function upgrade15_dbchanges() { global $db, $output, $mybb, $cache; $output->print_header("Performing Queries"); echo "<p>Performing necessary upgrade queries..</p>"; flush(); if ($db->type != "pgsql") { $db->update_query("settinggroups", array('isdefault' => '1'), "isdefault='yes'"); $db->update_query("settinggroups", array('isdefault' => '0'), "isdefault='no'"); $db->write_query("ALTER TABLE " . TABLE_PREFIX . "events CHANGE timezone timezone varchar(4) NOT NULL default '0'"); } if ($db->type == "pgsql") { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN revokereason SET default ''"); $db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN notes SET default ''"); } $cache->update("internal_settings", array('encryption_key' => random_str(32))); if ($db->type != "sqlite2" && $db->type != "sqlite3") { $ip_index = $db->index_exists("sessions", "ip"); if ($ip_index == false) { if ($db->type == "pgsql") { $db->write_query("CREATE INDEX ip ON " . TABLE_PREFIX . "sessions (ip)"); } else { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "sessions ADD INDEX (`ip`)"); } } } $contents .= "Click next to continue with the upgrade process.</p>"; $output->print_contents($contents); $output->print_footer("15_usernameverify"); }
function upgrade15_dbchanges() { global $db, $output, $mybb, $cache; $output->print_header("Wykonywanie zapytań"); echo "<p>Trwa wykonywanie wymaganych zapytań do bazy danych...</p>"; flush(); if ($db->type != "pgsql") { $db->update_query("settinggroups", array('isdefault' => '1'), "isdefault='yes'"); $db->update_query("settinggroups", array('isdefault' => '0'), "isdefault='no'"); $db->write_query("ALTER TABLE " . TABLE_PREFIX . "events CHANGE timezone timezone varchar(4) NOT NULL default '0'"); } if ($db->type == "pgsql") { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN revokereason SET default ''"); $db->write_query("ALTER TABLE " . TABLE_PREFIX . "warnings ALTER COLUMN notes SET default ''"); } $cache->update("internal_settings", array('encryption_key' => random_str(32))); if ($db->type != "sqlite") { $ip_index = $db->index_exists("sessions", "ip"); if ($ip_index == false) { if ($db->type == "pgsql") { $db->write_query("CREATE INDEX ip ON " . TABLE_PREFIX . "sessions (ip)"); } else { $db->write_query("ALTER TABLE " . TABLE_PREFIX . "sessions ADD INDEX (`ip`)"); } } } $contents .= "Naciśnij przycisk Dalej, aby kontynuować proces aktualizacji.</p>"; $output->print_contents($contents); $output->print_footer("15_usernameverify"); }
function create($a) { if (!$a["id"]) { $a["id"] = random_str(); } $a['created_at'] = date("Y/m/d H:i:s"); //$a['cookie']=@$_COOKIE['cookie']; $this->lastid = $a["id"]; $lines = $this->get_lines(); $head = explode("\t", array_shift($lines)); $head_num = count($head); $b = array(); for ($i = 0; $i < $head_num; $i++) { if ($a[$head[$i]]) { $b[] = $this->escape($a[$head[$i]]); } else { $b[] = ""; } } $handle = fopen(SAFEPATH . $this->tablename, 'a'); if (flock($handle, LOCK_EX)) { $line = implode("\t", $b); fwrite($handle, $line . "\n"); flock($handle, LOCK_UN); // ロックを解放します } else { fclose($fp); return false; } fclose($fp); return $a; }
function authpic() { $random = random_str(4, "123456789"); $_SESSION["authcode"] = $random; code2pic($random); exit; }
function upload_attach_func($xmlrpc_params) { global $db, $lang, $theme, $plugins, $mybb, $session, $settings, $cache, $time, $mybbgroups; $lang->load("member"); $parser = new postParser(); $input = Tapatalk_Input::filterXmlInput(array('forum_id' => Tapatalk_Input::INT, 'group_id' => Tapatalk_Input::STRING, 'content' => Tapatalk_Input::STRING), $xmlrpc_params); $fid = $input['forum_id']; //return xmlrespfalse(print_r($_FILES, true)); // Fetch forum information. $forum = get_forum($fid); if (!