/** * @return bool */ function verify_captcha() { global $db, $mybb; $user =& $this->data; if ($user['imagestring'] || $mybb->settings['captchaimage'] != 1) { // Check their current captcha input - if correct, hide the captcha input area require_once MYBB_ROOT . 'inc/class_captcha.php'; $this->captcha = new captcha(); if ($this->captcha->validate_captcha() == false) { // CAPTCHA validation failed foreach ($this->captcha->get_errors() as $error) { $this->set_error($error); } return false; } else { $this->captcha_verified = true; return true; } } else { if ($mybb->input['quick_login'] == 1 && $mybb->input['quick_password'] && $mybb->input['quick_username']) { $this->set_error('regimagerequired'); return false; } else { $this->set_error('regimageinvalid'); return false; } } }
} if (empty($mybb->input['fromname'])) { $errors[] = $lang->error_noname; } if (empty($mybb->input['subject'])) { $errors[] = $lang->error_no_email_subject; } if (empty($mybb->input['message'])) { $errors[] = $lang->error_no_email_message; } if ($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0) { require_once MYBB_ROOT . 'inc/class_captcha.php'; $captcha = new captcha(); if ($captcha->validate_captcha() == false) { // CAPTCHA validation failed foreach ($captcha->get_errors() as $error) { $errors[] = $error; } } } if (count($errors) == 0) { if ($mybb->settings['mail_handler'] == 'smtp') { $from = $mybb->input['fromemail']; } else { $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>"; } $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message')); my_mail($to_user['email'], $mybb->get_input('subject'), $message, $from, "", "", false, "text", "", $mybb->input['fromemail']); if ($mybb->settings['mail_logging'] > 0) { // Log the message $log_entry = array("subject" => $db->escape_string($mybb->get_input('subject')), "message" => $db->escape_string($mybb->get_input('message')), "dateline" => TIME_NOW, "fromuid" => $mybb->user['uid'], "fromemail" => $db->escape_string($mybb->input['fromemail']), "touid" => $to_user['uid'], "toemail" => $db->escape_string($to_user['email']), "tid" => 0, "ipaddress" => $db->escape_binary($session->packedip), "type" => 1);
$valid_post = $posthandler->validate_post(); $post_errors = array(); // Fetch friendly error messages if this is an invalid post if (!$valid_post) { $post_errors = $posthandler->get_friendly_errors(); } // Mark thread as read require_once MYBB_ROOT . "inc/functions_indicators.php"; mark_thread_read($tid, $fid); // Check captcha image if ($mybb->settings['captchaimage'] && !$mybb->user['uid']) { require_once MYBB_ROOT . 'inc/class_captcha.php'; $post_captcha = new captcha(false, "post_captcha"); if ($post_captcha->validate_captcha() == false) { // CAPTCHA validation failed foreach ($post_captcha->get_errors() as $error) { $post_errors[] = $error; } } else { $hide_captcha = true; } if ($mybb->get_input('ajax', MyBB::INPUT_INT)) { if ($post_captcha->type == 1) { $randomstr = random_str(5); $imagehash = md5(random_str(12)); $imagearray = array("imagehash" => $imagehash, "imagestring" => $randomstr, "dateline" => TIME_NOW); $db->insert_query("captcha", $imagearray); //header("Content-type: text/html; charset={$lang->settings['charset']}"); $data = ''; $data .= "<captcha>{$imagehash}"; if ($hide_captcha) {
$query = $db->simple_select("users", "loginattempts", "LOWER(username)='" . $db->escape_string(my_strtolower($mybb->input['username'])) . "' OR LOWER(email)='" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'", array('limit' => 1)); $loginattempts = $db->fetch_field($query, "loginattempts"); $errors = array(); $login_captcha = false; if ($mybb->settings['failedcaptchalogincount'] > 0 && ($loginattempts > $mybb->settings['failedcaptchalogincount'] || intval($mybb->cookies['loginattempts']) > $mybb->settings['failedcaptchalogincount'])) { // Show captcha image if enabled if ($mybb->settings['captchaimage']) { $do_captcha = false; // Check their current captcha input - if correct, hide the captcha input area require_once MYBB_ROOT . 'inc/class_captcha.php'; $login_captcha = new captcha(); if ($login_captcha->validate_captcha() == false) { $correct = true; $do_captcha = true; // CAPTCHA validation failed foreach ($login_captcha->get_errors() as $error) { $errors[] = $error; } } } } // Don't check password when captcha isn't solved if (empty($errors)) { $user = validate_password_from_username($mybb->input['username'], $mybb->input['password']); if (!$user['uid']) { my_setcookie('loginattempts', $logins + 1); $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "LOWER(username) = '" . $db->escape_string(my_strtolower($mybb->input['username'])) . "'", 1, true); $mybb->input['action'] = "login"; $mybb->input['request_method'] = "get"; if ($mybb->settings['failedlogincount'] != 0 && $mybb->settings['failedlogintext'] == 1) { $login_text = $lang->sprintf($lang->failed_login_again, $mybb->settings['failedlogincount'] - $logins);