示例#1
0
文件: forum.php 项目: KR3W/NinkoBB
/**
 * Allows updating of topics, stuck or closed, and posts
 * @global array
 * @global array
 * @param integer $id post we are editing
 * @param string $topic post subject
 * @param string $content post content
 * @param integer $reply id of topic we are replying to
 * @param boolean $sticky are we sticking it to the top?
 * @param boolean $closed are we closing it?
 * @return string|int
 */
function update($id, $topic, $content, $sticky = false, $closed = false)
{
    global $config, $user_data;
    // The time. milliseconds / seconds may change.
    $time = time();
    // Is the id numeric?
    if (!alpha($id, 'numeric')) {
        return lang_parse('error_given_not_numeric', array(lang('post') . " " . lang('id')));
    }
    // Grab the data for the update.
    $post_data = topic($id);
    // Check to see if the post or topic was found.
    if (!$post_data) {
        return lang('error_post_missing');
    }
    // Pre-Parse
    $topic = clean_input(strip_repeat($topic));
    $content = htmlentities($content);
    $content = clean_input(stripslashes($content));
    // Is the user currently logged in? If not we can't update return error.
    if ($_SESSION['logged_in']) {
        // Editing a topic not post
        if ($post_data['reply'] == 0) {
            if ($topic == "") {
                return lang_parse('error_no_given', array(lang('username')));
            }
        } else {
            if ($topic == "") {
                $topic = "re:";
            }
        }
        // Is the subject valid?
        if (!alpha($topic, 'alpha-extra')) {
            return lang_parse('error_invalid_chars', array(lang('subject')));
        }
        // Did they give us any content to work with?
        if ($content != "") {
            if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
                // Check to see if the user is an admin and able to sticky / close the topic
                if ($_SESSION['admin'] || $_SESSION['moderator']) {
                    // Sticky
                    $sticky = $sticky ? '1' : '0';
                    // Closed
                    $closed = $closed ? '1' : '0';
                    // Admin functions
                    update_field($id, 'sticky', $sticky);
                    update_field($id, 'closed', $closed);
                }
                // Parsing
                $content = htmlspecialchars($content);
                // Update the post already inside of the database with the new data
                $result = mysql_query("UPDATE `forum` SET `subject`='{$topic}', `message`='{$content}', `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$id}'") or die(mysql_error());
                // Did it work?
                if ($result) {
                    return true;
                } else {
                    return false;
                }
            } else {
                return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
            }
        } else {
            return lang_parse('error_no_given', array(lang('message')));
        }
    } else {
        return lang('error_not_logged');
    }
}
示例#2
0
    }
} else {
    if (isset($login_cookie)) {
        $data = explode(":", $login_cookie);
        $username = mysql_clean($data[0]);
        $password = mysql_clean($data[1]);
        $sql = "SELECT * FROM users WHERE username = '******' AND password = '******'";
        $result = @$database->query($sql) or die("No.");
        // Huge error
        // Cookies don't match and no session, so tell them to logout!
        if ($database->num($result) < 1) {
            session_destroy();
            unset($username);
            unset($password);
            include $config['template_path'] . "header.php";
            print_out(lang('error_with_cookies'), lang_parse('error_cookie_body', array($config['url_path'] . '/logout.php')), false);
        } else {
            if ($database->num($result) > 0) {
                // Get the users data
                $user_data = $database->fetch($result);
                // What is this user classified as?
                $type = type($user_data['username']);
                // Tell us what they are
                switch ($type) {
                    case 1:
                        $_SESSION['admin'] = true;
                        break;
                    case 2:
                        $_SESSION['moderator'] = true;
                        break;
                    case 3:
示例#3
0
/**
 * Adds user to the database
 *
 * Registration function, this controls the sign up functionality.
