}
} else {
$language = $pun_config['o_default_lang'];
}
$timezone = round($_POST['timezone'], 1);
$dst = isset($_POST['dst']) ? '1' : '0';
$email_setting = intval($_POST['email_setting']);
if ($email_setting < 0 || $email_setting > 2) {
$email_setting = $pun_config['o_default_email_setting'];
}
// Did everything go according to plan?
if (empty($errors)) {
// Insert the new user into the database. We do this now to get the last inserted ID for later use
$now = time();
$intial_group_id = $pun_config['o_regs_verify'] == '0' ? $pun_config['o_default_user_group'] : PUN_UNVERIFIED;
$password_hash = pun_hash($password1);
// Add the user
$query = $db->insert(array('username' => ':username', 'group_id' => ':group_id', 'password' => ':password', 'email' => ':email', 'email_setting' => ':email_setting', 'timezone' => ':timezone', 'dst' => ':dst', 'language' => ':language', 'style' => ':style', 'registered' => ':registered', 'registration_ip' => ':registration_ip', 'last_visit' => ':last_visit'), 'users');
$params = array(':username' => $username, ':group_id' => $intial_group_id, ':password' => $password_hash, ':email' => $email1, ':email_setting' => $email_setting, ':timezone' => $timezone, ':dst' => $dst, ':language' => $language, ':style' => $pun_config['o_default_style'], ':registered' => $now, ':registration_ip' => get_remote_address(), ':last_visit' => $now);
$query->run($params);
$new_uid = $db->insertId();
unset($query, $params);
// If the mailing list isn't empty, we may need to send out some alerts
if ($pun_config['o_mailing_list'] != '') {
// If we previously found out that the email was banned
if ($banned_email) {
// Load the "banned email register" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/banned_email_register.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
if ($db->num_rows($result)) {
// Load the "activate password" template
$mail_tpl = trim(file_get_contents(PUN_ROOT . 'lang/' . $pun_user['language'] . '/mail_templates/activate_password.tpl'));
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
// Do the generic replacements first (they apply to all e-mails sent out here)
$mail_message = str_replace('<base_url>', $pun_config['o_base_url'] . '/', $mail_message);
$mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'] . ' ' . $lang_common['Mailer'], $mail_message);
// Loop through users we found
while ($cur_hit = $db->fetch_assoc($result)) {
// Generate a new password and a new password activation code
$new_password = random_pass(8);
$new_password_key = random_pass(8);
$db->query('UPDATE ' . $db->prefix . 'users SET activate_string=\'' . pun_hash($new_password) . '\', activate_key=\'' . $new_password_key . '\' WHERE id=' . $cur_hit['id']) or error('Unable to update activation data', __FILE__, __LINE__, $db->error());
// Do the user specific replacements to the template
$cur_mail_message = str_replace('<username>', $cur_hit['username'], $mail_message);
$cur_mail_message = str_replace('<activation_url>', $pun_config['o_base_url'] . '/profile.php?id=' . $cur_hit['id'] . '&action=change_pass&key=' . $new_password_key, $cur_mail_message);
$cur_mail_message = str_replace('<new_password>', $new_password, $cur_mail_message);
pun_mail($email, $mail_subject, $cur_mail_message);
}
message($lang_login['Forget mail'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.');
} else {
message($lang_login['No e-mail match'] . ' ' . $email . '.');
}
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $lang_login['Request pass'];
$required_fields = array('req_email' => $lang_common['E-mail']);
$focus_element = array('request_pass', 'req_email');
require PUN_ROOT . 'header.php';
// For SQLite we compare against the database file name, since the password is left blank
case 'sqlite':
if ($req_db_pass != strtolower($db_name)) {
error(sprintf($lang_update['Invalid file error'], 'config.php'));
}
break;
// For everything else, check the password matches
// For everything else, check the password matches
default:
if ($req_db_pass != strtolower($db_password)) {
error(sprintf($lang_update['Invalid password error'], 'config.php'));
}
break;
}
// Generate a unique id to identify this session, only if this is a valid session
$uid = pun_hash($req_db_pass . '|' . uniqid(rand(), true));
if ($lock) {
// We already have a lock file
$lock_error = true;
} else {
$fh = @fopen(FORUM_CACHE_DIR . 'db_update.lock', 'wb');
if (!$fh) {
error(sprintf($lang_update['Unable to lock error'], 'cache'));
}
fwrite($fh, $uid);
fclose($fh);
// Update maintenance message
if ($_POST['req_maintenance_message'] != '') {
$maintenance_message = pun_trim(pun_linebreaks($_POST['req_maintenance_message']));
} else {
// Load the admin_options.php language file
}
