data($this->_data, $this->load);
$message = $html = $this->load->view('emails/' . $this->_view, $this->_data);
$text = $this->load->view('emails/' . $this->_view . '.txt', $this->_data);
if ($text) {
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-Type: multipart/alternative;' . "\n" . ' boundary="' . ($boundary = '--------' . unique_id()) . '"';
$message = '--' . $boundary . "\n";
$message .= 'Content-Type: text/plain; charset=UTF-8; format=flowed' . "\n\n";
$message .= str_replace('\\r', '', $text) . "\n\n";
$message .= '--' . $boundary . "\n";
$message .= 'Content-Type: text/html; charset=UTF-8;' . "\n\n";
$message .= str_replace('\\r', '', $html) . "\n\n";
}
$result = mail(trim_word($this->_to, ', '), $this->config->nf_name . ' :: ' . $this->_subject, wordwrap($message, 70), implode("\r\n", $headers));
$this->reset();
return $result;
}
public function confirm_image($max_attempts, &$confirm_id)
{
global $db, $user, $template;
global $phpbb_root_path, $phpEx;
$user->confirm_gc($this->confirm_type);
if ($max_attempts) {
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "\n\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\tAND confirm_type = {$this->confirm_type}";
$result = $db->sql_query($sql);
$attempts = (int) $db->sql_fetchfield('attempts');
$db->sql_freeresult($result);
if ($attempts > $max_attempts) {
return false;
}
}
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) $this->confirm_type, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_var('S_CONFIRM_CODE', true);
return '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . $this->confirm_type) . '" alt="" title="" />';
}
function uploadAttributes($file_name, $file_size, $path, $id = '')
{
$access_key_id = $this->getOption('AWSAccessKeyID');
$secret_access_key = $this->getOption('AWSSecretAccessKey');
$bucket = $this->getOption('S3Bucket');
if (!($bucket && $access_key_id && $secret_access_key)) {
throw new UnexpectedValueException('Configuration options AWSAccessKeyID, AWSSecretAccessKey, SQSQueueURL, S3Bucket required');
}
$extension = file_extension($file_name);
$mime = mime_from_path($file_name);
if (!($mime && $extension)) {
throw new UnexpectedValueException('Could not determine mime type or extension of: ' . $file_name);
}
if (!$id) {
$id = unique_id($mime);
}
$s3_options = array();
$s3_options['bucket'] = $bucket;
$s3_options['AWSAccessKeyId'] = $access_key_id;
$s3_options['AWSSecretAccessKey'] = $secret_access_key;
$s3_options['uniq_id'] = $id;
$s3_options['path'] = $path . '.' . $extension;
$s3_options['mime'] = $mime;
$s3data = s3_upload_data($s3_options);
$result = '';
if (!empty($s3data)) {
$s3data['mime'] = $mime;
$s3data['keyid'] = $access_key_id;
//$s3data['id'] = $id;
foreach ($s3data as $k => $v) {
$result .= ' ' . $k . '="' . $v . '"';
}
}
return $result;
}
public function write($data)
{
if (!isset($data['id']) || empty($data['id'])) {
$data['id'] = unique_id();
}
return parent::create($data);
}
public function add_apa($type, $options = array())
{
//generate unique id
$unique_id = unique_id();
//check if all necessary information are given
if (!$this->type_exists($type)) {
return false;
}
$required = $this->get_apa_type($type)->required();
foreach ($required as $field) {
if (!isset($options[$field])) {
return false;
}
}
$options['type'] = $type;
//run pre-save-hook
$options = $this->get_apa_type($type)->pre_save_func($unique_id, $options);
//add apa to apatab
$this->apa_tab[$unique_id] = $options;
//save apatab
$this->save_apa_tab($this->apa_tab);
//maybe layout change necessary
$this->get_apa_type($type)->add_layout_changes($unique_id);
//run apa?
return true;
}
function _post($type)
{
$dir_jobs_queued = $this->_options['DirJobsQueued'];
$job_id = empty($this->_options['JobID']) ? '' : $this->_options['JobID'];
// make sure needed configuration is there
if (!$dir_jobs_queued) {
throw new UnexpectedValueException('Configuration option DirJobsQueued required');
}
// if no JobID configuration option was set make up an ID
if (!$job_id) {
$job_id = unique_id($type . 'job');
}
$path = end_with_slash($dir_jobs_queued);
$path .= $job_id . '.xml';
// make sure we have a directory to write the job xml file to
if (!safe_path($path)) {
throw new RuntimeException('Could not create path: ' . $path);
}
// build job xml and write to file
$xml_str = $this->_xmlBody($type);
if (!@file_put_contents($path, $xml_str)) {
throw new RuntimeException('Could not create file: ' . $path);
}
return $job_id;
}
/**
* Tries to acquire the lock by updating
* the configuration variable in the database.
*
* As a lock may only be held by one process at a time, lock
* acquisition may fail if another process is holding the lock
* or if another process obtained the lock but never released it.
* Locks are forcibly released after a timeout of 1 hour.
*
* @return bool true if lock was acquired
* false otherwise
*/
public function acquire()
{
if ($this->locked) {
return false;
}
if (!isset($this->config[$this->config_name])) {
$this->config->set($this->config_name, '0', false);
}
$lock_value = $this->config[$this->config_name];
// make sure lock cannot be acquired by multiple processes
if ($lock_value) {
// if the other process is running more than an hour already we have to assume it
// aborted without cleaning the lock
$time = explode(' ', $lock_value);
$time = $time[0];
if ($time + 3600 >= time()) {
return false;
}
}
$this->unique_id = time() . ' ' . unique_id();
// try to update the config value, if it was already modified by another
// process we failed to acquire the lock.
