public function logout($id, $token)
{
global $lang_login;
if ($this->user->is_guest || !isset($id) || $id != $this->user->id || !isset($token) || $token != feather_hash($this->user->id . feather_hash(get_remote_address()))) {
header('Location: ' . get_base_url());
exit;
}
// Remove user from "users online" list
DB::for_table('online')->where('user_id', $this->user->id)->delete_many();
// Update last_visit (make sure there's something to update it with)
if (isset($this->user->logged)) {
DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_visit', $this->user->logged)->save();
}
feather_setcookie(1, feather_hash(uniqid(rand(), true)), time() + 31536000);
redirect(get_base_url(), $lang_login['Logout redirect']);
}
function escrow_publish_topic_problem($post_info)
{
global $forum_db, $db_type, $forum_config, $lang_common;
if ($return != null) {
return;
}
// Add the topic
$query = array('INSERT' => 'poster, subject, posted, last_post, last_poster, forum_id, visibility', 'INTO' => 'topics', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', \'' . $forum_db->escape($post_info['subject']) . '\', ' . $post_info['posted'] . ', ' . $post_info['posted'] . ', \'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['forum_id'] . ', ' . $post_info['visibility']);
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$new_tid = $forum_db->insert_id();
// Create the post ("topic post")
$query = array('INSERT' => 'poster, poster_id, poster_ip, message, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['posted'] . ', ' . $new_tid);
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$new_pid = $forum_db->insert_id();
// Update the topic with last_post_id and first_post_id
$query = array('UPDATE' => 'topics', 'SET' => 'last_post_id=' . $new_pid . ', first_post_id=' . $new_pid, 'WHERE' => 'id=' . $new_tid);
$forum_db->query_build($query) or error(__FILE__, __LINE__);
return $new_tid;
}
function get_user_nav_menu_items()
{
global $db, $luna_config, $luna_user;
$items = array();
if ($luna_user['is_guest']) {
$items['guest'] = array('register' => array('url' => 'register.php', 'title' => __('Register', 'luna')), 'login' => array('url' => '#', 'title' => __('Login', 'luna')));
} else {
if ($luna_user['is_admmod']) {
$items['backstage'] = array('url' => 'backstage/', 'title' => __('Backstage', 'luna'));
}
// Check for new notifications
$result = $db->query('SELECT COUNT(id) FROM ' . $db->prefix . 'notifications WHERE viewed = 0 AND user_id = ' . $luna_user['id']) or error('Unable to load notifications', __FILE__, __LINE__, $db->error());
$num_notifications = intval($db->result($result));
$items['notifications'] = array('url' => $luna_config['o_notification_flyout'] ? '#' : 'notifications.php', 'title' => $num_notifications > 0 ? __('Notifications', 'luna') : __('No new notifications', 'luna'), 'num' => $num_notifications, 'flyout' => 1 == $luna_config['o_notification_flyout']);
if ($luna_config['o_pms_enabled'] == '1' && $luna_user['g_pm'] == '1' && $luna_user['use_pm'] == '1') {
// Check for new messages
$result = $db->query('SELECT COUNT(id) FROM ' . $db->prefix . 'messages WHERE showed=0 AND show_message=1 AND owner=' . $luna_user['id']) or error('Unable to check the availibility of new messages', __FILE__, __LINE__, $db->error());
$num_new_pm = intval($db->result($result));
$items['inbox'] = array('url' => 'inbox.php', 'title' => 'Inbox', 'num' => $num_new_pm);
}
$items['user'] = array('profile' => array('url' => 'profile.php?id=' . $luna_user['id'], 'title' => __('Profile', 'luna')), 'settings' => array('url' => 'settings.php', 'title' => __('Settings', 'luna')), 'help' => array('url' => 'help.php', 'title' => __('Help', 'luna')), 'logout' => array('url' => 'login.php?action=out&id=' . $luna_user['id'] . '&csrf_token=' . luna_hash($luna_user['id'] . luna_hash(get_remote_address())), 'title' => __('Logout', 'luna')));
}
return $items;
}
function generate_cached_search_query($search_id, &$show_as)
{
global $forum_db, $db_type, $forum_user, $forum_config;
$return = ($hook = get_hook('sf_fn_generate_cached_search_query_start')) ? eval($hook) : null;
if ($return != null) {
return $return;
}
$ident = $forum_user['is_guest'] ? get_remote_address() : $forum_user['username'];
$query = array('SELECT' => 'sc.search_data', 'FROM' => 'search_cache AS sc', 'WHERE' => 'sc.id=' . $search_id . ' AND sc.ident=\'' . $forum_db->escape($ident) . '\'');
($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_search_data')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
if ($row = $forum_db->fetch_assoc($result)) {
$search_data = unserialize($row['search_data']);
$search_results = $search_data['search_results'];
$sort_by = $search_data['sort_by'];
$sort_dir = $search_data['sort_dir'];
$show_as = $search_data['show_as'];
unset($search_data);
} else {
return false;
}
// If there are no posts, we don't need to execute the query
if (empty($search_results)) {
return false;
}
switch ($sort_by) {
case 1:
$sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster';
break;
case 2:
$sort_by_sql = 't.subject';
break;
case 3:
$sort_by_sql = 't.forum_id';
break;
default:
$sort_by_sql = $show_as == 'topics' ? 't.posted' : 'p.posted';
($hook = get_hook('sf_fn_generate_cached_search_query_qr_cached_sort_by')) ? eval($hook) : null;
break;
}
if ($show_as == 'posts') {
$query = array('SELECT' => 'p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, p.message, p.hide_smilies, t.id AS tid, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id, f.forum_name', 'FROM' => 'posts AS p', 'JOINS' => array(array('INNER JOIN' => 'topics AS t', 'ON' => 't.id=p.topic_id'), array('INNER JOIN' => 'forums AS f', 'ON' => 'f.id=t.forum_id')), 'WHERE' => 'p.id IN(' . $search_results . ')', 'ORDER BY' => $sort_by_sql . ' ' . $sort_dir);
($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_hits_as_posts')) ? eval($hook) : null;
} else {
$query = array('SELECT' => 't.id AS tid, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.sticky, t.forum_id, f.forum_name', 'FROM' => 'topics AS t', 'JOINS' => array(array('INNER JOIN' => 'forums AS f', 'ON' => 'f.id=t.forum_id')), 'WHERE' => 't.id IN(' . $search_results . ')', 'ORDER BY' => $sort_by_sql . ' ' . $sort_dir);
// With "has posted" indication
if (!$forum_user['is_guest'] && $forum_config['o_show_dot'] == '1') {
$query['SELECT'] .= ', p.poster_id AS has_posted';
$query['JOINS'][] = array('LEFT JOIN' => 'posts AS p', 'ON' => '(p.poster_id=' . $forum_user['id'] . ' AND p.topic_id=t.id)');
// Must have same columns as in prev SELECT
$query['GROUP BY'] = 't.id, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.sticky, t.forum_id, f.forum_name, p.poster_id';
($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_has_posted')) ? eval($hook) : null;
}
($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_hits_as_topics')) ? eval($hook) : null;
}
($hook = get_hook('sf_fn_generate_cached_search_query_end')) ? eval($hook) : null;
return $query;
}
if ($_SESSION['GPG_MESSAGE'] == $_POST['req_CLEARTEXT'] || $_SESSION['GPG_CIPHERTEXT'] == 'SORRY, YOUR PUBKEY IS FAULTY') {
// Remove this user's guest entry from the online list
$query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\'');
($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire);
($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;
$_SESSION = array();
$_SESSION['NOT_BOT'] = 1;
redirect(FORUM_ROOT . "search.php?action=show_new");
}
} else {
$_SESSION['GPG_VERIFICATION_REQUIRED'] = 0;
// Remove this user's guest entry from the online list
$query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\'');
