public function logout($id, $token) { global $lang_login; if ($this->user->is_guest || !isset($id) || $id != $this->user->id || !isset($token) || $token != feather_hash($this->user->id . feather_hash(get_remote_address()))) { header('Location: ' . get_base_url()); exit; } // Remove user from "users online" list DB::for_table('online')->where('user_id', $this->user->id)->delete_many(); // Update last_visit (make sure there's something to update it with) if (isset($this->user->logged)) { DB::for_table('users')->where('id', $this->user->id)->find_one()->set('last_visit', $this->user->logged)->save(); } feather_setcookie(1, feather_hash(uniqid(rand(), true)), time() + 31536000); redirect(get_base_url(), $lang_login['Logout redirect']); }
function escrow_publish_topic_problem($post_info) { global $forum_db, $db_type, $forum_config, $lang_common; if ($return != null) { return; } // Add the topic $query = array('INSERT' => 'poster, subject, posted, last_post, last_poster, forum_id, visibility', 'INTO' => 'topics', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', \'' . $forum_db->escape($post_info['subject']) . '\', ' . $post_info['posted'] . ', ' . $post_info['posted'] . ', \'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['forum_id'] . ', ' . $post_info['visibility']); $forum_db->query_build($query) or error(__FILE__, __LINE__); $new_tid = $forum_db->insert_id(); // Create the post ("topic post") $query = array('INSERT' => 'poster, poster_id, poster_ip, message, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['posted'] . ', ' . $new_tid); $forum_db->query_build($query) or error(__FILE__, __LINE__); $new_pid = $forum_db->insert_id(); // Update the topic with last_post_id and first_post_id $query = array('UPDATE' => 'topics', 'SET' => 'last_post_id=' . $new_pid . ', first_post_id=' . $new_pid, 'WHERE' => 'id=' . $new_tid); $forum_db->query_build($query) or error(__FILE__, __LINE__); return $new_tid; }
function get_user_nav_menu_items() { global $db, $luna_config, $luna_user; $items = array(); if ($luna_user['is_guest']) { $items['guest'] = array('register' => array('url' => 'register.php', 'title' => __('Register', 'luna')), 'login' => array('url' => '#', 'title' => __('Login', 'luna'))); } else { if ($luna_user['is_admmod']) { $items['backstage'] = array('url' => 'backstage/', 'title' => __('Backstage', 'luna')); } // Check for new notifications $result = $db->query('SELECT COUNT(id) FROM ' . $db->prefix . 'notifications WHERE viewed = 0 AND user_id = ' . $luna_user['id']) or error('Unable to load notifications', __FILE__, __LINE__, $db->error()); $num_notifications = intval($db->result($result)); $items['notifications'] = array('url' => $luna_config['o_notification_flyout'] ? '#' : 'notifications.php', 'title' => $num_notifications > 0 ? __('Notifications', 'luna') : __('No new notifications', 'luna'), 'num' => $num_notifications, 'flyout' => 1 == $luna_config['o_notification_flyout']); if ($luna_config['o_pms_enabled'] == '1' && $luna_user['g_pm'] == '1' && $luna_user['use_pm'] == '1') { // Check for new messages $result = $db->query('SELECT COUNT(id) FROM ' . $db->prefix . 'messages WHERE showed=0 AND show_message=1 AND owner=' . $luna_user['id']) or error('Unable to check the availibility of new messages', __FILE__, __LINE__, $db->error()); $num_new_pm = intval($db->result($result)); $items['inbox'] = array('url' => 'inbox.php', 'title' => 'Inbox', 'num' => $num_new_pm); } $items['user'] = array('profile' => array('url' => 'profile.php?id=' . $luna_user['id'], 'title' => __('Profile', 'luna')), 'settings' => array('url' => 'settings.php', 'title' => __('Settings', 'luna')), 'help' => array('url' => 'help.php', 'title' => __('Help', 'luna')), 'logout' => array('url' => 'login.php?action=out&id=' . $luna_user['id'] . '&csrf_token=' . luna_hash($luna_user['id'] . luna_hash(get_remote_address())), 'title' => __('Logout', 'luna'))); } return $items; }
function generate_cached_search_query($search_id, &$show_as) { global $forum_db, $db_type, $forum_user, $forum_config; $return = ($hook = get_hook('sf_fn_generate_cached_search_query_start')) ? eval($hook) : null; if ($return != null) { return $return; } $ident = $forum_user['is_guest'] ? get_remote_address() : $forum_user['username']; $query = array('SELECT' => 'sc.search_data', 'FROM' => 'search_cache AS sc', 'WHERE' => 'sc.id=' . $search_id . ' AND sc.ident=\'' . $forum_db->escape($ident) . '\''); ($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_search_data')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); if ($row = $forum_db->fetch_assoc($result)) { $search_data = unserialize($row['search_data']); $search_results = $search_data['search_results']; $sort_by = $search_data['sort_by']; $sort_dir = $search_data['sort_dir']; $show_as = $search_data['show_as']; unset($search_data); } else { return false; } // If there are no posts, we don't need to execute the query if (empty($search_results)) { return false; } switch ($sort_by) { case 1: $sort_by_sql = $show_as == 'topics' ? 't.poster' : 'p.poster'; break; case 2: $sort_by_sql = 't.subject'; break; case 3: $sort_by_sql = 't.forum_id'; break; default: $sort_by_sql = $show_as == 'topics' ? 't.posted' : 'p.posted'; ($hook = get_hook('sf_fn_generate_cached_search_query_qr_cached_sort_by')) ? eval($hook) : null; break; } if ($show_as == 'posts') { $query = array('SELECT' => 'p.id AS pid, p.poster AS pposter, p.posted AS pposted, p.poster_id, p.message, p.hide_smilies, t.id AS tid, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.forum_id, f.forum_name', 'FROM' => 'posts AS p', 'JOINS' => array(array('INNER JOIN' => 'topics AS t', 'ON' => 't.id=p.topic_id'), array('INNER JOIN' => 'forums AS f', 'ON' => 'f.id=t.forum_id')), 'WHERE' => 'p.id IN(' . $search_results . ')', 'ORDER BY' => $sort_by_sql . ' ' . $sort_dir); ($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_hits_as_posts')) ? eval($hook) : null; } else { $query = array('SELECT' => 't.id AS tid, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.sticky, t.forum_id, f.forum_name', 'FROM' => 'topics AS t', 'JOINS' => array(array('INNER JOIN' => 'forums AS f', 'ON' => 'f.id=t.forum_id')), 'WHERE' => 't.id IN(' . $search_results . ')', 'ORDER BY' => $sort_by_sql . ' ' . $sort_dir); // With "has posted" indication if (!$forum_user['is_guest'] && $forum_config['o_show_dot'] == '1') { $query['SELECT'] .= ', p.poster_id AS has_posted'; $query['JOINS'][] = array('LEFT JOIN' => 'posts AS p', 'ON' => '(p.poster_id=' . $forum_user['id'] . ' AND p.topic_id=t.id)'); // Must have same columns as in prev SELECT $query['GROUP BY'] = 't.id, t.poster, t.subject, t.first_post_id, t.posted, t.last_post, t.last_post_id, t.last_poster, t.num_replies, t.closed, t.sticky, t.forum_id, f.forum_name, p.poster_id'; ($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_has_posted')) ? eval($hook) : null; } ($hook = get_hook('sf_fn_generate_cached_search_query_qr_get_cached_hits_as_topics')) ? eval($hook) : null; } ($hook = get_hook('sf_fn_generate_cached_search_query_end')) ? eval($hook) : null; return $query; }
if ($_SESSION['GPG_MESSAGE'] == $_POST['req_CLEARTEXT'] || $_SESSION['GPG_CIPHERTEXT'] == 'SORRY, YOUR PUBKEY IS FAULTY') { // Remove this user's guest entry from the online list $query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\''); ($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire); ($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null; $_SESSION = array(); $_SESSION['NOT_BOT'] = 1; redirect(FORUM_ROOT . "search.php?action=show_new"); } } else { $_SESSION['GPG_VERIFICATION_REQUIRED'] = 0; // Remove this user's guest entry from the online list $query = array('DELETE' => 'online', 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\''); ($hook = get_hook('li_login_qr_delete_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $expire = $save_pass ? time() + 1209600 : time() + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($user_id . '|' . $form_password_hash . '|' . $expire . '|' . sha1($salt . $form_password_hash . forum_hash($expire, $salt))), $expire); ($hook = get_hook('li_login_pre_redirect')) ? eval($hook) : null; $_SESSION = array(); $_SESSION['NOT_BOT'] = 1; redirect(FORUM_ROOT . "search.php?action=show_new"); } } } } else { if ($action == 'out') { if ($forum_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $forum_user['id']) { header('Location: ' . forum_link($forum_url['index']));
