/**
* Checks a password with a supplied username.
*
* @param string The username of the user.
* @param string The plain-text password.
* @return boolean|array False when no match, array with user info when match.
*/
function validate_password_from_username($username, $password)
{
global $db, $mybb;
$username = $db->escape_string(my_strtolower($username));
switch ($mybb->settings['username_method']) {
case 0:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='" . $username . "'", array('limit' => 1));
break;
case 1:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(email)='" . $username . "'", array('limit' => 1));
break;
case 2:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='" . $username . "' OR LOWER(email)='" . $username . "'", array('limit' => 1));
break;
default:
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,coppauser,usergroup", "LOWER(username)='" . $username . "'", array('limit' => 1));
break;
}
$user = $db->fetch_array($query);
if (!$user['uid']) {
return false;
} else {
return validate_password_from_uid($user['uid'], $password, $user);
}
}
/**
* Checks a password with a supplied username.
*
* @param string $username The username of the user.
* @param string $password The plain-text password.
* @return boolean|array False when no match, array with user info when match.
*/
function validate_password_from_username($username, $password)
{
global $mybb;
$options = array('fields' => array('username', 'password', 'salt', 'loginkey', 'coppauser', 'usergroup'), 'username_method' => $mybb->settings['username_method']);
$user = get_user_by_username($username, $options);
if (!$user['uid']) {
return false;
}
return validate_password_from_uid($user['uid'], $password, $user);
}
/**
* Checks a password with a supplied username.
*
* @param string The username of the user.
* @param string The plain-text password.
* @return boolean|array False when no match, array with user info when match.
*/
function validate_password_from_username($username, $password)
{
global $db;
$query = $db->simple_select("users", "uid,username,password,salt,loginkey,remember,coppauser,usergroup", "username='******'", array('limit' => 1));
$user = $db->fetch_array($query);
if (!$user['uid']) {
return false;
} else {
return validate_password_from_uid($user['uid'], $password, $user);
}
}
} else {
$userhandler->update_user();
$plugins->run_hooks("usercp_do_email_changed");
$result_text = $lang->redirect_emailupdated;
$verify_result = true;
}
}
}
if (count($errors) > 0) {
error($errors[0]);
}
}
if ($mybb->input['action'] == "do_password" && $mybb->request_method == "post") {
$errors = array();
$plugins->run_hooks("usercp_do_password_start");
if (!$verify_result && !validate_password_from_uid($mybb->user['uid'], $mybb->input['oldpassword'])) {
$errors[] = $lang->error_invalidpassword;
} else {
// Set up user handler.
require_once "inc/datahandlers/user.php";
$userhandler = new UserDataHandler("update");
$user = array("uid" => $mybb->user['uid'], "password" => $mybb->input['password'], "password2" => $mybb->input['password2']);
$userhandler->set_data($user);
if (!$userhandler->validate_user()) {
$errors = $userhandler->get_friendly_errors();
} else {
$userhandler->update_user();
my_setcookie("mybbuser", $mybb->user['uid'] . "_" . $userhandler->data['loginkey']);
$plugins->run_hooks("usercp_do_password_end");
$verify_result = true;
}
$errors = inline_error($errors);
}
}
if ($mybb->input['action'] == "password") {
$plugins->run_hooks("usercp_password");
eval("\$editpassword = \"" . $templates->get("usercp_password") . "\";");
output_page($editpassword);
}
if ($mybb->input['action'] == "do_changename" && $mybb->request_method == "post") {
// Verify incoming POST request
verify_post_check($mybb->get_input('my_post_key'));
$plugins->run_hooks("usercp_do_changename_start");
if ($mybb->usergroup['canchangename'] != 1) {
error_no_permission();
}
if (validate_password_from_uid($mybb->user['uid'], $mybb->get_input('password')) == false) {
$errors[] = $lang->error_invalidpassword;
} else {
// Set up user handler.