if ($pun_config['o_rules'] == '1' && (!$pun_user['is_guest'] || $pun_user['g_read_board'] == '1' || $pun_config['o_regs_allow'] == '1')) {
$links[] = '<li id="navrules"' . (PUN_ACTIVE_PAGE == 'rules' ? ' class="isactive"' : '') . '><a href="misc.php?action=rules">' . $lang_common['Rules'] . '</a></li>';
}
if ($pun_user['g_read_board'] == '1' && $pun_user['g_search'] == '1') {
$links[] = '<li id="navsearch"' . (PUN_ACTIVE_PAGE == 'search' ? ' class="isactive"' : '') . '><a href="recherche">' . $lang_common['Search'] . '</a></li>';
}
if ($pun_user['is_guest']) {
$links[] = '<li id="navregister"' . (PUN_ACTIVE_PAGE == 'register' ? ' class="isactive"' : '') . '><a href="inscription">' . $lang_common['Register'] . '</a></li>';
$links[] = '<li id="navlogin"' . (PUN_ACTIVE_PAGE == 'login' ? ' class="isactive"' : '') . '><a href="connexion">' . $lang_common['Login'] . '</a></li>';
} else {
$links[] = '<li id="navprofile"' . (PUN_ACTIVE_PAGE == 'profile' ? ' class="isactive"' : '') . '><a href="membre-' . $pun_user['id'] . '">' . $lang_common['Profile'] . '</a></li>';
if ($pun_user['is_admmod']) {
$links[] = '<li id="navadmin"' . (PUN_ACTIVE_PAGE == 'admin' ? ' class="isactive"' : '') . '><a href="admin">' . $lang_common['Admin'] . '</a></li>';
}
$links[] = '<li id="navlogout"><a href="deconnexion?id=' . $pun_user['id'] . '&csrf_token=' . pun_hash($pun_user['id'] . pun_hash(get_remote_address())) . '">' . $lang_common['Logout'] . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
if ($pun_user['g_read_board'] == '1' && $pun_config['o_additional_navlinks'] != '') {
if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $pun_config['o_additional_navlinks'] . "\n", $extra_links)) {
// Insert any additional links into the $links array (at the correct index)
$num_links = count($extra_links[1]);
for ($i = 0; $i < $num_links; ++$i) {
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra' . ($i + 1) . '">' . $extra_links[2][$i] . '</li>'));
}
}
}
$tpl_temp = '<div id="brdmenu" class="inbox">' . "\n\t\t\t" . '<ul>' . "\n\t\t\t\t" . implode("\n\t\t\t\t", $links) . "\n\t\t\t" . '</ul>' . "\n\t\t" . '</div>';
$tpl_main = str_replace('<pun_navlinks>', $tpl_temp, $tpl_main);
// END SUBST - <pun_navlinks>
if (PUN_ACTIVE_PAGE == 'register' || PUN_ACTIVE_PAGE == 'login') {
}
}
}
if (isset($_GET['key'])) {
$key = $_GET['key'];
$result = $db->query('SELECT activate_string, activate_key FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error());
list($new_email, $new_email_key) = $db->fetch_row($result);
if ($key == '' || $key != $new_email_key) {
message($lang_profile['Email key bad'] . ' <a href="mailto:' . $pun_config['o_admin_email'] . '">' . $pun_config['o_admin_email'] . '</a>.');
} else {
$db->query('UPDATE ' . $db->prefix . 'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id=' . $id) or error('Unable to update email address', __FILE__, __LINE__, $db->error());
message($lang_profile['Email updated'], true);
}
} else {
if (isset($_POST['form_sent'])) {
if (pun_hash($_POST['req_password']) !== $pun_user['password']) {
message($lang_profile['Wrong pass']);
}
require PUN_ROOT . 'include/email.php';
// Validate the email address
$new_email = strtolower(trim($_POST['req_new_email']));
if (!is_valid_email($new_email)) {
message($lang_common['Invalid email']);
}
// Check if it's a banned email address
if (is_banned_email($new_email)) {
if ($pun_config['p_allow_banned_email'] == '0') {
message($lang_prof_reg['Banned email']);
} else {
if ($pun_config['o_mailing_list'] != '') {
$mail_subject = $lang_common['Banned email notification'];
$result = $db->query('SELECT password, save_pass FROM ' . $db->prefix . 'users WHERE id=' . $id) or error('Unable to fetch password', __FILE__, __LINE__, $db->error());
list($db_password_hash, $save_pass) = $db->fetch_row($result);
$authorized = false;
if (!empty($db_password_hash)) {
$sha1_in_db = strlen($db_password_hash) == 40 ? true : false;
$sha1_available = function_exists('sha1') || function_exists('mhash') ? true : false;
$old_password_hash = pun_hash($old_password);
// This could result in either an SHA-1 or an MD5 hash
if ($sha1_in_db && $sha1_available && $db_password_hash == $old_password_hash || !$sha1_in_db && $db_password_hash == md5($old_password) || $pun_user['g_id'] < PUN_GUEST) {
$authorized = true;
}
}
if (!$authorized) {
message($lang_profile['Wrong pass']);
}
$new_password_hash = pun_hash($new_password1);
$db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $new_password_hash . '\' WHERE id=' . $id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
if ($pun_user['id'] == $id) {
$expire = $save_pass == '1' ? time() + 31536000 : 0;
pun_setcookie($pun_user['id'], $new_password_hash, $expire);
}
