public function do_login($redirect, $force_retry = false)
{
global $config, $user;
// If user is already logged in and granted our application, we don't need to redirect him to facebook
$user_fb_id = $this->client->getUser();
if (!empty($user_fb_id)) {
return $this->retrieve_user_basic_data($user_fb_id);
}
$confirm = request_get_var('confirm', 0);
if ($confirm != 1 || $force_retry) {
// Build the social network return url
$current_page = extract_current_page(IP_ROOT_PATH);
$return_url = (!empty($_SERVER['HTTPS']) ? 'https' : 'http') . '://';
$return_url .= extract_current_hostname() . $current_page['script_path'] . $current_page['page'];
$return_url .= (strpos($return_url, '?') ? '&' : '?') . 'redirect=' . $redirect . '&confirm=1';
$return_url .= !empty($_GET['admin']) ? '&admin=1' : '';
$params = array('scope' => $this->scope, 'redirect_uri' => $return_url);
$login_url = $this->client->getLoginUrl($params);
header('Location: ' . $login_url);
exit;
} else {
$token = '';
$user_fb_data = array();
try {
$token = $this->client->getAccessToken();
$user_fb_data = $this->client->api('/me');
} catch (OAuthException $e) {
// Retry on failure
return $this->do_login(true);
}
return $this->retrieve_user_id($user_fb_data['id']);
}
}
function generate_smilies_row()
{
global $db, $cache, $config, $template;
$max_smilies = !empty($config['smilie_single_row']) ? intval($config['smilie_single_row']) : 20;
$sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " GROUP BY smile_url ORDER BY smilies_order LIMIT " . $max_smilies;
$result = $db->sql_query($sql, 0, 'smileys_');
$host = extract_current_hostname();
$orig = array();
$repl = array();
while ($row = $db->sql_fetchrow($result)) {
$template->assign_block_vars('smilies', array('CODE' => $row['code'], 'URL' => 'http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $row['smile_url'], 'DESC' => htmlspecialchars($row['emoticon'])));
}
$db->sql_freeresult($result);
}
function smilies_news($message)
{
static $orig, $repl;
if (!isset($orig)) {
global $db, $config;
$orig = $repl = array();
//$sql = "SELECT * FROM " . SMILIES_TABLE;
$sql = "SELECT code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_order";
$result = $db->sql_query($sql, 0, 'smileys_');
$host = extract_current_hostname();
$orig = array();
$repl = array();
while ($row = $db->sql_fetchrow($result)) {
$orig[] = "/(?<=.\\W|\\W.|^\\W)" . phpbb_preg_quote($row['code'], "/") . "(?=.\\W|\\W.|\\W\$)/";
$repl[] = '<img src="http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $row['smile_url'] . '" alt="" />';
}
}
if (sizeof($orig)) {
$message = preg_replace($orig, $repl, ' ' . $message . ' ');
$message = substr($message, 1, -1);
}
return $message;
}
if (empty($host)) {
if (!empty($config['server_name'])) {
$host = $config['server_name'];
} else {
if (!empty($config['cookie_domain'])) {
$host = strpos($config['cookie_domain'], '.') === 0 ? substr($config['cookie_domain'], 1) : $config['cookie_domain'];
} else {
// Set to OS hostname or localhost
$host = function_exists('php_uname') ? php_uname('n') : 'localhost';
}
}
}
// It may be still no valid host, but for sure only a hostname (we may further expand on the cookie domain... if set)
return $host;
}
echo 'Domain name: ' . extract_current_hostname() . '<br />';
$server_port = $request->server('SERVER_PORT', 0);
echo 'Server port: ' . $server_port . '<br />';
// The script path from the webroot to the current directory (for example: /phpBB3/adm/) :
// always prefixed with / and ends in /
$script_path = $symfony_request->getBasePath();
// The script path from the webroot to the phpBB root (for example: /phpBB3/)
$script_dirs = explode('/', $script_path);
array_splice($script_dirs, -sizeof($page_dirs));
$root_script_path = implode('/', $script_dirs) . (sizeof($root_dirs) ? '/' . implode('/', $root_dirs) : '');
// We are on the base level (phpBB root == webroot), lets adjust the variables a bit...
