function main($id, $mode)
{
global $config, $phpbb_root_path, $phpEx;
global $db, $user, $auth, $template, $phpbb_container;
if (!$config['allow_password_reset']) {
trigger_error($user->lang('UCP_PASSWORD_RESET_DISABLED', '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'));
}
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = isset($_POST['submit']) ? true : false;
if ($submit) {
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('NO_EMAIL_USER');
}
if ($user_row['user_type'] == USER_IGNORE) {
trigger_error('NO_USER');
}
if ($user_row['user_type'] == USER_INACTIVE) {
if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) {
trigger_error('ACCOUNT_DEACTIVATED');
} else {
trigger_error('ACCOUNT_NOT_ACTIVATED');
}
}
// Check users permissions
$auth2 = new \phpbb\auth\auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd')) {
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
$server_url = generate_board_url();
// Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
// For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(mt_rand(6, 10));
// Instantiate passwords manager
$passwords_manager = $phpbb_container->get('passwords.manager');
$sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\tWHERE user_id = " . $user_row['user_id'];
$db->sql_query($sql);
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$messenger = new messenger(false);
$messenger->template('user_activate_passwd', $user_row['user_lang']);
$messenger->set_addresses($user_row);
$messenger->anti_abuse_headers($config, $user);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}"));
$messenger->send($user_row['user_notify_type']);
meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}"));
$message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
trigger_error($message);
}
$template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')));
$this->tpl_name = 'ucp_remind';
$this->page_title = 'UCP_REMIND';
}
function login($phpbb_user_id)
{
define('IN_PHPBB', true);
define('PBB_ROOT_PATH', "D://www/phpBB3");
global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template;
$phpEx = "php";
$phpbb_root_path = defined('PHPBB_ROOT_PATH') ? PHPBB_ROOT_PATH : PBB_ROOT_PATH . '/';
require_once $phpbb_root_path . 'config.' . $phpEx;
include $phpbb_root_path . 'common.' . $phpEx;
// $session_id = $user->session_begin($phpbb_user_id, $user_ip, 0, FALSE, 0);
// $auth->acl($user->data);
// $user->setup();
//
// if ($session_id) {
// return $session_id;
// }
// else
// {
// message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
// }
$user->session_begin();
$auth->acl($user->data);
$user->setup();
//Does user have phpBB3 account?
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . "\r\n\t\t WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($user)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
if (!$row) {
//Create phpBB3 user
}
//Signin automaticly for phpBB3
$user->session_create($row['user_id'], true, true, true);
return true;
}
/**
* Run Tool
*
* Does the actual stuff we want the tool to do after submission
*/
function run_tool()
{
global $db, $template;
$part = request_var('part', 0);
$limit = 500;
$i = 0;
$sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE;
$result = $db->sql_query_limit($sql, $limit, ($part * $limit));
while ($row = $db->sql_fetchrow($result))
{
$i++;
$username_clean = utf8_clean_string($row['username']);
if ($username_clean != $row['username_clean'])
{
$db->sql_query('UPDATE ' . USERS_TABLE . " SET username_clean = '$username_clean' WHERE user_id = {$row['user_id']}");
}
}
$db->sql_freeresult($result);
if ($i == $limit)
{
meta_refresh(0, append_sid(STK_INDEX, 't=reclean_usernames&submit=1&part=' . (++$part)));
$template->assign_var('U_BACK_TOOL', false);
trigger_error('RECLEAN_USERNAMES_NOT_COMPLETE');
}
else
{
trigger_error('RECLEAN_USERNAMES_COMPLETE');
}
}
public function create_welcome_topic($user_id)
{
if (!$this->config['welcomerobot_enable']) {
return false;
}
if (!function_exists('get_username_string')) {
include $this->root_path . 'includes/functions_content.' . $this->phpEx;
}
if (!function_exists('submit_post')) {
include $this->root_path . 'includes/functions_posting.' . $this->phpEx;
}
$sql = 'SELECT *
FROM ' . USERS_TABLE . "\n\t\t\tWHERE user_id = " . intval($user_id) . "";
$dbresult = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($dbresult);
$this->db->sql_freeresult($dbresult);
if (empty($row)) {
return false;
}
$username = get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']);
$clean_username = utf8_clean_string($row['username']);
$topic_title = str_replace(array('%user', '%robot', '%board'), array($clean_username, $this->config['welcomerobot_username'], $this->config['sitename']), $this->config['welcomerobot_title']);
$topic_content = str_replace(array('%user', '%robot', '%board'), array($clean_username, $this->config['welcomerobot_username'], $this->config['sitename']), $this->config['welcomerobot_detail']);
$poll = $uid = $bitfield = $options = '';
// will be modified by generate_text_for_storage
$allow_bbcode = $allow_urls = $allow_smilies = true;
generate_text_for_storage($topic_content, $uid, $bitfield, $options, $allow_bbcode, $allow_urls, $allow_smilies);
$data = array('forum_id' => $this->config['welcomerobot_forum'], 'topic_id' => 0, 'icon_id' => false, 'robot_name' => $this->config['welcomerobot_username'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $topic_content, 'message_md5' => md5($topic_content), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'post_edit_locked' => 0, 'topic_title' => $topic_title, 'notify_set' => false, 'notify' => false, 'post_time' => 0, 'forum_name' => '', 'enable_indexing' => true, 'force_approved_state' => true);
submit_post('post', $topic_title, 'robot_name', POST_NORMAL, $poll, $data);
return true;
}
public function update_bots()
{
// Update bots
if (!function_exists('user_delete')) {
include $this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext;
}
$bots_updates = array('NG-Search [Bot]' => false, 'Nutch/CVS [Bot]' => false, 'OmniExplorer [Bot]' => false, 'Seekport [Bot]' => false, 'Synoo [Bot]' => false, 'WiseNut [Bot]' => false, 'Baidu [Spider]' => 'Baiduspider', 'Exabot [Bot]' => 'Exabot', 'Voyager [Bot]' => 'voyager/', 'W3C [Validator]' => 'W3C_Validator');
foreach ($bots_updates as $bot_name => $bot_agent) {
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_type = ' . USER_IGNORE . "\n\t\t\t\t\tAND username_clean = '" . $this->db->sql_escape(utf8_clean_string($bot_name)) . "'";
$result = $this->db->sql_query($sql);
$bot_user_id = (int) $this->db->sql_fetchfield('user_id');
$this->db->sql_freeresult($result);
if ($bot_user_id) {
if ($bot_agent === false) {
$sql = 'DELETE FROM ' . BOTS_TABLE . "\n\t\t\t\t\t\tWHERE user_id = {$bot_user_id}";
$this->sql_query($sql);
user_delete('retain', $bot_user_id);
} else {
$sql = 'UPDATE ' . BOTS_TABLE . "\n\t\t\t\t\t\tSET bot_agent = '" . $this->db->sql_escape($bot_agent) . "'\n\t\t\t\t\t\tWHERE user_id = {$bot_user_id}";
$this->sql_query($sql);
}
}
}
}
/**
* Checks to see if we can use this username for a merge, based on a few factors.