require_once "inc/datahandlers/user.php";
$userhandler = new UserDataHandler("update");
$user = array("uid" => $mybb->user['uid'], "username" => $mybb->get_input('username'));
$userhandler->set_data($user);
if (!$userhandler->validate_user()) {
$errors = $userhandler->get_friendly_errors();
} else {
$userhandler->update_user();
$plugins->run_hooks("usercp_do_changename_end");
redirect("usercp.php?action=changename", $lang->redirect_namechanged);
}
}
$db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'");
$db->delete_query("sessions", "sid='" . $session->sid . "'");
}
header("Location: upgrade.php");
} else {
if ($mybb->input['action'] == "do_login" && $mybb->request_method == "post") {
require_once MYBB_ROOT . "inc/functions_user.php";
if (!username_exists($mybb->input['username'])) {
$output->print_error("Wpisany login jest niepoprawny.");
}
$query = $db->simple_select("users", "uid,username,password,salt,loginkey", "username='******'username']) . "'", array('limit' => 1));
$user = $db->fetch_array($query);
if (!$user['uid']) {
$output->print_error("Wpisany login jest niepoprawny.");
} else {
$user = validate_password_from_uid($user['uid'], $mybb->input['password'], $user);
if (!$user['uid']) {
$output->print_error("Wpisane hasło jest nieprawidłowe. Jeżeli nie pamiętasz swojego hasła, kliknij <a href=\"../member.php?action=lostpw\">tutaj</a>, aby je odzyskać i spróbuj ponownie.");
}
}
$db->delete_query("sessions", "ip='" . $db->escape_string($session->ipaddress) . "' AND sid != '" . $session->sid . "'");
$newsession = array("uid" => $user['uid']);
$db->update_query("sessions", $newsession, "sid='" . $session->sid . "'");
// Temporarily set the cookie remember option for the login cookies
$mybb->user['remember'] = $user['remember'];
my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
my_setcookie("sid", $session->sid, -1, true);
header("Location: ./upgrade.php");
}
}
$output->steps = array($lang->upgrade);
$lastvisit = array("lastactive" => $time - 900, "lastvisit" => $time);
$db->update_query("users", $lastvisit, "uid='" . $mybb->user['uid'] . "'");
}
header("Location: upgrade.php");
} else {
if ($mybb->input['action'] == "do_login" && $mybb->request_method == "post") {
require_once MYBB_ROOT . "inc/functions_user.php";
if (!username_exists($mybb->get_input('username'))) {
$output->print_error("The username you have entered appears to be invalid.");
}
$options = array('fields' => array('username', 'password', 'salt', 'loginkey'));
$user = get_user_by_username($mybb->get_input('username'), $options);
if (!$user['uid']) {
$output->print_error("The username you have entered appears to be invalid.");
} else {
$user = validate_password_from_uid($user['uid'], $mybb->get_input('password'), $user);
if (!$user['uid']) {
$output->print_error("The password you entered is incorrect. If you have forgotten your password, click <a href=\"../member.php?action=lostpw\">here</a>. Otherwise, go back and try again.");
}
}
my_setcookie("mybbuser", $user['uid'] . "_" . $user['loginkey'], null, true);
header("Location: ./upgrade.php");
}
}
$output->steps = array($lang->upgrade);
if ($mybb->user['uid'] == 0) {
$output->print_header($lang->please_login, "errormsg", 0, 1);
$output->print_contents('<p>' . $lang->login_desc . '</p>
<form action="upgrade.php" method="post">
<div class="border_wrapper">
<table class="general" cellspacing="0">
$errors = inline_error($errors);
}
}
if ($mybb->input['action'] == "password") {
$plugins->run_hooks("usercp_password");
eval("\$editpassword = \"" . $templates->get("usercp_password") . "\";");
output_page($editpassword);
}
if ($mybb->input['action'] == "do_changename" && $mybb->request_method == "post") {
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
$plugins->run_hooks("usercp_do_changename_start");
if ($mybb->usergroup['canchangename'] != 1) {
error_no_permission();
}
if (validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false) {
$errors[] = $lang->error_invalidpassword;
} else {
// Set up user handler.