if (!$root_script_path) {
$root_script_path = $page_dir ? str_replace($page_dir, '', $script_path) : $script_path;
}
$script_path .= substr($script_path, -1, 1) == '/' ? '' : '/';
$root_script_path .= substr($root_script_path, -1, 1) == '/' ? '' : '/';
// echo "#".$all_smilies[$i]['smile_url']."#";
preg_match_all($match_regexp, ' ' . $message . ' ', $matches);
// echo "<br />-" . sizeof($matches[0]) . "-<br />";
$all_smilies[$i]['count'] = $all_smilies[$i]['count'] + sizeof($matches[0]);
}
}
}
for ($i = 0; $i < sizeof($all_smilies); $i++) {
$total_smilies = $total_smilies + $all_smilies[$i]['count'];
}
// Sort array
$all_smilies = smilies_sort_multi_array_attachment($all_smilies, 'count', 'DESC');
$limit = $return_limit > sizeof($all_smilies) ? sizeof($all_smilies) : $return_limit;
$firstcount = $all_smilies[0]['count'];
$template->_tpldata['stats_row.'] = array();
$host = extract_current_hostname();
for ($i = 0; $i < $limit; $i++) {
$class = $i % 2 ? $theme['td_class2'] : $theme['td_class1'];
$statistics->do_math($firstcount, $all_smilies[$i]['count'], $total_smilies);
if ($all_smilies[$i]['count'] != 0) {
$template->assign_block_vars('stats_row', array('RANK' => $i + 1, 'CLASS' => $class, 'CODE' => $all_smilies[$i]['code'], 'USES' => $all_smilies[$i]['count'], 'PERCENTAGE' => $statistics->percentage, 'BAR' => $statistics->bar_percent, 'URL' => '<img src="http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $all_smilies[$i]['smile_url'] . '" alt="' . $all_smilies[$i]['smile_url'] . '" />'));
}
//$result_cache->assign_template_block_vars('topsmilies');
$result_cache->assign_template_block_vars('topsmilies', 'stats_row');
}
}
}
} else {
// Now use the result cache, with block_num_vars we are getting the number of variables within the block
for ($i = 0; $i < $result_cache->block_num_vars('topsmilies'); $i++) {
$template->assign_block_vars('stats_row', $result_cache->get_block_array('topsmilies', $i));
/**
* Start session management
*
* This is where all session activity begins. We gather various pieces of
* information from the client and server. We test to see if a session already
* exists. If it does, fine and dandy. If it doesn't we'll go on to create a
* new one ... pretty logical heh? We also examine the system load (if we're
* running on a system which makes such information readily available) and
* halt if it's above an admin definable limit.
*
* @param bool $update_session_page if true the session page gets updated.
* This can be set to circumvent certain scripts to update the users last visited page.
*/
function session_begin($update_session_page = true)
{
global $SID, $_SID, $_EXTRA_URL, $db, $config;
// ICY PHOENIX - BEGIN
global $lang;
// ICY PHOENIX - END
// Give us some basic information
$this->time_now = time();
$this->cookie_data = array('u' => 0, 'k' => '');
$this->cookie_expire = $this->time_now + ($config['max_autologin_time'] ? 86400 * (int) $config['max_autologin_time'] : 31536000);
$this->update_session_page = empty($update_session_page) || defined('IMG_THUMB') ? false : true;
//$this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
$this->browser = !empty($_SERVER['HTTP_USER_AGENT']) ? (string) $_SERVER['HTTP_USER_AGENT'] : '';
$this->referer = !empty($_SERVER['HTTP_REFERER']) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
$this->forwarded_for = !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? htmlspecialchars((string) $_SERVER['HTTP_X_FORWARDED_FOR']) : '';
$this->host = extract_current_hostname();
$this->page = extract_current_page(IP_ROOT_PATH);
$session_cookie_empty = empty($_COOKIE[$config['cookie_name'] . '_sid']) ? true : false;
$session_get_empty = empty($_GET['sid']) ? true : false;
$session_empty = true;
if (isset($_COOKIE[$config['cookie_name'] . '_sid']) || isset($_COOKIE[$config['cookie_name'] . '_u'])) {
$this->cookie_data['u'] = request_var($config['cookie_name'] . '_u', 0, false, true);
$this->cookie_data['k'] = request_var($config['cookie_name'] . '_k', '', false, true);
$this->session_id = request_var($config['cookie_name'] . '_sid', '', false, true);
// Mighty Gorgon: I'm still not sure if I want to keep 'sid=' in Icy Phoenix as well... maybe better removing it!!!
