public function index()
{
// if(isset($_SESSION['person_id'])){
// redirect('/');
// }
if ($this->session->userdata('person_id')) {
redirect('/');
}
$this->load->library('form_validation');
$this->load->model('person_model');
$this->form_validation->set_rules('email', 'Email Address', 'required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|min_length[4]');
$data['error'] = '';
if ($this->form_validation->run()) {
$person = $this->person_model->verify_person($this->input->post('email'), $this->input->post('password'));
if ($person) {
if (is_not_banned($person->PERSON_ID)) {
$this->session->set_userdata('person_id', $person->PERSON_ID);
redirect($this->input->get('return'));
} else {
$data['error'] = 'You are banned. Please contact admin.';
}
} else {
$data['error'] = 'E-mail or password is incorrect.';
}
}
$data['return'] = $this->input->get('return');
$data['header'] = $this->load->view('header', $this->header, TRUE);
$data['footer'] = $this->load->view('footer', $this->footer, TRUE);
$this->load->view('auth/index', $data);
}
function DoLogin()
{
global $txt, $scripturl, $user_info, $user_settings, $smcFunc;
global $cookiename, $maintenance, $modSettings, $context, $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($modSettings['integrate_login']) && is_callable($modSettings['integrate_login'])) {
call_user_func(strpos($modSettings['integrate_login'], '::') === false ? $modSettings['integrate_login'] : explode('::', $modSettings['integrate_login']), $user_settings['member_name'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']);
}
// Get ready to set the cookie...
$username = $user_settings['member_name'];
$user_info['id'] = $user_settings['id_member'];
// Bam! Cookie set. A session too, just in case.
setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], sha1($user_settings['passwd'] . $user_settings['password_salt']));
// Reset the login threshold.
if (isset($_SESSION['failed_login'])) {
unset($_SESSION['failed_login']);
}
$user_info['is_guest'] = false;
$user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
$user_info['is_admin'] = $user_settings['id_group'] == 1 || in_array(1, $user_settings['additional_groups']);
// Are you banned?
is_not_banned(true);
// An administrator, set up the login so they don't have to type it again.
if ($user_info['is_admin'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri'])) {
$_SESSION['admin_time'] = time();
unset($_SESSION['just_registered']);
}
// Don't stick the language or theme after this point.
unset($_SESSION['language'], $_SESSION['id_theme']);
// First login?
$request = $smcFunc['db_query']('', '
SELECT last_login
FROM {db_prefix}members
WHERE id_member = {int:id_member}
AND last_login = 0', array('id_member' => $user_info['id']));
if ($smcFunc['db_num_rows']($request) == 1) {
$_SESSION['first_login'] = true;
} else {
unset($_SESSION['first_login']);
}
$smcFunc['db_free_result']($request);
// You've logged in, haven't you?
updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $_SERVER['BAN_CHECK_IP']));
// Get rid of the online entry for that old guest....
$smcFunc['db_query']('', '
DELETE FROM {db_prefix}log_online
WHERE session = {string:session}', array('session' => 'ip' . $user_info['ip']));
$_SESSION['log_time'] = 0;
// Just log you back out if it's in maintenance mode and you AREN'T an admin.
if (empty($maintenance) || allowedTo('admin_forum')) {
redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
} else {
redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
}
}
function smf_main()
{
global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir;
// Special case: session keep-alive, output a transparent pixel.
if (isset($_GET['action']) && $_GET['action'] == 'keepalive') {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
}
// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();
// Load the current board's information.
loadBoard();
// Load the current user's permissions.
loadPermissions();
// Attachments don't require the entire theme to be loaded.
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) {
detectBrowser();
} else {
loadTheme();
}
// Check if the user should be disallowed access.
is_not_banned();
// If we are in a topic and don't have permission to approve it then duck out now.
if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) {
fatal_lang_error('not_a_topic', false);
}
// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) {
// Log this user as online.
writeLog();
// Don't track stats of portal xml actions.
if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'portal' || !isset($_GET['xml'])) {
// Track forum statistics and hits...?
if (!empty($modSettings['hitStats'])) {
trackStats(array('hits' => '+'));
}
}
}
// Load SimplePortal.
sportal_init();
// Is the forum in maintenance mode? (doesn't apply to administrators.)
if (!empty($maintenance) && !allowedTo('admin_forum')) {
// You can only login.... otherwise, you're getting the "maintenance mode" display.
if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) {
require_once $sourcedir . '/LogInOut.php';
return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout';
} else {
require_once $sourcedir . '/Subs-Auth.php';
return 'InMaintenance';
}
} elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) {
require_once $sourcedir . '/Subs-Auth.php';
return 'KickGuest';
} elseif (empty($_REQUEST['action'])) {
// Go catch it boy! Catch it!
$sp_action = sportal_catch_action();
if ($sp_action) {
return $sp_action;
}
// Action and board are both empty... BoardIndex!
if (empty($board) && empty($topic)) {
require_once $sourcedir . '/BoardIndex.php';
return 'BoardIndex';
} elseif (empty($topic)) {
require_once $sourcedir . '/MessageIndex.php';
return 'MessageIndex';
} else {
require_once $sourcedir . '/Display.php';
return 'Display';
}
}
// Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function).
$actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'forum' => array('BoardIndex.php', 'BoardIndex'), 'portal' => array('PortalMain.php', 'sportal_main'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain'));
// Allow modifying $actionArray easily.
call_integration_hook('integrate_actions', array(&$actionArray));
if (!empty($context['disable_sp'])) {
unset($actionArray['portal'], $actionArray['forum']);
}
// Get the function and file to include - if it's not there, do the board index.
if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) {
// Catch the action with the theme?
if (!empty($settings['catch_action'])) {
require_once $sourcedir . '/Themes.php';
return 'WrapAction';
}
// Fall through to the board index then...
require_once $sourcedir . '/BoardIndex.php';
return 'BoardIndex';
}
// Otherwise, it was set - so let's go to that action.
require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0];
return $actionArray[$_REQUEST['action']][1];
}
/**
* The main dispatcher.