$this->locked = $this->config->set_atomic($this->config_name, $lock_value, $this->unique_id, false);
return $this->locked;
}
function main($id, $mode)
{
global $config, $template, $phpbb_admin_path, $phpEx;
$collect_url = "http://www.phpbb.com/stats/receive_stats.php";
$this->tpl_name = 'acp_send_statistics';
$this->page_title = 'ACP_SEND_STATISTICS';
// generate a unique id if necessary
if (!isset($config['questionnaire_unique_id'])) {
$install_id = unique_id();
set_config('questionnaire_unique_id', $install_id);
} else {
$install_id = $config['questionnaire_unique_id'];
}
$collector = new phpbb_questionnaire_data_collector($install_id);
// Add data provider
$collector->add_data_provider(new phpbb_questionnaire_php_data_provider());
$collector->add_data_provider(new phpbb_questionnaire_system_data_provider());
$collector->add_data_provider(new phpbb_questionnaire_phpbb_data_provider($config));
$template->assign_vars(array('U_COLLECT_STATS' => $collect_url, 'RAW_DATA' => $collector->get_data_for_form(), 'U_ACP_MAIN' => append_sid("{$phpbb_admin_path}index.{$phpEx}")));
$raw = $collector->get_data_raw();
foreach ($raw as $provider => $data) {
if ($provider == 'install_id') {
$data = array($provider => $data);
}
$template->assign_block_vars('providers', array('NAME' => htmlspecialchars($provider)));
foreach ($data as $key => $value) {
if (is_array($value)) {
$value = utf8_wordwrap(serialize($value), 75, "\n", true);
}
$template->assign_block_vars('providers.values', array('KEY' => utf8_htmlspecialchars($key), 'VALUE' => utf8_htmlspecialchars($value)));
}
}
}
public function __construct()
{
parent::__construct();
if ($this->config->nf_http_authentication && is_null($this->session('user_id')) && $this->session('session', 'http_authentication')) {
$this->session->destroy('session', 'http_authentication');
if (isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
$login = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
} else {
if (isset($_SERVER['REDIRECT_REMOTE_USER']) && preg_match('/Basic (.*)/', $_SERVER['REDIRECT_REMOTE_USER'], $matches)) {
list($login, $password) = explode(':', base64_decode($matches[1]));
}
}
if (isset($login, $password)) {
$user = $this->db->select('user_id', 'password', 'salt')->from('nf_users')->where('last_activity_date <>', 0)->where('deleted', FALSE)->where('BINARY username', $login, 'OR', 'BINARY email', $login)->row();
if ($user) {
if (!$user['salt'] && $this->load->library('password')->is_valid($password, $user['password'], FALSE)) {
$this->db->where('user_id', (int) $user['user_id'])->update('nf_users', array('password' => $user['password'] = $this->password->encrypt($password . ($salt = unique_id())), 'salt' => $user['salt'] = $salt));
}
if ($this->load->library('password')->is_valid($password . $user['salt'], $user['password'])) {
$this->login((int) $user['user_id'], FALSE);
if ($this->config->request_url == 'user/logout.html') {
redirect();
}
}
}
}
}
$this->_init();
}
public function _row($filepath, $filename) {
$row = (object) array(
'extension' => extension($filename),
'name' => strtolower($filename),
'random' => time() . '_' . substr(md5(unique_id()), 0, 10)
);
$row->filename = $row->random . '.' . $row->extension;
$row->filepath = $filepath . $row->filename;
return $row;
}
/**
* This function will load everything needed for the evil quick reply
*
* @param int $topic_id
* @param int $forum_id
* @param array $topic_data
*/
function quick_reply($topic_id, $forum_id, &$topic_data)
{
global $template, $user, $auth, $db;
global $phpbb_root_path, $phpEx, $config;
// Some little config for the quick reply, allows the admin to change these default values through the database.
$qr_config = array('enabled' => true, 'display_subject' => true, 'hide_box' => false, 'resize' => false);
// do evil_qr_ prefixed of the config values exist in $config
// /me slaps highway of life
foreach (array_keys($qr_config) as $key) {
if (isset($config['evil_qr_' . $key])) {
$qr_config[$key] = $config['evil_qr_' . $key];
}
}
// Check if user has reply permissions for this forum or the topic is locked (thanks damnian)
if (!$auth->acl_get('f_reply', $forum_id) || $topic_data['topic_status'] == ITEM_LOCKED && !$auth->acl_get('m_lock', $forum_id) || !$qr_config['enabled']) {
return;
}
// Hidden fields
$s_hidden_fields = array('t' => $topic_id, 'f' => $forum_id, 'mode' => 'reply', 'lastclick' => time(), 'icon' => 0);
// Set preferences such as allow smilies, bbcode, attachsig
$reply_prefs = array('disable_bbcode' => $config['allow_bbcode'] && $user->optionget('bbcode') ? false : true, 'disable_smilies' => $config['allow_smilies'] && $user->optionget('smilies') ? false : true, 'disable_magic_url' => false, 'attach_sig' => $config['allow_sig'] && $user->optionget('attachsig') ? true : false, 'notify' => $config['allow_topic_notify'] && ($user->data['user_notify'] || isset($topic_data['notify_status'])) ? true : false, 'lock_topic' => $topic_data['topic_status'] == ITEM_LOCKED && $auth->acl_get('m_lock', $forum_id) ? true : false);
foreach ($reply_prefs as $name => $value) {
if ($value) {
$s_hidden_fields[$name] = 1;
}
}
$subject = (strpos($topic_data['topic_title'], 'Re: ') !== 0 ? 'Re: ' : '') . censor_text($topic_data['topic_title']);
if (!$qr_config['display_subject']) {
// /me is a show-off
list($s_hidden_fields['subject'], $subject) = array($subject, '');
}
// Confirmation code handling (stolen from posting.php)
if ($config['enable_post_confirm'] && !$user->data['is_registered']) {
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "\r\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\r\n\t\t\t\tAND confirm_type = " . CONFIRM_POST;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />'));
}
// new RC6/RC7 stuff
add_form_key('posting');
// Page title & action URL, include session_id for security purpose
$s_action = append_sid("{$phpbb_root_path}posting.{$phpEx}", false, true, $user->session_id);
// Assign template variables
$template->assign_vars(array('QR_SUBJECT' => $subject, 'S_QR_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_QR_POST_ACTION' => $s_action, 'S_QR_ENABLED' => $qr_config['enabled'], 'S_QR_SUBJECT' => $qr_config['display_subject'], 'S_QR_HIDE_BOX' => $qr_config['hide_box'], 'S_QR_RESIZE' => $qr_config['resize']));
}
function mybb_import_attachment($source)
{
global $convert_row, $convert;
$target = phpbb_user_id($convert_row['uid']) . '_' . md5(unique_id());
