function main($id, $mode) { global $db, $user, $phpbb_root_path, $config, $phpEx; include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(request_var('type', 0)); $captcha->execute(); garbage_collection(); exit_handler(); }
} trigger_error($mode == 'post' || $mode == 'bump' || $mode == 'reply' ? 'NO_TOPIC' : 'NO_POST'); } // Not able to reply to unapproved posts/topics // TODO: add more descriptive language key if ($auth->acl_get('m_approve', $forum_id) && (($mode == 'reply' || $mode == 'bump') && !$post_data['topic_approved'] || $mode == 'quote' && !$post_data['post_approved'])) { trigger_error($mode == 'reply' || $mode == 'bump' ? 'TOPIC_UNAPPROVED' : 'POST_UNAPPROVED'); } if ($mode == 'popup') { upload_popup($post_data['forum_style']); return; } $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']); if ($config['enable_post_confirm'] && !$user->data['is_registered']) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); } // Use post_row values in favor of submitted ones... $forum_id = !empty($post_data['forum_id']) ? (int) $post_data['forum_id'] : (int) $forum_id; $topic_id = !empty($post_data['topic_id']) ? (int) $post_data['topic_id'] : (int) $topic_id; $post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id; // Need to login to passworded forum first? if ($post_data['forum_password']) { login_forum_box(array('forum_id' => $forum_id, 'forum_name' => $post_data['forum_name'], 'forum_password' => $post_data['forum_password'])); } // Check permissions if ($user->data['is_bot']) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } // Is the user able to read within this forum?
/** * Session garbage collection * * This looks a lot more complex than it really is. Effectively we are * deleting any sessions older than an admin definable limit. Due to the * way in which we maintain session data we have to ensure we update user * data before those sessions are destroyed. In addition this method * removes autologin key information that is older than an admin defined * limit. */ function session_gc() { global $db, $config, $phpbb_root_path, $phpEx; $batch_size = 10; if (!$this->time_now) { $this->time_now = time(); } // Firstly, delete guest sessions $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = ' . ANONYMOUS . ' AND session_time < ' . (int) ($this->time_now - $config['session_length']); $db->sql_query($sql); // Get expired sessions, only most recent for each user $sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time FROM ' . SESSIONS_TABLE . ' WHERE session_time < ' . ($this->time_now - $config['session_length']) . ' GROUP BY session_user_id, session_page'; $result = $db->sql_query_limit($sql, $batch_size); $del_user_id = array(); $del_sessions = 0; while ($row = $db->sql_fetchrow($result)) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'\n\t\t\t\tWHERE user_id = " . (int) $row['session_user_id']; $db->sql_query($sql); $del_user_id[] = (int) $row['session_user_id']; $del_sessions++; } $db->sql_freeresult($result); if (sizeof($del_user_id)) { // Delete expired sessions $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . ' AND session_time < ' . ($this->time_now - $config['session_length']); $db->sql_query($sql); } if ($del_sessions < $batch_size) { // Less than 10 users, update gc timer ... else we want gc // called again to delete other sessions set_config('session_last_gc', $this->time_now, true); if ($config['max_autologin_time']) { $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' WHERE last_login < ' . (time() - 86400 * (int) $config['max_autologin_time']); $db->sql_query($sql); } // only called from CRON; should be a safe workaround until the infrastructure gets going if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx; } phpbb_captcha_factory::garbage_collect($config['captcha_plugin']); $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']); $db->sql_query($sql); } return; }
/** * Login function */ function login_db(&$username, &$password) { global $db, $config; // do not allow empty password if (!$password) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS)); } if (!$username) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) { // Visual Confirmation handling $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate(); if ($vc_response) { return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row); } } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; set_var($password_new_format, stripslashes($password_old_format), 'string'); if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) { global $phpbb_root_path, $phpEx; include $phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx; } // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding // plain md5 support left in for conversions from other systems. if (strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password'])) || strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])) { $hash = phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row); } } } // Check password ... if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) { // Check for old password hash... if (strlen($row['user_password']) == 32) { $hash = phpbb_hash($password); // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}"; $db->sql_query($sql); $row['user_password'] = $hash; } if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } // Successful login... set user_login_attempts to zero... return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row); } // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); // Give status about wrong password... return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => $row); }
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { global $db, $user, $template, $auth, $phpEx, $phpbb_root_path, $config; if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $err = ''; // Make sure user->setup() has been called if (empty($user->lang)) { $user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? $user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = $auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if ($user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', "{$phpbb_root_path}index.{$phpEx}"); $message = $l_success ? $l_success : $user->lang['LOGIN_REDIRECT']; $l_redirect = $admin ? $user->lang['PROCEED_TO_ACP'] : ($redirect === "{$phpbb_root_path}index.{$phpEx}" || $redirect === "index.{$phpEx}" ? $user->lang['RETURN_INDEX'] : $user->lang['RETURN_PAGE']); // append/replace SID (may change during the session for AOL users) $redirect = reapply_sid($redirect); // Special case... the user is effectively banned, but we allow founders to login if (defined('IN_CHECK_BAN') && $result['user_row']['user_type'] != USER_FOUNDER) { return; } $redirect = meta_refresh(3, $redirect); trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>')); } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: $captcha = phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); // $captcha->reset(); $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); $err = $user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf($user->lang[$result['error_msg']], $config['email_enable'] ? '<a href="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') . '">' : '', $config['email_enable'] ? '</a>' : '', $config['board_contact'] ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '', $config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = $user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !$config['board_contact'] ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'); } break; } } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('sid' => $user->session_id); if ($redirect) { $s_hidden_fields['redirect'] = $redirect; } if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => $config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'] ? append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=resend_act') : '', 'U_TERMS_USE' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=terms'), 'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? $user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); page_header($user->lang['LOGIN'], false); $template->set_filenames(array('body' => 'login_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); page_footer(); }
/** * If you display the captcha, run this function to check if they entered the correct captcha setting * * @return mixed $captcha->validate(); results (false on success, error string on failure) */ public function validate_captcha() { phpbb::_include('captcha/captcha_factory', false, 'phpbb_captcha_factory'); $captcha =& phpbb_captcha_factory::get_instance(phpbb::$config['captcha_plugin']); $captcha->init(CONFIRM_POST); return $captcha->validate($this->request_data()); }
/** * Entry point for delivering image CAPTCHAs in the ACP. */ function deliver_demo($selected) { global $db, $user, $config; $captcha =& phpbb_captcha_factory::get_instance($selected); $captcha->init(CONFIRM_REG); $captcha->execute_demo(); garbage_collection(); exit_handler(); }