} } if ($panther_config['p_allow_dupe_email'] == '0') { $data = array(':email' => $email); $ps = $db->select('users', 1, $data, 'email=:email'); if ($ps->rowCount()) { $errors[] = $lang_prof_reg['Dupe email']; } } if (empty($errors)) { // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $initial_group_id = $random_pass == 0 ? $panther_config['o_default_user_group'] : PANTHER_UNVERIFIED; $password_hash = panther_hash($password1 . $password_salt); // Add the user $insert = array('username' => $username, 'group_id' => $initial_group_id, 'password' => $password_hash, 'salt' => $password_salt, 'email' => $email, 'email_setting' => $panther_config['o_default_email_setting'], 'timezone' => $panther_config['o_default_timezone'], 'dst' => $panther_config['o_default_dst'], 'language' => $panther_config['o_default_lang'], 'style' => $panther_config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now); $db->insert('users', $insert); $new_uid = $db->lastInsertId($db->prefix . 'users'); if ($random_pass == '1') { $info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login']))); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info); $mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']); } // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_users_info_cache(); redirect(panther_link($panther_url['admin_maintenance']), $lang_admin_maintenance['User created message']); } }
$db->query('UPDATE ' . $db->prefix . 'topics SET has_poll=' . $poll_id . ' WHERE id=' . $new_tid) or error('Unable to update topic for poll', __FILE__, __LINE__, $db->error()); } } } // hcs AJAX POLL MOD END if (!$pun_user['is_guest']) { // To subscribe or not to subscribe, that ... if ($pun_config['o_subscriptions'] == 1 && $_POST['subscribe'] == 1) { $db->query('INSERT INTO ' . $db->prefix . 'subscriptions (user_id, topic_id) VALUES(' . $pun_user['id'] . ' ,' . $new_tid . ')') or error('Unable to add subscription', __FILE__, __LINE__, $db->error()); } // Create the post ("topic post") $db->query('INSERT INTO ' . $db->prefix . 'posts (poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', ' . $pun_user['id'] . ', \'' . get_remote_address() . '\', \'' . $db->escape($message) . '\', \'' . $hide_smilies . '\', ' . $_SERVER['REQUEST_TIME'] . ', ' . $new_tid . ')') or error('Unable to create post', __FILE__, __LINE__, $db->error()); } else { // Create the post ("topic post") $email_sql = $pun_config['p_force_guest_email'] == 1 || $email ? '\'' . $db->escape($email) . '\'' : 'NULL'; $db->query('INSERT INTO ' . $db->prefix . 'posts (poster, poster_ip, poster_email, message, hide_smilies, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', \'' . get_remote_address() . '\', ' . $email_sql . ', \'' . $db->escape($message) . '\', \'' . $hide_smilies . '\', ' . $_SERVER['REQUEST_TIME'] . ', ' . $new_tid . ')') or error('Unable to create post', __FILE__, __LINE__, $db->error()); } $new_pid = $db->insert_id(); // Update the topic with last_post_id $db->query('UPDATE ' . $db->prefix . 'topics SET last_post_id=' . $new_pid . ' WHERE id=' . $new_tid) or error('Unable to update topic', __FILE__, __LINE__, $db->error()); update_search_index('post', $new_pid, $message, $subject); update_forum($fid); } } generate_rss(); $uploaded = 0; $upload_result = process_uploaded_files($fid ? $new_tid : $tid, $new_pid, $uploaded); // If the posting user is logged in, increment his/her post count // MERGE POSTS BEGIN if (!$pun_user['is_guest']) { if ($uploaded) {
\'' . get_remote_address() . '\', \'' . $smilies . '\', \'0\', \'0\', \'' . $_SERVER['REQUEST_TIME'] . '\', \'0\' )') or error('Unable to send message', __FILE__, __LINE__, $db->error()); // Save an own copy of the message if (isset($_POST['savemessage'])) { $db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted, popup) VALUES( \'' . $pun_user['id'] . '\', \'' . $db->escape($subject) . '\', \'' . $db->escape($message) . '\', \'' . $db->escape($user) . '\', \'' . $id . '\', \'' . get_remote_address() . '\', \'' . $smilies . '\', \'1\', \'1\', \'' . $_SERVER['REQUEST_TIME'] . '\', \'1\' )') or error('Unable to send message', __FILE__, __LINE__, $db->error()); } } else { wap_message($lang_pms['No user']); } $topic_redirect = intval($_POST['topic_redirect']); $from_profile = intval(@$_POST['from_profile']); if ($from_profile) { wap_redirect('profile.php?id=' . $from_profile); } else {
// Load the "new_pm" template $mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/new_pm.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject); $mail_message = str_replace('<sender>', $pun_user['username'], $mail_message); $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message); } foreach ($destinataires as $dest) { $db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $dest['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($pun_user['username']) . '\', \'' . $pun_user['id'] . '\', \'' . get_remote_address() . '\', \'' . $smilies . '\', \'0\', \'0\', \'' . time() . '\' )') or error('Impossible d\'envoyer le message.', __FILE__, __LINE__, $db->error()); $new_mp = $db->insert_id(); // Save an own copy of the message if ($save == 1) { $db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $pun_user['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($dest['username']) . '\', \'' . $dest['id'] . '\', \'' . get_remote_address() . '\', \'' . $smilies . '\', \'1\', \'1\', \'' . time() . '\' )') or error('Impossible de sauvegarder le message dans le dossier des messages envoyés', __FILE__, __LINE__, $db->error()); } // E-mail notification if ($pun_config['o_pms_notification'] == '1' && $dest['notify_mp'] == 1) { $mail_message = str_replace('<pm_url>', $pun_config['o_base_url'] . '/pms_list.php?mid=' . $new_mp, $mail_message); pun_mail($dest['email'], $mail_subject, $mail_message); } } if ($from_profile != '') { redirect('profile.php?id=' . $from_profile, $lang_pms['Sent redirect']); } elseif ($tid != '') { redirect('viewtopic.php?id=' . $tid, $lang_pms['Sent redirect']); } else { redirect('pms_list.php', $lang_pms['Sent redirect']); } }
/** * @see parent::write() */ function write($session_id, $data) { $client = self::$client; $address = get_remote_address(); $user_id = CAppUI::$instance->user_id; $user_ip = $address["remote"] ? inet_pton($address["remote"]) : null; $new_hash = md5($data); $key = $this->getKey($session_id); // If session is to be updated if ($this->data_hash || $this->data_hash !== $new_hash) { $session = array("user_id" => $user_id, "user_ip" => $user_ip, "data" => $data); $client->set($key, serialize($session), $this->lifetime); } else { $client->expire($key, $this->lifetime); } return true; }
// Check note_pm $note_pm = 'Subject: ' . $pm_subject . "\n\n" . 'Message:' . "\n\n" . $pm_message; } else { $note_pm = ''; } ($hook = get_extensions('warn_after_validation')) ? eval($hook) : null; if (empty($errors)) { $expiration = $expiration != '0' ? $now + $expiration : 0; $insert = array('user_id' => $user_id, 'type_id' => $warning_type, 'post_id' => $post_id, 'title' => $warning_type == 0 ? $warning_title : '', 'points' => $warning_points, 'date_issued' => $now, 'date_expire' => $expiration, 'issued_by' => $panther_user['id'], 'note_admin' => $admin_note, 'note_post' => isset($message) ? $message : '', 'note_pm' => $note_pm); $db->insert('warnings', $insert); // If private messaging system is enabled if ($panther_config['o_private_messaging'] == '1') { $insert = array('subject' => $pm_subject, 'poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'num_replies' => 0, 'last_post' => $now, 'last_poster' => $panther_user['username']); $db->insert('conversations', $insert); $new_tid = $db->lastInsertId($db->prefix . 'conversations'); $insert = array('poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'poster_ip' => get_remote_address(), 'message' => $pm_message, 'hide_smilies' => 0, 'posted' => $now, 'topic_id' => $new_tid); $db->insert('messages', $insert); $new_pid = $db->lastInsertId($db->prefix . 'messages'); $update = array('first_post_id' => $new_pid, 'last_post_id' => $new_pid); $data = array(':tid' => $new_tid); $db->update('conversations', $update, 'id=:tid', $data); $insert = array('topic_id' => $new_tid, 'user_id' => $user_id); $db->insert('pms_data', $insert); $insert = array('topic_id' => $new_tid, 'user_id' => $panther_user['id'], 'viewed' => 1, 'deleted' => 1); $db->insert('pms_data', $insert); $data = array(':id' => $user_id); $db->run('UPDATE ' . $db->prefix . 'users SET num_pms=num_pms+1 WHERE id=:id', $data); if ($pm_notify == '1') { $info = array('message' => array('<username>' => $username, '<sender>' => $panther_user['username'], '<message>' => $pm_message, '<pm_title>' => $subject, '<message_url>' => panther_link($panther_url['pms_topic'], array($new_pid)))); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/new_pm.tpl', $info); $mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']);
