function forum_check_password($forum_fid) { $frame_top_target = html_get_top_frame_name(); if (!($db_forum_check_password = db_connect())) { return false; } $webtag = get_webtag($webtag_search); if (!is_numeric($forum_fid)) { return false; } if ($forum_passhash = forum_get_password($forum_fid)) { forum_get_saved_password($password, $passhash, $sesshash); if ($sesshash == $forum_passhash) { return true; } // If we got this far then the password verification failed or // the user hasn't seen the password dialog before. $lang = load_language_file(); html_draw_top(); echo "<h1>{$lang['passwdprotectedforum']}</h1>\n"; if (isset($_COOKIE["bh_{$webtag}_sesshash"]) && strlen(trim(_stripslashes($_COOKIE["bh_{$webtag}_sesshash"]))) > 0) { bh_setcookie("bh_{$webtag}_sesshash", "", time() - YEAR_IN_SECONDS); html_display_error_msg($lang['usernameorpasswdnotvalid'], '550', 'center'); } echo "<br />\n"; echo "<div align=\"center\">\n"; echo " <form method=\"post\" action=\"forum_password.php\" target=\"", html_get_top_frame_name(), "\">\n"; echo " ", form_input_hidden('webtag', _htmlentities($webtag)), "\n"; echo " ", form_input_hidden('final_uri', _htmlentities(get_request_uri())), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n"; if ($password_protected_message = forum_get_setting('password_protected_message', false)) { echo " <tr>\n"; echo " <td align=\"left\">", fix_html($password_protected_message), "</td>\n"; echo " </tr>\n"; } else { echo " <tr>\n"; echo " <td align=\"center\">{$lang['passwdprotectedwarning']}</td>\n"; echo " </tr>\n"; } echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">\n"; echo " <table class=\"box\" width=\"400\">\n"; echo " <tr>\n"; echo " <td class=\"posthead\" align=\"center\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">{$lang['enterpasswd']}</td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " <table class=\"posthead\" width=\"90%\">\n"; echo " <tr>\n"; echo " <td align=\"left\">{$lang['passwd']}:</td>\n"; echo " <td align=\"left\">", form_input_password('forum_password', _htmlentities($password), 40, false, "autocomplete=\"off\""), form_input_hidden("forum_passhash", _htmlentities($passhash)), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\">", form_checkbox('remember_password', 'Y', $lang['rememberpassword'], strlen($password) > 0 && strlen($passhash) > 0), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\" colspan=\"2\"> </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">", form_submit("submit", $lang['logon']), " ", form_submit("cancel", $lang['cancel']), "</td>\n"; echo " </tr>\n"; if (bh_session_check_perm(USER_PERM_ADMIN_TOOLS, 0) || bh_session_check_perm(USER_PERM_FORUM_TOOLS, 0)) { echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">{$lang['adminforumclosedtip']}</td>\n"; echo " </tr>\n"; } echo " </table>\n"; echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); exit; } return true; }
function forum_check_password($forum_fid) { if (!is_numeric($forum_fid)) { return false; } $webtag = get_webtag(); if (!($forum_passhash = forum_get_password($forum_fid))) { return true; } $forum_passhash_check = session::get_value("{$webtag}_PASSWORD"); if (isset($_POST['forum_password']) && strlen($_POST['forum_password']) > 0) { $forum_passhash_check = md5($_POST['forum_password']); } if ($forum_passhash == $forum_passhash_check) { session::set_value("{$webtag}_PASSWORD", $forum_passhash_check); return true; } html_draw_top(sprintf("title=%s", gettext("Password Protected Forum"))); echo "<h1>", gettext("Password Protected Forum"), "</h1>\n"; if (session::get_value("{$webtag}_PASSWORD")) { html_display_error_msg(gettext("The username or password you supplied is not valid."), '550', 'center'); } if ($password_protected_message = forum_get_setting('password_protected_message')) { echo fix_html($password_protected_message); } else { html_display_warning_msg(gettext("This forum is password protected. To gain access enter the password below."), '400', 'center'); } echo "<br />\n"; echo "<div align=\"center\">\n"; echo " <form accept-charset=\"utf-8\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n"; if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) { echo form_input_hidden_array($_POST); } echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"400\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"400\">\n"; echo " <tr>\n"; echo " <td class=\"posthead\" align=\"center\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"subhead\" colspan=\"2\">", gettext("Enter Password"), "</td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " <table class=\"posthead\" width=\"90%\">\n"; echo " <tr>\n"; echo " <td align=\"left\">", gettext("Password"), ":</td>\n"; echo " <td align=\"left\">", form_input_password('forum_password', '', 40, false, ''), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\" colspan=\"2\"> </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\">", form_submit("logon", gettext("Logon")), " ", form_submit("cancel", gettext("Cancel")), "</td>\n"; echo " </tr>\n"; echo " </table>\n"; if (session::check_perm(USER_PERM_ADMIN_TOOLS, 0) || session::check_perm(USER_PERM_FORUM_TOOLS, 0)) { html_display_warning_msg(gettext("If you want to change some settings on your forum click the Admin link in the navigation bar above."), '400', 'center'); } echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); exit; }
echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\" colspan=\"2\">", form_submit("changepermissions", gettext("Change Permissions")), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; } else { if ($forum_settings['access_level'] == FORUM_PASSWD_PROTECTED) { echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; if (!forum_get_password($forum_settings['fid'])) { echo " <tr>\n"; echo " <td align=\"center\" colspan=\"2\">\n"; html_display_warning_msg(gettext("You have not set a forum password. If you do not set a password the password protection functionality will be automatically disabled!"), '95%', 'center'); echo " </td>\n"; echo " </tr>\n"; } echo " <tr>\n"; echo " <td align=\"center\" colspan=\"2\">", form_submit("changepassword", gettext("Change Password")), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; } }