*
* @param string $username - The username to check
* @param array &$errors - Errors array to work with
* @return mixed - Return the user's ID (integer) if valid, return void if there was an error
*/
function check_user($username, &$errors, $old_user)
{
global $db, $user;
// Grabbeth the old user's ID
if (!empty($username)) {
$sql = 'SELECT user_id, user_type
FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_id = (int) $db->sql_fetchfield('user_id');
$user_type = (int) $db->sql_fetchfield('user_type');
$db->sql_freeresult($result);
// No such user. o_0
if (!$user_id) {
$errors[] = $user->lang['NO_USER'];
return;
}
} else {
$errors[] = $user->lang['NO_USER_SPECIFIED'];
return;
}
// Check to see if it is ourselves here
if ($user_id === (int) $user->data['user_id'] && $old_user) {
$errors[] = $user->lang['CANNOT_MERGE_SELF'];
return;
}
// Make sure we aren't messing with a founder
if ($user_type === USER_FOUNDER && $old_user && $user->data['user_type'] !== USER_FOUNDER) {
$errors[] = $user->lang['CANNOT_MERGE_FOUNDER'];
return;
}
return $user_id;
}
/**
* Run Tool
*
* Does the actual stuff we want the tool to do after submission
*/
function run_tool()
{
global $db, $template, $user, $phpbb_root_path, $phpEx;
$part = request_var('part', 0);
$limit = 500;
$i = 0;
$sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE;
$result = $db->sql_query_limit($sql, $limit, $part * $limit);
while ($row = $db->sql_fetchrow($result)) {
$i++;
$username_clean = $db->sql_escape(utf8_clean_string($row['username']));
if ($username_clean != $row['username_clean']) {
$sql = 'SELECT user_id, username, username_clean FROM ' . USERS_TABLE . ' WHERE username_clean LIKE \'' . $username_clean . '\'';
$res = $db->sql_query_limit($sql, 1);
$duplicate = $db->sql_fetchrow($res);
$db->sql_freeresult($res);
if (!empty($duplicate)) {
$url = append_sid("{$phpbb_root_path}adm/index.{$phpEx}", 'i=users&mode=overview&u=' . $duplicate['user_id'] . '&sid=' . $user->data['session_id']);
$problem = append_sid("{$phpbb_root_path}adm/index.{$phpEx}", 'i=users&mode=overview&u=' . $row['user_id'] . '&sid=' . $user->data['session_id']);
trigger_error(sprintf($user->lang['USER_ALREADY_EXISTS'], $duplicate['username'], $url, $row['username'], $problem), E_USER_WARNING);
}
$db->sql_query('UPDATE ' . USERS_TABLE . " SET username_clean = '{$username_clean}' WHERE user_id = {$row['user_id']}");
}
}
$db->sql_freeresult($result);
if ($i == $limit) {
meta_refresh(0, append_sid(STK_INDEX, 't=reclean_usernames&submit=1&part=' . ++$part));
$template->assign_var('U_BACK_TOOL', false);
trigger_error('RECLEAN_USERNAMES_NOT_COMPLETE');
} else {
trigger_error('RECLEAN_USERNAMES_COMPLETE');
}
}
function onEdit($record, $old_record)
{
$auth_model = Configure::read('security.auth_model');
$username_field = $this->_controller->Auth->authenticate->userField;
$email_field = $this->_controller->Auth->authenticate->emailField;
// phpBB3 files need these
global $phpbb_root_path, $phpEx;
$phpbb_root_path = Configure::read('phpbb3.root_path');
$phpEx = 'php';
include $phpbb_root_path . 'config.php';
$bb3_class = "{$table_prefix}users";
$bb3_model = ClassRegistry::init($bb3_class);
$bb3_user = $bb3_model->find('first', array('conditions' => array('username' => $old_record[$auth_model][$username_field])));
// We only care about username and email address changes
if (empty($bb3_user) || $bb3_user[$bb3_class]['username'] == $record[$auth_model][$username_field] && $bb3_user[$bb3_class]['user_email'] == $record[$auth_model][$email_field]) {
return;
}
// Includ a couple of things needed for function definitions
define('IN_PHPBB', true);
include $phpbb_root_path . 'includes/functions.php';
include $phpbb_root_path . 'includes/utf/utf_tools.php';
$clean = utf8_clean_string($record[$auth_model][$username_field]);
$hash = phpbb_email_hash($record[$auth_model][$email_field]);
$bb3_model->updateAll(array('username' => "'{$record[$auth_model][$username_field]}'", 'username_clean' => "'{$clean}'", 'user_email' => "'{$record[$auth_model][$email_field]}'", 'user_email_hash' => "'{$hash}'"), array('user_id' => $bb3_user[$bb3_class]['user_id']));
}
/**
* Insert the image into the database
*/
public static function upload_image(&$image_data, $album_id)
{
global $user, $db;
$sql_ary = array('image_filename' => $image_data['filename'], 'image_name' => $image_data['image_name'], 'image_name_clean' => utf8_clean_string($image_data['image_name']), 'image_user_id' => $user->data['user_id'], 'image_user_colour' => $user->data['user_colour'], 'image_username' => $image_data['username'], 'image_username_clean' => utf8_clean_string($image_data['username']), 'image_user_ip' => $user->ip, 'image_time' => $image_data['image_time'], 'image_album_id' => $image_data['image_album_id'], 'image_status' => phpbb_gallery::$auth->acl_check('i_approve', $album_id) ? phpbb_gallery_image::STATUS_APPROVED : phpbb_gallery_image::STATUS_UNAPPROVED, 'filesize_upload' => $image_data['image_filesize'], 'image_contest' => $image_data['image_contest'], 'image_exif_data' => $image_data['image_exif_data'], 'image_has_exif' => $image_data['image_has_exif']);