function main($id, $mode) { global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx; // if ($config['require_activation'] == USER_ACTIVATION_DISABLE) { trigger_error('UCP_REGISTER_DISABLE'); } include $phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx; $coppa = isset($_REQUEST['coppa']) ? !empty($_REQUEST['coppa']) ? 1 : 0 : false; $agreed = !empty($_POST['agreed']) ? 1 : 0; $submit = isset($_POST['submit']) ? true : false; $change_lang = request_var('change_lang', ''); $user_lang = request_var('lang', $user->lang_name); if ($agreed) { add_form_key('ucp_register'); } else { add_form_key('ucp_register_terms'); } if ($change_lang || $user_lang != $config['default_lang']) { $use_lang = $change_lang ? basename($change_lang) : basename($user_lang); if (!validate_language_iso_name($use_lang)) { if ($change_lang) { $submit = false; // Setting back agreed to let the user view the agreement in his/her language $agreed = empty($_GET['change_lang']) ? 0 : $agreed; } $user->lang_name = $user_lang = $use_lang; $user->lang = array(); $user->data['user_lang'] = $user->lang_name; $user->add_lang(array('common', 'ucp')); } else { $change_lang = ''; $user_lang = $user->lang_name; } } $cp = new custom_profile(); $error = $cp_data = $cp_error = array(); if (!$agreed || $coppa === false && $config['coppa_enable'] || $coppa && !$config['coppa_enable']) { $add_lang = $change_lang ? '&change_lang=' . urlencode($change_lang) : ''; $add_coppa = $coppa !== false ? '&coppa=' . $coppa : ''; $s_hidden_fields = array('change_lang' => $change_lang); // If we change the language, we want to pass on some more possible parameter. if ($change_lang) { // We do not include the password $s_hidden_fields = array_merge($s_hidden_fields, array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => $user->lang_name, 'tz' => request_var('tz', (double) $config['board_timezone']))); } // Checking amount of available languages $sql = 'SELECT lang_id FROM ' . LANG_TABLE; $result = $db->sql_query($sql); $lang_row = array(); while ($row = $db->sql_fetchrow($result)) { $lang_row[] = $row; } $db->sql_freeresult($result); if ($coppa === false && $config['coppa_enable']) { $now = getdate(); $coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']); unset($now); $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday), 'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday), 'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=0' . $add_lang), 'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register&coppa=1' . $add_lang), 'S_SHOW_COPPA' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang))); } else { $template->assign_vars(array('S_LANG_OPTIONS' => sizeof($lang_row) > 1 ? language_select($user_lang) : '', 'L_TERMS_OF_USE' => sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()), 'S_SHOW_COPPA' => false, 'S_REGISTRATION' => true, 'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields), 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register' . $add_lang . $add_coppa))); } unset($lang_row); $this->tpl_name = 'ucp_agreement'; return; } // The CAPTCHA kicks in here. We can't help that the information gets lost on language change. if ($config['enable_confirm']) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_REG); } // Try to manually determine the timezone and adjust the dst if the server date/time complies with the default setting +/- 1 $timezone = date('Z') / 3600; $is_dst = date('I'); if ($config['board_timezone'] == $timezone || $config['board_timezone'] == $timezone - 1) { $timezone = $is_dst ? $timezone - 1 : $timezone; if (!isset($user->lang['tz_zones'][(string) $timezone])) { $timezone = $config['board_timezone']; } } else { $is_dst = $config['board_dst']; $timezone = $config['board_timezone']; } $data = array('username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (double) $timezone)); // Check and initialize some variables if needed if ($submit) { $error = validate_data($data, array('username' => array(array('string', false, $config['min_name_chars'], $config['max_name_chars']), array('username', '')), 'new_password' => array(array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), array('password')), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']), 'email' => array(array('string', false, 6, 60), array('email')), 'email_confirm' => array('string', false, 6, 60), 'tz' => array('num', false, -14, 14), 'lang' => array('language_iso_name'))); if (!check_form_key('ucp_register')) { $error[] = $user->lang['FORM_INVALID']; } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); if ($config['enable_confirm']) { $vc_response = $captcha->validate($data); if ($vc_response !== false) { $error[] = $vc_response; } if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts']) { $error[] = $user->lang['TOO_MANY_REGISTERS']; } } // DNSBL check if ($config['check_dnsbl']) { if (($dnsbl = $user->check_dnsbl('register')) !== false) { $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]); } } // validate custom profile fields $cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error); if (!sizeof($error)) { if ($data['new_password'] != $data['password_confirm']) { $error[] = $user->lang['NEW_PASSWORD_ERROR']; } if ($data['email'] != $data['email_confirm']) { $error[] = $user->lang['NEW_EMAIL_ERROR']; } } if (!sizeof($error)) { $server_url = generate_board_url(); // Which group by default? $group_name = $coppa ? 'REGISTERED_COPPA' : 'REGISTERED'; $sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape($group_name) . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$row) { trigger_error('NO_GROUP'); } $group_id = $row['group_id']; if (($coppa || $config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) { $user_actkey = gen_rand_string(mt_rand(6, 10)); $user_type = USER_INACTIVE; $user_inactive_reason = INACTIVE_REGISTER; $user_inactive_time = time(); } else { $user_type = USER_NORMAL; $user_actkey = ''; $user_inactive_reason = 0; $user_inactive_time = 0; } $user_row = array('username' => $data['username'], 'user_password' => phpbb_hash($data['new_password']), 'user_email' => $data['email'], 'group_id' => (int) $group_id, 'user_timezone' => (double) $data['tz'], 'user_dst' => $is_dst, 'user_lang' => $data['lang'], 'user_type' => $user_type, 'user_actkey' => $user_actkey, 'user_ip' => $user->ip, 'user_regdate' => time(), 'user_inactive_reason' => $user_inactive_reason, 'user_inactive_time' => $user_inactive_time); if ($config['new_member_post_limit']) { $user_row['user_new'] = 1; } // Register user... $user_id = user_add($user_row, $cp_data); // This should not happen, because the required variables are listed above... if ($user_id === false) { trigger_error('NO_USER', E_USER_ERROR); } // Okay, captcha, your job is done. if ($config['enable_confirm'] && isset($captcha)) { $captcha->reset(); } if ($coppa && $config['email_enable']) { $message = $user->lang['ACCOUNT_COPPA']; $email_template = 'coppa_welcome_inactive'; } else { if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) { $message = $user->lang['ACCOUNT_INACTIVE']; $email_template = 'user_welcome_inactive'; } else { if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable']) { $message = $user->lang['ACCOUNT_INACTIVE_ADMIN']; $email_template = 'admin_welcome_inactive'; } else { $message = $user->lang['ACCOUNT_ADDED']; $email_template = 'user_welcome'; } } } if ($config['email_enable']) { include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx; $messenger = new messenger(false); $messenger->template($email_template, $data['lang']); $messenger->to($data['email'], $data['username']); $messenger->anti_abuse_headers($config, $user); $messenger->assign_vars(array('WELCOME_MSG' => htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])), 'USERNAME' => htmlspecialchars_decode($data['username']), 'PASSWORD' => htmlspecialchars_decode($data['new_password']), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}")); if ($coppa) { $messenger->assign_vars(array('FAX_INFO' => $config['coppa_fax'], 'MAIL_INFO' => $config['coppa_mail'], 'EMAIL_ADDRESS' => $data['email'])); } $messenger->send(NOTIFY_EMAIL); if ($config['require_activation'] == USER_ACTIVATION_ADMIN) { // Grab an array of user_id's with a_user permissions ... these users can activate a user $admin_ary = $auth->acl_get_list(false, 'a_user', false); $admin_ary = !empty($admin_ary[0]['a_user']) ? $admin_ary[0]['a_user'] : array(); // Also include founders $where_sql = ' WHERE user_type = ' . USER_FOUNDER; if (sizeof($admin_ary)) { $where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary); } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' ' . $where_sql; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $messenger->template('admin_activate', $row['user_lang']); $messenger->to($row['user_email'], $row['username']); $messenger->im($row['user_jabber'], $row['username']); $messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($data['username']), 'U_USER_DETAILS' => "{$server_url}/memberlist.{$phpEx}?mode=viewprofile&u={$user_id}", 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_id}&k={$user_actkey}")); $messenger->send($row['user_notify_type']); } $db->sql_freeresult($result); } } $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } } $s_hidden_fields = array('agreed' => 'true', 'change_lang' => 0); if ($config['coppa_enable']) { $s_hidden_fields['coppa'] = $coppa; } if ($config['enable_confirm']) { $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields()); } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $confirm_image = ''; // Visual Confirmation - Show images if ($config['enable_confirm']) { $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); } // $l_reg_cond = ''; switch ($config['require_activation']) { case USER_ACTIVATION_SELF: $l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE']; break; case USER_ACTIVATION_ADMIN: $l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE']; break; } $template->assign_vars(array('ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'USERNAME' => $data['username'], 'PASSWORD' => $data['new_password'], 'PASSWORD_CONFIRM' => $data['password_confirm'], 'EMAIL' => $data['email'], 'EMAIL_CONFIRM' => $data['email_confirm'], 'L_REG_COND' => $l_reg_cond, 'L_USERNAME_EXPLAIN' => sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']), 'L_PASSWORD_EXPLAIN' => sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']), 'S_LANG_OPTIONS' => language_select($data['lang']), 'S_TZ_OPTIONS' => tz_select($data['tz']), 'S_CONFIRM_REFRESH' => $config['enable_confirm'] && $config['confirm_refresh'] ? true : false, 'S_REGISTRATION' => true, 'S_COPPA' => $coppa, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_UCP_ACTION' => append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=register'))); // $user->profile_fields = array(); // Generate profile fields -> Template Block Variable profile_fields $cp->generate_profile_fields('register', $user->get_iso_lang_id()); // $this->tpl_name = 'ucp_register'; $this->page_title = 'UCP_REGISTRATION'; }
