function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
if ($_POST['persistent']) {
$persistent = 3600000;
// 1000 hours
} else {
$persistent = 0;
}
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto'));
} elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) {
log_insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta'));
$previous_login_failed++;
} else {
UserAuth::check_clon_from_cookies();
if (!empty($_REQUEST['return'])) {
header('Location: ' . $_REQUEST['return']);
} else {
header('Location: ./');
}
die;
}
}
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" tabindex="4" />' . "\n";
echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</form>' . "\n";
echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n";
echo '<div style="margin-top: 30px">';
print_oauth_icons($_REQUEST['return']);
echo '</div>' . "\n";
}
function show_profile()
{
global $user, $user_levels, $globals, $site_key, $current_user;
echo '<div>';
echo '<form enctype="multipart/form-data" action="' . get_auth_link() . 'profile.php" method="post" id="thisform" AUTOCOMPLETE="off">';
echo '<fieldset><legend>';
echo '<span class="sign">' . _('opciones de usuario') . " <a href='" . get_user_uri($user->username) . "'>{$user->username}</a>: {$user->level}</span></legend>";
echo '<img class="thumbnail" src="' . $globals['base_url'] . 'backend/get_avatar.php?id=' . $user->id . '&size=80&t=' . time() . '" width="80" height="80" alt="' . $user->username . '" />';
echo '<input type="hidden" name="process" value="1" />';
echo '<input type="hidden" name="user_id" value="' . $user->id . '" />';
echo '<input type="hidden" name="form_hash" value="' . md5($site_key . $user->id . mnminclude) . '" />';
get_form_auth_ip();
echo '<p><label>' . _('usuario') . ':</label><br/>';
echo '<input type="text" autocomplete="off" name="username" id="username" value="' . $user->username . '"/>';
echo '</p>';
echo '<p><label>' . _('nombre real') . ':</label><br/>';
echo '<input type="text" autocomplete="off" name="names" id="names" value="' . $user->names . '"/>';
echo '</p>';
echo '<p><label>' . _('correo electrónico') . ':</label><br/>';
echo '<input type="text" autocomplete="off" name="email" id="email" value="' . $user->email . '"/>';
echo '</p>';
echo '<p><label>' . _('página web') . ':</label><br/>';
echo '<input type="text" autocomplete="off" name="url" id="url" value="' . $user->url . '" />';
echo '</p>';
if (is_avatars_enabled()) {
echo '<input type="hidden" name="MAX_FILE_SIZE" value="300000" />';
echo '<p><label>' . _('avatar') . ':</label><br/>';
echo '<input type="file" autocomplete="off" name="image" />';
echo '</p>';
}
echo '<p><label for="password">' . _("nueva clave") . ':</label><br />' . "\n";
echo '<input type="password" autocomplete="off" id="password" name="password" size="25" onkeyup="return securePasswordCheck(this.form.password);"/></p>' . "\n";
echo '<p><label for="verify">' . _("repite la clave") . ': </label><br />' . "\n";
echo '<input type="password" autocomplete="off" id="verify" name="password2" size="25" onkeyup="checkEqualFields(this.form.password2, this.form.password)"/></p>' . "\n";
echo '<p><input type="submit" name="save_profile" value="' . _('actualizar') . '"/></p>';
echo '</fieldset>';
echo "</form></div>\n";
}
function show_profile() {
global $user, $admin_mode, $user_levels, $globals, $site_key, $current_user, $db;
echo '<div class="genericform" style="margin: 0 50px">';
echo '<form enctype="multipart/form-data" action="'.get_auth_link().'profile.php" method="post" id="thisform" AUTOCOMPLETE="off">';
echo '<fieldset><legend>';
echo '<span class="sign">'._('opciones de usuario') . " <a href='".get_user_uri($user->username)."'>$user->username</a>: $user->level</span></legend>";
echo '<img class="thumbnail" src="'.get_avatar_url($user->id, $user->avatar, 80).'" width="80" height="80" alt="'.$user->username.'" />';
echo '<input type="hidden" name="process" value="1" />';
echo '<input type="hidden" name="user_id" value="'.$user->id.'" />';
echo '<input type="hidden" name="form_hash" value="'. md5($site_key.$user->id.mnminclude) .'" />';
get_form_auth_ip();
if ($admin_mode)
echo '<input type="hidden" name="login" value="'.$user->username.'" />';
echo '<p><label>'._('usuario').':</label><br/>';