 * @global array
 * @global resource
 * @param string $username username of user being added
 * @param string $password password of user being added
 * @param string $password_again password again to be checked against first $password
 * @param string $email email incase email registration is turned on
 * @param string $age mm/dd/yyyy
 * @return string|boolean
 */
function add_user($username, $password, $password_again, $email, $age = false)
{
    global $config, $database;
    // 904	- Registration complete, needs to validate email!
    // Check Username
    if (!alpha($username, 'alpha-underscore')) {
        return lang_parse('error_invalid_chars', array(lang('username')));
    }
    // Username Taken
    if (username_check($username)) {
        return lang('error_username_taken');
    }
    // Check Username Length
    $length = length($username, $config['min_name_length'], $config['max_name_length']);
    if ($length) {
        if ($length == "TOO_LONG") {
            return lang('error_username_too_long');
        } else {
            return lang('error_username_too_short');
        }
    }
    // Check Password Length
    $length = length($password, $config['min_name_length'], $config['max_name_length']);
    if ($length) {
        if ($length == "TOO_LONG") {
            return lang('error_password_too_long');
        } else {
            return lang('error_password_too_short');
        }
    }
    // Setup Passwords
    if ($password == $password_again) {
        $raw_pass = $password;
        $password = md5($password);
    } else {
        return lang('error_password_match');
    }
    // Check email
    if (!is_email($email)) {
        return lang_parse('error_invalid_given', array(lang('email')));
    }
    // Banned?
    $query = "SELECT * FROM `users` WHERE `email` = '{$email}' AND `banned` = '1' LIMIT 1";
    $result = $database->query($query);
    if ($database->num($result) > 0) {
        return lang('error_banned_email');
    }
    // Exist?
    $query = "SELECT * FROM `users` WHERE `email` = '{$email}' LIMIT 1";
    $result = $database->query($query);
    // Email exists
    if ($database->num($result) > 0) {
        return lang('error_email_used');
    }
    // Do we have to validate age?
    if ($config['age_validation']) {
        if ($age) {
            // Start grabbing age data~
            $age_data = explode('/', $age);
            if (alpha($age_data[2], 'numeric')) {
                if (strlen($age_data[2]) < 4) {
                    return lang('error_year_invalid');
                }
                $old_enough = age_limit($age_data[2], $config['age_validation']);
                if (!$old_enough) {
                    return lang_parse('error_year_young', array($config['age_validation']));
                }
            } else {
                return lang_parse('error_given_not_numeric', array(lang('year_c')));
            }
        } else {
            return lang('error_year_invalid');
        }
    }
    load_hook('add_user_check');
    // Finally Add user
    if ($config['email_validation']) {
        // The Key for Validation
        $key = md5($username . $email . substr(microtime(), 1, 3));
        // The query
        $query = "INSERT INTO `users` (`username`,`password`,`email`,`join_date`,`age`,`active`,`key`) VALUES ('{$username}', '{$password}', '{$email}', '" . time() . "','{$age}','0','{$key}')";
    } else {
        // The query
        $query = "INSERT INTO `users` (`username`,`password`,`email`,`join_date`,`age`,`active`) VALUES ('{$username}', '{$password}', '{$email}', '" . time() . "','{$age}','1')";
    }
    // Return Data
    if ($result = $database->query($query)) {
        // Auto login
        if (!$config['email_validation']) {
            // log them in
            login($username, false, $raw_pass);
            // Return True
            return true;
        } else {
            // Subject / Message replacing
            $subject = str_replace('{site_name}', $config['site_name'], $config['email_subject']);
            $subject = str_replace('{username}', $username, $subject);
            $subject = str_replace('{email}', $email, $subject);
            // The message
