$sql = $db->delete($db_users, "user_id=" . (int) $row['user_id']);
$sql = $db->delete($db_groups_users, "gru_userid='" . $row['user_id'] . "'");
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.register.validate.rejected') as $pl) {
include $pl;
}
/* ===== */
cot_redirect(cot_url('message', 'msg=109', '', true));
}
} elseif ($row['user_maingrp'] == -1) {
$sql = $db->update($db_users, array('user_maingrp' => $row['user_sid']), "user_id='" . $row['user_id'] . "' AND user_lostpass='******'");
cot_redirect(cot_url('message', 'msg=106', '', true));
}
} else {
$env['status'] = '403 Forbidden';
cot_shield_update(7, "Account validation");
cot_log("Wrong validation URL", 'sec');
cot_redirect(cot_url('message', 'msg=157', '', true));
}
}
$mskin = cot_tplfile('users.register', 'module');
/* === Hook === */
foreach (cot_getextplugins('users.register.main') as $pl) {
include $pl;
}
/* ===== */
$out['subtitle'] = $L['aut_registertitle'];
$out['head'] .= $R['code_noindex'];
require_once $cfg['system_dir'] . '/header.php';
$t = new XTemplate($mskin);
require_once cot_incfile('forms');
/**
* Adds a new page to the CMS.
* @param array $rpage Page data
* @param array $auth Permissions array
* @return integer New page ID or FALSE on error
*/
function cot_page_add(&$rpage, $auth = array())
{
global $cache, $cfg, $db, $db_x, $db_pages, $db_structure, $structure, $L;
if (cot_error_found()) {
return false;
}
if (count($auth) == 0) {
$auth = cot_page_auth($rpage['page_cat']);
}
if (!empty($rpage['page_alias'])) {
$page_count = $db->query("SELECT COUNT(*) FROM {$db_pages} WHERE page_alias = ?", $rpage['page_alias'])->fetchColumn();
if ($page_count > 0) {
$rpage['page_alias'] = $rpage['page_alias'] . rand(1000, 9999);
}
}
if ($rpage['page_state'] == 0) {
if ($auth['isadmin'] && $cfg['page']['autovalidate']) {
$db->query("UPDATE {$db_structure} SET structure_count=structure_count+1 WHERE structure_area='page' AND structure_code = ?", $rpage['page_cat']);
$cache && $cache->db->remove('structure', 'system');
} else {
$rpage['page_state'] = 1;
}
}
/* === Hook === */
foreach (cot_getextplugins('page.add.add.query') as $pl) {
include $pl;
}
/* ===== */
if ($db->insert($db_pages, $rpage)) {
$id = $db->lastInsertId();
cot_extrafield_movefiles();
} else {
$id = false;
}
/* === Hook === */
foreach (cot_getextplugins('page.add.add.done') as $pl) {
include $pl;
}
/* ===== */
if ($rpage['page_state'] == 0 && $cache) {
if ($cfg['cache_page']) {
$cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$rpage['page_cat']]['path']));
}
if ($cfg['cache_index']) {
$cache->page->clear('index');
}
}
cot_shield_update(30, "r page");
cot_log("Add page #" . $id, 'adm');
return $id;
}
/**
* Adds a new product to the CMS.