$message_parser = new parse_message();
$message_parser->message = utf8_normalize_nfc($image_data['image_desc']);
if ($message_parser->message) {
$message_parser->parse(true, true, true, true, false, true, true, true);
$sql_ary['image_desc'] = $message_parser->message;
$sql_ary['image_desc_uid'] = $message_parser->bbcode_uid;
$sql_ary['image_desc_bitfield'] = $message_parser->bbcode_bitfield;
} else {
$sql_ary['image_desc'] = '';
$sql_ary['image_desc_uid'] = '';
$sql_ary['image_desc_bitfield'] = '';
}
$sql = 'INSERT INTO ' . GALLERY_IMAGES_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
$image_id = $db->sql_nextid();
if (phpbb_gallery::$user->get_data('watch_own')) {
$sql_ary = array('image_id' => $image_id, 'user_id' => $user->data['user_id']);
$sql = 'INSERT INTO ' . GALLERY_WATCH_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);
$db->sql_query($sql);
}
return array('image_id' => $image_id, 'image_name' => $image_data['image_name']);
}
/**
* Reset all bots
*/
function bots($error)
{
global $config, $db;
if (isset($_POST['yes'])) {
$sql = 'SELECT group_id, group_colour
FROM ' . GROUPS_TABLE . "\n\t\t\t\tWHERE group_name = 'BOTS'";
$result = $db->sql_query($sql);
$group_id = (int) $db->sql_fetchfield('group_id', false, $result);
$group_colour = $db->sql_fetchfield('group_colour', 0, $result);
$db->sql_freeresult($result);
if (!$group_id) {
// If we reach this point then something has gone very wrong
$error[] = 'NO_BOT_GROUP';
return $error;
} else {
if (!function_exists('user_add')) {
include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT;
}
// Remove existing bots
$uids = array();
$sql = 'SELECT user_id FROM ' . BOTS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
$uids[] = $row['user_id'];
}
$db->sql_freeresult($result);
if (!empty($uids)) {
// Remove all the bots
foreach ($uids as $uid) {
user_delete('remove', $uid);
}
// Clear out the bots table
$db->sql_query('DELETE FROM ' . BOTS_TABLE);
}
// Add the bots
foreach ($this->db_cleaner->data->bots as $bot_name => $bot_ary) {
/* Clean the users table of any bots matching this...
* this is an issue if a default bot was removed from the bots group. */
$username_clean = utf8_clean_string($bot_name);
if (empty($username_clean)) {
// This shouldn't happen but we should handle it anyway...
continue;
}
$sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE username_clean = \'' . $db->sql_escape($username_clean) . '\'';
$db->sql_query($sql);
// `$bot_ary` can be false, if a bot was removed in a certain phpBB version
if ($bot_ary === false) {
continue;
}
$user_row = array('user_type' => USER_IGNORE, 'group_id' => $group_id, 'username' => $bot_name, 'user_regdate' => time(), 'user_password' => '', 'user_colour' => $group_colour, 'user_email' => '', 'user_lang' => $config['default_lang'], 'user_style' => 1, 'user_timezone' => 0, 'user_dateformat' => $config['default_dateformat'], 'user_allow_massemail' => 0);
$user_id = user_add($user_row);
if ($user_id) {
$sql = 'INSERT INTO ' . BOTS_TABLE . ' ' . $db->sql_build_array('INSERT', array('bot_active' => 1, 'bot_name' => (string) $bot_name, 'user_id' => (int) $user_id, 'bot_agent' => (string) $bot_ary[0], 'bot_ip' => (string) $bot_ary[1]));
$result = $db->sql_query($sql);
}
}
}
}
}
/**
* If login failed set the conter +1
*
* @param object $event The event object
* @return null
* @access public
*/
public function login_box_failed($event)
{
// Set the counter +1
$sql = 'UPDATE ' . USERS_TABLE . " SET failed_logins_count = failed_logins_count + 1\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($event['username'])) . "'";
$this->db->sql_query($sql);
// Add to user log
$this->log->add('user', ANONYMOUS, $this->user->ip, 'TRY_TO_LOGIN_FAIL', time(), array('reportee_id' => ANONYMOUS, 'username' => $event['username']));
}
function search_user_func()
{
global $user, $config, $auth, $db, $phpbb_root_path;
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup(array('memberlist', 'groups'));
if (!$auth->acl_gets('u_viewprofile', 'a_user', 'a_useradd', 'a_userdel')) {
if ($user->data['user_id'] != ANONYMOUS) {
trigger_error('NO_VIEW_USERS');
}
trigger_error('LOGIN_EXPLAIN_MEMBERLIST');
}
if ($config['load_search'] || $auth->acl_get('a_')) {
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$sql_where .= $username ? ' AND u.username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : '';
$sql_where .= $auth->acl_get('a_user') && $email ? ' OR u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
} else {
trigger_error('NO_VIEW_USERS');
}
$page = request_var('page', 1);
$per_page = request_var('perpage', 20);
$start = ($page - 1) * $per_page;
$default_key = 'c';
$sort_key = request_var('sk', $default_key);
$sort_dir = request_var('sd', 'a');
$sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber');
// Sorting and order
if (!isset($sort_key_sql[$sort_key])) {
$sort_key = $default_key;
}
$order_by .= $sort_key_sql[$sort_key] . ' ' . ($sort_dir == 'a' ? 'ASC' : 'DESC');
// Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly
if ($sort_key == 'm') {
$order_by .= ', u.user_posts DESC';
}
// Count the users ...