$forum) { return xmlrespfalse($lang->error_invalidforum); } $forumpermissions = forum_permissions($fid); if ($forum['open'] == 0 || $forum['type'] != "f") { return xmlrespfalse($lang->error_closedinvalidforum); } if ($mybb->user['uid'] < 1 || $forumpermissions['canview'] == 0 || $forumpermissions['canpostthreads'] == 0 || $mybb->user['suspendposting'] == 1) { return tt_no_permission(); } // Check if this forum is password protected and we have a valid password tt_check_forum_password($forum['fid']); $posthash = $input['group_id']; if (empty($posthash)) { $posthash = md5($mybb->user['uid'] . random_str()); } $mybb->input['posthash'] = $posthash; if (!empty($mybb->input['pid'])) { $attachwhere = "pid='{$mybb->input['pid']}'"; } else { $attachwhere = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "COUNT(aid) as numattachs", $attachwhere); $attachcount = $db->fetch_field($query, "numattachs"); //if(is_array($_FILES['attachment']['name'])){ foreach ($_FILES['attachment'] as $k => $v) { if (is_array($_FILES['attachment'][$k])) { $_FILES['attachment'][$k] = $_FILES['attachment'][$k][0]; } } //} if ($_FILES['attachment']['type'] == 'image/jpg') { $_FILES['attachment']['type'] = 'image/jpeg'; } // If there's an attachment, check it and upload it if ($_FILES['attachment']['size'] > 0 && $forumpermissions['canpostattachments'] != 0 && ($mybb->settings['maxattachments'] == 0 || $attachcount < $mybb->settings['maxattachments'])) { require_once MYBB_ROOT . "inc/functions_upload.php"; $attachedfile = upload_attachment($_FILES['attachment'], false); } if (empty($attachedfile)) { return xmlrespfalse("No file uploaded"); } //return xmlrespfalse(print_r($attachedfile, true)); if ($attachedfile['error']) { return xmlrespfalse(implode(" :: ", $attachedfile['error'])); } $result = new xmlrpcval(array('attachment_id' => new xmlrpcval($attachedfile['aid'], 'string'), 'group_id' => new xmlrpcval($posthash, 'string'), 'result' => new xmlrpcval(true, 'boolean'), 'result_text' => new xmlrpcval('', 'base64'), 'file_size' => new xmlrpcval($attachedfile['filesize'], 'int')), 'struct'); return new xmlrpcresp($result); }
/** * Create & Assign a new payment ID to user * * @param object User * @return string payment id */ public function create_payment_id($user) { $res = false; // Keep generating payment id until successfully inserted. while (!$res) { $payment_id = random_str(64); $sql = insert_query('users_cn_payment_ids', array('asset_id' => $this->id, 'payment_id' => $payment_id, 'user_id' => $user->id(), 'date_created' => array('UTC_TIMESTAMP()'))); $res = db()->query($sql); } return $payment_id; }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->auth->guest()) { if ($request->ajax()) { return response('Unauthorized.', 401); } else { return redirect()->guest('/token/314159265?state=' . random_str(20)); } } return $next($request); }
/** * This function return user if user is logged in and update It's expire time. * If user is not logged in , returns false; * @return bool|WP_USER */ function get_user_from_cookie() { if (!isset($_COOKIE[COOKIE_NAME])) { return false; } $user = get_user_by('ID', substr($_COOKIE[COOKIE_NAME], 34, strlen($_COOKIE[COOKIE_NAME]) - 56)); if ($user) { setcookie(COOKIE_NAME, random_str(34) . strval($user->ID) . random_str(22), time() + 21600, '/'); return $user; } return false; }
function convert_data($data) { global $db, $error_notice, $mybb; $error_notice = ""; $insert_data = array(); // Invision Power Board 2 values $insert_data['import_aid'] = $data['attach_id']; $posthash = $this->get_import->post_attachment_details($data['attach_pid']); $insert_data['pid'] = $posthash['pid']; if ($posthash['posthash']) { $insert_data['posthash'] = $posthash['posthash']; } else { $insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str()); } $insert_data['filetype'] = $this->get_attach_type($data['attach_ext']); // Check if it is it an image switch (strtolower($insert_data['filetype'])) { case "image/gif": case "image/jpeg": case "image/x-jpg": case "image/x-jpeg": case "image/pjpeg": case "image/jpg": case "image/png": case "image/x-png": $is_image = 1; break; default: $is_image = 