$DB->query("\n\t\tINSERT INTO users_history_passkeys\n\t\t\t(UserID, OldPassKey, NewPassKey, ChangerIP, ChangeTime)\n\t\tVALUES\n\t\t\t('{$UserID}', '" . $Cur['torrent_pass'] . "', '{$Passkey}', '0.0.0.0', '" . sqltime() . "')");
Tracker::update_tracker('change_passkey', array('oldpasskey' => $Cur['torrent_pass'], 'newpasskey' => $Passkey));
}
if ($ResetAuthkey == 1 && check_perms('users_edit_reset_keys')) {
$Authkey = db_string(Users::make_secret());
$UpdateSet[] = "AuthKey = '{$Authkey}'";
$EditSummary[] = 'authkey reset';
$HeavyUpdates['AuthKey'] = $Authkey;
}
if ($SendHackedMail && check_perms('users_disable_any')) {
$EditSummary[] = "hacked account email sent to {$HackedEmail}";
Misc::send_email($HackedEmail, 'Your ' . SITE_NAME . ' account', 'Your ' . SITE_NAME . ' account appears to have been compromised. As a security measure, we have disabled your account. To resolve this, please visit us on IRC.
This is the information to connect to our server:
IRC Server: ' . BOT_SERVER . '
Port: ' . BOT_PORT . ' (' . BOT_PORT_SSL . ' for SSL)
Once you are connected to our server you will need to join our disabled users channel.
Type: /join ' . BOT_DISABLED_CHAN . '
Please visit us soon so we can help you resolve this matter.', 'noreply');
}
if ($MergeStatsFrom && check_perms('users_edit_ratio')) {
$DB->query("\n\t\tSELECT ID, Uploaded, Downloaded\n\t\tFROM users_main\n\t\tWHERE Username LIKE '{$MergeStatsFrom}'");
if ($DB->has_results()) {
list($MergeID, $MergeUploaded, $MergeDownloaded) = $DB->next_record();
$DB->query("\n\t\t\tUPDATE users_main AS um\n\t\t\t\tJOIN users_info AS ui ON um.ID = ui.UserID\n\t\t\tSET\n\t\t\t\tum.Uploaded = 0,\n\t\t\t\tum.Downloaded = 0,\n\t\t\t\tui.AdminComment = CONCAT('" . sqltime() . ' - Stats (Uploaded: ' . Format::get_size($MergeUploaded) . ', Downloaded: ' . Format::get_size($MergeDownloaded) . ', Ratio: ' . Format::get_ratio($MergeUploaded, $MergeDownloaded) . ') merged into ' . site_url() . "user.php?id={$UserID} (" . $Cur['Username'] . ') by ' . $LoggedUser['Username'] . "\n\n', ui.AdminComment)\n\t\t\tWHERE ID = {$MergeID}");
$UpdateSet[] = "Uploaded = Uploaded + '{$MergeUploaded}'";
$UpdateSet[] = "Downloaded = Downloaded + '{$MergeDownloaded}'";
$EditSummary[] = 'stats merged from ' . site_url() . "user.php?id={$MergeID} ({$MergeStatsFrom}) (previous stats: Uploaded: " . Format::get_size($Cur['Uploaded']) . ', Downloaded: ' . Format::get_size($Cur['Downloaded']) . ', Ratio: ' . Format::get_ratio($Cur['Uploaded'], $Cur['Downloaded']) . ')';
$Cache->delete_value("user_stats_{$UserID}");
$Cache->delete_value("user_stats_{$MergeID}");
$Cache->commit_transaction(0);
Misc::send_pm($UserID, 0, 'Your downloading privileges have been disabled', "As you did not raise your ratio in time, your downloading privileges have been revoked. You will not be able to download any torrents until your ratio is above your new required ratio.");
echo "Ratio watch disabled: {$UserID}\n";
}
$DB->set_query_id($UserQuery);
$Passkeys = $DB->collect('torrent_pass');
foreach ($Passkeys as $Passkey) {
Tracker::update_tracker('update_user', array('passkey' => $Passkey, 'can_leech' => '0'));
}
//------------- Disable inactive user accounts --------------------------//
sleep(5);
// Send email
$DB->query("\n\t\tSELECT um.Username, um.Email\n\t\tFROM users_info AS ui\n\t\t\tJOIN users_main AS um ON um.ID = ui.UserID\n\t\t\tLEFT JOIN users_levels AS ul ON ul.UserID = um.ID AND ul.PermissionID = '" . CELEB . "'\n\t\tWHERE um.PermissionID IN ('" . USER . "', '" . MEMBER . "')\n\t\t\tAND um.LastAccess < '" . time_minus(3600 * 24 * 110, true) . "'\n\t\t\tAND um.LastAccess > '" . time_minus(3600 * 24 * 111, true) . "'\n\t\t\tAND um.LastAccess != '0000-00-00 00:00:00'\n\t\t\tAND ui.Donor = '0'\n\t\t\tAND um.Enabled != '2'\n\t\t\tAND ul.UserID IS NULL\n\t\tGROUP BY um.ID");