//$SID = (defined('NEED_SID')) ? ('sid=' . $this->session_id) : 'sid=';
$SID = defined('NEED_SID') ? 'sid=' . $this->session_id : '';
$_SID = defined('NEED_SID') ? $this->session_id : '';
$session_empty = empty($this->session_id) ? true : false;
}
// Mighty Gorgon: moved here this IF block... why it was so down in the code???
// if no session id is set, redirect to index.php
//if (defined('NEED_SID') && ($cookie_empty || (!isset($_GET['sid']) || ($this->session_id !== $_GET['sid']))))
if (defined('NEED_SID') && !defined('IN_LOGIN') && ($session_cookie_empty || $session_empty || !isset($_GET['sid']) || isset($_GET['sid']) && $this->session_id !== $_GET['sid'])) {
// Mighty Gorgon: I don't know why it isn't working properly, returning blank page!!!
//send_status_line(401, 'Not authorized');
// Mighty Gorgon: removed append_sid as it seems the user doesn't have a valid SID!
redirect(IP_ROOT_PATH . 'index.' . PHP_EXT);
}
if ($session_empty) {
$this->session_id = request_var('sid', '');
$_SID = $this->session_id;
$SID = 'sid=' . $this->session_id;
$this->cookie_data = array('u' => 0, 'k' => '');
}
$_EXTRA_URL = array();
// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
$this->ip = !empty($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : (!empty($_ENV['REMOTE_ADDR']) ? $_ENV['REMOTE_ADDR'] : getenv('REMOTE_ADDR'));
$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip));
// split the list of IPs
$ips = explode(' ', $this->ip);
// Default IP if REMOTE_ADDR is invalid
$this->ip = '127.0.0.1';
$format_ipv4 = get_preg_expression('ipv4');
$format_ipv6 = get_preg_expression('ipv6');
foreach ($ips as $ip) {
if (preg_match($format_ipv4, $ip)) {
$this->ip = $ip;
} elseif (preg_match($format_ipv6, $ip)) {
// Quick check for IPv4-mapped address in IPv6
if (stripos($ip, '::ffff:') === 0) {
$ipv4 = substr($ip, 7);
if (preg_match($format_ipv4, $ipv4)) {
$ip = $ipv4;
}
}
$this->ip = $ip;
} else {
// We want to use the last valid address in the chain
// Leave foreach loop when address is invalid
break;
}
}
$this->load = false;
// Load limit check (if applicable)
if ($config['limit_load'] || $config['limit_search_load']) {
if (function_exists('sys_getloadavg') && ($load = sys_getloadavg()) || ($load = explode(' ', @file_get_contents('/proc/loadavg')))) {
$this->load = array_slice($load, 0, 1);
$this->load = floatval($this->load[0]);
} else {
set_config('limit_load', '0');
set_config('limit_search_load', '0');
}
}
// if session id is set
if (!empty($this->session_id)) {
$sql = "SELECT u.*, s.*\n\t\t\t\tFROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\t\t\tWHERE s.session_id = '" . $db->sql_escape($this->session_id) . "'\n\t\t\t\t\tAND u.user_id = s.session_user_id";
$result = $db->sql_query($sql);
$this->data = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// Did the session exist in the DB?
