function validate_username($username)
{
global $lang, $userdata;
// Remove doubled up spaces
$username = preg_replace('#\\s+#', ' ', trim($username));
$username = clean_username($username);
$sql = "SELECT username\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE LOWER(username) = '" . strtolower($username) . "'";
if ($result = DB()->sql_query($sql)) {
if ($row = DB()->sql_fetchrow($result)) {
if ($userdata['session_logged_in'] && $row['username'] != $userdata['username'] || !$userdata['session_logged_in']) {
DB()->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
}
DB()->sql_freeresult($result);
$sql = "SELECT group_name\n\t\tFROM " . GROUPS_TABLE . "\n\t\tWHERE LOWER(group_name) = '" . strtolower($username) . "'";
if ($result = DB()->sql_query($sql)) {
if ($row = DB()->sql_fetchrow($result)) {
DB()->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_taken']);
}
}
DB()->sql_freeresult($result);
$sql = "SELECT disallow_username\n\t\tFROM " . DISALLOW_TABLE;
if ($result = DB()->sql_query($sql)) {
if ($row = DB()->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", phpbb_preg_quote($row['disallow_username'], '#')) . ")\\b#i", $username)) {
DB()->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = DB()->sql_fetchrow($result));
}
}
DB()->sql_freeresult($result);
$sql = "SELECT word\n\t\tFROM " . WORDS_TABLE;
if ($result = DB()->sql_query($sql)) {
if ($row = DB()->sql_fetchrow($result)) {
do {
if (preg_match("#\\b(" . str_replace("\\*", ".*?", phpbb_preg_quote($row['word'], '#')) . ")\\b#i", $username)) {
DB()->sql_freeresult($result);
return array('error' => true, 'error_msg' => $lang['Username_disallowed']);
}
} while ($row = DB()->sql_fetchrow($result));
}
}
DB()->sql_freeresult($result);
// Don't allow " and ALT-255 in username.
if (strstr($username, '"') || strstr($username, '"') || strstr($username, chr(160))) {
return array('error' => true, 'error_msg' => $lang['Username_invalid']);
}
return array('error' => false, 'error_msg' => '');
}
public function run()
{
$crons = $this->timekeeper->list_crons();
$params = $crons['bridge_usersync']['params'];
//Bridge not active, exit cronjob
if (intval($this->config->get('cmsbridge_active')) === 0) {
return false;
}
$a = $this->bridge->get_users();
$arrUser = array();
$arrCMSUsernames = array();
foreach ($a as $val) {
$id = intval($val['id']);
$arrUser[] = $val;
$arrCMSUsernames[] = clean_username($val['name']);
}
foreach ($arrUser as $arrUserdata) {
if ($this->pdh->get('user', 'check_username', array($arrUserdata['name'])) != 'false') {
if (!$this->bridge->check_user_group($arrUserdata['id'])) {
continue;
}
//Neu anlegen
$salt = $this->user->generate_salt();
$strPassword = random_string(false, 32);
$strPwdHash = $this->user->encrypt_password($strPassword, $salt);
$user_id = $this->pdh->put('user', 'insert_user_bridge', array($arrUserdata['name'], $strPwdHash . ':' . $salt, $arrUserdata['email'], false));
$this->pdh->process_hook_queue();
//Sync Usergroups
$this->bridge->sync_usergroups((int) $arrUserdata['id'], $user_id);
} else {
$user_id = $this->pdh->get('user', 'userid', array($arrUserdata['name']));
//Sync Usergroups
$this->bridge->sync_usergroups((int) $arrUserdata['id'], $user_id);
}
}
//Delete EQdkp Plus User, except Admins and Superadmins
if ((int) $params['delete_eqdkp_user'] == 1) {
$arrEQdkpUser = $this->pdh->aget('user', 'name', 0, array($this->pdh->get('user', 'id_list', array(true))));
foreach ($arrEQdkpUser as $userid => $username) {
$username = clean_username($username);
if (!in_array($username, $arrCMSUsernames)) {
if ($this->user->check_group(2, false, $userid) || $this->user->check_group(3, false, $userid)) {
continue;
}
$this->pdh->put('user', 'delete_user', array($userid));
}
}
}
}
public function post_get_salt($params, $body)
{
$xml = simplexml_load_string($body);
if ($xml && $xml->user) {
$query = $this->db->query("SELECT user_password FROM __users WHERE LOWER(username)='" . $this->db->escape(clean_username($xml->user)) . "' AND user_active='1'");
while ($row = $this->db->fetch_record($query)) {
if (strpos($row['user_password'], ':') !== false) {
list($user_password, $user_salt) = explode(':', $row['user_password']);
$out = array('salt' => base64_encode($user_salt));
return $out;
}
}
return $this->pex->error('user not found');
}
}
function validate_username($username, $check_ban_and_taken = true)
{
global $user, $lang;
static $name_chars = 'a-z0-9а-яё_@$%^&;(){}\\#\\-\'.:+ ';
$username = str_compact($username);
$username = clean_username($username);
// Length
if (mb_strlen($username, 'UTF-8') > USERNAME_MAX_LENGTH) {
return $lang['USERNAME_TOO_LONG'];
} else {
if (mb_strlen($username, 'UTF-8') < USERNAME_MIN_LENGTH) {
return $lang['USERNAME_TOO_SMALL'];
}
}
// Allowed symbols
if (!preg_match('#^[' . $name_chars . ']+$#iu', $username, $m)) {
$invalid_chars = preg_replace('#[' . $name_chars . ']#iu', '', $username);
return "{$lang['USERNAME_INVALID']}: <b>" . htmlCHR($invalid_chars) . "</b>";
}
// HTML Entities
if (preg_match_all('/&(#[0-9]+|[a-z]+);/iu', $username, $m)) {
foreach ($m[0] as $ent) {
if (!preg_match('/^(&|<|>)$/iu', $ent)) {
return $lang['USERNAME_INVALID'];
}
}
}
if ($check_ban_and_taken) {
// Занято
$username_sql = DB()->escape($username);
if ($row = DB()->fetch_row("SELECT username FROM " . BB_USERS . " WHERE username = '******' LIMIT 1")) {
if (!IS_GUEST && $row['username'] != $user->name || IS_GUEST) {
return $lang['USERNAME_TAKEN'];
}
}
// Запрещено
$banned_names = array();
foreach (DB()->fetch_rowset("SELECT disallow_username FROM " . BB_DISALLOW . " ORDER BY NULL") as $row) {
$banned_names[] = str_replace('\\*', '.*?', preg_quote($row['disallow_username'], '#u'));
}
if ($banned_names_exp = join('|', $banned_names)) {
if (preg_match("#^({$banned_names_exp})\$#iu", $username)) {
