}
// Update the status if this is the first time the user logged in
if ($cur_user['group_id'] == LUNA_UNVERIFIED) {
$db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $luna_config['o_default_user_group'] . ' WHERE id=' . $cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error());
// Regenerate the users info cache
if (!defined('LUNA_CACHE_FUNCTIONS_LOADED')) {
require LUNA_ROOT . 'include/cache.php';
}
generate_users_info_cache();
}
// Remove this user's guest entry from the online list
$db->query('DELETE FROM ' . $db->prefix . 'online WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
$expire = $save_pass == '1' ? time() + 1209600 : time() + $luna_config['o_timeout_visit'];
luna_setcookie($cur_user['id'], $form_password_hash, $expire);
// Reset tracked threads
set_tracked_threads(null);
// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after the email is sent)
$redirect_url = validate_redirect($_POST['redirect_url'], 'index.php');
redirect(luna_htmlspecialchars($redirect_url));
} elseif ($action == 'out') {
if ($luna_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $luna_user['id']) {
header('Location: index.php');
exit;
}
check_csrf($_GET['csrf_token']);
// Remove user from "users online" list
$db->query('DELETE FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id']) or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
// Update last_visit (make sure there's something to update it with)
if (isset($luna_user['logged'])) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
}
// The first row contains the subject
$first_crlf = strpos($mail_tpl, "\n");
$mail_subject = trim(substr($mail_tpl, 8, $first_crlf - 8));
$mail_message = trim(substr($mail_tpl, $first_crlf));
$mail_message = str_replace('<username>', $username, $mail_message);
$mail_message = str_replace('<email>', $email, $mail_message);
$mail_message = str_replace('<comment_url>', get_base_url() . '/thread.php?pid=' . $new_pid . '#p' . $new_pid, $mail_message);
$mail_message = str_replace('<board_mailer>', $luna_config['o_board_title'], $mail_message);
luna_mail($luna_config['o_mailing_list'], $mail_subject, $mail_message);
}
// If the commenting user is logged in, increment his/her comment count
if (!$luna_user['is_guest']) {
$db->query('UPDATE ' . $db->prefix . 'users SET num_comments=num_comments+1, last_comment=' . $now . ' WHERE id=' . $luna_user['id']) or error('Unable to update user', __FILE__, __LINE__, $db->error());
$tracked_threads = get_tracked_threads();
$tracked_threads['threads'][$new_tid] = time();
set_tracked_threads($tracked_threads);
} else {
$db->query('UPDATE ' . $db->prefix . 'online SET last_comment=' . $now . ' WHERE ident=\'' . $db->escape(get_remote_address()) . '\'') or error('Unable to update user', __FILE__, __LINE__, $db->error());
}
redirect('thread.php?pid=' . $new_pid . '#p' . $new_pid);
}
}
// If a thread ID was specified in the url (it's a reply)
if ($tid) {
$action = __('Add comment', 'luna');
$form = '<form id="comment" method="post" action="comment.php?action=comment&tid=' . $tid . '" onsubmit="window.onbeforeunload=null;this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';
// If a quote ID was specified in the url
if (isset($_GET['qid'])) {
$qid = intval($_GET['qid']);
if ($qid < 1) {
message(__('Bad request. The link you followed is incorrect, outdated or you are simply not allowed to hang around here.', 'luna'), false, '404 Not Found');
function check_cookie(&$luna_user)
{
global $db, $db_type, $luna_config, $cookie_name, $cookie_seed;
$now = time();
// If the cookie is set and it matches the correct pattern, then read the values from it
if (isset($_COOKIE[$cookie_name]) && preg_match('%^(\\d+)\\|([0-9a-fA-F]+)\\|(\\d+)\\|([0-9a-fA-F]+)$%', $_COOKIE[$cookie_name], $matches)) {