import_attachment($source, $target);
if (mybb_has_thumbnail($convert_row['thumbnail']))
{
_import_check('upload_path', $convert_row['thumbnail'], 'thumb_' . $target);
}
return $target;
}
public function _construct()
{
if (empty($this->name)) {
$this->name = unique_id();
}
if (empty($this->id)) {
$this->id = unique_id();
}
$acc_opts = array();
foreach ($this->accordion_opts as $opt) {
$acc_opts[$opt] = $this->{$opt};
}
$this->out = $this->jquery->Accordion($this->name, $this->options, $acc_opts);
}
function phpbb_hash($password)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random_state = unique_id();
$random = '';
$count = 6;
$random = '';
for ($i = 0; $i < $count; $i += 16) {
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
return $hash;
}
/**
* Cleans destination filename
*
* @access public
* @param real|unique $mode real creates a realname, filtering some characters, lowering every character. Unique creates an unique filename
* @param string $prefix Prefix applied to filename
*/
function clean_filename($mode = 'unique', $prefix = '')
{
if ($this->init_error) {
return;
}
switch ($mode) {
case 'real':
// Replace any chars which may cause us problems with _
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
$this->realname = rawurlencode(str_replace($bad_chars, '_', strtolower($this->realname)));
$this->realname = preg_replace("/%(\\w{2})/", '_', $this->realname);
$this->realname = $prefix . $this->realname . '_.' . $this->extension;
break;
case 'unique':
default:
$this->realname = $prefix . md5(unique_id()) . '.' . $this->extension;
}
}
public function upload($files, $dir = NULL, &$filename = NULL, $file_id = NULL, $var = NULL)
{
if (!file_exists($dir = './upload/' . ($dir ?: 'unknow'))) {
if (!mkdir($dir, 0777, TRUE)) {
return FALSE;
}
}
do {
$file = unique_id() . '.' . extension(basename($var ? $files['name'][$var] : $files['name']));
} while (file_exists($filename = $dir . '/' . $file));
if (move_uploaded_file($var ? $files['tmp_name'][$var] : $files['tmp_name'], $filename)) {
if ($file_id) {
$this->_unlink($file_id);
$this->db->where('file_id', $file_id)->update('nf_files', array('user_id' => $this->user() ? $this->user('user_id') : NULL, 'path' => $filename, 'name' => $var ? $files['name'][$var] : $files['name']));
return $file_id;
} else {
return $this->add($filename, $var ? $files['name'][$var] : $files['name']);
}
}
return FALSE;
}
public function _construct()
{
if (empty($this->name)) {
$this->name = unique_id();
}
if (empty($this->class)) {
$this->class = "";
}
if (empty($this->id)) {
$this->id = unique_id();
}
$options = array();
foreach ($this->all_opts as $opt) {
$options[$opt] = $this->{$opt};
}
$this->jquery->qtip('.' . $this->name, 'return $(".' . $this->name . '_c", this).html();', $options);
if (isset($this->usediv) && $this->usediv) {
$this->out = '<div class="' . $this->name . ' ' . $this->class . '" id="' . $this->id . '"><div class="' . $this->name . '_c" style="display:none;">' . $this->content . '</div>' . $this->label . '</div>';
} else {
$this->out = '<span class="' . $this->name . ' ' . $this->class . '" id="' . $this->id . '"><span class="' . $this->name . '_c" style="display:none;">' . $this->content . '</span>' . $this->label . '</span>';
}
}
public function income_today($data = array())
{
log_message('error', json_encode(array('step' => 'adddata', 'data' => $data)), 'today_income_log');
$new_log = $this->_is_exists($data);
log_message('error', json_encode(array('step' => 'olddata', 'data' => $new_log)), 'today_income_log');
if (empty($new_log)) {
$new_log = $data;
$new_log['id'] = unique_id();
$id = 0;
} else {
$new_log['rel_data'] = json_decode($new_log['rel_data'], TRUE);
if (is_null($new_log['rel_data'])) {
$new_log['rel_data'] = $data['rel_data'];
} else {
if (isset($data['rel_data']['account'])) {
$new_log['rel_data']['account'] = $data['rel_data']['account'];
}
if (isset($data['rel_data']['title'])) {
$new_log['rel_data']['title'] = $data['rel_data']['title'];
}
foreach ($data['rel_data']['logs'] as $key => $value) {
$check = $this->getUqieArr($new_log, $value);
if (!$check) {
$new_log['rel_data']['logs'][] = $value;
}
}
}
$id = $new_log['id'];
unset($new_log['id']);
}
log_message('error', json_encode(array('step' => 'newdata', 'data' => $new_log)), 'today_income_log');
$new_log['rel_data']['money'] = 0;
foreach ($new_log['rel_data']['logs'] as $key => $value) {
$new_log['rel_data']['money'] += floatval($value['money']);
}
$new_log['created'] = date('Y-m-d H:i:s');
$new_log['rel_data'] = json_encode($new_log['rel_data']);
return $this->save($new_log, $id);
}
function build_captcha()
{
global $db, $cache, $config, $template, $user, $lang;
// Clean old sessions and old confirm codes
$user->confirm_gc();
// Generate the required confirmation code
$confirm_image = '';
$code = unique_id();
// 0 (zero) could get confused with O (the letter) so we change it
//$code = substr(str_replace(array('0'), array('Z'), strtoupper(base_convert($code, 16, 35))), 2, 6);
// Easiest to read charset... some letters and numbers may be ambiguous
$code = substr(str_replace(array('0', '1', '2', '5', 'O', 'I', 'Z', 'S'), array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H'), strtoupper(base_convert($code, 16, 35))), 2, $this->code_length);
$confirm_id = md5(uniqid($user->ip));
$sql = "INSERT INTO " . CONFIRM_TABLE . " (confirm_id, session_id, code)\n\t\t\tVALUES ('" . $db->sql_escape($confirm_id) . "', '" . $db->sql_escape($user->data['session_id']) . "', '" . $db->sql_escape($code) . "')";
$result = $db->sql_query($sql);
unset($code);
$server_url = create_server_url();
$confirm_image = '<img src="' . append_sid($server_url . CMS_PAGE_PROFILE . '?mode=confirm&confirm_id=' . $confirm_id) . '" alt="" title="" />';
$template->assign_vars(array('S_CAPTCHA' => true, 'CONFIRM_IMG' => $confirm_image, 'CAPTCHA_HIDDEN' => '<input type="hidden" name="confirm_id" value="' . $confirm_id . '" />', 'CAPTCHA_CODE_LENGTH' => $this->code_length, 'L_CONFIRM_CODE_IMPAIRED' => sprintf($lang['CONFIRM_CODE_IMPAIRED'], '<a href="mailto:' . $config['board_email'] . '">', '</a>')));
$return_array = array('confirm_id' => $confirm_id, 'confirm_image' => $confirm_image);
return $return_array;
}
/**
*
* @version Version 0.1 / $Id: functions.php 8491 2008-04-04 11:41:58Z acydburn $
*
* Portable PHP password hashing framework.