return $lang['USERNAME_DISALLOWED'];
}
}
}
return false;
}
public function post_get_salt($params, $body)
{
$xml = simplexml_load_string($body);
if ($xml && $xml->user) {
$objQuery = $this->db->prepare("SELECT user_password FROM __users WHERE LOWER(username)=? AND user_active='1'")->limit(1)->execute(clean_username($xml->user));
if ($objQuery && $objQuery->numRows) {
$row = $objQuery->fetchAssoc();
if (strpos($row['user_password'], ':') !== false) {
list($user_password, $user_salt) = explode(':', $row['user_password']);
$out = array('salt' => base64_encode($user_salt));
return $out;
}
}
return $this->pex->error('user not found');
}
}
function prepare_post(&$mode, &$post_data, &$error_msg, &$username, &$subject, &$message)
{
global $bb_cfg, $user, $userdata, $lang;
// Check username
if (!empty($username)) {
$username = clean_username($username);
if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $user->name) {
require INC_DIR . 'functions_validate.php';
if ($err = validate_username($username)) {
$error_msg .= $err;
}
} else {
$username = '';
}
}
// Check subject
if (!empty($subject)) {
$subject = str_replace('&', '&', $subject);
} else {
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['EMPTY_SUBJECT'] : $lang['EMPTY_SUBJECT'];
}
}
// Check message
if (!empty($message)) {
} else {
if ($mode != 'delete') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['EMPTY_MESSAGE'] : $lang['EMPTY_MESSAGE'];
}
}
// Check smilies limit
if ($bb_cfg['max_smilies']) {
$count_smilies = substr_count(bbcode2html($message), '<img class="smile" src="' . $bb_cfg['smilies_path']);
if ($count_smilies > $bb_cfg['max_smilies']) {
$to_many_smilies = sprintf($lang['MAX_SMILIES_PER_POST'], $bb_cfg['max_smilies']);
$error_msg .= !empty($error_msg) ? '<br />' . $to_many_smilies : $to_many_smilies;
}
}
if (IS_GUEST && !bb_captcha('check')) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['CAPTCHA_WRONG'] : $lang['CAPTCHA_WRONG'];
}
}
if (!defined('IN_AJAX')) {
die(basename(__FILE__));
}
global $bb_cfg, $lang;
if (!($user_id = intval($this->request['user_id'])) or !($profiledata = get_userdata($user_id))) {
$this->ajax_die($lang['NO_USER_ID_SPECIFIED']);
}
if (!($field = (string) $this->request['field'])) {
$this->ajax_die('invalid profile field');
}
$table = BB_USERS;
$value = $this->request['value'] = (string) isset($this->request['value']) ? $this->request['value'] : 0;
switch ($field) {
case 'username':
require_once INC_DIR . 'functions_validate.php';
$value = clean_username($value);
if ($err = validate_username($value)) {
$this->ajax_die(strip_tags($err));
}
$this->response['new_value'] = $this->request['value'];
break;
case 'user_email':
require_once INC_DIR . 'functions_validate.php';
$value = htmlCHR($value);
if ($err = validate_email($value)) {
$this->ajax_die($err);
}
$this->response['new_value'] = $this->request['value'];
break;
case 'user_website':
if ($value == '' || preg_match('#^https?://[\\w\\#!$%&~/.\\-;:=,?@а-яА-Я\\[\\]+]+$#iu', $value)) {
*/
case 'user_active':
$active = isset($_POST['user_active']) ? (int) $_POST['user_active'] : $pr_data['user_active'];
if ($submit && $adm_edit) {
$pr_data['user_active'] = $active;
$db_data['user_active'] = $active;
}
break;
/**
* Имя (edit, reg)
*/
/**
* Имя (edit, reg)
*/
case 'username':
$username = !empty($_POST['username']) ? clean_username($_POST['username']) : $pr_data['username'];
if ($submit) {
$err = validate_username($username);
if (!$errors and $err && $mode == 'register') {
$errors[] = $err;
}
if ($can_edit && $username != $pr_data['username'] || $mode == 'register') {
$pr_data['username'] = $username;
$db_data['username'] = $username;
}
}
$tp_data['CAN_EDIT_USERNAME'] = $can_edit;
$tp_data['USERNAME'] = $pr_data['username'];
break;
/**
* Пароль (edit, reg)
/**
* Login
*
* @param $args
* @param bool $mod_admin_login
*
* @return array
*/
function login($args, $mod_admin_login = false)
{
$username = !empty($args['login_username']) ? clean_username($args['login_username']) : '';
$password = !empty($args['login_password']) ? $args['login_password'] : '';
if ($username && $password) {
$username_sql = str_replace("\\'", "''", $username);
$password_sql = md5($password);
$sql = "\n\t\t\t\tSELECT *\n\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\tWHERE username = '******'\n\t\t\t\t AND user_password = '******'\n\t\t\t\t AND user_active = 1\n\t\t\t\t AND user_id != " . GUEST_UID . "\n\t\t\t\tLIMIT 1\n\t\t\t";
if ($userdata = DB()->fetch_row($sql)) {
if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == GUEST_UID || md5($password) !== $userdata['user_password'] || !$userdata['user_active']) {
trigger_error('invalid userdata', E_USER_ERROR);
}
// Start mod/admin session
if ($mod_admin_login) {
DB()->query("\n\t\t\t\t\t\tUPDATE " . SESSIONS_TABLE . " SET\n\t\t\t\t\t\t\tsession_admin = " . $this->data['user_level'] . "\n\t\t\t\t\t\tWHERE session_user_id = " . $this->data['user_id'] . "\n\t\t\t\t\t\t\tAND session_id = '" . $this->data['session_id'] . "'\n\t\t\t\t\t");
$this->data['session_admin'] = $this->data['user_level'];
cache_update_userdata($this->data);
return $this->data;
} else {
if ($new_session_userdata = $this->session_create($userdata, false)) {
// Removing guest sessions from this IP
DB()->query("\n\t\t\t\t\t\tDELETE FROM " . SESSIONS_TABLE . "\n\t\t\t\t\t\tWHERE session_ip = '" . USER_IP . "'\n\t\t\t\t\t\t\tAND session_user_id = " . GUEST_UID . "\n\t\t\t\t\t");
return $new_session_userdata;
} else {
trigger_error("Could not start session : login", E_USER_ERROR);
}
}
}
}
return array();
}
//
// Define initial vars
//
if (isset($HTTP_POST_VARS['mode']) || isset($HTTP_GET_VARS['mode'])) {
$mode = isset($HTTP_POST_VARS['mode']) ? $HTTP_POST_VARS['mode'] : $HTTP_GET_VARS['mode'];
} else {
$mode = '';
}
