/**
* Logs the current user out of their account.
*
* What it does:
* - It requires that the session hash is sent as well, to prevent automatic logouts by images or javascript.
* - It redirects back to $_SESSION['logout_url'], if it exists.
* - It is accessed via ?action=logout;session_var=...
*
* @param boolean $internal if true, it doesn't check the session
* @param boolean $redirect
*/
public function action_logout($internal = false, $redirect = true)
{
global $user_info, $user_settings, $context;
// Make sure they aren't being auto-logged out.
if (!$internal) {
checkSession('get');
}
require_once SUBSDIR . '/Auth.subs.php';
if (isset($_SESSION['pack_ftp'])) {
$_SESSION['pack_ftp'] = null;
}
// They cannot be open ID verified any longer.
if (isset($_SESSION['openid'])) {
unset($_SESSION['openid']);
}
// It won't be first login anymore.
unset($_SESSION['first_login']);
// Just ensure they aren't a guest!
if (!$user_info['is_guest']) {
// Pass the logout information to integrations.
call_integration_hook('integrate_logout', array($user_settings['member_name']));
// If you log out, you aren't online anymore :P.
logOnline($user_info['id'], false);
}
// Logout? Let's kill the admin/moderate/other sessions, too.
$types = array('admin', 'moderate');
call_integration_hook('integrate_validateSession', array(&$types));
foreach ($types as $type) {
unset($_SESSION[$type . '_time']);
}
$_SESSION['log_time'] = 0;
// Empty the cookie! (set it in the past, and for id_member = 0)
setLoginCookie(-3600, 0);
// And some other housekeeping while we're at it.
session_destroy();
if (!empty($user_info['id'])) {
updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));
}
// Off to the merry board index we go!
if ($redirect) {
if (empty($_SESSION['logout_url'])) {
redirectexit('', $context['server']['needs_login_fix']);
} elseif (!empty($_SESSION['logout_url']) && (substr($_SESSION['logout_url'], 0, 7) !== 'http://' && substr($_SESSION['logout_url'], 0, 8) !== 'https://')) {
unset($_SESSION['logout_url']);
redirectexit();
} else {
$temp = $_SESSION['logout_url'];
unset($_SESSION['logout_url']);
redirectexit($temp, $context['server']['needs_login_fix']);
}
}
}
/**
* As it says... this tries to review the list of banned members, to match new bans.
*
* - Note: is_activated >= 10: a member is banned.
*
* @package Bans
*/
function updateBanMembers()
{
$db = database();
$updates = array();
$allMembers = array();
$newMembers = array();
// Start by getting all active bans - it's quicker doing this in parts...
$request = $db->query('', '
SELECT bi.id_member, bi.email_address
FROM {db_prefix}ban_items AS bi
INNER JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group)
WHERE (bi.id_member > {int:no_member} OR bi.email_address != {string:blank_string})
AND bg.cannot_access = {int:cannot_access_on}
AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time})', array('no_member' => 0, 'cannot_access_on' => 1, 'current_time' => time(), 'blank_string' => ''));
$memberIDs = array();
$memberEmails = array();
$memberEmailWild = array();
while ($row = $db->fetch_assoc($request)) {
if ($row['id_member']) {
$memberIDs[$row['id_member']] = $row['id_member'];
}
if ($row['email_address']) {
// Does it have a wildcard - if so we can't do a IN on it.
if (strpos($row['email_address'], '%') !== false) {
$memberEmailWild[$row['email_address']] = $row['email_address'];
} else {
$memberEmails[$row['email_address']] = $row['email_address'];
}
}
}
$db->free_result($request);
// Build up the query.