*
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
* the public domain.
*
* There's absolutely no warranty.
*
* The homepage URL for this framework is:
*
* http://www.openwall.com/phpass/
*
* Please be sure to update the Version line if you edit this file in any way.
* It is suggested that you leave the main version number intact, but indicate
* your project name (after the slash) and add your own revision information.
*
* Please do not change the "private" password hashing method implemented in
* here, thereby making your hashes incompatible. However, if you must, please
* change the hash type identifier (the "$P$") to something different.
*
* Obviously, since this code is in the public domain, the above are not
* requirements (there can be none), but merely suggestions.
*
*
* Hash the password
*/
function phpbb_hash($password)
{
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
$random_state = uniqid();
$random = '';
$count = 6;
if ($fh = @fopen('/dev/urandom', 'rb')) {
$random = fread($fh, $count);
fclose($fh);
}
if (strlen($random) < $count) {
$random = '';
for ($i = 0; $i < $count; $i += 16) {
$random_state = md5(unique_id() . $random_state);
$random .= pack('H*', md5($random_state));
}
$random = substr($random, 0, $count);
}
$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);
if (strlen($hash) == 34) {
return $hash;
}
return md5($password);
}
/**
* Init - give message here or manually
*/
function parse_message($message = '')
{
// Init BBCode UID
$this->bbcode_uid = substr(base_convert(unique_id(), 16, 36), 0, BBCODE_UID_LEN);
if ($message) {
$this->message = $message;
}
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
// Show confirm image
$sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\t\t\tAND confirm_type = " . CONFIRM_LOGIN;
$db->sql_query($sql);
// Generate code
$code = gen_rand_string(mt_rand(5, 8));
$confirm_id = md5(unique_id($user->ip));
$seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff
$seed -= 0x7fffffff * floor($seed / 0x7fffffff);
$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_LOGIN, 'code' => (string) $code, 'seed' => (int) $seed));
$db->sql_query($sql);
$template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_LOGIN) . '" alt="" title="" />', 'L_LOGIN_CONFIRM_EXPLAIN' => sprintf($user->lang['LOGIN_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>')));
$err = $user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
if (!$redirect) {
// We just use what the session code determined...
// If we are not within the admin directory we use the page dir...
$redirect = '';
if (!$admin) {
$redirect .= $user->page['page_dir'] ? $user->page['page_dir'] . '/' : '';
}
$redirect .= $user->page['page_name'] . ($user->page['query_string'] ? '?' . htmlspecialchars($user->page['query_string']) : '');
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('redirect' => $redirect, 'sid' => $user->session_id);
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] != USER_ACTIVATION_NONE && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_LOGIN_ACTION' => !$admin ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=login') : append_sid("index.{$phpEx}", false, true, $user->session_id), 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
function main($id, $mode)
{
global $cache, $db, $user, $template, $table_prefix, $request;
global $phpbb_root_path, $phpbb_container, $phpbb_log;
$this->db_tools = $phpbb_container->get('dbal.tools');
$user->add_lang('acp/database');
$this->tpl_name = 'acp_database';
$this->page_title = 'ACP_DATABASE';
$action = $request->variable('action', '');
$submit = isset($_POST['submit']) ? true : false;
$template->assign_vars(array('MODE' => $mode));
switch ($mode) {
case 'backup':
$this->page_title = 'ACP_BACKUP';
switch ($action) {
case 'download':
$type = $request->variable('type', '');
$table = array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
$format = $request->variable('method', '');
$where = $request->variable('where', '');
if (!sizeof($table)) {
trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$store = $download = $structure = $schema_data = false;
if ($where == 'store_and_download' || $where == 'store') {
$store = true;
}
if ($where == 'store_and_download' || $where == 'download') {
$download = true;
}
if ($type == 'full' || $type == 'structure') {
$structure = true;
}
if ($type == 'full' || $type == 'data') {
$schema_data = true;
}
@set_time_limit(1200);
@set_time_limit(0);
$time = time();
$filename = 'backup_' . $time . '_' . unique_id();
$extractor = $phpbb_container->get('dbal.extractor');
$extractor->init_extractor($format, $filename, $time, $download, $store);
$extractor->write_start($table_prefix);
foreach ($table as $table_name) {
// Get the table structure
if ($structure) {
$extractor->write_table($table_name);
} else {
// We might wanna empty out all that junk :D
switch ($db->get_sql_layer()) {
case 'sqlite':
case 'sqlite3':
$extractor->flush('DELETE FROM ' . $table_name . ";\n");
break;
case 'mssql':
case 'mssql_odbc':
case 'mssqlnative':
$extractor->flush('TRUNCATE TABLE ' . $table_name . "GO\n");
break;
case 'oracle':
$extractor->flush('TRUNCATE TABLE ' . $table_name . "/\n");
break;
default:
$extractor->flush('TRUNCATE TABLE ' . $table_name . ";\n");
break;
}
}
// Data
if ($schema_data) {
$extractor->write_data($table_name);
}
}
$extractor->write_end();
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_BACKUP');
if ($download == true) {
exit;
}
trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action));
break;
default:
$tables = $this->db_tools->sql_list_tables();
asort($tables);
foreach ($tables as $table_name) {
if (strlen($table_prefix) === 0 || stripos($table_name, $table_prefix) === 0) {
$template->assign_block_vars('tables', array('TABLE' => $table_name));
}
}
unset($tables);
$template->assign_vars(array('U_ACTION' => $this->u_action . '&action=download'));
$available_methods = array('gzip' => 'zlib', 'bzip2' => 'bz2');