            $message = str_replace('{site_name}', $config['site_name'], $config['email_message']);
            $message = str_replace('{username}', $username, $message);
            $message = str_replace('{email}', $email, $message);
            $message = str_replace('{link}', $config['url_path'] . "/register.php?e={$email}&amp;k={$key}", $message);
            // Mail the results
            riot_mail($email, $subject, nl2nl($message));
            // Return the results
            return 904;
        }
    } else {
        return false;
    }
}
示例#4
0
            if (is_numeric($result)) {
                switch ($result) {
                    case 908:
                        $error = lang('error_user_doesnt_exist');
                        break;
                    case 905:
                        $error = lang_parse('error_invalid_given', array(lang('email')));
                        break;
                    case 906:
                        $error = lang_parse('error_no_given', array(lang('key')));
                        break;
                    case 907:
                        $error = lang_parse('error_invalid_given', array(lang('key')));
                        break;
                    case 904:
                        $error = lang_parse('error_no_given', array(lang('email')));
                        break;
                    default:
                        print_out(lang('account_verified'), lang('redirect'));
                        break;
                }
            } else {
                print_out(lang('account_verified'), lang('redirect'));
            }
        }
    }
}
// Header
include $config['template_path'] . "navigation.php";
// Registration Form
include $config['template_path'] . "user/register.php";
示例#5
0
<?php 
    }
}
?>

    	<form method="post" enctype="multipart/form-data">
		<div class="content">
	    	<dl class="input">
				<dt>
					<?php 
echo lang('current_avatar');
?>
:<br />
					<span>
							<?php 
echo lang_parse('avatar_upload_limits', array($config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_max_size']));
?>
					</span>
				</dt>
				<dd>
<?php 
if ($user_data['avatar']) {
    ?>
					<img src="<?php 
    echo $current_avatar_link;
    ?>
" alt="avatar" />
<?php 
} else {
    ?>
					<?php 
示例#6
0
                }
            } else {
                $posts = fetch(false, false, intval($_GET['id']), 'reply`, `time', 'ASC', $start_on, $config['messages_per_topic']);
            }
            // Number of pages
            $pagination = generate_pagination($topic_url, forum_count(false, $topic['id'], ''), $config['messages_per_topic'], $start);
        } else {
            print_out(lang('error_topic_missing'), lang('redirecting'));
        }
    } else {
        if (!is_numeric($id)) {
            print_out(lang_parse('error_given_not_numeric', array(lang('id_c'))), lang('redirecting'));
        }
    }
} else {
    print_out(lang_parse('error_invalid_given', array(lang('id'))), lang('redirecting'));
}
// Lets tell navigation we are viewing a topic
$in_topic = true;
/**
 * Include navigation template
 */
include $config['template_path'] . "navigation.php";
// Show first post
if ($config['show_first_post'] || $page == 0) {
    // First post showing~
    $author = user_data($topic['starter_id']);
    // The authors avatar if they have one
    $avatar_url = get_avatar($author['id']);
    // Topic status
    if ($closed) {
示例#7
0
/**
 * Allows updating of topics, stuck or closed, and posts
 * @global array
 * @global array
 * @global resource
 * @param integer $id post we are editing
 * @param string $topic post subject
 * @param string $content post content
 * @param integer $reply id of topic we are replying to
 * @param boolean $sticky are we sticking it to the top?
 * @param boolean $closed are we closing it?
 * @return string|int
 */
function update($id, $category, $topic, $content, $sticky = false, $closed = false)
{
    global $config, $user_data, $database;
    // The time. milliseconds / seconds may change.
    $time = time();
    // Is the id numeric?
    if (!alpha($id, 'numeric')) {
        return lang_parse('error_given_not_numeric', array(lang('post') . " " . lang('id')));
    }
    // Grab the data for the update.
