$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_PassReset');
} else {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
}
} else {
$errorMsg = $main_smarty->get_config_vars('PLIGG_Visual_Login_Forgot_ErrorBadCode');
}
}
}
if ($_POST["processlogin"] == 5 && pligg_validate()) {
// resend confirmation email
$email = sanitize($db->escape(trim($_POST['email'])), 4);
if (check_email($email)) {
$user = $db->get_row("SELECT * FROM `" . table_users . "` where `user_email` = '" . $email . "' AND user_level!='Spammer'");
if ($user) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if ($user->email != sanitize($_POST['email'], 3)) {
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
// if email already exists
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
return $savemsg;
} else {
if (pligg_validate()) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
$mail->CharSet = 'utf-8';
#print_r($mail);
if (!$mail->Send()) {
return false;
}
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
} else {
$user->email = sanitize($_POST['email'], 2);
}
}
}
// User settings
if (Allow_User_Change_Templates && file_exists("./templates/" . $_POST['template'] . "/header.tpl")) {
$domain = $_SERVER['HTTP_HOST'] == 'localhost' ? '' : preg_replace('/^www/', '', $_SERVER['HTTP_HOST']);
setcookie("template", $_POST['template'], time() + 60 * 60 * 24 * 30, '/', $domain);
}
$sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
$sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
$arr = array();
while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
$arr[] = $row[0];
}
$select_check = $_POST['chack'];
if (!$select_check) {
$select_check = array();
}
$diff = array_diff($arr, $select_check);
$select_checked = $db->escape(implode(",", $diff));
$sql = "UPDATE " . table_users . " set user_categories='{$select_checked}' WHERE user_id = '{$user->id}'";
$query = mysql_query($sql);
/////
// Santizie user input
$user->url = sanitize($_POST['url'], 2);
$user->public_email = sanitize($_POST['public_email'], 2);
$user->location = sanitize($_POST['location'], 2);
$user->occupation = sanitize($_POST['occupation'], 2);
$user->facebook = sanitize($_POST['facebook'], 2);
$user->twitter = sanitize($_POST['twitter'], 2);
$user->linkedin = sanitize($_POST['linkedin'], 2);
$user->googleplus = sanitize($_POST['googleplus'], 2);
$user->skype = sanitize($_POST['skype'], 2);
$user->pinterest = sanitize($_POST['pinterest'], 2);
$user->names = sanitize($_POST['names'], 2);
if (user_language) {
$user->language = sanitize($_POST['language'], 2);
}
// Convert user input social URLs to username values
$facebookUrl = $user->facebook;
preg_match("/https?:\\/\\/(www\\.)?facebook\\.com\\/([^\\/]*)/", $facebookUrl, $matches);
if ($matches) {
$user->facebook = $matches[2];
}
$twitterUrl = $user->twitter;
preg_match("/https?:\\/\\/(www\\.)?twitter\\.com\\/(#!\\/)?@?([^\\/]*)/", $twitterUrl, $matches);
if ($matches) {
$user->twitter = $matches[3];
}
$linkedinUrl = $user->linkedin;
preg_match("/https?:\\/\\/(www\\.)?linkedin\\.com\\/in\\/([^\\/]*)/", $linkedinUrl, $matches);
if ($matches) {
$user->linkedin = $matches[2];
}
$googleplusUrl = $user->googleplus;
preg_match("/https?:\\/\\/plus\\.google\\.com\\/([^\\/]*)/", $googleplusUrl, $matches);
if ($matches) {
$user->googleplus = $matches[1];
}
$pinterestUrl = $user->pinterest;
preg_match("/https?:\\/\\/(www\\.)?pinterest\\.com\\/([^\\/]*)/", $pinterestUrl, $matches);
if ($matches) {
$user->pinterest = $matches[2];
}
// module system hook
$vars = '';
check_actions('profile_save', $vars);
/* $avatar_source = sanitize($_POST['avatarsource'], 2);
if($avatar_source != "" && $avatar_source != "useruploaded"){
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source=$avatar_source;
*/
if ($user->level == "admin" || $user->level == "moderator") {
if ($user->username != sanitize($_POST['user_login'], 3)) {
$user_login = sanitize($_POST['user_login'], 2);
if (preg_match('/\\pL/u', 'a')) {
// Check if PCRE was compiled with UTF-8 support
if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $user_login)) {
// if username contains invalid characters
$savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
return $savemsg;
}
} else {
if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $user_login)) {
$savemsg = $main_smarty->get_config_vars('PLIGG_Visual_Register_Error_UserInvalid');
return $savemsg;
}
}
if (user_exists(trim($user_login))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_UserExists");
$user->username = $user_login;
return $savemsg;
} else {
$user->username = $user_login;