foreach ($available_methods as $type => $module) {
if (!@extension_loaded($module)) {
continue;
}
$template->assign_block_vars('methods', array('TYPE' => $type));
}
$template->assign_block_vars('methods', array('TYPE' => 'text'));
break;
}
break;
case 'restore':
$this->page_title = 'ACP_RESTORE';
switch ($action) {
case 'submit':
$delete = $request->variable('delete', '');
$file = $request->variable('file', '');
$download = $request->variable('download', '');
if (!preg_match('#^backup_\\d{10,}_[a-z\\d]{16}\\.(sql(?:\\.(?:gz|bz2))?)$#', $file, $matches)) {
trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$file_name = $phpbb_root_path . 'store/' . $matches[0];
if (!file_exists($file_name) || !is_readable($file_name)) {
trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if ($delete) {
if (confirm_box(true)) {
unlink($file_name);
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_DELETE');
trigger_error($user->lang['BACKUP_DELETE'] . adm_back_link($this->u_action));
} else {
confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file)));
}
} else {
if ($download || confirm_box(true)) {
if ($download) {
$name = $matches[0];
switch ($matches[1]) {
case 'sql':
$mimetype = 'text/x-sql';
break;
case 'sql.bz2':
$mimetype = 'application/x-bzip2';
break;
case 'sql.gz':
$mimetype = 'application/x-gzip';
break;
}
header('Cache-Control: private, no-cache');
header("Content-Type: {$mimetype}; name=\"{$name}\"");
header("Content-disposition: attachment; filename={$name}");
@set_time_limit(0);
$fp = @fopen($file_name, 'rb');
if ($fp !== false) {
while (!feof($fp)) {
echo fread($fp, 8192);
}
fclose($fp);
}
flush();
exit;
}
switch ($matches[1]) {
case 'sql':
$fp = fopen($file_name, 'rb');
$read = 'fread';
$seek = 'fseek';
$eof = 'feof';
$close = 'fclose';
$fgetd = 'fgetd';
break;
case 'sql.bz2':
$fp = bzopen($file_name, 'r');
$read = 'bzread';
$seek = '';
$eof = 'feof';
$close = 'bzclose';
$fgetd = 'fgetd_seekless';
break;
case 'sql.gz':
$fp = gzopen($file_name, 'rb');
$read = 'gzread';
$seek = 'gzseek';
$eof = 'gzeof';
$close = 'gzclose';
$fgetd = 'fgetd';
break;
}
switch ($db->get_sql_layer()) {
case 'mysql':
case 'mysql4':
case 'mysqli':
case 'sqlite':
case 'sqlite3':
while (($sql = $fgetd($fp, ";\n", $read, $seek, $eof)) !== false) {
$db->sql_query($sql);
}
break;
case 'postgres':
$delim = ";\n";
while (($sql = $fgetd($fp, $delim, $read, $seek, $eof)) !== false) {
$query = trim($sql);
if (substr($query, 0, 13) == 'CREATE DOMAIN') {
list(, , $domain) = explode(' ', $query);
$sql = "SELECT domain_name\n\t\t\t\t\t\t\t\t\t\t\t\tFROM information_schema.domains\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE domain_name = '{$domain}';";
$result = $db->sql_query($sql);
if (!$db->sql_fetchrow($result)) {
$db->sql_query($query);
}
$db->sql_freeresult($result);
} else {
$db->sql_query($query);
}
if (substr($query, 0, 4) == 'COPY') {
while (($sub = $fgetd($fp, "\n", $read, $seek, $eof)) !== '\\.') {
if ($sub === false) {
trigger_error($user->lang['RESTORE_FAILURE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
pg_put_line($db->get_db_connect_id(), $sub . "\n");
}
pg_put_line($db->get_db_connect_id(), "\\.\n");
pg_end_copy($db->get_db_connect_id());
}
}
break;
case 'oracle':
while (($sql = $fgetd($fp, "/\n", $read, $seek, $eof)) !== false) {
$db->sql_query($sql);
}
break;
case 'mssql':
case 'mssql_odbc':
case 'mssqlnative':
while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false) {
$db->sql_query($sql);
}
break;
}
$close($fp);
// Purge the cache due to updated data
$cache->purge();
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_RESTORE');
trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
break;
} else {
if (!$download) {
confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file)));
}
}
}
default:
$methods = array('sql');
$available_methods = array('sql.gz' => 'zlib', 'sql.bz2' => 'bz2');
foreach ($available_methods as $type => $module) {
if (!@extension_loaded($module)) {
continue;
}
$methods[] = $type;
}
$dir = $phpbb_root_path . 'store/';
$dh = @opendir($dir);
$backup_files = array();
if ($dh) {
while (($file = readdir($dh)) !== false) {
if (preg_match('#^backup_(\\d{10,})_[a-z\\d]{16}\\.(sql(?:\\.(?:gz|bz2))?)$#', $file, $matches)) {
if (in_array($matches[2], $methods)) {
$backup_files[(int) $matches[1]] = $file;
}
}
}
closedir($dh);
}
if (!empty($backup_files)) {
krsort($backup_files);
foreach ($backup_files as $name => $file) {
$template->assign_block_vars('files', array('FILE' => $file, 'NAME' => $user->format_date($name, 'd-m-Y H:i:s', true), 'SUPPORTED' => true));
}
}
$template->assign_vars(array('U_ACTION' => $this->u_action . '&action=submit'));
break;
}
break;
}
}
/**
* Return email header
*/
function build_header($to, $cc, $bcc)
{
global $config;
$headers = array();
$headers[] = 'From: ' . $this->from;
if ($cc) {
$headers[] = 'Cc: ' . $cc;
}
if ($bcc) {
$headers[] = 'Bcc: ' . $bcc;
}
$headers[] = 'Reply-To: ' . $this->replyto;
$headers[] = 'Return-Path: <' . $config['board_email'] . '>';
$headers[] = 'Sender: <' . $config['board_email'] . '>';
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Message-ID: <' . md5(unique_id(time())) . '@' . $config['server_name'] . '>';
$headers[] = 'Date: ' . date('r', time());
$headers[] = 'Content-Type: text/plain; charset=UTF-8';
// format=flowed
$headers[] = 'Content-Transfer-Encoding: 8bit';
// 7bit
$headers[] = 'X-Priority: ' . $this->mail_priority;
$headers[] = 'X-MSMail-Priority: ' . ($this->mail_priority == MAIL_LOW_PRIORITY ? 'Low' : ($this->mail_priority == MAIL_NORMAL_PRIORITY ? 'Normal' : 'High'));
$headers[] = 'X-Mailer: PhpBB3';
$headers[] = 'X-MimeOLE: phpBB3';
$headers[] = 'X-phpBB-Origin: phpbb://' . str_replace(array('http://', 'https://'), array('', ''), generate_board_url());
// We use \n here instead of \r\n because our smtp mailer is adjusting it to \r\n automatically, whereby the php mail function only works
// if using \n.