if ($sql_where) {
$sql = 'SELECT COUNT(u.user_id) AS total_users
FROM ' . USERS_TABLE . " u\r\r\n\t\t\tWHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")\r\r\n\t\t\t{$sql_where}";
$result = $db->sql_query($sql);
$total_users = (int) $db->sql_fetchfield('total_users');
$db->sql_freeresult($result);
} else {
$total_users = $config['num_users'];
}
// Get us some users :D
$sql = "SELECT u.*\r\r\n\t\tFROM " . USERS_TABLE . " u\r\r\n\t\tWHERE u.user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ")\r\r\n\t\t\t{$sql_where}\r\r\n\t\tORDER BY {$order_by}";
$result = $db->sql_query_limit($sql, $per_page, $start);
$user_list = array();
while ($row = $db->sql_fetchrow($result)) {
$return_user_lists[] = new xmlrpcval(array('username' => new xmlrpcval(basic_clean($row['username']), 'base64'), 'user_id' => new xmlrpcval($row['user_id'], 'string'), 'icon_url' => new xmlrpcval(get_user_avatar_url($row['user_avatar'], $row['user_avatar_type']), 'string')), 'struct');
}
$db->sql_freeresult($result);
$suggested_users = new xmlrpcval(array('total' => new xmlrpcval($total_users, 'int'), 'list' => new xmlrpcval($return_user_lists, 'array')), 'struct');
return new xmlrpcresp($suggested_users);
}
function clean_url($url)
{
$url = str_replace(array('Re:', 're:', ' '), '', $url);
$find = array('?', '#', '%', '¿', '^', '.', '/', ' ', '_', ')', '[', ']', ':', '.');
$url = str_replace($find, '-', censor_text($url));
$url = str_replace(array('---', '--'), '-', $url);
return utf8_clean_string($url);
}
function main($id, $mode)
{
global $config, $phpbb_root_path, $phpEx;
global $db, $user, $auth, $template;
$username = request_var('username', '', true);
$email = strtolower(request_var('email', ''));
$submit = isset($_POST['submit']) ? true : false;
if ($submit) {
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE user_email = '" . $db->sql_escape($email) . "'\n\t\t\t\t\tAND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('NO_EMAIL_USER');
}
if ($user_row['user_type'] == USER_IGNORE) {
trigger_error('NO_USER');
}
if ($user_row['user_type'] == USER_INACTIVE) {
if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) {
trigger_error('ACCOUNT_DEACTIVATED');
} else {
trigger_error('ACCOUNT_NOT_ACTIVATED');
}
}
// Check users permissions
$auth2 = new auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd')) {
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
$server_url = generate_board_url();
$key_len = 54 - strlen($server_url);
$key_len = max(6, $key_len);
// we want at least 6
$key_len = $config['max_pass_chars'] ? min($key_len, $config['max_pass_chars']) : $key_len;
// we want at most $config['max_pass_chars']
$user_actkey = substr(gen_rand_string(10), 0, $key_len);
$user_password = gen_rand_string(8);
$sql = 'UPDATE ' . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'\n\t\t\t\tWHERE user_id = " . $user_row['user_id'];
$db->sql_query($sql);
include_once $phpbb_root_path . 'includes/functions_messenger.' . $phpEx;
$messenger = new messenger(false);
$messenger->template('user_activate_passwd', $user_row['user_lang']);
$messenger->to($user_row['user_email'], $user_row['username']);
$messenger->im($user_row['user_jabber'], $user_row['username']);
$messenger->assign_vars(array('USERNAME' => htmlspecialchars_decode($user_row['username']), 'PASSWORD' => htmlspecialchars_decode($user_password), 'U_ACTIVATE' => "{$server_url}/ucp.{$phpEx}?mode=activate&u={$user_row['user_id']}&k={$user_actkey}"));
$messenger->send($user_row['user_notify_type']);
meta_refresh(3, append_sid("{$phpbb_root_path}index.{$phpEx}"));
$message = $user->lang['PASSWORD_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.{$phpEx}") . '">', '</a>');
trigger_error($message);
}
$template->assign_vars(array('USERNAME' => $username, 'EMAIL' => $email, 'S_PROFILE_ACTION' => append_sid($phpbb_root_path . 'ucp.' . $phpEx, 'mode=sendpassword')));
$this->tpl_name = 'ucp_remind';
$this->page_title = 'UCP_REMIND';
}
public function get_user_id($username)
{
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE username_clean = \'' . $this->db->sql_escape(utf8_clean_string($username)) . '\'';
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
return $row['user_id'];
}
/**
* Display the output for this extension
*
* @return null
* @access public
*/
public function display_output()
{
// Add the language file
$this->language->add_lang('acp_activesessions', 'david63/activesessions');
// Start initial var setup
$action = $this->request->variable('action', '');
$start = $this->request->variable('start', 0);
$fc = $this->request->variable('fc', '');
$sort_key = $this->request->variable('sk', 's');
$sd = $sort_dir = $this->request->variable('sd', 'd');
$sort_dir = $sort_dir == 'd' ? ' DESC' : ' ASC';
$order_ary = array('i' => 's.session_ip' . $sort_dir . ', u.username_clean ASC', 's' => 's.session_start' . $sort_dir . ', u.username_clean ASC', 'u' => 'u.username_clean' . $sort_dir);
$filter_by = '';
if ($fc == 'other') {
for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) {
$filter_by .= ' AND u.username_clean ' . $this->db->sql_not_like_expression(utf8_clean_string(chr($i)) . $this->db->get_any_char());
}
} else {
if ($fc) {
$filter_by .= ' AND u.username_clean ' . $this->db->sql_like_expression(utf8_clean_string(substr($fc, 0, 1)) . $this->db->get_any_char());
}
}
$sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'u.user_id, u.username, u.username_clean, u.user_colour, s.*, f.forum_id, f.forum_name', 'FROM' => array(USERS_TABLE => 'u', SESSIONS_TABLE => 's'), 'LEFT_JOIN' => array(array('FROM' => array(FORUMS_TABLE => 'f'), 'ON' => 's.session_forum_id = f.forum_id')), 'WHERE' => 'u.user_id = s.session_user_id
AND s.session_time >= ' . (time() - $this->config['session_length'] * 60) . $filter_by, 'ORDER_BY' => $sort_key == '' ? 'u.username_clean' : $order_ary[$sort_key]));
$result = $this->db->sql_query_limit($sql, $this->config['topics_per_page'], $start);
while ($row = $this->db->sql_fetchrow($result)) {
