protected function _bio_publish($address, $key)
{
global $warning;
if (empty($address)) {
$warning->set('no_bio_address');
}
if (empty($key)) {
$warning->set('no_bio_key');
}
$v['field'] = email_format($address) !== false ? 'address' : 'alias';
// sql
$sql = 'SELECT bio_id, bio_key, bio_fails
FROM _bio
WHERE bio_?? = ?
AND bio_status = ?';
if ($_bio = sql_fieldrow(sql_filter($sql, $v['field'], $address, 1))) {
if ($_bio->bio_key === _password($key)) {
if ($_bio->bio_fails) {
$sql = 'UPDATE _bio SET bio_fails = 0
WHERE bio_id = ?';
sql_query(sql_filter($sql, $_bio->bio_id));
}
$bio->session_create($_bio->bio_id);
return true;
}
if ($_bio->bio_fails == $core->v('bio_maxfails')) {
// TODO: Captcha system if maxfail reached
_fatal(508);
}
$sql = 'UPDATE _bio SET bio_fails = bio_fails + 1
WHERE bio_id = ?';
sql_query(sql_filter($sql, $_bio->bio_id));
sleep(5);
$warning->set('login_error');
}
$alias = _low($this->extract_alias($address));
$alias_len = strlen($v['nickname']);
if ($alias_len < 1 || $alias_len > 20) {
$warning->set('alias_len');
}
// TODO: Continue work
return;
}
protected function _password_home()
{
global $bio;
$v = $this->__(w('k'));
if (f($v['k'])) {
// TODO: Password reset from email link
}
if (_button()) {
$v = $this->__(w('address'));
if (!f($v['address'])) {
$this->_error('#NO_SUCH_BIO');
}
$v['field'] = email_format($v['address']) !== false ? 'address' : 'alias';
if ($v['field'] == 'alias' && !_low($v['address'])) {
$this->_error('#NO_SUCH_BIO');
}
$sql = 'SELECT bio_alias, bio_name, bio_email, bio_lang
FROM _bio
WHERE bio_?? = ?
AND bio_active = ?';
if (!($_bio = _fieldrow(sql_filter($sql, $v['field'], $v['address'], 1)))) {
$this->_error('#NO_SUCH_BIO');
}
$actkey = substr(unique_id(), 0, 6);
$sql = 'UPDATE _bio SET bio_actkey = ?
WHERE bio_id = ?';
_sql(sql_filter($sql, $actkey, $_bio['bio_id']));
//
$properties = array('to' => $userdata['bio_address'], 'template' => 'user_activate_passwd', 'vars' => array('USERNAME' => $userdata['username'], 'PASSWORD' => $user_password, 'U_ACTIVATE' => _link('my', array('password', 'k' => $user_actkey))));
_sendmail($properties);
$this->_error('PASSWD_SENT');
}
return;
}
$d = substr($r->bday, 6, 2);
$r->bday = gmdate('r', gmmktime(1, 1, 1, $m, $d, y));
} else {
$r->bday = '';
}
$r->last_visit = $r->last_visit && $r->last_visit > 631155661 ? gmdate('r', $r->last_visit) : '';
$r->join_date = $r->join_date && $r->join_date > 631155661 ? gmdate('r', $r->join_date) : '';
if ($r->users_opt >= 16777216) {
$r->avatar_loc = '';
}
echo '
<item>
<user_id>' . $r->id . '</user_id>
<user_login>' . sp($r->alias) . '</user_login>
<user_name>' . sp($r->name) . '</user_name>
<user_email>' . sp(email_format($r->email)) . '</user_email>
<post_count>' . (int) $r->posted_msg_count . '</post_count>
<avatar_img>' . sp($r->avatar_loc) . '</avatar_img>
<homepage>' . sp(htmlspecialchars($r->homepage)) . '</homepage>
<bday>' . $r->bday . '</bday>
<last_visit>' . $r->last_visit . '</last_visit>
<reg_date>' . $r->join_date . '</reg_date>
<im_icq>' . $r->icq . '</im_icq>
<im_aim>' . sp($r->aim) . '</im_aim>
<im_yahoo>' . sp($r->yahoo) . '</im_yahoo>
<im_msnm>' . sp($r->msnm) . '</im_msnm>
<im_jabber>' . sp($r->msnm) . '</im_jabber>
<im_affero>' . sp($r->affero) . '</im_affero>
';
if ($r->subject && $r->can_show_msg) {
echo '
/**