if (isset($this->data['user_id'])) {
if (strpos($this->ip, ':') !== false && strpos($this->data['session_ip'], ':') !== false) {
$s_ip = short_ipv6($this->data['session_ip'], $config['ip_check']);
$u_ip = short_ipv6($this->ip, $config['ip_check']);
} else {
$s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $config['ip_check']));
$u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $config['ip_check']));
}
$s_browser = $config['browser_check'] ? trim(strtolower(substr($this->data['session_browser'], 0, 254))) : '';
$u_browser = $config['browser_check'] ? trim(strtolower(substr($this->browser, 0, 254))) : '';
// referer checks
// The @ before $config['referer_validation'] suppresses notices present while running the updater
$check_referer_path = @$config['referer_validation'] == REFERER_VALIDATE_PATH;
$referer_valid = true;
// we assume HEAD and TRACE to be foul play and thus only whitelist GET
if (@$config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') {
$referer_valid = $this->validate_referer($check_referer_path);
}
if ($u_ip === $s_ip && $s_browser === $u_browser && $referer_valid) {
// Some useful boolean checks... defined here for future easy of use
$session_expired = false;
$session_refresh_time = (int) SESSION_REFRESH;
$autologin_expired = !empty($config['max_autologin_time']) && $this->data['session_time'] < $this->time_now - 86400 * (int) $config['max_autologin_time'] + $session_refresh_time ? true : false;
$session_time_expired = $this->data['session_time'] < $this->time_now - ((int) $config['session_length'] + $session_refresh_time) ? true : false;
$session_refresh = $this->data['session_time'] < $this->time_now - $session_refresh_time ? true : false;
if (!$session_expired) {
// Check the session length timeframe if autologin is not enabled.
// Else check the autologin length... and also removing those having autologin enabled but no longer allowed site-wide.
if (empty($this->data['session_autologin'])) {
if ($session_time_expired) {
$session_expired = true;
}
} elseif (empty($config['allow_autologin']) || $autologin_expired) {
$session_expired = true;
}
}
// ICY PHOENIX - BEGIN
// This portion of code needs to stay here (after isset($this->data['user_id']) )... otherwise we are potentially going to instantiate some $user->data even if $user->data is still empty
$this->bots_process();
if (isset($this->data['user_id']) && $this->data['user_id'] != ANONYMOUS && isset($this->data['user_level']) && $this->data['user_level'] == JUNIOR_ADMIN) {
define('IS_JUNIOR_ADMIN', true);
$this->data['user_level'] = !defined('IN_ADMIN') && !defined('IN_CMS') ? ADMIN : MOD;
}
// Refresh last visit time for those users having autologin enabled or those users with session time expired (only if config for this has been set)
if ($this->data['user_id'] != ANONYMOUS && (!empty($config['session_last_visit_reset']) && $session_time_expired || !empty($config['allow_autologin']) && $autologin_expired || empty($this->data['user_lastvisit']))) {
$sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\t\t\t\tSET user_lastvisit = " . (int) $this->data['session_time'] . "\n\t\t\t\t\t\t\tWHERE user_id = " . (int) $this->data['user_id'];
$db->sql_query($sql);
}
// ICY PHOENIX - END
if (!$session_expired) {
// Only update session DB a minute or so after last update or if page changes
// Mighty Gorgon: in Icy Phoenix we give maximum priority to $this->update_session_page, because we don't want the session to be updated for thumbnails or other special features!