if (isset($HTTP_POST_VARS['search_keywords']) || isset($HTTP_GET_VARS['search_keywords'])) {
$search_keywords = isset($HTTP_POST_VARS['search_keywords']) ? $HTTP_POST_VARS['search_keywords'] : $HTTP_GET_VARS['search_keywords'];
} else {
$search_keywords = '';
}
if (isset($HTTP_POST_VARS['search_author']) || isset($HTTP_GET_VARS['search_author'])) {
$search_author = isset($HTTP_POST_VARS['search_author']) ? $HTTP_POST_VARS['search_author'] : $HTTP_GET_VARS['search_author'];
$search_author = clean_username($search_author);
} else {
$search_author = '';
}
$search_id = isset($HTTP_GET_VARS['search_id']) ? $HTTP_GET_VARS['search_id'] : '';
$show_results = isset($HTTP_POST_VARS['show_results']) ? $HTTP_POST_VARS['show_results'] : 'posts';
$show_results = $show_results == 'topics' ? 'topics' : 'posts';
if (isset($HTTP_POST_VARS['search_terms'])) {
$search_terms = $HTTP_POST_VARS['search_terms'] == 'all' ? 1 : 0;
} else {
$search_terms = 0;
}
if (isset($HTTP_POST_VARS['search_fields'])) {
$search_fields = $HTTP_POST_VARS['search_fields'] == 'all' ? 1 : 0;
} else {
$search_fields = 0;
public function step_posts()
{
$defaultUser = $this->in->get('user', 0);
$intDefaultCategoryPosts = $this->in->get('category_posts', 0);
$arrUser = $this->pdh->aget('user', 'name', 0, array($this->pdh->get('user', 'id_list')));
$arrUserMapping = array();
foreach ($arrUser as $userid => $strUsername) {
$arrUserMapping[clean_username($strUsername)] = $userid;
}
$objDatabase = $this->objCIFunctions->createConnection();
$objResult = $objDatabase->query('SELECT p.*, u.user_login FROM __posts p, __users u WHERE p.post_author = u.ID AND (post_type="post") AND (post_status="publish" OR post_status="draft");');
if ($objResult) {
while ($arrRow = $objResult->fetchAssoc()) {
//add($strTitle, $strText, $arrTags, $strPreviewimage, $strAlias, $intPublished,
//$intFeatured, $intCategory, $intUserID, $intComments, $intVotes,$intDate,
//$strShowFrom,$strShowTo, $intHideHeader){
$intArticleID = $this->pdh->put('articles', 'add', array($arrRow['post_title'], $this->replace_images($arrRow['post_content']), array(), '', $arrRow['post_name'] != "" ? $arrRow['post_name'] : $arrRow['post_title'], $arrRow['post_status'] == 'publish' ? 1 : 0, 0, $intDefaultCategoryPosts, isset($arrUserMapping[clean_username($arrRow['user_login'])]) ? $arrUserMapping[clean_username($arrRow['user_login'])] : $defaultUser, $arrRow['comment_status'] == 'open' ? 1 : 0, $arrRow['comment_status'] == 'open' ? 1 : 0, strtotime($arrRow['post_date_gmt']) ? strtotime($arrRow['post_date_gmt']) : strtotime($arrRow['post_modified_gmt']), '', '', 0));
$arrImported[] = $arrRow['post_title'];
if ($intArticleID && (int) $arrRow['comment_count'] > 0) {
$objCommentResult = $objDatabase->prepare('SELECT c.*, u.user_login FROM __comments c, __users u WHERE c.user_id = u.ID AND comment_post_ID = ? AND user_id > 0;')->execute($arrRow['ID']);
if ($objCommentResult) {
while ($arrCommentRow = $objCommentResult->fetchAssoc()) {
//insert($attach_id, $user_id, $comment, $page, $reply_to)
$userId = isset($arrUserMapping[clean_username($arrCommentRow['user_login'])]) ? $arrUserMapping[clean_username($arrCommentRow['user_login'])] : false;
if ($userId) {
$objQuery = $this->db->prepare("INSERT INTO __comments :p")->set(array('attach_id' => $intArticleID, 'date' => strtotime($arrCommentRow['comment_date_gmt']), 'userid' => $userId, 'text' => str_replace("\n", "[br]", filter_var($arrCommentRow['comment_content'])), 'page' => 'articles', 'reply_to' => 0))->execute();
if ($objQuery) {
$id = $objQuery->insertId;
$this->pdh->enqueue_hook('comment_update', $id);
}
}
}
}
}
}
}
$this->pdh->process_hook_queue();
//Display imported Posts
$out = '<h2>' . $this->user->lang('ci_imported_posts') . '</h2>
<table class="table">';
foreach ($arrImported as $val) {
$out .= '<tr><td>' . $val . '</td></tr>';
}
$out .= '</table>';
return $out;
}
function get_userdata($u, $force_name = false, $allow_guest = false)
{
if (!$u) {
return false;
}
if (intval($u) == GUEST_UID && $allow_guest) {
if ($u_data = CACHE('ft_cache')->get('guest_userdata')) {
return $u_data;
}
}
$u_data = array();
$name_search = false;
$exclude_anon_sql = !$allow_guest ? "AND user_id != " . GUEST_UID : '';
if ($force_name || !is_numeric($u)) {
$name_search = true;
$where_sql = "WHERE username = '******'";
} else {
$where_sql = "WHERE user_id = " . (int) $u;
}
$sql = "SELECT * FROM " . USERS_TABLE . " {$where_sql} {$exclude_anon_sql} LIMIT 1";
if (!($u_data = DB()->fetch_row($sql))) {
if (!is_int($u) && !$name_search) {
$where_sql = "WHERE username = '******'";
$sql = "SELECT * FROM " . USERS_TABLE . " {$where_sql} {$exclude_anon_sql} LIMIT 1";
$u_data = DB()->fetch_row($sql);
}
}
if ($u_data['user_id'] == GUEST_UID) {
CACHE('ft_cache')->set('guest_userdata', $u_data);
}
return $u_data;
}
/**
* Attempt to log in a user
*
* @param $strUsername
* @param $strPassword
* @param $boolSetAutoLogin Save login in cookie?
* @param $boolUseHash Use Hash for comparing
* @return bool
*/
public function login($strUsername, $strPassword, $boolSetAutoLogin = false, $boolUseHash = false)
{
if (!$this->pdl->type_known("login")) {
$this->pdl->register_type("login", false, array($this, 'pdl_html_format_login'), array(3, 4));
}
$arrStatus = false;
$this->error = false;
//Bridge-Login, only if using not a hash
if ($this->config->get('cmsbridge_active') == 1 && $this->config->get('pk_maintenance_mode') != 1 && $boolUseHash == false) {
$this->pdl->log('login', 'Try Bridge Login');
$arrStatus = $this->bridge->login($strUsername, $strPassword, $boolSetAutoLogin, false);
}
//Bridge Login failed, Specific Auth-Method Login
if (!$arrStatus) {
$this->pdl->log('login', 'Bridge Login failed or Bridge not activated');
//Login-Method Login like OpenID, Facebook, ...