* sends an e-mail notification to all admins and mods who have activated
* e-mail notification
*
* @param int $id : the id of the posting
* @param bool $delayed : true adds a delayed message (when postibg was activated manually)
*/
function emailNotification2ModsAndAdmins($id, $delayed = false)
{
global $settings, $db_settings, $lang, $connid;
$id = intval($id);
// data of posting:
$result = @mysql_query("SELECT pid, name, user_name, " . $db_settings['forum_table'] . ".user_id, subject, text \r\n FROM " . $db_settings['forum_table'] . " \r\n LEFT JOIN " . $db_settings['userdata_table'] . " ON " . $db_settings['userdata_table'] . ".user_id=" . $db_settings['forum_table'] . ".user_id\r\n WHERE id = " . intval($id) . " LIMIT 1", $connid);
$data = mysql_fetch_array($result);
mysql_free_result($result);
// overwrite $data['name'] with $data['user_name'] if registered user:
if ($data['user_id'] > 0) {
if (!$data['user_name']) {
$data['name'] = $lang['unknown_user'];
} else {
$data['name'] = $data['user_name'];
}
}
$name = stripslashes($data['name']);
$subject = stripslashes($data['subject']);
$text = email_format(stripslashes($data['text']));
if ($data['pid'] > 0) {
$emailbody = str_replace("[name]", $name, $lang['admin_email_text_reply']);
} else {
$emailbody = str_replace("[name]", $name, $lang['admin_email_text']);
}
$emailbody = str_replace("[subject]", $subject, $emailbody);
$emailbody = str_replace("[text]", $text, $emailbody);
$emailbody = str_replace("[posting_address]", $settings['forum_address'] . "index.php?id=" . $id, $emailbody);
$emailbody = str_replace("[forum_address]", $settings['forum_address'], $emailbody);
if ($delayed == true) {
$emailbody = $emailbody . "\n\n" . $lang['email_text_delayed_addition'];
}
$emailbody = stripslashes($emailbody);
$lang['admin_email_subject'] = str_replace("[subject]", stripslashes($subject), $lang['admin_email_subject']);
// who gets an E-mail notification?
$recipient_result = @mysql_query("SELECT user_name, user_email FROM " . $db_settings['userdata_table'] . " WHERE user_type > 0 AND new_posting_notification=1", $connid) or raise_error('database_error', mysql_error());
while ($admin_array = mysql_fetch_array($recipient_result)) {
$ind_emailbody = str_replace("[admin]", $admin_array['user_name'], $emailbody);
$recipient = my_mb_encode_mimeheader($admin_array['user_name'], CHARSET, "Q") . " <" . $admin_array['user_email'] . ">";
my_mail($recipient, $lang['admin_email_subject'], $ind_emailbody);
}
mysql_free_result($recipient_result);
}
function do_login($box_text = '', $need_admin = false, $extra_vars = false) {
global $config, $user;
$error = w();
$action = request_var('mode', '');
if (empty($user->data)) {
$user->init(false);
}
if (empty($user->lang)) {
$user->setup();
}
if ($user->is('bot')) {
redirect(s_link());
}
$code_invite = request_var('invite', '');
$admin = _button('admin');
$login = _button('login');
$submit = _button();
$need_auth = false;
if ($admin) {
$need_auth = true;
}
$v_fields = array(
'username' => '',
'email' => '',
'email_confirm' => '',
'key' => '',
'key_confirm' => '',
'gender' => 0,
'birthday_month' => 0,
'birthday_day' => 0,
'birthday_year' => 0,
'tos' => 0,
'ref' => 0
);
if (!empty($code_invite)) {
$sql = 'SELECT i.invite_email, m.user_email
FROM _members_ref_invite i, _members m
WHERE i.invite_code = ?