0; break; } // should have thumbnail if it's an image if ($is_image == 1) { $insert_data['thumbnail'] = 'SMALL'; } else { $insert_data['thumbnail'] = ''; } $insert_data['posthash'] = $data['attach_post_key']; $insert_data['uid'] = $this->get_import->uid($data['attach_member_id']); $insert_data['filename'] = $data['attach_file']; $insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['attach_date'] . ".attach"; $insert_data['filesize'] = $data['attach_filesize']; $insert_data['downloads'] = $data['attach_hits']; $insert_data['visible'] = $data['attach_approved']; if ($data['attach_thumb_location']) { $ext = get_extension($data['attach_thumb_location']); $insert_data['thumbnail'] = str_replace(".attach", "_thumb.{$ext}", basename($insert_data['attachname'])); } return $insert_data; }
/** * Adds user to the databse. * Creates a temporary randomly generated password string * for user, emails the user a confirmation message about account creation * along with * temporary password string. * * @param $DB_con - * PDO Database connection object */ public function add_user($DB_con) { // generate random password string $temp_password = random_str(10); // not currently needed // hash password // if (isset($password)) { // $password = crypt($password); // } // prepare and executer query to add user to database $add_user_query = 'INSERT INTO `tat_user` (`employee_number`, `First_Name`, `Last_Name`, `Email`, `Phone_Number`, `GPA`, `Gender`, `Password`, `Access_Level`) VALUES (:sid, :first_name, :last_name, :email, :phone_number, :gpa, :gender, :password, :access_level)'; $statement = $DB_con->prepare($add_user_query); // bind query parameters $statement->bindParam(':sid', $this->id, PDO::PARAM_STR); $statement->bindParam(':first_name', $this->first_name, PDO::PARAM_STR); $statement->bindParam(':last_name', $this->last_name, PDO::PARAM_STR); $statement->bindParam(':email', $this->email, PDO::PARAM_STR); $statement->bindParam(':phone_number', $this->phone_number, PDO::PARAM_STR); $statement->bindParam(':gpa', $this->gpa, PDO::PARAM_STR); $statement->bindParam(':gender', $this->gender, PDO::PARAM_STR); $statement->bindParam(':password', $temp_password, PDO::PARAM_STR); $statement->bindParam(':access_level', $this->access_level, PDO::PARAM_STR); // execute query if (!$statement->execute()) { // set error message and redirect user $_SESSION['add_user_error'] = 'An unknown error has occurred. Please contact system support and provide a detailed description of what you were trying to accomplish when this error occurred. (Error: -1)'; header('Location: ../add_user_gui.php'); die; } else { // redirect to dash board $_SESSION['user_added'] = 1; $fullName = $this->first_name . " " . $this->last_name; // finally send them an email if ($this->access_level == 'lecturer') { $email = new Emailer(); $email->sendLecturerTempEmail($_POST['user_email'], $fullName, $temp_password); header('Location: ../add_user_gui.php'); die; } else { if ($this->access_level == 'student') { $email = new Emailer(); $email->sendStudentTempEmail($_POST['user_email'], $fullName, $temp_password); header('Location: ../add_user_gui.php'); die; } } } }
function convert_data($data) { $insert_data = array(); // vBulletin 3 values $insert_data['import_aid'] = $data['attachmentid']; $insert_data['filetype'] = $this->get_attach_type($data['extension']); // Check if it is it an image switch (strtolower($insert_data['filetype'])) { case "image/gif": case "image/jpeg": case "image/x-jpg": case "image/x-jpeg": case "image/pjpeg": case "image/jpg": case "image/png": case "image/x-png": $is_image = 1; break; default: $is_image = 0; break; } // Should have thumbnail if it's an image if ($is_image == 1) { $insert_data['thumbnail'] = 'SMALL'; } else { $insert_data['thumbnail'] = ''; } $posthash = $this->get_import->post_attachment_details($data['postid']); $insert_data['pid'] = $posthash['pid']; if ($posthash['posthash']) { $insert_data['posthash'] = $posthash['posthash']; } else { $insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str()); } $insert_data['uid'] = $this->get_import->uid($data['userid']); $insert_data['filename'] = $data['filename']; $insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['dateline'] . ".attach"; $insert_data['filesize'] = $data['filesize']; $insert_data['downloads'] = $data['counter']; $insert_data['visible'] = $data['visible']; if ($data['thumbnail']) { $insert_data['thumbnail'] = str_replace(".attach", "_thumb.{$data['extension']}", $insert_data['attachname']); } return $insert_data; }