if ($this->update_session_page && ($session_refresh || $this->data['session_page'] != $this->page['page']) && empty($_REQUEST['explain'])) {
$sql_ary = array();
// ICY PHOENIX - BEGIN
// Update $user->data
$this->data['user_session_time'] = $this->time_now;
$this->data['user_session_page'] = (string) substr($this->page['page'], 0, 254);
$this->data['user_browser'] = (string) substr($this->browser, 0, 254);
$this->data['user_totalpages'] = (int) $this->data['user_totalpages'] + 1;
$this->data['user_totaltime'] = (int) $this->data['user_totaltime'] + $this->time_now - $this->data['session_time'];
// ICY PHOENIX - END
// A little trick to reset session_admin on session re-usage
if (!defined('IN_ADMIN') && !defined('IN_CMS') && $session_time_expired) {
$sql_ary['session_admin'] = 0;
}
$sql_ary['session_time'] = $this->time_now;
$sql_ary['session_page'] = $this->data['user_session_page'];
$sql_ary['session_browser'] = $this->data['user_browser'];
$sql_ary['session_forum_id'] = $this->page['forum'];
$sql_ary['session_topic_id'] = $this->page['topic'];
$db->sql_return_on_error(true);
$sql = "UPDATE " . SESSIONS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
$result = $db->sql_query($sql);
// ICY PHOENIX - BEGIN
if ($this->data['user_id'] != ANONYMOUS) {
$sql_ary = array();
$sql_ary['user_ip'] = $this->ip;
$sql_ary['user_session_time'] = $this->data['user_session_time'];
$sql_ary['user_session_page'] = $this->data['user_session_page'];
$sql_ary['user_browser'] = $this->data['user_browser'];
$sql_ary['user_totalpages'] = $this->data['user_totalpages'];
$sql_ary['user_totaltime'] = $this->data['user_totaltime'];
$sql = "UPDATE " . USERS_TABLE . " SET " . $db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\t\t\t\t\t\t\tWHERE user_id = " . $this->data['user_id'];
$result = $db->sql_query($sql);
}
// ICY PHOENIX - END
$db->sql_return_on_error(false);
}
$this->data['is_registered'] = empty($this->data['is_bot']) && $this->data['user_id'] != ANONYMOUS && !empty($this->data['user_active']) ? true : false;
$this->data['session_logged_in'] = $this->data['is_registered'];
$this->data['user_lang'] = basename($this->data['user_lang']);
$this->upi2db();
return true;
}
} else {
// Added logging temporarily to help debug bugs...
if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) {
if ($referer_valid) {
add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser);
} else {
add_log('critical', 'LOG_REFERER_INVALID', $this->referer);
}
}
}
}
}
// If we reach here then no (valid) session exists. So we'll create a new one
return $this->session_create();
}
function generate_smilies($mode)
{
global $db, $cache, $config, $auth, $user, $lang, $template, $images, $theme;
global $starttime, $gen_simple_header;
$inline_columns = $config['smilie_columns'];
$inline_rows = $config['smilie_rows'];
$window_columns = $config['smilie_window_columns'];
$window_rows = $config['smilie_window_rows'];
$smilies_per_page = $window_columns * $window_rows;
$start = request_var('start', 0);
$start = $start < 0 ? 0 : $start;
$smilies_per_page = request_var('smilies_per_page', $smilies_per_page);
if ($mode == 'window') {
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
// End session management
$gen_simple_header = true;
$meta_content['page_title'] = $lang['Emoticons'];
$meta_content['description'] = '';
$meta_content['keywords'] = '';
page_header($meta_content['page_title'], true);
$template->set_filenames(array('smiliesbody' => 'posting_smilies.tpl'));
}
// Smilies Order Replace
// ORDER BY smilies_id";