/** * handle_captcha * * @param string $mode The mode, build or check, to either build the captcha/confirm box, or to check if the user entered the correct confirm_code * * @return Returns * - True if the captcha code is correct and $mode is check or they do not need to view the captcha (permissions) * - False if the captcha code is incorrect, or not given and $mode is check */ function handle_captcha($mode) { global $db, $template, $phpbb_root_path, $phpEx, $user, $config, $s_hidden_fields; if ($user->data['user_id'] != ANONYMOUS || !$config['user_blog_guest_captcha']) { return true; } blog_plugins::plugin_do_arg('function_handle_captcha', $mode); if (file_exists($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx)) { if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); if ($mode == 'check') { $captcha->validate(); // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } return $captcha->is_solved(); } else { if ($mode == 'build' && !$captcha->solved) { // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); $template->set_filenames(array('new_captcha' => 'blog/new_captcha.html')); $template->assign_display('new_captcha', 'CAPTCHA', false); return; } } } if ($mode == 'check') { $confirm_id = request_var('confirm_id', ''); $confirm_code = request_var('confirm_code', ''); if ($confirm_id == '' || $confirm_code == '') { return false; } $sql = 'SELECT code FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'\n\t\t\t\tAND session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST; $result = $db->sql_query($sql); $confirm_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0) { return false; } // add confirm_id and confirm_code to hidden fields if not already there so the user doesn't need to retype in the confirm code if (strpos($s_hidden_fields, 'confirm_id') === false) { $s_hidden_fields .= build_hidden_fields(array('confirm_id' => $confirm_id, 'confirm_code' => $confirm_code)); } return true; } else { if ($mode == 'build' && !handle_captcha('check')) { // Show confirm image $sql = 'DELETE FROM ' . CONFIRM_TABLE . "\n\t\t\tWHERE session_id = '" . $db->sql_escape($user->session_id) . "'\n\t\t\t\tAND confirm_type = " . CONFIRM_POST; $db->sql_query($sql); // Generate code $code = gen_rand_string(mt_rand(5, 8)); $confirm_id = md5(unique_id($user->ip)); $seed = hexdec(substr(unique_id(), 4, 10)); // compute $seed % 0x7fffffff $seed -= 0x7fffffff * floor($seed / 0x7fffffff); $sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array('confirm_id' => (string) $confirm_id, 'session_id' => (string) $user->session_id, 'confirm_type' => (int) CONFIRM_POST, 'code' => (string) $code, 'seed' => (int) $seed)); $db->sql_query($sql); $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CONFIRM_ID' => $confirm_id, 'CONFIRM_IMAGE' => '<img src="' . append_sid("{$phpbb_root_path}ucp.{$phpEx}", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />', 'L_POST_CONFIRM_EXPLAIN' => sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'))); $template->set_filenames(array('old_captcha' => 'blog/old_captcha.html')); $template->assign_var('CAPTCHA', $template->display('old_captcha')); } } }
/** * Generate login box or verify password */ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = false, $s_display = true) { self::_include('captcha/captcha_factory', 'phpbb_captcha_factory'); self::$user->add_lang('ucp'); $err = ''; // Make sure user->setup() has been called if (empty(self::$user->lang)) { self::$user->setup(); } // Print out error if user tries to authenticate as an administrator without having the privileges... if ($admin && !self::$auth->acl_get('a_')) { // Not authd // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if (self::$user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } if (isset($_POST['login'])) { // Get credential if ($admin) { $credential = request_var('credential', ''); if (strspn($credential, 'abcdef0123456789') !== strlen($credential) || strlen($credential) != 32) { if (self::$user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } trigger_error('NO_AUTH_ADMIN'); } $password = request_var('password_' . $credential, '', true); } else { $password = request_var('password', '', true); } $username = request_var('username', '', true); $autologin = !empty($_POST['autologin']) ? true : false; $viewonline = !empty($_POST['viewonline']) ? 0 : 1; $admin = $admin ? 1 : 0; $viewonline = $admin ? self::$user->data['session_viewonline'] : $viewonline; // Check if the supplied username is equal to the one stored within the database if re-authenticating if ($admin && utf8_clean_string(self::$username) != utf8_clean_string(self::$user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } // If authentication is successful we redirect user to previous page $result = self::$auth->login($username, $password, $autologin, $viewonline, $admin); // If admin authentication and login, we will log if it was a success or not... // We also break the operation on the first non-success login - it could be argued that the user already knows if ($admin) { if ($result['status'] == LOGIN_SUCCESS) { add_log('admin', 'LOG_ADMIN_AUTH_SUCCESS'); } else { // Only log the failed attempt if a real user tried to. // anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions if (self::$user->data['is_registered']) { add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); } } } // The result parameter is always an array, holding the relevant information... if ($result['status'] == LOGIN_SUCCESS) { $redirect = request_var('redirect', ''); if ($redirect) { $redirect = titania_url::unbuild_url($redirect); $base = $append = false; titania_url::split_base_params($base, $append, $redirect); redirect(titania_url::build_url($base, $append)); } else { redirect(titania_url::build_url(titania_url::$current_page, titania_url::$params)); } } // Something failed, determine what... if ($result['status'] == LOGIN_BREAK) { trigger_error($result['error_msg']); } // Special cases... determine switch ($result['status']) { case LOGIN_ERROR_ATTEMPTS: $captcha = phpbb_captcha_factory::get_instance(self::$config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); // $captcha->reset(); // Parse the captcha template self::reset_template(); self::$template->set_filenames(array('captcha' => $captcha->get_template())); // Correct confirm image link self::$template->assign_var('CONFIRM_IMAGE_LINK', self::append_sid('ucp', 'mode=confirm&confirm_id=' . $captcha->confirm_id . '&type=' . $captcha->type)); self::$template->assign_display('captcha', 'CAPTCHA', false); titania::set_custom_template(); $err = self::$user->lang[$result['error_msg']]; break; case LOGIN_ERROR_PASSWORD_CONVERT: $err = sprintf(self::$user->lang[$result['error_msg']], self::$config['email_enable'] ? '<a href="' . self::append_sid('ucp', 'mode=sendpassword') . '">' : '', self::$config['email_enable'] ? '</a>' : '', self::$config['board_contact'] ? '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">' : '', self::$config['board_contact'] ? '</a>' : ''); break; // Username, password, etc... // Username, password, etc... default: $err = self::$user->lang[$result['error_msg']]; // Assign admin contact to some error messages if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD') { $err = !self::$config['board_contact'] ? sprintf(self::$user->lang[$result['error_msg']], '', '') : sprintf(self::$user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars(self::$config['board_contact']) . '">', '</a>'); } break; } } // Assign credential for username/password pair $credential = $admin ? md5(unique_id()) : false; $s_hidden_fields = array('sid' => self::$user->session_id); if ($redirect) { $s_hidden_fields['redirect'] = $redirect; } if ($admin) { $s_hidden_fields['credential'] = $credential; } $s_hidden_fields = build_hidden_fields($s_hidden_fields); titania::page_header('LOGIN'); self::$template->assign_vars(array('LOGIN_ERROR' => $err, 'LOGIN_EXPLAIN' => $l_explain, 'U_SEND_PASSWORD' => self::$config['email_enable'] ? self::append_sid('ucp', 'mode=sendpassword') : '', 'U_RESEND_ACTIVATION' => self::$config['require_activation'] == USER_ACTIVATION_SELF && self::$config['email_enable'] ? self::append_sid('ucp', 'mode=resend_act') : '', 'U_TERMS_USE' => self::append_sid('ucp', 'mode=terms'), 'U_PRIVACY' => self::append_sid('ucp', 'mode=privacy'), 'S_DISPLAY_FULL_LOGIN' => $s_display ? true : false, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'S_ADMIN_AUTH' => $admin, 'USERNAME' => $admin ? self::$user->data['username'] : '', 'USERNAME_CREDENTIAL' => 'username', 'PASSWORD_CREDENTIAL' => $admin ? 'password_' . $credential : 'password')); titania::page_footer(true, 'login_body.html'); }
