$key_len = 54 - strlen($server_url);
$key_len = $key_len > 6 ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
if ($userdata['session_logged_in']) {
session_end($userdata['sid'], $userdata['user_id']);
}
} else {
$user_active = 1;
$user_actkey = '';
}
$sql = "UPDATE " . USERS_TABLE . "\n SET " . $username_sql . $passwd_sql . "user_email = '" . str_replace("\\'", "''", $email) . "', user_icq = '" . str_replace("\\'", "''", $icq) . "', user_website = '" . str_replace("\\'", "''", $website) . "', user_occ = '" . str_replace("\\'", "''", $occupation) . "', user_from = '" . str_replace("\\'", "''", $location) . "', user_interests = '" . str_replace("\\'", "''", $interests) . "', user_sig = '" . str_replace("\\'", "''", $signature) . "', user_sig_bbcode_uid = '{$signature_bbcode_uid}', user_viewemail = '{$viewemail}', user_aim = '" . str_replace("\\'", "''", str_replace(' ', '+', $aim)) . "', user_yim = '" . str_replace("\\'", "''", $yim) . "', user_msnm = '" . str_replace("\\'", "''", $msn) . "', user_attachsig = '{$attachsig}', user_allowsmile = '{$allowsmilies}', user_allowhtml = '{$allowhtml}', user_allowbbcode = '{$allowbbcode}', user_allow_viewonline = '{$allowviewonline}', user_notify = '{$notifyreply}', user_notify_pm = '{$notifypm}', user_popup_pm = '{$popup_pm}', user_timezone = '{$user_timezone}', user_dateformat = '" . str_replace("\\'", "''", $user_dateformat) . "', user_lang = '" . str_replace("\\'", "''", $user_lang) . "', user_style = '{$user_style}', user_active = '{$user_active}', user_actkey = '" . str_replace("\\'", "''", $user_actkey) . "'" . $avatar_sql . "\n WHERE user_id = '{$user_id}'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
} else {
getusrinfo($user);
docookie($userinfo[user_id], $userinfo[username], $userinfo[user_password], $userinfo[storynum], $userinfo[umode], $userinfo[uorder], $userinfo[thold], $userinfo[noscore], $userinfo[ublockon], $userinfo[theme], $userinfo[commentmax]);
}
if (!$user_active) {
//
// The users account has been deactivated, send them an email with a new activation key
//
include "includes/emailer.php";
$emailer = new emailer($board_config['smtp_delivery']);
$emailer->from($board_config['board_email']);
$emailer->replyto($board_config['board_email']);
$emailer->use_template('user_activate', stripslashes($user_lang));
$emailer->email_address($email);
$emailer->set_subject($lang['Reactivate']);
$emailer->assign_vars(array('SITENAME' => $board_config['sitename'], 'USERNAME' => preg_replace($unhtml_specialchars_match, $unhtml_specialchars_replace, substr(str_replace("\\'", "'", $username), 0, 25)), 'EMAIL_SIG' => !empty($board_config['board_email_sig']) ? str_replace('<br />', "\n", "-- \n" . $board_config['board_email_sig']) : '', 'U_ACTIVATE' => $server_url . '&mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey));
$emailer->send();
$emailer->reset();
function atThemeSet($theme, $douser = 0)
{
$dbi = $GLOBALS['dbi'];
$prefix = $GLOBALS['prefix'];
$userprefix = $GLOBALS['user_prefix'];
$user = $GLOBALS['user'];
if (isset($theme) && @file_exists("themes/{$theme}/theme.cfg")) {
sql_query("UPDATE " . $prefix . "_config SET Default_Theme='{$theme}'", $dbi);
if (atIsLoggedIn() && $douser) {
$username = atGetUserName();
sql_query("UPDATE " . $userprefix . "_users SET theme='{$theme}' WHERE username='******'", $dbi);
$userinfo = getusrinfo($user);
docookie($userinfo['user_id'], $userinfo['username'], $userinfo['user_password'], $userinfo['storynum'], $userinfo['umode'], $userinfo['uorder'], $userinfo['thold'], $userinfo['noscore'], $userinfo['ublockon'], $theme, $userinfo['commentmax']);