echo '<input type="text" autocomplete="off" name="username" id="username" value="'.$user->username.'" onkeyup="enablebutton(this.form.checkbutton1, null, this)" />';
echo ' <span id="checkit"><input type="button" class="button" id="checkbutton1" disabled="disabled" value="'._('verificar').'" onclick="checkfield(\'username\', this.form, this.form.username)"/></span>';
echo ' <span id="usernamecheckitvalue"></span>' . "\n";
echo '</p>';
echo '<p><label>'._('nombre real').':</label><br/>';
echo '<input type="text" autocomplete="off" name="names" id="names" value="'.$user->names.'" />';
echo '</p>';
echo '<p><label>'._('correo electrónico').':</label><br/>';
echo '<input type="text" autocomplete="off" name="email" id="email" value="'.$user->email.'" onkeyup="enablebutton(this.form.checkbutton2, null, this)"/>';
echo ' <input type="button" class="button" id="checkbutton2" disabled="disabled" value="'._('verificar').'" onclick="checkfield(\'email\', this.form, this.form.email)"/>';
echo ' <span id="emailcheckitvalue"></span>';
echo '</p>';
echo '<p style="padding-bottom:10px;"><label>'._('norma ortográfica').':</label><br/>';
echo '<select name="standard" >';
foreach ($globals['standards'] as &$val) {
$selected = "";
if ($user->standard == $val['id']) $selected = 'selected="selected"';
echo '<option value="'.$val['id'].'" '.$selected.' > '.$val['name'].' </option>';
}
echo '</select><br/>';
echo '</p>';
echo '<p><label>'._('página web').':</label><br/>';
echo '<input type="text" autocomplete="off" name="url" id="url" value="'.$user->url.'" />';
echo '</p>';
echo '<p><label>'._('mensajero instantáneo público, invisible para los demás').':</label><br/>';
echo '<span class="note">' . _('necesario si te conectarás vía Jabber/Google Talk') . '</span><br/>';
echo '<input type="text" autocomplete="off" name="public_info" id="public_info" value="'.$user->public_info.'" />';
echo '</p>';
if ($user->id == $current_user->user_id) {
echo '<p><label>'._('teléfono móvil').':</label><br/>';
echo '<span class="note">' . _('sólo necesario si enviarás notas al nótame vía SMS') . '</span><br/>';
echo '<span class="note">' . _('pon el número completo, con código de país: +34123456789') . '</span><br/>';
echo '<input type="text" autocomplete="off" name="phone" id="phone" value="'.$user->phone.'" />';
echo '</p>';
}
if ($globals['external_user_ads']) {
echo '<p><label for="adcode">'._('codigo AdSense').':</label><br/>';
echo '<span class="note">' . _('tu código de usuario de AdSense, del tipo pub-123456789') . '</span><br/>';
echo '<input type="text" autocomplete="off" name="adcode" id="adcode" maxlength="20" value="'.$user->adcode.'" /><br />';
echo '<span class="note">' . _('canal AdSense (opcional), del tipo 1234567890') . '</span><br/>';
echo '<input type="text" autocomplete="off" name="adchannel" id="adchannel" maxlength="12" value="'.$user->adchannel.'" />';
echo '</p>';
}
if (is_avatars_enabled()) {
echo '<input type="hidden" name="MAX_FILE_SIZE" value="400000" />';
echo '<p><label>'._('avatar').':</label><br/>';
echo '<span class="note">' . _('imagen cuadrada de no más de 400 KB, sin transparencias') . '</span><br/>';
echo '<input type="file" class="button" autocomplete="off" name="image" />';
if ($user->avatar > 0) {
echo ' '._('Eliminar avatar').': <input type="checkbox" name="avatar_delete" value="1"/>';
}
echo '</p>';
}
echo '<fieldset><legend>'._('opciones de visualización') . '</legend>';
echo '<p><label>'._('mostrar todos los comentarios').': ';
print_checkbox('comment_pref', $user->comment_pref & 1);
echo '</label></p>';
echo '</fieldset>';
echo '<p>'._('introduce la nueva clave para cambiarla -no se cambiará si la dejas en blanco-:').'</p>';
echo '<p><label for="password">' . _("clave") . ':</label><br />' . "\n";
echo '<input type="password" autocomplete="off" id="password" name="password" size="25" onkeyup="return securePasswordCheck(this.form.password);"/></p>' . "\n";
echo '<p><label for="verify">' . _("repite la clave") . ': </label><br />' . "\n";
echo '<input type="password" autocomplete="off" id="verify" name="password2" size="25" onkeyup="checkEqualFields(this.form.password2, this.form.password)"/></p>' . "\n";
if ($admin_mode) {
echo '<p><label for="verify">' . _("estado") . ': </label><br />' . "\n";
echo '<select name="user_level">';
foreach ($user_levels as $level) {