function pun_csrf_token() { global $pun_user; static $token; if (!isset($token)) { $token = pun_hash($pun_user['id'] . $pun_user['password'] . pun_hash(get_remote_address())); } return $token; }
} else { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } // Prune "old" search results $old_searches = array(); $result = $db->query('SELECT ident FROM ' . $db->prefix . 'online') or error('Unable to fetch online list', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { while ($row = $db->fetch_row($result)) { $old_searches[] = '\'' . $db->escape($row[0]) . '\''; } $db->query('DELETE FROM ' . $db->prefix . 'search_cache WHERE ident NOT IN(' . implode(',', $old_searches) . ')') or error('Unable to delete search results', __FILE__, __LINE__, $db->error()); } // Fill an array with our results and search properties $temp = serialize(array('search_ids' => serialize($search_ids), 'num_hits' => $num_hits, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_as' => $show_as, 'search_type' => $search_type)); $search_id = mt_rand(1, 2147483647); $ident = $luna_user['is_guest'] ? get_remote_address() : $luna_user['username']; $db->query('INSERT INTO ' . $db->prefix . 'search_cache (id, ident, search_data) VALUES(' . $search_id . ', \'' . $db->escape($ident) . '\', \'' . $db->escape($temp) . '\')') or error('Unable to insert search results', __FILE__, __LINE__, $db->error()); if ($search_type[0] != 'action') { $db->end_transaction(); $db->close(); // Redirect the user to the cached result page header('Location: search.php?search_id=' . $search_id); exit; } } $forum_actions = array(); // If we're on the new posts search, display a "mark all as read" link if (!$luna_user['is_guest'] && $search_type[0] == 'action' && $search_type[1] == 'show_new') { $forum_actions[] = '<a href="misc.php?action=markread">' . __('Mark as read', 'luna') . '</a>'; } // Fetch results to display
function luna_csrf_token() { global $luna_user; return luna_hash($luna_user['id'] . luna_hash(get_remote_address())); }
function luna_csrf_token() { global $luna_user; static $token; if (!isset($token)) { return luna_hash($luna_user['id'] . $luna_user['password'] . luna_hash(get_remote_address())); } }
} $replace = array($panther_user['username'], get_title($panther_user), strip_tags($panther_config['o_board_title']), strip_tags($panther_config['o_board_desc']), '[email]' . $panther_config['o_admin_email'] . '[/email]', '[email]' . $panther_config['o_webmaster_email'] . '[/email]', '[email]' . $panther_user['email'] . '[/email]', $panther_user['num_posts'], '[url]' . $panther_user['url'] . '[/url]', $panther_user['realname']); $search = array('{username}', '{user_title}', '{board_title}', '{board_desc}', '{admin_email}', '{webmaster_email}', '{user_email}', '{user_posts}', '{website}', '{location}', '{real_name}'); $data = $update = array(); $moderation['reply_message'] = str_replace($search, $replace, $moderation['reply_message']); if ($moderation['close'] != '2') { $update['closed'] = $moderation['close']; } if ($moderation['stick'] != '2') { $update['sticky'] = $moderation['stick']; } if ($moderation['archive'] != '2') { $update['archived'] = $moderation['archive']; } if ($moderation['reply_message'] != '') { $insert = array('poster' => $panther_user['username'], 'poster_id' => $panther_user['id'], 'poster_ip' => get_remote_address(), 'message' => $moderation['reply_message'], 'hide_smilies' => 0, 'posted' => time(), 'topic_id' => $tid); $db->insert('posts', $insert); $new_pid = $db->lastInsertId($db->prefix . 'posts'); require PANTHER_ROOT . 'include/search_idx.php'; update_search_index('post', $new_pid, $moderation['reply_message']); } if ($moderation['move'] != '0') { $update['forum_id'] = $moderation['move']; if ($moderation['leave_redirect'] == '1') { // Fetch info for the redirect topic $data = array(':id' => $tid); $ps = $db->select('topics', 'poster, subject, posted, last_post, forum_id', $data, 'id=:id'); $moved_to = $ps->fetch(); // Create the redirect topic $insert = array('poster' => $moved_to['poster'], 'subject' => $moderation['add_start'] . $moved_to['subject'] . $moderation['add_end'], 'posted' => $moved_to['posted'], 'last_post' => $moved_to['last_post'], 'moved_to' => $tid, 'forum_id' => $moved_to['forum_id']); $db->insert('topics', $insert);
public static function insert_default_users($username, $password, $email, $language, $style) { global $db, $db_type; $now = time(); $db->start_transaction(); // Insert guest and first admin user $db->query('INSERT INTO ' . $db->prefix . 'users (group_id, username, password, email) VALUES(3, \'' . $db->escape(__('Guest', 'luna')) . '\', \'' . $db->escape(__('Guest', 'luna')) . '\', \'' . $db->escape(__('Guest', 'luna')) . '\')') or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error()); $db->query('INSERT INTO ' . $db->prefix . 'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \'' . $db->escape($username) . '\', \'' . luna_hash($password) . '\', \'' . $email . '\', \'' . $db->escape($language) . '\', \'' . $db->escape($style) . '\', 1, ' . $now . ', ' . $now . ', \'' . $db->escape(get_remote_address()) . '\', ' . $now . ')') or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error()); $db->end_transaction(); }
} // Check that the username (or a too similar username) is not already registered $result = $db->query('SELECT username FROM ' . $db->prefix . 'users WHERE username=\'' . $db->escape($username) . '\' OR username=\'' . $db->escape(preg_replace('/[^\\w]/', '', $username)) . '\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error()); if ($db->num_rows($result)) { $busy = $db->result($result); message_backstage(__('Someone is already registered with the username', 'luna') . ' ' . luna_htmlspecialchars($busy) . '. ' . __('The username you entered is too similar. The username must differ from that by at least one alphanumerical character (a-z or 0-9). Please choose a different username.', 'luna')); } $timezone = '0'; $language = $luna_config['o_default_lang']; $email_setting = intval(1); // Insert the new user into the database. We do this now to get the last inserted id for later use. $now = time(); $intial_group_id = $_POST['random_pass'] == '0' ? $luna_config['o_default_user_group'] : LUNA_UNVERIFIED; $password_hash = luna_hash($password); // Add the user $db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, email_setting, php_timezone, language, style, registered, registration_ip, last_visit) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $email1 . '\', ' . $email_setting . ', ' . $timezone . ' , \'' . $language . '\', \'' . $luna_config['o_default_style'] . '\', ' . $now . ', \'' . get_remote_address() . '\', ' . $now . ')') or error('Unable to create user', __FILE__, __LINE__, $db->error()); $new_uid = $db->insert_id(); // Must the user verify the registration? if ($_POST['random_pass'] == '1') { // Validate e-mail require LUNA_ROOT . 'include/email.php'; // Load the "welcome" template $mail_tpl = trim(__('Subject: Welcome to <board_title>! Thank you for registering in the forums at <base_url>. Your account details are: Username: <username> Password: <password> Login at <login_url> to activate the account.