redirect('profile.php?section=essentials&id=' . $id, $lang_profile['Pass updated redirect']);
}
$page_title = pun_htmlspecialchars($pun_config['o_board_title']) . ' / ' . $lang_common['Profile'];
$required_fields = array('req_old_password' => $lang_profile['Old pass'], 'req_new_password1' => $lang_profile['New pass'], 'req_new_password2' => $lang_profile['Confirm new pass']);
$focus_element = array('change_pass', $pun_user['g_id'] > PUN_MOD ? 'req_old_password' : 'req_new_password1');
require PUN_ROOT . 'header.php';
?>
<div class="blockform">
<h2><span><?php
echo $lang_profile['Change pass'];
function pun_csrf_token()
{
global $pun_user;
static $token;
if (!isset($token)) {
$token = pun_hash($pun_user['id'] . $pun_user['password'] . pun_hash(get_remote_address()));
}
return $token;
}
$queries[] = 'CREATE INDEX ' . $db_prefix . 'search_words_id_idx ON ' . $db_prefix . 'search_words(id)';
break;
}
@reset($queries);
while (list(, $sql) = @each($queries)) {
$db->query($sql) or error('Unable to create indexes. Please check your configuration and try again.', __FILE__, __LINE__, $db->error());
}
$now = time();
// Insert the four preset groups
$db->query('INSERT INTO ' . $db->prefix . "groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_post_polls, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES('Administrators', 'Administrator', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0)") or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . "groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_post_polls, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES('Moderators', 'Moderator', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0)") or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . "groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_post_polls, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES('Guest', NULL, 1, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0)") or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . "groups (g_title, g_user_title, g_read_board, g_post_replies, g_post_topics, g_post_polls, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_edit_subjects_interval, g_post_flood, g_search_flood) VALUES('Members', NULL, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 300, 60, 30)") or error('Unable to add group', __FILE__, __LINE__, $db->error());
// Insert guest and first admin user
$db->query('INSERT INTO ' . $db_prefix . "users (group_id, username, password, email) VALUES(3, 'Guest', 'Guest', 'Guest')") or error('Unable to add guest user. Please check your configuration and try again.');
$db->query('INSERT INTO ' . $db_prefix . "users (group_id, username, password, email, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, '" . $db->escape($username) . "', '" . pun_hash($password1) . "', '{$email}', 1, " . $now . ", " . $now . ", '127.0.0.1', " . $now . ')') or error('Unable to add administrator user. Please check your configuration and try again.');
// Insert config data
$config = array('o_cur_version' => "'{$punbb_version}'", 'o_board_title' => "'My PunBB forum'", 'o_board_desc' => "'Unfortunately no one can be told what PunBB is - you have to see it for yourself.'", 'o_server_timezone' => "'0'", 'o_time_format' => "'H:i:s'", 'o_date_format' => "'Y-m-d'", 'o_timeout_visit' => "'600'", 'o_timeout_online' => "'300'", 'o_redirect_delay' => "'1'", 'o_show_version' => "'0'", 'o_show_user_info' => "'1'", 'o_show_post_count' => "'1'", 'o_smilies' => "'1'", 'o_smilies_sig' => "'1'", 'o_make_links' => "'1'", 'o_default_lang' => "'English'", 'o_default_style' => "'Oxygen'", 'o_default_user_group' => "'4'", 'o_topic_review' => "'15'", 'o_disp_topics_default' => "'30'", 'o_disp_posts_default' => "'25'", 'o_indent_num_spaces' => "'4'", 'o_quickpost' => "'1'", 'o_users_online' => "'1'", 'o_censoring' => "'0'", 'o_ranks' => "'1'", 'o_show_dot' => "'0'", 'o_quickjump' => "'1'", 'o_gzip' => "'0'", 'o_additional_navlinks' => "'1 = <a href=\"glossary.php\">EVGS</a>'", 'o_report_method' => "'0'", 'o_regs_report' => "'0'", 'o_mailing_list' => "'{$email}'", 'o_avatars' => "'1'", 'o_avatars_dir' => "'img/avatars'", 'o_avatars_width' => "'60'", 'o_avatars_height' => "'60'", 'o_avatars_size' => "'10240'", 'o_search_all_forums' => "'1'", 'o_base_url' => "'{$base_url}'", 'o_admin_email' => "'{$email}'", 'o_webmaster_email' => "'{$email}'", 'o_subscriptions' => "'1'", 'o_smtp_host' => "NULL", 'o_smtp_user' => "NULL", 'o_smtp_pass' => "NULL", 'o_regs_allow' => "'1'", 'o_regs_verify' => "'0'", 'o_announcement' => "'0'", 'o_announcement_message' => "'Enter your announcement here.'", 'o_rules' => "'0'", 'o_rules_message' => "'Enter your rules here.'", 'o_maintenance' => "'0'", 'o_maintenance_message' => "'The forums are temporarily down for maintenance. Please try again in a few minutes.<br />\\n<br />\\n/Administrator'", 'p_mod_edit_users' => "'1'", 'p_mod_rename_users' => "'0'", 'p_mod_change_passwords' => "'0'", 'p_mod_ban_users' => "'0'", 'p_message_bbcode' => "'1'", 'p_message_img_tag' => "'1'", 'p_message_all_caps' => "'1'", 'p_subject_all_caps' => "'1'", 'p_sig_all_caps' => "'1'", 'p_sig_bbcode' => "'1'", 'p_sig_img_tag' => "'0'", 'p_sig_length' => "'400'", 'p_sig_lines' => "'4'", 'p_allow_banned_email' => "'1'", 'p_allow_dupe_email' => "'0'", 'p_force_guest_email' => "'1'", 'o_evgs_forum' => '0', 'o_quick_links' => '1', 'o_quick_links_content' => "'" . $db->escape('<table class="tablelayout">
