}
if (empty($error)) {
$result = mysql_query("SELECT user_name, user_email, logins, activate_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($id) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error());
if (mysql_num_rows($result) != 1) {
$errors[] = true;
}
$data = mysql_fetch_array($result);
mysql_free_result($result);
}
if (empty($error)) {
if (trim($data['activate_code']) == '') {
$error = true;
}
}
if (empty($error)) {
if (is_pw_correct($key, $data['activate_code'])) {
@mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET activate_code = '' WHERE user_id=" . intval($id), $connid) or raise_error('database_error', mysql_error());
// E-mail notification to mods and admins:
if ($data['logins'] == 0) {
if ($settings['register_mode'] == 1) {
$new_user_notif_txt = $lang['new_user_notif_txt_locked'];
} else {
$new_user_notif_txt = $lang['new_user_notif_txt'];
}
$new_user_notif_txt = str_replace("[name]", $data['user_name'], $new_user_notif_txt);
$new_user_notif_txt = str_replace("[email]", $data['user_email'], $new_user_notif_txt);
$new_user_notif_txt = str_replace("[user_link]", $settings['forum_address'] . "index.php?mode=user&show_user="******"SELECT user_name, user_email FROM " . $db_settings['userdata_table'] . " WHERE user_type>0 AND new_user_notification=1", $connid);
if (!$admin_result) {
exit;
}
if (isset($_GET['activate'])) {
mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, activate_code='' WHERE user_id=" . intval($_GET['activate']) . " LIMIT 1", $connid);
header('Location: index.php?mode=admin&edit_user='******'activate']));
exit;
}
if (isset($_POST['reset_forum_confirmed']) || isset($_POST['uninstall_forum_confirmed'])) {
if (empty($_POST['confirm_pw'])) {
$errors[] = 'error_password_wrong';
}
if (empty($errors)) {
$pw_result = @mysql_query("SELECT user_pw FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($_SESSION[$settings['session_prefix'] . 'user_id']) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error());
$field = mysql_fetch_array($pw_result);
mysql_free_result($pw_result);
if (!is_pw_correct($_POST['confirm_pw'], $field['user_pw'])) {
$errors[] = 'error_password_wrong';
}
#if($field['user_pw'] != md5($_POST['confirm_pw'])) $errors[] = 'error_password_wrong';
}
if (empty($errors)) {
if (isset($_POST['reset_forum_confirmed'])) {
if (empty($_POST['delete_postings']) && empty($_POST['delete_userdata'])) {
$errors[] = 'error_no_selection_made';
} else {
if (isset($_POST['delete_postings'])) {
@mysql_query("TRUNCATE TABLE " . $db_settings['forum_table'], $connid) or raise_error('database_error', mysql_error());
@mysql_query("TRUNCATE TABLE " . $db_settings['entry_cache_table'], $connid) or raise_error('database_error', mysql_error());
}
if (isset($_POST['delete_userdata'])) {
@mysql_query("DELETE FROM " . $db_settings['userdata_table'] . " WHERE user_id != " . intval($_SESSION[$settings['session_prefix'] . 'user_id']), $connid) or raise_error('database_error', mysql_error());
header("Location: index.php?mode=login&login_message=mail_error");
exit;
}
}
header("Location: index.php?mode=login&login_message=pwf_failed");
exit;
break;
case "activate":
if (isset($_GET['activate']) && trim($_GET['activate']) != "" && isset($_GET['code']) && trim($_GET['code']) != "") {
$pwf_result = mysql_query("SELECT user_id, user_name, user_email, pwf_code FROM " . $db_settings['userdata_table'] . " WHERE user_id = '" . intval($_GET["activate"]) . "'", $connid);
if (!$pwf_result) {
raise_error('database_error', mysql_error());
}
$field = mysql_fetch_array($pwf_result);
mysql_free_result($pwf_result);
if ($field['user_id'] == $_GET['activate'] && is_pw_correct($_GET['code'], $field['pwf_code'])) {
// generate new password:
if ($settings['min_pw_length'] < 8) {
$pwl = 8;
} else {
$pwl = $settings['min_pw_length'];
}
$new_pw = random_string($pwl);
$pw_hash = generate_pw_hash($new_pw);
$update_result = mysql_query("UPDATE " . $db_settings['userdata_table'] . " SET last_login=last_login, registered=registered, user_pw='" . mysql_real_escape_string($pw_hash) . "', pwf_code='' WHERE user_id='" . $field["user_id"] . "' LIMIT 1", $connid);
// send new password:
$smarty->config_load($settings['language_file'], 'emails');
$lang = $smarty->get_config_vars();
$lang['new_pw_email_txt'] = str_replace("[name]", $field['user_name'], $lang['new_pw_email_txt']);
$lang['new_pw_email_txt'] = str_replace("[password]", $new_pw, $lang['new_pw_email_txt']);
$lang['new_pw_email_txt'] = str_replace("[login_link]", $settings['forum_address'] . basename($_SERVER['PHP_SELF']) . "?mode=login&username="******"&userpw=" . $new_pw, $lang['new_pw_email_txt']);
/**
* checks permission to edit a posting
*
* @return int : 0 = not authorized, 1 = edit period expired, 2 = locked, 3 = posting has replies, 4 = no replies
*/
function get_edit_authorization($id, $posting_user_id, $edit_key, $time, $locked)
{
global $settings, $db_settings, $connid;
$authorization['edit'] = false;
$authorization['delete'] = false;
$reply_result = mysql_query("SELECT COUNT(*) FROM " . $db_settings['forum_table'] . " WHERE pid = " . intval($id), $connid);
list($replies) = mysql_fetch_row($reply_result);
#$authorization['replies'] = $replies;
if ($settings['edit_min_time_period'] != 0 && time() - $settings['edit_min_time_period'] * 60 < $time) {
$edit_min_time_period_expired = false;
} else {
$edit_min_time_period_expired = true;
}
if ($settings['edit_max_time_period'] == 0 || time() - $settings['edit_max_time_period'] * 60 < $time) {
$edit_max_time_period_expired = false;
} else {
$edit_max_time_period_expired = true;
}
if ($locked == 0) {
$locked = false;
} else {
$locked = true;
}
if (isset($_SESSION[$settings['session_prefix'] . 'user_id']) && isset($_SESSION[$settings['session_prefix'] . 'user_type'])) {
if ($_SESSION[$settings['session_prefix'] . 'user_type'] > 0) {
$authorization['edit'] = true;
$authorization['delete'] = true;
} elseif ($_SESSION[$settings['session_prefix'] . 'user_type'] == 0) {
if ($posting_user_id == $_SESSION[$settings['session_prefix'] . 'user_id'] && $settings['user_edit'] > 0 && $edit_max_time_period_expired == false && $locked == false) {
if ($settings['user_edit_if_no_replies'] == 0 || $settings['user_edit_if_no_replies'] == 1 && ($replies == 0 || $edit_min_time_period_expired == false)) {
$authorization['edit'] = true;
}
if ($replies == 0) {
$authorization['delete'] = true;
}
}
}
} elseif ($settings['user_edit'] > 1 && isset($_SESSION[$settings['session_prefix'] . 'edit_keys'])) {
if (isset($_SESSION[$settings['session_prefix'] . 'edit_keys'][$id]) && is_pw_correct($_SESSION[$settings['session_prefix'] . 'edit_keys'][$id], $edit_key) && trim($edit_key) != '' && $edit_max_time_period_expired == false && $locked == false) {
if ($settings['user_edit_if_no_replies'] == 0 || $settings['user_edit_if_no_replies'] == 1 && ($replies == 0 || $edit_min_time_period_expired == false)) {
$authorization['edit'] = true;
}
if ($replies == 0) {
$authorization['delete'] = true;
}
}
}
return $authorization;
}
$errors[] = 'error_form_uncompl';
}
if (empty($errors)) {
if ($new_email != $new_email_confirm) {
$errors[] = 'error_email_confirmation';
}
if (my_strlen($new_email, $lang['charset']) > $settings['email_maxlength']) {
$errors[] = 'error_email_too_long';
}
if ($new_email == $data['user_email']) {
$errors[] = 'error_identic_email';
}
if (!preg_match(EMAIL_PATTERN, $new_email)) {
$errors[] = 'error_email_invalid';