function load_admin_nav($section, $page) { global $luna_user, $luna_config, $is_admin; // What page are we on? if ($page == 'index') { $page_title = '<span class="fa fa-fw fa-tachometer"></span> ' . __('Backstage', 'luna'); } elseif ($page == 'stats') { $page_title = '<span class="fa fa-fw fa-info-circle"></span> ' . __('System info', 'luna'); } elseif ($page == 'update') { $page_title = '<span class="fa fa-fw fa-cloud-upload"></span> ' . __('Luna software update', 'luna'); } elseif ($page == 'about') { $page_title = '<span class="fa fa-fw fa-moon-o"></span> ' . __('About Luna', 'luna'); } elseif ($page == 'board') { $page_title = '<span class="fa fa-fw fa-sort-amount-desc"></span> ' . __('Board', 'luna'); } elseif ($page == 'moderate') { $page_title = '<span class="fa fa-fw fa-tasks"></span> ' . __('Moderate', 'luna'); } elseif ($page == 'censoring') { $page_title = '<span class="fa fa-fw fa-eye-slash"></span> ' . __('Censoring', 'luna'); } elseif ($page == 'reports') { $page_title = '<span class="fa fa-fw fa-exclamation-triangle"></span> ' . __('Reports', 'luna'); } elseif ($page == 'users') { $page_title = '<span class="fa fa-fw fa-search"></span> ' . __('Search', 'luna'); } elseif ($page == 'tools') { $page_title = '<span class="fa fa-fw fa-wrench"></span> ' . __('Tools', 'luna'); } elseif ($page == 'ranks') { $page_title = '<span class="fa fa-fw fa-chevron-up"></span> ' . __('Ranks', 'luna'); } elseif ($page == 'groups') { $page_title = '<span class="fa fa-fw fa-group"></span> ' . __('Groups', 'luna'); } elseif ($page == 'permissions') { $page_title = '<span class="fa fa-fw fa-check-circle"></span> ' . __('Permissions', 'luna'); } elseif ($page == 'bans') { $page_title = '<span class="fa fa-fw fa-ban"></span> ' . __('Bans', 'luna'); } elseif ($page == 'settings') { $page_title = '<span class="fa fa-fw fa-cogs"></span> ' . __('Settings', 'luna'); } elseif ($page == 'features') { $page_title = '<span class="fa fa-fw fa-sliders"></span> ' . __('Features', 'luna'); } elseif ($page == 'appearance') { $page_title = '<span class="fa fa-fw fa-eye"></span> ' . __('Appearance', 'luna'); } elseif ($page == 'registration') { $page_title = '<span class="fa fa-fw fa-plus-circle"></span> ' . __('Registration', 'luna'); } elseif ($page == 'email') { $page_title = '<span class="fa fa-fw fa-envelope"></span> ' . __('Email', 'luna'); } elseif ($page == 'menu') { $page_title = '<span class="fa fa-fw fa-bars"></span> ' . __('Menu', 'luna'); } elseif ($page == 'theme') { $page_title = '<span class="fa fa-fw fa-paint-brush"></span> ' . __('Theme', 'luna'); } elseif ($page == 'maintenance') { $page_title = '<span class="fa fa-fw fa-coffee"></span> ' . __('Maintenance', 'luna'); } elseif ($page == 'prune') { $page_title = '<span class="fa fa-fw fa-recycle"></span> ' . __('Prune', 'luna'); } elseif ($page == 'database') { $page_title = '<span class="fa fa-fw fa-database"></span> ' . __('Database management', 'luna'); } elseif ($page == 'info') { $page_title = '<span class="fa fa-fw fa-info-circle"></span> ' . __('Info', 'luna'); } else { $page_title = $page; } ?> <nav class="navbar navbar-fixed-top navbar-default" role="navigation"> <div class="container"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="../index.php"><span class="fa fa-fw fa-arrow-left hidden-xs"></span><span class="visible-xs-inline"><?php echo $page_title; ?> </span></a> </div> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav"> <li class="<?php if ($section == 'backstage') { echo 'active'; } ?> "><a href="index.php"><span class="fa fa-fw fa-dashboard"></span> <?php _e('Backstage', 'luna'); ?> </a></li> <?php if ($is_admin) { ?> <li class="<?php if ($section == 'content') { echo 'active'; } ?> "><a href="board.php"><span class="fa fa-fw fa-file"></span> <?php _e('Content', 'luna'); ?> </a></li> <?php } else { ?> <li class="<?php if ($section == 'content') { echo 'active'; } ?> "><a href="reports.php"><span class="fa fa-fw fa-file"></span> <?php _e('Content', 'luna'); ?> </a></li> <?php } ?> <li class="<?php if ($section == 'users') { echo 'active'; } ?> "><a href="users.php"><span class="fa fa-fw fa-users"></span> <?php _e('Users', 'luna'); ?> </a></li> <?php if ($is_admin) { ?> <li class="<?php if ($section == 'settings') { echo 'active'; } ?> "><a href="settings.php"><span class="fa fa-fw fa-cog"></span> <?php _e('Settings', 'luna'); ?> </a></li><?php } ?> <?php if ($is_admin) { ?> <li class="<?php if ($section == 'maintenance') { echo 'active'; } ?> "><a href="maintenance.php"><span class="fa fa-fw fa-coffee"></span> <?php _e('Maintenance', 'luna'); ?> </a></li> <?php } // See if there are any plugins $plugins = forum_list_plugins($is_admin); // Did we find any plugins? if (!empty($plugins)) { ?> <li class="dropdown<?php if ($section == ' extensions') { echo 'active'; } ?> "> <a href="#" class="dropdown-toggle" data-toggle="dropdown"> <span class="fa fa-fw fa-cogs"></span> <?php _e('Extensions', 'luna'); ?> <span class="fa fa-fw fa-angle-down"> </a> <ul class="dropdown-menu"> <?php foreach ($plugins as $plugin_name => $plugin) { echo "\t\t\t\t\t" . '<li><a href="loader.php?plugin=' . $plugin_name . '">' . str_replace('_', ' ', $plugin) . '</a></li>' . "\n"; } ?> </ul> </li> <?php } ?> </ul> <ul class="nav navbar-nav navbar-right"> <li class="dropdown usermenu"> <a href="#" class="dropdown-toggle dropdown-user" data-toggle="dropdown"> <span class="hidden-sm"><?php print luna_htmlspecialchars($luna_user['username']); ?> </span><?php echo draw_user_avatar($luna_user['id'], true, 'avatar'); ?> <span class="fa fa-fw fa-angle-down"></span> </a> <ul class="dropdown-menu"> <li><a href="../profile.php?id=<?php echo $luna_user['id']; ?> "><?php _e('Profile', 'luna'); ?> </a></li> <li><a href="../settings.php?id=<?php echo '' . $luna_user['id']; ?> "><?php _e('Settings', 'luna'); ?> </a></li> <li class="divider"></li> <li><a href="../help.php"><?php _e('Help', 'luna'); ?> </a></li> <li><a href="http://getluna.org"><?php _e('Support', 'luna'); ?> </a></li> <li class="divider"></li> <li><a href="../login.php?action=out&id=<?php echo '' . $luna_user['id'] . '&csrf_token=' . luna_hash($luna_user['id'] . luna_hash(get_remote_address())); ?> "><?php _e('Logout', 'luna'); ?> </a></li> </ul> </li> </ul> </div> </div> </nav> <div class="jumbotron jumboheader"> <div class="container"> <div class="row"> <h2 class="hidden-xs"> <?php echo $page_title; if ($luna_config['o_update_ring'] > 1) { echo '<span class="pull-right" style="font-size: 70%;">Core ' . Version::FORUM_CORE_VERSION . '</span>'; } ?> </h2> <?php if ($section == 'backstage') { ?> <ul class="nav nav-tabs" role="tablist"> <li<?php if ($page == 'index') { echo ' class="active"'; } ?