require_once "inc/datahandlers/user.php";
$userhandler = new UserDataHandler("update");
$user = array("uid" => $mybb->user['uid'], "username" => $mybb->input['username']);
$userhandler->set_data($user);
if (!$userhandler->validate_user()) {
$errors = $userhandler->get_friendly_errors();
} else {
$userhandler->update_user();
$plugins->run_hooks("usercp_do_changename_end");
redirect("usercp.php", $lang->redirect_namechanged);
}
}
/**
* Gets the usercp Enhanced Account Switcher page and handles all actions.
*
*/
function accountswitcher_usercp()
{
global $db, $mybb, $lang, $templates, $theme, $eas, $headerinclude, $header, $usercpnav, $usercpmenu, $as_usercp, $as_usercp_options, $as_usercp_privacy, $as_usercp_users, $as_usercp_userbit, $as_usercp_input, $footer, $shareuser, $attachedOneName, $attachedOneUID, $as_sec_account, $sec_check, $checkbox, $privacy_check, $as_usercp_privacy_master, $buddy_check, $as_usercp_buddyshare, $colspan, $user_sec_reason;
if (!isset($lang->as_isshared)) {
$lang->load("accountswitcher");
}
// Get the master account of the current user
$master = get_user((int) $mybb->user['as_uid']);
// Get the number of attached ones
$count = $eas->get_attached($mybb->user['uid']);
// Get limit for users group, declare variables
$limit = (int) $mybb->usergroup['as_limit'];
$user_sec_reason = htmlspecialchars_uni($mybb->user['as_secreason']);
$as_usercp_input = $colspan = $shareuser = $as_sec_account = $sec_check = $privacy_check = $as_usercp_privacy = $as_usercp_privacy_master = $buddy_check = $as_usercp_buddyshare = '';
// Check if user can use the Enhanced Account Switcher or is attached to an account. If yes grant access to the page
if ($mybb->input['action'] == "as_edit" && ($mybb->usergroup['as_canswitch'] == 1 || $mybb->user['as_uid'] != 0 || $mybb->user['as_share'] != 0)) {
add_breadcrumb($lang->nav_usercp, "usercp.php");
add_breadcrumb($lang->as_name);
// Mark secondary accounts, exclude master account
if (isset($mybb->settings['aj_secstyle']) && $mybb->settings['aj_secstyle'] == 1 && $count == 0 && $mybb->user['as_share'] == 0) {
if ($mybb->user['as_sec'] == 1) {
$sec_check = 'checked="checked"';
}
$as_sec_account .= eval($templates->render('accountswitcher_usercp_sec_account'));
}
// Hide account from list
if (isset($mybb->settings['aj_privacy']) && $mybb->settings['aj_privacy'] == 1) {
// Master can hide all attached accounts
if ($mybb->user['as_uid'] == 0 && $count > 0) {
$as_usercp_privacy_master .= eval($templates->render('accountswitcher_usercp_privacy_master'));
}
if ($mybb->user['as_privacy'] == 1) {
$privacy_check = 'checked="checked"';
}
$as_usercp_privacy .= eval($templates->render('accountswitcher_usercp_privacy'));
}
// If the user account is shared
if ($mybb->user['as_share'] != 0) {
if ($mybb->user['as_buddyshare'] == 1) {
$buddy_check = 'checked="checked"';
}
if ($mybb->user['buddylist'] != '') {
$buddylist = explode(",", $mybb->user['buddylist']);
}
if (!empty($buddylist)) {
$as_usercp_buddyshare .= eval($templates->render('accountswitcher_usercp_buddyshare'));
}
// Build the detach button
if ($mybb->user['as_buddyshare'] != 0) {
$lang->as_isshared = $lang->as_isshared_buddy;
}
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_unshare'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
} elseif ($mybb->user['as_uid'] != 0) {
$colspan = 'colspan="2"';
$lang->as_isattached = $lang->sprintf($lang->as_isattached, htmlspecialchars_uni($master['username']));
// Build the detach button
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_attached_detach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
} else {
// If limit is set to 0 = unlimited
if ($limit != 0) {
$lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $limit);
} else {