$cookie = array('user_id' => intval($matches[1]), 'password_hash' => $matches[2], 'expiration_time' => intval($matches[3]), 'cookie_hash' => $matches[4]);
}
// If it has a non-guest user, and hasn't expired
if (isset($cookie) && $cookie['user_id'] > 1 && $cookie['expiration_time'] > $now) {
// If the cookie has been tampered with
if (forum_hmac($cookie['user_id'] . '|' . $cookie['expiration_time'], $cookie_seed . '_cookie_hash') != $cookie['cookie_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Check if there's a user with the user ID and password hash from the cookie
$result = $db->query('SELECT u.*, g.*, o.logged, o.idle FROM ' . $db->prefix . 'users AS u INNER JOIN ' . $db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $db->prefix . 'online AS o ON o.user_id=u.id WHERE u.id=' . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $db->error());
$luna_user = $db->fetch_assoc($result);
// If user authorisation failed
if (!isset($luna_user['id']) || forum_hmac($luna_user['password'], $cookie_seed . '_password_hash') !== $cookie['password_hash']) {
$expire = $now + 31536000;
// The cookie expires after a year
luna_setcookie(1, luna_hash(uniqid(rand(), true)), $expire);
set_default_user();
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = $cookie['expiration_time'] > $now + $luna_config['o_timeout_visit'] ? $now + 1209600 : $now + $luna_config['o_timeout_visit'];
luna_setcookie($luna_user['id'], $luna_user['password'], $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(LUNA_ROOT . 'lang/' . $luna_user['language'])) {
$luna_user['language'] = $luna_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(LUNA_ROOT . 'themes/' . $luna_user['style'] . '/style.css')) {
$luna_user['style'] = $luna_config['o_default_style'];
}
if (!$luna_user['disp_threads']) {
$luna_user['disp_threads'] = $luna_config['o_disp_threads'];
}
if (!$luna_user['disp_comments']) {
$luna_user['disp_comments'] = $luna_config['o_disp_comments'];
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('LUNA_QUIET_VISIT')) {
// Update the online list
if (!$luna_user['logged']) {
$luna_user['logged'] = $now;
// With MySQL/MySQLi/SQLite, REPLACE INTO avoids a user having two rows in the online table
switch ($db_type) {
case 'mysql':
case 'mysqli':
case 'mysql_innodb':
case 'mysqli_innodb':
case 'sqlite':
$db->query('REPLACE INTO ' . $db->prefix . 'online (user_id, ident, logged) VALUES(' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
default:
$db->query('INSERT INTO ' . $db->prefix . 'online (user_id, ident, logged) SELECT ' . $luna_user['id'] . ', \'' . $db->escape($luna_user['username']) . '\', ' . $luna_user['logged'] . ' WHERE NOT EXISTS (SELECT 1 FROM ' . $db->prefix . 'online WHERE user_id=' . $luna_user['id'] . ')') or error('Unable to insert into online list', __FILE__, __LINE__, $db->error());
break;
}
// Reset tracked threads
set_tracked_threads(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($luna_user['logged'] < $now - $luna_config['o_timeout_visit']) {
$db->query('UPDATE ' . $db->prefix . 'users SET last_visit=' . $luna_user['logged'] . ' WHERE id=' . $luna_user['id']) or error('Unable to update user visit data', __FILE__, __LINE__, $db->error());
$luna_user['last_visit'] = $luna_user['logged'];
}
$idle_sql = $luna_user['idle'] == '1' ? ', idle=0' : '';
$db->query('UPDATE ' . $db->prefix . 'online SET logged=' . $now . $idle_sql . ' WHERE user_id=' . $luna_user['id']) or error('Unable to update online list', __FILE__, __LINE__, $db->error());
// Update tracked threads with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $luna_config['o_timeout_visit']);
}
}
} else {
if (!$luna_user['logged']) {
$luna_user['logged'] = $luna_user['last_visit'];
}
}
$luna_user['is_guest'] = false;
$luna_user['is_admmod'] = $luna_user['g_id'] == LUNA_ADMIN || $luna_user['g_moderator'] == '1';
} else {
set_default_user();
}
}