}
if (!is_pw_correct($pw_new_email, $data['user_pw'])) {
$errors[] = 'pw_wrong';
}
}
if (empty($errors)) {
$smarty->config_load($settings['language_file'], 'emails');
$lang = $smarty->get_config_vars();
$activate_code = random_string(32);
$activate_code_hash = generate_pw_hash($activate_code);
// send mail with activation key:
$lang['edit_address_email_txt'] = str_replace("[name]", $data['user_name'], $lang['edit_address_email_txt']);
$lang['edit_address_email_txt'] = str_replace("[activate_link]", $settings['forum_address'] . "index.php?mode=register&id=" . $data['user_id'] . "&key=" . $activate_code, $lang['edit_address_email_txt']);
$lang['edit_address_email_txt'] = stripslashes($lang['edit_address_email_txt']);
$new_user_mailto = my_mb_encode_mimeheader($data['user_name'], CHARSET, "Q") . " <" . $new_email . ">";
if (!my_mail($new_user_mailto, $lang['edit_address_email_sj'], $lang['edit_address_email_txt'])) {
$errors[] = 'error_mailserver';
}
}
if (empty($errors)) {
header('location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users');
exit;
}
} elseif ($_SESSION[$settings['session_prefix'] . 'user_type'] == 0) {
if (empty($_POST['old_pw']) || empty($_POST['new_pw']) || empty($_POST['new_pw_r'])) {
$errors[] = 'error_form_uncomplete';
}
if (empty($errors)) {
$dbr = Database::$userdata->prepare("SELECT pw FROM " . Database::$db_settings['userdata_table'] . " WHERE id=:id LIMIT 1");
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT);
$dbr->execute();
$data = $dbr->fetch();
if (!is_pw_correct($_POST['old_pw'], $data['pw'])) {
$errors[] = 'error_pw_wrong';
}
if ($_POST['new_pw'] !== $_POST['new_pw_r']) {
$errors[] = 'error_pw_doesnt_comply';
}
}
if (empty($errors)) {
$pw_hash = generate_pw_hash($_POST['new_pw']);
$dbr = Database::$userdata->prepare("UPDATE " . Database::$db_settings['userdata_table'] . " SET pw=:pw WHERE id=:id");
$dbr->bindParam(':pw', $pw_hash, PDO::PARAM_STR);
$dbr->bindParam(':id', $_SESSION[$settings['session_prefix'] . 'user_id'], PDO::PARAM_INT);
$dbr->execute();
}
if (empty($errors)) {
header('Location: ' . BASE_URL . ADMIN_DIR . 'index.php?mode=users&edit=' . $_SESSION[$settings['session_prefix'] . 'user_id'] . '&saved=true');
exit;
}
if (isset($_SESSION[$settings['session_prefix'] . 'user_id']) && empty($action)) {
session_destroy();
header("Location: ../");
} elseif (empty($_SESSION[$settings['session_prefix'] . 'user_id']) && isset($_POST['username']) && isset($_POST['userpw'])) {
$username = $_POST['username'];
$userpw = $_POST['userpw'];
if (isset($_POST['username']) && trim($_POST['username']) != '' && isset($_POST['userpw']) && trim($_POST['userpw']) != '') {
$dbr = Database::$userdata->prepare('SELECT id, name, pw, type, wysiwyg FROM ' . Database::$db_settings['userdata_table'] . ' WHERE lower(name)=lower(:name) LIMIT 1');
#$dbr->bindValue(':name',mb_strtolower($_POST['username'],CHARSET), PDO::PARAM_STR);
$dbr->bindValue(':name', $_POST['username'], PDO::PARAM_STR);
$dbr->execute();
$row = $dbr->fetch();
if (isset($row['id'])) {
if (is_pw_correct($_POST['userpw'], $row['pw'])) {
$_SESSION[$settings['session_prefix'] . 'user_id'] = $row['id'];
$_SESSION[$settings['session_prefix'] . 'user_name'] = $row['name'];
$_SESSION[$settings['session_prefix'] . 'user_type'] = $row['type'];
$_SESSION[$settings['session_prefix'] . 'wysiwyg'] = $row['wysiwyg'];
$dbr = Database::$userdata->prepare('UPDATE ' . Database::$db_settings['userdata_table'] . ' SET last_login=:now WHERE id=:id');
$dbr->bindValue(':now', time(), PDO::PARAM_INT);
$dbr->bindValue(':id', $row['id'], PDO::PARAM_INT);
$dbr->execute();
header('Location: ../');
exit;
} else {
$login_failed = true;
}
} else {
$login_failed = true;