AND i.invite_uid = m.user_id';
if (!$invite_row = sql_fieldrow(sql_filter($sql, $code_invite))) {
fatal_error();
}
$v_fields['ref'] = $invite_row['user_email'];
$v_fields['email'] = $invite_row['invite_email'];
unset($invite_row);
}
switch ($action) {
case 'in':
if ($user->is('member') && !$admin) {
redirect(s_link());
}
if ($login && (!$user->is('member') || $admin)) {
$username = request_var('username', '');
$password = request_var('password', '');
$ref = request_var('ref', '');
if (!empty($username) && !empty($password)) {
$username_base = get_username_base($username);
$sql = 'SELECT user_id, username, user_password, user_type, user_country, user_avatar, user_location, user_gender, user_birthday
FROM _members
WHERE username_base = ?';
if ($row = sql_fieldrow(sql_filter($sql, $username_base))) {
$exclude_type = array(USER_INACTIVE);
if (ValidatePassword($password, $row['user_password']) && (!in_array($row['user_type'], $exclude_type))) {
$user->session_create($row['user_id'], $admin);
if (!$row['user_country'] || !$row['user_location'] || !$row['user_gender'] || !$row['user_birthday'] || !$row['user_avatar']) {
$ref = s_link('my', 'profile');
} else {
$ref = (empty($ref) || (preg_match('#' . preg_quote($config['server_name']) . '/$#', $ref))) ? s_link('today') : $ref;
}
redirect($ref);
}
}
}
}
break;
case 'out':
if ($user->is('member')) {
$user->session_kill();
}
redirect(s_link());
break;
case 'up':
if ($user->is('member')) {
redirect(s_link('my profile'));
} else if ($user->is('bot')) {
redirect(s_link());
}
$code = request_var('code', '');
if (!empty($code)) {
if (!preg_match('#([a-z0-9]+)#is', $code)) {
fatal_error();
}
$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
FROM _crypt_confirm c, _members m
WHERE c.crypt_code = ?
AND c.crypt_userid = m.user_id';
if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
fatal_error();
}
$user_id = $crypt_data['user_id'];
$sql = 'UPDATE _members SET user_type = ?
WHERE user_id = ?';
sql_query(sql_filter($sql, USER_NORMAL, $user_id));
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_code = ?
AND crypt_userid = ?';
sql_query(sql_filter($sql, $code, $user_id));
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_welcome_confirm');
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'])
);
$emailer->send();
$emailer->reset();
$user->session_create($user_id, 0);
//
if (empty($user->data)) {
$user->init();
}
if (empty($user->lang)) {
$user->setup();
}
$custom_vars = array(
'S_REDIRECT' => '',
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added_confirm')
);
page_layout('INFORMATION', 'message', $custom_vars);
}
//
/*$sql = 'SELECT *
FROM _members_ref_assoc
WHERE ref_uid = ?';
if ($ref_assoc = sql_fieldrow(sql_filter($sql, $user_id))) {
if ($user_id != $ref_assoc['ref_orig']) {
$user->points_add(3, $ref_assoc['ref_orig']);
$sql_insert = array(
'user_id' => $user_id,
'buddy_id' => $ref_assoc['ref_orig'],
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
$sql_insert = array(
'user_id' => $ref_assoc['ref_orig'],
'buddy_id' => $user_id,
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
$user->save_unread(UH_FRIEND, $user_id, 0, $ref_assoc['ref_orig']);
}
$sql = 'DELETE FROM _members_ref_assoc
WHERE ref_id = ?';
sql_query(sql_filter($sql, $ref_assoc['ref_id']));
}
//
$sql = 'SELECT *
FROM _members_ref_invite