if (sizeof($this->extra_headers)) {
$headers[] = implode("\n", $this->extra_headers);
}
return implode("\n", $headers);
}
/**
* Remote upload method
* Uploads file from given url
*
* @param string $upload_url URL pointing to file to upload, for example http://www.foobar.com/example.gif
* @return filespec $file Object "filespec" is returned, all further operations can be done with this object
* @access public
*/
protected function remote_upload($upload_url)
{
$upload_ary = array();
$upload_ary['local_mode'] = true;
if (!preg_match('#^(https?://).*?\\.(' . implode('|', $this->upload->allowed_extensions) . ')$#i', $upload_url, $match)) {
return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'URL_INVALID'));
}
$url = parse_url($upload_url);
$host = $url['host'];
$path = $url['path'];
$port = !empty($url['port']) ? (int) $url['port'] : 80;
$upload_ary['type'] = 'application/octet-stream';
$url['path'] = explode('.', $url['path']);
$ext = array_pop($url['path']);
$url['path'] = implode('', $url['path']);
$upload_ary['name'] = utf8_basename($url['path']) . ($ext ? '.' . $ext : '');
$filename = $url['path'];
$filesize = 0;
$remote_max_filesize = $this->get_max_file_size();
$errno = 0;
$errstr = '';
if (!($fsock = @fsockopen($host, $port, $errno, $errstr))) {
return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'NOT_UPLOADED'));
}
// Make sure $path not beginning with /
if (strpos($path, '/') === 0) {
$path = substr($path, 1);
}
fputs($fsock, 'GET /' . $path . " HTTP/1.1\r\n");
fputs($fsock, "HOST: " . $host . "\r\n");
fputs($fsock, "Connection: close\r\n\r\n");
// Set a proper timeout for the socket
socket_set_timeout($fsock, $this->upload->upload_timeout);
$get_info = false;
$data = '';
$length = false;
$timer_stop = time() + $this->upload->upload_timeout;
while ((!$length || $filesize < $length) && !@feof($fsock)) {
if ($get_info) {
if ($length) {
// Don't attempt to read past end of file if server indicated length
$block = @fread($fsock, min($length - $filesize, 1024));
} else {
$block = @fread($fsock, 1024);
}
$filesize += strlen($block);
if ($remote_max_filesize && $filesize > $remote_max_filesize) {
$max_filesize = get_formatted_filesize($remote_max_filesize, false);
return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']));
}
$data .= $block;
} else {
$line = @fgets($fsock, 1024);
if ($line == "\r\n") {
$get_info = true;
} else {
if (stripos($line, 'content-type: ') !== false) {
$upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line)));
} else {
if ($this->upload->max_filesize && stripos($line, 'content-length: ') !== false) {
$length = (int) str_replace('content-length: ', '', strtolower($line));
if ($remote_max_filesize && $length && $length > $remote_max_filesize) {
$max_filesize = get_formatted_filesize($remote_max_filesize, false);
return $this->factory->get('filespec')->set_error($this->language->lang($this->upload->error_prefix . 'WRONG_FILESIZE', $max_filesize['value'], $max_filesize['unit']));
}
} else {
if (stripos($line, '404 not found') !== false) {
return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'URL_NOT_FOUND');
}
}
}
}
}
$stream_meta_data = stream_get_meta_data($fsock);
// Cancel upload if we exceed timeout
if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop) {
return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'REMOTE_UPLOAD_TIMEOUT');
}
}
@fclose($fsock);
if (empty($data)) {
return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'EMPTY_REMOTE_DATA');
}
$filename = tempnam(sys_get_temp_dir(), unique_id() . '-');
if (!($fp = @fopen($filename, 'wb'))) {
return $this->factory->get('filespec')->set_error($this->upload->error_prefix . 'NOT_UPLOADED');
}
$upload_ary['size'] = fwrite($fp, $data);
fclose($fp);
unset($data);
$upload_ary['tmp_name'] = $filename;
/** @var filespec $file */
$file = $this->factory->get('filespec')->set_upload_ary($upload_ary)->set_upload_namespace($this->upload);
$this->upload->common_checks($file);
return $file;
}
/**
* Index messages on the fly as we convert them
* @todo naderman, can you check that this works with the new search plugins as it's use is currently disabled (and thus untested)
function search_indexing($message = '')
{
global $fulltext_search, $convert_row;
if (!isset($convert_row['post_id']))
{
return;
}
if (!$message)
{
if (!isset($convert_row['message']))
{
return;
}
$message = $convert_row['message'];
}
$title = (isset($convert_row['title'])) ? $convert_row['title'] : '';
$fulltext_search->index('post', $convert_row['post_id'], $message, $title, $convert_row['poster_id'], $convert_row['forum_id']);
}
*/
function make_unique_filename($filename)
{
if (!strlen($filename)) {
$filename = md5(unique_id()) . '.dat';
} else {
if ($filename[0] == '.') {
$filename = md5(unique_id()) . $filename;
} else {
if (preg_match('/\\.([a-z]+)$/i', $filename, $m)) {
$filename = preg_replace('/\\.([a-z]+)$/i', '_' . md5(unique_id()) . '.\\1', $filename);
} else {
$filename .= '_' . md5(unique_id()) . '.dat';
}
}
}
return $filename;
}
/**
* Adds an user
*
* @param mixed $user_row An array containing the following keys (and the appropriate values): username, group_id (the group to place the user in), user_email and the user_type(usually 0). Additional entries not overridden by defaults will be forwarded.
* @param string $cp_data custom profile fields, see custom_profile::build_insert_sql_array
* @return the new user's ID.