($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire);
($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null;
$_SESSION = array();
$_SESSION['NOT_BOT'] = 1;
redirect(FORUM_ROOT . "search.php?action=show_new");
}
}
}
} else {
if ($action == 'out') {
if ($forum_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $forum_user['id']) {
header('Location: ' . forum_link($forum_url['index']));
}
}
if ($panther_config['p_allow_dupe_email'] == '0') {
$data = array(':email' => $email);
$ps = $db->select('users', 1, $data, 'email=:email');
if ($ps->rowCount()) {
$errors[] = $lang_prof_reg['Dupe email'];
}
}
if (empty($errors)) {
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$initial_group_id = $random_pass == 0 ? $panther_config['o_default_user_group'] : PANTHER_UNVERIFIED;
$password_hash = panther_hash($password1 . $password_salt);
// Add the user
$insert = array('username' => $username, 'group_id' => $initial_group_id, 'password' => $password_hash, 'salt' => $password_salt, 'email' => $email, 'email_setting' => $panther_config['o_default_email_setting'], 'timezone' => $panther_config['o_default_timezone'], 'dst' => $panther_config['o_default_dst'], 'language' => $panther_config['o_default_lang'], 'style' => $panther_config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now);
$db->insert('users', $insert);
$new_uid = $db->lastInsertId($db->prefix . 'users');
if ($random_pass == '1') {
$info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login'])));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info);
$mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']);
}
// Regenerate the users info cache
if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) {
require PANTHER_ROOT . 'include/cache.php';
}
generate_users_info_cache();
redirect(panther_link($panther_url['admin_maintenance']), $lang_admin_maintenance['User created message']);
}
}
$db->query('UPDATE ' . $db->prefix . 'topics SET has_poll=' . $poll_id . ' WHERE id=' . $new_tid) or error('Unable to update topic for poll', __FILE__, __LINE__, $db->error());
}
}
}
// hcs AJAX POLL MOD END
if (!$pun_user['is_guest']) {
// To subscribe or not to subscribe, that ...
if ($pun_config['o_subscriptions'] == 1 && $_POST['subscribe'] == 1) {
$db->query('INSERT INTO ' . $db->prefix . 'subscriptions (user_id, topic_id) VALUES(' . $pun_user['id'] . ' ,' . $new_tid . ')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error());
}
// Create the post ("topic post")
$db->query('INSERT INTO ' . $db->prefix . 'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', ' . $pun_user['id'] . ', \'' . get_remote_address() . '\', \'' . $db->escape($message) . '\', \'' . $hide_smilies . '\', ' . $_SERVER['REQUEST_TIME'] . ', ' . $new_tid . ')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
} else {
// Create the post ("topic post")
$email_sql = $pun_config['p_force_guest_email'] == 1 || $email ? '\'' . $db->escape($email) . '\'' : 'NULL';
$db->query('INSERT INTO ' . $db->prefix . 'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', \'' . get_remote_address() . '\', ' . $email_sql . ', \'' . $db->escape($message) . '\', \'' . $hide_smilies . '\', ' . $_SERVER['REQUEST_TIME'] . ', ' . $new_tid . ')') or error('Unable to create post', __FILE__, __LINE__, $db->error());
}
$new_pid = $db->insert_id();
// Update the topic with last_post_id
$db->query('UPDATE ' . $db->prefix . 'topics SET last_post_id=' . $new_pid . ' WHERE id=' . $new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error());
update_search_index('post', $new_pid, $message, $subject);
update_forum($fid);
}
}
generate_rss();
$uploaded = 0;
$upload_result = process_uploaded_files($fid ? $new_tid : $tid, $new_pid, $uploaded);
// If the posting user is logged in, increment his/her post count
// MERGE POSTS BEGIN
if (!$pun_user['is_guest']) {
if ($uploaded) {
\'' . get_remote_address() . '\',
\'' . $smilies . '\',
\'0\',
\'0\',
\'' . $_SERVER['REQUEST_TIME'] . '\',
\'0\'
)') or error('Unable to send message', __FILE__, __LINE__, $db->error());
// Save an own copy of the message
if (isset($_POST['savemessage'])) {
$db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted, popup) VALUES(
\'' . $pun_user['id'] . '\',
\'' . $db->escape($subject) . '\',
\'' . $db->escape($message) . '\',
\'' . $db->escape($user) . '\',
\'' . $id . '\',
\'' . get_remote_address() . '\',
\'' . $smilies . '\',
\'1\',
\'1\',
\'' . $_SERVER['REQUEST_TIME'] . '\',
\'1\'
)') or error('Unable to send message', __FILE__, __LINE__, $db->error());
}
} else {
wap_message($lang_pms['No user']);
}
$topic_redirect = intval($_POST['topic_redirect']);
$from_profile = intval(@$_POST['from_profile']);
if ($from_profile) {
wap_redirect('profile.php?id=' . $from_profile);
} else {
// Load the "new_pm" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/new_pm.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject);
$mail_message = str_replace('<sender>', $pun_user['username'], $mail_message);
$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message);
}
foreach ($destinataires as $dest) {
$db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $dest['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($pun_user['username']) . '\', \'' . $pun_user['id'] . '\', \'' . get_remote_address() . '\', \'' . $smilies . '\', \'0\', \'0\', \'' . time() . '\' )') or error('Impossible d\'envoyer le message.', __FILE__, __LINE__, $db->error());
$new_mp = $db->insert_id();
// Save an own copy of the message
if ($save == 1) {
$db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $pun_user['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($dest['username']) . '\', \'' . $dest['id'] . '\', \'' . get_remote_address() . '\', \'' . $smilies . '\', \'1\', \'1\', \'' . time() . '\' )') or error('Impossible de sauvegarder le message dans le dossier des messages envoyés', __FILE__, __LINE__, $db->error());
}
// E-mail notification
if ($pun_config['o_pms_notification'] == '1' && $dest['notify_mp'] == 1) {
$mail_message = str_replace('<pm_url>', $pun_config['o_base_url'] . '/pms_list.php?mid=' . $new_mp, $mail_message);
pun_mail($dest['email'], $mail_subject, $mail_message);
}
}
if ($from_profile != '') {
redirect('profile.php?id=' . $from_profile, $lang_pms['Sent redirect']);
} elseif ($tid != '') {
redirect('viewtopic.php?id=' . $tid, $lang_pms['Sent redirect']);
} else {
redirect('pms_list.php', $lang_pms['Sent redirect']);
}
}
/**
* @see parent::write()
*/
function write($session_id, $data)
{
$client = self::$client;
$address = get_remote_address();
$user_id = CAppUI::$instance->user_id;
$user_ip = $address["remote"] ? inet_pton($address["remote"]) : null;
$new_hash = md5($data);
$key = $this->getKey($session_id);
// If session is to be updated
if ($this->data_hash || $this->data_hash !== $new_hash) {
$session = array("user_id" => $user_id, "user_ip" => $user_ip, "data" => $data);
$client->set($key, serialize($session), $this->lifetime);
} else {
$client->expire($key, $this->lifetime);
}
return true;
}
// Check note_pm
$note_pm = 'Subject: ' . $pm_subject . "\n\n" . 'Message:' . "\n\n" . $pm_message;
} else {
$note_pm = '';
}
($hook = get_extensions('warn_after_validation')) ? eval($hook) : null;
if (empty($errors)) {
$expiration = $expiration != '0' ? $now + $expiration : 0;
$insert = array('user_id' => $user_id, 'type_id' => $warning_type, 'post_id' => $post_id, 'title' => $warning_type == 0 ? $warning_title : '', 'points' => $warning_points, 'date_issued' => $now, 'date_expire' => $expiration, 'issued_by' => $panther_user['id'], 'note_admin' => $admin_note, 'note_post' => isset($message) ? $message : '', 'note_pm' => $note_pm);