* This delegates to each area.
*/
function elk_main()
{
global $modSettings, $user_info, $topic, $board_info, $context;
// Special case: session keep-alive, output a transparent pixel.
if (isset($_GET['action']) && $_GET['action'] == 'keepalive') {
header('Content-Type: image/gif');
die("GIF89a€!ù,D;");
}
// We should set our security headers now.
frameOptionsHeader();
securityOptionsHeader();
// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();
// Load the current board's information.
loadBoard();
// Load the current user's permissions.
loadPermissions();
// Load BadBehavior before we go much further
loadBadBehavior();
// Attachments don't require the entire theme to be loaded.
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) {
detectBrowser();
} else {
loadTheme();
}
// Check if the user should be disallowed access.
is_not_banned();
// If we are in a topic and don't have permission to approve it then duck out now.
if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) {
fatal_lang_error('not_a_topic', false);
}
$no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile');
call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions));
// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions)) {
// I see you!
writeLog();
// Track forum statistics and hits...?
if (!empty($modSettings['hitStats'])) {
trackStats(array('hits' => '+'));
}
}
unset($no_stat_actions);
// What shall we do?
require_once SOURCEDIR . '/SiteDispatcher.class.php';
$dispatcher = new Site_Dispatcher();
// Show where we came from, and go
$context['site_action'] = $dispatcher->site_action();
$context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : '');
$dispatcher->dispatch();
}
$context['linktree'] = array();
// Load the user and their cookie, as well as their settings.
loadUserSettings();
// Load the current user's permissions....
loadPermissions();
// Load BadBehavior functions
loadBadBehavior();
// Load the current or SSI theme. (just use $ssi_theme = id_theme;)
loadTheme(isset($ssi_theme) ? (int) $ssi_theme : 0);
// @todo: probably not the best place, but somewhere it should be set...
if (!headers_sent()) {
header('Content-Type: text/html; charset=UTF-8');
}
// Take care of any banning that needs to be done.
if (isset($_REQUEST['ssi_ban']) || isset($ssi_ban) && $ssi_ban === true) {
is_not_banned();
}
// Do we allow guests in here?
if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php') {
require_once CONTROLLERDIR . '/Auth.controller.php';
$controller = new Auth_Controller();
$controller->action_kickguest();
obExit(null, true);
}
// Load the stuff like the menu bar, etc.
if (isset($ssi_layers)) {
$template_layers = Template_Layers::getInstance();
$template_layers->removeAll();
foreach ($ssi_layers as $layer) {
$template_layers->addBegin($layer);
}
/**
* Initialises key values for SimpleDesk.
*
* This function initialises certain key constructs for SimpleDesk, such as constants, that are used throughout
* SimpleDesk. It should be called first right up in Load.php anyway.
*
* Calling multiple times is not significantly detrimental to performance; the function is aware if it has been
* called previously.
*
* @since 2.0
*/
function shd_init()
{
global $modSettings, $sourcedir, $user_info, $context, $smcFunc;
static $called = null;
if (!empty($called)) {
return;
}
$called = true;
$context['shd_home'] = 'action=helpdesk;sa=main';
// What SD version are we on? It's now here!
define('SHD_VERSION', 'SimpleDesk 2.0 Anatidae');
// This isn't the SMF way. But for something like this, it's way way more logical and readable.
define('TICKET_STATUS_NEW', 0);
define('TICKET_STATUS_PENDING_STAFF', 1);
define('TICKET_STATUS_PENDING_USER', 2);
define('TICKET_STATUS_CLOSED', 3);
define('TICKET_STATUS_WITH_SUPERVISOR', 4);
define('TICKET_STATUS_ESCALATED', 5);
define('TICKET_STATUS_DELETED', 6);
define('TICKET_URGENCY_LOW', 0);
define('TICKET_URGENCY_MEDIUM', 1);
define('TICKET_URGENCY_HIGH', 2);
define('TICKET_URGENCY_VHIGH', 3);
define('TICKET_URGENCY_SEVERE', 4);
define('TICKET_URGENCY_CRITICAL', 5);
define('MSG_STATUS_NORMAL', 0);
define('MSG_STATUS_DELETED', 1);
// Relationship types
define('RELATIONSHIP_LINKED', 0);
define('RELATIONSHIP_DUPLICATED', 1);
define('RELATIONSHIP_ISPARENT', 2);
define('RELATIONSHIP_ISCHILD', 3);
// Custom fields, their types, positions, content type
define('CFIELD_TICKET', 1);
define('CFIELD_REPLY', 2);
define('CFIELD_PLACE_DETAILS', 1);
define('CFIELD_PLACE_INFO', 2);
define('CFIELD_PLACE_PREFIX', 3);
define('CFIELD_PLACE_PREFIXFILTER', 4);
define('CFIELD_TYPE_TEXT', 1);
define('CFIELD_TYPE_LARGETEXT', 2);
define('CFIELD_TYPE_INT', 3);
define('CFIELD_TYPE_FLOAT', 4);
define('CFIELD_TYPE_SELECT', 5);
define('CFIELD_TYPE_CHECKBOX', 6);
define('CFIELD_TYPE_RADIO', 7);
define('CFIELD_TYPE_MULTI', 8);
// Ticket notification options
define('NOTIFY_PREFS', 0);
define('NOTIFY_ALWAYS', 1);
define('NOTIFY_NEVER', 2);
// Roles and permissions
define('ROLE_USER', 1);
define('ROLE_STAFF', 2);
//define('ROLE_SUPERVISOR', 3);
define('ROLE_ADMIN', 4);
define('ROLEPERM_DISALLOW', 0);
define('ROLEPERM_ALLOW', 1);
define('ROLEPERM_DENY', 2);
// How many digits should we show for ticket numbers? Normally we pad to 5 digits, e.g. 00001 - this is how we set that width.