$lang->as_usercp_attached = $lang->sprintf($lang->as_usercp_attached, (int) $count, $lang->as_unlimited);
}
// If there are no users attached grant full acccess
if ($count == 0) {
$colspan = 'colspan="2"';
if (isset($mybb->settings['aj_shareuser']) && $mybb->settings['aj_shareuser'] == 1) {
$shareuser = eval($templates->render('accountswitcher_usercp_shareuser'));
}
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_free_attach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
}
// If there are users attached allow only user attachment
if ($count != 0) {
$as_usercp_input .= eval($templates->render('accountswitcher_usercp_master_attach'));
$as_usercp_options = eval($templates->render('accountswitcher_usercp_options'));
// Get attached ones from the cache
$accounts = $eas->accountswitcher_cache;
if (is_array($accounts)) {
foreach ($accounts as $key => $account) {
$attachedOneUID = (int) $account['uid'];
$attachedOneName = htmlspecialchars_uni($account['username']);
if ($account['as_uid'] == $mybb->user['uid']) {
$as_usercp_userbit .= eval($templates->render('accountswitcher_usercp_attached_userbit'));
}
}
$as_usercp_users = eval($templates->render('accountswitcher_usercp_attached_users'));
}
}
}
$as_usercp = eval($templates->render('accountswitcher_usercp'));
output_page($as_usercp);
exit;
}
//########## ACTIONS ##########
// Attach current user to another account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachme" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Check if current user is already attached
if ($mybb->user['as_uid'] != 0) {
error($lang->as_alreadyattached);
}
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
$username = $db->escape_string($mybb->get_input('username'));
$password = $db->escape_string($mybb->get_input('password'));
// Get the target
$targetUser = get_user_by_username($username);
$target = get_user($targetUser['uid']);
// User exist? Password correct?
if (!$target) {
error($lang->as_invaliduser);
}
if (validate_password_from_uid($target['uid'], $password) == false) {
error($lang->as_invaliduser);
}
// Check targets permission and limit
$permission = user_permissions((int) $target['uid']);
// Count number of attached accounts
$count = $eas->get_attached($target['uid']);
// If other user is shared or already attached return
if ($target['as_uid'] != 0 || $target['as_share'] != 0) {
error($lang->as_alreadyattached);
}
// If target has permission
if ($permission['as_canswitch'] == 0) {
error($lang->as_usercp_nopermission);
}
if ($permission['as_limit'] != 0 && $count == $permission['as_limit']) {
error($lang->as_limitreached);
}
// Set uid of the new master
$as_uid = array("as_uid" => (int) $target['uid']);
// Update database
$db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_attach_success);
}
// Detach current user from master
if ($mybb->input['action'] == "as_detach" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Reset master uid
$as_uid = array("as_uid" => 0);
// Update database
if ($db->update_query("users", $as_uid, "uid='" . (int) $mybb->user['uid'] . "'")) {
$eas->update_accountswitcher_cache();
// If user can use Enhanced Account Switcher stay here
if ($mybb->usergroup['as_canswitch'] == 1) {
redirect("usercp.php?action=as_edit", $lang->aj_update_success);
}
// Else redirect to usercp
redirect("usercp.php", $lang->aj_detach_success);
}
}
// Attach an user to the current account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "attachuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0) {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
$username = $db->escape_string($mybb->get_input('username'));
$password = $db->escape_string($mybb->get_input('password'));
// Get the target
$targetUser = get_user_by_username($username);
$target = get_user($targetUser['uid']);
// User exist? Password correct?
