// Create an URI session id if cookies are not used..
if(!$PHORUM["use_cookies"]) {
$uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
$user = array(
'user_id' => $PHORUM['user']['user_id'],
'sessid_st'=> $uri_session_id
);
phorum_user_save_simple($user);
phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
// Create cookie session(s).
} else {
if (!$PHORUM["DATA"]["LOGGEDIN"]) {
phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
}
if($PHORUM["tight_security"]){
phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
}
}
// Determine the URL to redirect the user to.
// If redir is a number, it is a URL constant.
if(is_numeric($_POST["redir"])){
$redir = phorum_get_url($_POST["redir"]);
}
// Redirecting to the registration or login page is a little weird,
// so we just go to the list page if we came from one of those.
elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {
$redir = $_POST["redir"];
// By default, we redirect to the list page.
function phorum_user_check_session( $cookie = PHORUM_SESSION_LONG_TERM )
{
$PHORUM = $GLOBALS["PHORUM"];
// If we do URI based authentication, we will only look at the
// PHORUM_SESSION_LONG_TERM session (which is the session key that is
// stored in the URI). Here we rewrite requests for
// PHORUM_SESSION_SHORT_TERM so we will handle tighter security correctly.
if ( isset($PHORUM["use_cookies"]) && ! $PHORUM["use_cookies"] &&
$cookie == PHORUM_SESSION_SHORT_TERM) {
$cookie = PHORUM_SESSION_LONG_TERM;
}
if ( ( $cookie != PHORUM_SESSION_LONG_TERM || ( isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"] ) ) && isset( $_COOKIE[$cookie] ) ) { // REAL cookies ;)
$sessid = $_COOKIE[$cookie];
$GLOBALS["PHORUM"]["use_cookies"]=true;
} elseif ( isset( $PHORUM["args"][$cookie] ) ) { // in the p5-urls
$sessid = $PHORUM["args"][$cookie];
$GLOBALS["PHORUM"]["use_cookies"]=false;
} elseif ( isset( $_POST[$cookie] ) ) { // from post-forms
$sessid = $_POST[$cookie];
$GLOBALS["PHORUM"]["use_cookies"]=false;
} elseif ( isset( $_GET[$cookie] ) ) { // should rarely happen but helps in some cases
$sessid = $_GET[$cookie];
$GLOBALS["PHORUM"]["use_cookies"]=false;
}
$success = false;
if ( !empty( $sessid ) && $GLOBALS["PHORUM"]["use_cookies"]) {
// this part is for cookie-authentication where we have username and password
list( $userid, $md5session ) = explode( ":", $sessid, 2 );
if(!is_numeric($userid)) {
phorum_user_clear_session( $cookie );
return false;
}
$user=phorum_user_get($userid, true, true);
if (empty($user)) {
phorum_user_clear_session( $cookie );
return false;
}
if ( ($cookie==PHORUM_SESSION_LONG_TERM && !empty($user['cookie_sessid_lt']) && $user['cookie_sessid_lt'] == $md5session) ||
($cookie==PHORUM_SESSION_SHORT_TERM && !empty($user['sessid_st']) && $user['sessid_st'] == $md5session) ||
($cookie==PHORUM_SESSION_ADMIN && !empty($user['cookie_sessid_lt']) && md5($user['cookie_sessid_lt'].$PHORUM["admin_session_salt"]) == $md5session) ) {
if ( $user["active"] ) {
// write access is false by default, need to check the st-cookie too
$user['write_access']=false;
$GLOBALS["PHORUM"]["user"] = $user;
$success = true;
phorum_user_create_session( $cookie );
} else {
phorum_user_clear_session( $cookie );
}
}
} elseif( !empty( $sessid ) && !$GLOBALS["PHORUM"]["use_cookies"]) {
// this part is for uri-authentication where we only have a session-id
$uri_session_id = urldecode( $sessid );
if ( $user_id = phorum_db_user_check_field('sessid_st',$uri_session_id,'=')) {
$user = phorum_user_get( $user_id, true, true );
if ( $user["active"] ) {
// write access is enabled for uri-authentication as thats requiring login at every visit
$user['write_access']=true;
$GLOBALS["PHORUM"]["user"] = $user;
$success = true;
phorum_user_create_session( $cookie, false, $user['sessid_st'] );
} else {
phorum_user_clear_session( $cookie );
}
}
}
// track user activity
if($success && $PHORUM["track_user_activity"] && $GLOBALS["PHORUM"]["user"]["date_last_active"] < time() - $PHORUM["track_user_activity"] ) {
$tmp_user["user_id"] = $GLOBALS["PHORUM"]["user"]["user_id"];
$tmp_user["date_last_active"] = time();
if(isset($PHORUM['forum_id'])) {
$tmp_user["last_active_forum"]= $PHORUM['forum_id'];
} else {
$tmp_user["last_active_forum"]= 0;
}
phorum_user_save_simple( $tmp_user);
}
return $success;
}
/**
* A common function which is used to save the userdata from the post-data.