if (empty($modSettings['shd_zerofill']) || $modSettings['shd_zerofill'] < 0) {
$modSettings['shd_zerofill'] = 0;
}
// Load some stuff
shd_load_language('sd_language/SimpleDesk');
require_once $sourcedir . '/sd_source/Subs-SimpleDeskPermissions.php';
// Set up defaults
$defaults = array('shd_attachments_mode' => 'ticket', 'shd_ticketnav_style' => 'sd', 'shd_staff_badge' => 'nobadge', 'shd_privacy_display' => 'smart');
foreach ($defaults as $var => $val) {
if (empty($modSettings[$var])) {
$modSettings[$var] = $val;
}
}
$modSettings['helpdesk_active'] = isset($modSettings['admin_features']) ? in_array('shd', explode(',', $modSettings['admin_features'])) : false;
if ($modSettings['helpdesk_active']) {
shd_load_plugin_files('init');
shd_load_plugin_langfiles('init');
}
shd_load_user_perms();
if (!empty($modSettings['shd_maintenance_mode'])) {
if (!empty($modSettings['shd_helpdesk_only']) && !$user_info['is_admin'] && !shd_allowed_to('admin_helpdesk', 0)) {
// You can only login.... otherwise, you're getting the "maintenance mode" display. Except we have to boot up a decent amount of SMF.
if (empty($_REQUEST['action']) || $_REQUEST['action'] != 'login2' && $_REQUEST['action'] != 'logout') {
$_GET['action'] = '';
$_REQUEST['action'] = '';
$context['shd_maintenance_mode'] = true;
loadBoard();
loadPermissions();
loadTheme();
is_not_banned();
require_once $sourcedir . '/Subs-Auth.php';
InMaintenance();
obExit(null, null, false);
}
} else {
$modSettings['helpdesk_active'] &= $user_info['is_admin'] || shd_allowed_to('admin_helpdesk', 0);
}
}
// Last minute stuff
if ($modSettings['helpdesk_active']) {
// Are they actually going into the helpdesk? If they are, do we need to deal with their theme?
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'helpdesk') {
// First figure out what department they're in.
$this_dept = 0;
$depts = shd_allowed_to('access_helpdesk', false);
// Do they only have one dept? If so, that's the one.
if (count($depts) == 1) {
$this_dept = $depts[0];
} elseif (isset($_REQUEST['dept'])) {
$_REQUEST['dept'] = (int) $_REQUEST['dept'];
if (in_array($_REQUEST['dept'], $depts)) {
$this_dept = $_REQUEST['dept'];
}
} elseif (isset($_REQUEST['newdept'])) {
$_REQUEST['newdept'] = (int) $_REQUEST['newdept'];
if (in_array($_REQUEST['newdept'], $depts)) {
$this_dept = $_REQUEST['newdept'];
}
} elseif (isset($_REQUEST['ticket'])) {
$ticket = (int) $_REQUEST['ticket'];
if (!empty($ticket)) {
$query = shd_db_query('', '
SELECT hdt.id_dept, dept_name, dept_theme
FROM {db_prefix}helpdesk_tickets AS hdt
INNER JOIN {db_prefix}helpdesk_depts AS hdd ON (hdt.id_dept = hdd.id_dept)
WHERE id_ticket = {int:ticket}
AND {query_see_ticket}', array('ticket' => $ticket));
if ($row = $smcFunc['db_fetch_row']($query)) {
if (in_array($row[0], $depts)) {
list($this_dept, $context['shd_dept_name'], $theme) = $row;
}
}
$smcFunc['db_free_result']($query);
}
}
if (!empty($this_dept) && !isset($theme)) {
$context['queried_dept'] = $this_dept;
$query = $smcFunc['db_query']('', '
SELECT dept_theme
FROM {db_prefix}helpdesk_depts
WHERE id_dept = {int:dept}', array('dept' => $this_dept));
if ($row = $smcFunc['db_fetch_row']($query)) {
$theme = $row[0];
}
$smcFunc['db_free_result']($query);
}
// If for whatever reason we didn't establish a theme, see if there's a forum default one.
if (empty($theme) && !empty($modSettings['shd_theme'])) {
$theme = $modSettings['shd_theme'];
}
// Action.
if (!empty($theme)) {
// This is ever so slightly hacky. But as this function is called sufficiently early we can get away with it.
unset($_REQUEST['theme'], $modSettings['theme_allow']);
$modSettings['theme_guests'] = $theme;
}
}
}
$context['shd_plugins'] = empty($modSettings['shd_enabled_plugins']) || empty($modSettings['helpdesk_active']) ? array() : explode(',', $modSettings['shd_enabled_plugins']);
call_integration_hook('shd_hook_init');
}
/**
* This function performs the logging in.
*
* What it does:
* - It sets the cookie, it call hooks, updates runtime settings for the user.
*
* @package Authorization
*/
function doLogin()
{
global $user_info, $user_settings, $maintenance, $modSettings, $context;
// Load authentication stuffs.
require_once SUBSDIR . '/Auth.subs.php';
// Call login integration functions.
call_integration_hook('integrate_login', array($user_settings['member_name'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 64 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime']));
// Get ready to set the cookie...
$user_info['id'] = $user_settings['id_member'];
// Bam! Cookie set. A session too, just in case.
setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['id_member'], hash('sha256', $user_settings['passwd'] . $user_settings['password_salt']));
// Reset the login threshold.
if (isset($_SESSION['failed_login'])) {
unset($_SESSION['failed_login']);
}
$user_info['is_guest'] = false;
$user_settings['additional_groups'] = explode(',', $user_settings['additional_groups']);
$user_info['is_admin'] = $user_settings['id_group'] == 1 || in_array(1, $user_settings['additional_groups']);
// Are you banned?
is_not_banned(true);
// An administrator, set up the login so they don't have to type it again.
if ($user_info['is_admin'] && isset($user_settings['openid_uri']) && empty($user_settings['openid_uri'])) {
// Let's validate if they really want..
if (!empty($modSettings['auto_admin_session']) && $modSettings['auto_admin_session'] == 1) {
$_SESSION['admin_time'] = time();
}
unset($_SESSION['just_registered']);
}
// Don't stick the language or theme after this point.
unset($_SESSION['language'], $_SESSION['id_theme']);
// We want to know if this is first login
if (isFirstLogin($user_info['id'])) {
$_SESSION['first_login'] = true;
} else {
unset($_SESSION['first_login']);
}
// You're one of us: need to know all about you now, IP, stuff.