    $post_data = topic($id);
    // Check to see if the post or topic was found.
    if (!$post_data) {
        return lang('error_post_missing');
    }
    // Pre-Parse
    $topic = strip_repeat($topic);
    // Can't update a replies category!
    if ($post_data['reply']) {
        $category = $post_data['category'];
    }
    // Check validity of category as numeric
    if (!alpha($category, 'numeric')) {
        return lang('error_invalid_category');
    }
    // Check to see if category exists
    $category = category($category);
    if (!$category) {
        return lang('error_invalid_category');
    }
    // Check category settings against user
    if (!$user_data['admin']) {
        if ($category['aop'] && $post_data['reply']) {
            if (!$user_data['admin'] || !$user_data['moderator']) {
                return lang('error_invalid_category');
            }
        }
        if ($category['aot'] && !$post_data['reply']) {
            if ($user_data['id'] != $category['aot']) {
                return lang('error_invalid_category');
            }
        }
    }
    // Is the user currently logged in? If not we can't update return error.
    if ($_SESSION['logged_in']) {
        // Editing a topic not post
        if ($post_data['reply'] == 0) {
            // Is there a topic?
            if ($topic == "") {
                return lang_parse('error_no_given', array(lang('username')));
            }
        } else {
            // If there was no topic put re: on it.
            if ($topic == "") {
                $topic = "re:";
            }
        }
        // Is the subject valid?
        if (!alpha($topic, 'alpha-extra')) {
            return lang_parse('error_invalid_chars', array(lang('subject')));
        }
        // Did they give us any content to work with?
        if ($content != "") {
            if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
                // Check to see if the user is an admin and able to sticky / close the topic
                if ($_SESSION['admin'] || $_SESSION['moderator']) {
                    // Sticky
                    $sticky = $sticky ? '1' : '0';
                    // Closed
                    $closed = $closed ? '1' : '0';
                    // Admin functions
                    update_field($id, 'sticky', $sticky);
                    update_field($id, 'closed', $closed);
                }
                // Parsing
                $topic = $database->escape($topic);
                $content = $database->escape($content);
                // Update the post already inside of the database with the new data
                $result = $database->query("UPDATE `forum` SET `category`='{$category['id']}', `subject`='{$topic}', `message`='{$content}', `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$id}'") or die(mysql_error());
                // Did it work?
                if ($result) {
                    // Update replies with category
                    if ($category != $post_data['category'] && !$post_data['reply']) {
                        $database->query("UPDATE `forum` SET `category`='{$category['id']}' WHERE `reply` = {$id}");
                    }
                    return true;
                } else {
                    return false;
                }
            } else {
                return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
            }
        } else {
            return lang_parse('error_no_given', array(lang('message')));
        }
    } else {
        return lang('error_not_logged');
    }
}
示例#8
0
/**
 * Cleans up the guest array
 * @global array
 * @global array
 */
function profile_edit()
{
    global $config, $user_data, $errors, $key, $data;
    // Check the data, output error into errors array if there was an error.
    if ($key == "title") {
        // Check the data, output error into errors array if there was an error.
        if (alpha($data, 'alpha-spacers') || $data == "") {
            if (!in_array($data, $config['banned_titles'])) {
                $length = length($data, 2, 32);
                if ($length) {
                    if ($length == "TOO_LONG") {
                        $errors[$key] = lang('error_title_too_long');
                    } else {
                        $errors[$key] = lang('error_title_too_short');
                    }
                } else {
                    // update user
                    update_user($user_data['id'], false, $key, $data);
                    // update revisions
                    if (insert_revision($user_data['id'], $data)) {
                        $errors[$key] = insert_revision($user_data['id'], $data);
                    }
                }
            }
        } else {
            $errors[$key] = lang_parse('error_invalid_chars', array(lang('title_c')));
        }
    }
}
示例#9
0
                }
                // Include the navigation
                include $config['template_path'] . "user/navigation.php";
                // Include profile template
                include $config['template_path'] . "user/profile.php";
            } else {
                if ($action == "signature") {
                    // Include the navigation
                    include $config['template_path'] . "user/navigation.php";
                    // Include profile template
                    include $config['template_path'] . "user/signature.php";
                } else {
                    if ($action == "view") {
                        if (isset($_GET['id'])) {
                            if (alpha($_GET['id'], 'numeric')) {
                                $viewing = user_data($_GET['id']);
                            } else {
                                print_out(lang_parse('error_invalid_given'), array(lang('id')));
                            }
                        } else {
                            print_out(lang_parse('error_no_given'), array(lang('id')));
                        }
                        // Include profile template
                        include $config['template_path'] . "user/view.php";
                    }
                }
            }
        }
    }
}
include $config['template_path'] . "footer.php";
示例#10
0
     include $config['template_path'] . "navigation.php";
     /**
      * Include admin navigation
      */
     include $config['template_path'] . "admin/navigation.php";
     /**
      * Include topics
      */
     include $config['template_path'] . "admin/topics.php";
 } else {
     if ($action == "posts") {
         if (isset($_GET['delete'])) {
             $result = delete_post($_GET['delete']);
             // User data
             if ($result === "ID_INVALID") {
                 $error = lang_parse('error_invalid_given', array(lang('id')));
             } else {
                 if ($result === "DELETING_POST") {
                     $error = lang('error_deleting_post');
                 }
             }
             if (!$error) {
                 $success = lang('success_deleted_post');
             }
         }
         if (!$_GET['edit']) {
             // Start point
             @($page = $_GET['page']);
             // What page are we on?