$saved['username'] = 1;
}
}
}
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 2);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$saved['pass'] = 1;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
if ($saved['pass'] == 1 || $saved['username'] == 1) {
$current_user->Authenticate($user->username, $user->pass, false, $user->pass);
} else {
$current_user->Authenticate($user->username, $user->pass);
$saved['profile'] = 1;
}
return $saved;
} else {
return 'There was a token error.';
}
}
function Create()
{
global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
if ($this->username == '') {
return false;
}
if ($this->pass == '') {
return false;
}
if ($this->email == '') {
return false;
}
if (!user_exists($this->username)) {
$userip = $_SERVER['REMOTE_ADDR'];
$saltedpass = generateHash($this->pass);
$sqlGetiCategory = "SELECT category__auto_id from " . table_categories . " where category__auto_id!= 0;";
$sqlGetiCategoryQ = mysql_query($sqlGetiCategory);
$arr = array();
$i = 0;
while ($row = mysql_fetch_array($sqlGetiCategoryQ, MYSQL_NUM)) {
$arr[$i] = $row['0'];
$i++;
}
$CategoriesId = implode(",", $arr);
if (pligg_validate() == 1) {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '" . $CategoriesId . "')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
$encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url = $my_base_url;
$my_pligg_base = $my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"{$str}\";");
$message = "{$str}";
if (phpnum() >= 5) {
require "class.phpmailer5.php";
} else {
require "class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = "Administrator";
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
if (!$mail->Send()) {
return false;
exit;
}
return true;
} else {
return false;
}
} else {
if ($db->query("INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'" . $CategoriesId . "')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function Create()
{
global $db, $main_smarty, $the_template, $my_base_url, $my_pligg_base;
if ($this->username == '') {
return false;
}
if ($this->pass == '') {
return false;
}
if ($this->email == '') {
return false;
}
if (!user_exists($this->username)) {
require_once mnminclude . 'check_behind_proxy.php';
$userip = check_ip_behind_proxy();
$saltedpass = generateHash($this->pass);
if (pligg_validate()) {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', '')")) {
$result = $db->get_row("SELECT user_email, user_pass, user_karma, user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
$encode = md5($this->email . $result->user_karma . $this->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$username = $this->username;
$password = $this->pass;
$my_base_url = $my_base_url;
$my_pligg_base = $my_pligg_base;
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . $this->username;
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval('$str = "' . str_replace('"', '\\"', $str) . '";');
$message = "{$str}";
if (phpnum() >= 5) {
require "class.phpmailer5.php";
} else {
require "class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($this->email);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->CharSet = 'utf-8';
$mail->Body = $message;
if (!$mail->Send()) {
return false;
exit;
}
return true;
} else {
return false;
}
} else {
if ($db->query("INSERT IGNORE INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip, user_lastlogin,user_categories) VALUES ('" . $this->username . "', '" . $this->email . "', '" . $saltedpass . "', now(), '" . $userip . "', now(),'')")) {
return true;
} else {
return false;
}
}
} else {
die('User already exists');
}
}
function save_profile()
{
global $user, $current_user, $db, $main_smarty, $CSRF, $canIhaveAccess, $language;
if ($CSRF->check_valid(sanitize($_POST['token'], 3), 'profile_change')) {
if (!isset($_POST['save_profile']) || !$_POST['process'] || !$canIhaveAccess && sanitize($_POST['user_id'], 3) != $current_user->user_id) {
return;
}
if ($user->email != sanitize($_POST['email'], 3)) {
if (!check_email(sanitize($_POST['email'], 3))) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadEmail");
return $savemsg;
} elseif (email_exists(trim(sanitize($_POST['email'], 3)))) {
// if email already exists
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Error_EmailExists");
return $savemsg;
} else {
if (pligg_validate()) {
$encode = md5($_POST['email'] . $user->karma . $user->username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
$domain = $main_smarty->get_config_vars('PLIGG_Visual_Name');
