/**
* Allows updating of topics, stuck or closed, and posts
* @global array
* @global array
* @param integer $id post we are editing
* @param string $topic post subject
* @param string $content post content
* @param integer $reply id of topic we are replying to
* @param boolean $sticky are we sticking it to the top?
* @param boolean $closed are we closing it?
* @return string|int
*/
function update($id, $topic, $content, $sticky = false, $closed = false)
{
global $config, $user_data;
// The time. milliseconds / seconds may change.
$time = time();
// Is the id numeric?
if (!alpha($id, 'numeric')) {
return lang_parse('error_given_not_numeric', array(lang('post') . " " . lang('id')));
}
// Grab the data for the update.
$post_data = topic($id);
// Check to see if the post or topic was found.
if (!$post_data) {
return lang('error_post_missing');
}
// Pre-Parse
$topic = clean_input(strip_repeat($topic));
$content = htmlentities($content);
$content = clean_input(stripslashes($content));
// Is the user currently logged in? If not we can't update return error.
if ($_SESSION['logged_in']) {
// Editing a topic not post
if ($post_data['reply'] == 0) {
if ($topic == "") {
return lang_parse('error_no_given', array(lang('username')));
}
} else {
if ($topic == "") {
$topic = "re:";
}
}
// Is the subject valid?
if (!alpha($topic, 'alpha-extra')) {
return lang_parse('error_invalid_chars', array(lang('subject')));
}
// Did they give us any content to work with?
if ($content != "") {
if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
// Check to see if the user is an admin and able to sticky / close the topic
if ($_SESSION['admin'] || $_SESSION['moderator']) {
// Sticky
$sticky = $sticky ? '1' : '0';
// Closed
$closed = $closed ? '1' : '0';
// Admin functions
update_field($id, 'sticky', $sticky);
update_field($id, 'closed', $closed);
}
// Parsing
$content = htmlspecialchars($content);
// Update the post already inside of the database with the new data
$result = mysql_query("UPDATE `forum` SET `subject`='{$topic}', `message`='{$content}', `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$id}'") or die(mysql_error());
// Did it work?
if ($result) {
return true;
} else {
return false;
}
} else {
return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
}
} else {
return lang_parse('error_no_given', array(lang('message')));
}
} else {
return lang('error_not_logged');
}
}
}
} else {
if (isset($login_cookie)) {
$data = explode(":", $login_cookie);
$username = mysql_clean($data[0]);
$password = mysql_clean($data[1]);
$sql = "SELECT * FROM users WHERE username = '******' AND password = '******'";
$result = @$database->query($sql) or die("No.");
// Huge error
// Cookies don't match and no session, so tell them to logout!
if ($database->num($result) < 1) {
session_destroy();
unset($username);
unset($password);
include $config['template_path'] . "header.php";
print_out(lang('error_with_cookies'), lang_parse('error_cookie_body', array($config['url_path'] . '/logout.php')), false);
} else {
if ($database->num($result) > 0) {
// Get the users data
$user_data = $database->fetch($result);
// What is this user classified as?
$type = type($user_data['username']);
// Tell us what they are
switch ($type) {
case 1:
$_SESSION['admin'] = true;
break;
case 2:
$_SESSION['moderator'] = true;
break;
case 3:
/**
* Adds user to the database
*
* Registration function, this controls the sign up functionality.
* @global array
* @global resource
* @param string $username username of user being added
* @param string $password password of user being added
* @param string $password_again password again to be checked against first $password
* @param string $email email incase email registration is turned on
* @param string $age mm/dd/yyyy
* @return string|boolean
*/
function add_user($username, $password, $password_again, $email, $age = false)
{
global $config, $database;
// 904 - Registration complete, needs to validate email!
// Check Username
if (!alpha($username, 'alpha-underscore')) {
return lang_parse('error_invalid_chars', array(lang('username')));
}
// Username Taken
if (username_check($username)) {
return lang('error_username_taken');
}
// Check Username Length
$length = length($username, $config['min_name_length'], $config['max_name_length']);
if ($length) {
if ($length == "TOO_LONG") {
return lang('error_username_too_long');
} else {
return lang('error_username_too_short');
}
}
// Check Password Length
$length = length($password, $config['min_name_length'], $config['max_name_length']);
if ($length) {
if ($length == "TOO_LONG") {
return lang('error_password_too_long');
} else {
return lang('error_password_too_short');
}
}
// Setup Passwords
if ($password == $password_again) {
$raw_pass = $password;
$password = md5($password);
} else {
return lang('error_password_match');
}
// Check email
if (!is_email($email)) {
return lang_parse('error_invalid_given', array(lang('email')));
}
// Banned?