function convert_data($data) { $insert_data = array(); // phpBB 3 values $insert_data['import_aid'] = $data['attach_id']; $insert_data['uid'] = $this->get_import->uid($data['poster_id']); $insert_data['filename'] = $data['real_filename']; $insert_data['attachname'] = "post_" . $insert_data['uid'] . "_" . $data['filetime'] . ".attach"; $insert_data['filetype'] = $data['mimetype']; $insert_data['filesize'] = $data['filesize']; $insert_data['downloads'] = $data['download_count']; $posthash = $this->get_import->post_attachment_details($data['post_msg_id']); $insert_data['pid'] = $posthash['pid']; if ($posthash['posthash']) { $insert_data['posthash'] = $posthash['posthash']; } else { $insert_data['posthash'] = md5($posthash['tid'] . $posthash['uid'] . random_str()); } // Check if this is an image switch (strtolower($insert_data['filetype'])) { case "image/gif": case "image/jpeg": case "image/x-jpg": case "image/x-jpeg": case "image/pjpeg": case "image/jpg": case "image/png": case "image/x-png": $is_image = 1; break; default: $is_image = 0; break; } // Check if this is an image if ($is_image == 1) { $insert_data['thumbnail'] = 'SMALL'; } else { $insert_data['thumbnail'] = ''; } return $insert_data; }
public function addUser($user_info) { $result = array('success' => false, 'message' => "Something went wrong."); if (sizeof($user_info) > 0) { $result['success'] = (isset($user_info['name']) and ctype_alnum($user_info['name']) and strlen($user_info['name']) > 2 or isset($user_info['email']) and filter_var($user_info['email'], FILTER_VALIDATE_EMAIL) or isset($user_info['country']) and ctype_alpha($user_info['country']) or isset($user_info['password']) and strlen($user_info['password']) < 5 or isset($user_info['confirm_password'])) ? true : false; if ($user_info['password'] != $user_info['confirm_password']) { $result['success'] = false; $result['message'] = "Password did not match."; $result['field'] = "password"; return $result; } if ($this->db->checkExists($this->user_table, 'email', $user_info['email'])) { $result['success'] = false; $result['message'] = "Email already exists."; $result['field'] = "email"; return $result; } if ($result['success']) { $salt = random_str(20); $password = crypt($user_info['password'], $salt); unset($user_info['password']); unset($user_info['confirm_password']); $user_result = $this->db->add($this->user_table, $user_info); if ($user_result['success']) { $result['user_id'] = $user_result['lastInsertId']; $result['secret_id'] = $this->_saveUserSecret(array('user_id' => $result['user_id'], 'password' => $password, 'email_confirmation' => random_str(20))); if ($result['secret_id']) { /* TO DO : * Email Confirmation */ $result['success'] = true; unset($result['message']); } } } } return $result; }
} if (isset($mybb->input['code']) && $user) { $query = $db->simple_select("awaitingactivation", "code", "uid='" . $user['uid'] . "' AND type='p'"); $activationcode = $db->fetch_field($query, 'code'); $now = TIME_NOW; if (!$activationcode || $activationcode != $mybb->get_input('code')) { error($lang->error_badlostpwcode); } $db->delete_query("awaitingactivation", "uid='" . $user['uid'] . "' AND type='p'"); $username = $user['username']; // Generate a new password, then update it $password_length = (int) $mybb->settings['minpasswordlength']; if ($password_length < 8) { $password_length = 8; } $password = random_str($password_length); $logindetails = update_password($user['uid'], md5($password), $user['salt']); $email = $user['email']; $plugins->run_hooks("member_resetpassword_process"); $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); my_mail($email, $emailsubject, $emailmessage); $plugins->run_hooks("member_resetpassword_reset"); error($lang->redirect_passwordreset); } else { $plugins->run_hooks("member_resetpassword_form"); switch ($mybb->settings['username_method']) { case 0: $lang_username = $lang->username; break; case 1:
/** * Installation is finished */ function install_done() { global $output, $db, $mybb, $errors, $cache, $lang; if (empty($mybb->input['adminuser'])) { $errors[] = $lang->admin_step_error_nouser; } if (empty($mybb->input['adminpass'])) { $errors[] = $lang->admin_step_error_nopassword; } if ($mybb->get_input('adminpass') != $mybb->get_input('adminpass2')) { $errors[] = $lang->admin_step_error_nomatch; } if (empty($mybb->input['adminemail'])) { $errors[] = $lang->admin_step_error_noemail; } if (is_array($errors)) { create_admin_user(); } require MYBB_ROOT . 'inc/config.php'; $db = db_connection($config); require MYBB_ROOT . 'inc/settings.php'; $mybb->settings =& $settings; ob_start(); $output->print_header($lang->finish_setup, 'finish'); echo $lang->done_step_usergroupsinserted; // Insert all of our user groups from the XML file $usergroup_settings = file_get_contents(INSTALL_ROOT . 'resources/usergroups.xml'); $parser = new XMLParser($usergroup_settings); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $admin_gid = ''; $group_count = 0; foreach ($tree['usergroups'][0]['usergroup'] as $usergroup) { // usergroup[cancp][0][value] $new_group = array(); foreach ($usergroup as $key => $value) { if (!is_array($value)) { continue; } $new_group[$key] = $db->escape_string($value[0]['value']); } $db->insert_query("usergroups", $new_group, false); // If this group can access the admin CP and we haven't established the admin group - set it (just in case we ever change IDs) if ($new_group['cancp'] == 1 && !$admin_gid) { $admin_gid = $usergroup['gid'][0]['value']; } $group_count++; } // Restart usergroup sequence with correct # of groups if ($config['database']['type'] == "pgsql") { $db->query("SELECT setval('{$config['database']['table_prefix']}usergroups_gid_seq', (SELECT max(gid) FROM {$config['database']['table_prefix']}usergroups));"); } echo $lang->done . '</p>'; echo $lang->done_step_admincreated; $now = TIME_NOW; $salt = random_str(); $loginkey = generate_loginkey(); $saltedpw = md5(md5($salt) . md5($mybb->get_input('adminpass'))); $newuser = array('username' => $db->escape_string($mybb->get_input('adminuser')), 'password' => $saltedpw, 'salt' => $salt, 'loginkey' => $loginkey, 'email' => $db->escape_string($mybb->get_input('adminemail')), 'usergroup' => $admin_gid, 'regdate' => $now, 'lastactive' => $now, 'lastvisit' => $now, 'website' => '', 'icq' => '', 'aim' => '', 'yahoo' => '', 'skype' => '', 'google' => '', 'birthday' => '', 'signature' => '', 'allownotices' => 1, 'hideemail' => 0, 'subscriptionmethod' => '0', 'receivepms' => 1, 'pmnotice' => 1, 'pmnotify' => 1, 'buddyrequestspm' => 1, 'buddyrequestsauto' => 0, 'showimages' => 1, 'showvideos' => 1, 'showsigs' => 1, 'showavatars' => 1, 'showquickreply' => 1, 'invisible' => 0, 'style' => '0', 'timezone' => 0, 'dst' => 0, 'threadmode' => '', 'daysprune' => 0, 'regip' => $db->escape_binary(my_inet_pton(get_ip())), 'language' => '', 'showcodebuttons' => 1, 'tpp' => 0, 'ppp' => 0, 'referrer' => 0, 'buddylist' => '', 'ignorelist' => '', 'pmfolders' => '', 'notepad' => '', 'showredirect' => 1, 'usernotes' => ''); $db->insert_query('users', $newuser); echo $lang->done . '</p>'; echo $lang->done_step_adminoptions; $adminoptions = file_get_contents(INSTALL_ROOT . 