$validation = my_base_url . my_pligg_base . "/validation.php?code={$encode}&uid=" . urlencode($user->username) . "&email=" . urlencode($_POST['email']);
$str = $main_smarty->get_config_vars('PLIGG_PassEmail_verification_message');
eval("\$str = \"{$str}\";");
$message = "{$str}";
if (phpnum() >= 5) {
require "libs/class.phpmailer5.php";
} else {
require "libs/class.phpmailer4.php";
}
$mail = new PHPMailer();
$mail->From = $main_smarty->get_config_vars('PLIGG_PassEmail_From');
$mail->FromName = $main_smarty->get_config_vars('PLIGG_PassEmail_Name');
$mail->AddAddress($_POST['email']);
$mail->AddReplyTo($main_smarty->get_config_vars('PLIGG_PassEmail_From'));
$mail->IsHTML(false);
$mail->Subject = $main_smarty->get_config_vars('PLIGG_PassEmail_Subject_verification');
$mail->Body = $message;
$mail->CharSet = 'utf-8';
#print_r($mail);
if (!$mail->Send()) {
return false;
}
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Register_Noemail") . ' ' . sprintf($main_smarty->get_config_vars("PLIGG_Visual_Register_ToDo"), $main_smarty->get_config_vars('PLIGG_PassEmail_From'));
} else {
$user->email = sanitize($_POST['email'], 3);
}
}
}
$user->url = sanitize($_POST['url'], 3);
$user->public_email = sanitize($_POST['public_email'], 3);
$user->location = sanitize($_POST['location'], 3);
$user->occupation = sanitize($_POST['occupation'], 3);
$user->aim = sanitize($_POST['aim'], 3);
$user->msn = sanitize($_POST['msn'], 3);
$user->yahoo = sanitize($_POST['yahoo'], 3);
$user->gtalk = sanitize($_POST['gtalk'], 3);
$user->skype = sanitize($_POST['skype'], 3);
$user->irc = sanitize($_POST['irc'], 3);
$user->names = sanitize($_POST['names'], 3);
if (user_language) {
$user->language = sanitize($_POST['language'], 3);
}
// module system hook
$vars = '';
check_actions('profile_save', $vars);
$avatar_source = sanitize($_POST['avatarsource'], 3);
if ($avatar_source != "" && $avatar_source != "useruploaded") {
loghack('Updating profile, avatar source is not one of the list options.', 'username: '******'|email: ' . sanitize($_POST["email"], 3));
$avatar_source == "";
}
$user->avatar_source = $avatar_source;
if (!empty($_POST['newpassword']) || !empty($_POST['newpassword2'])) {
$oldpass = sanitize($_POST['oldpassword'], 3);
$userX = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'");
$saltedpass = generateHash($oldpass, substr($userX->user_pass, 0, SALT_LENGTH));
if ($userX->user_pass == $saltedpass) {
if (sanitize($_POST['newpassword'], 3) !== sanitize($_POST['newpassword2'], 3)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadPass");
return $savemsg;
} else {
$saltedpass = generateHash(sanitize($_POST['newpassword'], 3));
$user->pass = $saltedpass;
$user->store();
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_PassUpdated");
return $savemsg;
}
} else {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_BadOldPass");
return $savemsg;
}
}
$user->store();
$user->read();
if ($language != $user->language) {
header("Location: " . getmyurl('profile'));
exit;
}
$current_user->Authenticate($user->username, $user->pass);
if (!isset($savemsg)) {
$savemsg = $main_smarty->get_config_vars("PLIGG_Visual_Profile_DataUpdated");
}
return $savemsg;
} else {
return 'There was a token error.';
}
}
include 'config.php';
include mnminclude . 'html1.php';
include mnminclude . 'link.php';
include mnminclude . 'smartyvariables.php';
// Get values from the end user
$rcode = $db->escape(trim($_GET['code']));
$username = $db->escape(trim($_GET['uid']));
// Retrieve values from database
$user = "******" . table_users . " WHERE user_login = '******'";
global $db;
$result = $db->get_row($user);
if ($result) {
if ($_GET['email']) {
$decode = md5($_GET['email'] . $result->user_karma . $username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
} else {
$decode = md5($result->user_email . $result->user_karma . $username . pligg_hash() . $main_smarty->get_config_vars('PLIGG_Visual_Name'));
}
} else {
$main_smarty->assign('error', $main_smarty->get_config_vars('PLIGG_Validation_No_Results'));
}
// Compare values
if ($rcode == $decode) {
$lastlogin = $db->get_var("SELECT user_lastlogin FROM " . table_users . " WHERE user_login = '******'");
if ($lastlogin == "0000-00-00 00:00:00") {
$login_url = getmyurl("loginNoVar");
$message = sprintf($main_smarty->get_config_vars('PLIGG_Validation_Message'), $login_url);
$main_smarty->assign('message', $message);
$sql = "UPDATE " . table_users . " SET user_lastlogin = now() WHERE user_login='******'";
if (!@mysql_query($sql)) {
$main_smarty->assign('error', $main_smarty->get_config_vars('PLIGG_Validation_Mysql_Error'));
}