echo '<option value="'.$level.'"';
if ($user->level == $level) echo ' selected="selected"';
echo '>'.$level.'</option>';
}
echo '</select>';
echo '<p><label for="karma">'._('karma').':</label><br/>';
echo '<input type="text" autocomplete="off" name="karma" id="karma" value="'.$user->karma.'" />';
echo '</p>';
}
echo '<p><input type="submit" name="save_profile" value="'._('actualizar').'" class="button" /></p>';
echo '</fieldset>';
// Disable the account
if ($user->id == $current_user->user_id) {
echo '<br/><fieldset><legend>'._('deshabilitar cuenta') . '</legend>';
echo '<p>'._('¡atención! la cuenta será deshabilitada.').'</p>';
echo '<p class="note">'._('se eliminarán automáticamente los datos personales.').'<br/>';
echo _('las notas serán eliminadas, los envíos y comentarios NO se borrarán.').'</p>';
echo '<p><label>'._('sí, quiero deshabilitarla').': <input name="disable" type="checkbox" value="1"/>';
echo '</label></p>';
echo '<p><input type="submit" name="disabledme" value="'._('deshabilitar cuenta').'" class="button" /></p>';
echo '</fieldset>';
}
echo "</form></div>\n";
}
function do_login()
{
global $current_user, $globals;
$form_ip_check = check_form_auth_ip();
$previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300);
// Show menéame intro only if first try and the there were not previous logins
if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) {
echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n";
// Only prints if the user was redirected from submit.php
if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) {
echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n";
}
echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n";
echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n";
echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n";
echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n";
echo '<ul style="margin-left: 1.5em">' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n";
echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n";
echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n";
echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n";
echo '</li>' . "\n";
echo '<li>' . "\n";
echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n";
echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n";
echo '</li>' . "\n";
echo '</ul>' . "\n";
echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n";
echo '</div>' . "\n";
echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n";
} else {
echo '<div class="genericform" style="float:auto;">' . "\n";
}
echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n";
if ($_POST["processlogin"] == 1) {
// Check the IP, otherwise redirect
if (!$form_ip_check) {
header('HTTP/1.1 303 Load');
header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php");
die;
}
$username = clean_input_string(trim($_POST['username']));
$password = trim($_POST['password']);
// Check form
if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})");
} elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) {
Log::insert('login_failed', $globals['form_user_ip_int'], 0);
$previous_login_failed++;
recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})");
} else {
UserAuth::check_clon_from_cookies();
// If the user is authenticating from a mobile device, keep her in the standard version
if ($globals['mobile']) {
setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain());
}
header('HTTP/1.1 303 Load');
if (!empty($_REQUEST['return'])) {
header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']);
} else {
header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']);
}
die;
}
}
echo '<fieldset>' . "\n";
echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n";
echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n";
echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n";
echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n";
echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n";
echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n";
// Print captcha
if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) {
ts_print_form();
}
get_form_auth_ip();
echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n";
print_oauth_icons($_REQUEST['return']);
echo '<input type="hidden" name="processlogin" value="1"/>' . "\n";
echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n";
echo '</fieldset>' . "\n";
echo '</form>' . "\n";
echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n";
echo '</div>' . "\n";
echo '<br/> ';
}
function do_register1() {
global $db, $globals;
if($_POST["acceptlegal"] !== 'accept' ) {
register_error(_("no has aceptado las condiciones de uso"));
return;
}
if (!check_user_fields()) return;
echo '<br style="clear:both" />';
// f**k spammers
$re_test = Array();
preg_match("/.*(outlook.com)|(fr)|(co.uk)|(ru)|(ua)|(aol.com)|(.tk)|(hotmail.*)$/i", clean_input_string($_POST["email"]), $re_test);
if($re_test || !empty($_POST['email2'])) {
register_error(_("Dominio nom permitido. Ponte em contato com nos em chuza.gl@gmail.com"));
return;
}
echo '<form action="'.get_auth_link().'register.php" method="post" id="thisform">' . "\n";
echo '<fieldset><legend><span class="sign">'._('validación').'</span></legend>'."\n";
ts_print_form();
echo '<input type="submit" name="submit" class="button" value="'._('continuar').'" />';
echo '<input type="hidden" name="process" value="2" />';
echo '<input type="hidden" name="email" value="'.clean_input_string($_POST["email"]).'" />'; // extra sanity, in fact not needed
echo '<input type="hidden" name="username" value="'.clean_input_string($_POST["username"]).'" />'; // extra sanity, in fact not needed
echo '<input type="hidden" name="password" value="'.clean_input_string($_POST["password"]).'" />'; // extra sanity, in fact not needed
echo '<input type="hidden" name="password2" value="'.clean_input_string($_POST["password2"]).'" />'; // extra sanity, in fact not needed
echo '<input type="hidden" name="standard" value="'.clean_input_string($_POST["standard"]).'" />'; // extra sanity, in fact not needed
get_form_auth_ip();
echo '</fieldset></form>'."\n";
}
function do_register1()
{
global $db, $globals;
if ($_POST["acceptlegal"] !== 'accept') {
register_error(_("no has aceptado las condiciones de uso"));
return;
}
if (!check_user_fields()) {
return;
}
echo '<br style="clear:both" />';
echo '<form action="' . get_auth_link() . 'register.php" method="post" id="thisform">' . "\n";
echo '<fieldset><legend><span class="sign">' . _('validación') . '</span></legend>' . "\n";
ts_print_form();
echo '<input type="submit" name="submit" class="button" value="' . _('continuar') . '" />';
echo '<input type="hidden" name="process" value="2" />';
echo '<input type="hidden" name="email" value="' . clean_input_string($_POST["email"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="username" value="' . clean_input_string($_POST["username"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="password" value="' . clean_input_string($_POST["password"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="password2" value="' . clean_input_string($_POST["password2"]) . '" />';
// extra sanity, in fact not needed
get_form_auth_ip();
echo '</fieldset></form>' . "\n";
}
function do_register1()
{
global $db, $globals;
if ($_POST["acceptlegal"] !== 'accept') {
register_error(_("no has aceptado las condiciones de uso"));
return;
}
if (!check_user_fields()) {
return;
}
echo '<br style="clear:both" />';
echo '<form action="' . get_auth_link() . 'register" method="post" id="thisform">' . "\n";
echo '<fieldset><legend><span class="sign">' . _('validación') . '</span></legend>' . "\n";
ts_print_form();
echo '<input type="submit" name="submit" class="button" value="' . _('continuar') . '" />';
echo '<input type="hidden" name="process" value="2" />';
echo '<input type="hidden" name="email" value="' . clean_input_string($_POST["email"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="username" value="' . clean_input_string($_POST["username"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="password" value="' . clean_input_string($_POST["password"]) . '" />';
// extra sanity, in fact not needed
echo '<input type="hidden" name="password2" value="' . clean_input_string($_POST["password2"]) . '" />';
// extra sanity, in fact not needed
get_form_auth_ip();
echo '</fieldset></form>';
// Add extra check: base_key is added on submit
echo '<script type="text/javascript">addPostCode(function () { $("#thisform").submit(function () { $(this).append($("<input>", { type: "hidden", name: "base_key", value: base_key})); return true; });})</script>';
}