'resources/adminoptions.xml'); $parser = new XMLParser($adminoptions); $parser->collapse_dups = 0; $tree = $parser->get_tree(); $insertmodule = array(); $db->delete_query("adminoptions"); // Insert all the admin permissions foreach ($tree['adminoptions'][0]['user'] as $users) { $uid = $users['attributes']['uid']; foreach ($users['permissions'][0]['module'] as $module) { foreach ($module['permission'] as $permission) { $insertmodule[$module['attributes']['name']][$permission['attributes']['name']] = $permission['value']; } } $defaultviews = array(); foreach ($users['defaultviews'][0]['view'] as $view) { $defaultviews[$view['attributes']['type']] = $view['value']; } $adminoptiondata = array('uid' => (int) $uid, 'cpstyle' => '', 'notes' => '', 'permissions' => $db->escape_string(my_serialize($insertmodule)), 'defaultviews' => $db->escape_string(my_serialize($defaultviews))); $insertmodule = array(); $db->insert_query('adminoptions', $adminoptiondata); } echo $lang->done . '</p>'; // Automatic Login my_unsetcookie("sid"); my_unsetcookie("mybbuser"); my_setcookie('mybbuser', $uid . '_' . $loginkey, null, true); ob_end_flush(); // Make fulltext columns if supported if ($db->supports_fulltext('threads')) { $db->create_fulltext_index('threads', 'subject'); } if ($db->supports_fulltext_boolean('posts')) { $db->create_fulltext_index('posts', 'message'); } echo $lang->done_step_cachebuilding; require_once MYBB_ROOT . 'inc/class_datacache.php'; $cache = new datacache(); $cache->update_version(); $cache->update_attachtypes(); $cache->update_smilies(); $cache->update_badwords(); $cache->update_usergroups(); $cache->update_forumpermissions(); $cache->update_stats(); $cache->update_statistics(); $cache->update_forums(); $cache->update_moderators(); $cache->update_usertitles(); $cache->update_reportedcontent(); $cache->update_awaitingactivation(); $cache->update_mycode(); $cache->update_profilefields(); $cache->update_posticons(); $cache->update_spiders(); $cache->update_bannedips(); $cache->update_banned(); $cache->update_bannedemails(); $cache->update_birthdays(); $cache->update_groupleaders(); $cache->update_threadprefixes(); $cache->update_forumsdisplay(); $cache->update("plugins", array()); $cache->update("internal_settings", array('encryption_key' => random_str(32))); $cache->update_default_theme(); $version_history = array(); $dh = opendir(INSTALL_ROOT . "resources"); while (($file = readdir($dh)) !== false) { if (preg_match("#upgrade([0-9]+).php\$#i", $file, $match)) { $version_history[$match[1]] = $match[1]; } } sort($version_history, SORT_NUMERIC); $cache->update("version_history", $version_history); // Schedule an update check so it occurs an hour ago. Gotta stay up to date! $update['nextrun'] = TIME_NOW - 3600; $db->update_query("tasks", $update, "tid='12'"); $cache->update_update_check(); $cache->update_tasks(); echo $lang->done . '</p>'; echo $lang->done_step_success; $written = 0; if (is_writable('./')) { $lock = @fopen('./lock', 'w'); $written = @fwrite($lock, '1'); @fclose($lock); if ($written) { echo $lang->done_step_locked; } } if (!$written) { echo $lang->done_step_dirdelete; } echo $lang->done_whats_next; $output->print_footer(''); }
// Wrong code -> close session (aka logout) $db->delete_query("adminsessions", "sid='" . $db->escape_string($mybb->cookies['adminsid']) . "'"); my_unsetcookie('adminsid'); // Now test whether we need to lock this guy completly $db->update_query("adminoptions", array("loginattempts" => "loginattempts+1"), "uid='{$mybb->user['uid']}'", '', true); $loginattempts = login_attempt_check_acp($mybb->user['uid'], true); // Have we attempted too many times? if ($loginattempts['loginattempts'] > 0) { // Have we set an expiry yet? if ($loginattempts['loginlockoutexpiry'] == 0) { $db->update_query("adminoptions", array("loginlockoutexpiry" => TIME_NOW + (int) $mybb->settings['loginattemptstimeout'] * 60), "uid='{$mybb->user['uid']}'"); } // Did we hit lockout for the first time? Send the unlock email to the administrator if ($loginattempts['loginattempts'] == $mybb->settings['maxloginattempts']) { $db->delete_query("awaitingactivation", "uid='{$mybb->user['uid']}' AND