if (isset($_GET['key'])) { $key = $_GET['key']; $update = array(':id' => $id); $ps = $db->select('users', 'activate_string, activate_key', $update, 'id=:id'); list($new_email, $new_email_key) = $ps->fetch(PDO::FETCH_NUM); if ($key == '' || $key != $new_email_key) { message(sprintf($lang_profile['Email key bad'], $panther_config['o_admin_email'])); } else { $data = array(':id' => $id); $db->run('UPDATE ' . $db->prefix . 'users SET email=activate_string, activate_string=NULL, activate_key=NULL WHERE id=:id', $data); message($lang_profile['Email updated'], true); } } else { if (isset($_POST['form_sent'])) { confirm_referrer('profile.php'); if (panther_hash($_POST['req_password'] . $panther_user['salt']) !== $panther_user['password']) { message($lang_profile['Wrong pass']); } require PANTHER_ROOT . 'include/email.php'; // Validate the email address $new_email = isset($_POST['req_new_email']) ? strtolower(panther_trim($_POST['req_new_email'])) : ''; if (!$mailer->is_valid_email($new_email)) { message($lang_common['Invalid email']); } // Check if it's a banned email address if ($mailer->is_banned_email($new_email)) { if ($panther_config['p_allow_banned_email'] == '0') { message($lang_prof_reg['Banned email']); } else { if ($panther_config['o_mailing_list'] != '') { $info = array('message' => array('<username>' => $panther_user['username'], '<email>' => $new_email, '<profile_url>' => panther_link($panther_url['profile_essentials'], array($id))));
if ($panther_config['p_allow_banned_email'] == '0') { $errors[] = $lang_prof_reg['Banned email']; } } if ($panther_config['p_allow_dupe_email'] == '0') { $data = array(':email' => $email); $ps = $db->select('users', 1, $data, 'email=:email'); if ($ps->rowCount()) { $errors[] = $lang_prof_reg['Dupe email']; } } if (empty($errors)) { // Insert the new user into the database. We do this now to get the last inserted ID for later use $now = time(); $initial_group_id = $random_pass == 0 ? $panther_config['o_default_user_group'] : PANTHER_UNVERIFIED; $password_hash = panther_hash($password1 . $password_salt); // Add the user $insert = array('username' => $username, 'group_id' => $initial_group_id, 'password' => $password_hash, 'salt' => $password_salt, 'email' => $email, 'email_setting' => $panther_config['o_default_email_setting'], 'timezone' => $panther_config['o_default_timezone'], 'dst' => $panther_config['o_default_dst'], 'language' => $panther_config['o_default_lang'], 'style' => $panther_config['o_default_style'], 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now); $db->insert('users', $insert); $new_uid = $db->lastInsertId($db->prefix . 'users'); if ($random_pass == '1') { $info = array('subject' => array('<board_title>' => $panther_config['o_board_title']), 'message' => array('<base_url>' => get_base_url(), '<username>' => $username, '<password>' => $password1, '<login_url>' => panther_link($panther_url['login']))); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/welcome.tpl', $info); $mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']); } // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PANTHER_ROOT . 'include/cache.php'; } generate_users_info_cache(); redirect(panther_link($panther_url['admin_maintenance']), $lang_admin_maintenance['User created message']);
($hook = get_extensions('forget_password_after_validation')) ? eval($hook) : null; // Did everything go according to plan? if (empty($errors)) { $data = array(':email' => $email); $ps = $db->select('users', 'id, username, last_email_sent', $data, 'email=:email'); if ($ps->rowCount()) { // Loop through users we found foreach ($ps as $cur_hit) { if ($cur_hit['last_email_sent'] != '' && time() - $cur_hit['last_email_sent'] < 3600 && time() - $cur_hit['last_email_sent'] >= 0) { message(sprintf($lang_login['Email flood'], intval((3600 - (time() - $cur_hit['last_email_sent'])) / 60)), true); } // Generate a new password and a new password activation code $new_password = random_pass(12); $new_salt = random_pass(16); $new_password_key = random_pass(8); $update = array('activate_string' => panther_hash($new_password . $new_salt), 'salt' => $new_salt, 'activate_key' => $new_password_key, 'last_email_sent' => time()); $data = array(':id' => $cur_hit['id']); $db->update('users', $update, 'id=:id', $data); $info = array('message' => array('<base_url>' => get_base_url(), '<username>' => $cur_hit['username'], '<activation_url>' => panther_link($panther_url['change_password_key'], array($cur_hit['id'], $new_password_key)), '<new_password>' => $new_password)); $mail_tpl = $mailer->parse(PANTHER_ROOT . 'lang/' . $panther_user['language'] . '/mail_templates/activate_password.tpl', $info); $mailer->send($email, $mail_tpl['subject'], $mail_tpl['message']); } message($lang_login['Forget mail'] . ' ' . $panther_config['o_admin_email'], true); } else { $errors[] = $lang_login['No email match'] . ' ' . $email . '.'; } } } $page_title = array($panther_config['o_board_title'], $lang_login['Request pass']); $required_fields = array('req_email' => $lang_common['Email']); $focus_element = array('request_pass', 'req_email');
// Insert the five preset groups $db->insert('groups', $insert); $insert = array('g_id' => 2, 'g_title' => $lang_install['Global Moderators'], 'g_user_title' => $lang_install['Global Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 1, 'g_mod_edit_users' => 1, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 1, 'g_mod_ban_users' => 1, 'g_post_polls' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 1, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#0000CC', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760); $db->insert('groups', $insert); $insert = array('g_id' => 3, 'g_title' => $lang_install['Moderators'], 'g_user_title' => $lang_install['Moderator'], 'g_moderator' => 1, 'g_mod_cp' => 1, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_sfs_report' => 1, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 1, 'g_mod_warn_users' => 1, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 1, 'g_delete_posts' => 1, 'g_delete_topics' => 1, 'g_set_title' => 1, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 0, 'g_use_pm' => 1, 'g_pm_limit' => 0, 'g_search_flood' => 0, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 1, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '#00AA00', 'g_attach_files' => 1, 'g_max_attachments' => 5, 'g_max_size' => 10485760, 'g_pm_folder_limit' => 10); $db->insert('groups', $insert); $insert = array('g_id' => 4, 'g_title' => $lang_install['Guests'], 'g_moderator' => 0, 'g_mod_cp' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 0, 'g_post_replies' => 0, 'g_post_topics' => 0, 'g_edit_posts' => 0, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 0, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 0, 'g_report_flood' => 0, 'g_rep_enabled' => 0, 'g_rep_interval' => 0, 'g_rep_plus' => 0, 'g_rep_minus' => 0, 'g_colour' => '', 'g_attach_files' => 0); $db->insert('groups', $insert); $insert = array('g_id' => 5, 'g_title' => $lang_install['Members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_view_users' => 1, 'g_post_polls' => 1, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 1, 'g_send_email' => 1, 'g_post_flood' => 5, 'g_use_pm' => 1, 'g_pm_limit' => 100, 'g_search_flood' => 30, 'g_email_flood' => 30, 'g_report_flood' => 30, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 10, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 1, 'g_max_attachments' => 2, 'g_max_size' => 5242880, 'g_pm_folder_limit' => 5); $db->insert('groups', $insert); $insert = array('g_id' => 6, 'g_title' => $lang_install['New members'], 'g_moderator' => 0, 'g_global_moderator' => 0, 'g_mod_edit_users' => 0, 'g_promote_min_posts' => 5, 'g_promote_next_group' => 5, 'g_mod_rename_users' => 0, 'g_mod_change_passwords' => 0, 'g_mod_ban_users' => 0, 'g_mod_warn_users' => 0, 'g_mod_edit_admin_posts' => 0, 'g_read_board' => 