/** * Login function * * @param string $username * @param string $password * @param string $ip IP address the login is taking place from. Used to * limit the number of login attempts per IP address. * @param string $browser The user agent used to login * @param string $forwarded_for X_FORWARDED_FOR header sent with login request * @return array A associative array of the format * array( * 'status' => status constant * 'error_msg' => string * 'user_row' => array * ) */ function login_mybb16($username, $password, $ip = '', $browser = '', $forwarded_for = '') { global $db, $config; // do not allow empty password if (!$password) { return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS)); } if (!$username) { return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } $username_clean = utf8_clean_string($username); $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts, user_passwd_salt FROM ' . USERS_TABLE . "\n\t\tWHERE username_clean = '" . $db->sql_escape($username_clean) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); if ($ip && !$config['ip_login_limit_use_forwarded'] || $forwarded_for && $config['ip_login_limit_use_forwarded']) { $sql = 'SELECT COUNT(*) AS attempts FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']); if ($config['ip_login_limit_use_forwarded']) { $sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'"; } else { $sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' "; } $result = $db->sql_query($sql); $attempts = (int) $db->sql_fetchfield('attempts'); $db->sql_freeresult($result); $attempt_data = array('attempt_ip' => $ip, 'attempt_browser' => trim(substr($browser, 0, 149)), 'attempt_forwarded_for' => $forwarded_for, 'attempt_time' => time(), 'user_id' => $row ? (int) $row['user_id'] : 0, 'username' => $username, 'username_clean' => $username_clean); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data); $result = $db->sql_query($sql); } else { $attempts = 0; } if (!$row) { if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']) { return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => array('user_id' => ANONYMOUS)); } return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS)); } $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'] || $config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']; // If there are too much login attempts, we need to check for an confirm image // Every auth module is able to define what to do by itself... if ($show_captcha) { // Visual Confirmation handling if (!class_exists('phpbb_captcha_factory')) { global $phpbb_root_path, $phpEx; include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_LOGIN); $vc_response = $captcha->validate($row); if ($vc_response) { return array('status' => LOGIN_ERROR_ATTEMPTS, 'error_msg' => 'LOGIN_ERROR_ATTEMPTS', 'user_row' => $row); } else { $captcha->reset(); } } // If the password convert flag is set we need to convert it if ($row['user_pass_convert']) { // in phpBB2 passwords were used exactly as they were sent, with addslashes applied $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; $password_old_format = !STRIP ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; set_var($password_new_format, stripslashes($password_old_format), 'string', true); if ($password == $password_new_format) { if (md5(md5($row['user_passwd_salt']) . md5($password_old_format)) === $row['user_password']) { $hash = phpbb_hash($password_new_format); // Update the password in the users table to the new format and remove user_pass_convert flag $sql = 'UPDATE ' . USERS_TABLE . ' SET user_password = \'' . $db->sql_escape($hash) . '\', user_pass_convert = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); $row['user_pass_convert'] = 0; $row['user_password'] = $hash; } else { // Although we weren't able to convert this password we have to // increase login attempt count to make sure this cannot be exploited $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); return array('status' => LOGIN_ERROR_PASSWORD_CONVERT, 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', 'user_row' => $row); } } } // Check password ... if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password'])) { // Check for old password hash... if (strlen($row['user_password']) == 32) { $hash = phpbb_hash($password); // Update the password in the users table to the new format $sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_password = '******',\n\t\t\t\t\tuser_pass_convert = 0\n\t\t\t\tWHERE user_id = {$row['user_id']}"; $db->sql_query($sql); $row['user_password'] = $hash; } $sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . ' WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); if ($row['user_login_attempts'] != 0) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } // User inactive... if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) { return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row); } // Successful login... set user_login_attempts to zero... return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row); } // Password incorrect - increase login attempts $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . (int) $row['user_id'] . ' AND user_login_attempts < ' . LOGIN_ATTEMPTS_MAX; $db->sql_query($sql); // Give status about wrong password... return array('status' => $show_captcha ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 'error_msg' => $show_captcha ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 'user_row' => $row); }
public function main($album_id) { $this->user->add_lang_ext('phpbbgallery/core', array('gallery')); $album_data = $this->album->get_info($album_id); $this->display->generate_navigation($album_data); add_form_key('gallery'); $album_backlink = $this->helper->route('phpbbgallery_album', array('album_id' => $album_id)); $album_loginlink = 'ucp.php?mode=login'; $error = ''; //Let's get authorization $this->auth->load_user_premissions($this->user->data['user_id']); if (!$this->auth->acl_check('i_upload', $album_id, $album_data['album_user_id']) || $album_data['album_status'] == $this->album->status_locked()) { $this->misc->not_authorised($album_backlink, $album_loginlink, 'LOGIN_EXPLAIN_UPLOAD'); } $page_title = 'Upload to "' . $album_data['album_name'] . '"'; // Before all if (!$this->check_fs()) { trigger_error('NO_WRITE_ACCESS'); } $submit = $this->request->variable('submit', false); $mode = $this->request->variable('mode', 'upload'); if ($mode == 'upload') { // Upload Quota Check // 1. Check album-configuration Quota if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) { //@todo: Add return link trigger_error('ALBUM_REACHED_QUOTA'); } // 2. Check user-limit, if he is not allowed to go unlimited if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) { $sql = 'SELECT COUNT(image_id) count FROM ' . $this->images_table . ' WHERE image_user_id = ' . $this->user->data['user_id'] . ' AND image_status <> ' . $this->image->get_status_orphan() . ' AND image_album_id = ' . $album_id; $result = $this->db->sql_query($sql); $own_images = (int) $this->db->sql_fetchfield('count'); $this->db->sql_freeresult($result); if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) { //@todo: Add return link trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']))); } } if ($this->misc->display_captcha('upload')) { phpbb_gallery_url::_include('captcha/captcha_factory', 'phpbb'); $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); $s_captcha_hidden_fields = ''; } $upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads')); $process = new \phpbbgallery\core\upload($album_id, $upload_files_limit); if ($submit) { if (!check_form_key('gallery')) { trigger_error('FORM_INVALID'); } //$process = new \phpbbgallery\core\upload($album_id, $upload_files_limit); $process->set_rotating($this->request->variable('rotate', array(0))); $process->set_allow_comments($this->request->variable('allow_comments', false)); /*if ($this->misc->display_captcha('upload')) { $captcha_error = $captcha->validate(); if ($captcha_error !== false) { $process->new_error($captcha_error); } } */ if (!$this->user->data['is_registered']) { $username = $this->request->variable('username', $user->data['username']); if ($result = validate_username($username)) { $this->user->add_lang('ucp'); $error_array[] = $this->user->lang[$result . '_USERNAME']; } else { $process->set_username($username); } } if (empty($process->errors)) { for ($file_count = 0; $file_count < $upload_files_limit; $file_count++) { /** * Upload an image from the FILES-array, * call some functions (rotate, resize, ...) * and store the image to the database */ $file = $this->request->file('image_file_' . $file_count, ''); if (isset($file['size'])) { if ($file['size'] > 0) { $process->upload_file($file_count); } } } } if (!$process->uploaded_files) { $process->new_error($this->user->lang['UPLOAD_NO_FILE']); } else { $mode = 'upload_edit'; // Remove submit, so we get the first screen of step 2. $submit = false; } $error = implode('<br />', $process->errors); /*if (phpbb_gallery_misc::display_captcha('upload')) { $captcha->reset(); }*/ } if (!$submit || isset($process) && !$process->uploaded_files) { for ($i = 0; $i < $upload_files_limit; $i++) { $this->template->assign_block_vars('upload_image', array()); } } if ($mode == 'upload') { $this->template->assign_vars(array('ERROR' => $error, 'S_MAX_FILESIZE' => get_formatted_filesize($this->gallery_config->get('max_filesize')), 'S_MAX_WIDTH' => $this->gallery_config->get('max_width'), 'S_MAX_HEIGHT' => $this->gallery_config->get('max_height'), 'S_ALLOWED_FILETYPES' => implode(', ', $process->get_allowed_types(true)), 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_UPLOAD' => true, 'S_ALLOW_ROTATE' => $this->gallery_config->get('allow_rotate') && function_exists('imagerotate'), 'S_UPLOAD_LIMIT' => $upload_files_limit, 'S_COMMENTS_ENABLED' => $this->gallery_config->get('allow_comments') && $this->gallery_config->get('comment_user_control'), 'S_ALLOW_COMMENTS' => true, 'L_ALLOW_COMMENTS' => $this->user->lang('ALLOW_COMMENTS_ARY', $upload_files_limit))); /*if (phpbb_gallery_misc::display_captcha('upload')) { if (!$submit || !