<tr>
<td align="center">{A*|A}</td>
<td align="center">{B*|B}</td>
<td align="center">{C*|C}</td>
<td align="center">{D*|D}</td>
<td align="center">{E*|E}</td>
<td align="center">{F*|F}</td>
<td align="center">{G*|G}</td>
<td align="center">{H*|H}</td>
<td align="center">{I*|I}</td>
<td align="center">{J*|J}</td>
<td align="center">{K*|K}</td>
<td align="center">{L*|L}</td>
function authenticate_user($user, $password, $password_is_hash = false)
{
global $db, $pun_user;
// Check if there's a user matching $user and $password
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON g.g_id=u.group_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE ' . (is_int($user) ? 'u.id=' . intval($user) : 'u.username=\'' . $db->escape($user) . '\'')) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
$pun_user = $db->fetch_assoc($result);
if (!isset($pun_user['id']) || $password_is_hash && $password != $pun_user['password'] || !$password_is_hash && pun_hash($password) != $pun_user['password']) {
set_default_user();
} else {
$pun_user['is_guest'] = false;
}
}
/**
* Update column data for a PunBB user.
*
* Array must contain keys matching table colums, values must be trimmed and
* validated already. Password must be passed as 'raw_password'!
*
* @param string $username To match user record
* @param array $columns Associative array of column data
*
* @return boolean
*/
public static function updateUser($username, $columns)
{
$userid = self::getForumUID($username);
// hash the password
if (isset($columns['raw_password'])) {
if (!function_exists('pun_hash')) {
// get the PunBB hash function
$pathToPunBB = self::getPunBBRootPath();
define('PUN', true);
require $pathToPunBB . '/include/functions.php';
}
$columns['password'] = pun_hash($columns['raw_password']);
unset($columns['raw_password']);
}
return self::getInstance()->update($columns, 'id = ?', $userid);
}
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'poster' => array('datatype' => 'VARCHAR(200)', 'allow_null' => false, 'default' => '\'\''), 'subject' => array('datatype' => 'VARCHAR(255)', 'allow_null' => false, 'default' => '\'\''), 'posted' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'first_post_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_poster' => array('datatype' => 'VARCHAR(200)', 'allow_null' => true), 'num_views' => array('datatype' => 'MEDIUMINT(8) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'num_replies' => array('datatype' => 'MEDIUMINT(8) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'closed' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'sticky' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'moved_to' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'forum_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0')), 'PRIMARY KEY' => array('id'), 'INDEXES' => array('forum_id_idx' => array('forum_id'), 'moved_to_idx' => array('moved_to'), 'last_post_idx' => array('last_post'), 'first_post_id_idx' => array('first_post_id')));
$db->create_table('topics', $schema) or error('Unable to create topics table', __FILE__, __LINE__, $db->error());
$schema = array('FIELDS' => array('id' => array('datatype' => 'SERIAL', 'allow_null' => false), 'group_id' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '3'), 'username' => array('datatype' => 'VARCHAR(200)', 'allow_null' => false, 'default' => '\'\''), 'password' => array('datatype' => 'VARCHAR(40)', 'allow_null' => false, 'default' => '\'\''), 'email' => array('datatype' => 'VARCHAR(80)', 'allow_null' => false, 'default' => '\'\''), 'title' => array('datatype' => 'VARCHAR(50)', 'allow_null' => true), 'realname' => array('datatype' => 'VARCHAR(40)', 'allow_null' => true), 'url' => array('datatype' => 'VARCHAR(100)', 'allow_null' => true), 'jabber' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'icq' => array('datatype' => 'VARCHAR(12)', 'allow_null' => true), 'msn' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'aim' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'yahoo' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'location' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'signature' => array('datatype' => 