while (list($Username, $Email) = $DB->next_record()) {
$Body = "Hi {$Username},\n\nIt has been almost 4 months since you used your account at " . site_url() . ". This is an automated email to inform you that your account will be disabled in 10 days if you do not sign in.";
Misc::send_email($Email, 'Your ' . SITE_NAME . ' account is about to be disabled', $Body, 'noreply');
}
$DB->query("\n\t\tSELECT um.ID\n\t\tFROM users_info AS ui\n\t\t\tJOIN users_main AS um ON um.ID = ui.UserID\n\t\t\tLEFT JOIN users_levels AS ul ON ul.UserID = um.ID AND ul.PermissionID = '" . CELEB . "'\n\t\tWHERE um.PermissionID IN ('" . USER . "', '" . MEMBER . "')\n\t\t\tAND um.LastAccess < '" . time_minus(3600 * 24 * 30 * 4) . "'\n\t\t\tAND um.LastAccess != '0000-00-00 00:00:00'\n\t\t\tAND ui.Donor = '0'\n\t\t\tAND um.Enabled != '2'\n\t\t\tAND ul.UserID IS NULL\n\t\tGROUP BY um.ID");
if ($DB->has_results()) {
Tools::disable_users($DB->collect('ID'), 'Disabled for inactivity.', 3);
}
//------------- Disable unconfirmed users ------------------------------//
sleep(10);
// get a list of user IDs for clearing cache keys
$DB->query("\n\t\tSELECT UserID\n\t\tFROM users_info AS ui\n\t\t\tJOIN users_main AS um ON um.ID = ui.UserID\n\t\tWHERE um.LastAccess = '0000-00-00 00:00:00'\n\t\t\tAND ui.JoinDate < '" . time_minus(60 * 60 * 24 * 7) . "'\n\t\t\tAND um.Enabled != '2'");
$UserIDs = $DB->collect('UserID');
// disable the users
$DB->query("\n\t\tUPDATE users_info AS ui\n\t\t\tJOIN users_main AS um ON um.ID = ui.UserID\n\t\tSET um.Enabled = '2',\n\t\t\tui.BanDate = '{$sqltime}',\n\t\t\tui.BanReason = '3',\n\t\t\tui.AdminComment = CONCAT('{$sqltime} - Disabled for inactivity (never logged in)\n\n', ui.AdminComment)\n\t\tWHERE um.LastAccess = '0000-00-00 00:00:00'\n\t\t\tAND ui.JoinDate < '" . time_minus(60 * 60 * 24 * 7) . "'\n\t\t\tAND um.Enabled != '2'");
$Cache->decrement('stats_user_count', $DB->affected_rows());
// clear the appropriate cache keys
foreach ($UserIDs as $UserID) {
list($UserID, $Username, $Email) = $DB->next_record();
if ($UserID) {
// Email exists in the database
// Set ResetKey, send out email, and set $Sent to 1 to show success page
$ResetKey = Users::make_secret();
$DB->query("\n\t\t\t\t\t\tUPDATE users_info\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tResetKey = '" . db_string($ResetKey) . "',\n\t\t\t\t\t\t\tResetExpires = '" . time_plus(60 * 60) . "'\n\t\t\t\t\t\tWHERE UserID = '{$UserID}'");
require SERVER_ROOT . '/classes/templates.class.php';
$TPL = new TEMPLATE();
$TPL->open(SERVER_ROOT . '/templates/password_reset.tpl');
// Password reset template
$TPL->set('Username', $Username);
$TPL->set('ResetKey', $ResetKey);
$TPL->set('IP', $_SERVER['REMOTE_ADDR']);
$TPL->set('SITE_NAME', SITE_NAME);
$TPL->set('SITE_URL', NONSSL_SITE_URL);
Misc::send_email($Email, 'Password reset information for ' . SITE_NAME, $TPL->get(), 'noreply');
$Sent = 1;
// If $Sent is 1, recover_step1.php displays a success message
//Log out all of the users current sessions
$Cache->delete_value("user_info_{$UserID}");
$Cache->delete_value("user_info_heavy_{$UserID}");
$Cache->delete_value("user_stats_{$UserID}");
$Cache->delete_value("enabled_{$UserID}");
$DB->query("\n\t\t\t\t\t\tSELECT SessionID\n\t\t\t\t\t\tFROM users_sessions\n\t\t\t\t\t\tWHERE UserID = '{$UserID}'");
while (list($SessionID) = $DB->next_record()) {
$Cache->delete_value("session_{$UserID}" . "_{$SessionID}");
}
$DB->query("\n\t\t\t\t\t\tUPDATE users_sessions\n\t\t\t\t\t\tSET Active = 0\n\t\t\t\t\t\tWHERE UserID = '{$UserID}'\n\t\t\t\t\t\t\tAND Active = 1");
} else {
$Err = 'There is no user with that email address.';
}
/**
* Initiate a password reset
*