$req = request();
// You've logged in, haven't you?
updateMemberData($user_info['id'], array('last_login' => time(), 'member_ip' => $user_info['ip'], 'member_ip2' => $req->ban_ip()));
// Get rid of the online entry for that old guest....
deleteOnline('ip' . $user_info['ip']);
$_SESSION['log_time'] = 0;
// Log this entry, only if we have it enabled.
if (!empty($modSettings['loginHistoryDays'])) {
logLoginHistory($user_info['id'], $user_info['ip'], $user_info['ip2']);
}
// Just log you back out if it's in maintenance mode and you AREN'T an admin.
if (empty($maintenance) || allowedTo('admin_forum')) {
redirectexit('action=auth;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']);
} else {
redirectexit('action=logout;' . $context['session_var'] . '=' . $context['session_id'], $context['server']['needs_login_fix']);
}
}
function Login2()
{
global $txt, $db_prefix, $scripturl, $user_info, $user_settings;
global $cookiename, $maintenance, $ID_MEMBER, $modSettings, $context, $sc;
global $sourcedir;
// Load cookie authentication stuff.
require_once $sourcedir . '/Subs-Auth.php';
if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) {
if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) {
list(, , $timeout) = @unserialize($_COOKIE[$cookiename]);
} elseif (isset($_SESSION['login_' . $cookiename])) {
list(, , $timeout) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
} else {
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);
}
$user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($ID_MEMBER, array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\''));
setLoginCookie($timeout - time(), $ID_MEMBER, sha1($user_settings['passwd'] . $user_settings['passwordSalt']));
redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']);
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') {
// Strike! You're outta there!
if ($_GET['member'] != $ID_MEMBER) {
fatal_lang_error('login_cookie_error', false);
}
// Some whitelisting for login_url...
if (empty($_SESSION['login_url'])) {
redirectexit();
} else {
// Best not to clutter the session data too much...
$temp = $_SESSION['login_url'];
unset($_SESSION['login_url']);
redirectexit($temp);
}
}
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Set the login_url if it's not already set.
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Are you guessing with a script that doesn't keep the session id?
spamProtection('login');
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
// Set things up in case an error occurs.
if (!empty($maintenance) || empty($modSettings['allow_guestAccess'])) {
$context['sub_template'] = 'kick_guest';
}
loadLanguage('Login');
// Load the template stuff - wireless or normal.
if (WIRELESS) {
$context['sub_template'] = WIRELESS_PROTOCOL . '_login';
} else {
loadTemplate('Login');
$context['sub_template'] = 'login';
}
// Set up the default/fallback stuff.
$context['default_username'] = isset($_REQUEST['user']) ? htmlspecialchars(stripslashes($_REQUEST['user'])) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_error'] =& $txt[106];
$context['page_title'] = $txt[34];
// You forgot to type your username, dummy!
if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') {
$context['login_error'] =& $txt[37];
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_REQUEST['passwrd']) || $_REQUEST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) {
$context['login_error'] =& $txt[38];
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', $_REQUEST['user']) != 0) {
$context['login_error'] =& $txt[240];
return;
}
// Are we using any sort of integration to validate the login?
if (isset($modSettings['integrate_validate_login']) && function_exists($modSettings['integrate_validate_login'])) {
if (call_user_func($modSettings['integrate_validate_login'], $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') {
$context['login_error'] = $txt['login_hash_error'];
$context['disable_login_hashing'] = true;
return;
}
}
// Load the data up!
$request = db_query("\n\t\tSELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt\n\t\tFROM {$db_prefix}members\n\t\tWHERE memberName = '{$_REQUEST['user']}'\n\t\tLIMIT 1", __FILE__, __LINE__);
// Probably mistyped or their email, try it as an email address. (memberName first, though!)
if (mysql_num_rows($request) == 0) {
mysql_free_result($request);
$request = db_query("\n\t\t\tSELECT passwd, ID_MEMBER, ID_GROUP, lngfile, is_activated, emailAddress, additionalGroups, memberName, passwordSalt\n\t\t\tFROM {$db_prefix}members\n\t\t\tWHERE emailAddress = '{$_REQUEST['user']}'\n\t\t\tLIMIT 1", __FILE__, __LINE__);
// Let them try again, it didn't match anything...
if (mysql_num_rows($request) == 0) {
$context['login_error'] =& $txt[40];
return;
}
}
$user_settings = mysql_fetch_assoc($request);
mysql_free_result($request);
// What is the true activation status of this account?
$activation_status = $user_settings['is_activated'] > 10 ? $user_settings['is_activated'] - 10 : $user_settings['is_activated'];
// Check if the account is activated - COPPA first...
if ($activation_status == 5) {
$context['login_error'] = $txt['coppa_not_completed1'] . ' <a href="' . $scripturl . '?action=coppa;member=' . $user_settings['ID_MEMBER'] . '">' . $txt['coppa_not_completed2'] . '</a>';
return;
} elseif ($activation_status == 3) {
fatal_lang_error('still_awaiting_approval');
} elseif ($activation_status == 4) {
// Display an error if we haven't decided to undelete.
