function logea($descripcion, $tipo = "", $usuario) { global $db; $ip = check_ip_behind_proxy(); if ($tipo) { $SELECT = "INSERT INTO log (log_usuario_id, log_usuario_login, log_descripcion, log_ip, log_tipo) VALUES ('" . $_SESSION["usuario_id"] . "', '" . $usuario . "', '" . $descripcion . "', '" . $ip . "', '" . $tipo . "')"; } else { $SELECT = "INSERT INTO log (log_usuario_id, log_usuario_login, log_descripcion, log_ip) VALUES ('" . $_SESSION["usuario_id"] . "', '" . $usuario . "', '" . $descripcion . "', '" . $ip . "')"; } $result = $db->get_results($SELECT); }
function reports_from_ip($ip = '') { require_once mnminclude . 'votes.php'; $vote = new Vote(); $vote->type = 'links'; if ($ip) { $vote->ip = $ip; } else { require_once mnminclude . 'check_behind_proxy.php'; $vote->ip = check_ip_behind_proxy(); } $vote->link = $this->id; return $vote->reports(); }
} } // if user tries to log in if (isset($_POST["processlogin"]) && is_numeric($_POST["processlogin"]) || isset($_GET["processlogin"]) && is_numeric($_GET["processlogin"])) { if ($_POST["processlogin"] == 1) { // users logs in with username and password $username = sanitize(trim($_POST['username']), 3); $password = sanitize(trim($_POST['password']), 3); if (isset($_POST['persistent'])) { $persistent = sanitize($_POST['persistent'], 3); } else { $persistent = ''; } $dbusername = sanitize($db->escape($username), 4); require_once mnminclude . 'check_behind_proxy.php'; $lastip = check_ip_behind_proxy(); $login = $db->get_row("SELECT *, UNIX_TIMESTAMP()-UNIX_TIMESTAMP(login_time) AS time FROM " . table_login_attempts . " WHERE login_ip='{$lastip}'"); if ($login->login_id) { $login_id = $login->login_id; if ($login->time < 3) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3); } elseif ($login->login_count >= 3) { if ($login->time < min(60 * pow(2, $login->login_count - 3), 3600)) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Login_Incorrect_Attempts'), $login->login_count, min(60 * pow(2, $login->login_count - 3), 3600) - $login->time); } } } elseif (!is_ip_approved($lastip)) { $db->query("INSERT INTO " . table_login_attempts . " SET login_username = '******', login_time=NOW(), login_ip='{$lastip}'"); $login_id = $db->insert_id; if (!$login_id) { $errorMsg = sprintf($main_smarty->get_config_vars('PLIGG_Visual_Login_Error'), 3);
// http://www.affero.org/oagpl.html // AFFERO GENERAL PUBLIC LICENSE is also included in the file called "COPYING". include 'config.php'; include mnminclude . 'html1.php'; include mnminclude . 'link.php'; include mnminclude . 'pageview.php'; $requestID = $_REQUEST['id']; $requestTitle = $_REQUEST['title']; $requestURL = $_REQUEST['url']; if (isset($requestTitle)) { $requestID = $db->get_var("SELECT link_id FROM " . table_links . " WHERE `link_title_url` = '{$requestTitle}';"); } if (isset($requestURL)) { $requestID = $db->get_var("SELECT link_id FROM " . table_links . " WHERE `link_url` = '{$requestURL}';"); } if (is_numeric($requestID)) { $id = $requestID; $link = new Link(); $link->id = $requestID; $link->read(); $pageview = new Pageview(); $pageview->type = 'out'; $pageview->page_id = $link->id; $pageview->user_id = $current_user->user_id; require_once mnminclude . 'check_behind_proxy.php'; $pageview->user_ip = check_ip_behind_proxy(); $pageview->insert(); header("HTTP/1.1 301 Moved Permanently"); header('Location: ' . $link->url); //echo $link->url; }
} if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || $_SERVER['SERVER_PORT'] == 443 || $_SERVER['HTTPS'] == 'on') { $globals['https'] = true; $globals['scheme'] = 'https:'; } else { $globals['https'] = false; if (!empty($globals['force_ssl'])) { $globals['scheme'] = 'https:'; } else { $globals['scheme'] = 'http:'; } } // Use proxy and load balancer detection if ($globals['check_behind_proxy']) { $globals['proxy_ip'] = $_SERVER["REMOTE_ADDR"]; $globals['user_ip'] = check_ip_behind_proxy(); } elseif ($globals['behind_load_balancer']) { $globals['proxy_ip'] = $_SERVER["REMOTE_ADDR"]; $globals['user_ip'] = check_ip_behind_load_balancer(); } else { $globals['user_ip'] = $_SERVER["REMOTE_ADDR"]; $globals['proxy_ip'] = false; } $globals['user_ip_int'] = inet_ptod($globals['user_ip']); $globals['cache-control'] = array(); $globals['uri'] = preg_replace('/[<>\\r\\n]/', '', urldecode($_SERVER['REQUEST_URI'])); // clean it for future use //echo "<!-- " . $globals['uri'] . "-->\n"; // For PHP < 5 if (!function_exists('htmlspecialchars_decode')) { function htmlspecialchars_decode($text)
function remove() { global $db, $the_template; if (empty($this->ip)) { require_once mnminclude . 'check_behind_proxy.php'; $this->ip = check_ip_behind_proxy(); } $this->value = intval($this->value); $sql = "Select vote_id from " . table_votes . " where vote_type = '{$this->type}' and vote_user_id = {$this->user} and vote_link_id = {$this->link} and vote_value = {$this->value} AND vote_ip = '{$this->ip}' LIMIT 1"; $the_vote = $db->get_var($sql); if ($the_vote) { $sql = "Delete from " . table_votes . " where vote_id = " . $the_vote; return $db->query($sql); } }