$this->template->assign_block_vars('active_sessions', array('ADMIN' => $row['session_admin'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'AUTO_LOGIN' => $row['session_autologin'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'BROWSER' => $row['session_browser'], 'FORUM' => $row['forum_id'] > 0 ? $row['forum_name'] : '', 'LAST_VISIT' => $this->user->format_date($row['session_last_visit']), 'SESSION_FORWARD' => $row['session_forwarded_for'], 'SESSION_ID' => $row['session_id'], 'SESSION_IP' => $row['session_ip'], 'SESSION_KEY' => $row['session_id'] . $row['user_id'], 'SESSION_ONLINE' => $row['session_viewonline'] ? $this->language->lang('YES') : $this->language->lang('NO'), 'SESSION_PAGE' => $row['session_page'], 'SESSION_START' => $this->user->format_date($row['session_start']), 'SESSION_TIME' => $this->user->format_date($row['session_time']), 'USERNAME' => get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'])));
}
$this->db->sql_freeresult($result);
$sort_by_text = array('u' => $this->language->lang('SORT_USERNAME'), 'i' => $this->language->lang('SESSION_IP'), 's' => $this->language->lang('SESSION_START'));
$limit_days = array();
$s_sort_key = $s_limit_days = $s_sort_dir = $u_sort_param = '';
gen_sort_selects($limit_days, $sort_by_text, $sort_days, $sort_key, $sd, $s_limit_days, $s_sort_key, $s_sort_dir, $u_sort_param);
// Get total session count for output
$sql = $this->db->sql_build_query('SELECT', array('SELECT' => 'COUNT(s.session_id) AS total_sessions', 'FROM' => array(USERS_TABLE => 'u', SESSIONS_TABLE => 's'), 'WHERE' => 'u.user_id = s.session_user_id' . $filter_by));
$result = $this->db->sql_query($sql);
$session_count = (int) $this->db->sql_fetchfield('total_sessions');
$this->db->sql_freeresult($result);
$action = "{$this->u_action}&sk={$sort_key}&sd={$sd}";
$link = $session_count ? adm_back_link($action . '&start=' . $start) : '';
if ($session_count == 0) {
trigger_error($this->language->lang('NO_SESSION_DATA') . $link);
}
$start = $this->pagination->validate_start($start, $this->config['topics_per_page'], $session_count);
$this->pagination->generate_template_pagination($action, 'pagination', 'start', $session_count, $this->config['topics_per_page'], $start);
$first_characters = array();
$first_characters[''] = $this->language->lang('ALL');
for ($i = ord($this->language->lang('START_CHARACTER')); $i <= ord($this->language->lang('END_CHARACTER')); $i++) {
$first_characters[chr($i)] = chr($i);
}
$first_characters['other'] = $this->language->lang('OTHER');
foreach ($first_characters as $char => $desc) {
$this->template->assign_block_vars('first_char', array('DESC' => $desc, 'U_SORT' => $action . '&fc=' . $char));
}
$this->template->assign_vars(array('ACTIVE_SESSIONS_VERSION' => ext::ACTIVE_SESSIONS_VERSION, 'S_SORT_DIR' => $s_sort_dir, 'S_SORT_KEY' => $s_sort_key, 'TOTAL_USERS' => $this->language->lang('TOTAL_SESSIONS', (int) $session_count), 'U_ACTION' => $action));
}
function repair()
{
global $db;
$stylelist = filelist(PHPBB_ROOT_PATH . 'styles/', '', 'cfg');
ksort($stylelist);
// Loop throught the files and try to find a style we can use.
// To be usable the directory name in the style.cfg is the same as the directory.
foreach (array_keys($stylelist) as $styledirname) {
if (!in_array('style.cfg', $stylelist[$styledirname])) {
continue;
}
// Read the cfg, should always be index 0
$items = parse_cfg_file(PHPBB_ROOT_PATH . 'styles/' . $styledirname . 'style.cfg');
// Unify the name in the cfg to something used as a directory
// Spaces -> '_'
// All lowercase
$stylename = utf8_clean_string(str_replace(' ', '_', $items['name']));
// Clean up the dirname
$dirname = substr($styledirname, -1) == '/' ? substr($styledirname, 0, -1) : $styledirname;
// If not the same switch to the next one
if ($dirname != $stylename) {
continue;
}
// If this style isn't installed we will install the style at this point.
$sql = 'SELECT style_id
FROM ' . STYLES_TABLE . "\n\t\t\t\tWHERE style_name = '" . $db->sql_escape($items['name']) . "'";
$result = $db->sql_query($sql);
$this->sid = $db->sql_fetchfield('style_id', false, $result);
$db->sql_freeresult($result);
if (empty($this->sid)) {
// Nasty, but the style installer fetches these in the method o_0
$GLOBALS['_REQUEST']['path'] = $stylename;
$GLOBALS['_POST']['update'] = true;
// Call the style installer
$this->ac->install('style');
// Fetch the id
$sql = 'SELECT style_id
FROM ' . STYLES_TABLE . "\n\t\t\t\t\tWHERE style_name = '" . $db->sql_escape($items['name']) . "'";
$result = $db->sql_query($sql);
$this->sid = $db->sql_fetchfield('style_id', false, $result);
$db->sql_freeresult($result);
}
// Set this style as the active style
set_config('default_style', $this->sid);
set_config('override_user_style', 1);
// Overriding the style should enable the board for everyone
return;
}
echo 'The support toolkit couldn\'t find an available style. Please seek further assistance in the support forums on <a href="http://www.phpbb.com/community/viewforum.php?f=46" title="phpBB.com Support forum">phpbb.com</a>';
garbage_collection();
exit_handler();
}
public function edit_user_ranks()
{
$this->template->assign_vars(array('U_ACTION' => $this->u_action, 'S_FIND_USER' => true, 'U_FIND_USERNAME' => append_sid("{$this->root_path}memberlist.{$this->php_ext}", 'mode=searchuser&form=select_user&field=username&select_single=true')));
$submit = isset($_POST['submit-user']) ? true : false;
if ($submit) {
$username = utf8_normalize_nfc(request_var('username', '', true));
$user_sql = 'SELECT *
FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
$user_result = $this->db->sql_query($user_sql);
$user_row = $this->db->sql_fetchrow($user_result);
$user_id = (int) $user_row['user_id'];
$this->db->sql_freeresult($user_result);
if (!$user_id) {
trigger_error($this->user->lang['NO_USER'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$rank_sql = 'SELECT *
FROM ' . RANKS_TABLE . '
WHERE rank_special = 1
ORDER BY rank_title';
$rank_result = $this->db->sql_query($rank_sql);
$s_rank_one_options = '<option value="0"' . (!$user_row['user_rank'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>';
$s_rank_two_options = '<option value="0"' . (!$user_row['user_rank_two'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>';
$s_rank_three_options = '<option value="0"' . (!$user_row['user_rank_three'] ? ' selected="selected"' : '') . '>' . $this->user->lang['ACP_NO_SPEC_RANK'] . '</option>';
while ($row = $this->db->sql_fetchrow($rank_result)) {