if ($this->in->get('lmethod') != "") {
$this->pdl->log('login', 'Try Auth-Method Login ' . $this->in->get('lmethod'));
$arrAuthObject = $this->get_login_objects($this->in->get('lmethod'));
if ($arrAuthObject) {
$arrStatus = $arrAuthObject->login($strUsername, $strPassword, $boolUseHash);
}
if ($arrStatus) {
$this->pdl->log('login', 'Auth-Method Login ' . $this->in->get('lmethod') . ' successful');
}
}
//Auth Login, because all other failed
if (!$arrStatus) {
$this->pdl->log('login', 'Try EQdkp Plus Login');
$objQuery = $this->db->prepare("SELECT user_id, username, user_password, user_email, user_active, failed_login_attempts, user_login_key\n\t\t\t\t\t\t\t\tFROM __users\n\t\t\t\t\t\t\t\tWHERE LOWER(username) =?")->execute(clean_username($strUsername));
if ($objQuery && $objQuery->numRows) {
$row = $objQuery->fetchAssoc();
list($strUserPassword, $strUserSalt) = explode(':', $row['user_password']);
//If it's an old password without salt or there is a better algorythm
$blnNeedsUpdate = $this->checkIfHashNeedsUpdate($strUserPassword) || !$strUserSalt;
if ($blnNeedsUpdate) {
if ((int) $row['user_active']) {
$this->pdl->log('login', 'EQDKP User needs update');
if ($this->checkPassword($strPassword, $row['user_password'], $boolUseHash)) {
$strNewSalt = $this->generate_salt();
$strNewPassword = $this->encrypt_password($strPassword, $strNewSalt);
$this->db->prepare("UPDATE __users :p WHERE user_id=?")->set(array('user_password' => $strNewPassword . ':' . $strNewSalt))->execute($row['user_id']);
$arrStatus = array('status' => 1, 'user_id' => (int) $row['user_id'], 'password_hash' => $strNewPassword, 'user_login_key' => $row['user_login_key']);
} else {
$this->pdl->log('login', 'EQDKP Login failed: wrong password');
$this->error = 'wrong_password';
}
} else {
$this->error = 'user_inactive';
if ($row['failed_login_attempts'] >= (int) $this->config->get('failed_logins_inactivity')) {
$this->error = 'user_inactive_failed_logins';
}
$this->pdl->log('login', 'EQDKP Login failed: ' . $this->error);
}
} else {
$strLoginPassword = $this->checkPassword($strPassword, $row['user_password'], $boolUseHash, true);
if ((int) $row['user_active']) {
if ($strLoginPassword) {
$arrStatus = array('status' => 1, 'user_id' => (int) $row['user_id'], 'password_hash' => $strLoginPassword, 'user_login_key' => $row['user_login_key']);
} else {
$this->error = 'wrong_password';
$this->pdl->log('login', 'EQDKP Login failed: ' . $this->error);
}
} else {
$this->error = 'user_inactive';
if ($row['failed_login_attempts'] >= (int) $this->config->get('failed_logins_inactivity')) {
$this->error = 'user_inactive_failed_logins';
}
$this->pdl->log('login', 'EQDKP Login failed: ' . $this->error);
}
}
} else {
$this->error = 'wrong_username';
$this->pdl->log('login', 'EQDKP Login failed: ' . $this->error);
}
}
//If Bridge is active, check if EQdkp User is allowed to login
if ($arrStatus && $this->config->get('cmsbridge_active') == 1 && (int) $this->config->get('pk_maintenance_mode') != 1) {
$this->pdl->log('login', 'Check EQdkp Plus User against Bridge Groups');
//Only CMS User are allowed to login
if ((int) $this->config->get('cmsbridge_onlycmsuserlogin')) {
$this->pdl->log('login', 'Only CMS User are allowed to login');
//check if user is Superadmin, if yes, login
$blnIsSuperadmin = $this->check_group(2, false, (int) $arrStatus['user_id']);
//try Bridge-Login without passwort
if (!$blnIsSuperadmin) {
$this->pdl->log('login', 'User ist not Superadmin, check against Bridge Groups');
$arrStatus = $this->bridge->login($this->pdh->get('user', 'name', array((int) $arrStatus['user_id'])), false, false, $boolUseHash, false, false);
}
//deny access if not Superadmin and not in the groups
if (!$blnIsSuperadmin && !$arrStatus) {
$arrStatus = false;
}
} else {
//Everyone is allowed to login
$this->pdl->log('login', 'Checks complete, call Bridge SSO if needed');
//Bridge-Login without password, for settings Single Sign On
$this->bridge->login($this->pdh->get('user', 'name', array((int) $arrStatus['user_id'])), false, false, $boolUseHash, false, false);
}
}
}
//Auth Method After-Login - reading only
$this->pdl->log('login', 'Possible Intercept by Auth Methods');
$this->handle_login_functions("after_login", false, array($arrStatus, $strUsername, $strPassword, $boolUseHash, isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin));
if (!$arrStatus) {
$this->pdl->log('login', 'User login failed');
$this->db->prepare("UPDATE __sessions SET session_failed_logins = session_failed_logins + 1 WHERE session_id=?")->execute($this->sid);
$this->data['session_failed_logins']++;
//Failed Login
if ($this->config->get('pk_maintenance_mode') != 1) {
//Only do this if not in MMode
$userid = $this->pdh->get('user', 'userid', array($strUsername));
if ($userid != ANONYMOUS && $this->pdh->get('user', 'active', array($userid))) {
$intFailedLogins = $this->pdh->get('user', 'failed_logins', array($userid));
$intFailedLogins++;
$this->pdh->put('user', 'update_failed_logins', array($userid, $intFailedLogins));
//Set him inactive
if ((int) $this->config->get('failed_logins_inactivity') > 0 && $intFailedLogins == (int) $this->config->get('failed_logins_inactivity')) {
$this->pdh->put('user', 'activate', array($userid, 0));
//Write to admin-Log
$this->logs->add('action_user_failed_logins', '', $userid, $strUsername, false, '', 1, $userid);
//Send the User an Email with activation link
$user_key = $this->pdh->put('user', 'create_new_activationkey', array($userid));
// Email them their new key
$email = registry::register('MyMailer');
$bodyvars = array('USERNAME' => $strUsername, 'U_ACTIVATE' => $this->env->link . $this->controller_path_plain . 'Register/Activate/?key=' . $user_key);
$email->SendMailFromAdmin($this->pdh->get('user', 'email', array($userid)), $this->lang('email_subject_activation_self'), 'user_activation_failed_logins.html', $bodyvars);
}
}
}
} else {
$this->pdl->log('login', 'User successfull authenticated');
$this->hooks->process('user_login_successful', array('auth_method' => 'db', 'user_id' => $arrStatus['user_id'], 'autologin' => isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin));
//User successfull authenticated - destroy old session and create a new one
$this->db->prepare("UPDATE __users :p WHERE user_id=?")->set(array('failed_login_attempts' => 0))->execute($arrStatus['user_id']);
$this->destroy();
$this->create($arrStatus['user_id'], isset($arrStatus['user_login_key']) ? $arrStatus['user_login_key'] : '', isset($arrStatus['autologin']) ? $arrStatus['autologin'] : $boolSetAutoLogin);
return true;
}
return false;
}
<?php
if (!defined('FT_ROOT')) {
die(basename(__FILE__));
}
if (isset($HTTP_POST_VARS['submit'])) {
$username = !empty($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : '';
$email = !empty($HTTP_POST_VARS['email']) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';
$sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\tFROM " . USERS_TABLE . "\n\t\tWHERE user_email = '" . str_replace("\\'", "''", $email) . "'\n\t\t\tAND username = '******'", "''", $username) . "'";