}
}
}
function savecomm($user_id, $username, $umode, $uorder, $thold, $noscore, $commentmax)
{
global $user, $cookie, $userinfo, $user_prefix, $db, $module_name;
cookiedecode($user);
$check = $cookie[1];
$check2 = $cookie[2];
$sql = "SELECT user_id, user_password FROM " . $user_prefix . "_users WHERE username='******'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$vuid = intval($row['user_id']);
$ccpass = filter($row['user_password'], "nohtml", 1);
if ($user_id == $vuid and $check2 == $ccpass) {
if (isset($noscore)) {
$noscore = 1;
} else {
$noscore = 0;
}
$db->sql_query("UPDATE " . $user_prefix . "_users SET umode='{$umode}', uorder='{$uorder}', thold='{$thold}', noscore='{$noscore}', commentmax='{$commentmax}' WHERE user_id='{$user_id}'");
getusrinfo($user);
docookie($userinfo['user_id'], $userinfo['username'], $userinfo['user_password'], $userinfo['storynum'], $userinfo['umode'], $userinfo['uorder'], $userinfo['thold'], $userinfo['noscore'], $userinfo['ublockon'], $userinfo['theme'], $userinfo['commentmax']);
Header("Location: modules.php?name={$module_name}");
}
}
function savetheme($uid, $theme)
{
global $NPDS_Prefix;
global $user;
$cookie = cookiedecode($user);
$result = sql_query("SELECT uid FROM " . $NPDS_Prefix . "users WHERE uname='{$cookie['1']}'");
list($vuid) = sql_fetch_row($result);
if ($uid == $vuid) {
sql_query("UPDATE " . $NPDS_Prefix . "users SET theme='{$theme}' WHERE uid='{$uid}'");
$userinfo = getusrinfo($user);
docookie($userinfo['uid'], $userinfo['uname'], $userinfo['pass'], $userinfo['storynum'], $userinfo['umode'], $userinfo['uorder'], $userinfo['thold'], $userinfo['noscore'], $userinfo['ublockon'], $userinfo['theme'], $userinfo['commentmax'], "");
// Include cache manager for purge cache Page
$cache_obj = new cacheManager();
$cache_obj->UsercacheCleanup();
Header("Location: user.php");
} else {
Header("Location: index.php");
}
}
function _login($uname, $pass)
{
global $dbi;
$unamepost = addslashes(trim($_POST['uname']));
$passpost = addslashes(trim($_POST['pass']));
$uname = addslashes(trim($uname));
$pass = addslashes(trim($pass));
$aUserInfo = array();
if (!$uname == $unamepost) {
die("var mismatch");
}
if (!$pass == $passpost) {
die("var mismatch");
}
$result = sql_query("select pass,id,useraclevel,usertype_id from tuser where uactive=1 and failcount<5 and uname='{$uname}'", $dbi);
if (sql_num_rows($result, $dbi) == 1) {
$aUserInfo = sql_fetch_array($result, $dbi);
$dbpass = $aUserInfo['pass'];
$md5_pass = md5($pass);
if ($dbpass != $md5_pass) {
_increasefailcount($uname);
Header("Location: dso_user.php?stop=1");
return;
}
# // headers are sent this command ???
/*
* User authenticated ... do some stuff ...
*/
docookie('lsdb4user', $aUserInfo['id'], $uname, $md5_pass, $aUserInfo['usertype_id'], $_SERVER['REMOTE_ADDR']);
session_name('LSDB4');
session_start();
$_SESSION['count'] = 1;
$_SESSION['lsdbuid'] = $aUserInfo['id'];
$_SESSION['lsdbuser'] = $uname;
$_SESSION['lsdbencpass'] = $md5_pass;
$_SESSION['lsdbusertype'] = $aUserInfo['usertype_id'];
$_SESSION['lsdbuserip'] = $_SERVER['REMOTE_ADDR'];
$result = sql_query("update tuser set current_ip='" . $_SERVER['REMOTE_ADDR'] . "' where id=" . $aUserInfo['id'] . " AND uname='{$uname}' limit 1", $dbi);
Header("Location: dso_user.php");
} else {
// user not found - redirect to stop page ...
Header("Location: dso_user.php?stop=notfound");
}
}