$query = "SELECT * FROM `users` WHERE `email` = '{$email}' AND `banned` = '1' LIMIT 1";
$result = $database->query($query);
if ($database->num($result) > 0) {
return lang('error_banned_email');
}
// Exist?
$query = "SELECT * FROM `users` WHERE `email` = '{$email}' LIMIT 1";
$result = $database->query($query);
// Email exists
if ($database->num($result) > 0) {
return lang('error_email_used');
}
// Do we have to validate age?
if ($config['age_validation']) {
if ($age) {
// Start grabbing age data~
$age_data = explode('/', $age);
if (alpha($age_data[2], 'numeric')) {
if (strlen($age_data[2]) < 4) {
return lang('error_year_invalid');
}
$old_enough = age_limit($age_data[2], $config['age_validation']);
if (!$old_enough) {
return lang_parse('error_year_young', array($config['age_validation']));
}
} else {
return lang_parse('error_given_not_numeric', array(lang('year_c')));
}
} else {
return lang('error_year_invalid');
}
}
load_hook('add_user_check');
// Finally Add user
if ($config['email_validation']) {
// The Key for Validation
$key = md5($username . $email . substr(microtime(), 1, 3));
// The query
$query = "INSERT INTO `users` (`username`,`password`,`email`,`join_date`,`age`,`active`,`key`) VALUES ('{$username}', '{$password}', '{$email}', '" . time() . "','{$age}','0','{$key}')";
} else {
// The query
$query = "INSERT INTO `users` (`username`,`password`,`email`,`join_date`,`age`,`active`) VALUES ('{$username}', '{$password}', '{$email}', '" . time() . "','{$age}','1')";
}
// Return Data
if ($result = $database->query($query)) {
// Auto login
if (!$config['email_validation']) {
// log them in
login($username, false, $raw_pass);
// Return True
return true;
} else {
// Subject / Message replacing
$subject = str_replace('{site_name}', $config['site_name'], $config['email_subject']);
$subject = str_replace('{username}', $username, $subject);
$subject = str_replace('{email}', $email, $subject);
// The message
$message = str_replace('{site_name}', $config['site_name'], $config['email_message']);
$message = str_replace('{username}', $username, $message);
$message = str_replace('{email}', $email, $message);
$message = str_replace('{link}', $config['url_path'] . "/register.php?e={$email}&k={$key}", $message);
// Mail the results
riot_mail($email, $subject, nl2nl($message));
// Return the results
return 904;
}
} else {
return false;
}
}
if (is_numeric($result)) {
switch ($result) {
case 908:
$error = lang('error_user_doesnt_exist');
break;
case 905:
$error = lang_parse('error_invalid_given', array(lang('email')));
break;
case 906:
$error = lang_parse('error_no_given', array(lang('key')));
break;
case 907:
$error = lang_parse('error_invalid_given', array(lang('key')));
break;
case 904:
$error = lang_parse('error_no_given', array(lang('email')));
break;
default:
print_out(lang('account_verified'), lang('redirect'));
break;
}
} else {
print_out(lang('account_verified'), lang('redirect'));
}
}
}
}
// Header
include $config['template_path'] . "navigation.php";
// Registration Form
include $config['template_path'] . "user/register.php";
<?php
}
}
?>
<form method="post" enctype="multipart/form-data">
<div class="content">
<dl class="input">
<dt>
<?php
echo lang('current_avatar');
?>
:<br />
<span>
<?php
echo lang_parse('avatar_upload_limits', array($config['avatar_max_width'], $config['avatar_max_height'], $config['avatar_max_size']));
?>
</span>
</dt>
<dd>
<?php
if ($user_data['avatar']) {
?>
<img src="<?php
echo $current_avatar_link;
?>
" alt="avatar" />
<?php
} else {
?>
<?php
}
} else {
$posts = fetch(false, false, intval($_GET['id']), 'reply`, `time', 'ASC', $start_on, $config['messages_per_topic']);
}
// Number of pages
$pagination = generate_pagination($topic_url, forum_count(false, $topic['id'], ''), $config['messages_per_topic'], $start);
} else {
print_out(lang('error_topic_missing'), lang('redirecting'));
}
} else {
if (!is_numeric($id)) {
print_out(lang_parse('error_given_not_numeric', array(lang('id_c'))), lang('redirecting'));
}
}
} else {
print_out(lang_parse('error_invalid_given', array(lang('id'))), lang('redirecting'));
}
// Lets tell navigation we are viewing a topic
$in_topic = true;
/**
* Include navigation template
*/
include $config['template_path'] . "navigation.php";
// Show first post
if ($config['show_first_post'] || $page == 0) {
// First post showing~
$author = user_data($topic['starter_id']);
// The authors avatar if they have one
$avatar_url = get_avatar($author['id']);
// Topic status
if ($closed) {
/**
* Allows updating of topics, stuck or closed, and posts
* @global array
* @global array
* @global resource
* @param integer $id post we are editing
* @param string $topic post subject
* @param string $content post content
* @param integer $reply id of topic we are replying to
* @param boolean $sticky are we sticking it to the top?
