$CryptHash = Users::make_crypt_hash($_POST['password']); $DB->query("\n\t\t\t\t\t\t\tUPDATE users_main\n\t\t\t\t\t\t\tSET passhash = '" . db_string($CryptHash) . "'\n\t\t\t\t\t\t\tWHERE ID = {$UserID}"); } if ($Enabled == 1) { $SessionID = Users::make_secret(); $Cookie = $Enc->encrypt($Enc->encrypt($SessionID . '|~|' . $UserID)); if (isset($_POST['keeplogged']) && $_POST['keeplogged']) { $KeepLogged = 1; setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', $SSL, true); } else { $KeepLogged = 0; setcookie('session', $Cookie, 0, '/', '', $SSL, true); } //TODO: another tracker might enable this for donors, I think it's too stupid to bother adding that // Because we <3 our staff $Permissions = Permissions::get_permissions($PermissionID); $CustomPermissions = unserialize($CustomPermissions); if (isset($Permissions['Permissions']['site_disable_ip_history']) || isset($CustomPermissions['site_disable_ip_history'])) { $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; } $DB->query("\n\t\t\t\t\t\t\tINSERT INTO users_sessions\n\t\t\t\t\t\t\t\t(UserID, SessionID, KeepLogged, Browser, OperatingSystem, IP, LastUpdate, FullUA)\n\t\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t\t\t('{$UserID}', '" . db_string($SessionID) . "', '{$KeepLogged}', '{$Browser}', '{$OperatingSystem}', '" . db_string($_SERVER['REMOTE_ADDR']) . "', '" . sqltime() . "', '" . db_string($_SERVER['HTTP_USER_AGENT']) . "')"); $Cache->begin_transaction("users_sessions_{$UserID}"); $Cache->insert_front($SessionID, array('SessionID' => $SessionID, 'Browser' => $Browser, 'OperatingSystem' => $OperatingSystem, 'IP' => $_SERVER['REMOTE_ADDR'], 'LastUpdate' => sqltime())); $Cache->commit_transaction(0); $Sql = "\n\t\t\t\t\t\t\tUPDATE users_main\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tLastLogin = '******',\n\t\t\t\t\t\t\t\tLastAccess = '" . sqltime() . "'\n\t\t\t\t\t\t\tWHERE ID = '" . db_string($UserID) . "'"; $DB->query($Sql); if (!empty($_COOKIE['redirect'])) { $URL = $_COOKIE['redirect']; setcookie('redirect', '', time() - 60 * 60 * 24, '/', '', false); header("Location: {$URL}"); die;
$SphQL->order_by('RAND()', ''); unset($_GET['page']); } else { $SphQL->order_by($SortOrders[$OrderBy], $OrderWay); } $Submitted = !empty($_GET['submit']); //Paranoia if (!empty($_GET['userid'])) { if (!is_number($_GET['userid'])) { error('User ID must be an integer'); } $UserInfo = Users::user_info($_GET['userid']); if (empty($UserInfo)) { error('That user does not exist'); } $Perms = Permissions::get_permissions($UserInfo['PermissionID']); $UserClass = $Perms['Class']; } $BookmarkView = false; if (empty($_GET['type'])) { $Title = 'Requests'; if (empty($_GET['showall'])) { $SphQL->where('visible', 1); } } else { switch ($_GET['type']) { case 'created': if (!empty($UserInfo)) { if (!check_paranoia('requestsvoted_list', $UserInfo['Paranoia'], $Perms['Class'], $UserInfo['ID'])) { error(403); }
/** * Gets the heavy user info * Only used for current user * * @param $UserID The userid to get the information for * @return fetched heavy info. * Just read the goddamn code, I don't have time to comment this shit. */ public static function user_heavy_info($UserID) { $HeavyInfo = G::$Cache->get_value("user_info_heavy_{$UserID}"); if (empty($HeavyInfo)) { $QueryID = G::$DB->get_query_id(); G::$DB->query("\n\t\t\t\tSELECT\n\t\t\t\t\tm.Invites,\n\t\t\t\t\tm.torrent_pass,\n\t\t\t\t\tm.IP,\n\t\t\t\t\tm.CustomPermissions,\n\t\t\t\t\tm.can_leech AS CanLeech,\n\t\t\t\t\ti.AuthKey,\n\t\t\t\t\ti.RatioWatchEnds,\n\t\t\t\t\ti.RatioWatchDownload,\n\t\t\t\t\ti.StyleID,\n\t\t\t\t\ti.StyleURL,\n\t\t\t\t\ti.DisableInvites,\n\t\t\t\t\ti.DisablePosting,\n\t\t\t\t\ti.DisableUpload,\n\t\t\t\t\ti.DisableWiki,\n\t\t\t\t\ti.DisableAvatar,\n\t\t\t\t\ti.DisablePM,\n\t\t\t\t\ti.DisableRequests,\n\t\t\t\t\ti.DisableForums,\n\t\t\t\t\ti.DisableTagging," . "\n\t\t\t\t\ti.SiteOptions,\n\t\t\t\t\ti.DownloadAlt,\n\t\t\t\t\ti.LastReadNews,\n\t\t\t\t\ti.LastReadBlog,\n\t\t\t\t\ti.RestrictedForums,\n\t\t\t\t\ti.PermittedForums,\n\t\t\t\t\tm.FLTokens,\n\t\t\t\t\tm.PermissionID\n\t\t\t\tFROM users_main AS m\n\t\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\t\tWHERE m.ID = '{$UserID}'"); $HeavyInfo = G::$DB->next_record(MYSQLI_ASSOC, array('CustomPermissions', 'SiteOptions')); if (!empty($HeavyInfo['CustomPermissions'])) { $HeavyInfo['CustomPermissions'] = unserialize($HeavyInfo['CustomPermissions']); } else { $HeavyInfo['CustomPermissions'] = array(); } if (!empty($HeavyInfo['RestrictedForums'])) { $RestrictedForums = array_map('trim', explode(',', $HeavyInfo['RestrictedForums'])); } else { $RestrictedForums = array(); } unset($HeavyInfo['RestrictedForums']); if (!empty($HeavyInfo['PermittedForums'])) { $PermittedForums = array_map('trim', explode(',', $HeavyInfo['PermittedForums'])); } else { $PermittedForums = array(); } unset($HeavyInfo['PermittedForums']); G::$DB->query("\n\t\t\t\tSELECT PermissionID\n\t\t\t\tFROM users_levels\n\t\t\t\tWHERE UserID = {$UserID}"); $PermIDs = G::$DB->collect('PermissionID'); foreach ($PermIDs as $PermID) { $Perms = Permissions::get_permissions($PermID); if (!empty($Perms['PermittedForums'])) { $PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums']))); } } $Perms = Permissions::get_permissions($HeavyInfo['PermissionID']); unset($HeavyInfo['PermissionID']); if (!empty($Perms['PermittedForums'])) { $PermittedForums = array_merge($PermittedForums, array_map('trim', explode(',', $Perms['PermittedForums']))); } if (!empty($PermittedForums) || !empty($RestrictedForums)) { $HeavyInfo['CustomForums'] = array(); foreach ($RestrictedForums as $ForumID) { $HeavyInfo['CustomForums'][$ForumID] = 0; } foreach ($PermittedForums as $ForumID) { $HeavyInfo['CustomForums'][$ForumID] = 1; } } else { $HeavyInfo['CustomForums'] = null; } if (isset($HeavyInfo['CustomForums'][''])) { unset($HeavyInfo['CustomForums']['']); } $HeavyInfo['SiteOptions'] = unserialize($HeavyInfo['SiteOptions']); if (!empty($HeavyInfo['SiteOptions'])) { $HeavyInfo = array_merge($HeavyInfo, $HeavyInfo['SiteOptions']); } unset($HeavyInfo['SiteOptions']); G::$DB->set_query_id($QueryID); G::$Cache->cache_value("user_info_heavy_{$UserID}", $HeavyInfo, 0); } return $HeavyInfo; }
<? authorize(); $UserID = $_REQUEST['userid']; if (!is_number($UserID)) { error(404); } //For this entire page, we should generally be using $UserID not $LoggedUser['ID'] and $U[] not $LoggedUser[] $U = Users::user_info($UserID); if (!$U) { error(404); } $Permissions = Permissions::get_permissions($U['PermissionID']); if ($UserID != $LoggedUser['ID'] && !check_perms('users_edit_profiles', $Permissions['Class'])) { send_irc('PRIVMSG '.ADMIN_CHAN.' :User '.$LoggedUser['Username'].' ('.site_url().'user.php?id='.$LoggedUser['ID'].') just tried to edit the profile of '.site_url().'user.php?id='.$_REQUEST['userid']); error(403); } $Val->SetFields('stylesheet', 1, "number", "You forgot to select a stylesheet."); $Val->SetFields('styleurl', 0, "regex", "You did not enter a valid stylesheet URL.", array('regex' => '/^'.CSS_REGEX.'$/i')); // The next two are commented out because the drop-down menus were replaced with a check box and radio buttons //$Val->SetFields('disablegrouping', 0, "number", "You forgot to select your torrent grouping option."); //$Val->SetFields('torrentgrouping', 0, "number", "You forgot to select your torrent grouping option."); $Val->SetFields('discogview', 1, "number", "You forgot to select your discography view option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('postsperpage', 1, "number", "You forgot to select your posts per page option.", array('inarray' => array(25, 50, 100))); //$Val->SetFields('hidecollage', 1, "number", "You forgot to select your collage option.", array('minlength' => 0, 'maxlength' => 1)); $Val->SetFields('collagecovers', 1, "number", "You forgot to select your collage option."); $Val->SetFields('avatar', 0, "regex", "You did not enter a valid avatar URL.", array('regex' => "/^".IMAGE_REGEX."$/i"));
<?php //TODO: Developer, add resend last donation when available AND add missing headers to Test IPN enforce_login(); //Include the header if ($LoggedUser['RatioWatch']) { error('Due to the high volume of payment disputes, we do not accept donations from users on ratio watch. Sorry.'); } if (!($UserCount = $Cache->get_value('stats_user_count'))) { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM users_main\n\t\tWHERE Enabled = '1'"); list($UserCount) = $DB->next_record(); $Cache->cache_value('stats_user_count', $UserCount, 0); //inf cache } $DonorPerms = Permissions::get_permissions(DONOR); View::show_header('Donate'); ?> <!-- Donate --> <div class="thin"> <?php if (check_perms('site_debug')) { ?> <div class="header"> <h2>Test IPN</h2> </div> <div class="box pad"> <form class="donate_form" name="test_paypal" method="post" action="donate.php"> <input type="hidden" name="action" value="ipn" /> <input type="hidden" name="auth" value="<?php echo $LoggedUser['AuthKey']; ?>