WHERE invite_email = ?';
if ($row = sql_fieldrow(sql_filter($sql, $crypt_data['user_email']))) {
$sql = 'DELETE FROM _members_ref_invite
WHERE invite_code = ?';
sql_query(sql_filter($sql, $row['invite_code']));
}
//
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_welcome_confirm');
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'])
);
$emailer->send();
$emailer->reset();
//
if (empty($user->data)) {
$user->init();
}
if (empty($user->lang)) {
$user->setup();
}
$custom_vars = array(
'S_REDIRECT' => '',
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added_confirm')
);
page_layout('INFORMATION', 'message', $custom_vars);
* */
if ($submit) {
foreach ($v_fields as $k => $v) {
$v_fields[$k] = request_var($k, $v);
}
if (empty($v_fields['username'])) {
$error['username'] = '******';
} else {
$len_username = strlen($v_fields['username']);
if (($len_username < 2) || ($len_username > 20) || !get_username_base($v_fields['username'], true)) {
$error['username'] = '******';
}
if (!sizeof($error)) {
$result = validate_username($v_fields['username']);
if ($result['error']) {
$error['username'] = $result['error_msg'];
}
}
if (!sizeof($error)) {
$v_fields['username_base'] = get_username_base($v_fields['username']);
$sql = 'SELECT user_id
FROM _members
WHERE username_base = ?';
if (sql_field(sql_filter($sql, $v_fields['username_base']), 'user_id', 0)) {
$error['username'] = '******';
}
}
if (!sizeof($error)) {
$sql = 'SELECT ub
FROM _artists
WHERE subdomain = ?';
if (sql_field(sql_filter($sql, $v_fields['username_base']), 'ub', 0)) {
$error['username'] = '******';
}
}
}
if (empty($v_fields['email']) || empty($v_fields['email_confirm'])) {
if (empty($v_fields['email'])) {
$error['email'] = 'EMPTY_EMAIL';
}
if (empty($v_fields['email_confirm'])) {
$error['email_confirm'] = 'EMPTY_EMAIL_CONFIRM';
}
} else {
if ($v_fields['email'] == $v_fields['email_confirm']) {
$result = validate_email($v_fields['email']);
if ($result['error']) {
$error['email'] = $result['error_msg'];
}
} else {
$error['email'] = 'EMAIL_MISMATCH';
$error['email_confirm'] = 'EMAIL_MISMATCH';
}
}
if (!empty($v_fields['key']) && !empty($v_fields['key_confirm'])) {
if ($v_fields['key'] != $v_fields['key_confirm']) {
$error['key'] = 'PASSWORD_MISMATCH';
} else if (strlen($v_fields['key']) > 32) {
$error['key'] = 'PASSWORD_LONG';
}
} else {
if (empty($v_fields['key'])) {
$error['key'] = 'EMPTY_PASSWORD';
} elseif (empty($v_fields['key_confirm'])) {
$error['key_confirm'] = 'EMPTY_PASSWORD_CONFIRM';
}
}
if (!$v_fields['birthday_month'] || !$v_fields['birthday_day'] || !$v_fields['birthday_year']) {
$error['birthday'] = 'EMPTY_BIRTH_MONTH';
}
if (!$v_fields['tos']) {
$error['tos'] = 'AGREETOS_ERROR';
}
if (!sizeof($error)) {
//$v_fields['country'] = strtolower(geoip_country_code_by_name($user->ip));
$v_fields['country'] = 90;
$v_fields['birthday'] = leading_zero($v_fields['birthday_year']) . leading_zero($v_fields['birthday_month']) . leading_zero($v_fields['birthday_day']);
$member_data = array(
'user_type' => USER_INACTIVE,
'user_active' => 1,
'username' => $v_fields['username'],
'username_base' => $v_fields['username_base'],
'user_password' => HashPassword($v_fields['key']),
'user_regip' => $user->ip,
'user_session_time' => 0,
'user_lastpage' => '',
'user_lastvisit' => time(),
'user_regdate' => time(),
'user_level' => 0,