1, 'g_post_polls' => 1, 'g_view_users' => 0, 'g_post_replies' => 1, 'g_post_topics' => 1, 'g_edit_posts' => 1, 'g_edit_subject' => 0, 'g_deledit_interval' => 600, 'g_delete_posts' => 0, 'g_delete_topics' => 0, 'g_set_title' => 0, 'g_search' => 1, 'g_search_users' => 0, 'g_send_email' => 1, 'g_post_flood' => 60, 'g_use_pm' => 0, 'g_pm_limit' => 0, 'g_search_flood' => 30, 'g_email_flood' => 60, 'g_report_flood' => 60, 'g_rep_enabled' => 1, 'g_rep_interval' => 5, 'g_rep_plus' => 5, 'g_rep_minus' => 5, 'g_colour' => '', 'g_attach_files' => 0, 'g_max_attachments' => 0, 'g_max_size' => 1, 'g_pm_folder_limit' => 1); $db->insert('groups', $insert); $insert = array('group_id' => 4, 'username' => $lang_install['Guest'], 'password' => $lang_install['Guest'], 'email' => $lang_install['Guest']); // Insert guest and first admin user $db->insert('users', $insert); $insert = array('group_id' => 1, 'username' => $username, 'password' => panther_hash($password1 . $password_salt), 'salt' => $password_salt, 'email' => $email, 'language' => $default_lang, 'style' => $default_style, 'num_posts' => 1, 'last_post' => $now, 'registered' => $now, 'registration_ip' => get_remote_address(), 'last_visit' => $now, 'pm_enabled' => 1, 'use_gravatar' => 1); $db->insert('users', $insert); $insert = array('rank' => $lang_install['New member'], 'min_posts' => 0); $db->insert('ranks', $insert); $insert = array('rank' => $lang_install['Member'], 'min_posts' => 10); $db->insert('ranks', $insert); $avatars = in_array(strtolower(@ini_get('file_uploads')), array('on', 'true', '1')) ? 1 : 0; // Enable/disable avatars depending on file_uploads setting in PHP configuration $panther_smilies = array(':)' => 'smile.png', '=)' => 'smile.png', ':|' => 'neutral.png', '=|' => 'neutral.png', ':(' => 'sad.png', '=(' => 'sad.png', ':D' => 'big_smile.png', '=D' => 'big_smile.png', ':o' => 'yikes.png', ':O' => 'yikes.png', ';)' => 'wink.png', ':/' => 'hmm.png', ':P' => 'tongue.png', ':p' => 'tongue.png', ':lol:' => 'lol.png', ':mad:' => 'mad.png', ':rolleyes:' => 'roll.png', ':cool:' => 'cool.png', 'xD' => 'xd.png', 'XD' => 'xd.png', ':what:' => 'what.png', 'ZzZz' => 'sleep.png', ':angel:' => 'angel.png', ':angry:' => 'angry.png', ':\'(' => 'cry.png', ':\')' => 'happycry.png', ':blush:' => 'ashame.png'); $i = 0; foreach ($panther_smilies as $code => $image) { $insert = array('code' => $code, 'image' => $image, 'disp_position' => $i); $db->insert('smilies', $insert); $i++; } // Take an educated guess at the correct path- and replace backslashes with forward slashes in case we're using a Windows server.
function check_authentication() { global $lang_admin_common, $db, $panther_config, $panther_user; function send_authentication() { global $lang_admin_common; header('WWW-Authenticate: Basic realm="Panther Admin CP"'); header('HTTP/1.1 401 Unauthorized'); message($lang_admin_common['Unauthorised']); } if ($panther_config['o_http_authentication'] == '1') { if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) { send_authentication(); } else { if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $form_username = panther_trim($_SERVER['PHP_AUTH_USER']); $form_password = panther_trim($_SERVER['PHP_AUTH_PW']); $data = array(':id' => $panther_user['id'], ':username' => $form_username); $ps = $db->select('users', 'password, salt', $data, 'username=:username AND id=:id'); if (!$ps->rowCount()) { send_authentication(); } else { $cur_user = $ps->fetch(); if (panther_hash($form_password . $cur_user['salt']) != $cur_user['password']) { send_authentication(); } } } } } }