if ($result = DB()->sql_query($sql)) {
if ($row = DB()->sql_fetchrow($result)) {
if (!$row['user_active']) {
message_die(GENERAL_MESSAGE, $lang['No_send_account_inactive']);
}
$username = $row['username'];
$user_id = $row['user_id'];
$user_actkey = make_rand_str(true);
$key_len = 54 - strlen($server_url);
$key_len = $str_len > 6 ? $key_len : 6;
$user_actkey = substr($user_actkey, 0, $key_len);
$user_password = make_rand_str(false);
$sql = "UPDATE " . USERS_TABLE . "\n\t\t\t\tSET user_newpasswd = '" . md5($user_password) . "', user_actkey = '{$user_actkey}'\n\t\t\t\tWHERE user_id = " . $row['user_id'];
if (!DB()->sql_query($sql)) {
message_die(GENERAL_ERROR, 'Could not update new password information', '', __LINE__, __FILE__, $sql);
}
require FT_ROOT . 'includes/emailer.php';
$emailer = new emailer($ft_cfg['smtp_delivery']);
$emailer->from($ft_cfg['board_email']);
$emailer->replyto($ft_cfg['board_email']);
$emailer->use_template('user_activate_passwd', $row['user_lang']);
$emailer->email_address($row['user_email']);
$is_moderator = TRUE;
}
//
// Handle Additions, removals, approvals and denials
//
if (!empty($HTTP_POST_VARS['add']) || !empty($HTTP_POST_VARS['remove']) || isset($HTTP_POST_VARS['approve']) || isset($HTTP_POST_VARS['deny'])) {
if (!$userdata['session_logged_in']) {
redirect(append_sid("login.php?redirect=groupcp.php&" . POST_GROUPS_URL . "={$group_id}", true));
}
if (!$is_moderator) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("index.php") . '">'));
$message = $lang['Not_group_moderator'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.php") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
if (isset($HTTP_POST_VARS['add'])) {
$username = isset($HTTP_POST_VARS['username']) ? clean_username($HTTP_POST_VARS['username']) : '';
$sql = "SELECT user_id, user_email, user_lang, user_level\n\t\t\t\t\tFROM " . USERS_TABLE . "\n\t\t\t\t\tWHERE username = '******'", "''", $username) . "'";
if (!($result = DB()->sql_query($sql))) {
message_die(GENERAL_ERROR, "Could not get user information", $lang['Error'], __LINE__, __FILE__, $sql);
}
if (!($row = DB()->sql_fetchrow($result))) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">'));
$message = $lang['Could_not_add_user'] . "<br /><br />" . sprintf($lang['Click_return_group'], "<a href=\"" . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_index'], "<a href=\"" . append_sid("index.php") . "\">", "</a>");
message_die(GENERAL_MESSAGE, $message);
}
if ($row['user_id'] == GUEST_UID) {
$template->assign_vars(array('META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">'));
$message = $lang['Could_not_anon_user'] . '<br /><br />' . sprintf($lang['Click_return_group'], '<a href="' . append_sid("groupcp.php?" . POST_GROUPS_URL . "={$group_id}") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.php") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
$sql = "SELECT ug.user_id, u.user_level\n\t\t\t\t\tFROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u\n\t\t\t\t\tWHERE u.user_id = " . $row['user_id'] . "\n\t\t\t\t\t\tAND ug.user_id = u.user_id\n\t\t\t\t\t\tAND ug.group_id = {$group_id}";
function get_userdata($user, $force_str = false)
{
global $db;
if (intval($user) == 0 || $force_str) {
$user = clean_username($user);
} else {
$user = intval($user);
}
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE ';
$sql .= (is_integer($user) ? "user_id='{$user}'" : "username='******'") . ' AND user_id<>' . ANONYMOUS;
$result = $db->Execute($sql);
return $result->fields ? $result->fields : false;
}
// show array forms
foreach ($sxml->{'string-array'} as $stringarray) {
$k = $stringarray['name'];
$tstringarrays = $txml->xpath('//string-array[@name="' . $k . '"]');
if (is_array($tstringarrays) && array_key_exists(0, $tstringarrays)) {
$tstringarray = $tstringarrays[0];
} else {
$tstringarray = array(); // FIXME
}
$formcolor = $color_green;
$form = '';
$form = $form.'<form method="post" action="edit.php?lang='.$lang.'&file='.$file.'&hidegreen='.$hidegreen.'#'.$k.'" id="'.$k.'">'."\n";
$form = $form.' String name: <b>'.$k."</b><br/>\n";
if (!empty($username) && !empty($tstringarray['username'])) {
$form = $form.' translator: <input type="text" disabled="disabled" value="'.clean_username($tstringarray['username']).'" size="50" />'."<br/>\n";
}
$form = $form.' <input name="action" value="edit-string-array" type="hidden" />'."\n";
$form = $form.' <table>';
$i = 0;
foreach ($stringarray->item as $item) {
$av = (string) $item;
$tv = (string) $tstringarray;
if (count($tstringarray) > $i && empty($tstringarray->item[$i]['notranslation'])) {
$atv = (string) $tstringarray->item[$i];
} else {
$atv = '';
}
$decodedv = decode_string($av);
$decodedtv = decode_string($atv);
if (
$select_letter .= $by_letter == chr($i) ? '<b>' . chr($i) . '</b> ' : '<a class="genmed" href="' . ("memberlist.php?letter=" . chr($i) . "&mode={$mode}&order={$sort_order}") . '">' . chr($i) . '</a> ';
}
// RUS
$select_letter .= ': ';
for ($i = 224, $cnt = 255; $i <= $cnt; $i++) {
$select_letter .= $by_letter == iconv('windows-1251', 'UTF-8', chr($i)) ? '<b>' . iconv('windows-1251', 'UTF-8', chr($i - 32)) . '</b> ' : '<a class="genmed" href="' . ("memberlist.php?letter=%" . strtoupper(base_convert($i, 10, 16)) . "&mode={$mode}&order={$sort_order}") . '">' . iconv('windows-1251', 'UTF-8', chr($i - 32)) . '</a> ';
}
$select_letter .= ': ';
$select_letter .= $by_letter == 'others' ? '<b>' . $lang['OTHERS'] . '</b> ' : '<a class="genmed" href="' . "memberlist.php?letter=others&mode={$mode}&order={$sort_order}" . '">' . $lang['OTHERS'] . '</a> ';
$select_letter .= ': ';
$select_letter .= $by_letter == 'all' ? '<b>' . $lang['ALL'] . '</b>' : '<a class="genmed" href="' . "memberlist.php?letter=all&mode={$mode}&order={$sort_order}" . '">' . $lang['ALL'] . '</a>';
$template->assign_vars(array('S_LETTER_SELECT' => $select_letter, 'S_LETTER_HIDDEN' => '<input type="hidden" name="letter" value="' . $by_letter . '">'));
// per-letter selection end
$sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS_CSV . ")";
if ($username) {
$username = preg_replace('/\\*/', '%', clean_username($username));
$letter_sql = "username LIKE '" . DB()->escape($username) . "'";
}
$sql .= $letter_sql ? " AND {$letter_sql}" : '';
$sql .= " ORDER BY {$order_by}";
if ($result = DB()->fetch_rowset($sql)) {
foreach ($result as $i => $row) {
$user_id = $row['user_id'];
$from = $row['user_from'];
$joined = bb_date($row['user_regdate'], $bb_cfg['date_format']);
$posts = $row['user_posts'];
$pm = $bb_cfg['text_buttons'] ? '<a class="txtb" href="' . (PM_URL . "?mode=post&" . POST_USERS_URL . "={$user_id}") . '">' . $lang['SEND_PM_TXTB'] . '</a>' : '<a href="' . (PM_URL . "?mode=post&" . POST_USERS_URL . "={$user_id}") . '"><img src="' . $images['icon_pm'] . '" alt="' . $lang['SEND_PRIVATE_MESSAGE'] . '" title="' . $lang['SEND_PRIVATE_MESSAGE'] . '" border="0" /></a>';