'user_posts' => 0,
'userpage_posts' => 0,
'user_points' => 0,
'user_timezone' => $config['board_timezone'],
'user_dst' => $config['board_dst'],
'user_lang' => $config['default_lang'],
'user_dateformat' => $config['default_dateformat'],
'user_country' => (int) $v_fields['country'],
'user_rank' => 0,
'user_avatar' => '',
'user_avatar_type' => 0,
'user_email' => $v_fields['email'],
'user_lastlogon' => 0,
'user_totaltime' => 0,
'user_totallogon' => 0,
'user_totalpages' => 0,
'user_gender' => $v_fields['gender'],
'user_birthday' => (string) $v_fields['birthday'],
'user_mark_items' => 0,
'user_topic_order' => 0,
'user_email_dc' => 1,
'user_refop' => 0,
'user_refby' => $v_fields['ref']
);
$user_id = sql_insert('members', $member_data);
set_config('max_users', $config['max_users'] + 1);
// Confirmation code
$verification_code = md5(unique_id());
$insert = array(
'crypt_userid' => $user_id,
'crypt_code' => $verification_code,
'crypt_time' => $user->time
);
sql_insert('crypt_confirm', $insert);
// Emailer
$emailer = new emailer();
if (!empty($v_fields['ref'])) {
$valid_ref = email_format($v_fields['ref']);
if ($valid_ref) {
$sql = 'SELECT user_id
FROM _members
WHERE user_email = ?';
if ($ref_friend = sql_field(sql_filter($sql, $v_fields['ref']), 'user_id', 0)) {
$sql_insert = array(
'ref_uid' => $user_id,
'ref_orig' => $ref_friend
);
sql_insert('members_ref_assoc', $sql_insert);
$sql_insert = array(
'user_id' => $user_id,
'buddy_id' => $ref_friend,
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
} else {
$invite_user = explode('@', $v_fields['ref']);
$invite_code = substr(md5(unique_id()), 0, 6);
$sql_insert = array(
'invite_code' => $invite_code,
'invite_email' => $v_fields['ref'],
'invite_uid' => $user_id
);
sql_insert('members_ref_invite', $sql_insert);
$emailer->from('info');
$emailer->use_template('user_invite');
$emailer->email_address($v_fields['ref']);
$emailer->assign_vars(array(
'INVITED' => $invite_user[0],
'USERNAME' => $v_fields['username'],
'U_REGISTER' => s_link('my register a', $invite_code))
);
$emailer->send();
$emailer->reset();
}
}
}
// Send confirm email
$emailer->from('info');
$emailer->use_template('user_welcome');
$emailer->email_address($v_fields['email']);
$emailer->assign_vars(array(
'USERNAME' => $v_fields['username'],
'U_ACTIVATE' => 'http:' . s_link('signup', $verification_code))
);
$emailer->send();
$emailer->reset();
$custom_vars = array(
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added')
);
page_layout('INFORMATION', 'message', $custom_vars);
/*
$user->session_create($user_id, 0);
redirect(s_link());
*/
}
}
break;
case 'r':
if ($user->is('member')) {
redirect(s_link('my profile'));
} else if ($user->is('bot')) {
redirect(s_link());
}
$code = request_var('code', '');
if (request_var('r', 0)) {
redirect(s_link());
}
if (!empty($code)) {
if (!preg_match('#([a-z0-9]+)#is', $code)) {
fatal_error();
}
$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
FROM _crypt_confirm c, _members m
WHERE c.crypt_code = ?
AND c.crypt_userid = m.user_id';
if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
fatal_error();
}
if (_button()) {
$password = request_var('newkey', '');
$password2 = request_var('newkey2', '');
if (!empty($password)) {
if ($password === $password2) {
$crypt_password = HashPassword($password);
$sql = 'UPDATE _members SET user_password = ?