             if (is_numeric($page)) {
                 if (!isset($page) || $page < 0) {
示例#11
0
 if ($results) {
     // Is the result numeric?
     if (is_numeric($results)) {
         // What error do we show?
         switch ($results) {
             case 904:
                 $login_error = lang_parse('error_no_given', array(lang('email')));
                 break;
             case 905:
                 $login_error = lang_parse('error_invalid_chars', array(lang('email')));
                 break;
             case 906:
                 $login_error = lang_parse('error_no_given', array(lang('username')));
                 break;
             case 907:
                 $login_error = lang_parse('error_invalid_chars', array(lang('username')));
                 break;
             case 908:
                 $login_error = lang('error_banned');
                 break;
             default:
                 $login_success = lang('welcome_back') . ", {$_SESSION['user_name']}";
                 break;
         }
     } else {
         // Incase your server doesn't classify booleans as numbers. Just incase.
         $login_success = lang('welcome_back') . ", {$_SESSION['user_name']}";
     }
 } else {
     $login_error = lang('error_invalid_user_pass');
 }
示例#12
0
            require_once '../include/connect.php';
            if ($_POST['password'] != $_POST['passworda']) {
                ?>
<p><strong><?php 
                echo lang('error');
                ?>
</strong></p>
<ul>
	<li><?php 
                echo lang('install_error_pw_mtch');
                ?>
</li>
</ul>

<p><a href="javascript:history.back(-1)"><?php 
                echo lang_parse('install_step_back', array('6'));
                ?>
</a></p>
<?php 
                die;
            }
            // Update stuff
            $password = md5($_POST['password']);
            // Insert user data
            $query = "INSERT INTO `users` (`username`,`email`,`password`,`admin`,`active`,`join_date`) VALUES ('{$_POST['username']}','{$_POST['email']}','{$password}', 1, 1, '" . time() . "')";
            $database->query($query);
            ?>
<p><?php 
            echo lang('install_final_msg');
            ?>
</p>
示例#13
0
 public static function sendResetMail($db, $lang, $username)
 {
     // check if user exists
     $result = $db->query("SELECT id, name, email FROM " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' LIMIT 1");
     if ($result->num_rows == 0) {
         // No user with that email.
         return AccountError::NO_SUCH_USER;
     }
     $result = $result->fetch_object();
     $userid = $result->id;
     $email = $result->email;
     $username = $result->name;
     $token = Account::newResetToken($db, $userid);
     $link = $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/resetpw2.php?username="******"&token=" . urlencode($token);
     $text = lang_parse($lang['resetpwmail_text'], array($username, $link));
     $header = 'From: noreply@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
     if (mail($email, $lang['resetpwmail_subject'], $text, $header) === false) {
         return AccountError::EMAIL_SEND_ERROR;
     }
     return AccountError::NO_ERROR;
 }