$db->insert('warnings', $insert);
// If private messaging system is enabled
if ($panther_config['o_private_messaging'] == '1') {
$insert = array('subject' => $pm_subject, 'poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'num_replies' => 0, 'last_post' => $now, 'last_poster' => $panther_user['username']);
$db->insert('conversations', $insert);
$new_tid = $db->lastInsertId($db->prefix . 'conversations');
$insert = array('poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'poster_ip' => get_remote_address(), 'message' => $pm_message, 'hide_smilies' => 0, 'posted' => $now, 'topic_id' => $new_tid);
$db->insert('messages', $insert);
$new_pid = $db->lastInsertId($db->prefix . 'messages');
$update = array('first_post_id' => $new_pid, 'last_post_id' => $new_pid);
$data = array(':tid' => $new_tid);
$db->update('conversations', $update, 'id=:tid', $data);
$insert = array('topic_id' => $new_tid, 'user_id' => $user_id);
$db->insert('pms_data', $insert);
$insert = array('topic_id' => $new_tid, 'user_id' => $panther_user['id'], 'viewed' => 1, 'deleted' => 1);
$db->insert('pms_data', $insert);
$data = array(':id' => $user_id);
$db->run('UPDATE ' . $db->prefix . 'users SET num_pms=num_pms+1 WHERE id=:id', $data);
if ($pm_notify == '1') {
$info = array('message' => array('<username>' => $username, '<sender>' => $panther_user['username'], '<message>' => $pm_message, '<pm_title>' => $subject, '<message_url>' => panther_link($panther_url['pms_topic'], array($new_pid))));
$mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/new_pm.tpl', $info);
$mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']);
function pun_csrf_token()
{
global $pun_user;
static $token;
if (!isset($token)) {
$token = pun_hash($pun_user['id'] . $pun_user['password'] . pun_hash(get_remote_address()));
}
return $token;
}
} else {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
// Prune "old" search results
$old_searches = array();
$result = $db->query('SELECT ident FROM ' . $db->prefix . 'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
while ($row = $db->fetch_row($result)) {
$old_searches[] = '\'' . $db->escape($row[0]) . '\'';
}
$db->query('DELETE FROM ' . $db->prefix . 'search_cache WHERE ident NOT IN(' . implode(',', $old_searches) . ')') or error('Unable to delete search results', __FILE__, __LINE__, $db->error());
}
// Fill an array with our results and search properties
$temp = serialize(array('search_ids' => serialize($search_ids), 'num_hits' => $num_hits, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_as' => $show_as, 'search_type' => $search_type));
$search_id = mt_rand(1, 2147483647);
$ident = $luna_user['is_guest'] ? get_remote_address() : $luna_user['username'];
$db->query('INSERT INTO ' . $db->prefix . 'search_cache (id, ident, search_data) VALUES(' . $search_id . ', \'' . $db->escape($ident) . '\', \'' . $db->escape($temp) . '\')') or error('Unable to insert search results', __FILE__, __LINE__, $db->error());
if ($search_type[0] != 'action') {
$db->end_transaction();
$db->close();
// Redirect the user to the cached result page
header('Location: search.php?search_id=' . $search_id);
exit;
}
}
$forum_actions = array();
// If we're on the new posts search, display a "mark all as read" link
if (!$luna_user['is_guest'] && $search_type[0] == 'action' && $search_type[1] == 'show_new') {
$forum_actions[] = '<a href="misc.php?action=markread">' . __('Mark as read', 'luna') . '</a>';
}
// Fetch results to display
function luna_csrf_token()
{
global $luna_user;
return luna_hash($luna_user['id'] . luna_hash(get_remote_address()));
}
function luna_csrf_token()
{
global $luna_user;
static $token;
if (!isset($token)) {
return luna_hash($luna_user['id'] . $luna_user['password'] . luna_hash(get_remote_address()));
}
}
}
$replace = array($panther_user['username'], get_title($panther_user), strip_tags($panther_config['o_board_title']), strip_tags($panther_config['o_board_desc']), '[email]' . $panther_config['o_admin_email'] . '[/email]', '[email]' . $panther_config['o_webmaster_email'] . '[/email]', '[email]' . $panther_user['email'] . '[/email]', $panther_user['num_posts'], '[url]' . $panther_user['url'] . '[/url]', $panther_user['realname']);
$search = array('{username}', '{user_title}', '{board_title}', '{board_desc}', '{admin_email}', '{webmaster_email}', '{user_email}', '{user_posts}', '{website}', '{location}', '{real_name}');
$data = $update = array();
$moderation['reply_message'] = str_replace($search, $replace, $moderation['reply_message']);
if ($moderation['close'] != '2') {
$update['closed'] = $moderation['close'];
}
if ($moderation['stick'] != '2') {
$update['sticky'] = $moderation['stick'];
}
if ($moderation['archive'] != '2') {
$update['archived'] = $moderation['archive'];
}
if ($moderation['reply_message'] != '') {
$insert = array('poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'poster_ip' => get_remote_address(), 'message' => $moderation['reply_message'], 'hide_smilies' => 0, 'posted' => time(), 'topic_id' => $tid);
$db->insert('posts', $insert);
$new_pid = $db->lastInsertId($db->prefix . 'posts');
require PANTHER_ROOT . 'include/search_idx.php';
update_search_index('post', $new_pid, $moderation['reply_message']);
}
if ($moderation['move'] != '0') {
$update['forum_id'] = $moderation['move'];
if ($moderation['leave_redirect'] == '1') {
// Fetch info for the redirect topic
$data = array(':id' => $tid);
$ps = $db->select('topics', 'poster, subject, posted, last_post, forum_id', $data, 'id=:id');
$moved_to = $ps->fetch();
// Create the redirect topic
$insert = array('poster' => $moved_to['poster'], 'subject' => $moderation['add_start'] . $moved_to['subject'] . $moderation['add_end'], 'posted' => $moved_to['posted'], 'last_post' => $moved_to['last_post'], 'moved_to' => $tid, 'forum_id' => $moved_to['forum_id']);
$db->insert('topics', $insert);
public static function insert_default_users($username, $password, $email, $language, $style)
{
global $db, $db_type;
$now = time();
$db->start_transaction();
// Insert guest and first admin user
$db->query('INSERT INTO ' . $db->prefix . 'users (group_id, username, password, email) VALUES(3, \'' . $db->escape(__('Guest', 'luna')) . '\', \'' . $db->escape(__('Guest', 'luna')) . '\', \'' . $db->escape(__('Guest', 'luna')) . '\')') or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \'' . $db->escape($username) . '\', \'' . luna_hash($password) . '\', \'' . $email . '\', \'' . $db->escape($language) . '\', \'' . $db->escape($style) . '\', 1, ' . $now . ', ' . $now . ', \'' . $db->escape(get_remote_address()) . '\', ' . $now . ')') or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->end_transaction();
}
}
// Check that the username (or a too similar username) is not already registered
$result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE username=\'' . $db->escape($username) . '\' OR username=\'' . $db->escape(preg_replace('/[^\\w]/', '', $username)) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
if ($db->num_rows($result)) {
$busy = $db->result($result);
message_backstage(__('Someone is already registered with the username', 'luna') . ' ' . luna_htmlspecialchars($busy) . '. ' . __('The username you entered is too similar. The username must differ from that by at least one alphanumerical character (a-z or 0-9). Please choose a different username.', 'luna'));
}
$timezone = '0';
$language = $luna_config['o_default_lang'];
$email_setting = intval(1);
// Insert the new user into the database. We do this now to get the last inserted id for later use.