$captcha->is_solved()) { $template->assign_vars(array( 'S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template(), )); } $template->assign_vars(array( 'S_CAPTCHA_HIDDEN_FIELDS' => $s_captcha_hidden_fields, )); }*/ } } if ($mode == 'upload_edit') { if ($submit) { // Upload Quota Check // 1. Check album-configuration Quota if ($this->gallery_config->get('album_images') >= 0 && $album_data['album_images'] >= $this->gallery_config->get('album_images')) { //@todo: Add return link trigger_error('ALBUM_REACHED_QUOTA'); } // 2. Check user-limit, if he is not allowed to go unlimited if (!$this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id'])) { $sql = 'SELECT COUNT(image_id) count FROM ' . $this->images_table . ' WHERE image_user_id = ' . $this->user->data['user_id'] . ' AND image_status <> ' . $this->image->get_status_orphan() . ' AND image_album_id = ' . $album_id; $result = $this->db->sql_query($sql); $own_images = (int) $this->db->sql_fetchfield('count'); $this->db->sql_freeresult($result); if ($own_images >= $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id'])) { //@todo: Add return link trigger_error($this->user->lang('USER_REACHED_QUOTA', $this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']))); } } $description_array = $this->request->variable('message', array(''), true); foreach ($description_array as $var) { if (strlen($var) > $this->gallery_config->get('description_length')) { trigger_error($this->user->lang('DESC_TOO_LONG')); } } $upload_files_limit = $this->auth->acl_check('i_unlimited', $album_id, $album_data['album_user_id']) ? $this->gallery_config->get('num_uploads') : min($this->auth->acl_check('i_count', $album_id, $album_data['album_user_id']) - $own_images, $this->gallery_config->get('num_uploads')); $upload_ids = $this->request->variable('upload_ids', array('')); $process = new \phpbbgallery\core\upload($album_id, $upload_files_limit); $process->set_rotating($this->request->variable('rotate', array(0))); $process->get_images($upload_ids); $image_names = $this->request->variable('image_name', array(''), true); $process->set_names($image_names); $process->set_descriptions($description_array); $process->set_image_num($this->request->variable('image_num', 0)); $process->use_same_name($this->request->variable('same_name', false)); $success = true; $phpbb_gallery_notification = new \phpbbgallery\core\notification(); foreach ($process->images as $image_id) { $success = $success && $process->update_image($image_id, !$this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id']), $album_data['album_contest']); if ($this->gallery_user->get_data('watch_own')) { $phpbb_gallery_notification->add($image_id); } } $message = ''; $error = implode('<br />', $process->errors); if ($this->auth->acl_check('i_approve', $album_id, $album_data['album_user_id'])) { $message .= !$error ? $this->user->lang['ALBUM_UPLOAD_SUCCESSFUL'] : $this->user->lang('ALBUM_UPLOAD_SUCCESSFUL_ERROR', $error); $meta_refresh_time = $success ? 3 : 20; //$this->notification_helper->notify_album($album_id, $this->user->data['user_id']); $data = array('targets' => array($this->user->data['user_id']), 'album_id' => $album_id, 'last_image' => end($process->images)); $this->notification_helper->new_image($data); } else { $target = array('album_id' => $album_id, 'last_image' => end($process->images), 'uploader' => $this->user->data['user_id']); $this->notification_helper->notify('approval', $target); $message .= !$error ? $this->user->lang['ALBUM_UPLOAD_NEED_APPROVAL'] : $this->user->lang('ALBUM_UPLOAD_NEED_APPROVAL_ERROR', $error); $meta_refresh_time = 20; } $message .= '<br /><br />' . sprintf($this->user->lang['CLICK_RETURN_ALBUM'], '<a href="' . $album_backlink . '">', '</a>'); // ToDo - notifications!!! //$phpbb_gallery_notification->send_notification('album', $album_id, $image_names[0]); $this->image->handle_counter($process->images, true); $this->album->update_info($album_id); $this->url->meta_refresh($meta_refresh_time, $album_backlink); trigger_error($message); } $num_images = 0; foreach ($process->images as $image_id) { $data = $process->image_data[$image_id]; $this->template->assign_block_vars('image', array('U_IMAGE' => $this->image->generate_link('thumbnail', 'plugin', $image_id, $data['image_name'], $album_id), 'IMAGE_NAME' => $data['image_name'], 'IMAGE_DESC' => $data['image_desc'])); $num_images++; } $s_hidden_fields = build_hidden_fields(array('upload_ids' => $process->generate_hidden_fields())); $s_can_rotate = $this->gallery_config->get('allow_rotate') && function_exists('imagerotate'); $this->template->assign_vars(array('ERROR' => $error, 'S_UPLOAD_EDIT' => true, 'S_ALLOW_ROTATE' => $s_can_rotate, 'S_ALBUM_ACTION' => $this->helper->route('phpbbgallery_album_upload', array('album_id' => $album_id)), 'S_USERNAME' => !$this->user->data['is_registered'] ? $username : '', 'NUM_IMAGES' => $num_images, 'COLOUR_ROWSPAN' => $s_can_rotate ? $num_images * 3 : $num_images * 2, 'L_DESCRIPTION_LENGTH' => $this->user->lang('DESCRIPTION_LENGTH', $this->gallery_config->get('description_length')), 'S_HIDDEN_FIELDS' => $s_hidden_fields)); } return $this->helper->render('gallery/posting_body.html', $page_title); }
function main($id, $mode) { global $config, $db, $user, $auth, $template; global $phpbb_admin_path, $phpbb_root_path, $phpEx; include $phpbb_root_path . 'includes/functions_invite.' . $phpEx; $invite = new invite(); $user->add_lang(array('mods/info_acp_invite', 'acp/email')); switch ($mode) { case 'invite': $submit = isset($_POST['submit']) ? true : false; $remove_rc = isset($_REQUEST['remove_rc']) ? true : false; $add_rc = isset($_REQUEST['add_rc']) ? true : false; $disable_form = false; $sent = false; $error = array(); $email_ary = array(); // CAPTCHA $confirm_id = request_var('confirm_id', ''); $s_hidden_fields = $confirm_id ? array('confirm_id' => $confirm_id) : array(); // Handle multiple recipients $recipient_count = (int) request_var('rc', 1); $recipient_count = $add_rc ? $recipient_count + 1 : $recipient_count; $recipient_count = $remove_rc ? $recipient_count - 1 : $recipient_count; $recipient_count = $recipient_count < 1 ? 1 : $recipient_count; $recipient_count = $invite->config['multiple_recipients_max'] <= $recipient_count ? $invite->config['multiple_recipients_max'] : $recipient_count; $s_hidden_fields['rc'] = $recipient_count; add_form_key('ucp_invite'); // Authorised? if (!$invite->config['enable'] || !$invite->config['enable_invitation']) { trigger_error('INVITE_DISABLED'); } if (!$auth->acl_get('u_send_invite')) { trigger_error('NOT_AUTHORISED'); } // Oops? if (!$config['email_enable']) { trigger_error('EMAIL_DISABLED'); } // Queue? if ($user->data['user_invitations']) { $sql = 'SELECT MAX(invite_time) AS max_time FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id']; $result = $db->sql_query($sql); $last_invite = (int) $db->sql_fetchfield('max_time'); $db->sql_freeresult(); if (time() - $last_invite < $invite->config['queue_time']) { $queue_time_m = floor(($invite->config['queue_time'] - (time() - $last_invite)) / 60); $queue_time_s = ($invite->config['queue_time'] - (time() - $last_invite)) % 60; $error[] = sprintf($user->lang['QUEUE_QUEUE'], $queue_time_m, $queue_time_s); $disable_form = true; } } // Reached limit? $limit_enabled = false; $limit_periods = array('limit_daily', 'limit_total'); $limit_criteria = array('posts', 'topics', 'memberdays', 'registrations', 'referrals'); foreach ($limit_periods as $k => $v) { if ($invite->config['enable_' . $v]) { $limit_enabled = true; } } // Unlimited invitations? if ($invite->config['enable_unlimited']) { $limit_enabled = false; } // Collect some statistical information if ($limit_enabled) { // Invitations sent today (last 24h) $last_day = time() - 86400; $sql = 'SELECT COUNT(log_id) AS invitations_today FROM ' . INVITE_LOG_TABLE . ' WHERE invite_user_id = ' . $user->data['user_id'] . ' AND invite_time >= ' . $last_day; $result = $db->sql_query($sql); $user->data['user_invitations_limit_daily'] = (int) $db->sql_fetchfield('invitations_today'); $db->sql_freeresult(); // Invitations sent altogether $user->data['user_invitations_limit_total'] = $user->data['user_invitations']; // Number of topics created $sql = 'SELECT COUNT(topic_id) AS user_topics FROM ' . TOPICS_TABLE . ' WHERE topic_poster = ' . $user->data['user_id']; $result = $db->sql_query($sql); $user->data['user_topics'] = (int) $db->sql_fetchfield('user_topics'); $db->sql_freeresult(); // Days of membership $user->data['user_memberdays'] = floor((time() - $user->data['user_regdate']) / 86400); // Calculate the available amount of invitations foreach ($limit_periods as $k => $v) { if ($invite->config['enable_' . $v]) { $user->data['user_' . $v] = (int) $invite->config[$v . '_basic']; foreach ($limit_criteria as $ck => $cv) { // Don't divide by zero $user->data['user_' . $v] += $invite->config[$v . '_' . $cv] == 0 ? 