$sql = "SELECT emoticon, code, smile_url FROM " . SMILIES_TABLE . " ORDER BY smilies_order";
$db->sql_return_on_error(true);
$result = $db->sql_query($sql, 0, 'smileys_');
$db->sql_return_on_error(false);
if ($result !== false) {
$num_smilies = 0;
$rowset = array();
$rowset2 = array();
while ($row = $db->sql_fetchrow($result)) {
if (empty($rowset2[$row['smile_url']])) {
$rowset2[$row['smile_url']] = $row['smile_url'];
$rowset[$num_smilies]['smile_url'] = $row['smile_url'];
$rowset[$num_smilies]['code'] = str_replace("'", "\\'", str_replace('\\', '\\\\', $row['code']));
$rowset[$num_smilies]['emoticon'] = $row['emoticon'];
$num_smilies++;
}
}
unset($rowset2);
$db->sql_freeresult($result);
if ($num_smilies) {
if ($mode == 'inline' || $smilies_per_page == 0) {
$per_page = $num_smilies;
$smiley_start = 0;
$smiley_stop = $num_smilies;
} else {
$per_page = $smilies_per_page > $num_smilies ? $num_smilies : $smilies_per_page;
$page_num = $start <= 0 ? 1 : $start / $per_page + 1;
$smiley_start = $per_page * $page_num - $per_page;
$smiley_stop = $per_page * $page_num > $num_smilies ? $num_smilies : $smiley_start + $per_page;
}
$smilies_count = $mode == 'inline' ? min($inline_columns * $inline_rows - 1, $num_smilies) : $num_smilies;
$smilies_split_row = $mode == 'inline' ? $inline_columns - 1 : $window_columns - 1;
$s_colspan = 0;
$row = 0;
$col = 0;
$host = extract_current_hostname();
for ($i = $smiley_start; $i < $smiley_stop; $i++) {
if (!$col) {
$template->assign_block_vars('smilies_row', array());
}
$template->assign_block_vars('smilies_row.smilies_col', array('SMILEY_CODE' => $rowset[$i]['code'], 'SMILEY_IMG' => 'http://' . $host . $config['script_path'] . $config['smilies_path'] . '/' . $rowset[$i]['smile_url'], 'SMILEY_DESC' => $rowset[$i]['emoticon']));
$s_colspan = max($s_colspan, $col + 1);
if ($col == $smilies_split_row) {
if ($mode == 'inline' && $row == $inline_rows - 1 || empty($inline) && $row == $per_page) {
break;
}
$col = 0;
$row++;
} else {
$col++;
}
}
if ($mode == 'inline' && $num_smilies > $inline_rows * $inline_columns) {
$template->assign_vars(array('L_MORE_SMILIES' => $lang['More_emoticons'], 'U_MORE_SMILIES' => append_sid('posting.' . PHP_EXT . '?mode=smilies')));
$template->assign_block_vars('switch_smilies_extra', array());
}
$select_smileys_pp = '<select name="smilies_per_page" onchange="SetSmileysPerPage();" class="gensmall">';
$select_smileys_pp .= '<option value="' . $window_columns * $window_rows . '"' . ($smilies_per_page == $window_columns * $window_rows ? ' selected="selected"' : '') . '>' . $window_columns * $window_rows . '</option>';
$select_smileys_pp .= '<option value="50"' . ($smilies_per_page == 50 ? ' selected="selected"' : '') . '>50</option>';
$select_smileys_pp .= '<option value="100"' . ($smilies_per_page == 100 ? ' selected="selected"' : '') . '>100</option>';
$select_smileys_pp .= '<option value="150"' . ($smilies_per_page == 150 ? ' selected="selected"' : '') . '>150</option>';
$select_smileys_pp .= '<option value="250"' . ($smilies_per_page == 250 ? ' selected="selected"' : '') . '>250</option>';
$select_smileys_pp .= '<option value="500"' . ($smilies_per_page == 500 ? ' selected="selected"' : '') . '>500</option>';
$select_smileys_pp .= '<option value="1000"' . ($smilies_per_page == 1000 ? ' selected="selected"' : '') . '>1000</option>';
$select_smileys_pp .= '<option value="5000"' . ($smilies_per_page == 5000 ? ' selected="selected"' : '') . '>5000</option>';
$select_smileys_pp .= '</select>';