* @param array $ritem product data
* @param array $auth Permissions array
* @return integer New product ID or FALSE on error
*/
function cot_market_add(&$ritem, $auth = array())
{
global $cache, $cfg, $db, $db_market, $db_structure, $structure, $L;
if (cot_error_found()) {
return false;
}
if (count($auth) == 0) {
$auth = cot_market_auth($ritem['item_cat']);
}
if (!$cfg['market']['preview']) {
$ritem['item_state'] = !$cfg['market']['prevalidate'] || $auth['isadmin'] ? 0 : 2;
} else {
$ritem['item_state'] = 1;
}
if (!empty($ritem['item_alias'])) {
$prd_count = $db->query("SELECT COUNT(*) FROM {$db_market} WHERE item_alias = ?", $ritem['item_alias'])->fetchColumn();
if ($prd_count > 0) {
$ritem['item_alias'] = $ritem['item_alias'] . rand(1000, 9999);
}
}
/* === Hook === */
foreach (cot_getextplugins('market.add.add.query') as $pl) {
include $pl;
}
/* ===== */
if ($db->insert($db_market, $ritem)) {
$id = $db->lastInsertId();
cot_extrafield_movefiles();
} else {
$id = false;
}
cot_market_sync($ritem['item_cat']);
/* === Hook === */
foreach (cot_getextplugins('market.add.add.done') as $pl) {
include $pl;
}
/* ===== */
cot_shield_update(30, "r product");
cot_log("Add product #" . $id, 'adm');
return $id;
}
$sql_forums = $db->query("UPDATE {$db_users} SET user_postcount=user_postcount+1 WHERE user_id='" . $usr['id'] . "'");
}
if (!$rtopic['ft_mode']) {
cot_forums_sectionsetlast($s, "fs_postcount+1", "fs_topiccount+1");
}
cot_extrafield_movefiles();
/* === Hook === */
foreach (cot_getextplugins('forums.newtopic.newtopic.done') as $pl) {
include $pl;
}
/* ===== */
if ($cache) {
$cfg['cache_forums'] && $cache->page->clear('forums');
$cfg['cache_index'] && $cache->page->clear('index');
}
cot_shield_update(45, "New topic");
cot_redirect(cot_url('forums', "m=posts&q={$q}&n=last", '#bottom', true));
}
}
$toptitle = cot_breadcrumbs(cot_forums_buildpath($s), $cfg['homebreadcrumb']);
$toptitle .= $usr['isadmin'] ? $R['forums_code_admin_mark'] : '';
$sys['sublocation'] = $structure['forums'][$s]['title'];
$out['subtitle'] = $L['forums_newtopic'];
$out['head'] .= $R['code_noindex'];
/* === Hook === */
foreach (cot_getextplugins('forums.newtopic.main') as $pl) {
include $pl;
}
/* ===== */
require_once cot_incfile('forms');
require_once $cfg['system_dir'] . '/header.php';
cot_send_translated_mail($row['user_lang'], $row['user_email'], htmlspecialchars($row['user_name']));
if ($stats_enabled) {
cot_stat_inc('totalmailpmnot');
}
}
}
}
/* === Hook === */
foreach (cot_getextplugins('pm.send.send.done') as $pl) {
include $pl;
}
/* ===== */
if ($stats_enabled) {
cot_stat_inc('totalpms');
}
cot_shield_update(30, "New private message (" . $totalrecipients . ")");
cot_redirect(cot_url('pm', 'f=sentbox', '', true));
}
}
}
if (!empty($to)) {
$totalrecipients = 0;
if (mb_substr(mb_strtolower($to), 0, 1) == 'g' && $usr['maingrp'] == 5) {
$group = cot_import(mb_substr($to, 1, 8), 'D', 'INT');
if ($group > 1) {
$sql_pm_users = $db->query("SELECT user_id, user_name FROM {$db_users} WHERE user_maingrp = {$group} ORDER BY user_name ASC");
}
} else {
$touser_src = explode('-', $to);
$touser_req = count($touser_src);
foreach ($touser_src as $k => $i) {
if ($rremember) {
cot_setcookie($sys['site_id'], $u, time() + $cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true);
unset($_SESSION[$sys['site_id']]);
} else {
$_SESSION[$sys['site_id']] = $u;
}
/* === Hook === */
foreach (cot_getextplugins('users.auth.check.done') as $pl) {
include $pl;
}
/* ===== */
cot_uriredir_apply($cfg['redirbkonlogin']);
cot_uriredir_redirect(empty($redirect) ? cot_url('index') : base64_decode($redirect));
} else {
$env['status'] = '401 Unauthorized';
cot_shield_update(7, "Log in");
cot_log("Log in failed, user : " . $rusername, 'usr');