if (!isset($_REQUEST['undelete'])) {
$context['login_error'] = $txt['awaiting_delete_account'];
$context['login_show_undelete'] = true;
return;
} else {
updateMemberData($user_settings['ID_MEMBER'], array('is_activated' => 1));
updateSettings(array('unapprovedMembers' => $modSettings['unapprovedMembers'] > 0 ? $modSettings['unapprovedMembers'] - 1 : 0));
}
} elseif ($activation_status != 1) {
log_error($txt['activate_not_completed1'] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>', false);
$context['login_error'] = $txt['activate_not_completed1'] . ' <a href="' . $scripturl . '?action=activate;sa=resend;u=' . $user_settings['ID_MEMBER'] . '">' . $txt['activate_not_completed2'] . '</a>';
return;
}
// Figure out the password using SMF's encryption - if what they typed is right.
if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40) {
// Needs upgrading?
if (strlen($user_settings['passwd']) != 40) {
$context['login_error'] = $txt['login_hash_error'];
$context['disable_login_hashing'] = true;
return;
} elseif ($_REQUEST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) {
$sha_passwd = $user_settings['passwd'];
} else {
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt[39] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>');
$context['disable_login_hashing'] = true;
$context['login_error'] = $txt[39];
return;
}
}
} else {
$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));
}
// Bad password! Thought you could fool the database?!
if ($user_settings['passwd'] != $sha_passwd) {
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = array();
// None of the below cases will be used most of the time (because the salt is normally set.)
if ($user_settings['passwordSalt'] == '') {
// YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all.
$other_passwords[] = crypt($_REQUEST['passwrd'], substr($_REQUEST['passwrd'], 0, 2));
$other_passwords[] = crypt($_REQUEST['passwrd'], substr($user_settings['passwd'], 0, 2));
$other_passwords[] = md5($_REQUEST['passwrd']);
$other_passwords[] = sha1($_REQUEST['passwrd']);
$other_passwords[] = md5_hmac($_REQUEST['passwrd'], strtolower($user_settings['memberName']));
$other_passwords[] = md5($_REQUEST['passwrd'] . strtolower($user_settings['memberName']));
$other_passwords[] = $_REQUEST['passwrd'];
// This one is a strange one... MyPHP, crypt() on the MD5 hash.
$other_passwords[] = crypt(md5($_REQUEST['passwrd']), md5($_REQUEST['passwrd']));
// Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway.
if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) {
$other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_REQUEST['passwrd']));
}
} elseif (strlen($user_settings['passwd']) == 32) {
// vBulletin 3 style hashing? Let's welcome them with open arms \o/.
$other_passwords[] = md5(md5($_REQUEST['passwrd']) . $user_settings['passwordSalt']);
// Hmm.. p'raps it's Invision 2 style?
$other_passwords[] = md5(md5($user_settings['passwordSalt']) . md5($_REQUEST['passwrd']));
}
// Maybe they are using a hash from before the password fix.
$other_passwords[] = sha1(strtolower($user_settings['memberName']) . addslashes(un_htmlspecialchars(stripslashes($_REQUEST['passwrd']))));
// SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid!
require_once $sourcedir . '/Subs-Compat.php';
$other_passwords[] = sha1_smf(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));
// Whichever encryption it was using, let's make it use SMF's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = $sha_passwd;
$user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4);
// Update the password and set up the hash.
updateMemberData($user_settings['ID_MEMBER'], array('passwd' => '\'' . $user_settings['passwd'] . '\'', 'passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\''));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt[39] . ' - <span class="remove">' . $user_settings['memberName'] . '</span>');
$context['login_error'] = $txt[39];
return;
}
}
} elseif ($user_settings['passwordSalt'] == '') {
$user_settings['passwordSalt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['ID_MEMBER'], array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\''));
}
if (isset($modSettings['integrate_login']) && function_exists($modSettings['integrate_login'])) {
$modSettings['integrate_login']($user_settings['memberName'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']);
}
// Get ready to set the cookie...
$username = $user_settings['memberName'];
$ID_MEMBER = $user_settings['ID_MEMBER'];
// Bam! Cookie set. A session too, just incase.
setLoginCookie(60 * $modSettings['cookieTime'], $user_settings['ID_MEMBER'], sha1($user_settings['passwd'] . $user_settings['passwordSalt']));
// Reset the login threshold.
if (isset($_SESSION['failed_login'])) {
unset($_SESSION['failed_login']);
}
$user_info['is_guest'] = false;
$user_settings['additionalGroups'] = explode(',', $user_settings['additionalGroups']);
$user_info['is_admin'] = $user_settings['ID_GROUP'] == 1 || in_array(1, $user_settings['additionalGroups']);
// Are you banned?
is_not_banned(true);
// An administrator, set up the login so they don't have to type it again.
if ($user_info['is_admin']) {
$_SESSION['admin_time'] = time();
unset($_SESSION['just_registered']);
}
// Don't stick the language or theme after this point.
unset($_SESSION['language']);
unset($_SESSION['ID_THEME']);
// You've logged in, haven't you?
updateMemberData($ID_MEMBER, array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\''));
// Get rid of the online entry for that old guest....
db_query("\n\t\tDELETE FROM {$db_prefix}log_online\n\t\tWHERE session = 'ip{$user_info['ip']}'\n\t\tLIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;
// Just log you back out if it's in maintenance mode and you AREN'T an admin.
if (empty($maintenance) || allowedTo('admin_forum')) {
redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']);
} else {
redirectexit('action=logout;sesc=' . $sc, $context['server']['needs_login_fix']);
}
}
function smf_main()
{
global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir, $request_name, $txt, $user_settings, $mobiquo_config, $topic_per_page, $limit_num;
// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();
// Load the current board's information.
loadBoard();
// Load the current user's permissions.
loadPermissions();
// Attachments don't require the entire theme to be loaded.
loadTheme();
header('Mobiquo_is_login:'******'context']['user']['is_logged'] ? 'true' : 'false'));
// Check if the user should be disallowed access.
if (!in_array($request_name, array('get_config', 'login'))) {
is_not_banned();
}
// If we are in a topic and don't have permission to approve it then duck out now.
if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) {
//fatal_lang_error('not_a_topic', false);
get_error('The topic is not approved');
}
// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'findmember', 'jseditor', 'jsoption', 'requestmembers', 'smstats', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile'))) {
// Log this user as online.