$now = time();
$intial_group_id = $_POST['random_pass'] == '0' ? $luna_config['o_default_user_group'] : LUNA_UNVERIFIED;
$password_hash = luna_hash($password);
// Add the user
$db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, email_setting, php_timezone, language, style, registered, registration_ip, last_visit) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $email1 . '\', ' . $email_setting . ', ' . $timezone . ' , \'' . $language . '\', \'' . $luna_config['o_default_style'] . '\', ' . $now . ', \'' . get_remote_address() . '\', ' . $now . ')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
$new_uid = $db->insert_id();
// Must the user verify the registration?
if ($_POST['random_pass'] == '1') {
// Validate e-mail
require LUNA_ROOT . 'include/email.php';
// Load the "welcome" template
$mail_tpl = trim(__('Subject: Welcome to <board_title>!
Thank you for registering in the forums at <base_url>. Your account details are:
Username: <username>
Password: <password>
Login at <login_url> to activate the account.
function load_admin_nav($section, $page)
{
global $luna_user, $luna_config, $is_admin;
// What page are we on?
if ($page == 'index') {
$page_title = '<span class="fa fa-fw fa-tachometer"></span> ' . __('Backstage', 'luna');
} elseif ($page == 'stats') {
$page_title = '<span class="fa fa-fw fa-info-circle"></span> ' . __('System info', 'luna');
} elseif ($page == 'update') {
$page_title = '<span class="fa fa-fw fa-cloud-upload"></span> ' . __('Luna software update', 'luna');
} elseif ($page == 'about') {
$page_title = '<span class="fa fa-fw fa-moon-o"></span> ' . __('About Luna', 'luna');
} elseif ($page == 'board') {
$page_title = '<span class="fa fa-fw fa-sort-amount-desc"></span> ' . __('Board', 'luna');
} elseif ($page == 'moderate') {
$page_title = '<span class="fa fa-fw fa-tasks"></span> ' . __('Moderate', 'luna');
} elseif ($page == 'censoring') {
$page_title = '<span class="fa fa-fw fa-eye-slash"></span> ' . __('Censoring', 'luna');
} elseif ($page == 'reports') {
$page_title = '<span class="fa fa-fw fa-exclamation-triangle"></span> ' . __('Reports', 'luna');
} elseif ($page == 'users') {
$page_title = '<span class="fa fa-fw fa-search"></span> ' . __('Search', 'luna');
} elseif ($page == 'tools') {
$page_title = '<span class="fa fa-fw fa-wrench"></span> ' . __('Tools', 'luna');
} elseif ($page == 'ranks') {
$page_title = '<span class="fa fa-fw fa-chevron-up"></span> ' . __('Ranks', 'luna');
} elseif ($page == 'groups') {
$page_title = '<span class="fa fa-fw fa-group"></span> ' . __('Groups', 'luna');
} elseif ($page == 'permissions') {
$page_title = '<span class="fa fa-fw fa-check-circle"></span> ' . __('Permissions', 'luna');
} elseif ($page == 'bans') {
$page_title = '<span class="fa fa-fw fa-ban"></span> ' . __('Bans', 'luna');
} elseif ($page == 'settings') {
$page_title = '<span class="fa fa-fw fa-cogs"></span> ' . __('Settings', 'luna');
} elseif ($page == 'features') {
$page_title = '<span class="fa fa-fw fa-sliders"></span> ' . __('Features', 'luna');
} elseif ($page == 'appearance') {
$page_title = '<span class="fa fa-fw fa-eye"></span> ' . __('Appearance', 'luna');
} elseif ($page == 'registration') {
$page_title = '<span class="fa fa-fw fa-plus-circle"></span> ' . __('Registration', 'luna');
} elseif ($page == 'email') {
$page_title = '<span class="fa fa-fw fa-envelope"></span> ' . __('Email', 'luna');
} elseif ($page == 'menu') {
$page_title = '<span class="fa fa-fw fa-bars"></span> ' . __('Menu', 'luna');
} elseif ($page == 'theme') {
$page_title = '<span class="fa fa-fw fa-paint-brush"></span> ' . __('Theme', 'luna');
} elseif ($page == 'maintenance') {
$page_title = '<span class="fa fa-fw fa-coffee"></span> ' . __('Maintenance', 'luna');
} elseif ($page == 'prune') {
$page_title = '<span class="fa fa-fw fa-recycle"></span> ' . __('Prune', 'luna');
} elseif ($page == 'database') {
$page_title = '<span class="fa fa-fw fa-database"></span> ' . __('Database management', 'luna');
} elseif ($page == 'info') {
$page_title = '<span class="fa fa-fw fa-info-circle"></span> ' . __('Info', 'luna');
} else {
$page_title = $page;
}
?>
<nav class="navbar navbar-fixed-top navbar-default" role="navigation">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="../index.php"><span class="fa fa-fw fa-arrow-left hidden-xs"></span><span class="visible-xs-inline"><?php
echo $page_title;
?>
</span></a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="<?php
if ($section == 'backstage') {
echo 'active';
}
?>
"><a href="index.php"><span class="fa fa-fw fa-dashboard"></span> <?php
_e('Backstage', 'luna');
?>
</a></li>
<?php
if ($is_admin) {
?>
<li class="<?php
if ($section == 'content') {
echo 'active';
}
?>
"><a href="board.php"><span class="fa fa-fw fa-file"></span> <?php
_e('Content', 'luna');
?>
</a></li>
<?php
} else {
?>
<li class="<?php
if ($section == 'content') {
echo 'active';
}
?>
"><a href="reports.php"><span class="fa fa-fw fa-file"></span> <?php
_e('Content', 'luna');
?>
</a></li>
<?php
}
?>
<li class="<?php
if ($section == 'users') {
echo 'active';
}
?>
"><a href="users.php"><span class="fa fa-fw fa-users"></span> <?php
_e('Users', 'luna');
?>
</a></li>
<?php
if ($is_admin) {
?>
<li class="<?php
if ($section == 'settings') {
echo 'active';
}
?>
"><a href="settings.php"><span class="fa fa-fw fa-cog"></span> <?php
_e('Settings', 'luna');
?>
</a></li><?php
}
?>
<?php
if ($is_admin) {
?>
<li class="<?php
if ($section == 'maintenance') {
echo 'active';
}
?>
"><a href="maintenance.php"><span class="fa fa-fw fa-coffee"></span> <?php
_e('Maintenance', 'luna');
?>
</a></li> <?php
}
// See if there are any plugins
$plugins = forum_list_plugins($is_admin);
// Did we find any plugins?