/* === Hook === */
foreach (cot_getextplugins('users.auth.check.fail') as $pl) {
include $pl;
}
/* ===== */
cot_redirect(cot_url('message', 'msg=151', '', true));
}
}
/* === Hook === */
foreach (cot_getextplugins('users.auth.main') as $pl) {
include $pl;
}
/* ===== */
$out['subtitle'] = $L['aut_logintitle'];
/**
* Anti-hammer protection
*
* @param int $hammer Hammer rate
* @param string $action Action type
* @param int $lastseen User last seen timestamp
* @return int
*/
function cot_shield_hammer($hammer, $action, $lastseen)
{
global $cfg, $sys;
if ($action == 'Hammering') {
cot_shield_protect();
cot_shield_clearaction();
cot_plugin_active('hits') && cot_stat_inc('totalantihammer');
}
if ($sys['now'] - $lastseen < 4) {
$hammer++;
if ($hammer > $cfg['shieldzhammer']) {
cot_shield_update(180, 'Hammering');
cot_log('IP banned 3 mins, was hammering', 'sec');
$hammer = 0;
}
} else {
if ($hammer > 0) {
$hammer--;
}
}
return $hammer;
}
$sql = $db->query("SELECT * FROM {$db_users} WHERE user_maingrp=5");
$email_title = $L['plu_comlive'];
$email_body = $L['User'] . ' ' . preg_replace('#[^\\w\\p{L}]#u', '', $usr['id'] == 0 ? $rname : $usr['name']) . ' ' . $L['plu_comlive2'];
$email_body .= COT_ABSOLUTE_URL . cot_url($url_area, $url_params, '#c' . $id, true) . "\n\n";
while ($adm = $sql->fetch()) {
cot_mail($adm['user_email'], $email_title, $email_body);
}
$sql->closeCursor();
}
/* == Hook == */
foreach (cot_getextplugins('comments.send.new') as $pl) {
include $pl;
}
/* ===== */
cot_message($L['com_commentadded']);
cot_shield_update(20, 'New comment');
cot_redirect(cot_url($url_area, $url_params, '#c' . $id, true));
}
if ($usr['id'] == 0 && $area == 'page' && $cache) {
if ($cfg['cache_page']) {
$cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$url_params['c']]['path']));
}
}
cot_redirect(cot_url($url_area, $url_params, '#comments', true));
} elseif ($a == 'delete' && $usr['isadmin']) {
cot_check_xg();
$sql = $db->query("SELECT * FROM {$db_com} WHERE com_id={$id} AND com_area='{$area}' LIMIT 1");
if ($row = $sql->fetch()) {
$sql->closeCursor();
$sql = $db->delete($db_com, "com_id={$id}");
foreach ($cot_extrafields[$db_com] as $exfld) {
/**
* Adds new user
*
* @param array $ruser User data array
* @param string $email Email address
* @param string $name User name; defaults to $email if omitted
* @param string $password Password; randomly generated if omitted
* @param string $maingrp Custom main grp
* @param float $sendemail Send email if need activation
* @return int New user ID or false
* @global CotDB $db
*/
function cot_add_user($ruser, $email = null, $name = null, $password = null, $maingrp = null, $sendemail = true)
{
global $cfg, $cot_extrafields, $db, $db_users, $db_groups_users, $db_x, $L, $R, $sys, $uploadfiles, $usr;
$ruser['user_email'] = !empty($email) ? $email : $ruser['user_email'];
$ruser['user_name'] = !empty($name) ? $name : $ruser['user_name'];
$ruser['user_password'] = !empty($password) ? $password : $ruser['user_password'];
empty($ruser['user_password']) && ($ruser['user_password'] = cot_randomstring());
empty($ruser['user_name']) && ($ruser['user_name'] = $ruser['user_email']);
$password = $ruser['user_password'];
$user_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
$email_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
if (!cot_check_email($ruser['user_email']) || $user_exists || !$cfg['useremailduplicate'] && $email_exists) {
return false;
}
$ruser['user_gender'] = in_array($ruser['user_gender'], array('M', 'F')) ? $ruser['user_gender'] : 'U';
$ruser['user_country'] = mb_strlen($ruser['user_country']) < 4 ? $ruser['user_country'] : '';
$ruser['user_timezone'] = !$ruser['user_timezone'] ? 'GMT' : $ruser['user_timezone'];