0 : floor($user->data['user_' . $cv] / $invite->config[$v . '_' . $cv]) * $invite->config[$v . '_' . $cv . '_invitations']; } // Single recipient if ($user->data['user_invitations_' . $v] >= $user->data['user_' . $v]) { $error[] = sprintf($user->lang['INVITATION_' . strtoupper($v)], $user->data['user_' . $v]); $disable_form = true; } // Multiple recipients if ($recipient_count > 1 && $user->data['user_invitations_' . $v] + $recipient_count > $user->data['user_' . $v]) { // $reduce = $recipient_count - ($user->data['user_' . $v] - $user->data['user_invitations_' . $v]); $error[] = sprintf($user->lang['REDUCE_RECIPIENTS']) . ' ' . sprintf($user->lang['INVITATION_' . strtoupper($v) . '_MULTI'], $user->data['user_invitations_' . $v], $user->data['user_' . $v], $recipient_count); $disable_form = true; } } } } // Requirements met? if ($user->data['user_posts'] < $invite->config['invite_required_posts']) { $error[] = sprintf($user->lang['TOO_FEW_POSTS'], $invite->config['invite_required_posts']); $disable_form = true; } // Set up the array containing the important information $email_data = array('message_type' => $INVITE_MESSAGE_TYPE['invite'], 'method' => EMAIL, 'method_user_id' => $user->data['user_id'], 'invite_language' => $invite->config['invite_language_select'] == 'opt' ? utf8_normalize_nfc(request_var('form_invite_language_select', $user->data['user_lang'], true)) : ($invite->config['invite_language_select'] == 'user' ? $user->data['user_lang'] : $invite->config['invite_language_select']), 'priority' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? request_var('form_priority', 0) : $invite->config['invite_priority_flag'], 'subject' => utf8_normalize_nfc(request_var('form_subject', '', true)), 'message' => utf8_normalize_nfc(request_var('form_message', '', true)), 'register_key' => $invite->generate_key(), 'register_key_used' => 0, 'register_user_id' => 0, 'invite_user_id' => $user->data['user_id'], 'invite_session_ip' => $user->data['session_ip'], 'invite_time' => time(), 'expiration_time' => time() + $invite->config['invite_expiration_time'] * 86400, 'invite_zebra' => request_var('form_invite_zebra', 0), 'confirm_code' => request_var('confirm_code', ''), 'confirm_id' => request_var('confirm_id', '')); // Additional email data concerning the templates foreach ($INVITE_MESSAGE_TYPE as $string => $int) { $email_data['invite_' . $string] = request_var('form_invite_' . $string, 0); $email_data['invite_' . $string . '_method'] = request_var('form_invite_' . $string . '_method', 0); } // The CAPTCHA kicks in here if ($invite->config['invite_confirm_code']) { if (!class_exists('phpbb_captcha_factory')) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; } $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); } // Prevalidate the static data so we don't have to do it in the loop later if ($submit) { if (!check_form_key('ucp_invite')) { $error[] = 'FORM_INVALID'; } $check_ary = array('subject' => array('string', false, $invite->config['subject_min_chars'], $invite->config['subject_max_chars']), 'message' => array('string', false, $invite->config['message_min_chars'], $invite->config['message_max_chars'])); $error = validate_data($email_data, $check_ary); // Visual Confirmation handling if ($invite->config['invite_confirm_code']) { $vc_response = $captcha->validate($email_data); if ($vc_response !== false) { $error[] = $vc_response; } } } // Send out multiple invitations for ($i = 0; $i < $recipient_count; $i++) { // Add index specific values to the data array $form_register_email = utf8_normalize_nfc(request_var('form_register_email_' . $i, '', true)); $form_register_real_name = utf8_normalize_nfc(request_var('form_register_real_name_' . $i, '', true)); $email_data['register_email_' . $i] = $form_register_email; $email_data['register_real_name_' . $i] = $form_register_real_name; // Add every e-mail address to the referring array in order to search for multiple entries later $email_ary[] = $form_register_email; // No need to loop through the submit part... if (sizeof($error)) { continue; } // Do the job ... if ($submit) { $email_data['register_email'] = $form_register_email; $email_data['register_real_name'] = $form_register_real_name; // Fix language vars defined in ucp.php $email_data['email'] = $email_data['register_email']; // Validate index specific data $check_ary = array('email' => array(array('string', false, 1, 60), array('email')), 'register_real_name' => array('string', false, 1, 60)); $error = validate_data($email_data, $check_ary); // Fix language vars defined in ucp.php unset($email_data['email']); // That wouldn't make any sense... if ($email_data['register_email'] == $user->data['user_email']) { $error[] = $user->lang['INVITE_TO_YOUR_EMAIL']; } // Have our recipients received an invitation yet? $sql = 'SELECT COUNT(log_id) AS multiple_invite FROM ' . INVITE_LOG_TABLE . ' WHERE register_email = "' . $email_data['register_email'] . '"'; $result = $db->sql_query($sql); $multiple = (int) $db->sql_fetchfield('multiple_invite'); if ($multiple && $invite->config['invite_multiple']) { $error[] = $user->lang['INVITE_MULTIPLE']; } if ($invite->config['invite_multiple']) { $count_values = array_count_values($email_ary); foreach ($count_values as $k => $v) { if ($v > 1) { $error[] = $user->lang['INVITE_SAME_RECIPIENT']; break; } } } if (!sizeof($error)) { $send_message = $invite->message_handle($email_data, true, false); $sent = true; // Email successfully sent to friend? Only check on last loop if ($i == $recipient_count - 1) { if ($send_message) { meta_refresh(2, append_sid("{$phpbb_root_path}index.{$phpEx}")); $message = $user->lang['EMAIL_SENT_SUCCESS']; } else { $message = '<span class="error">' . $user->lang['EMAIL_SENT_FAILURE'] . '</span>'; } $message .= '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>'); trigger_error($message); } } else { // No need to highlight the correct recipient block if there's only one... if ($recipient_count > 1) { $template->assign_var('S_ERROR_RECIPIENT_INDEX', $i); } } } unset($email_data['register_email']); unset($email_data['register_real_name']); } // Replace "error" strings with their real, localised form $error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error); if ($invite->config['invite_confirm_code']) { $s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields()); } $s_hidden_fields = build_hidden_fields($s_hidden_fields); $confirm_image = ''; // Visual Confirmation - Show images if ($invite->config['invite_confirm_code']) { $template->assign_vars(array('CAPTCHA_TEMPLATE' => $captcha->get_template())); } $template->assign_vars(array('ERROR' => sizeof($error) ? $error[0] : '', 'FORM_LANGUAGE_SELECT' => language_select($email_data['invite_language']), 'FORM_CONFIRM_IMG' => $confirm_image, 'S_ENABLE_POWERED_BY' => $invite->config['enable_powered_by'], 'S_MAIL_LOW_PRIORITY' => MAIL_LOW_PRIORITY, 'S_MAIL_NORMAL_PRIORITY' => MAIL_NORMAL_PRIORITY, 'S_MAIL_HIGH_PRIORITY' => MAIL_HIGH_PRIORITY, 'S_VALUE_EMAIL' => EMAIL, 'S_VALUE_PM' => PM, 'S_DISABLE' => $disable_form ? true : false, 'S_DISPLAY_PRIORITY' => $invite->config['invite_priority_flag'] == MAIL_LOW_PRIORITY + 1 ? true : false, 'S_DISPLAY_ZEBRA' => $invite->config['zebra'] == OPTIONAL ? true : false, 'S_DISPLAY_LANGUAGE' => $invite->config['invite_language_select'] == 'opt' ? true : false, 'S_RECIPIENTS_LIMIT' => $invite->config['multiple_recipients_max'] <= $recipient_count ? true : false, 'S_CONFIRM_REFRESH' => true, 'S_HIDDEN_FIELDS' => $s_hidden_fields, 'U_ACTION' => $this->u_action)); // Repeat the recipient block as many times as desired for ($i = 0; $i < $recipient_count; $i++) { $template->assign_block_vars('recipient_row', array('INDEX' => $i, 'FORM_REGISTER_EMAIL' => $email_data['register_email_' . $i], 'FORM_REGISTER_REAL_NAME' => $email_data['register_real_name_' . $i])); } // Display other message options foreach ($INVITE_MESSAGE_TYPE as $string => $int) { // [Fix] Undefined index if ($string == 'invite' || $string == 'referral') { continue; } $template->assign_vars(array('S_DISPLAY_' . strtoupper($string) => !$invite->config[$string] ? false : ($invite->config[$string] == OPTIONAL ? true : false), 'S_DISPLAY_' . strtoupper($string) . '_METHOD' => !$invite->config[$string] ? false : ($invite->config[$string . '_method'] == OPTIONAL ? true : false))); } // Assign already existing input foreach ($email_data as $k => $v) { $template->assign_vars(array('FORM_' . strtoupper($k) => isset($email_data[$k]) ? utf8_normalize_nfc(request_var($k, $v, true)) : '')); } break; case 'statistics': // break; } $this->tpl_name = 'ucp_invite_' . $mode; $this->page_title = 'UCP_INVITE_' . strtoupper($mode); }
private function post() { global $phpbb_root_path, $phpEx, $template, $db, $auth; global $config, $user; if (!function_exists('generate_smilies')) { include $phpbb_root_path . 'includes/functions_posting.' . $phpEx; } if (!function_exists('submit_gb_post')) { include $phpbb_root_path . 'includes/functions_guestbook.' . $phpEx; } if (!class_exists('parse_message')) { include $phpbb_root_path . 'includes/message_parser.' . $phpEx; } $user->add_lang('posting'); // Grab only parameters needed here $post_id = request_var('p', 0); $lastclick = request_var('lastclick', 0); $submit = isset($_POST['post']) ? true : false; $preview = isset($_POST['preview']) ? true : false; $delete = isset($_POST['delete']) ? true : false; $refresh = isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['full_editor']) ? true : false; $mode = $delete && !$preview && !$refresh && $submit ? 'delete' : request_var('gbmode', ''); $error = $post_data = array(); $current_time = time(); // Was cancel pressed? If so then redirect to the appropriate page if ($current_time - $lastclick < 2 && $submit) { $redirect = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$this->user_id}&gbmode=display&{$post_id}#p{$post_id}"); redirect($redirect); } // We need to know some basic information in all cases before we do anything. switch ($mode) { case 'quote': case 'edit': case 'delete': if (!$post_id) { $user->setup('posting'); trigger_error('NO_POST'); } $sql = 'SELECT g.*, u.* FROM ' . GUESTBOOK_TABLE . ' g, ' . USERS_TABLE . ' u WHERE u.user_id = g.poster_id AND post_id = ' . (int) $post_id; break; case 'smilies': $sql = ''; generate_smilies('window'); break; case 'popup': upload_popup(); break; default: $sql = ''; break; } if ($sql) { $result = $db->sql_query($sql); $post_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!$post_data) { $user->setup('posting'); trigger_error('NO_POST'); } } if ($mode == 'popup') { upload_popup($post_data['forum_style']); return; } if ($config['enable_post_confirm'] && !