$template->assign_vars(array('L_EMOTICONS' => $lang['Emoticons'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SMILEYS_PER_PAGE' => $lang['Smileys_Per_Page'], 'REQUEST_URI' => append_sid('posting.' . PHP_EXT . '?mode=smilies'), 'U_SMILEYS_GALLERY' => append_sid('smileys.' . PHP_EXT), 'DEFAULT_SMILEYS_PER_PAGE' => $window_columns * $window_rows, 'SELECT_SMILEYS_PP' => $select_smileys_pp, 'PAGINATION' => generate_pagination('posting.' . PHP_EXT . '?mode=smilies&smilies_per_page=' . $smilies_per_page, $num_smilies, $per_page, $start, false), 'S_SMILIES_COLSPAN' => $s_colspan));
}
}
$template->assign_vars(array('DISPLAY_MODE' => $mode == 'window' ? 'window' : 'inline'));
if ($mode == 'window') {
$template->pparse('smiliesbody');
page_footer(true, '', true);
}
}
/**
* digest_md5 authentication method
* A real pain in the ***
*/
function digest_md5($username, $password)
{
global $config, $lang;
$this->server_send('AUTH DIGEST-MD5');
if ($err_msg = $this->server_parse('334', __LINE__)) {
return $this->numeric_response_code == 503 ? false : $err_msg;
}
$md5_challenge = base64_decode($this->responses[0]);
// Parse the md5 challenge - from AUTH_SASL (PEAR)
$tokens = array();
while (preg_match('/^([a-z-]+)=("[^"]+(?<!\\\\)"|[^,]+)/i', $md5_challenge, $matches)) {
// Ignore these as per rfc2831
if ($matches[1] == 'opaque' || $matches[1] == 'domain') {
$md5_challenge = substr($md5_challenge, strlen($matches[0]) + 1);
continue;
}
// Allowed multiple "realm" and "auth-param"
if (!empty($tokens[$matches[1]]) && ($matches[1] == 'realm' || $matches[1] == 'auth-param')) {
if (is_array($tokens[$matches[1]])) {
$tokens[$matches[1]][] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]);
} else {
$tokens[$matches[1]] = array($tokens[$matches[1]], preg_replace('/^"(.*)"$/', '\\1', $matches[2]));
}
} elseif (!empty($tokens[$matches[1]])) {
$tokens = array();
break;
} else {
$tokens[$matches[1]] = preg_replace('/^"(.*)"$/', '\\1', $matches[2]);
}
// Remove the just parsed directive from the challenge
$md5_challenge = substr($md5_challenge, strlen($matches[0]) + 1);
}
// Realm
if (empty($tokens['realm'])) {
$tokens['realm'] = function_exists('php_uname') ? php_uname('n') : extract_current_hostname();
}
// Maxbuf
if (empty($tokens['maxbuf'])) {
$tokens['maxbuf'] = 65536;
}
// Required: nonce, algorithm
if (empty($tokens['nonce']) || empty($tokens['algorithm'])) {
$tokens = array();
}
$md5_challenge = $tokens;
if (!empty($md5_challenge)) {
$str = '';
for ($i = 0; $i < 32; $i++) {
$str .= chr(mt_rand(0, 255));
}
$cnonce = base64_encode($str);
$digest_uri = 'smtp/' . $config['smtp_host'];
$auth_1 = sprintf('%s:%s:%s', pack('H32', md5(sprintf('%s:%s:%s', $username, $md5_challenge['realm'], $password))), $md5_challenge['nonce'], $cnonce);
$auth_2 = 'AUTHENTICATE:' . $digest_uri;
$response_value = md5(sprintf('%s:%s:00000001:%s:auth:%s', md5($auth_1), $md5_challenge['nonce'], $cnonce, md5($auth_2)));
$input_string = sprintf('username="******",realm="%s",nonce="%s",cnonce="%s",nc="00000001",qop=auth,digest-uri="%s",response=%s,%d', $username, $md5_challenge['realm'], $md5_challenge['nonce'], $cnonce, $digest_uri, $response_value, $md5_challenge['maxbuf']);
} else {
return isset($lang['INVALID_DIGEST_CHALLENGE']) ? $lang['INVALID_DIGEST_CHALLENGE'] : 'Invalid digest challenge';
}
$base64_method_digest_md5 = base64_encode($input_string);
$this->server_send($base64_method_digest_md5, true);
if ($err_msg = $this->server_parse('334', __LINE__)) {
return $err_msg;
}
$this->server_send(' ');
if ($err_msg = $this->server_parse('235', __LINE__)) {
return $err_msg;
}
return false;
}