$queryPart = array();
$queryValues = array();
if (!empty($memberIDs)) {
$queryPart[] = 'mem.id_member IN ({array_string:member_ids})';
$queryValues['member_ids'] = $memberIDs;
}
if (!empty($memberEmails)) {
$queryPart[] = 'mem.email_address IN ({array_string:member_emails})';
$queryValues['member_emails'] = $memberEmails;
}
$count = 0;
foreach ($memberEmailWild as $email) {
$queryPart[] = 'mem.email_address LIKE {string:wild_' . $count . '}';
$queryValues['wild_' . $count++] = $email;
}
// Find all banned members.
if (!empty($queryPart)) {
$request = $db->query('', '
SELECT mem.id_member, mem.is_activated
FROM {db_prefix}members AS mem
WHERE ' . implode(' OR ', $queryPart), $queryValues);
while ($row = $db->fetch_assoc($request)) {
if (!in_array($row['id_member'], $allMembers)) {
$allMembers[] = $row['id_member'];
// Do they need an update?
if ($row['is_activated'] < 10) {
$updates[$row['is_activated'] + 10][] = $row['id_member'];
$newMembers[] = $row['id_member'];
}
}
}
$db->free_result($request);
}
// We welcome our new members in the realm of the banned.
if (!empty($newMembers)) {
require_once SUBSDIR . '/Auth.subs.php';
logOnline($newMembers, false);
}
// Find members that are wrongfully marked as banned.
$request = $db->query('', '
SELECT mem.id_member, mem.is_activated - 10 AS new_value
FROM {db_prefix}members AS mem
LEFT JOIN {db_prefix}ban_items AS bi ON (bi.id_member = mem.id_member OR mem.email_address LIKE bi.email_address)
LEFT JOIN {db_prefix}ban_groups AS bg ON (bg.id_ban_group = bi.id_ban_group AND bg.cannot_access = {int:cannot_access_activated} AND (bg.expire_time IS NULL OR bg.expire_time > {int:current_time}))
WHERE (bi.id_ban IS NULL OR bg.id_ban_group IS NULL)
AND mem.is_activated >= {int:ban_flag}', array('cannot_access_activated' => 1, 'current_time' => time(), 'ban_flag' => 10));
while ($row = $db->fetch_assoc($request)) {
// Don't do this twice!
if (!in_array($row['id_member'], $allMembers)) {
$updates[$row['new_value']][] = $row['id_member'];
$allMembers[] = $row['id_member'];
}
}
$db->free_result($request);
if (!empty($updates)) {
foreach ($updates as $newStatus => $members) {
updateMemberData($members, array('is_activated' => $newStatus));
}
}
// Update the latest member and our total members as banning may change them.
updateStats('member');
}
/**
* Send the user a new activation email if they need to reactivate!
*/
function profileSendActivation()
{
global $profile_vars, $txt, $context, $scripturl, $cookiename, $cur_profile, $language, $modSettings;
require_once SUBSDIR . '/Mail.subs.php';
// Shouldn't happen but just in case.
if (empty($profile_vars['email_address'])) {
return;
}
$replacements = array('ACTIVATIONLINK' => $scripturl . '?action=activate;u=' . $context['id_member'] . ';code=' . $profile_vars['validation_code'], 'ACTIVATIONCODE' => $profile_vars['validation_code'], 'ACTIVATIONLINKWITHOUTCODE' => $scripturl . '?action=activate;u=' . $context['id_member']);
// Send off the email.
$emaildata = loadEmailTemplate('activate_reactivate', $replacements, empty($cur_profile['lngfile']) || empty($modSettings['userLanguage']) ? $language : $cur_profile['lngfile']);
sendmail($profile_vars['email_address'], $emaildata['subject'], $emaildata['body'], null, null, false, 0);
// Log the user out.
require_once SUBSDIR . '/Auth.subs.php';
logOnline($context['id_member'], false);
$_SESSION['log_time'] = 0;
$_SESSION['login_' . $cookiename] = serialize(array(0, '', 0));
if (isset($_COOKIE[$cookiename])) {
$_COOKIE[$cookiename] = '';
}
loadUserSettings();
$context['user']['is_logged'] = false;
$context['user']['is_guest'] = true;
// Send them to the done-with-registration-login screen.
loadTemplate('Register');
$context['page_title'] = $txt['profile'];
$context['sub_template'] = 'after';
$context['title'] = $txt['activate_changed_email_title'];
$context['description'] = $txt['activate_changed_email_desc'];
// We're gone!
obExit();
}