> ><a href="index.php"><span class="fa fa-fw fa-tachometer"></span><span class="hidden-xs"> <?php _e('Backstage', 'luna'); ?> </span></a></li> <li<?php if ($page == 'stats') { echo ' class="active"'; } ?> ><a href="system.php"><span class="fa fa-fw fa-info-circle"></span><span class="hidden-xs"> <?php _e('System info', 'luna'); ?> </span></a></li> <li<?php if ($page == 'update') { echo ' class="active"'; } ?> ><a href="update.php"><span class="fa fa-fw fa-cloud-upload"></span><span class="hidden-xs"> <?php _e('Update', 'luna'); ?> </span></a></li> <li class="pull-right<?php if ($page == 'about') { echo ' active'; } ?> "><a href="about.php"><span class="fa fa-fw fa-moon-o"></span><span class="hidden-xs"> <?php _e('About', 'luna'); ?> </span></a></li> </ul> <?php } if ($section == 'content') { ?> <ul class="nav nav-tabs" role="tablist"> <li<?php if ($page == 'board') { echo ' class="active"'; } ?> ><a href="board.php"><span class="fa fa-fw fa-sort-amount-desc"></span><span class="hidden-xs"> <?php _e('Board', 'luna'); ?> </span></a></li> <li<?php if ($page == 'moderate') { echo ' class="active"'; } ?> ><a href="moderate.php"><span class="fa fa-fw fa-tasks"></span><span class="hidden-xs"> <?php _e('Moderate', 'luna'); ?> </span></a></li> <li<?php if ($page == 'censoring') { echo ' class="active"'; } ?> ><a href="censoring.php"><span class="fa fa-fw fa-eye-slash"></span><span class="hidden-xs"> <?php _e('Censoring', 'luna'); ?> </span></a></li> <li<?php if ($page == 'reports') { echo ' class="active"'; } ?> ><a href="reports.php"><span class="fa fa-fw fa-exclamation-triangle"></span><span class="hidden-xs"> <?php _e('Reports', 'luna'); ?> </span></a></li> </ul> <?php } if ($section == 'users') { ?> <ul class="nav nav-tabs" role="tablist"> <li<?php if ($page == 'users') { echo ' class="active"'; } ?> ><a href="users.php"><span class="fa fa-fw fa-search"></span><span class="hidden-xs"> <?php _e('Search', 'luna'); ?> </span></a></li> <li<?php if ($page == 'tools') { echo ' class="active"'; } ?> ><a href="tools.php"><span class="fa fa-fw fa-wrench"></span><span class="hidden-xs"> <?php _e('Tools', 'luna'); ?> </span></a></li> <li<?php if ($page == 'ranks') { echo ' class="active"'; } ?> ><a href="ranks.php"><span class="fa fa-fw fa-chevron-up"></span><span class="hidden-xs"> <?php _e('Ranks', 'luna'); ?> </span></a></li> <li<?php if ($page == 'groups') { echo ' class="active"'; } ?> ><a href="groups.php"><span class="fa fa-fw fa-group"></span><span class="hidden-xs"> <?php _e('Groups', 'luna'); ?> </span></a></li> <li<?php if ($page == 'permissions') { echo ' class="active"'; } ?> ><a href="permissions.php"><span class="fa fa-fw fa-check-circle"></span><span class="hidden-xs"> <?php _e('Permissions', 'luna'); ?> </span></a></li> <li<?php if ($page == 'bans') { echo ' class="active"'; } ?> ><a href="bans.php"><span class="fa fa-fw fa-ban"></span><span class="hidden-xs"> <?php _e('Bans', 'luna'); ?> </span></a></li> </ul> <?php } if ($section == 'settings') { ?> <ul class="nav nav-tabs" role="tablist"> <li<?php if ($page == 'settings') { echo ' class="active"'; } ?> ><a href="settings.php"><span class="fa fa-fw fa-cogs"></span><span class="hidden-xs"> <?php _e('Settings', 'luna'); ?> </span></a></li> <li<?php if ($page == 'features') { echo ' class="active"'; } ?> ><a href="features.php"><span class="fa fa-fw fa-sliders"></span><span class="hidden-xs"> <?php _e('Features', 'luna'); ?> </span></a></li> <li<?php if ($page == 'appearance') { echo ' class="active"'; } ?> ><a href="appearance.php"><span class="fa fa-fw fa-eye"></span><span class="hidden-xs"> <?php _e('Appearance', 'luna'); ?> </span></a></li> <li<?php if ($page == 'registration') { echo ' class="active"'; } ?> ><a href="registration.php"><span class="fa fa-fw fa-plus-circle"></span><span class="hidden-xs"> <?php _e('Registration', 'luna'); ?> </span></a></li> <li<?php if ($page == 'email') { echo ' class="active"'; } ?> ><a href="email.php"><span class="fa fa-fw fa-envelope"></span><span class="hidden-xs"> <?php _e('Email', 'luna'); ?> </span></a></li> <li<?php if ($page == 'menu') { echo ' class="active"'; } ?> ><a href="menu.php"><span class="fa fa-fw fa-bars"></span><span class="hidden-xs"> <?php _e('Menu', 'luna'); ?> </span></a></li> <li<?php if ($page == 'theme') { echo ' class="active"'; } ?> ><a href="theme.php"><span class="fa fa-fw fa-paint-brush"></span><span class="hidden-xs"> <?php _e('Theme', 'luna'); ?> </span></a></li> </ul> <?php } if ($section == 'maintenance') { ?> <ul class="nav nav-tabs" role="tablist"> <li<?php if ($page == 'maintenance') { echo ' class="active"'; } ?> ><a href="maintenance.php"><span class="fa fa-fw fa-coffee"></span><span class="hidden-xs"> <?php _e('Maintenance', 'luna'); ?> </span></a></li> <li<?php if ($page == 'prune') { echo ' class="active"'; } ?> ><a href="prune.php"><span class="fa fa-fw fa-recycle"></span><span class="hidden-xs"> <?php _e('Prune', 'luna'); ?> </span></a></li> <li<?php if ($page == 'database') { echo ' class="active"'; } ?> ><a href="database.php"><span class="fa fa-fw fa-database"></span><span class="hidden-xs"> <?php _e('Database', 'luna'); ?> </span></a></li> </ul> <?php } ?> </div> </div> </div> <div class="content"> <div class="container"> <div class="row"> <?php }
$update = array('group_id' => $panther_user['g_promote_next_group']); $data = array('id' => $panther_user['id']); $db->update('users', $update, 'id=:id', $data); } } else { $update = array('last_post' => $now); $data = array(':id' => $panther_user['id']); $db->update('users', $update, 'id=:id', $data); } // Topic tracking stuff... $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$new_tid] = time(); set_tracked_topics($tracked_topics); } else { $update = array('last_post' => $now); $data = array(':ident' => get_remote_address()); $db->update('online', $update, 'ident=:ident', $data); } ($hook = get_extensions('post_after_posted')) ? eval($hook) : null; if ($add_poll) { $redirect = panther_link($panther_url['poll_add'], array($new_tid)); } switch (true) { case $fid && $topic_approve == '0': $redirect_lang = $lang_post['Topic moderation redirect']; if (!isset($redirect)) { $redirect = panther_link($panther_url['forum'], array($cur_posting['id'], url_friendly($subject))); } break; case $tid && $post_approve == '0': $redirect_lang = $lang_post['Post moderation redirect'];