public function handle_forum_subscriptions($post_data, $replier, $tid) { if ($this->config['o_forum_subscriptions'] != '1') { return; } $forum_id = isset($post_data['forum_id']) ? $post_data['forum_id'] : $post_data['id']; $poster_id = isset($post_data['poster_id']) ? $post_data['poster_id'] : $this->user['id']; // Get any subscribed users that should be notified (banned users are excluded) $data = array(':id' => $this->user['id'], ':post_id' => $forum_id, ':forum_id' => $forum_id); $ps = $this->db->run('SELECT u.id, u.username, u.email, u.salt, u.login_key, u.notify_with_post, u.language, u.group_id, g.g_global_moderator, g.g_admin FROM ' . $this->db->prefix . 'users AS u INNER JOIN ' . $this->db->prefix . 'forum_subscriptions AS s ON u.id=s.user_id LEFT JOIN ' . $this->db->prefix . 'groups AS g ON u.group_id=g.g_id LEFT JOIN ' . $this->db->prefix . 'forum_perms AS fp ON (fp.forum_id=:post_id AND fp.group_id=u.group_id) LEFT JOIN ' . $this->db->prefix . 'bans AS b ON u.username=b.username WHERE b.username IS NULL AND (fp.read_forum IS NULL OR fp.read_forum=1) AND s.forum_id=:forum_id AND u.id!=:id', $data); if ($ps->rowCount()) { $cleaned_message = $this->bbcode2email($post_data['message'], -1); $moderators = $this->forums[$forum_id]['moderators'] != '' ? unserialize($this->forums[$forum_id]['moderators']) : array(); // Loop through subscribed users and send emails foreach ($ps as $cur_subscriber) { if ($this->forums[$forum_id]['protected'] == '1' && $cur_subscriber['g_global_moderator'] != '1' && $cur_subscriber['g_admin'] != '1' && $cur_subscriber['group_id'] != PANTHER_ADMIN && !in_array($cur_subscriber['username'], $moderators) && $cur_subscriber['id'] != $poster_id || !file_exists(PANTHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/new_topic.tpl')) { continue; } $token = panther_hash($cur_subscriber['id'] . 'viewforum.php' . $cur_subscriber['salt'] . $cur_subscriber['login_key']); $info = array('subject' => array('<forum_name>' => $post_data['forum_name']), 'message' => array('<username>' => $cur_subscriber['username'], '<topic_subject>' => $post_data['subject'], '<forum_name>' => $post_data['forum_name'], '<poster>' => $replier, '<topic_url>' => panther_link($this->url['topic'], array($tid, url_friendly($post_data['subject']))), '<unsubscribe_url>' => panther_link($this->url['forum_unsubscribe'], array($forum_id, $token)), '<message>' => $cleaned_message)); // Load the "new topic" template $mail_tpl = $this->parse(PANTHER_ROOT . 'lang/' . $cur_subscriber['language'] . '/mail_templates/' . ($cur_subscriber['notify_with_post'] == '0' ? 'new_topic' : 'new_topic_full') . '.tpl', $info); $this->send($cur_subscriber['email'], $mail_tpl['subject'], $mail_tpl['message']); } } }
$increment_posts = isset($_POST['increment_posts']) ? intval($_POST['increment_posts']) : 1; if ($forum_name == '') { message($lang_admin_forums['Must enter name message']); } if ($cat_id < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $data = array(':id' => $forum_id); if ($change_password == '1') { if ($forum_password1 == $forum_password2) { if ($forum_password1 == '') { $update = array('password' => '', 'salt' => ''); $db->update('forums', $update, 'id=:id', $data); } else { $salt = random_key(12, true); $update = array('password' => panther_hash($forum_password1 . panther_hash($salt)), 'salt' => $salt); $db->update('forums', $update, 'id=:id', $data); } } else { message($lang_admin_forums['passwords do not match']); } } $forum_desc = $forum_desc != '' ? $forum_desc : null; $redirect_url = $redirect_url != '' ? $redirect_url : null; $update = array('forum_name' => $forum_name, 'forum_desc' => $forum_desc, 'use_reputation' => $use_reputation, 'parent_forum' => $parent_forum, 'redirect_url' => $redirect_url, 'force_approve' => $force_approve, 'sort_by' => $sort_by, 'cat_id' => $cat_id, 'show_post_info' => $show_post_info, 'quickjump' => $quickjump, 'protected' => $protected, 'increment_posts' => $increment_posts); $db->update('forums', $update, 'id=:id', $data); // Now let's deal with the permissions if (isset($_POST['read_forum_old'])) { foreach ($panther_groups as $cur_group) { if ($cur_group['g_id'] != PANTHER_ADMIN) { $read_forum_new = $cur_group['g_read_board'] == '1' ? isset($_POST['read_forum_new'][$cur_group['g_id']]) ? '1' : '0' : intval($_POST['read_forum_old'][$cur_group['g_id']]);