if (bf($row['user_opt'], 'user_opt', 'user_viewemail') || IS_ADMIN) {
$email_uri = $bb_cfg['board_email_form'] ? "profile.php?mode=email&" . POST_USERS_URL . "={$user_id}" : 'mailto:' . $row['user_email'];
$email = '<a class="editable" href="' . $email_uri . '">' . $row['user_email'] . '</a>';
} else {
if ($forum_val && $forum_val != $search_all) {
$search_in_forums_ary = array_slice(explode(',', $forum_val), 0, $max_forums_selected);
$search_in_forums_fary = array_flip($search_in_forums_ary);
$search_in_forums_csv = join(',', $search_in_forums_ary);
$forum_val = $search_in_forums_csv;
} else {
$forum_val = $search_all;
}
// Get poster_id
if (!$my_val) {
$req_poster_id = '';
if (isset($_GET[$poster_id_key]) && !$search_id) {
$req_poster_id = intval($_GET[$poster_id_key]);
} else {
if (isset($_POST[$poster_name_key]) && !$search_id) {
if ($req_poster_name = clean_username($_POST[$poster_name_key])) {
$poster_name_sql = str_replace("\\'", "''", $req_poster_name);
if ($poster_id = get_user_id($poster_name_sql)) {
$poster_id_val = $poster_id;
$poster_name_val = stripslashes(html_entity_decode($req_poster_name));
} else {
$poster_name_val = $lang['BT_USER_NOT_FOUND'];
$tr_error = $poster_error = true;
}
}
} else {
if ($search_id && $previous_settings[$poster_id_key]) {
$poster_id_val = intval($previous_settings[$poster_id_key]);
$poster_name_val = $previous_settings[$poster_name_key] ? $previous_settings[$poster_name_key] : '';
}
}
function prepare_post(&$mode, &$post_data, &$bbcode_on, &$html_on, &$smilies_on, &$error_msg, &$username, &$bbcode_uid, &$subject, &$message, &$poll_title, &$poll_options, &$poll_length)
{
global $ft_cfg, $userdata, $lang;
// Check username
if (!empty($username)) {
$username = clean_username($username);
if (!$userdata['session_logged_in'] || $userdata['session_logged_in'] && $username != $userdata['username']) {
require FT_ROOT . 'includes/functions_validate.php';
$result = validate_username($username);
if ($result['error']) {
$error_msg .= !empty($error_msg) ? '<br />' . $result['error_msg'] : $result['error_msg'];
}
} else {
$username = '';
}
}
// Check subject
if (!empty($subject)) {
$subject = htmlspecialchars(trim($subject));
} else {
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_subject'] : $lang['Empty_subject'];
}
}
// Check message
if (!empty($message)) {
$bbcode_uid = $bbcode_on ? make_bbcode_uid() : '';
$message = prepare_message(trim($message), $html_on, $bbcode_on, $smilies_on, $bbcode_uid);
} else {
if ($mode != 'delete' && $mode != 'poll_delete') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_message'] : $lang['Empty_message'];
}
}
//
// Handle poll stuff
//
if ($mode == 'newtopic' || $mode == 'editpost' && $post_data['first_post']) {
$poll_length = isset($poll_length) ? max(0, intval($poll_length)) : 0;
if (!empty($poll_title)) {
$poll_title = htmlspecialchars(trim($poll_title));
}
if (!empty($poll_options)) {
$temp_option_text = array();
while (list($option_id, $option_text) = @each($poll_options)) {
$option_text = trim($option_text);
if (!empty($option_text)) {
$temp_option_text[$option_id] = htmlspecialchars($option_text);
}
}
$option_text = $temp_option_text;
if (count($poll_options) < 2) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_few_poll_options'] : $lang['To_few_poll_options'];
} else {
if (count($poll_options) > $ft_cfg['max_poll_options']) {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['To_many_poll_options'] : $lang['To_many_poll_options'];
} else {
if ($poll_title == '') {
$error_msg .= !empty($error_msg) ? '<br />' . $lang['Empty_poll_title'] : $lang['Empty_poll_title'];
}
}
}
}
}
return;
}
/**
* Cleans the username
*
* @param string $user
* @return string
*/
private function clean_username($user)
{
if (strpos($user, '---') !== false) {
$user = str_replace('---', '–––', $user);
clean_username($user);
}
return $user;
}
function username_search($search_match)
{
global $ft_cfg, $template, $lang, $images, $theme;
global $starttime, $gen_simple_header;
$gen_simple_header = TRUE;
$username_list = '';
if (!empty($search_match)) {
$username_search = preg_replace('/\\*/', '%', clean_username($search_match));
$sql = "SELECT username\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username LIKE '" . str_replace("\\'", "''", $username_search) . "' AND user_id <> " . GUEST_UID . "\n\t\t\tORDER BY username";
if (!($result = DB()->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not obtain search results', '', __LINE__, __FILE__, $sql);
}
if ($row = DB()->sql_fetchrow($result)) {
do {
$username_list .= '<option value="' . $row['username'] . '">' . $row['username'] . '</option>';
} while ($row = DB()->sql_fetchrow($result));
} else {
$username_list .= '<option>' . $lang['No_match'] . '</option>';
}
DB()->sql_freeresult($result);
}
$page_title = $lang['Search'];
require FT_ROOT . 'includes/page_header.php';
$template->set_filenames(array('search_user_body' => 'search_username.tpl'));
$template->assign_vars(array('USERNAME' => !empty($search_match) ? clean_username($search_match) : '', 'L_CLOSE_WINDOW' => $lang['Close_window'], 'L_SEARCH_USERNAME' => $lang['Find_username'], 'L_UPDATE_USERNAME' => $lang['Select_username'], 'L_SELECT' => $lang['Select'], 'L_SEARCH' => $lang['Search'], 'L_SEARCH_EXPLAIN' => $lang['Search_author_explain'], 'L_CLOSE_WINDOW' => $lang['Close_window'], 'S_USERNAME_OPTIONS' => $username_list, 'S_SEARCH_ACTION' => append_sid("search.php?mode=searchuser")));
if ($username_list != '') {
$template->assign_block_vars('switch_select_name', array());
}
$template->pparse('search_user_body');
require FT_ROOT . 'includes/page_tail.php';
return;
}
public function process_resend_activation()
{
if ((int) $this->config->get('cmsbridge_active') == 1 && strlen($this->config->get('cmsbridge_reg_url'))) {
redirect($this->config->get('cmsbridge_reg_url'), false, true);
}
$username = $this->in->exists('username') ? trim(strip_tags($this->in->get('username'))) : '';
// Look up record based on the username and e-mail
$objQuery = $this->db->prepare("SELECT user_id, username, user_email, user_active, user_lang\n\t\t\t\tFROM __users\n\t\t\t\tWHERE LOWER(user_email) = ?\n\t\t\t\tOR LOWER(username)=?")->limit(1)->execute(utf8_strtolower($username), clean_username($username));
if ($objQuery) {
if ($objQuery->numRows) {
$row = $objQuery->fetchAssoc();
// Account's inactive, can't give them their password
if ($row['user_active'] || $this->config->get('account_activation') != 1) {
message_die($this->user->lang('error_already_activated'));
}
$username = $row['username'];
// Create a new activation key
$user_key = $this->pdh->put('user', 'create_new_activationkey', array($row['user_id']));
// Email them their new password
$bodyvars = array('USERNAME' => $row['username'], 'DATETIME' => $this->time->user_date($this->time->time, true), 'U_ACTIVATE' => $this->server_url . 'Activate/?key=' . $user_key);