writeLog();
// Track forum statistics and hits...?
if (!empty($modSettings['hitStats'])) {
trackStats(array('hits' => '+'));
}
}
// Is the forum in maintenance mode? (doesn't apply to administrators.)
if (!empty($maintenance) && !allowedTo('admin_forum')) {
if ($request_name != 'get_config' && $request_name != 'login') {
get_error($txt['maintain_mode_on']);
}
} elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('push_content_check', 'user_subscription', 'set_api_key', 'reset_push_slug', 'prefetch_account', 'update_password', 'forget_password', 'sign_in', 'coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'smstats', 'mailq', 'verificationcode', 'openidreturn')))) {
if ($request_name != 'get_config' && $request_name != 'prefetch_account') {
loadLanguage('Login');
get_error($txt['only_members_can_access']);
//require_once($sourcedir . '/Subs-Auth.php');
//return 'KickGuest';
}
}
//-------------transform input data to local character set if needed
utf8_to_local();
//-------------change some setting for tapatalk display
$settings['message_index_preview'] = 1;
$modSettings['todayMod_bak'] = $modSettings['todayMod'];
$modSettings['todayMod'] = 0;
$user_settings['pm_prefs'] = 0;
$user_info['user_time_format'] = $user_info['time_format'];
$user_info['time_format'] = '%Y%m%dT%H:%M:%S+00:00';
$modSettings['disableCustomPerPage'] = 1;
$modSettings['disableCheckUA'] = 1;
$modSettings['defaultMaxMessages'] = isset($limit_num) ? $limit_num : 20;
$modSettings['defaultMaxMembers'] = 100;
$modSettings['search_results_per_page'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20;
$modSettings['defaultMaxTopics'] = isset($topic_per_page) && $topic_per_page > 0 ? $topic_per_page : 20;
$modSettings['disable_pm_verification'] = $mobiquo_config['disable_pm_verification'];
//-------------do something before action--------------
if (function_exists('before_action_' . $request_name)) {
call_user_func('before_action_' . $request_name);
}
if (empty($_REQUEST['action']) && !empty($board)) {
if (empty($topic)) {
require_once 'include/MessageIndex.php';
return 'MessageIndex';
} else {
require_once 'include/Display.php';
return 'Display';
}
}
// Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function).
$actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'AdminMain'), 'announce' => array('Post.php', 'AnnounceTopic'), 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'clock' => array('Calendar.php', 'clock'), 'collapse' => array('BoardIndex.php', 'CollapseCategory'), 'coppa' => array('Register.php', 'CoppaForm'), 'credits' => array('Who.php', 'Credits'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'emailuser' => array('SendTopic.php', 'EmailUser'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'groups' => array('Groups.php', 'Groups'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jseditor' => array('Subs-Editor.php', 'EditorMain'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockvoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'moderate' => array('ModerationCenter.php', 'ModerationMain'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('MessageIndex.php', 'QuickModeration'), 'quickmod2' => array('Display.php', 'QuickInTopicModeration'), 'recent' => array('Recent.php', 'RecentPosts'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'EmailUser'), 'smstats' => array('Stats.php', 'SMStats'), 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile-View.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'), 'xmlhttp' => array('Xml.php', 'XMLhttpMain'));
// Allow modifying $actionArray easily.
call_integration_hook('integrate_actions', array(&$actionArray));
//error_log($request_name.'-'.$_REQUEST['action']); //for debugging
// Get the function and file to include - if it's not there, do the board index.
if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) {
if (function_exists('action_' . $request_name)) {
return 'action_' . $request_name;
} else {
get_error('Invalid action');
}
}
$local_action = array('login2', 'post', 'post2', 'who', 'profile', 'notify', 'notifyboard', 'markasread', 'unread', 'search2', 'pm', 'logout');
// Otherwise, it was set - so let's go to that action.
if (in_array($_REQUEST['action'], $local_action)) {
if (file_exists(TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0])) {
require_once TT_ROOT . 'include/' . $actionArray[$_REQUEST['action']][0];
} else {
if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) {
require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0];
}
}
} else {
if (file_exists($sourcedir . '/' . $actionArray[$_REQUEST['action']][0])) {
require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0];
}
}
return $actionArray[$_REQUEST['action']][1];
}
function method_sign_in()
{
global $db_prefix, $context, $user_profile, $modSettings, $register, $sourcedir, $user_info, $boardurl, $txt;
require_once $sourcedir . '/Register.php';
require_once $sourcedir . '/Subs-Members.php';
require_once $sourcedir . '/Subs-Auth.php';
$token = $context['mob_request']['params'][0][0];
$code = $context['mob_request']['params'][1][0];
$email = isset($context['mob_request']['params'][2][0]) ? base64_decode($context['mob_request']['params'][2][0]) : '';
$username = isset($context['mob_request']['params'][3][0]) ? base64_decode($context['mob_request']['params'][3][0]) : '';
$password = isset($context['mob_request']['params'][4][0]) ? base64_decode($context['mob_request']['params'][4][0]) : '';
// verify tapatalk token and code first
$ttid = TapatalkSsoVerification($token, $code);