WHERE user_id = ?';
sql_query(sql_filter($sql, $crypt_password, $crypt_data['user_id']));
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_userid = ?';
sql_query(sql_filter($sql, $crypt_data['user_id']));
// Send email
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_confirm_passwd', $config['default_lang']);
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'],
'PASSWORD' => $password,
'U_PROFILE' => s_link('m', $crypt_data['username_base']))
);
$emailer->send();
$emailer->reset();
//
v_style(array(
'PAGE_MODE' => 'updated'
));
} else {
v_style(array(
'PAGE_MODE' => 'nomatch',
'S_CODE' => $code)
);
}
} else {
v_style(array(
'PAGE_MODE' => 'nokey',
'S_CODE' => $code)
);
}
} else {
v_style(array(
'PAGE_MODE' => 'verify',
'S_CODE' => $code)
);
}
} else if (_button()) {
$email = request_var('address', '');
if (empty($email) || !email_format($email)) {
fatal_error();
}
$sql = 'SELECT *
FROM _members
WHERE user_email = ?
AND user_active = 1
AND user_type NOT IN (??, ??)
AND user_id NOT IN (
SELECT ban_userid
FROM _banlist
)';
if (!$userdata = sql_fieldrow(sql_filter($sql, $email, USER_INACTIVE, USER_FOUNDER))) {
fatal_error();
}
$emailer = new emailer();
$verification_code = md5(unique_id());
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_userid = ?';
sql_query(sql_filter($sql, $userdata['user_id']));
$insert = array(
'crypt_userid' => $userdata['user_id'],
'crypt_code' => $verification_code,
'crypt_time' => $user->time
);
sql_insert('crypt_confirm', $insert);
// Send email
$emailer->from('info');
$emailer->use_template('user_activate_passwd', $config['default_lang']);
$emailer->email_address($userdata['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $userdata['username'],
'U_ACTIVATE' => s_link('signr', $verification_code))
);
$emailer->send();
$emailer->reset();
_style('reset_complete');
}
break;
default:
break;
}
//
// Signup data
//
if (sizeof($error)) {
_style('error', array(
'MESSAGE' => parse_error($error))
);
}
$s_genres_select = '';
$genres = array(1 => 'MALE', 2 => 'FEMALE');
foreach ($genres as $id => $value) {
$s_genres_select .= '<option value="' . $id . '"' . (($v_fields['gender'] == $id) ? ' selected="true"' : '') . '>' . lang($value) . '</option>';
}
$s_bday_select = '';
for ($i = 1; $i < 32; $i++) {
$s_bday_select .= '<option value="' . $i . '"' . (($v_fields['birthday_day'] == $i) ? 'selected="true"' : '') . '>' . $i . '</option>';
}
$s_bmonth_select = '';
$months = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December');
foreach ($months as $id => $value)
{
$s_bmonth_select .= '<option value="' . $id . '"' . (($v_fields['birthday_month'] == $id) ? ' selected="true"' : '') . '>' . $user->lang['datetime'][$value] . '</option>';
}
$s_byear_select = '';
$current_year = date('Y');
for ($i = ($current_year - 1); $i > $current_year - 102; $i--)
{
$s_byear_select .= '<option value="' . $i . '"' . (($v_fields['birthday_year'] == $i) ? ' selected="true"' : '') . '>' . $i . '</option>';
}
$v_fields['birthday'] = false;
if (isset($error['birthday'])) {
$v_fields['birthday'] = true;
}
$s_hidden = w();
if ($need_auth) {
$s_hidden = array('admin' => 1);
}
if (!isset($v_fields['refby'])) {
$v_fields['refby'] = '';
}
$layout_vars = array(
'IS_NEED_AUTH' => $need_auth,
'IS_LOGIN' => $login,
'CUSTOM_MESSAGE' => $box_text,
'S_HIDDEN_FIELDS' => s_hidden($s_hidden),