*/
function user_add($user_row, $cp_data = false)
{
global $db, $user, $auth, $config, $phpbb_root_path, $phpEx;
if (empty($user_row['username']) || !isset($user_row['group_id']) || !isset($user_row['user_email']) || !isset($user_row['user_type'])) {
return false;
}
$username_clean = utf8_clean_string($user_row['username']);
if (empty($username_clean)) {
return false;
}
$sql_ary = array('username' => $user_row['username'], 'username_clean' => $username_clean, 'user_password' => isset($user_row['user_password']) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type']);
// These are the additional vars able to be specified
$additional_vars = array('user_permissions' => '', 'user_timezone' => $config['board_timezone'], 'user_dateformat' => $config['default_dateformat'], 'user_lang' => $config['default_lang'], 'user_style' => (int) $config['default_style'], 'user_actkey' => '', 'user_ip' => '', 'user_regdate' => time(), 'user_passchg' => time(), 'user_options' => 895, 'user_inactive_reason' => 0, 'user_inactive_time' => 0, 'user_lastmark' => time(), 'user_lastvisit' => 0, 'user_lastpost_time' => 0, 'user_lastpage' => '', 'user_posts' => 0, 'user_dst' => (int) $config['board_dst'], 'user_colour' => '', 'user_occ' => '', 'user_interests' => '', 'user_avatar' => '', 'user_avatar_type' => 0, 'user_avatar_width' => 0, 'user_avatar_height' => 0, 'user_new_privmsg' => 0, 'user_unread_privmsg' => 0, 'user_last_privmsg' => 0, 'user_message_rules' => 0, 'user_full_folder' => PRIVMSGS_NO_BOX, 'user_emailtime' => 0, 'user_notify' => 0, 'user_notify_pm' => 1, 'user_notify_type' => NOTIFY_EMAIL, 'user_allow_pm' => 1, 'user_allow_viewonline' => 1, 'user_allow_viewemail' => 1, 'user_allow_massemail' => 1, 'user_sig' => '', 'user_sig_bbcode_uid' => '', 'user_sig_bbcode_bitfield' => '', 'user_form_salt' => unique_id());
// Now fill the sql array with not required variables
foreach ($additional_vars as $key => $default_value) {
$sql_ary[$key] = isset($user_row[$key]) ? $user_row[$key] : $default_value;
}
// Any additional variables in $user_row not covered above?
$remaining_vars = array_diff(array_keys($user_row), array_keys($sql_ary));
// Now fill our sql array with the remaining vars
if (sizeof($remaining_vars)) {
foreach ($remaining_vars as $key) {
$sql_ary[$key] = $user_row[$key];
}
}
$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$user_id = $db->sql_nextid();
// Insert Custom Profile Fields
if ($cp_data !== false && sizeof($cp_data)) {
$cp_data['user_id'] = (int) $user_id;
if (!class_exists('custom_profile')) {
include_once $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx;
}
$sql = 'INSERT INTO ' . PROFILE_FIELDS_DATA_TABLE . ' ' . $db->sql_build_array('INSERT', custom_profile::build_insert_sql_array($cp_data));
$db->sql_query($sql);
}
// Place into appropriate group...
$sql = 'INSERT INTO ' . USER_GROUP_TABLE . ' ' . $db->sql_build_array('INSERT', array('user_id' => (int) $user_id, 'group_id' => (int) $user_row['group_id'], 'user_pending' => 0));
$db->sql_query($sql);
// Now make it the users default group...
group_set_user_default($user_row['group_id'], array($user_id), false);
// set the newest user and adjust the user count if the user is a normal user and no activation mail is sent
if ($user_row['user_type'] == USER_NORMAL) {
set_config('newest_user_id', $user_id, true);
set_config('newest_username', $user_row['username'], true);
set_config('num_users', $config['num_users'] + 1, true);
$sql = 'SELECT group_colour
FROM ' . GROUPS_TABLE . '
WHERE group_id = ' . (int) $user_row['group_id'];
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
set_config('newest_user_colour', $row['group_colour'], true);
}
return $user_id;
}
protected function _create_home()
{
global $core, $user;
if (_button() && is_ghost()) {
$v = $this->__(array('cat' => 1, 'ticket_group' => 0, 'ticket_title', 'ticket_text', 'ticket_username', 'attachments'));
$t_contact = $user->v();
if (f($v['ticket_username']) && _auth_get('ticket_create_admin')) {
if (!preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['ticket_username'])) {
$this->_error('#SIGN_LOGIN_ERROR');
}
$sql = 'SELECT *
FROM _members
WHERE user_username = ?
AND user_id <> 1
AND user_active = 1';
if (!($t_contact = _fieldrow(sql_filter($sql, $v['ticket_username'])))) {
$this->_error('#SIGN_LOGIN_ERROR');
}
}
if (!($ticket_status = $core->cache_load('ticket_status_default'))) {
$sql = 'SELECT status_id
FROM _tickets_status
WHERE status_default = 1';
$ticket_status = $core->cache_store(_field($sql, 'status_id', 0));
}
$v2 = array('code' => substr(md5(unique_id()), 0, 8), 'childs' => 0, 'parent' => 0, 'deleted' => 0, 'lastreply' => (int) $user->time, 'group' => $v['ticket_group'], 'contact' => $t_contact['user_id'], 'aby' => 0, 'cat' => $v['cat'], 'status' => $ticket_status, 'start' => (int) $user->time, 'end' => 0, 'ip' => $user->i_ip, 'title' => $v['ticket_title'], 'text' => $v['ticket_text']);
$sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $v2));
$v['ticket_id'] = _sql_nextid($sql);
$v = array_merge($v, $v2);
if (f($v['attachments'])) {
$attachments = explode(',', $v['attachments']);
$location = XFS . 'space/f/';
if (@is_dir($location)) {
@(include XFS . 'core/upload.php');
$upload = new upload();
$umask = umask(0);
$i = 0;
foreach ($attachments as $row) {
if (@file_exists($location . $row)) {
$extension = _extension($row);
if (preg_match('/\\.(' . $upload->ext_blacklist . ')$/', strtolower($row))) {
$extension = 'txt';
}
$filepath = _filename('_' . $v['code'] . '_' . $i, $extension);
@rename($location . $row, $location . $filepath);
$upload->chmod($location . $filepath);
$insert_attach = array('ticket' => $v['ticket_id'], 'name' => $filepath, 'mime' => mime_content_type($location . $filepath), 'extension' => $extension, 'size' => filesize($location . $filepath), 'checksum' => md5_file($location . $filepath), 'downloads' => 0, 'time' => time());
$sql = 'INSERT INTO _tickets_attach' . _build_array('INSERT', prefix('attach', $insert_attach));
_sql($sql);
$i++;
}
}
@umask($umask);
}
}
if ($v['parent']) {
$sql = 'UPDATE _tickets SET ticket_childs = ticket_childs + 1
WHERE ticket_id = ?';
_sql(sql_filter($sql, $v['ticket_parent']));
}
if (f($v['ticket_username'])) {
$insert_note = array('ticket_id' => (int) $v['ticket_id'], 'user_id' => $user->v('user_id'), 'note_text' => _lang('TICKET_CREATE_STAFF'), 'note_time' => time(), 'note_cc' => 1);
$sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $insert_note);
_sql($sql);
}
$sql = 'SELECT group_name, group_email
FROM _groups
WHERE group_id = ?';
$d_group = _fieldrow(sql_filter($sql, $v['ticket_group']));
$ticket_subject = entity_decode($d_group['group_name'] . ' [#' . $v['code'] . ']: ' . $v['ticket_title']);
$ticket_message = entity_decode($v['text']);
$sql = 'SELECT m.user_email
FROM _groups_members gm, _members m
WHERE gm.member_group = ?