$selected1 = $user_row['user_rank'] && $row['rank_id'] == $user_row['user_rank'] ? ' selected="selected"' : '';
$s_rank_one_options .= '<option value="' . $row['rank_id'] . '"' . $selected1 . '>' . $row['rank_title'] . '</option>';
$selected2 = $user_row['user_rank_two'] && $row['rank_id'] == $user_row['user_rank_two'] ? ' selected="selected"' : '';
$s_rank_two_options .= '<option value="' . $row['rank_id'] . '"' . $selected2 . '>' . $row['rank_title'] . '</option>';
$selected3 = $user_row['user_rank_three'] && $row['rank_id'] == $user_row['user_rank_three'] ? ' selected="selected"' : '';
$s_rank_three_options .= '<option value="' . $row['rank_id'] . '"' . $selected3 . '>' . $row['rank_title'] . '</option>';
}
$this->db->sql_freeresult($result);
$this->template->assign_vars(array('ACP_MR_USER' => sprintf($this->user->lang['ACP_EDIT_USER_RANK'], $user_row['username']), 'S_EDIT_RANKS' => true, 'S_FIND_USER' => false, 'S_RANK_ONE_OPTIONS' => $s_rank_one_options, 'S_RANK_TWO_OPTIONS' => $s_rank_two_options, 'S_RANK_THREE_OPTIONS' => $s_rank_three_options, 'HIDDEN_RANK_USER_ID' => $user_id));
}
add_form_key('submit-rank-key');
$upd_rank = isset($_POST['submit-rank']) ? true : false;
if ($upd_rank) {
if (check_form_key('submit-rank-key')) {
$rank_one = request_var('user_rank_one', 0);
$rank_two = request_var('user_rank_two', 0);
$rank_thr = request_var('user_rank_three', 0);
$upd_user_id = request_var('hidden_user_id', 0);
$upd_sql = 'UPDATE ' . USERS_TABLE . '
SET user_rank = ' . $rank_one . ',
user_rank_two = ' . $rank_two . ',
user_rank_three = ' . $rank_thr . '
WHERE user_id = ' . $upd_user_id;
$this->db->sql_query($upd_sql);
trigger_error($this->user->lang('ACP_MR_SAVED') . adm_back_link($this->u_action));
}
}
}
/**
* Load a user by username
*
* Stores the full data in the user cache so they do not need to be loaded again
* Returns the user id so you may use get_user() from the returned value
*
* @param string $username Raw username to load (will be cleaned)
* @return int User ID for the username
*/
public function load_user_by_username($username)
{
$sql = 'SELECT *
FROM ' . $this->users_table . "\n\t\t\tWHERE username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'";
$result = $this->db->sql_query($sql);
$row = $this->db->sql_fetchrow($result);
$this->db->sql_freeresult($result);
if ($row) {
$this->users[$row['user_id']] = $row;
return $row['user_id'];
}
return ANONYMOUS;
}
/**
* Run Tool
*
* Does the actual stuff we want the tool to do after submission
*/
function run_tool(&$error)
{
global $db, $plugin, $user;
if (!confirm_box(true) && !check_form_key('make_founder'))
{
$error[] = 'FORM_INVALID';
return;
}
$user_req = utf8_normalize_nfc(request_var('user_to_founder', '', true));
if (!$user_req)
{
$error[] = 'NO_USER';
return;
}
$sql = 'SELECT user_id, username, user_type FROM ' . USERS_TABLE . '
WHERE ' . ((!is_numeric($user_req)) ? 'username_clean = \'' . $db->sql_escape(utf8_clean_string($user_req)) . '\'' : 'user_id = ' . (int) $user_req);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$user_id = (int) $row['user_id'];
$username = $row['username'];
if (!$user_id)
{
$error[] = 'NO_USER';
return;
}
if ($row['user_type'] == USER_FOUNDER)
{
$error[] = sprintf($user->lang['USER_ALREADY_FOUNDER'], $username);
return;
}
// Let's confirm just in case they enter the wrong username (and that username happens to be registered).
if (confirm_box(true))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_type' => USER_FOUNDER)) . ' WHERE user_id = ' . $user_id);
trigger_error(sprintf($user->lang['MAKE_FOUNDER_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username));
}
else
{
$hidden_fields = build_hidden_fields(array('user_to_founder' => $user_req, 'submit' => true));
confirm_box(false, sprintf($user->lang['MAKE_FOUNDER_CONFIRM'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username), $hidden_fields);
}
redirect(append_sid(STK_INDEX, 't=make_founder', true, $user->session_id));
}
function getWhereClause($username)
{
$phpbb_db = $this->getDb();
$fields = $phpbb_db->getTableFields('#__users');
$where_clause = "";
if (isset($username)) {
if (isset($fields['#__users']['login_name'])) {
$where_clause = "login_name = '" . $username . "'";
} else {
$where_clause = "username_clean = " . $phpbb_db->Quote(utf8_clean_string($username));
}
}
return $where_clause;
}
/**
* Validate that all the data is correct
*
* @return array empty array on success, array with (string) errors ready for output on failure
*/
public function validate()
{
$error = array();
if (utf8_clean_string($this->faq_subject) === '') {
$error[] = phpbb::$user->lang['EMPTY_SUBJECT'];
}
$message_length = utf8_strlen($this->faq_text);
if ($message_length < (int) phpbb::$config['min_post_chars']) {
$error[] = sprintf(phpbb::$user->lang['TOO_FEW_CHARS_LIMIT'], $message_length, (int) phpbb::$config['min_post_chars']);
} else {
if (phpbb::$config['max_post_chars'] > 0 && $message_length > (int) phpbb::$config['max_post_chars']) {
$error[] = sprintf(phpbb::$user->lang['TOO_MANY_CHARS_POST'], $message_length, (int) phpbb::$config['max_post_chars']);
}
}
return $error;
}
/**
* Load the category
*
* @param int|string $category The category (category_name_clean, category_id)
*
* @return bool True if the category exists, false if not
*/
public function load($category)
{
$sql = 'SELECT * FROM ' . $this->sql_table . ' WHERE ';
if (is_numeric($category)) {
$sql .= 'category_id = ' . (int) $category;
} else {
$sql .= 'category_name_clean = \'' . phpbb::$db->sql_escape(utf8_clean_string($category)) . '\'';
}
$result = phpbb::$db->sql_query($sql);
$this->sql_data = phpbb::$db->sql_fetchrow($result);
phpbb::$db->sql_freeresult($result);
if (empty($this->sql_data)) {
return false;
}
foreach ($this->sql_data as $key => $value) {
$this->{$key} = $value;
}
return true;
}
/**
* Run Tool
*
* Does the actual stuff we want the tool to do after submission
*/
function run_tool(&$error)
{
global $config, $db, $user;
if (!check_form_key('change_password')) {
$error[] = 'FORM_INVALID';
return;
}
$user_req = utf8_normalize_nfc(request_var('user_req', '', true));
if (!$user_req) {
$error[] = 'NO_USER';
return;
}
$sql = 'SELECT user_id, username, user_type FROM ' . USERS_TABLE . '