'U_SIGNIN' => s_link('signin'),
'U_SIGNUP' => s_link('signup'),
'U_SIGNOUT' => s_link('signout'),
'U_PASSWORD' => s_link('signr'),
'V_USERNAME' => $v_fields['username'],
'V_KEY' => $v_fields['key'],
'V_KEY_CONFIRM' => $v_fields['key_confirm'],
'V_EMAIL' => $v_fields['email'],
'V_REFBY' => $v_fields['refby'],
'V_GENDER' => $s_genres_select,
'V_BIRTHDAY_DAY' => $s_bday_select,
'V_BIRTHDAY_MONTH' => $s_bmonth_select,
'V_BIRTHDAY_YEAR' => $s_byear_select,
'V_TOS' => ($v_fields['tos']) ? ' checked="true"' : '',
'PAGE_MODE' => ''
);
foreach ($v_fields as $k => $v) {
$layout_vars['E_' . strtoupper($k)] = (isset($error[$k])) ? true : false;
}
if ($login) {
$ref = request_var('ref', '');
_style('error', array(
'LASTPAGE' => ($ref != '') ? $ref : s_link())
);
}
$box_text = (!empty($box_text)) ? lang($box_text, $box_text) : '';
page_layout('LOGIN2', 'login', $layout_vars);
}
function _login_home()
{
global $user, $db, $nucleo;
$this->__is_post();
$v = $this->control->__(array('lastpage', 'address', 'password'));
if ($user->data['is_member'])
{
$nucleo->redirect($v['lastpage']);
}
if (empty($v['address']) || empty($v['key']))
{
$this->error('LOGIN_ERROR');
}
if (!$this->errors() && email_format($v['address']) === false)
{
$this->error('LOGIN_ERROR');
}
if (!$this->errors())
{
$sql = "SELECT *
FROM _members
WHERE user_email = '" . $db->sql_escape($v['address']) . "'
AND user_id <> " . GUEST . '
AND user_inactive = 0';
$is_register = true;
if ($userdata = $this->_fieldrow($sql))
{
$is_register = false;
if ($userdata['user_password'] === $nucleo->password($v['key']))
{
$user->session_create($userdata['user_id']);
$nucleo->redirect($v['lastpage']);
}
// TODO: Limit login tries
$this->error('LOGIN_ERROR');
}
if ($is_register)
{
$v = array_merge($v, $this->control->__(array('invite', 'ref', 'ref_in')));
// Invite
if (!empty($v['invite']))
{
$sql = "SELECT i.invite_email, m.user_email
FROM _members_ref_invite i, _members m
WHERE i.invite_code = '" . $db->sql_escape($v['invite']) . "'
AND i.invite_uid = m.user_id";
if (!$row_invite = $this->_fieldrow($sql))
{
$nucleo->fatal();
}
$v['ref'] = 1;
$v['ref_in'] = $row_invite['user_email'];
$v['address'] = $row_invite['invite_email'];
}
if ($this->button())
{
$v = array_merge($v, $this->control->__(array('alias', 'username', 'gender', 'country', 'birth_day', 'birth_month', 'birth_year', 'aup')));
if (empty($v['alias']) || empty($v['username']))
{
$this->error('E_REGISTER_EMPTY_USERNAME');
}
if (!$this->errors())
{
if (!preg_match('#^([a-z0-9\_\-]+)$#is', $v['alias']))
{
$this->error('E_REGISTER_BAD_ALIAS');
}
}
if (!$this->errors())
{
$v['alias_len'] = strlen($v['alias']);
if (($v['alias_len'] < 1) || ($v['alias_len'] > 20))
{
$this->error('E_REGISTER_LEN_ALIAS');
}
$v['username_len'] = strlen($v['username']);
if (($v['username_len'] < 1) || ($v['username_len'] > 20))
{
$this->error('E_REGISTER_LEN_ALIAS');
}
}
if (!$this->errors())
{
$sql = "SELECT *
FROM _subdomains
WHERE s_name = '" . $db->sql_escape($v['alias']) . "'";
if ($this->_fieldrow($sql))
{
$this->error('E_REGISTER_RECORD_ALIAS');
}
}
//
}
// GeoIP
include(SROOT . 'core/geoip.php');
$gi = geoip_open(SROOT . 'core/GeoIP.dat', GEOIP_STANDARD);
$geoip_code = strtolower(geoip_country_code_by_addr($gi, $user->ip));
$sql = 'SELECT *
FROM _countries
ORDER BY country_name';