'TEXT', 'allow_null' => true), 'disp_topics' => array('datatype' => 'TINYINT(3) UNSIGNED', 'allow_null' => true), 'disp_posts' => array('datatype' => 'TINYINT(3) UNSIGNED', 'allow_null' => true), 'email_setting' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'notify_with_post' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'auto_notify' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'show_smilies' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_img' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_img_sig' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_avatars' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'show_sig' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '1'), 'timezone' => array('datatype' => 'FLOAT', 'allow_null' => false, 'default' => '0'), 'dst' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'time_format' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'date_format' => array('datatype' => 'TINYINT(1)', 'allow_null' => false, 'default' => '0'), 'language' => array('datatype' => 'VARCHAR(25)', 'allow_null' => false, 'default' => '\'' . $db->escape($default_lang) . '\''), 'style' => array('datatype' => 'VARCHAR(25)', 'allow_null' => false, 'default' => '\'' . $db->escape($default_style) . '\''), 'num_posts' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'last_post' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_search' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_email_sent' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'last_report_sent' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => true), 'registered' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'registration_ip' => array('datatype' => 'VARCHAR(39)', 'allow_null' => false, 'default' => '\'0.0.0.0\''), 'last_visit' => array('datatype' => 'INT(10) UNSIGNED', 'allow_null' => false, 'default' => '0'), 'admin_note' => array('datatype' => 'VARCHAR(30)', 'allow_null' => true), 'activate_string' => array('datatype' => 'VARCHAR(80)', 'allow_null' => true), 'activate_key' => array('datatype' => 'VARCHAR(8)', 'allow_null' => true)), 'PRIMARY KEY' => array('id'), 'UNIQUE KEYS' => array('username_idx' => array('username')), 'INDEXES' => array('registered_idx' => array('registered')));
if ($db_type == 'mysql' || $db_type == 'mysqli' || $db_type == 'mysql_innodb' || $db_type == 'mysqli_innodb') {
$schema['UNIQUE KEYS']['username_idx'] = array('username(25)');
}
$db->create_table('users', $schema) or error('Unable to create users table', __FILE__, __LINE__, $db->error());
$now = time();
// Insert the four preset groups
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '1, ' : '') . '\'' . $db->escape($lang_install['Administrators']) . '\', \'' . $db->escape($lang_install['Administrator']) . '\', 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_mod_promote_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '2, ' : '') . '\'' . $db->escape($lang_install['Moderators']) . '\', \'' . $db->escape($lang_install['Moderator']) . '\', 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '3, ' : '') . '\'' . $db->escape($lang_install['Guests']) . '\', NULL, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 60, 30, 0, 0)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db->prefix . 'groups (' . ($db_type != 'pgsql' ? 'g_id, ' : '') . 'g_title, g_user_title, g_moderator, g_mod_edit_users, g_mod_rename_users, g_mod_change_passwords, g_mod_ban_users, g_read_board, g_view_users, g_post_replies, g_post_topics, g_edit_posts, g_delete_posts, g_delete_topics, g_set_title, g_search, g_search_users, g_send_email, g_post_flood, g_search_flood, g_email_flood, g_report_flood) VALUES(' . ($db_type != 'pgsql' ? '4, ' : '') . '\'' . $db->escape($lang_install['Members']) . '\', NULL, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 60, 30, 60, 60)') or error('Unable to add group', __FILE__, __LINE__, $db->error());
// Insert guest and first admin user
$db->query('INSERT INTO ' . $db_prefix . 'users (group_id, username, password, email) VALUES(3, \'' . $db->escape($lang_install['Guest']) . '\', \'' . $db->escape($lang_install['Guest']) . '\', \'' . $db->escape($lang_install['Guest']) . '\')') or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \'' . $db->escape($username) . '\', \'' . pun_hash($password1) . '\', \'' . $email . '\', \'' . $db->escape($default_lang) . '\', \'' . $db->escape($default_style) . '\', 1, ' . $now . ', ' . $now . ', \'' . $db->escape(get_remote_address()) . '\', ' . $now . ')') or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
// Enable/disable avatars depending on file_uploads setting in PHP configuration
$avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0;
// Insert config data
$pun_config = array('o_cur_version' => FORUM_VERSION, 'o_database_revision' => FORUM_DB_REVISION, 'o_searchindex_revision' => FORUM_SI_REVISION, 'o_parser_revision' => FORUM_PARSER_REVISION, 'o_board_title' => $title, 'o_board_desc' => $description, 'o_default_timezone' => 0, 'o_time_format' => 'H:i:s', 'o_date_format' => 'Y-m-d', 'o_timeout_visit' => 1800, 'o_timeout_online' => 300, 'o_redirect_delay' => 1, 'o_show_version' => 0, 'o_show_user_info' => 1, 'o_show_post_count' => 1, 'o_signatures' => 1, 'o_smilies' => 1, 'o_smilies_sig' => 1, 'o_make_links' => 1, 'o_default_lang' => $default_lang, 'o_default_style' => $default_style, 'o_default_user_group' => 4, 'o_topic_review' => 15, 'o_disp_topics_default' => 30, 'o_disp_posts_default' => 25, 'o_indent_num_spaces' => 4, 'o_quote_depth' => 3, 'o_quickpost' => 1, 'o_users_online' => 1, 'o_censoring' => 0, 'o_show_dot' => 0, 'o_topic_views' => 1, 'o_quickjump' => 1, 'o_gzip' => 0, 'o_additional_navlinks' => '', 'o_report_method' => 0, 'o_regs_report' => 0, 'o_default_email_setting' => 1, 'o_mailing_list' => $email, 'o_avatars' => $avatars, 'o_avatars_dir' => 'img/avatars', 'o_avatars_width' => 60, 'o_avatars_height' => 60, 'o_avatars_size' => 10240, 'o_search_all_forums' => 1, 'o_base_url' => $base_url, 'o_admin_email' => $email, 'o_webmaster_email' => $email, 'o_forum_subscriptions' => 1, 'o_topic_subscriptions' => 1, 'o_smtp_host' => NULL, 'o_smtp_user' => NULL, 'o_smtp_pass' => NULL, 'o_smtp_ssl' => 0, 'o_regs_allow' => 1, 'o_regs_verify' => 0, 'o_announcement' => 0, 'o_announcement_message' => $lang_install['Announcement'], 'o_rules' => 0, 'o_rules_message' => $lang_install['Rules'], 'o_maintenance' => 0, 'o_maintenance_message' => $lang_install['Maintenance message'], 'o_default_dst' => 0, 'o_feed_type' => 2, 'o_feed_ttl' => 0, 'p_message_bbcode' => 1, 'p_message_img_tag' => 1, 'p_message_all_caps' => 1, 'p_subject_all_caps' => 1, 'p_sig_all_caps' => 1, 'p_sig_bbcode' => 1, 'p_sig_img_tag' => 0, 'p_sig_length' => 400, 'p_sig_lines' => 4, 'p_allow_banned_email' => 1, 'p_allow_dupe_email' => 0, 'p_force_guest_email' => 1);
foreach ($pun_config as $conf_name => $conf_value) {
$db->query('INSERT INTO ' . $db_prefix . 'config (conf_name, conf_value) VALUES(\'' . $conf_name . '\', ' . (is_null($conf_value) ? 'NULL' : '\'' . $db->escape($conf_value) . '\'') . ')') or error('Unable to insert into table ' . $db_prefix . 'config. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
}
// Insert some other default data
$subject = $lang_install['Test post'];
$message = $lang_install['Message'];
$db->query('INSERT INTO ' . $db_prefix . 'categories (cat_name, disp_position) VALUES(\'' . $db->escape($lang_install['Test category']) . '\', 1)') or error('Unable to insert into table ' . $db_prefix . 'categories. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'forums (forum_name, forum_desc, num_topics, num_posts, last_post, last_post_id, last_poster, disp_position, cat_id) VALUES(\'' . $db->escape($lang_install['Test forum']) . '\', \'' . $db->escape($lang_install['This is just a test forum']) . '\', 1, 1, ' . $now . ', 1, \'' . $db->escape($username) . '\', 1, 1)') or error('Unable to insert into table ' . $db_prefix . 'forums. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'topics (poster, subject, posted, first_post_id, last_post, last_post_id, last_poster, forum_id) VALUES(\'' . $db->escape($username) . '\', \'' . $db->escape($subject) . '\', ' . $now . ', 1, ' . $now . ', 1, \'' . $db->escape($username) . '\', 1)') or error('Unable to insert into table ' . $db_prefix . 'topics. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO ' . $db_prefix . 'posts (poster, poster_id, poster_ip, message, posted, topic_id) VALUES(\'' . $db->escape($username) . '\', 2, \'' . $db->escape(get_remote_address()) . '\', \'' . $db->escape($message) . '\', ' . $now . ', 1)') or error('Unable to insert into table ' . $db_prefix . 'posts. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
// Index the test post so searching for it works
/**
* Create an accout for the user on the associated PunBB forum.
*
* PunBB registration notes:
*
* - We don't check for identical usernames here since all forum accounts
* are created from the main site registration alone, and the main site
* registration already did that check.
* - PunBB also checks for too similar usernames, we don't.
* - We don't check for "banned email address".
* - We don't check if "someone else already has registered with that e-mail address"
*
* PunBB Config Cache:
* - Some default values come from the cache, it is assumed that the cache
* is already available.
*