WHERE ' . (!is_numeric($user_req) ? 'username_clean = \'' . $db->sql_escape(utf8_clean_string($user_req)) . '\'' : 'user_id = ' . (int) $user_req);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$user_id = (int) $row['user_id'];
$username = $row['username'];
if (!$user_id) {
$error[] = 'NO_USER';
return;
}
$user->add_lang('ucp');
if (!function_exists('validate_data')) {
include PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT;
}
$data = array('new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true));
if ($data['new_password'] != $data['password_confirm']) {
$error[] = 'NEW_PASSWORD_ERROR';
return;
}
$error = validate_data($data, array('new_password' => array('password'), 'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars'])));
if (!empty($error)) {
return;
}
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', array('user_password' => phpbb_hash($data['new_password']))) . ' WHERE user_id = ' . $user_id);
add_log('admin', 'LOG_USER_NEW_PASSWORD', $user_req);
trigger_error(sprintf($user->lang['CHANGE_PASSWORD_SUCCESS'], append_sid(PHPBB_ROOT_PATH . 'memberlist.' . PHP_EXT, 'mode=viewprofile&u=' . $user_id), $username));
}
/**
* Display the form
*
* @access public
*/
public function displayform()
{
$this->user->add_lang_ext('rmcgirr83/applicationform', 'application');
// user can't be a guest and can't be a bot
if ($this->user->data['is_bot'] || $this->user->data['user_id'] == ANONYMOUS) {
throw new http_exception(401, 'LOGIN_APPLICATION_FORM');
}
add_form_key('appform');
if ($this->request->is_set_post('submit')) {
// Test if form key is valid
if (!check_form_key('appform')) {
trigger_error($this->user->lang['FORM_INVALID'], E_USER_WARNING);
}
if (utf8_clean_string($this->request->variable('name', '')) === '' || utf8_clean_string($this->request->variable('why', '')) === '') {
trigger_error($this->user->lang['APP_NOT_COMPLETELY_FILLED'], E_USER_WARNING);
}
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id = ' . (int) $this->config['appform_forum_id'];
$result = $this->db->sql_query($sql);
$forum_name = $this->db->sql_fetchfield('forum_name');
$this->db->sql_freeresult($result);
// Setting the variables we need to submit the post to the forum where all the applications come in
$subject = sprintf($this->user->lang['APPLICATION_SUBJECT'], $this->user->data['username']);
$apply_post = sprintf($this->user->lang['APPLICATION_MESSAGE'], get_username_string('full', $this->user->data['user_id'], $this->user->data['username'], $this->user->data['user_colour']), utf8_normalize_nfc($this->request->variable('name', '', true)), $this->user->data['user_email'], $this->request->variable('postion', '', true), utf8_normalize_nfc($this->request->variable('why', '', true)));
// variables to hold the parameters for submit_post
$uid = $bitfield = $options = '';
generate_text_for_storage($apply_post, $uid, $bitfield, $options, true, true, true);
$data = array('forum_id' => $this->config['appform_forum_id'], 'icon_id' => false, 'poster_id' => $this->user->data['user_id'], 'enable_bbcode' => true, 'enable_smilies' => true, 'enable_urls' => true, 'enable_sig' => true, 'message' => $apply_post, 'message_md5' => md5($apply_post), 'bbcode_bitfield' => $bitfield, 'bbcode_uid' => $uid, 'poster_ip' => $this->user->ip, 'post_edit_locked' => 0, 'topic_title' => $subject, 'notify_set' => false, 'notify' => false, 'post_time' => time(), 'forum_name' => $forum_name, 'enable_indexing' => true, 'force_approved_state' => true, 'force_visibility' => true);
$poll = array();
// Submit the post!
submit_post('post', $subject, $this->user->data['username'], POST_NORMAL, $poll, $data);
$message = $this->user->lang['APPLICATION_SEND'];
$message = $message . '<br /><br />' . sprintf($this->user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$this->root_path}index.{$this->php_ext}") . '">', '</a>');
trigger_error($message);
}
$this->template->assign_vars(array('APPLICATION_POSITIONS' => $this->display_positions(explode("\n", $this->config['appform_positions']))));
// Send all data to the template file
return $this->helper->render('appform_body.html', $this->user->lang('APPLICATION_PAGETITLE'));
}
public function main()
{
global $config, $phpbb_root_path, $phpEx;
global $db, $user, $auth, $template;
$username = request_var('username', '', true);
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "\r\r\n\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$user_row) {
trigger_error('NO_EMAIL_USER');
}
if ($user_row['user_type'] == USER_IGNORE) {
trigger_error('NO_USER');
}
if ($user_row['user_type'] == USER_INACTIVE) {
if ($user_row['user_inactive_reason'] == INACTIVE_MANUAL) {
trigger_error('ACCOUNT_DEACTIVATED');
} else {
trigger_error('ACCOUNT_NOT_ACTIVATED');
}
}
// Check users permissions
$auth2 = new auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd')) {
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
$result = tt_register_verify($_POST['tt_token'], $_POST['tt_code']);
if ($result->result && $user_row['user_email'] == $result->email) {
$this->result = true;
$this->verify = true;
return;
}
$this->result = false;
$this->result_text = 'Sorry, you can only retrieve your password from browser.';
return;
}
/**
* Load Author
*
* @param mixed $user The user name/user id to load, false to use the already given user_id
*/
public function load($user = false)
{
if ($user === false) {
$sql_where = 'u.user_id = ' . $this->user_id;
} else {
if (!is_numeric($user)) {
$sql_where = 'u.username_clean = \'' . phpbb::$db->sql_escape(utf8_clean_string($user)) . '\'';
} else {
$sql_where = 'u.user_id = ' . (int) $user;
}
}
$sql_ary = array('SELECT' => 'a.*, u.*', 'FROM' => array(USERS_TABLE => 'u'), 'LEFT_JOIN' => array(array('FROM' => array($this->sql_table => 'a'), 'ON' => 'a.user_id = u.user_id')), 'WHERE' => $sql_where);
$sql = phpbb::$db->sql_build_query('SELECT', $sql_ary);
$result = phpbb::$db->sql_query($sql);
if (!($this->sql_data = phpbb::$db->sql_fetchrow($result))) {
return false;
}
$this->__set_array($this->sql_data);
// Store in the users overlord as well
users_overlord::$users[$this->user_id] = $this->sql_data;
return true;
}
/**
* Get the user ids from a list of usernames
*
* @param \phpbb\db\driver\driver_interface $db
* @param string $list List of usernames