if (!empty($plugins)) {
?>
<li class="dropdown<?php
if ($section == ' extensions') {
echo 'active';
}
?>
">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">
<span class="fa fa-fw fa-cogs"></span> <?php
_e('Extensions', 'luna');
?>
<span class="fa fa-fw fa-angle-down">
</a>
<ul class="dropdown-menu">
<?php
foreach ($plugins as $plugin_name => $plugin) {
echo "\t\t\t\t\t" . '<li><a href="loader.php?plugin=' . $plugin_name . '">' . str_replace('_', ' ', $plugin) . '</a></li>' . "\n";
}
?>
</ul>
</li>
<?php
}
?>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown usermenu">
<a href="#" class="dropdown-toggle dropdown-user" data-toggle="dropdown">
<span class="hidden-sm"><?php
print luna_htmlspecialchars($luna_user['username']);
?>
</span><?php
echo draw_user_avatar($luna_user['id'], true, 'avatar');
?>
<span class="fa fa-fw fa-angle-down"></span>
</a>
<ul class="dropdown-menu">
<li><a href="../profile.php?id=<?php
echo $luna_user['id'];
?>
"><?php
_e('Profile', 'luna');
?>
</a></li>
<li><a href="../settings.php?id=<?php
echo '' . $luna_user['id'];
?>
"><?php
_e('Settings', 'luna');
?>
</a></li>
<li class="divider"></li>
<li><a href="../help.php"><?php
_e('Help', 'luna');
?>
</a></li>
<li><a href="http://getluna.org"><?php
_e('Support', 'luna');
?>
</a></li>
<li class="divider"></li>
<li><a href="../login.php?action=out&id=<?php
echo '' . $luna_user['id'] . '&csrf_token=' . luna_hash($luna_user['id'] . luna_hash(get_remote_address()));
?>
"><?php
_e('Logout', 'luna');
?>
</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="jumbotron jumboheader">
<div class="container">
<div class="row">
<h2 class="hidden-xs">
<?php
echo $page_title;
if ($luna_config['o_update_ring'] > 1) {
echo '<span class="pull-right" style="font-size: 70%;">Core ' . Version::FORUM_CORE_VERSION . '</span>';
}
?>
</h2>
<?php
if ($section == 'backstage') {
?>
<ul class="nav nav-tabs" role="tablist">
<li<?php
if ($page == 'index') {
echo ' class="active"';
}
?>
><a href="index.php"><span class="fa fa-fw fa-tachometer"></span><span class="hidden-xs"> <?php
_e('Backstage', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'stats') {
echo ' class="active"';
}
?>
><a href="system.php"><span class="fa fa-fw fa-info-circle"></span><span class="hidden-xs"> <?php
_e('System info', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'update') {
echo ' class="active"';
}
?>
><a href="update.php"><span class="fa fa-fw fa-cloud-upload"></span><span class="hidden-xs"> <?php
_e('Update', 'luna');
?>
</span></a></li>
<li class="pull-right<?php
if ($page == 'about') {
echo ' active';
}
?>
"><a href="about.php"><span class="fa fa-fw fa-moon-o"></span><span class="hidden-xs"> <?php
_e('About', 'luna');
?>
</span></a></li>
</ul>
<?php
}
if ($section == 'content') {
?>
<ul class="nav nav-tabs" role="tablist">
<li<?php
if ($page == 'board') {
echo ' class="active"';
}
?>
><a href="board.php"><span class="fa fa-fw fa-sort-amount-desc"></span><span class="hidden-xs"> <?php
_e('Board', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'moderate') {
echo ' class="active"';
}
?>
><a href="moderate.php"><span class="fa fa-fw fa-tasks"></span><span class="hidden-xs"> <?php
_e('Moderate', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'censoring') {
echo ' class="active"';
}
?>
><a href="censoring.php"><span class="fa fa-fw fa-eye-slash"></span><span class="hidden-xs"> <?php
_e('Censoring', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'reports') {
echo ' class="active"';
}
?>
><a href="reports.php"><span class="fa fa-fw fa-exclamation-triangle"></span><span class="hidden-xs"> <?php
_e('Reports', 'luna');
?>
</span></a></li>
</ul>
<?php
}
if ($section == 'users') {
?>
<ul class="nav nav-tabs" role="tablist">
<li<?php
if ($page == 'users') {
echo ' class="active"';
}
?>
><a href="users.php"><span class="fa fa-fw fa-search"></span><span class="hidden-xs"> <?php
_e('Search', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'tools') {
echo ' class="active"';
}
?>
><a href="tools.php"><span class="fa fa-fw fa-wrench"></span><span class="hidden-xs"> <?php
_e('Tools', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'ranks') {
echo ' class="active"';
}
?>
><a href="ranks.php"><span class="fa fa-fw fa-chevron-up"></span><span class="hidden-xs"> <?php
_e('Ranks', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'groups') {
echo ' class="active"';
}
?>
><a href="groups.php"><span class="fa fa-fw fa-group"></span><span class="hidden-xs"> <?php
_e('Groups', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'permissions') {
echo ' class="active"';
}
?>
><a href="permissions.php"><span class="fa fa-fw fa-check-circle"></span><span class="hidden-xs"> <?php
_e('Permissions', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'bans') {
echo ' class="active"';
}
?>
><a href="bans.php"><span class="fa fa-fw fa-ban"></span><span class="hidden-xs"> <?php
_e('Bans', 'luna');
?>
</span></a></li>
</ul>
<?php
}
if ($section == 'settings') {
?>
<ul class="nav nav-tabs" role="tablist">
<li<?php
if ($page == 'settings') {
echo ' class="active"';
}
?>
><a href="settings.php"><span class="fa fa-fw fa-cogs"></span><span class="hidden-xs"> <?php
_e('Settings', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'features') {
echo ' class="active"';
}
?>
><a href="features.php"><span class="fa fa-fw fa-sliders"></span><span class="hidden-xs"> <?php
_e('Features', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'appearance') {
echo ' class="active"';
}
?>
><a href="appearance.php"><span class="fa fa-fw fa-eye"></span><span class="hidden-xs"> <?php
_e('Appearance', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'registration') {
echo ' class="active"';
}
?>
><a href="registration.php"><span class="fa fa-fw fa-plus-circle"></span><span class="hidden-xs"> <?php
_e('Registration', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'email') {
echo ' class="active"';
}
?>
><a href="email.php"><span class="fa fa-fw fa-envelope"></span><span class="hidden-xs"> <?php
_e('Email', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'menu') {
echo ' class="active"';
}
?>
><a href="menu.php"><span class="fa fa-fw fa-bars"></span><span class="hidden-xs"> <?php
_e('Menu', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'theme') {
echo ' class="active"';
}
?>
><a href="theme.php"><span class="fa fa-fw fa-paint-brush"></span><span class="hidden-xs"> <?php
_e('Theme', 'luna');
?>
</span></a></li>
</ul>
<?php
}
if ($section == 'maintenance') {
?>
<ul class="nav nav-tabs" role="tablist">
<li<?php
if ($page == 'maintenance') {
echo ' class="active"';
}
?>
><a href="maintenance.php"><span class="fa fa-fw fa-coffee"></span><span class="hidden-xs"> <?php
_e('Maintenance', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'prune') {
echo ' class="active"';
}
?>
><a href="prune.php"><span class="fa fa-fw fa-recycle"></span><span class="hidden-xs"> <?php
_e('Prune', 'luna');
?>
</span></a></li>
<li<?php
if ($page == 'database') {
echo ' class="active"';
}
?>
><a href="database.php"><span class="fa fa-fw fa-database"></span><span class="hidden-xs"> <?php
_e('Database', 'luna');
?>
</span></a></li>
</ul>
<?php
}
?>
</div>
</div>
</div>
<div class="content">
<div class="container">
<div class="row">
<?php
}
$update = array('group_id' => $panther_user['g_promote_next_group']);
$data = array('id' => $panther_user['id']);
$db->update('users', $update, 'id=:id', $data);
}
} else {
$update = array('last_post' => $now);
$data = array(':id' => $panther_user['id']);
$db->update('users', $update, 'id=:id', $data);
}
// Topic tracking stuff...