* @param int $UserID The user ID
* @param string $Username The username
* @param string $Email The email address
*/
public static function resetPassword($UserID, $Username, $Email)
{
$ResetKey = Users::make_secret();
G::$DB->query("\n\t\t\tUPDATE users_info\n\t\t\tSET\n\t\t\t\tResetKey = '" . db_string($ResetKey) . "',\n\t\t\t\tResetExpires = '" . time_plus(60 * 60) . "'\n\t\t\tWHERE UserID = '{$UserID}'");
require SERVER_ROOT . '/classes/templates.class.php';
$TPL = new TEMPLATE();
$TPL->open(SERVER_ROOT . '/templates/password_reset.tpl');
// Password reset template
$TPL->set('Username', $Username);
$TPL->set('ResetKey', $ResetKey);
$TPL->set('IP', $_SERVER['REMOTE_ADDR']);
$TPL->set('SITE_NAME', SITE_NAME);
$TPL->set('SITE_URL', NONSSL_SITE_URL);
Misc::send_email($Email, 'Password reset information for ' . SITE_NAME, $TPL->get(), 'noreply');
}
// No inviter (open registration)
$DB->query("\n\t\t\t\t\tSELECT MAX(TreeID)\n\t\t\t\t\tFROM invite_tree");
list($TreeID) = $DB->next_record();
$TreeID++;
$InviterID = 0;
$TreePosition = 1;
$TreeLevel = 1;
}
include SERVER_ROOT . '/classes/templates.class.php';
$TPL = new TEMPLATE();
$TPL->open(SERVER_ROOT . '/templates/new_registration.tpl');
$TPL->set('Username', $_REQUEST['username']);
$TPL->set('TorrentKey', $torrent_pass);
$TPL->set('SITE_NAME', SITE_NAME);
$TPL->set('SITE_URL', SITE_URL);
Misc::send_email($_REQUEST['email'], 'New account confirmation at ' . SITE_NAME, $TPL->get(), 'noreply');
Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
$Sent = 1;
}
} elseif ($_GET['invite']) {
// If they haven't submitted the form, check to see if their invite is good
$DB->query("\n\t\t\tSELECT InviteKey\n\t\t\tFROM invites\n\t\t\tWHERE InviteKey = '" . db_string($_GET['invite']) . "'");
if (!$DB->has_results()) {
error('Invite not found!');
}
}
include 'step1.php';
} elseif (!OPEN_REGISTRATION) {
if (isset($_GET['welcome'])) {
include 'code.php';
} else {
die;
}
$InviteKey = db_string(Users::make_secret());
$DisabledChan = BOT_DISABLED_CHAN;
$IRCServer = BOT_SERVER;
$Message = <<<EOT
The user {$Username} has invited you to join {$SiteName} and has specified this address ({$CurEmail}) as your email address. If you do not know this person, please ignore this email, and do not reply.
Please note that selling invites, trading invites, and giving invites away publicly (e.g. on a forum) is strictly forbidden. If you have received your invite as a result of any of these things, do not bother signing up - you will be banned and lose your chances of ever signing up legitimately.
If you have previously had an account at {$SiteName}, do not use this invite. Instead, please join {$DisabledChan} on {$IRCServer} and ask for your account to be reactivated.
To confirm your invite, click on the following link:
{$SiteURL}register.php?invite={$InviteKey}
After you register, you will be able to use your account. Please take note that if you do not use this invite in the next 3 days, it will expire. We urge you to read the RULES and the wiki immediately after you join.
Thank you,
{$SiteName} Staff
EOT;
$DB->query("\n\t\tINSERT INTO invites\n\t\t\t(InviterID, InviteKey, Email, Expires, Reason)\n\t\tVALUES\n\t\t\t('{$LoggedUser['ID']}', '{$InviteKey}', '" . db_string($CurEmail) . "', '{$InviteExpires}', '{$InviteReason}')");
if (!check_perms('site_send_unlimited_invites')) {
$DB->query("\n\t\t\tUPDATE users_main\n\t\t\tSET Invites = GREATEST(Invites, 1) - 1\n\t\t\tWHERE ID = '{$LoggedUser['ID']}'");
$Cache->begin_transaction('user_info_heavy_' . $LoggedUser['ID']);
$Cache->update_row(false, array('Invites' => '-1'));
$Cache->commit_transaction(0);
}
Misc::send_email($CurEmail, 'You have been invited to ' . SITE_NAME, $Message, 'noreply');
}
header('Location: user.php?action=invite');