if (!$target) {
error($lang->as_invaliduser);
}
if (validate_password_from_uid($target['uid'], $password) == false) {
error($lang->as_invaliduser);
}
// Check targets permission and limit
$permission = user_permissions((int) $target['uid']);
// Count number of attached accounts
$count = $eas->get_attached($mybb->user['uid']);
$counttarget = $eas->get_attached($target['uid']);
// If other user is shared or already attached return
if ($target['as_uid'] != 0 || $target['as_share'] != 0 || $counttarget > 0) {
error($lang->as_alreadyattached);
}
// If we have permission
if ($mybb->usergroup['as_canswitch'] == 0) {
error($lang->as_usercp_nopermission);
}
if ($mybb->usergroup['as_limit'] != 0 && $count == $mybb->usergroup['as_limit']) {
error($lang->as_limitreached);
}
// Set his new masters uid
$as_uid = array("as_uid" => (int) $mybb->user['uid']);
// Update database
$db->update_query("users", $as_uid, "uid='" . (int) $target['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_attach_success);
}
// Detach user from current account
if ($mybb->input['action'] == "as_detachuser" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
if (!is_numeric($mybb->input['uid'])) {
die("UID must be numeric!");
}
// Reset master uid
$as_uid = array("as_uid" => 0);
$db->update_query("users", $as_uid, "uid='" . $mybb->get_input('uid', MyBB::INPUT_INT) . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_detach_success);
}
// Share the current account
if ($mybb->input['action'] == "as_attach" && $mybb->input['select'] == "shareuser" && $mybb->request_method == "post" && $mybb->user['as_uid'] == 0 && $mybb->settings['aj_shareuser'] == 1) {
verify_post_check($mybb->get_input('my_post_key'));
// Validate input
$select = $db->escape_string($mybb->get_input('select'));
// Update database
$as_share = array("as_share" => 1);
$db->update_query("users", $as_share, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_share_success);
}
// Unshare the current account
if ($mybb->input['action'] == "as_unshare" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_unshare = array("as_share" => 0);
$as_unshareuid = array("as_shareuid" => 0);
$as_unsharebuddy = array("as_buddyshare" => 0);
$db->update_query("users", $as_unshare, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_unshareuid, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_unsharebuddy, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_unshare_success);
}
// Mark/unmark the current account as secondary
if ($mybb->input['action'] == "do_secaccount" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$secacc_reason = $mybb->get_input('secacc_reason');
// When account is unmarked delete the reason too
if ($mybb->get_input('secacc', MyBB::INPUT_INT) != 1) {
$secacc_reason = '';
}
$as_secacc = array("as_sec" => $mybb->get_input('secacc', MyBB::INPUT_INT), "as_secreason" => $db->escape_string($secacc_reason));
$db->update_query("users", $as_secacc, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Hide/show the current account on account list
if ($mybb->input['action'] == "do_as_privacy" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc = array("as_privacy" => $mybb->get_input('as_privacy', MyBB::INPUT_INT));
$db->update_query("users", $as_privacc, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Hide the all attached accounts on account list
if ($mybb->input['action'] == "do_as_privacy_master" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc_master = array("as_privacy" => 1);
$db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Unhide the all attached accounts on account list
if ($mybb->input['action'] == "undo_as_privacy_master" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
$as_privacc_master = array("as_privacy" => 0);
$db->update_query("users", $as_privacc_master, "uid='" . (int) $mybb->user['uid'] . "'");
$db->update_query("users", $as_privacc_master, "as_uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
}
// Share with buddies only
if ($mybb->input['action'] == "do_buddyshare" && $mybb->request_method == "post") {
verify_post_check($mybb->get_input('my_post_key'));
if ($mybb->user['buddylist'] != '') {
$buddylist = explode(",", $mybb->user['buddylist']);
}
if (!empty($buddylist)) {
$as_buddy_share = array("as_buddyshare" => $mybb->get_input('buddyshare', MyBB::INPUT_INT));
$db->update_query("users", $as_buddy_share, "uid='" . (int) $mybb->user['uid'] . "'");
$eas->update_accountswitcher_cache();
redirect("usercp.php?action=as_edit", $lang->aj_user_seacc_success);
} else {
error($lang->aj_user_buddy_none);
}
}
}