$initial_group_id = 9; } else { $initial_group_id = $forum_config['o_regs_verify'] == '0' ? $forum_config['o_default_user_group'] : FORUM_UNVERIFIED; } $salt = random_key(12); $password_hash = forum_hash($password1, $salt); // Validate timezone and DST $timezone = isset($_POST['timezone']) ? floatval($_POST['timezone']) : $forum_config['o_default_timezone']; // Validate timezone — on error use default value if ($timezone > 14.0 || $timezone < -12.0) { $timezone = $forum_config['o_default_timezone']; } // DST $dst = isset($_POST['dst']) && intval($_POST['dst']) === 1 ? 1 : $forum_config['o_default_dst']; // Insert the new user into the database. We do this now to get the last inserted id for later use. $user_info = array('username' => $username, 'pubkey' => $pubkey, 'btcaddress' => $btcaddress, 'invitedBy' => $username2, 'group_id' => $initial_group_id, 'salt' => $salt, 'password' => $password1, 'password_hash' => $password_hash, 'email' => $email1, 'email_setting' => $forum_config['o_default_email_setting'], 'timezone' => $timezone, 'dst' => $dst, 'language' => $language, 'style' => $forum_config['o_default_style'], 'registered' => time(), 'registration_ip' => get_remote_address(), 'activate_key' => $forum_config['o_regs_verify'] == '1' ? '\'' . random_key(8, true) . '\'' : 'NULL', 'require_verification' => $forum_config['o_regs_verify'] == '1', 'notify_admins' => $forum_config['o_regs_report'] == '1'); ($hook = get_hook('rg_register_pre_add_user')) ? eval($hook) : null; add_user($user_info, $new_uid); // If we previously found out that the e-mail was banned if ($banned_email && $forum_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Banned e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; ($hook = get_hook('rg_register_banned_email')) ? eval($hook) : null; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message); } // If we previously found out that the e-mail was a dupe if (!empty($dupe_list) && $forum_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Duplicate e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . forum_link($forum_url['user'], $new_uid) . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; ($hook = get_hook('rg_register_dupe_email')) ? eval($hook) : null; forum_mail($forum_config['o_mailing_list'], $mail_subject, $mail_message);
/** * Prepare the user log before object persistence * * @return CUserLog|null null if not loggable */ protected function prepareLog() { $this->_ref_current_log = null; // If the object is not loggable if (!$this->_spec->loggable || $this->_purge) { return null; } // Find changed fields $fields = array(); foreach ($this->getPlainFields() as $name => $value) { if ($this->fieldModified($name)) { $fields[] = $name; } } // Change field count for SQL update prevention $this->_count_modified = count($fields); $object_id = $this->_id; $old = $this->_old; $type = "store"; $extra = null; // Creation if ($old->_id == null) { $type = "create"; $fields = array(); } // Merging if ($this->_merging) { $type = "merge"; } // Deletion if ($old->_id && !$this->_id) { $type = "delete"; $object_id = $old->_id; $extra = $old->_view; $fields = array(); } if (!count($fields) && $type === "store") { $this->_ref_last_log = null; return null; } if ($type === "store" || $type === "merge") { $old_values = array(); $count_not_loggable = 0; foreach ($fields as $_field) { $_spec = $this->_specs[$_field]; if ($_spec instanceof CTextSpec || $_spec instanceof CHtmlSpec || $_spec instanceof CXmlSpec || $_spec instanceof CPhpSpec || $_spec->loggable == "0") { if ($_spec->loggable == "0") { $count_not_loggable++; } continue; } $old_values[$_field] = utf8_encode($old->{$_field}); } if (count($fields) == $count_not_loggable) { return null; } $extra = json_encode($old_values); } $address = get_remote_address(); $log = new CUserLog(); $log->user_id = CAppUI::$instance->user_id; $log->object_id = $object_id; $log->object_class = $this->_class; $log->type = $type; $log->_fields = $fields; $log->date = CMbDT::dateTime(); // Champs potentiellement absents if (CModule::getInstalled("system")->mod_version > "1.0.19") { $log->ip_address = $address["client"] ? inet_pton($address["client"]) : null; $log->extra = $extra; } return $this->_ref_last_log = $log; }
$password_hash = pun_hash($password1); // Add the user $db->query('INSERT INTO ' . $db->prefix . 'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\'' . $db->escape($username) . '\', ' . $intial_group_id . ', \'' . $password_hash . '\', \'' . $email1 . '\', ' . $email_setting . ', ' . $save_pass . ', ' . $timezone . ' , \'' . $db->escape($language) . '\', \'' . $pun_config['o_default_style'] . '\', ' . $now . ', \'' . get_remote_address() . '\', ' . $now . ')') or error('Unable to create user', __FILE__, __LINE__, $db->error()); $new_uid = $db->insert_id(); // Debut Message prive de Bienvenue if ($pun_config['o_welcome_mp'] == '1') { $admin_username = '******'; $admin_user_id = 2; $subject = 'Bienvenue ' . $username; $message = str_replace('%user%', $username, $pun_config['o_welcome_message_mp']); $now = time(); // Obtention dernier ID cree dans la base users $result = $db->query('SELECT id FROM ' . $db->prefix . 'users ORDER BY id DESC LIMIT 0,1') or error('Impossible de retrouver les informations du dernier inscrit', __FILE__, __LINE__, $db->error()); // Envoi du message dans la messagerie privee du nouvel inscrit $Dernier_id = $db->result($result); $db->query('INSERT INTO ' . $db->prefix . 'messages (owner, subject, message, sender, sender_id, sender_ip, smileys, showed, status, posted) VALUES(\'' . $db->escape($Dernier_id) . '\', \'' . $db->escape($subject) . '\', \'' . $db->escape($message) . '\', \'' . $db->escape($admin_username) . '\', \'' . $admin_user_id . '\', \'' . get_remote_address() . '\', \'1\', \'0\', \'0\', \'' . $now . '\' )') or error('Impossible d\'envoyer le message.', __FILE__, __LINE__, $db->error()); } // Fin Message prive de Bienvenue // If we previously found out that the e-mail was banned if ($banned_email && $pun_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Banned e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with banned e-mail address: ' . $email1 . "\n\n" . 'User profile: ' . $pun_config['o_base_url'] . '/profile.php?id=' . $new_uid . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); } // If we previously found out that the e-mail was a dupe if (!empty($dupe_list) && $pun_config['o_mailing_list'] != '') { $mail_subject = 'Alert - Duplicate e-mail detected'; $mail_message = 'User \'' . $username . '\' registered with an e-mail address that also belongs to: ' . implode(', ', $dupe_list) . "\n\n" . 'User profile: ' . $pun_config['o_base_url'] . '/profile.php?id=' . $new_uid . "\n\n" . '-- ' . "\n" . 'Forum Mailer' . "\n" . '(Do not reply to this message)'; pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message); } // Should we alert people on the admin mailing list that a new user has registered?