* @param string $separator Delimiter. Defaults to new line character
* @return array Returns array in form of
* array(
* 'ids' => array(),
* 'missing' => array(),
* )
*/
public static function get_user_ids_from_list(\phpbb\db\driver\driver_interface $db, $list, $separator = "\n")
{
$users = array('ids' => array(), 'missing' => array());
if (!$list) {
return $users;
}
$usernames = explode($separator, $list);
foreach ($usernames as &$username) {
$users['missing'][$username] = $username;
$username = utf8_clean_string($username);
}
$sql = 'SELECT username, username_clean, user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $usernames) . '
AND user_type != ' . USER_IGNORE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) {
unset($users['missing'][$row['username']], $users['missing'][$row['username_clean']]);
$users['ids'][$row['username']] = $row['user_id'];
}
$db->sql_freeresult($result);
return $users;
}
/**
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
*/
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
global $config, $db, $user, $phpbb_root_path, $phpEx;
$method = trim(basename($config['auth_method']));
include_once $phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx;
$method = 'login_' . $method;
if (function_exists($method)) {
$login = $method($username, $password);
// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) {
// we are going to use the user_add function so include functions_user.php if it wasn't defined yet
if (!function_exists('user_add')) {
include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
}
user_add($login['user_row'], isset($login['cp_data']) ? $login['cp_data'] : false);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "\n\t\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'AUTH_NO_PROFILE_CREATED', 'user_row' => array('user_id' => ANONYMOUS));
}
$login = array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
}
// If login succeeded, we will log the user in... else we pass the login array through...
if ($login['status'] == LOGIN_SUCCESS) {
$old_session_id = $user->session_id;
if ($admin) {
global $SID, $_SID;
$cookie_expire = time() - 31536000;
$user->set_cookie('u', '', $cookie_expire);
$user->set_cookie('sid', '', $cookie_expire);
unset($cookie_expire);
$SID = '?sid=';
$user->session_id = $_SID = '';
}
$result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline);
// Successful session creation
if ($result === true) {
// If admin re-authentication we remove the old session entry because a new one has been created...
if ($admin) {
// the login array is used because the user ids do not differ for re-authentication
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\t\t\tWHERE session_id = '" . $db->sql_escape($old_session_id) . "'\n\t\t\t\t\t\t\tAND session_user_id = {$login['user_row']['user_id']}";
$db->sql_query($sql);
}
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $login['user_row']);
}
return array('status' => LOGIN_BREAK, 'error_msg' => $result, 'user_row' => $login['user_row']);
}
return $login;
}
trigger_error('Authentication method not found', E_USER_ERROR);
}
/**
* Login function
*/
function login_ldap(&$username, &$password)
{
global $db, $config, $user;
// do not allow empty password
if (!$password) {
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'NO_PASSWORD_SUPPLIED', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!$username) {
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
if (!@extension_loaded('ldap')) {
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_LDAP_EXTENSION', 'user_row' => array('user_id' => ANONYMOUS));
}
$config['ldap_port'] = (int) $config['ldap_port'];
if ($config['ldap_port']) {
$ldap = @ldap_connect($config['ldap_server'], $config['ldap_port']);
} else {
$ldap = @ldap_connect($config['ldap_server']);
}
if (!$ldap) {
return array('status' => LOGIN_ERROR_EXTERNAL_AUTH, 'error_msg' => 'LDAP_NO_SERVER_CONNECTION', 'user_row' => array('user_id' => ANONYMOUS));
}
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($config['ldap_user'] || $config['ldap_password']) {
if (!@ldap_bind($ldap, $config['ldap_user'], htmlspecialchars_decode($config['ldap_password']))) {
return $user->lang['LDAP_NO_SERVER_CONNECTION'];
}
}
$search = @ldap_search($ldap, $config['ldap_base_dn'], ldap_user_filter($username), empty($config['ldap_email']) ? array($config['ldap_uid']) : array($config['ldap_uid'], $config['ldap_email']), 0, 1);
$ldap_result = @ldap_get_entries($ldap, $search);
if (is_array($ldap_result) && sizeof($ldap_result) > 1) {
if (@ldap_bind($ldap, $ldap_result[0]['dn'], htmlspecialchars_decode($password))) {
@ldap_close($ldap);
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "\n\t\t\t\tWHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row) {
unset($ldap_result);
// User inactive...
if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) {
return array('status' => LOGIN_ERROR_ACTIVE, 'error_msg' => 'ACTIVE_ERROR', 'user_row' => $row);
}
// Successful login... set user_login_attempts to zero...
return array('status' => LOGIN_SUCCESS, 'error_msg' => false, 'user_row' => $row);
} else {
// retrieve default group id
$sql = 'SELECT group_id
FROM ' . GROUPS_TABLE . "\n\t\t\t\t\tWHERE group_name = '" . $db->sql_escape('REGISTERED') . "'\n\t\t\t\t\t\tAND group_type = " . GROUP_SPECIAL;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$row) {
trigger_error('NO_GROUP');
}
// generate user account data
$ldap_user_row = array('username' => $username, 'user_password' => phpbb_hash($password), 'user_email' => !empty($config['ldap_email']) ? $ldap_result[0][$config['ldap_email']][0] : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, 'user_ip' => $user->ip);
unset($ldap_result);
// this is the user's first login so create an empty profile
return array('status' => LOGIN_SUCCESS_CREATE_PROFILE, 'error_msg' => false, 'user_row' => $ldap_user_row);
}
} else {
unset($ldap_result);
@ldap_close($ldap);
// Give status about wrong password...
return array('status' => LOGIN_ERROR_PASSWORD, 'error_msg' => 'LOGIN_ERROR_PASSWORD', 'user_row' => array('user_id' => ANONYMOUS));
}
}
@ldap_close($ldap);
return array('status' => LOGIN_ERROR_USERNAME, 'error_msg' => 'LOGIN_ERROR_USERNAME', 'user_row' => array('user_id' => ANONYMOUS));
}