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$new_tid] = time();
set_tracked_topics($tracked_topics);
} else {
$update = array('last_post' => $now);
$data = array(':ident' => get_remote_address());
$db->update('online', $update, 'ident=:ident', $data);
}
($hook = get_extensions('post_after_posted')) ? eval($hook) : null;
if ($add_poll) {
$redirect = panther_link($panther_url['poll_add'], array($new_tid));
}
switch (true) {
case $fid && $topic_approve == '0':
$redirect_lang = $lang_post['Topic moderation redirect'];
if (!isset($redirect)) {
$redirect = panther_link($panther_url['forum'], array($cur_posting['id'], url_friendly($subject)));
}
break;
case $tid && $post_approve == '0':
$redirect_lang = $lang_post['Post moderation redirect'];
$initial_group_id = 9;
} else {
$initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED;
}
$salt = random_key(12);
$password_hash = forum_hash($password1, $salt);
// Validate timezone and DST
$timezone = isset($_POST['timezone']) ? floatval($_POST['timezone']) : $forum_config['o_default_timezone'];
// Validate timezone — on error use default value
if ($timezone > 14.0 || $timezone < -12.0) {
$timezone = $forum_config['o_default_timezone'];
}
// DST
$dst = isset($_POST['dst']) && intval($_POST['dst']) === 1 ? 1 : $forum_config['o_default_dst'];
// Insert the new user into the database. We do this now to get the last inserted id for later use.
$user_info = array('username' => $username, 'pubkey' => $pubkey, 'btcaddress' => $btcaddress, 'invitedBy' => $username2, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password1, 'password_hash' => $password_hash, 'email' => $email1, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $language, 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, true) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1');
($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null;
add_user($user_info, $new_uid);
// If we previously found out that the e-mail was banned
if ($banned_email && $forum_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Banned e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
($hook = get_hook('rg_register_banned_email')) ? eval($hook) : null;
forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the e-mail was a dupe
if (!empty($dupe_list) && $forum_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Duplicate e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
($hook = get_hook('rg_register_dupe_email')) ? eval($hook) : null;
forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
/**
* Prepare the user log before object persistence
*
* @return CUserLog|null null if not loggable
*/
protected function prepareLog()
{
$this->_ref_current_log = null;
// If the object is not loggable
if (!$this->_spec->loggable || $this->_purge) {
return null;
}
// Find changed fields
$fields = array();
foreach ($this->getPlainFields() as $name => $value) {
if ($this->fieldModified($name)) {
$fields[] = $name;
}
}
// Change field count for SQL update prevention
$this->_count_modified = count($fields);
$object_id = $this->_id;
$old = $this->_old;
$type = "store";
$extra = null;
// Creation
if ($old->_id == null) {
$type = "create";
$fields = array();
}
// Merging
if ($this->_merging) {
$type = "merge";
}
// Deletion
if ($old->_id && !$this->_id) {
$type = "delete";
$object_id = $old->_id;
$extra = $old->_view;
$fields = array();
}
if (!count($fields) && $type === "store") {
$this->_ref_last_log = null;
return null;
}
if ($type === "store" || $type === "merge") {
$old_values = array();
$count_not_loggable = 0;
foreach ($fields as $_field) {
$_spec = $this->_specs[$_field];
if ($_spec instanceof CTextSpec || $_spec instanceof CHtmlSpec || $_spec instanceof CXmlSpec || $_spec instanceof CPhpSpec || $_spec->loggable == "0") {
if ($_spec->loggable == "0") {
$count_not_loggable++;
}
continue;
}
$old_values[$_field] = utf8_encode($old->{$_field});
}
if (count($fields) == $count_not_loggable) {
return null;
}
$extra = json_encode($old_values);
}
$address = get_remote_address();
$log = new CUserLog();
$log->user_id = CAppUI::$instance->user_id;
$log->object_id = $object_id;
$log->object_class = $this->_class;
$log->type = $type;
$log->_fields = $fields;
$log->date = CMbDT::dateTime();
// Champs potentiellement absents
if (CModule::getInstalled("system")->mod_version > "1.0.19") {
$log->ip_address = $address["client"] ? inet_pton($address["client"]) : null;
$log->extra = $extra;
}
return $this->_ref_last_log = $log;
}
$password_hash = pun_hash($password1);
// Add the user
$db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $email1 . '\', ' . $email_setting . ', ' . $save_pass . ', ' . $timezone . ' , \'' . $db->escape($language) . '\', \'' . $pun_config['o_default_style'] . '\', ' . $now . ', \'' . get_remote_address() . '\', ' . $now . ')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
$new_uid = $db->insert_id();
// Debut Message prive de Bienvenue
if ($pun_config['o_welcome_mp'] == '1') {
$admin_username = '******';
$admin_user_id = 2;
$subject = 'Bienvenue ' . $username;
$message = str_replace('%user%', $username, $pun_config['o_welcome_message_mp']);
$now = time();
// Obtention dernier ID cree dans la base users
$result = $db->query('SELECT id FROM ' . $db->prefix . 'users ORDER BY id DESC LIMIT 0,1') or error('Impossible de retrouver les informations du dernier inscrit', __FILE__, __LINE__, $db->error());
// Envoi du message dans la messagerie privee du nouvel inscrit
$Dernier_id = $db->result($result);
$db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $db->escape($Dernier_id) . '\', \'' . $db->escape($subject) . '\', \'' . $db->escape($message) . '\', \'' . $db->escape($admin_username) . '\', \'' . $admin_user_id . '\', \'' . get_remote_address() . '\', \'1\', \'0\', \'0\', \'' . $now . '\' )') or error('Impossible d\'envoyer le message.', __FILE__, __LINE__, $db->error());
}
// Fin Message prive de Bienvenue
// If we previously found out that the e-mail was banned
if ($banned_email && $pun_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Banned e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . $pun_config['o_base_url'] . '/profile.php?id=' . $new_uid . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
// If we previously found out that the e-mail was a dupe
if (!empty($dupe_list) && $pun_config['o_mailing_list'] != '') {
$mail_subject = 'Alert - Duplicate e-mail detected';
$mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . $pun_config['o_base_url'] . '/profile.php?id=' . $new_uid . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)';
pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
}
// Should we alert people on the admin mailing list that a new user has registered?