$user->data['is_registered']) { include $phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx; $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); $captcha->init(CONFIRM_POST); } // Use post_row values in favor of submitted ones... $post_id = !empty($post_data['post_id']) ? (int) $post_data['post_id'] : (int) $post_id; // Check permissions if ($user->data['is_bot']) { redirect(append_sid("{$phpbb_root_path}index.{$phpEx}")); } // Is the user able to read within this forum? if (!$auth->acl_get('u_gb_view')) { if ($user->data['user_id'] != ANONYMOUS) { trigger_error('USER_CANNOT_READ'); } login_box('', $user->lang['LOGIN_EXPLAIN_POST']); } // Permission to do the action asked? $is_authed = false; switch ($mode) { case 'post': if ($auth->acl_get('u_gb_post')) { $is_authed = true; } break; case 'quote': $post_data['post_edit_locked'] = 0; // @TODO: Decide if we want to add a config option/ucp option/checkbox for this feature. if ($post_data['poster_id'] != ANONYMOUS) { $post_data['orginal_author'] = $post_data['poster_id']; } // no break; // no break; case 'reply': if ($auth->acl_get('u_gb_post')) { $is_authed = true; } break; case 'edit': if ($user->data['is_registered'] && $auth->acl_gets('u_gb_edit', 'm_gb_edit')) { $is_authed = true; } break; case 'delete': if ($user->data['is_registered'] && $auth->acl_gets('u_gb_delete', 'm_gb_delete')) { $is_authed = true; } break; } if (!$is_authed) { $check_auth = $mode == 'quote' ? 'reply' : $mode; if ($user->data['is_registered']) { trigger_error('USER_CANNOT_' . strtoupper($check_auth)); } login_box('', $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)]); } // Can we edit this post ... if we're a moderator with rights then always yes // else it depends on editing times, lock status and if we're the correct user if ($mode == 'edit' && !$auth->acl_get('m_gb_edit')) { if ($user->data['user_id'] != $post_data['poster_id']) { trigger_error('USER_CANNOT_EDIT'); } if (!($post_data['post_time'] > time() - $config['edit_time'] * 60 || !$config['edit_time'])) { trigger_error('CANNOT_EDIT_TIME'); } if ($post_data['post_edit_locked']) { trigger_error('CANNOT_EDIT_POST_LOCKED'); } } // Handle delete mode... if ($mode == 'delete') { handle_gb_post_delete($post_id, $post_data, $this); return; } // Determine some vars if (isset($post_data['poster_id']) && $post_data['poster_id'] == ANONYMOUS) { $post_data['quote_username'] = !empty($post_data['post_username']) ? $post_data['post_username'] : $user->lang['GUEST']; } else { $post_data['quote_username'] = isset($post_data['username']) ? $post_data['username'] : ''; } $post_data['post_edit_locked'] = isset($post_data['post_edit_locked']) ? (int) $post_data['post_edit_locked'] : 0; $post_data['post_subject_md5'] = isset($post_data['post_subject']) && $mode == 'edit' ? md5($post_data['post_subject']) : ''; $post_data['post_subject'] = in_array($mode, array('quote', 'edit')) ? $post_data['post_subject'] : (isset($post_data['topic_title']) ? $post_data['topic_title'] : ''); $post_data['topic_time_limit'] = isset($post_data['topic_time_limit']) ? $post_data['topic_time_limit'] ? (int) $post_data['topic_time_limit'] / 86400 : (int) $post_data['topic_time_limit'] : 0; $post_data['icon_id'] = !isset($post_data['icon_id']) || in_array($mode, array('quote', 'reply')) ? 0 : (int) $post_data['icon_id']; $message_parser = new parse_message(); if (isset($post_data['post_text'])) { $message_parser->message =& $post_data['post_text']; unset($post_data['post_text']); } // Set some default variables $uninit = array('poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); foreach ($uninit as $var_name => $default_value) { if (!isset($post_data[$var_name])) { $post_data[$var_name] = $default_value; } } unset($uninit); if ($post_data['poster_id'] == ANONYMOUS) { $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['post_username']) : ''; } else { $post_data['username'] = $mode == 'quote' || $mode == 'edit' ? trim($post_data['username']) : ''; } $post_data['enable_urls'] = $post_data['enable_magic_url']; if ($mode != 'edit') { $post_data['enable_sig'] = $config['allow_sig'] && $user->optionget('attachsig') ? true : false; $post_data['enable_smilies'] = $config['allow_smilies'] && $user->optionget('smilies') ? true : false; $post_data['enable_bbcode'] = $config['allow_bbcode'] && $user->optionget('bbcode') ? true : false; $post_data['enable_urls'] = true; } $post_data['enable_icons'] = true; $post_data['enable_magic_url'] = $post_data['drafts'] = false; $check_value = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); // Do we want to edit our post ? if ($mode == 'edit' && $post_data['bbcode_uid']) { $message_parser->bbcode_uid = $post_data['bbcode_uid']; } // HTML, BBCode, Smilies, Images and Flash status $bbcode_status = $config['allow_bbcode'] && $auth->acl_get('u_gb_bbcode') ? true : false; $smilies_status = $config['allow_smilies'] && $auth->acl_get('u_gb_smilies') ? true : false; $img_status = $bbcode_status && $auth->acl_get('u_gb_img') ? true : false; $url_status = $config['allow_post_links'] ? true : false; $flash_status = $bbcode_status && $auth->acl_get('u_gb_flash') && $config['allow_post_flash'] ? true : false; $quote_status = true; if ($submit || $preview || $refresh) { $post_data['post_subject'] = utf8_normalize_nfc(request_var('subject', '', true)); $message_parser->message = utf8_normalize_nfc(request_var('message', '', true)); $post_data['username'] = utf8_normalize_nfc(request_var('username', $post_data['username'], true)); $post_data['topic_time_limit'] = request_var('topic_time_limit', $mode != 'post' ? (int) $post_data['topic_time_limit'] : 0); if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) { $post_data['icon_id'] = request_var('icon', (int) $post_data['icon_id']); } $post_data['enable_bbcode'] = !$bbcode_status || isset($_POST['disable_bbcode']) ? false : true; $post_data['enable_smilies'] = !$smilies_status || isset($_POST['disable_smilies']) ? false : true; $post_data['enable_urls'] = isset($_POST['disable_magic_url']) ? 0 : 1; $post_data['enable_sig'] = !$config['allow_sig'] || !$auth->acl_get('u_gb_sig') ? false : (isset($_POST['attach_sig']) && $user->data['is_registered'] ? true : false); if ($config['allow_topic_notify'] && $user->data['is_registered']) { $notify = isset($_POST['notify']) ? true : false; } else { $notify = false; } if ($submit) { $status_switch = ($post_data['enable_bbcode'] + 1 << 8) + ($post_data['enable_smilies'] + 1 << 4) + ($post_data['enable_urls'] + 1 << 2) + ($post_data['enable_sig'] + 1 << 1); $status_switch = $status_switch != $check_value; } else { $status_switch = 1; } // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); // Check checksum ... don't re-parse message if the same $update_message = $mode != 'edit' || $message_md5 != $post_data['post_checksum'] || $status_switch || strlen($post_data['bbcode_uid']) < BBCODE_UID_LEN ? true : false; // Also check if subject got updated... $update_subject = $mode != 'edit' || $post_data['post_subject_md5'] && $post_data['post_subject_md5'] != md5($post_data['post_subject']); // Parse message if ($update_message) { if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); $message_parser->warn_msg = array(); } $message_parser->parse($post_data['enable_bbcode'], $config['allow_post_links'] ? $post_data['enable_urls'] : false, $post_data['enable_smilies'], $img_status, $flash_status, $quote_status, $config['allow_post_links']); // On a refresh we do not care about message parsing errors if (sizeof($message_parser->warn_msg) && $refresh) { $message_parser->warn_msg = array(); } } else { $message_parser->bbcode_bitfield = $post_data['bbcode_bitfield']; } if ($mode != 'edit' && !$preview && !$refresh && $config['flood_interval'] && !$auth->acl_get('u_gb_ignoreflood')) { // Flood check $last_post_time = 0; if ($user->data['is_registered']) { $last_post_time = $user->data['user_lastpost_time']; } else { $sql = 'SELECT post_time AS last_post_time FROM ' . POSTS_TABLE . "\n\t\t\t\t\t\tWHERE poster_ip = '" . $user->ip . "'\n\t\t\t\t\t\t\tAND post_time > " . ($current_time - $config['flood_interval']); $result = $db->sql_query_limit($sql, 1); if ($row = $db->sql_fetchrow($result)) { $last_post_time = $row['last_post_time']; } $db->sql_freeresult($result); } if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { $error[] = $user->lang['FLOOD_ERROR']; } } // Validate username if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) { if (!function_exists('validate_user')) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; } if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) { $user->add_lang('ucp'); $error[] = $user->lang[$result . '_USERNAME']; } } if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) { $captcha_data = array('message' => utf8_normalize_nfc(request_var('message', '', true)), 'subject' => utf8_normalize_nfc(request_var('subject', '', true)), 'username' => utf8_normalize_nfc(request_var('username', '', true))); $vc_response = $captcha->validate($captcha_data); if ($vc_response) { $error[] = $vc_response; } } // check form if (($submit || $preview) && !check_form_key('posting')) { $error[] = $user->lang['FORM_INVALID']; } // Parse subject if (sizeof($message_parser->warn_msg)) { $error[] = implode('<br />', $message_parser->warn_msg); } // DNSBL check if ($config['check_dnsbl'] && !$refresh) { if (($dnsbl = $user->check_dnsbl('post')) !