* Registration informtion:
* username
* password
* email
* location
*
* @param array $userinfo
* @return
*/
public static function createAccount($userinfo)
{
$pathToPunBB = self::getPunBBRootPath();
// include PunBB files to avoid hard coding new forum user defaults
// if the cached config file is not present yet, it will error out and throw an exception
define('PUN', true);
require $pathToPunBB . '/include/functions.php';
require $pathToPunBB . '/include/email.php';
require $pathToPunBB . '/cache/cache_config.php';
$now = time();
$unixtime_registered = $now;
$unixtime_lastvisit = $now;
// get remote address
$pathArray = coreContext::getInstance()->getRequest()->getPathInfoArray();
$remote_addr = $pathArray['REMOTE_ADDR'];
$data = array('username' => $userinfo['username'], 'group_id' => $pun_config['o_default_user_group'], 'password' => pun_hash($userinfo['password']), 'email' => strtolower($userinfo['email']), 'location' => substr($userinfo['location'], 0, 30), 'email_setting' => intval(1), 'save_pass' => '0', 'timezone' => '0', 'language' => $pun_config['o_default_lang'], 'style' => $pun_config['o_default_style'], 'registered' => $unixtime_registered, 'registration_ip' => $remote_addr, 'last_visit' => $unixtime_lastvisit);
//DBG::printr($data);
//return true;
return self::getInstance()->insert($data);
}
function random_key($len, $readable = false, $hash = false)
{
$key = '';
if ($hash) {
$key = substr(pun_hash(uniqid(rand(), true)), 0, $len);
} else {
if ($readable) {
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
for ($i = 0; $i < $len; ++$i) {
$key .= substr($chars, mt_rand() % strlen($chars), 1);
}
} else {
for ($i = 0; $i < $len; ++$i) {
$key .= chr(mt_rand(33, 126));
}
}
}
return $key;
}
<!-- If Mod/Admin Link To Admin Panel -->
<?php
if ($pun_user['is_admmod']) {
?>
<a href="admin_index.php" title="<?php
echo $lang_common['Admin'];
?>
" id="adminlink"><?php
echo $lang_common['Admin'];
?>
</a> /
<?php
}
?>
<!-- Logout Button -->
<a href="login.php?action=out&id=<?php
echo $pun_user['id'];
?>
&csrf_token=<?php
echo pun_hash($pun_user['id'] . pun_hash(get_remote_address()));
?>
" id="logoutbutton"><?php
echo $lang_common['Logout'];
?>
</a>
</p>
</div>
</div>
<?php
}
}
if ($pun_config['o_rules'] == '1' && (!$pun_user['is_guest'] || $pun_user['g_read_board'] == '1' || $pun_config['o_regs_allow'] == '1')) {
$links[] = '<li id="navrules"' . (PUN_ACTIVE_PAGE == 'rules' ? ' class="isactive"' : '') . '><a href="misc.php?action=rules">' . $lang->t('Rules') . '</a></li>';
}
if ($pun_user['g_read_board'] == '1' && $pun_user['g_search'] == '1') {
$links[] = '<li id="navsearch"' . (PUN_ACTIVE_PAGE == 'search' ? ' class="isactive"' : '') . '><a href="search.php">' . $lang->t('Search') . '</a></li>';
}
if ($pun_user['is_guest']) {
$links[] = '<li id="navregister"' . (PUN_ACTIVE_PAGE == 'register' ? ' class="isactive"' : '') . '><a href="register.php">' . $lang->t('Register') . '</a></li>';
$links[] = '<li id="navlogin"' . (PUN_ACTIVE_PAGE == 'login' ? ' class="isactive"' : '') . '><a href="login.php">' . $lang->t('Login') . '</a></li>';
} else {
$links[] = '<li id="navprofile"' . (PUN_ACTIVE_PAGE == 'profile' ? ' class="isactive"' : '') . '><a href="profile.php?id=' . $pun_user['id'] . '">' . $lang->t('Profile') . '</a></li>';
if ($pun_user['is_admmod']) {
$links[] = '<li id="navadmin"' . (PUN_ACTIVE_PAGE == 'admin' ? ' class="isactive"' : '') . '><a href="admin_index.php">' . $lang->t('Administration') . '</a></li>';
}
$links[] = '<li id="navlogout"><a href="login.php?action=out&id=' . $pun_user['id'] . '&csrf_token=' . pun_hash($pun_user['id'] . pun_hash(get_remote_address())) . '">' . $lang->t('Logout') . '</a></li>';
}
// Are there any additional navlinks we should insert into the array before imploding it?
if ($pun_user['g_read_board'] == '1' && $pun_config['o_additional_navlinks'] != '') {
if (preg_match_all('%([0-9]+)\\s*=\\s*(.*?)\\n%s', $pun_config['o_additional_navlinks'] . "\n", $extra_links)) {
// Insert any additional links into the $links array (at the correct index)
$num_links = count($extra_links[1]);
for ($i = 0; $i < $num_links; ++$i) {
array_splice($links, $extra_links[1][$i], 0, array('<li id="navextra' . ($i + 1) . '">' . $extra_links[2][$i] . '</li>'));
}
}
}
$tpl_temp = '<div id="brdmenu" class="inbox">' . "\n\t\t\t" . '<ul>' . "\n\t\t\t\t" . implode("\n\t\t\t\t", $links) . "\n\t\t\t" . '</ul>' . "\n\t\t" . '</div>';
$tpl_main = str_replace('<pun_navlinks>', $tpl_temp, $tpl_main);
// END SUBST - <pun_navlinks>
// START SUBST - <pun_status>
$query->run($params);
unset($params);