if (empty($ttid)) {
get_error('Tapatalk authorization verify failed, please login with your username and password.');
}
$tapatalk_id_email = $ttid->email;
$result_status = true;
$register = false;
$result_text = '';
if (!$ttid->result || empty($tapatalk_id_email)) {
get_error($ttid->result_text ? $ttid->result_text : 'Tapatalk authorization verify failed, please login with your username and password');
}
// sign in with email or register an account
$login_id = emailExists($tapatalk_id_email);
if (empty($login_id)) {
if (empty($username)) {
get_error('Invalid Parameters', 2);
} else {
if (isReservedName($username, 0, true, false)) {
get_error($txt[473], 1);
} else {
if (empty($password)) {
$password = tt_generatePassword();
}
$_POST['user'] = $username;
$_POST['email'] = $tapatalk_id_email;
$_POST['passwrd1'] = $password;
$_POST['passwrd2'] = $password;
$_POST['regagree'] = 'on';
$_POST['regSubmit'] = 'Register';
$_POST['skip_coppa'] = 1;
$_SESSION['old_url'] = $boardurl;
$modSettings['disable_visual_verification'] = 1;
$modSettings['recaptcha_enabled'] = 0;
$modSettings['recaptcha_enable'] = 0;
$modSettings['captchaenable'] = 0;
// compatibility with old CAPTCHA Mod
$modSettings['anti_spam_ver_enable'] = false;
if ($modSettings['registration_method'] == 1) {
$modSettings['registration_method'] = 0;
}
$login_id = Register2();
$register = true;
$result_status = $modSettings['registration_method'] == 2 ? false : true;
$result_text = $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : '';
if (empty($login_id)) {
get_error('Register failed');
}
}
}
}
// do login
if ($login_id) {
$request = db_query("\n SELECT passwd, ID_MEMBER AS id_member, is_activated, ID_GROUP AS id_group, emailAddress AS email_address, additionalGroups AS additional_groups, memberName AS member_name,\n passwordSalt AS password_salt, ID_POST_GROUP\n FROM {$db_prefix}members\n WHERE ID_MEMBER = '{$login_id}'\n ", __FILE__, __LINE__);
$user = mysql_fetch_assoc($request);
if ($user['is_activated'] == 3 && !$register) {
fatal_lang_error('still_awaiting_approval');
}
// Set the login cookie
setLoginCookie(60 * $modSettings['cookieTime'], $login_id, sha1($user['passwd'] . $user['password_salt']));
loadMemberData($user['id_member'], false, 'profile');
$user_info = $user_profile[$user['id_member']];
$user_info['is_guest'] = false;
$user_info['is_admin'] = $user['id_group'] == 1 || in_array(1, explode(',', $user['additional_groups']));
$user_info['id'] = $user['id_member'];
if (empty($user_info['additionalGroups'])) {
$user_info['groups'] = array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']);
} else {
$user_info['groups'] = array_merge(array($user_info['ID_GROUP'], $user_info['ID_POST_GROUP']), explode(',', $user_info['additionalGroups']));
}
$user_info['groups'] = array_unique(array_map('intval', $user_info['groups']));
// Banned?
is_not_banned(true);
// Don't stick the language or theme after this point.
unset($_SESSION['language']);
unset($_SESSION['ID_THEME']);
// You've logged in, haven't you?
updateMemberData($user_info['id'], array('lastLogin' => time(), 'memberIP' => '\'' . $user_info['ip'] . '\'', 'memberIP2' => '\'' . $_SERVER['BAN_CHECK_IP'] . '\''));
// Get rid of the online entry for that old guest....
db_query("\n DELETE FROM {$db_prefix}log_online\n WHERE session = 'ip{$user_info['ip']}'\n LIMIT 1", __FILE__, __LINE__);
$_SESSION['log_time'] = 0;
loadPermissions();
update_push();
// We got this far? return a positive response....
outputRPCLogin($result_status, $result_text);
} else {
get_error('Sign In Failed');
}
}
function smf_main()
{
global $modSettings, $settings, $user_info, $board, $topic, $maintenance, $sourcedir;
// Special case: session keep-alive.
if (isset($_GET['action']) && $_GET['action'] == 'keepalive') {
die;
}
// Load the user's cookie (or set as guest) and load their settings.
loadUserSettings();
// Load the current board's information.
loadBoard();
// Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.)
loadTheme();
// Check if the user should be disallowed access.
is_not_banned();
// Load the current user's permissions.
loadPermissions();
// Do some logging, unless this is an attachment, avatar, theme option or XML feed.
if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], array('dlattach', 'jsoption', '.xml'))) {
// Log this user as online.
writeLog();
// Track forum statistics and hits...?
if (!empty($modSettings['hitStats'])) {
trackStats(array('hits' => '+'));
}
}
// Is the forum in maintenance mode? (doesn't apply to administrators.)
if (!empty($maintenance) && !allowedTo('admin_forum')) {
// You can only login.... otherwise, you're getting the "maintenance mode" display.
if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout')) {
require_once $sourcedir . '/LogInOut.php';
return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout';
} else {
require_once $sourcedir . '/Subs-Auth.php';
return 'InMaintenance';
}
} elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'smstats', 'help', 'verificationcode')))) {
require_once $sourcedir . '/Subs-Auth.php';
return 'KickGuest';
} elseif (empty($_REQUEST['action'])) {
// Action and board are both empty... BoardIndex!
if (empty($board) && empty($topic)) {
require_once $sourcedir . '/BoardIndex.php';
return 'BoardIndex';
} elseif (empty($topic)) {
require_once $sourcedir . '/MessageIndex.php';
return 'MessageIndex';
} else {
require_once $sourcedir . '/Display.php';
return 'Display';
}
}
// Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function).