function Create() { global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base; if ($this->username == '') { return false; } if ($this->pass == '') { return false; } if ($this->email == '') { return false; } if (!user_exists($this->username)) { require_once mnminclude . 'check_behind_proxy.php'; $userip = check_ip_behind_proxy(); $saltedpass = generateHash($this->pass); if (pligg_validate()) { if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '')")) { $result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'"); $encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name')); $username = $this->username; $password = $this->pass; $my_base_url = $my_base_url; $my_pligg_base = $my_pligg_base; $domain = $main_smarty->get_config_vars('PLIGG_Visual_Name'); $validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username; $str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message'); eval('$str = "' . str_replace('"', '\\"', $str) . '";'); $message = "{$str}"; if (phpnum() >= 5) { require "class.phpmailer5.php"; } else { require "class.phpmailer4.php"; } $mail = new PHPMailer(); $mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From'); $mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name'); $mail->AddAddress($this->email); $mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From')); $mail->IsHTML(false); $mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification'); $mail->CharSet = 'utf-8'; $mail->Body = $message; if (!$mail->Send()) { return false; exit; } return true; } else { return false; } } else { if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'')")) { return true; } else { return false; } } } else { die('User already exists'); } }
function Authenticate($username, $pass, $remember = false, $already_salted_pass = '') { global $db; $dbusername = sanitize($db->escape($username), 4); check_actions('login_start', $vars); $user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******' or user_email= '{$dbusername}' "); if ($already_salted_pass == '') { $saltedpass = generateHash($pass, substr($user->user_pass, 0, SALT_LENGTH)); } else { $saltedpass = $already_salted_pass; } if ($user->user_id > 0 && $user->user_pass === $saltedpass && $user->user_lastlogin != "0000-00-00 00:00:00" && $user->user_enabled) { $this->user_login = $user->user_login; $this->user_id = $user->user_id; $vars = array('user' => serialize($this), 'can_login' => true); check_actions('login_pass_match', $vars); if ($vars['can_login'] != true) { return false; } $this->authenticated = TRUE; $this->md5_pass = md5($user->user_pass); $this->SetIDCookie(1, $remember); require_once mnminclude . 'check_behind_proxy.php'; $lastip = check_ip_behind_proxy(); $sql = "UPDATE " . table_users . " SET user_lastip = '{$lastip}', user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1"; $db->query($sql); return true; } return false; }
function register_check_errors($username, $email, $password, $password2) { global $main_smarty; require_once mnminclude . 'check_behind_proxy.php'; $userip = check_ip_behind_proxy(); if (is_ip_banned($userip)) { $form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_YourIpIsBanned'); $error = true; } if (!isset($username) || strlen($username) < 3) { // if no username was given or username is less than 3 characters $form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserTooShort'); $error = true; } if (preg_match('/\\pL/u', 'a')) { // Check if PCRE was compiled with UTF-8 support if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $username)) { // if username contains invalid characters $form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid'); $error = true; } } else { if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $username)) { $form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid'); $error = true; } } if (user_exists(trim($username))) { // if username already exists $form_username_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserExists'); $error = true; } if (!check_email(trim($email))) { // if email is not valid $form_email_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_BadEmail'); $error = true; } if (email_exists(trim($email))) { // if email already exists $form_email_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_EmailExists'); $error = true; } if (strlen($password) < 5) { // if password is less than 5 characters $form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_FiveCharPass'); $error = true; } if ($password !== $password2) { // if both passwords do not match $form_password_error[] = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_NoPassMatch'); $error = true; } $vars = array('username' => $username, 'email' => $email, 'password' => $password); check_actions('register_check_errors', $vars); if ($vars['error'] == true) { $error = true; if ($vars['username_error']) { $form_username_error[] = $vars['username_error']; } if ($vars['email_error']) { $form_email_error[] = $vars['email_error']; } if ($vars['password_error']) { $form_password_error[] = $vars['password_error']; } } $main_smarty->assign('form_username_error', $form_username_error); $main_smarty->assign('form_email_error', $form_email_error); $main_smarty->assign('form_password_error', $form_password_error); return $error; }
function insert() { global $db, $the_template; if (empty($this->ip)) { require_once mnminclude . 'check_behind_proxy.php'; $this->ip = check_ip_behind_proxy(); } $this->value = intval($this->value); $sql = "INSERT INTO " . table_votes . " (vote_type, vote_user_id, vote_link_id, vote_value, vote_ip) VALUES ('{$this->type}', {$this->user}, {$this->link}, {$this->value}, '{$this->ip}')"; if ($this->count_all() != 0) { // clear the cache for that story that was voted on /*include_once('Smarty.class.php'); $votesmarty = new Smarty; $votesmarty->compile_dir = "templates_c/"; $votesmarty->template_dir = "templates/"; $votesmarty->config_dir = ""; $votesmarty->cache_dir = "templates_c/"; $votesmarty->cache = true; $votesmarty->clear_cache($the_template . '/link_summary.tpl', 'story' . $this->link); $votesmarty = ""; */ } return $db->query($sql); }