== false) { $error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]); } } // Store message, sync counters if (!sizeof($error) && $submit) { if ($submit) { $data = array('user_id' => (int) ($mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id), 'topic_title' => empty($post_data['topic_title']) ? $post_data['post_subject'] : $post_data['topic_title'], 'post_id' => (int) $post_id, 'icon_id' => (int) $post_data['icon_id'], 'poster_id' => (int) $user->data['user_id'], 'enable_sig' => (bool) $post_data['enable_sig'], 'enable_bbcode' => (bool) $post_data['enable_bbcode'], 'enable_smilies' => (bool) $post_data['enable_smilies'], 'enable_urls' => (bool) $post_data['enable_urls'], 'message_md5' => (string) $message_md5, 'post_time' => isset($post_data['post_time']) ? (int) $post_data['post_time'] : $current_time, 'post_checksum' => isset($post_data['post_checksum']) ? (string) $post_data['post_checksum'] : '', 'post_edit_reason' => $post_data['post_edit_reason'], 'post_edit_user' => $mode == 'edit' ? $user->data['user_id'] : (isset($post_data['post_edit_user']) ? (int) $post_data['post_edit_user'] : 0), 'poster_ip' => isset($post_data['poster_ip']) ? $post_data['poster_ip'] : $user->ip, 'bbcode_bitfield' => $message_parser->bbcode_bitfield, 'bbcode_uid' => $message_parser->bbcode_uid, 'message' => $message_parser->message, 'guestbook' => $this); // The last parameter tells submit_post if search indexer has to be run submit_gb_post($mode, $post_data['post_subject'], $post_data['username'], $data, $update_message, $update_message || $update_subject ? true : false); $post_id = $data['post_id']; $uid = $mode == 'quote' && isset($post_data['orginal_author']) ? $post_data['orginal_author'] : $this->user_id; $redirect_url = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&gbmode=display&u={$uid}&p={$post_id}#p{$post_id}"); if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) { $captcha->reset(); } meta_refresh(3, $redirect_url); $message = $mode == 'edit' ? 'POST_EDITED' : 'POST_STORED'; $message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['VIEW_MESSAGE'], '<a href="' . $redirect_url . '">', '</a>'); trigger_error($message); } } } // Preview if (!sizeof($error) && $preview) { $post_data['post_time'] = $mode == 'edit' ? $post_data['post_time'] : $current_time; $preview_message = $message_parser->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies'], false); $preview_signature = $mode == 'edit' ? $post_data['user_sig'] : $user->data['user_sig']; $preview_signature_uid = $mode == 'edit' ? $post_data['user_sig_bbcode_uid'] : $user->data['user_sig_bbcode_uid']; $preview_signature_bitfield = $mode == 'edit' ? $post_data['user_sig_bbcode_bitfield'] : $user->data['user_sig_bbcode_bitfield']; // Signature if ($post_data['enable_sig'] && $config['allow_sig'] && $preview_signature && $auth->acl_get('u_gb_sig')) { $parse_sig = new parse_message($preview_signature); $parse_sig->bbcode_uid = $preview_signature_uid; $parse_sig->bbcode_bitfield = $preview_signature_bitfield; // Not sure about parameters for bbcode/smilies/urls... in signatures $parse_sig->format_display($config['allow_sig_bbcode'], true, $config['allow_sig_smilies']); $preview_signature = $parse_sig->message; unset($parse_sig); } else { $preview_signature = ''; } $preview_subject = censor_text($post_data['post_subject']); if (!sizeof($error)) { $template->assign_vars(array('PREVIEW_SUBJECT' => $preview_subject, 'PREVIEW_MESSAGE' => $preview_message, 'PREVIEW_SIGNATURE' => $preview_signature, 'S_DISPLAY_PREVIEW' => true)); } } // Decode text for message display $post_data['bbcode_uid'] = $mode == 'quote' && !$preview && !$refresh && !sizeof($error) ? $post_data['bbcode_uid'] : $message_parser->bbcode_uid; $message_parser->decode_message($post_data['bbcode_uid']); if ($mode == 'quote' && !$submit && !$preview && !$refresh) { if ($config['allow_bbcode']) { $message_parser->message = '[quote="' . $post_data['quote_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n"; } else { $offset = 0; $quote_string = "> "; $message = censor_text(trim($message_parser->message)); // see if we are nesting. It's easily tricked but should work for one level of nesting if (strpos($message, ">") !== false) { $offset = 10; } $message = utf8_wordwrap($message, 75 + $offset, "\n"); $message = $quote_string . $message; $message = str_replace("\n", "\n" . $quote_string, $message); $message_parser->message = $post_data['quote_username'] . " " . $user->lang['WROTE'] . " :\n" . $message . "\n"; } } if (($mode == 'reply' || $mode == 'quote') && !$submit && !$preview && !$refresh) { $post_data['post_subject'] = (strpos($post_data['post_subject'], 'Re: ') !== 0 ? 'Re: ' : '') . censor_text($post_data['post_subject']); } $post_data['post_text'] = $message_parser->message; // MAIN POSTING PAGE BEGINS HERE // Generate smiley listing generate_smilies('inline', 0); // Do show topic type selection only in first post. $topic_type_toggle = false; $s_topic_icons = false; if ($post_data['enable_icons'] && $auth->acl_get('u_gb_icons')) { $s_topic_icons = posting_gen_topic_icons($mode, $post_data['icon_id']); } $bbcode_checked = isset($post_data['enable_bbcode']) ? !$post_data['enable_bbcode'] : ($config['allow_bbcode'] ? !$user->optionget('bbcode') : 1); $smilies_checked = isset($post_data['enable_smilies']) ? !$post_data['enable_smilies'] : ($config['allow_smilies'] ? !$user->optionget('smilies') : 1); $urls_checked = isset($post_data['enable_urls']) ? !$post_data['enable_urls'] : 0; $sig_checked = $post_data['enable_sig']; // If the user is replying or posting and not already watching this topic but set to always being notified we need to overwrite this setting $notify_set = $mode != 'edit' && $config['allow_topic_notify'] && $user->data['is_registered'] && !$post_data['notify_set'] ? $user->data['user_notify'] : $post_data['notify_set']; $notify_checked = isset($notify) ? $notify : ($mode == 'post' ? $user->data['user_notify'] : $notify_set); // Page title & action URL, include session_id for security purpose $s_action = append_sid("{$phpbb_root_path}memberlist.{$phpEx}", "mode=viewprofile&u={$this->user_id}&gbmode={$mode}", true, $user->session_id); $s_action .= $post_id ? "&p={$post_id}" : ''; switch ($mode) { case 'post': $page_title = $user->lang['POST_GUESTBOOK']; break; case 'quote': case 'reply': $page_title = $user->lang['POST_GUESTBOOK']; break; case 'delete': case 'edit': $page_title = $user->lang['EDIT_POST']; break; } // Posting uses is_solved for legacy reasons. Plugins have to use is_solved to force themselves to be displayed. if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === false) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote')) { $template->assign_vars(array('S_CONFIRM_CODE' => true, 'CAPTCHA_TEMPLATE' => $captcha->get_template())); } $s_hidden_fields = '<input type="hidden" name="lastclick" value="' . $current_time . '" />'; if ($mode == 'edit') { $s_hidden_fields .= build_hidden_fields(array('edit_post_message_checksum' => $post_data['post_checksum'], 'edit_post_subject_checksum' => $post_data['post_subject_md5'])); } // Add the confirm id/code pair to the hidden fields, else an error is displayed on next submit/preview if (isset($captcha) && $captcha->is_solved() !== false) { $s_hidden_fields .= build_hidden_fields($captcha->get_hidden_fields()); } add_form_key('posting'); // Start assigning vars for main posting page ... $template->assign_vars(array('L_POST_A' => $page_title, 'L_ICON' => $user->lang['POST_ICON'], 'L_MESSAGE_BODY_EXPLAIN' => intval($config['max_post_chars']) ? sprintf($user->lang['MESSAGE_BODY_EXPLAIN'], intval($config['max_post_chars'])) : '', 'TOPIC_TITLE' => censor_text($post_data['topic_title']), 'USERNAME' => !$preview && $mode != 'quote' || $preview ? $post_data['username'] : '', 'SUBJECT' => $post_data['post_subject'], 'MESSAGE' => $post_data['post_text'], 'BBCODE_STATUS' => $bbcode_status ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.{$phpEx}", 'mode=bbcode') . '">', '</a>'), 'IMG_STATUS' => $img_status ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'], 'FLASH_STATUS' => $flash_status ? $user->lang['FLASH_IS_ON'] : $user->lang['FLASH_IS_OFF'], 'SMILIES_STATUS' => $smilies_status ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'], 'URL_STATUS' => $bbcode_status && $url_status ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'], 'MAX_FONT_SIZE' => (int) $config['max_post_font_size'], 'MINI_POST_IMG' => $user->img('icon_post_target', $user->lang['POST']), 'POST_DATE' => $post_data['post_time'] ? $user->format_date($post_data['post_time']) : '', 'ERROR' => sizeof($error) ? implode('<br />', $error) : '', 'TOPIC_TIME_LIMIT' => (int) $post_data['topic_time_limit'], 'EDIT_REASON' => $post_data['post_edit_reason'], 'S_PRIVMSGS' => false, 'S_CLOSE_PROGRESS_WINDOW' => isset($_POST['add_file']) ? true : false, 'S_EDIT_POST' => $mode == 'edit' ? true : false, 'S_EDIT_REASON' => false, 'S_DISPLAY_USERNAME' => !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS ? true : false, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => $bbcode_checked ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => $smilies_checked ? ' checked="checked"' : '', 'S_SIG_ALLOWED' => $auth->acl_get('u_gb_sig') && $config['allow_sig'] && $user->data['is_registered'] ? true : false, 'S_SIGNATURE_CHECKED' => $sig_checked ? ' checked="checked"' : '', 'S_NOTIFY_ALLOWED' => !$user->data['is_registered'] || $mode == 'edit' && $user->data['user_id'] != $post_data['poster_id'] || !$config['allow_topic_notify'] || !$config['email_enable'] ? false : true, 'S_NOTIFY_CHECKED' => $notify_checked ? ' checked="checked"' : '', 'S_LINKS_ALLOWED' => $url_status, 'S_MAGIC_URL_CHECKED' => $urls_checked ? ' checked="checked"' : '', 'S_TYPE_TOGGLE' => '', 'S_SAVE_ALLOWED' => false, 'S_HAS_DRAFTS' => false, 'S_BBCODE_IMG' => $img_status, 'S_BBCODE_URL' => $url_status, 'S_BBCODE_FLASH' => $flash_status, 'S_BBCODE_QUOTE' => $quote_status, 'SIGNATURE' => '', 'S_POST_ACTION' => $s_action, 'S_HIDDEN_FIELDS' => $s_hidden_fields)); // Build custom bbcodes array display_custom_bbcodes(); $template->set_filenames(array('body' => 'posting_body.html')); make_jumpbox(append_sid("{$phpbb_root_path}viewforum.{$phpEx}")); }