$actionArray = array('activate' => array('Register.php', 'Activate'), 'admin' => array('Admin.php', 'Admin'), 'announce' => array('Post.php', 'AnnounceTopic'), 'ban' => array('ManageBans.php', 'Ban'), 'boardrecount' => array('Admin.php', 'AdminBoardRecount'), 'buddy' => array('Subs-Members.php', 'BuddyListToggle'), 'calendar' => array('Calendar.php', 'CalendarMain'), 'cleanperms' => array('Admin.php', 'CleanupPermissions'), 'collapse' => array('Subs-Boards.php', 'CollapseCategory'), 'convertentities' => array('Admin.php', 'ConvertEntities'), 'convertutf8' => array('Admin.php', 'ConvertUtf8'), 'coppa' => array('Register.php', 'CoppaForm'), 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'), 'detailedversion' => array('Admin.php', 'VersionDetail'), 'display' => array('Display.php', 'Display'), 'dlattach' => array('Display.php', 'Download'), 'dumpdb' => array('DumpDatabase.php', 'DumpDatabase2'), 'editpoll' => array('Poll.php', 'EditPoll'), 'editpoll2' => array('Poll.php', 'EditPoll2'), 'featuresettings' => array('ModSettings.php', 'ModifyFeatureSettings'), 'featuresettings2' => array('ModSettings.php', 'ModifyFeatureSettings2'), 'findmember' => array('Subs-Auth.php', 'JSMembers'), 'help' => array('Help.php', 'ShowHelp'), 'helpadmin' => array('Help.php', 'ShowAdminHelp'), 'im' => array('PersonalMessage.php', 'MessageMain'), 'jsoption' => array('Themes.php', 'SetJavaScript'), 'jsmodify' => array('Post.php', 'JavaScriptModify'), 'lock' => array('LockTopic.php', 'LockTopic'), 'lockVoting' => array('Poll.php', 'LockVoting'), 'login' => array('LogInOut.php', 'Login'), 'login2' => array('LogInOut.php', 'Login2'), 'logout' => array('LogInOut.php', 'Logout'), 'maintain' => array('Admin.php', 'Maintenance'), 'manageattachments' => array('ManageAttachments.php', 'ManageAttachments'), 'manageboards' => array('ManageBoards.php', 'ManageBoards'), 'managecalendar' => array('ManageCalendar.php', 'ManageCalendar'), 'managesearch' => array('ManageSearch.php', 'ManageSearch'), 'markasread' => array('Subs-Boards.php', 'MarkRead'), 'membergroups' => array('ManageMembergroups.php', 'ModifyMembergroups'), 'mergetopics' => array('SplitTopics.php', 'MergeTopics'), 'mlist' => array('Memberlist.php', 'Memberlist'), 'modifycat' => array('ManageBoards.php', 'ModifyCat'), 'modifykarma' => array('Karma.php', 'ModifyKarma'), 'modlog' => array('Modlog.php', 'ViewModlog'), 'movetopic' => array('MoveTopic.php', 'MoveTopic'), 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'), 'news' => array('ManageNews.php', 'ManageNews'), 'notify' => array('Notify.php', 'Notify'), 'notifyboard' => array('Notify.php', 'BoardNotify'), 'optimizetables' => array('Admin.php', 'OptimizeTables'), 'packageget' => array('PackageGet.php', 'PackageGet'), 'packages' => array('Packages.php', 'Packages'), 'permissions' => array('ManagePermissions.php', 'ModifyPermissions'), 'pgdownload' => array('PackageGet.php', 'PackageGet'), 'pm' => array('PersonalMessage.php', 'MessageMain'), 'post' => array('Post.php', 'Post'), 'post2' => array('Post.php', 'Post2'), 'postsettings' => array('ManagePosts.php', 'ManagePostSettings'), 'printpage' => array('Printpage.php', 'PrintTopic'), 'profile' => array('Profile.php', 'ModifyProfile'), 'profile2' => array('Profile.php', 'ModifyProfile2'), 'quotefast' => array('Post.php', 'QuoteFast'), 'quickmod' => array('Subs-Boards.php', 'QuickModeration'), 'quickmod2' => array('Subs-Boards.php', 'QuickModeration2'), 'recent' => array('Recent.php', 'RecentPosts'), 'regcenter' => array('ManageRegistration.php', 'RegCenter'), 'register' => array('Register.php', 'Register'), 'register2' => array('Register.php', 'Register2'), 'reminder' => array('Reminder.php', 'RemindMe'), 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'), 'removeoldtopics2' => array('RemoveTopic.php', 'RemoveOldTopics2'), 'removepoll' => array('Poll.php', 'RemovePoll'), 'repairboards' => array('RepairBoards.php', 'RepairBoards'), 'reporttm' => array('SendTopic.php', 'ReportToModerator'), 'reports' => array('Reports.php', 'ReportsMain'), 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'), 'search' => array('Search.php', 'PlushSearch1'), 'search2' => array('Search.php', 'PlushSearch2'), 'sendtopic' => array('SendTopic.php', 'SendTopic'), 'serversettings' => array('ManageServer.php', 'ModifySettings'), 'serversettings2' => array('ManageServer.php', 'ModifySettings2'), 'smileys' => array('ManageSmileys.php', 'ManageSmileys'), 'smstats' => array('Stats.php', 'SMStats'), 'spellcheck' => array('Subs-Post.php', 'SpellCheck'), 'splittopics' => array('SplitTopics.php', 'SplitTopics'), 'stats' => array('Stats.php', 'DisplayStats'), 'sticky' => array('LockTopic.php', 'Sticky'), 'theme' => array('Themes.php', 'ThemesMain'), 'trackip' => array('Profile.php', 'trackIP'), 'about:mozilla' => array('Karma.php', 'BookOfUnknown'), 'about:unknown' => array('Karma.php', 'BookOfUnknown'), 'unread' => array('Recent.php', 'UnreadTopics'), 'unreadreplies' => array('Recent.php', 'UnreadTopics'), 'viewErrorLog' => array('ManageErrors.php', 'ViewErrorLog'), 'viewmembers' => array('ManageMembers.php', 'ViewMembers'), 'viewprofile' => array('Profile.php', 'ModifyProfile'), 'verificationcode' => array('Register.php', 'VerificationCode'), 'vote' => array('Poll.php', 'Vote'), 'viewquery' => array('ViewQuery.php', 'ViewQuery'), 'who' => array('Who.php', 'Who'), '.xml' => array('News.php', 'ShowXmlFeed'));
// Get the function and file to include - if it's not there, do the board index.
if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']])) {
// Catch the action with the theme?
if (!empty($settings['catch_action'])) {
require_once $sourcedir . '/Themes.php';
return 'WrapAction';
}
// Fall through to the board index then...
require_once $sourcedir . '/BoardIndex.php';
return 'BoardIndex';
}
// Otherwise, it was set - so let's go to that action.
require_once $sourcedir . '/' . $actionArray[$_REQUEST['action']][0];
return $actionArray[$_REQUEST['action']][1];
}