$ruser['user_maingrp'] = $db->countRows($db_users) == 0 ? 5 : $cfg['users']['regnoactivation'] ? 4 : 2;
$ruser['user_maingrp'] = (int) $maingrp > 0 ? $maingrp : $ruser['user_maingrp'];
$ruser['user_passsalt'] = cot_unique(16);
$ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
$ruser['user_password'] = cot_hash($ruser['user_password'], $ruser['user_passsalt'], $ruser['user_passfunc']);
$ruser['user_birthdate'] = is_null($ruser['user_birthdate']) || $ruser['user_birthdate'] > $sys['now'] ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']);
$ruser['user_lostpass'] = md5(microtime());
cot_shield_update(20, "Registration");
$ruser['user_hideemail'] = 1;
$ruser['user_theme'] = $cfg['defaulttheme'];
$ruser['user_scheme'] = $cfg['defaultscheme'];
$ruser['user_lang'] = empty($ruser['user_lang']) ? $cfg['defaultlang'] : $ruser['user_lang'];
$ruser['user_regdate'] = (int) $sys['now'];
$ruser['user_logcount'] = 0;
$ruser['user_lastip'] = empty($ruser['user_lastip']) ? $usr['ip'] : $ruser['user_lastip'];
$ruser['user_token'] = cot_unique(16);
if (!$db->insert($db_users, $ruser)) {
return;
}
$userid = $db->lastInsertId();
$db->insert($db_groups_users, array('gru_userid' => (int) $userid, 'gru_groupid' => (int) $ruser['user_maingrp']));
cot_extrafield_movefiles();
/* === Hook for the plugins === */
foreach (cot_getextplugins('users.adduser.done') as $pl) {
include $pl;
}
/* ===== */
if ($ruser['user_maingrp'] == 2 && $sendemail) {
if ($cfg['users']['regrequireadmin']) {
$subject = $L['aut_regrequesttitle'];
$body = sprintf($L['aut_regrequest'], $ruser['user_name']);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
$subject = $L['aut_regreqnoticetitle'];
$inactive = $cfg['mainurl'] . '/' . cot_url('users', 'gm=2&s=regdate&w=desc', '', true);
$body = sprintf($L['aut_regreqnotice'], $ruser['user_name'], $inactive);
cot_mail($cfg['adminemail'], $subject, $body);
} else {
$subject = $L['Registration'];
$activate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=1', '', true);
$deactivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=0', '', true);
$body = sprintf($L['aut_emailreg'], $ruser['user_name'], $activate, $deactivate);
$body .= "\n\n" . $L['aut_contactadmin'];
cot_mail($ruser['user_email'], $subject, $body);
}
}
return $userid;
}
$rmsg['fp_updater'] = $row['fp_posterid'] == $usr['id'] && $sys['now'] < $row['fp_updated'] + 300 && empty($row['fp_updater']) ? '' : $usr['name'];
$db->update($db_forum_posts, $rmsg, 'fp_id=' . $row['fp_id']);
$db->update($db_forum_topics, array('ft_updated' => $sys['now']), "ft_id = {$q}");
cot_forums_sectionsetlast($s);
}
cot_extrafield_movefiles();
/* === Hook === */
foreach (cot_getextplugins('forums.posts.newpost.done') as $pl) {
include $pl;
}
/* ===== */
if ($cache) {
$cfg['cache_forums'] && $cache->page->clear('forums');
$cfg['cache_index'] && $cache->page->clear('index');
}
cot_shield_update(30, "New post");
cot_redirect(cot_url('forums', "m=posts&q={$q}&n=last", '#bottom', true));
}
} elseif ($a == 'delete' && $usr['id'] > 0 && !empty($s) && !empty($q) && !empty($p) && ($usr['isadmin'] || $fp_posterid == $usr['id'] && ($cfg['forums']['edittimeout'] == '0' || $sys['now'] - $row['fp_creation'] < $cfg['forums']['edittimeout'] * 3600))) {
cot_check_xg();
/* === Hook === */
foreach (cot_getextplugins('forums.posts.delete.first') as $pl) {
include $pl;
}
/* ===== */
$row = $db->query("SELECT * FROM {$db_forum_posts} WHERE fp_id = ? AND fp_topicid = ? AND fp_cat = ? LIMIT 1", array($p, $q, $s))->fetch();
is_array($row) || cot_die();
// If the post is first in the topic, then delete entire topic or show an error
$first_id = $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = ? LIMIT 1", array($q))->fetchColumn();
if ($p == $first_id) {
if ($usr['isadmin']) {