$db->query('UPDATE ' . $db->prefix . 'users SET last_comment=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); } if (!empty($r)) { // It's a reply or a reply with a quote // Check that $edit looks good if ($r <= '0') { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna')); } foreach ($destinataires as $dest) { $val_showed = '0'; if ($dest['id'] == $luna_user['id']) { $val_showed = '1'; } else { $val_showed = '0'; } $db->query('INSERT INTO ' . $db->prefix . 'messages (shared_id, owner, subject, message, sender, receiver, sender_id, receiver_id, sender_ip, hide_smilies, commented, show_message, showed) VALUES(\'' . $r . '\', \'' . $dest['id'] . '\', \'' . $db->escape($p_subject) . '\', \'' . $db->escape($p_message) . '\', \'' . $db->escape($luna_user['username']) . '\', \'' . $db->escape($usernames_list) . '\', \'' . $luna_user['id'] . '\', \'' . $db->escape($ids_list) . '\', \'' . get_remote_address() . '\', \'' . $hide_smilies . '\', \'' . $now . '\', \'0\', \'' . $val_showed . '\')') or error('Unable to send the message.', __FILE__, __LINE__, $db->error()); $new_mp = $db->insert_id(); $db->query('UPDATE ' . $db->prefix . 'messages SET last_comment_id=' . $new_mp . ', last_comment=' . $now . ', last_commenter=\'' . $db->escape($luna_user['username']) . '\' WHERE shared_id=' . $r . ' AND show_message=1 AND owner=' . $dest['id']) or error('Unable to update the message.', __FILE__, __LINE__, $db->error()); if ($dest['id'] != $luna_user['id']) { $db->query('UPDATE ' . $db->prefix . 'messages SET showed = 0 WHERE shared_id=' . $r . ' AND show_message=1 AND owner=' . $dest['id']) or error('Unable to update the message.', __FILE__, __LINE__, $db->error()); } // E-mail notification if ($luna_config['o_inbox_notification'] == '1' && $dest['notify_inbox'] == '1' && $dest['id'] != $luna_user['id']) { $mail_message = str_replace('<inbox_url>', $luna_config['o_base_url'] . '/viewinbox.php?tid=' . $r . '&mid=' . $new_mp . '&box=inbox', $mail_message); $mail_message_full = str_replace('<inbox_url>', $luna_config['o_base_url'] . '/viewinbox.php?tid=' . $r . '&mid=' . $new_mp . '&box=inbox', $mail_message_full); if ($dest['notify_inbox_full'] == '1') { luna_mail($dest['email'], $mail_subject_full, $mail_message_full); } else { luna_mail($dest['email'], $mail_subject, $mail_message); } }
} // Prune "old" search results $old_searches = $placeholders = array(); $ps = $db->select('online', 'ident'); if ($ps->rowCount()) { $ps->setFetchMode(PDO::FETCH_COLUMN, 0); foreach ($ps as $cur_ident) { $placeholders[] = '?'; $old_searches[] = $cur_ident; } $db->delete('search_cache', 'ident NOT IN(' . implode(',', $placeholders) . ')', $old_searches); } // Fill an array with our results and search properties $temp = serialize(array('search_ids' => serialize($search_ids), 'num_hits' => $num_hits, 'sort_by' => $sort_by, 'sort_dir' => $sort_dir, 'show_as' => $show_as, 'search_type' => $search_type)); $search_id = mt_rand(1, 2147483647); $ident = $panther_user['is_guest'] ? get_remote_address() : $panther_user['username']; $insert = array('id' => $search_id, 'ident' => $ident, 'search_data' => $temp); $db->insert('search_cache', $insert); if ($search_type[0] != 'action') { $db->end_transaction(); // Redirect the user to the cached result page header('Location: ' . panther_link($panther_url['search_cache'], array($search_id))); exit; } } $forum_actions = array(); if (!$panther_user['is_guest'] && $search_type[0] == 'action' && $search_type[1] == 'show_new') { $forum_actions[] = array('href' => panther_link($panther_url['mark_read']), 'title' => $lang_common['Mark all as read']); } // Fetch results to display if (!empty($search_ids)) {
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $username, $mail_message); $mail_message = str_replace('<email>', $email, $mail_message); $mail_message = str_replace('<comment_url>', get_base_url() . '/viewtopic.php?pid=' . $new_pid . '#p' . $new_pid, $mail_message); $mail_message = str_replace('<board_mailer>', $luna_config['o_board_title'], $mail_message); luna_mail($luna_config['o_mailing_list'], $mail_subject, $mail_message); } // If the commenting user is logged in, increment his/her post count if (!$luna_user['is_guest']) { $db->query('UPDATE ' . $db->prefix . 'users SET num_posts=num_posts+1, last_post=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error()); $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$new_tid] = time(); set_tracked_topics($tracked_topics); } else { $db->query('UPDATE ' . $db->prefix . 'online SET last_post=' . $now . ' WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to update user', __FILE__, __LINE__, $db->error()); } redirect('viewtopic.php?pid=' . $new_pid . '#p' . $new_pid); } } // If a thread ID was specified in the url (it's a reply) if ($tid) { $action = __('Add comment', 'luna'); $form = '<form id="post" method="post" action="post.php?action=post&tid=' . $tid . '" onsubmit="window.onbeforeunload=null;this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">'; // If a quote ID was specified in the url if (isset($_GET['qid'])) { $qid = intval($_GET['qid']); if ($qid < 1) { message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found'); } $result = $db->query('SELECT poster, message FROM ' . $db->prefix . 'posts WHERE id=' . $qid . ' AND topic_id=' . $tid) or error('Unable to fetch quote info', __FILE__, __LINE__, $db->error());
if ($sha1_available) { // There's an MD5 hash in the database, but SHA1 hashing is available, so we update the DB $db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\' WHERE id=' . $user_id) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); } } } } if (!$authorized) { message($lang_login['Wrong user/pass'] . ' <a href="login.php?action=forget">' . $lang_login['Forgotten pass'] . '</a>'); } // Update the status if this is the first time the user logged in if ($group_id == PUN_UNVERIFIED) { $db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $pun_config['o_default_user_group'] . ' WHERE id=' . $user_id) or error('Unable to update user status', __FILE__, __LINE__, $db->error()); } // Remove this users guest entry from the online list $db->query('DELETE FROM ' . $db->prefix . 'online WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); $expire = $save_pass == '1' ? time() + 31536000 : 0; pun_setcookie($user_id, $form_password_hash, $expire); redirect($_POST['redirect_url'], $lang_login['Login redirect']); } else { if ($action == 'out') { if ($pun_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $pun_user['id']) { header('Location: index.php'); exit; } // Remove user from "users online" list. $db->query('DELETE FROM ' . $db->prefix . 'online WHERE user_id=' . $pun_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error()); // Update last_visit (make sure there's something to update it with) if (isset($pun_user['logged'])) { $db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $pun_user['logged'] . ' WHERE id=' . $pun_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error()); }