if ($this->email->SendMailFromAdmin($row['user_email'], $this->user->lang('email_subject_activation_self'), 'register_activation_self.html', $bodyvars)) {
message_die(sprintf($this->user->lang('register_activation_self'), $this->in->get('user_email')), $this->user->lang('get_new_password'));
} else {
message_die($this->user->lang('error_email_send'), $this->user->lang('get_new_password'));
}
} else {
message_die($this->user->lang('error_invalid_user_or_mail'), $this->user->lang('get_new_activation_mail'), '', '', '', array('value' => $this->user->lang('back'), 'onclick' => 'javascript:history.back()'));
}
} else {
message_die('Could not obtain user information', '', 'error', false, __FILE__, __LINE__, $sql);
}
}
function event_login_signup()
{
if (!$this->component) {
return false;
}
global $username, $email, $lastname, $webpage, $icq, $mail_news, $mail_works, $mail_comments, $g_usr, $g_ini, $HTTP_SERVER_VARS;
if (empty($username) || empty($email)) {
$this->error = 'praðom uþpildyti abu privalomus laukus<br>';
empty($username) && ($username = '');
empty($email) && ($email = '');
}
if (strlen($username) != strlen(clean_username($username))) {
$this->error .= 'vartotojo varde galimi tik ðie þenklai: 0-9a-zA-Z_<br>';
$username = clean_username($username);
}
if ($g_usr->exists_username($username)) {
$this->error .= 'toks vartotojas jau yra<br>';
}
if (!empty($email) && $g_usr->exists_email($email)) {
$this->error .= 'toks e-mailas jau yra<br>';
}
if (!valid_email($email)) {
$this->error .= 'nekorektiðkas e-mailas<br>';
}
/* if ('217.147.34.6' == $HTTP_SERVER_VARS['REMOTE_ADDR'])
{
$this->error .= 'didelës problemos, brûkðtelk laiðkà <a href="mailto:art@scene.lt">art@scene.lt</a><br>';
}
*/
if ($this->error) {
return false;
}
// get hostname
if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
$proxy = @gethostbyaddr($HTTP_SERVER_VARS['REMOTE_ADDR']);
$host = @gethostbyaddr($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
$host = "{$host} [proxy: {$proxy}]";
} else {
$host = @gethostbyaddr($HTTP_SERVER_VARS['REMOTE_ADDR']);
}
$password = genpass();
// everything ok, create user
$mas['username'] = $username;
$mas['email'] = $email;
$mas['password'] = md5($password);
$mas['group_id'] = $g_ini->read_var('users', 'default_group');
$mas['active'] = 1;
$mas['lastlogin'] = date('Y.m.d H.i');
$mas['lasthost'] = "[new] {$host}";
$this->db->insert_query($mas, $this->table);
isset($lastname) || ($lastname = '');
isset($webpage) || ($webpage = '');
isset($icq) || ($icq = '');
isset($mail_news) || ($mail_news = '0');
isset($mail_comments) || ($mail_comments = '0');
isset($mail_works) || ($mail_works = '0');
if ('http://' == $webpage) {
$webpage = '';
}
$mas = array();
$mas['uid'] = $this->db->get_insert_id();
$mas['lastname'] = $lastname;
$mas['url'] = $webpage;
$mas['icq'] = $icq;
$mas['mail_news'] = $mail_news;
$mas['mail_comments'] = $mail_comments;
$mas['mail_works'] = $mail_works;
$mas['reg_date'] = date('Y.m.d H.i');
$this->db->insert_query($mas, 'u_user_info');
setcookie("cookie_user_name", $username, time() + 3600 * 24 * 30);
$this->result = $password;
return true;
}
$sql = "SELECT MAX(privmsgs_date) AS last_post_time\r\n\t\t\tFROM " . PRIVMSGS_TABLE . "\r\n\t\t\tWHERE privmsgs_from_userid = " . $userdata['user_id'];
if ($result = DB()->sql_query($sql)) {
$db_row = DB()->sql_fetchrow($result);
$last_post_time = $db_row['last_post_time'];
$current_time = time();
if ($current_time - $last_post_time < $ft_cfg['flood_interval']) {
message_die(GENERAL_MESSAGE, $lang['Flood_Error']);
}
}
//
// End Flood control
//
}
if ($submit) {
if (!empty($HTTP_POST_VARS['username'])) {
$to_username = clean_username($HTTP_POST_VARS['username']);
// DelUsrKeepPM
$to_username_sql = str_replace("\\'", "''", $to_username);
$sql = "SELECT user_id, user_notify_pm, user_email, user_lang, user_active\r\n\t\t\t\tFROM " . USERS_TABLE . "\r\n\t\t\t\tWHERE username = '******'";
$to_userdata = DB()->sql_fetchrow(DB()->sql_query($sql));
if (!$to_userdata || $to_userdata['user_id'] == GUEST_UID) {
$error = TRUE;
$error_msg = $lang['No_such_user'];
}
// DelUsrKeepPM end
} else {
$error = TRUE;
$error_msg .= (!empty($error_msg) ? '<br />' : '') . $lang['No_to_user'];
}
$privmsg_subject = trim(strip_tags($HTTP_POST_VARS['subject']));
if (empty($privmsg_subject)) {
$emailer->email_address($to_userdata['username'] . " <{$to_userdata['user_email']}>");
$emailer->use_template('privmsg_notify', $to_userdata['user_lang']);
$emailer->assign_vars(array('USERNAME' => html_entity_decode($to_username), 'NAME_FROM' => $userdata['username'], 'MSG_SUBJECT' => html_entity_decode($privmsg_subject), 'SITENAME' => $bb_cfg['sitename'], 'U_INBOX' => make_url(PM_URL . "?folder=inbox&mode=read&p={$privmsg_sent_id}")));
$emailer->send();
$emailer->reset();
}
}
pm_die($lang['MESSAGE_SENT']);
} else {
if ($preview || $refresh || $error) {
//
// If we're previewing or refreshing then obtain the data
// passed to the script, process it a little, do some checks
// where neccessary, etc.
//
$to_username = isset($_POST['username']) ? clean_username($_POST['username']) : '';
$privmsg_subject = isset($_POST['subject']) ? clean_title($_POST['subject']) : '';
$privmsg_message = isset($_POST['message']) ? prepare_message($_POST['message']) : '';
//
// Do mode specific things
//
if ($mode == 'post') {
$page_title = $lang['POST_NEW_PM'];
} else {
if ($mode == 'reply') {
$page_title = $lang['POST_REPLY_PM'];
} else {
if ($mode == 'edit') {
$page_title = $lang['EDIT_PM'];
$sql = "SELECT u.user_id\n\t\t\t\tFROM " . BB_PRIVMSGS . " pm, " . BB_USERS . " u\n\t\t\t\tWHERE pm.privmsgs_id = {$privmsg_id}\n\t\t\t\t\tAND u.user_id = pm.privmsgs_from_userid";
if (!($result = DB()->sql_query($sql))) {
<?php
if (!defined('IN_AJAX')) {
die(basename(__FILE__));
}
global $bb_cfg, $lang, $userdata;
$mode = (string) $this->request['mode'];
$html = '<img src="./styles/images/good.gif">';
switch ($mode) {
case 'check_name':
$username = clean_username($this->request['username']);
if (empty($username)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_A_NAME'] . '</span>';
} elseif ($err = validate_username($username)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>';
}
break;
case 'check_email':
$email = (string) $this->request['email'];
if (empty($email)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_E_MAIL'] . '</span>';
} elseif ($err = validate_email($email)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $err . '</span>';
}
break;
case 'check_pass':
$pass = (string) $this->request['pass'];
$pass_confirm = (string) $this->request['pass_confirm'];
if (empty($pass) || empty($pass_confirm)) {
$html = '<img src="./styles/images/bad.gif"> <span class="leechmed bold">' . $lang['CHOOSE_PASS'] . '</span>';
} else {
public function process_lost_password()
{
if ((int) $this->config->get('cmsbridge_reg_redirect') == 1 && (int) $this->config->get('cmsbridge_active') == 1) {
if (strlen($this->config->get('cmsbridge_reg_url')) > 1) {
redirect($this->config->get('cmsbridge_reg_url'), false, true);