AND gm.member_mod = ?
AND gm.member_uid = m.user_id
ORDER BY m.user_email';
$group_members = _rowset(sql_filter($sql, $v['group'], 1), false, 'user_email');
//
// Common email notification
require_once XFS . 'core/emailer.php';
$emailer = new emailer();
$emailer_vars = array('USERNAME' => $t_contact['user_username'], 'FULLNAME' => entity_decode(_fullname($t_contact)), 'SUBJECT' => entity_decode($v['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $v['code'])));
$email_from = $d_group['group_email'] . '@' . $core->v('domain');
$user_template = 'ticket_' . $d_group['group_email'];
//
// Notify ticket creator
$emailer->from($email_from);
$emailer->set_subject($ticket_subject);
$emailer->use_template($user_template);
$emailer->email_address($t_contact['user_email']);
$emailer->set_decode(true);
$emailer->assign_vars($emailer_vars);
$emailer->send();
$emailer->reset();
//
// Notify group mods
$emailer->from($email_from);
$emailer->use_template('ticket_tech');
$emailer->set_subject($ticket_subject);
foreach ($group_members as $i => $row) {
$method = !$i ? 'email_address' : 'cc';
$emailer->{$method}($row);
}
$emailer->set_decode(true);
$emailer->assign_vars($emailer_vars);
$emailer->send();
$emailer->reset();
return $this->e(_link($this->m(), array('x1' => 'view', 'code' => $v['code'])));
}
$sql = 'SELECT group_id, group_name
FROM _groups
ORDER BY group_name';
_rowset_style($sql, 'groups');
$sql = 'SELECT cat_id, cat_name
FROM _tickets_cat
WHERE cat_id > 0
AND cat_group IN (??)
GROUP BY cat_name
ORDER BY cat_group, cat_name';
if (!($cat = _rowset_style(sql_filter($sql, $user->auth_groups()), 'cat', 'cat'))) {
_style('no_cat');
}
return v_style(array('CHANGE_USER' => sprintf(_lang('TICKET_CHANGE_USER'), _fullname($user->v()))));
}
/**
* Set/Update a persistent login key
*
* This method creates or updates a persistent session key. When a user makes
* use of persistent (formerly auto-) logins a key is generated and stored in the
* DB. When they revisit with the same key it's automatically updated in both the
* DB and cookie. Multiple keys may exist for each user representing different
* browsers or locations. As with _any_ non-secure-socket no passphrase login this
* remains vulnerable to exploit.
*/
function set_login_key($user_id = false, $key = false, $user_ip = false)
{
global $config, $db;
$user_id = $user_id === false ? $this->data['user_id'] : $user_id;
$user_ip = $user_ip === false ? $this->ip : $user_ip;
$key = $key === false ? $this->cookie_data['k'] ? $this->cookie_data['k'] : false : $key;
$key_id = unique_id(hexdec(substr($this->session_id, 0, 8)));
$sql_ary = array('key_id' => (string) md5($key_id), 'last_ip' => (string) $this->ip, 'last_login' => (int) time());
if (!$key) {
$sql_ary += array('user_id' => (int) $user_id);
}
if ($key) {
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . '
SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . (int) $user_id . "\n\t\t\t\t\tAND key_id = '" . $db->sql_escape(md5($key)) . "'";
} else {
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
}
$db->sql_query($sql);
$this->cookie_data['k'] = $key_id;
return false;
}
/**
* Generate login box or verify password
*/
function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true)
{
global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config;
if (!class_exists('phpbb_captcha_factory')) {
include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx;
}
$err = '';
// Make sure user->setup() has been called
if (empty($user->lang)) {
$user->setup();
}
// Print out error if user tries to authenticate as an administrator without having the privileges...
if ($admin && !$auth->acl_get('a_')) {
// Not authd
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
if (isset($_POST['login'])) {
// Get credential
if ($admin) {
$credential = request_var('credential', '');
if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) {
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
} else {
$password = request_var('password', '', true);
}
$username = request_var('username', '', true);
$autologin = !empty($_POST['autologin']) ? true : false;
$viewonline = !empty($_POST['viewonline']) ? 0 : 1;
$admin = $admin ? 1 : 0;
$viewonline = $admin ? $user->data['session_viewonline'] : $viewonline;
// Check if the supplied username is equal to the one stored within the database if re-authenticating
if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) {
// We log the attempt to use a different username...
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}
// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);
// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows
if ($admin) {
if ($result['status'] == LOGIN_SUCCESS) {
add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS');
} else {
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered']) {
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
// The result parameter is always an array, holding the relevant information...
if ($result['status'] == LOGIN_SUCCESS) {
$redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}");
$message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT'];
$l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']);
// append/replace SID (may change during the session for AOL users)
$redirect = reapply_sid($redirect);
// Special case... the user is effectively banned, but we allow founders to login
if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) {
return;
}
$redirect = meta_refresh(3, $redirect);
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK) {
trigger_error($result['error_msg']);
}
// Special cases... determine
switch ($result['status']) {
case LOGIN_ERROR_ATTEMPTS:
$captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']);
$captcha->init(CONFIRM_LOGIN);
// $captcha->reset();
$template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template()));
$err = $user->lang[$result['error_msg']];
break;
case LOGIN_ERROR_PASSWORD_CONVERT:
$err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : '');
break;
// Username, password, etc...
// Username, password, etc...
default:
$err = $user->lang[$result['error_msg']];
// Assign admin contact to some error messages
if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') {
$err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
}
break;
}
}
// Assign credential for username/password pair
$credential = $admin ? md5(unique_id()) : false;
$s_hidden_fields = array('sid' => $user->session_id);
if ($redirect) {
$s_hidden_fields['redirect'] = $redirect;
}
if ($admin) {
$s_hidden_fields['credential'] = $credential;
}
$s_hidden_fields = build_hidden_fields($s_hidden_fields);
$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password'));
page_header($user->lang['LOGIN'], false);
$template->set_filenames(array('body' => 'login_body.html'));
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}"));
page_footer();
}