$db->query('UPDATE ' . $db->prefix . 'users SET last_comment=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
}
if (!empty($r)) {
// It's a reply or a reply with a quote
// Check that $edit looks good
if ($r <= '0') {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'));
}
foreach ($destinataires as $dest) {
$val_showed = '0';
if ($dest['id'] == $luna_user['id']) {
$val_showed = '1';
} else {
$val_showed = '0';
}
$db->query('INSERT INTO ' . $db->prefix . 'messages (shared_id, owner, subject, message, sender, receiver, sender_id, receiver_id, sender_ip, hide_smilies, commented, show_message, showed) VALUES(\'' . $r . '\', \'' . $dest['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($luna_user['username']) . '\', \'' . $db->escape($usernames_list) . '\', \'' . $luna_user['id'] . '\', \'' . $db->escape($ids_list) . '\', \'' . get_remote_address() . '\', \'' . $hide_smilies . '\', \'' . $now . '\', \'0\', \'' . $val_showed . '\')') or error('Unable to send the message.', __FILE__, __LINE__, $db->error());
$new_mp = $db->insert_id();
$db->query('UPDATE ' . $db->prefix . 'messages SET last_comment_id=' . $new_mp . ', last_comment=' . $now . ', last_commenter=\'' . $db->escape($luna_user['username']) . '\' WHERE shared_id=' . $r . ' AND show_message=1 AND owner=' . $dest['id']) or error('Unable to update the message.', __FILE__, __LINE__, $db->error());
if ($dest['id'] != $luna_user['id']) {
$db->query('UPDATE ' . $db->prefix . 'messages SET showed = 0 WHERE shared_id=' . $r . ' AND show_message=1 AND owner=' . $dest['id']) or error('Unable to update the message.', __FILE__, __LINE__, $db->error());
}
// E-mail notification
if ($luna_config['o_inbox_notification'] == '1' && $dest['notify_inbox'] == '1' && $dest['id'] != $luna_user['id']) {
$mail_message = str_replace('<inbox_url>', $luna_config['o_base_url'] . '/viewinbox.php?tid=' . $r . '&mid=' . $new_mp . '&box=inbox', $mail_message);
$mail_message_full = str_replace('<inbox_url>', $luna_config['o_base_url'] . '/viewinbox.php?tid=' . $r . '&mid=' . $new_mp . '&box=inbox', $mail_message_full);
if ($dest['notify_inbox_full'] == '1') {
luna_mail($dest['email'], $mail_subject_full, $mail_message_full);
} else {
luna_mail($dest['email'], $mail_subject, $mail_message);
}
}
}
// Prune "old" search results
$old_searches = $placeholders = array();
$ps = $db->select('online', 'ident');
if ($ps->rowCount()) {
$ps->setFetchMode(PDO::FETCH_COLUMN, 0);
foreach ($ps as $cur_ident) {
$placeholders[] = '?';
$old_searches[] = $cur_ident;
}
$db->delete('search_cache', 'ident NOT IN(' . implode(',', $placeholders) . ')', $old_searches);
}
// Fill an array with our results and search properties
$temp = serialize(array('search_ids' => serialize($search_ids), 'num_hits' => $num_hits, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_as' => $show_as, 'search_type' => $search_type));
$search_id = mt_rand(1, 2147483647);
$ident = $panther_user['is_guest'] ? get_remote_address() : $panther_user['username'];
$insert = array('id' => $search_id, 'ident' => $ident, 'search_data' => $temp);
$db->insert('search_cache', $insert);
if ($search_type[0] != 'action') {
$db->end_transaction();
// Redirect the user to the cached result page
header('Location: ' . panther_link($panther_url['search_cache'], array($search_id)));
exit;
}
}
$forum_actions = array();
if (!$panther_user['is_guest'] && $search_type[0] == 'action' && $search_type[1] == 'show_new') {
$forum_actions[] = array('href' => panther_link($panther_url['mark_read']), 'title' => $lang_common['Mark all as read']);
}
// Fetch results to display
if (!empty($search_ids)) {
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $username, $mail_message);
$mail_message = str_replace('<email>', $email, $mail_message);
$mail_message = str_replace('<comment_url>', get_base_url() . '/viewtopic.php?pid=' . $new_pid . '#p' . $new_pid, $mail_message);
$mail_message = str_replace('<board_mailer>', $luna_config['o_board_title'], $mail_message);
luna_mail($luna_config['o_mailing_list'], $mail_subject, $mail_message);
}
// If the commenting user is logged in, increment his/her post count
if (!$luna_user['is_guest']) {
$db->query('UPDATE ' . $db->prefix . 'users SET num_posts=num_posts+1, last_post=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$new_tid] = time();
set_tracked_topics($tracked_topics);
} else {
$db->query('UPDATE ' . $db->prefix . 'online SET last_post=' . $now . ' WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to update user', __FILE__, __LINE__, $db->error());
}
redirect('viewtopic.php?pid=' . $new_pid . '#p' . $new_pid);
}
}
// If a thread ID was specified in the url (it's a reply)
if ($tid) {
$action = __('Add comment', 'luna');
$form = '<form id="post" method="post" action="post.php?action=post&tid=' . $tid . '" onsubmit="window.onbeforeunload=null;this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';
// If a quote ID was specified in the url
if (isset($_GET['qid'])) {
$qid = intval($_GET['qid']);
if ($qid < 1) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
}
$result = $db->query('SELECT poster, message FROM ' . $db->prefix . 'posts WHERE id=' . $qid . ' AND topic_id=' . $tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
if ($sha1_available) {
// There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB
$db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\' WHERE id=' . $user_id) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
}
}
if (!$authorized) {
message($lang_login['Wrong user/pass'] . ' <a href="login.php?action=forget">' . $lang_login['Forgotten pass'] . '</a>');
}
// Update the status if this is the first time the user logged in
if ($group_id == PUN_UNVERIFIED) {
$db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $pun_config['o_default_user_group'] . ' WHERE id=' . $user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
}
// Remove this users guest entry from the online list
$db->query('DELETE FROM ' . $db->prefix . 'online WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
$expire = $save_pass == '1' ? time() + 31536000 : 0;
pun_setcookie($user_id, $form_password_hash, $expire);
redirect($_POST['redirect_url'], $lang_login['Login redirect']);
} else {
if ($action == 'out') {
if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id']) {
header('Location: index.php');
exit;
}
// Remove user from "users online" list.