$countries = $this->_rowset($sql);
$v2['country'] = ($v2['country']) ? $v2['country'] : ((isset($country_codes[$geoip_code])) ? $country_codes[$geoip_code] : $country_codes['gt']);
foreach ($countries as $i => $row)
{
if (!$i)
{
$style->assign_block_vars('countries', array());
}
$style->assign_block_vars('countries.row', array(
'V_ID' => $row['country_id'],
'V_NAME' => $row['country_name'],
'V_SEL' => 0
));
}
$tv = array(
'V_EMAIL' => $v['address'],
'V_PASSWORD' => $v['key']
);
}
else
{
$user->login('', $this->get_errors());
}
}
return;
}
protected function _up_home()
{
global $bio, $warning;
$v = $this->__(w('send address'));
if (!empty($v->send)) {
$v = _array_merge($v, $this->__(array_merge(w('password firstname lastname country status'), _array_keys(w('gender birth_day birth_month birth_year'), 0))));
if (empty($v->address)) {
$warning->set('empty_address');
}
if (empty($v->password)) {
$warning->set('empty_password');
}
if (!email_format($v->address)) {
$warning->set('bad_address');
}
if (!($v->alias = _low($v->firstname . $v->lastname))) {
$warning->set('bad_alias');
}
if ($this->alias_exists($v->alias)) {
$warning->set('record_alias');
}
if (!($v->country = $this->country_exists($v->country))) {
$warning->set('bad_country');
}
if (!$v->birth_day || !$v->birth_month || !$v->birth_year) {
$warning->set('bad_birth');
}
$v->birth = _timestamp($v->birth_month, $v->birth_day, $v->birth_year);
$v->name = trim($v->firstname) . ' ' . trim($v->lastname);
$sql_insert = array('type' => 0, 'level' => 0, 'active' => 1, 'alias' => $v->alias, 'name' => $v->firstname . ' ' . $v->lastname, 'first' => $v->firstname, 'last' => $v->lastname, 'key' => HashPassword($v->password), 'address' => $v->address, 'gender' => $v->gender, 'birth' => $v->birth, 'birthlast' => 0, 'regip' => $bio->v('ip'), 'regdate' => time(), 'session_time' => time(), 'lastpage' => '', 'timezone' => -6, 'dst' => 0, 'dateformat' => 'd M Y H:i', 'lang' => 'sp', 'country' => $v->country, 'avatar' => '', 'actkey' => '', 'recovery' => 0, 'fails' => 0);
$bio->id = sql_put('_bio', prefix('bio', $sql_insert));
$sql_insert = array('bio' => $bio->id, 'name' => $v->address, 'primary' => 1);
sql_put('_bio_address', prefix('address', $sql_insert));
echo 'OK';
exit;
}
//$gi = geoip_open(XFS.XCOR . 'store/geoip.dat', GEOIP_STANDARD);
$geoip_code = '';
if ($bio->v('ip') != '127.0.0.1') {
// GeoIP
if (!@function_exists('geoip_country_code_by_name')) {
//require_once(XFS.XCOR . 'geoip.php');
}
//$geoip_code = @geoip_country_code_by_name($bio->v('ip'));
}
for ($i = 1; $i < 32; $i++) {
if ($i == 1) {
_style('birth_day');
}
_style('birth_day.row', array('DAY' => $i));
}
for ($i = 1; $i < 13; $i++) {
if ($i == 1) {
_style('birth_month');
}
_style('birth_month.row', array('MONTH' => $i));
}
for ($i = date('Y'); $i > 1900; $i--) {
if ($i == date('Y')) {
_style('birth_year');
}
_style('birth_year.row', array('YEAR' => $i));
}
//_pre($geoip_code, true);
/*
$sql = 'SELECT *
FROM _countries
ORDER BY country_name';
$countries = sql_rowset($sql);
$v->country = ($v->country) ? $v->country : ((isset($country_codes[$geoip_code])) ? $country_codes[$geoip_code] : $country_codes['gt']);
foreach ($countries as $i => $row) {
if (!$i) _style('countries');
_style('countries.row', array(
'V_ID' => $row->country_id,
'V_NAME' => $row->country_name,
'V_SEL' => 0)
);
}
*
*/
return;
}