$params = array(':g_id' => 3, ':g_title' => $lang->t('Guests'), ':g_user_title' => NULL, ':g_moderator' => 0, ':g_mod_edit_users' => 0, ':g_mod_rename_users' => 0, ':g_mod_change_passwords' => 0, ':g_mod_ban_users' => 0, ':g_read_board' => 1, ':g_view_users' => 1, ':g_post_replies' => 0, ':g_post_topics' => 0, ':g_edit_posts' => 0, ':g_delete_posts' => 0, ':g_delete_topics' => 0, ':g_set_title' => 0, ':g_search' => 1, ':g_search_users' => 1, ':g_send_email' => 0, ':g_post_flood' => 60, ':g_search_flood' => 30, ':g_email_flood' => 0, ':g_report_flood' => 0);
$query->run($params);
unset($params);
$params = array(':g_id' => 4, ':g_title' => $lang->t('Members'), ':g_user_title' => NULL, ':g_moderator' => 0, ':g_mod_edit_users' => 0, ':g_mod_rename_users' => 0, ':g_mod_change_passwords' => 0, ':g_mod_ban_users' => 0, ':g_read_board' => 1, ':g_view_users' => 1, ':g_post_replies' => 1, ':g_post_topics' => 1, ':g_edit_posts' => 1, ':g_delete_posts' => 1, ':g_delete_topics' => 1, ':g_set_title' => 0, ':g_search' => 1, ':g_search_users' => 1, ':g_send_email' => 1, ':g_post_flood' => 60, ':g_search_flood' => 30, ':g_email_flood' => 60, ':g_report_flood' => 60);
$query->run($params);
unset($params);
unset($query);
// Insert guest and first admin user
$query = $db->insert(array('group_id' => ':group_id', 'username' => ':username', 'password' => ':password', 'email' => ':email'), 'users');
$params = array(':group_id' => 3, ':username' => $lang->t('Guest'), ':password' => $lang->t('Guest'), ':email' => $lang->t('Guest'));
$query->run($params);
unset($query, $params);
$query = $db->insert(array('group_id' => ':group_id', 'username' => ':username', 'password' => ':password', 'email' => ':email', 'language' => ':language', 'style' => ':style', 'num_posts' => ':num_posts', 'last_post' => ':last_post', 'registered' => ':registered', 'registration_ip' => ':registration_ip', 'last_visit' => ':last_visit'), 'users');
$params = array(':group_id' => 1, ':username' => $username, ':password' => pun_hash($password1), ':email' => $email, ':language' => $default_lang, ':style' => $default_style, ':num_posts' => 1, ':last_post' => $now, ':registered' => $now, ':registration_ip' => get_remote_address(), ':last_visit' => $now);
$query->run($params);
unset($query, $params);
// Enable/disable avatars depending on file_uploads setting in PHP configuration
$avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0;
// Insert config data
$pun_config = array('o_cur_version' => FORUM_VERSION, 'o_database_revision' => FORUM_DB_REVISION, 'o_searchindex_revision' => FORUM_SI_REVISION, 'o_parser_revision' => FORUM_PARSER_REVISION, 'o_board_title' => $title, 'o_board_desc' => $description, 'o_default_timezone' => 0, 'o_time_format' => 'H:i:s', 'o_date_format' => 'Y-m-d', 'o_timeout_visit' => 1800, 'o_timeout_online' => 300, 'o_redirect_delay' => 1, 'o_show_version' => 0, 'o_show_user_info' => 1, 'o_show_post_count' => 1, 'o_signatures' => 1, 'o_smilies' => 1, 'o_smilies_sig' => 1, 'o_make_links' => 1, 'o_default_lang' => $default_lang, 'o_default_style' => $default_style, 'o_default_user_group' => 4, 'o_topic_review' => 15, 'o_disp_topics_default' => 30, 'o_disp_posts_default' => 25, 'o_indent_num_spaces' => 4, 'o_quote_depth' => 3, 'o_quickpost' => 1, 'o_users_online' => 1, 'o_censoring' => 0, 'o_ranks' => 1, 'o_show_dot' => 0, 'o_topic_views' => 1, 'o_quickjump' => 1, 'o_gzip' => 0, 'o_additional_navlinks' => '', 'o_report_method' => 0, 'o_regs_report' => 0, 'o_default_email_setting' => 1, 'o_mailing_list' => $email, 'o_avatars' => $avatars, 'o_avatars_dir' => 'img/avatars', 'o_avatars_width' => 60, 'o_avatars_height' => 60, 'o_avatars_size' => 10240, 'o_search_all_forums' => 1, 'o_admin_email' => $email, 'o_webmaster_email' => $email, 'o_forum_subscriptions' => 1, 'o_topic_subscriptions' => 1, 'o_smtp_host' => NULL, 'o_smtp_user' => NULL, 'o_smtp_pass' => NULL, 'o_smtp_ssl' => 0, 'o_regs_allow' => 1, 'o_regs_verify' => 0, 'o_announcement' => 0, 'o_announcement_message' => $lang->t('Enter announcement'), 'o_rules' => 0, 'o_rules_message' => $lang->t('Enter rules'), 'o_maintenance' => 0, 'o_maintenance_message' => $lang->t('Maintenance message'), 'o_default_dst' => 0, 'o_feed_type' => 2, 'o_feed_ttl' => 0, 'p_message_bbcode' => 1, 'p_message_img_tag' => 1, 'p_message_all_caps' => 1, 'p_subject_all_caps' => 1, 'p_sig_all_caps' => 1, 'p_sig_bbcode' => 1, 'p_sig_img_tag' => 0, 'p_sig_length' => 400, 'p_sig_lines' => 4, 'p_allow_banned_email' => 1, 'p_allow_dupe_email' => 0, 'p_force_guest_email' => 1);
$query = $db->insert(array('conf_name' => ':conf_name', 'conf_value' => ':conf_value'), 'config');
foreach ($pun_config as $conf_name => $conf_value) {
$params = array(':conf_name' => $conf_name, ':conf_value' => $conf_value);
$query->run($params);
unset($params);
}
unset($query);
// Insert some other default data
$subject = $lang->t('Test post');