* @param boolean $closed are we closing it?
* @return string|int
*/
function update($id, $category, $topic, $content, $sticky = false, $closed = false)
{
global $config, $user_data, $database;
// The time. milliseconds / seconds may change.
$time = time();
// Is the id numeric?
if (!alpha($id, 'numeric')) {
return lang_parse('error_given_not_numeric', array(lang('post') . " " . lang('id')));
}
// Grab the data for the update.
$post_data = topic($id);
// Check to see if the post or topic was found.
if (!$post_data) {
return lang('error_post_missing');
}
// Pre-Parse
$topic = strip_repeat($topic);
// Can't update a replies category!
if ($post_data['reply']) {
$category = $post_data['category'];
}
// Check validity of category as numeric
if (!alpha($category, 'numeric')) {
return lang('error_invalid_category');
}
// Check to see if category exists
$category = category($category);
if (!$category) {
return lang('error_invalid_category');
}
// Check category settings against user
if (!$user_data['admin']) {
if ($category['aop'] && $post_data['reply']) {
if (!$user_data['admin'] || !$user_data['moderator']) {
return lang('error_invalid_category');
}
}
if ($category['aot'] && !$post_data['reply']) {
if ($user_data['id'] != $category['aot']) {
return lang('error_invalid_category');
}
}
}
// Is the user currently logged in? If not we can't update return error.
if ($_SESSION['logged_in']) {
// Editing a topic not post
if ($post_data['reply'] == 0) {
// Is there a topic?
if ($topic == "") {
return lang_parse('error_no_given', array(lang('username')));
}
} else {
// If there was no topic put re: on it.
if ($topic == "") {
$topic = "re:";
}
}
// Is the subject valid?
if (!alpha($topic, 'alpha-extra')) {
return lang_parse('error_invalid_chars', array(lang('subject')));
}
// Did they give us any content to work with?
if ($content != "") {
if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
// Check to see if the user is an admin and able to sticky / close the topic
if ($_SESSION['admin'] || $_SESSION['moderator']) {
// Sticky
$sticky = $sticky ? '1' : '0';
// Closed
$closed = $closed ? '1' : '0';
// Admin functions
update_field($id, 'sticky', $sticky);
update_field($id, 'closed', $closed);
}
// Parsing
$topic = $database->escape($topic);
$content = $database->escape($content);
// Update the post already inside of the database with the new data
$result = $database->query("UPDATE `forum` SET `category`='{$category['id']}', `subject`='{$topic}', `message`='{$content}', `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$id}'") or die(mysql_error());
// Did it work?
if ($result) {
// Update replies with category
if ($category != $post_data['category'] && !$post_data['reply']) {
$database->query("UPDATE `forum` SET `category`='{$category['id']}' WHERE `reply` = {$id}");
}
return true;
} else {
return false;
}
} else {
return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
}
} else {
return lang_parse('error_no_given', array(lang('message')));
}
} else {
return lang('error_not_logged');
}
}
/**
* Cleans up the guest array
* @global array
* @global array
*/
function profile_edit()
{
global $config, $user_data, $errors, $key, $data;
// Check the data, output error into errors array if there was an error.
if ($key == "title") {
// Check the data, output error into errors array if there was an error.