function add_post($post_info, &$new_pid) { global $forum_db, $db_type, $forum_config, $lang_common; $return = ($hook = get_hook('fn_add_post_start')) ? eval($hook) : null; if ($return != null) { return; } // Add the post $query = array('INSERT' => 'poster, poster_id, poster_ip, message, hide_smilies, posted, topic_id', 'INTO' => 'posts', 'VALUES' => '\'' . $forum_db->escape($post_info['poster']) . '\', ' . $post_info['poster_id'] . ', \'' . $forum_db->escape(get_remote_address()) . '\', \'' . $forum_db->escape($post_info['message']) . '\', ' . $post_info['hide_smilies'] . ', ' . $post_info['posted'] . ', ' . $post_info['topic_id']); // If it's a guest post, there might be an e-mail address we need to include if ($post_info['is_guest'] && $post_info['poster_email'] != null) { $query['INSERT'] .= ', poster_email'; $query['VALUES'] .= ', \'' . $forum_db->escape($post_info['poster_email']) . '\''; } ($hook = get_hook('fn_add_post_qr_add_post')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $new_pid = $forum_db->insert_id(); if (!$post_info['is_guest']) { // Subscribe or unsubscribe? if ($post_info['subscr_action'] == 1) { $query = array('INSERT' => 'user_id, topic_id', 'INTO' => 'subscriptions', 'VALUES' => $post_info['poster_id'] . ' ,' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_add_subscription')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } else { if ($post_info['subscr_action'] == 2) { $query = array('DELETE' => 'subscriptions', 'WHERE' => 'topic_id=' . $post_info['topic_id'] . ' AND user_id=' . $post_info['poster_id']); ($hook = get_hook('fn_add_post_qr_delete_subscription')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } } } // Count number of replies in the topic $query = array('SELECT' => 'COUNT(p.id)', 'FROM' => 'posts AS p', 'WHERE' => 'p.topic_id=' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_get_topic_reply_count')) ? eval($hook) : null; $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $num_replies = $forum_db->result($result, 0) - 1; // Update topic $query = array('UPDATE' => 'topics', 'SET' => 'num_replies=' . $num_replies . ', last_post=' . $post_info['posted'] . ', last_post_id=' . $new_pid . ', last_poster=\'' . $forum_db->escape($post_info['poster']) . '\'', 'WHERE' => 'id=' . $post_info['topic_id']); ($hook = get_hook('fn_add_post_qr_update_topic')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); sync_forum($post_info['forum_id']); if (!defined('FORUM_SEARCH_IDX_FUNCTIONS_LOADED')) { require FORUM_ROOT . 'include/search_idx.php'; } update_search_index('post', $new_pid, $post_info['message']); send_subscriptions($post_info, $new_pid); // Increment user's post count & last post time if (isset($post_info['update_user'])) { if ($post_info['is_guest']) { $query = array('UPDATE' => 'online', 'SET' => 'last_post=' . $post_info['posted'], 'WHERE' => 'ident=\'' . $forum_db->escape(get_remote_address()) . '\''); } else { $query = array('UPDATE' => 'users', 'SET' => 'num_posts=num_posts+1, last_post=' . $post_info['posted'], 'WHERE' => 'id=' . $post_info['poster_id']); } ($hook = get_hook('fn_add_post_qr_update_last_post')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } // If the posting user is logged in update his/her unread indicator if (!$post_info['is_guest'] && isset($post_info['update_unread']) && $post_info['update_unread']) { $tracked_topics = get_tracked_topics(); $tracked_topics['topics'][$post_info['topic_id']] = time(); set_tracked_topics($tracked_topics); } ($hook = get_hook('fn_add_post_end')) ? eval($hook) : null; }
} $timezone = round($_POST['timezone'], 1); $dst = isset($_POST['dst']) ? '1' : '0'; $email_setting = intval($_POST['email_setting']); if ($email_setting < 0 || $email_setting > 2) { $email_setting = $pun_config['o_default_email_setting']; } // Did everything go according to plan? if (empty($errors)) { // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $intial_group_id = $pun_config['o_regs_verify'] == '0' ? $pun_config['o_default_user_group'] : PUN_UNVERIFIED; $password_hash = pun_hash($password1); // Add the user $query = $db->insert(array('username' => ':username', 'group_id' => ':group_id', 'password' => ':password', 'email' => ':email', 'email_setting' => ':email_setting', 'timezone' => ':timezone', 'dst' => ':dst', 'language' => ':language', 'style' => ':style', 'registered' => ':registered', 'registration_ip' => ':registration_ip', 'last_visit' => ':last_visit'), 'users'); $params = array(':username' => $username, ':group_id' => $intial_group_id, ':password' => $password_hash, ':email' => $email1, ':email_setting' => $email_setting, ':timezone' => $timezone, ':dst' => $dst, ':language' => $language, ':style' => $pun_config['o_default_style'], ':registered' => $now, ':registration_ip' => get_remote_address(), ':last_visit' => $now); $query->run($params); $new_uid = $db->insertId(); unset($query, $params); // If the mailing list isn't empty, we may need to send out some alerts if ($pun_config['o_mailing_list'] != '') { // If we previously found out that the email was banned if ($banned_email) { // Load the "banned email register" template $mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/banned_email_register.tpl')); // The first row contains the subject $first_crlf = strpos($mail_tpl, "\n"); $mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8)); $mail_message = trim(substr($mail_tpl, $first_crlf)); $mail_message = str_replace('<username>', $username, $mail_message); $mail_message = str_replace('<email>', $email1, $mail_message);
} if ($pun_config['o_rules'] == '1' && (!$pun_user['is_guest'] || $pun_user['g_read_board'] == '1' || $pun_config['o_regs_allow'] == '1')) { $links[] = '<li id="navrules"' . (PUN_ACTIVE_PAGE == 'rules' ? ' class="isactive"' : '') . '><a href="misc.php?action=rules">' . $lang_common['Rules'] . '</a></li>'; } if ($pun_user['g_read_board'] == '1' && $pun_user['g_search'] == '1') { $links[] = '<li id="navsearch"' . (PUN_ACTIVE_PAGE == 'search' ? ' class="isactive"' : '') . '><a href="recherche">' . $lang_common['Search'] . '</a></li>'; } if ($pun_user['is_guest']) { $links[] = '<li id="navregister"' . (PUN_ACTIVE_PAGE == 'register' ? ' class="isactive"' : '') . '><a href="inscription">' . $lang_common['Register'] . '</a></li>'; $links[] = '<li id="navlogin"' . (PUN_ACTIVE_PAGE == 'login' ? ' class="isactive"' : '') . '><a href="connexion">' . $lang_common['Login'] . '</a></li>'; } else { $links[] = '<li id="navprofile"' . (PUN_ACTIVE_PAGE == 'profile' ? ' class="isactive"' : '') . '><a href="membre-' . $pun_user['id'] . '">' . $lang_common['Profile'] . '</a></li>'; if ($pun_user['is_admmod']) { $links[] = '<li id="navadmin"' . (PUN_ACTIVE_PAGE == 'admin' ? ' class="isactive"' : '') . '><a href="admin">' . $lang_common['Admin'] . '</a></li>'; } $links[] = '<li id="navlogout"><a href="deconnexion?id=' . $pun_user['id'] . '&csrf_token=' . pun_hash($pun_user['id'] . pun_hash(get_remote_address())) . '">' . $lang_common['Logout'] . '</a></li>'; } // Are there any additional navlinks we should insert into the array before imploding it? if ($pun_user['g_read_board'] == '1' && $pun_config['o_additional_navlinks'] != '') { if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $pun_config['o_additional_navlinks'] . "\n", $extra_links)) { // Insert any additional links into the $links array (at the correct index) $num_links = count($extra_links[1]); for ($i = 0; $i < $num_links; ++$i) { array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra' . ($i + 1) . '">' . $extra_links[2][$i] . '</li>')); } } } $tpl_temp = '<div id="brdmenu" class="inbox">' . "\n\t\t\t" . '<ul>' . "\n\t\t\t\t" . implode("\n\t\t\t\t", $links) . "\n\t\t\t" . '</ul>' . "\n\t\t" . '</div>'; $tpl_main = str_replace('<pun_navlinks>', $tpl_temp, $tpl_main); // END SUBST - <pun_navlinks> if (PUN_ACTIVE_PAGE == 'register' || PUN_ACTIVE_PAGE == 'login') {