$db->query('DELETE FROM ' . $db->prefix . 'online WHERE user_id=' . $pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
// Update last_visit (make sure there's something to update it with)
if (isset($pun_user['logged'])) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
}
function add_post($post_info, &$new_pid)
{
global $forum_db, $db_type, $forum_config, $lang_common;
$return = ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// Add the post
$query = array('INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['hide_smilies'] . ', ' . $post_info['posted'] . ', ' . $post_info['topic_id']);
// If it's a guest post, there might be an e-mail address we need to include
if ($post_info['is_guest'] && $post_info['poster_email'] != null) {
$query['INSERT'] .= ', poster_email';
$query['VALUES'] .= ', \'' . $forum_db->escape($post_info['poster_email']) . '\'';
}
($hook = get_hook('fn_add_post_qr_add_post')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$new_pid = $forum_db->insert_id();
if (!$post_info['is_guest']) {
// Subscribe or unsubscribe?
if ($post_info['subscr_action'] == 1) {
$query = array('INSERT' => 'user_id, topic_id', 'INTO' => 'subscriptions', 'VALUES' => $post_info['poster_id'] . ' ,' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_add_subscription')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
} else {
if ($post_info['subscr_action'] == 2) {
$query = array('DELETE' => 'subscriptions', 'WHERE' => 'topic_id=' . $post_info['topic_id'] . ' AND user_id=' . $post_info['poster_id']);
($hook = get_hook('fn_add_post_qr_delete_subscription')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
}
}
// Count number of replies in the topic
$query = array('SELECT' => 'COUNT(p.id)', 'FROM' => 'posts AS p', 'WHERE' => 'p.topic_id=' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_get_topic_reply_count')) ? eval($hook) : null;
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
$num_replies = $forum_db->result($result, 0) - 1;
// Update topic
$query = array('UPDATE' => 'topics', 'SET' => 'num_replies=' . $num_replies . ', last_post=' . $post_info['posted'] . ', last_post_id=' . $new_pid . ', last_poster=\'' . $forum_db->escape($post_info['poster']) . '\'', 'WHERE' => 'id=' . $post_info['topic_id']);
($hook = get_hook('fn_add_post_qr_update_topic')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
sync_forum($post_info['forum_id']);
if (!defined('FORUM_SEARCH_IDX_FUNCTIONS_LOADED')) {
require FORUM_ROOT . 'include/search_idx.php';
}
update_search_index('post', $new_pid, $post_info['message']);
send_subscriptions($post_info, $new_pid);
// Increment user's post count & last post time
if (isset($post_info['update_user'])) {
if ($post_info['is_guest']) {
$query = array('UPDATE' => 'online', 'SET' => 'last_post=' . $post_info['posted'], 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\'');
} else {
$query = array('UPDATE' => 'users', 'SET' => 'num_posts=num_posts+1, last_post=' . $post_info['posted'], 'WHERE' => 'id=' . $post_info['poster_id']);
}
($hook = get_hook('fn_add_post_qr_update_last_post')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
}
// If the posting user is logged in update his/her unread indicator
if (!$post_info['is_guest'] && isset($post_info['update_unread']) && $post_info['update_unread']) {
$tracked_topics = get_tracked_topics();
$tracked_topics['topics'][$post_info['topic_id']] = time();
set_tracked_topics($tracked_topics);
}
($hook = get_hook('fn_add_post_end')) ? eval($hook) : null;
}
}
$timezone = round($_POST['timezone'], 1);
$dst = isset($_POST['dst']) ? '1' : '0';
$email_setting = intval($_POST['email_setting']);
if ($email_setting < 0 || $email_setting > 2) {
$email_setting = $pun_config['o_default_email_setting'];
}
// Did everything go according to plan?
if (empty($errors)) {
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $pun_config['o_regs_verify'] == '0' ? $pun_config['o_default_user_group'] : PUN_UNVERIFIED;
$password_hash = pun_hash($password1);
// Add the user
$query = $db->insert(array('username' => ':username', 'group_id' => ':group_id', 'password' => ':password', 'email' => ':email', 'email_setting' => ':email_setting', 'timezone' => ':timezone', 'dst' => ':dst', 'language' => ':language', 'style' => ':style', 'registered' => ':registered', 'registration_ip' => ':registration_ip', 'last_visit' => ':last_visit'), 'users');
$params = array(':username' => $username, ':group_id' => $intial_group_id, ':password' => $password_hash, ':email' => $email1, ':email_setting' => $email_setting, ':timezone' => $timezone, ':dst' => $dst, ':language' => $language, ':style' => $pun_config['o_default_style'], ':registered' => $now, ':registration_ip' => get_remote_address(), ':last_visit' => $now);
$query->run($params);
$new_uid = $db->insertId();
unset($query, $params);
// If the mailing list isn't empty, we may need to send out some alerts
if ($pun_config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if ($banned_email) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/banned_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $username, $mail_message);
$mail_message = str_replace('<email>', $email1, $mail_message);
}
if ($pun_config['o_rules'] == '1' && (!$pun_user['is_guest'] || $pun_user['g_read_board'] == '1' || $pun_config['o_regs_allow'] == '1')) {
$links[] = '<li id="navrules"' . (PUN_ACTIVE_PAGE == 'rules' ? ' class="isactive"' : '') . '><a href="misc.php?action=rules">' . $lang_common['Rules'] . '</a></li>';
}
if ($pun_user['g_read_board'] == '1' && $pun_user['g_search'] == '1') {
$links[] = '<li id="navsearch"' . (PUN_ACTIVE_PAGE == 'search' ? ' class="isactive"' : '') . '><a href="recherche">' . $lang_common['Search'] . '</a></li>';
}
if ($pun_user['is_guest']) {
$links[] = '<li id="navregister"' . (PUN_ACTIVE_PAGE == 'register' ? ' class="isactive"' : '') . '><a href="inscription">' . $lang_common['Register'] . '</a></li>';
$links[] = '<li id="navlogin"' . (PUN_ACTIVE_PAGE == 'login' ? ' class="isactive"' : '') . '><a href="connexion">' . $lang_common['Login'] . '</a></li>';
} else {
$links[] = '<li id="navprofile"' . (PUN_ACTIVE_PAGE == 'profile' ? ' class="isactive"' : '') . '><a href="membre-' . $pun_user['id'] . '">' . $lang_common['Profile'] . '</a></li>';
if ($pun_user['is_admmod']) {
$links[] = '<li id="navadmin"' . (PUN_ACTIVE_PAGE == 'admin' ? ' class="isactive"' : '') . '><a href="admin">' . $lang_common['Admin'] . '</a></li>';
}
$links[] = '<li id="navlogout"><a href="deconnexion?id=' . $pun_user['id'] . '&csrf_token=' . pun_hash($pun_user['id'] . pun_hash(get_remote_address())) . '">' . $lang_common['Logout'] . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
if ($pun_user['g_read_board'] == '1' && $pun_config['o_additional_navlinks'] != '') {
if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $pun_config['o_additional_navlinks'] . "\n", $extra_links)) {
// Insert any additional links into the $links array (at the correct index)
$num_links = count($extra_links[1]);
for ($i = 0; $i < $num_links; ++$i) {
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra' . ($i + 1) . '">' . $extra_links[2][$i] . '</li>'));
}
}
}
$tpl_temp = '<div id="brdmenu" class="inbox">' . "\n\t\t\t" . '<ul>' . "\n\t\t\t\t" . implode("\n\t\t\t\t", $links) . "\n\t\t\t" . '</ul>' . "\n\t\t" . '</div>';
$tpl_main = str_replace('<pun_navlinks>', $tpl_temp, $tpl_main);
// END SUBST - <pun_navlinks>
if (PUN_ACTIVE_PAGE == 'register' || PUN_ACTIVE_PAGE == 'login') {