* @param panel - The panel for which to save data.
* @return array - An array containing $error and $okmsg.
*/
function phorum_controlcenter_user_save($panel)
{
$PHORUM = $GLOBALS['PHORUM'];
$error = "";
$okmsg = "";
// Setup the default userdata fields that may be changed
// from the control panel interface.
$userdata = array(
'signature' => NULL,
'hide_email' => NULL,
'hide_activity' => NULL,
'password' => NULL,
'tz_offset' => NULL,
'is_dst' => NULL,
'user_language' => NULL,
'threaded_list' => NULL,
'threaded_read' => NULL,
'email_notify' => NULL,
'show_signature' => NULL,
'pm_email_notify' => NULL,
'email' => NULL,
'email_temp' => NULL,
'user_template' => NULL,
'moderation_email'=> NULL,
);
// Add custom profile fields as acceptable fields.
foreach ($PHORUM["PROFILE_FIELDS"] as $field) {
$userdata[$field["name"]] = NULL;
}
// Update userdata with $_POST information.
foreach ($_POST as $key => $val) {
if (array_key_exists($key, $userdata)) {
$userdata[$key] = $val;
}
}
// Remove unused profile fields.
foreach ($userdata as $key => $val) {
if (is_null($val)) {
unset($userdata[$key]);
}
}
// Set static userdata.
$userdata["user_id"] = $PHORUM["user"]["user_id"];
$userdata["fk_campsite_user_id"] = $PHORUM["user"]["fk_campsite_user_id"];
// Run a hook, so module writers can update and check the userdata.
$userdata = phorum_hook("cc_save_user", $userdata);
// Set $error, in case the before_register hook did set an error.
if (isset($userdata['error'])) {
$error=$userdata['error'];
unset($userdata['error']);
// Try to update the userdata in the database.
} elseif (!phorum_user_save($userdata)) {
// Updating the user failed.
$error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
} else {
// Sync the campsite user
require_once('../../admin-files/localizer/Localizer.php');
require_once('../../classes/User.php');
$campsiteUser = new User($userdata["fk_campsite_user_id"]);
if ($campsiteUser->exists()) {
if (array_key_exists('password', $userdata)) {
$campsiteUser->setPassword($userdata["password"]);
} elseif (array_key_exists('email', $userdata)) {
$campsiteUser->setProperty('EMail', $userdata["email"]);
}
}
// Updating the user was successful.
$okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
// Let the userdata be reloaded.
phorum_user_set_current_user($userdata["user_id"]);
// If a new password was set, let's create a new session.
if (isset($userdata["password"]) && !empty($userdata["password"])) {
phorum_user_create_session();
}
// Copy data from the updated user back into the template data.
// Leave PANEL and forum_id alone (these are injected into the
// userdata in the template from this script).
foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) {
if ($key == "PANEL" || $key == "forum_id") continue;
if (isset($GLOBALS["PHORUM"]["user"][$key])) {
$GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key];
} else {
$GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = "";
}
}
}
return array($error, $okmsg);
}
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
// //
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
// don't allow this page to be loaded directly
if(!defined("PHORUM_ADMIN")) exit();
if(isset($_POST["username"]) && isset($_POST["password"])){
if(phorum_user_check_login($_POST["username"], $_POST["password"])!=0){
if($PHORUM["user"]["admin"]){
phorum_user_create_session(PHORUM_SESSION_ADMIN);
if(!empty($_POST["target"])){
phorum_redirect_by_url($_POST['target']);
} else {
phorum_redirect_by_url($_SERVER['PHP_SELF']);
}
exit();
}
}
}
include_once "./include/admin/PhorumInputForm.php";
$frm = new PhorumInputForm ("", "post");
if(count($_REQUEST)){