if (alpha($data, 'alpha-spacers') || $data == "") {
if (!in_array($data, $config['banned_titles'])) {
$length = length($data, 2, 32);
if ($length) {
if ($length == "TOO_LONG") {
$errors[$key] = lang('error_title_too_long');
} else {
$errors[$key] = lang('error_title_too_short');
}
} else {
// update user
update_user($user_data['id'], false, $key, $data);
// update revisions
if (insert_revision($user_data['id'], $data)) {
$errors[$key] = insert_revision($user_data['id'], $data);
}
}
}
} else {
$errors[$key] = lang_parse('error_invalid_chars', array(lang('title_c')));
}
}
}
}
// Include the navigation
include $config['template_path'] . "user/navigation.php";
// Include profile template
include $config['template_path'] . "user/profile.php";
} else {
if ($action == "signature") {
// Include the navigation
include $config['template_path'] . "user/navigation.php";
// Include profile template
include $config['template_path'] . "user/signature.php";
} else {
if ($action == "view") {
if (isset($_GET['id'])) {
if (alpha($_GET['id'], 'numeric')) {
$viewing = user_data($_GET['id']);
} else {
print_out(lang_parse('error_invalid_given'), array(lang('id')));
}
} else {
print_out(lang_parse('error_no_given'), array(lang('id')));
}
// Include profile template
include $config['template_path'] . "user/view.php";
}
}
}
}
}
}
include $config['template_path'] . "footer.php";
include $config['template_path'] . "navigation.php";
/**
* Include admin navigation
*/
include $config['template_path'] . "admin/navigation.php";
/**
* Include topics
*/
include $config['template_path'] . "admin/topics.php";
} else {
if ($action == "posts") {
if (isset($_GET['delete'])) {
$result = delete_post($_GET['delete']);
// User data
if ($result === "ID_INVALID") {
$error = lang_parse('error_invalid_given', array(lang('id')));
} else {
if ($result === "DELETING_POST") {
$error = lang('error_deleting_post');
}
}
if (!$error) {
$success = lang('success_deleted_post');
}
}
if (!$_GET['edit']) {
// Start point
@($page = $_GET['page']);
// What page are we on?
if (is_numeric($page)) {
if (!isset($page) || $page < 0) {
if ($results) {
// Is the result numeric?
if (is_numeric($results)) {
// What error do we show?
switch ($results) {
case 904:
$login_error = lang_parse('error_no_given', array(lang('email')));
break;
case 905:
$login_error = lang_parse('error_invalid_chars', array(lang('email')));
break;
case 906:
$login_error = lang_parse('error_no_given', array(lang('username')));
break;
case 907:
$login_error = lang_parse('error_invalid_chars', array(lang('username')));
break;
case 908:
$login_error = lang('error_banned');
break;
default:
$login_success = lang('welcome_back') . ", {$_SESSION['user_name']}";
break;
}
} else {
// Incase your server doesn't classify booleans as numbers. Just incase.
$login_success = lang('welcome_back') . ", {$_SESSION['user_name']}";
}
} else {
$login_error = lang('error_invalid_user_pass');
}
require_once '../include/connect.php';
if ($_POST['password'] != $_POST['passworda']) {
?>
<p><strong><?php
echo lang('error');
?>
</strong></p>
<ul>
<li><?php
echo lang('install_error_pw_mtch');
?>
</li>
</ul>
<p><a href="javascript:history.back(-1)"><?php
echo lang_parse('install_step_back', array('6'));
?>
</a></p>
<?php
die;
}
// Update stuff
$password = md5($_POST['password']);
// Insert user data
$query = "INSERT INTO `users` (`username`,`email`,`password`,`admin`,`active`,`join_date`) VALUES ('{$_POST['username']}','{$_POST['email']}','{$password}', 1, 1, '" . time() . "')";
$database->query($query);
?>
<p><?php
echo lang('install_final_msg');
?>
</p>
public static function sendResetMail($db, $lang, $username)
{
// check if user exists
$result = $db->query("SELECT id, name, email FROM " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' LIMIT 1");
if ($result->num_rows == 0) {
// No user with that email.
return AccountError::NO_SUCH_USER;
}
$result = $result->fetch_object();
$userid = $result->id;
$email = $result->email;
$username = $result->name;
$token = Account::newResetToken($db, $userid);
$link = $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . "/resetpw2.php?username="******"&token=" . urlencode($token);
$text = lang_parse($lang['resetpwmail_text'], array($username, $link));
$header = 'From: noreply@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
if (mail($email, $lang['resetpwmail_subject'], $text, $header) === false) {
return AccountError::EMAIL_SEND_ERROR;
}
return AccountError::NO_ERROR;
}