} else {
redirect('index.php' . $this->SID);
}
}
$username = $this->in->exists('username') ? trim(strip_tags($this->in->get('username'))) : '';
// Look up record based on the username
$sql = "SELECT user_id, username, user_email, user_active, user_lang\n\t\t\t\tFROM __users\n\t\t\t\tWHERE LOWER(username)='" . $this->db->escape(clean_username($username)) . "'";
$result = $this->db->query($sql);
$row = $this->db->fetch_record($result);
//Check if email
if (!$row) {
$userid = $this->pdh->get('user', 'userid_for_email', array($username));
if ($userid) {
$row = $this->pdh->get('user', 'data', array($userid));
}
} else {
$row['user_email'] = $this->crypt->decrypt($row['user_email']);
}
//We have an hit
if ($row) {
// Account's inactive, can't give them their password
if (!$row['user_active']) {
message_die($this->user->lang('error_account_inactive'));
}
$username = $row['username'];
// Create a new activation key
$user_key = $this->pdh->put('user', 'create_new_activationkey', array($row['user_id']));
if (!strlen($user_key)) {
$this->core->message($this->user->lang('error_set_new_pw'), $this->user->lang('error'), 'red');
$this->display();
}
// Email them their new password
$bodyvars = array('USERNAME' => $row['username'], 'DATETIME' => $this->time->user_date(false, true), 'U_ACTIVATE' => $this->env->link . 'login.php?mode=newpassword&key=' . $user_key);
if ($this->email->SendMailFromAdmin($row['user_email'], $this->user->lang('email_subject_new_pw'), 'user_new_password.html', $bodyvars)) {
message_die($this->user->lang('password_sent'), $this->user->lang('get_new_password'));
} else {
message_die($this->user->lang('error_email_send'), $this->user->lang('get_new_password'));
}
} else {
message_die($this->user->lang('error_invalid_user_or_mail'), $this->user->lang('get_new_password'));
}
}
public function user_login_successful($arrOptions)
{
$user_id = $arrOptions['user_id'];
$blnAutologin = $arrOptions['autologin'];
//Include SSO Class
include_once $this->root_path . 'plugins/eqdkp_sso/includes/eqdkp_sso.class.php';
$this->sso = register('eqdkp_sso_class');
//Hole Daten aus Cache
$arrMasterData = $this->pdc->get('eqdkp_sso_masterdata');
if ($arrMasterData === NULL) {
//Hole Daten aus Master
$objMasterDB = $this->sso->getMasterConnection();
if ($objMasterDB) {
$objQuery = $objMasterDB->query('SELECT * FROM __plugin_sso');
if ($objQuery) {
while ($drow = $objQuery->fetchAssoc()) {
$arrMasterData[(int) $drow['id']] = array('id' => (int) $drow['id'], 'name' => $drow['name'], 'domain' => $drow['domain'], 'uniqueid' => $drow['uniqueid'], 'db_type' => (int) $drow['db_type'], 'db_host' => $drow['db_host'], 'db_user' => $drow['db_user'], 'db_password' => $drow['db_password'], 'db_database' => $drow['db_database'], 'db_prefix' => $drow['db_prefix'], 'cookie_name' => $drow['cookie_name']);
}
}
//Und Cache sie
$this->pdc->put('eqdkp_sso_masterdata', $arrMasterData, 60 * 10);
} else {
//No connection to Master
return;
}
}
$strUsername = clean_username($this->pdh->get('user', 'name', array($user_id)));
$strMyDomain = $this->env->server_name;
$strMyCookiename = $this->config->get('cookie_name');
$strMyUniqueID = $this->sso->get_uniqueid();
$crypt = register('encrypt', array($this->sso->get_master_key()));
foreach ($arrMasterData as $arrValue) {
//UniqueID checken
if ($arrValue['uniqueid'] != "" && $arrValue['uniqueid'] == $strMyUniqueID) {
continue;
}
//Verbindung aufbauen
$mydb = false;
if ((int) $arrValue['db_type'] === 0) {
//Same Connection as Master
$mydb = isset($objMasterDB) ? $objMasterDB : $this->sso->getMasterConnection();
} elseif ((int) $arrValue['db_type'] === 1) {
//External Connection. Decrypt the data
$arrValue['db_host'] = $crypt->decrypt($arrValue['db_host']);
$arrValue['db_user'] = $crypt->decrypt($arrValue['db_user']);
$arrValue['db_password'] = $crypt->decrypt($arrValue['db_password']);
$arrValue['db_database'] = $crypt->decrypt($arrValue['db_database']);
$arrValue['db_prefix'] = $crypt->decrypt($arrValue['db_prefix']);
//Check if it's the same connection as ours
if ($arrValue['db_user'] === registry::get_const('dbuser') && $arrValue['db_database'] === registry::get_const('dbname') && $arrValue['db_password'] === registry::get_const('dbpass')) {
$mydb = $this->sso->createConnection(0, $arrValue['db_host'], $arrValue['db_user'], $arrValue['db_password'], $arrValue['db_database'], $arrValue['db_prefix']);
} else {
$mydb = $this->sso->createConnection(1, $arrValue['db_host'], $arrValue['db_user'], $arrValue['db_password'], $arrValue['db_database'], $arrValue['db_prefix']);
}
}
if ($mydb) {
//UserID suchen
$objUserQuery = $mydb->prepare("SELECT * FROM __users WHERE LOWER(username)=?")->execute($strUsername);
if ($objUserQuery) {
$arrUserdata = $objUserQuery->fetchAssoc();
$intUserID = $arrUserdata['user_id'];
if ($intUserID) {
//Session anlegen
$sid = substr(md5(generateRandomBytes(55)) . md5(generateRandomBytes()), 0, 40);
$strSessionKey = $this->user->generate_session_key();
$arrData = array('session_id' => $sid, 'session_user_id' => $intUserID, 'session_last_visit' => $this->time->time, 'session_start' => $this->time->time, 'session_current' => $this->time->time, 'session_ip' => $this->env->ip, 'session_browser' => $this->env->useragent, 'session_page' => $this->env->current_page ? utf8_strtolower($this->env->current_page) : '', 'session_key' => $strSessionKey, 'session_type' => defined('SESSION_TYPE') ? SESSION_TYPE : '');
$mydb->prepare('INSERT INTO __sessions :p')->set($arrData)->execute();
//Cookie Daten auslesen
$objCookieQuery = $mydb->prepare("SELECT * FROM __config")->execute();
if ($objCookieQuery) {
$lookingFor = array('cookie_name', 'cookie_path', 'cookie_domain');
while ($row = $objCookieQuery->fetchAssoc()) {
if (in_array($row['config_name'], $lookingFor)) {
$arrCookieConf[$row['config_name']] = $row['config_value'];
}
}
}
//Cookie Domain
if (!isset($arrCookieConf['cookie_domain'])) {
$strDomain = $arrValue['domain'];
if (!strpos($strDomain, '://')) {
$strDomain = 'http://' . $strDomain;
}
$parsedURL = parse_url($strDomain);
$arrCookieConf['cookie_domain'] = $parsedURL['host'];
}
//Autologin
$arrCookieData['user_id'] = $intUserID;
if ($blnAutologin && $arrUserdata['user_login_key'] != "") {
$arrCookieData['auto_login_id'] = $arrUserdata['user_login_key'];
}
//Set Cookies
setcookie($arrCookieConf['cookie_name'] . '_sid', $sid, 0, $arrCookieConf['cookie_path'], $arrCookieConf['cookie_domain']);
setcookie($arrCookieConf['cookie_name'] . '_data', base64_encode(serialize($arrCookieData)), $this->time->time + 2592000, $arrCookieConf['cookie_path'], $arrCookieConf['cookie_domain']);
}
}
//Verbindung beenden
unset($mydb);
}
}
}
public function get_userid($name)
{
$name = clean_username($name);
if (is_array(search_in_array($name, $this->users, true, 'username_clean'))) {
$array = array_keys(search_in_array($name, $this->users, true, 'username_clean'));
return $array[0];
} else {
return ANONYMOUS;
}
}