type='l'"); $lockout_array = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => random_str(), "type" => "l"); $db->insert_query("awaitingactivation", $lockout_array); $subject = $lang->sprintf($lang->locked_out_subject, $mybb->settings['bbname']); $message = $lang->sprintf($lang->locked_out_message, htmlspecialchars_uni($mybb->user['username']), $mybb->settings['bbname'], $mybb->settings['maxloginattempts'], $mybb->settings['bburl'], $mybb->config['admin_dir'], $lockout_array['code'], $lockout_array['uid']); my_mail($mybb->user['email'], $subject, $message); } log_admin_action(array('type' => 'admin_locked_out', 'uid' => $mybb->user['uid'], 'username' => $mybb->user['username'])); $page->show_lockedout(); } // Still here? Show a custom login page $page->show_login($lang->my2fa_failed, "error"); } } // Show our 2FA page if (!empty($admin_options['authsecret']) && $admin_session['authenticated'] != 1) { $page->show_2fa();
$captcha = $post_captcha->html; } } $postoptionschecked = array('signature' => '', 'emailnotify' => ''); if ($mybb->user['signature']) { $postoptionschecked['signature'] = 'checked="checked"'; } // Hide signature option if no permission $option_signature = ''; if ($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature']) { eval("\$option_signature = \"" . $templates->get('showthread_quickreply_options_signature') . "\";"); } if (isset($mybb->user['emailnotify']) && $mybb->user['emailnotify'] == 1) { $postoptionschecked['emailnotify'] = 'checked="checked"'; } $posthash = md5($mybb->user['uid'] . random_str()); eval("\$quickreply = \"" . $templates->get("showthread_quickreply") . "\";"); } // If the user is a moderator, show the moderation tools. if ($ismod) { $customthreadtools = $customposttools = ''; if (is_moderator($forum['fid'], "canusecustomtools") && (!empty($forum_stats[-1]['modtools']) || !empty($forum_stats[$forum['fid']]['modtools']))) { switch ($db->type) { case "pgsql": case "sqlite": $query = $db->simple_select("modtools", "tid, name, type", "','||forums||',' LIKE '%,{$fid},%' OR ','||forums||',' LIKE '%,-1,%' OR forums=''"); break; default: $query = $db->simple_select("modtools", "tid, name, type", "CONCAT(',',forums,',') LIKE '%,{$fid},%' OR CONCAT(',',forums,',') LIKE '%,-1,%' OR forums=''"); } while ($tool = $db->fetch_array($query)) {
if ($mybb->input['action'] == "do_email" && $mybb->request_method == "post") { $errors = array(); $plugins->run_hooks("usercp_do_email_start"); if (validate_password_from_uid($mybb->user['uid'], $mybb->input['password']) == false) { $errors[] = $lang->error_invalidpassword; } else { // Set up user handler. require_once "inc/datahandlers/user.php"; $userhandler = new UserDataHandler("update"); $user = array("uid" => $mybb->user['uid'], "email" => $mybb->input['email'], "email2" => $mybb->input['email2']); $userhandler->set_data($user); if (!$userhandler->validate_user()) { $errors = $userhandler->get_friendly_errors(); } else { if ($mybb->user['usergroup'] != "5" && $mybb->usergroup['cancp'] != 1) { $activationcode = random_str(); $now = TIME_NOW; $db->delete_query("awaitingactivation", "uid='" . $mybb->user['uid'] . "'"); $newactivation = array("uid" => $mybb->user['uid'], "dateline" => TIME_NOW, "code" => $activationcode, "type" => "e", "oldgroup" => $mybb->user['usergroup'], "misc" => $db->escape_string($mybb->input['email'])); $db->insert_query("awaitingactivation", $newactivation); $username = $mybb->user['username']; $uid = $mybb->user['uid']; $lang->emailsubject_changeemail = $lang->sprintf($lang->emailsubject_changeemail, $mybb->settings['bbname']); $lang->email_changeemail = $lang->sprintf($lang->email_changeemail, $mybb->user['username'], $mybb->settings['bbname'], $mybb->user['email'], $mybb->input['email'], $mybb->settings['bburl'], $activationcode, $mybb->user['username'], $mybb->user['uid']); my_mail($mybb->input['email'], $lang->emailsubject_changeemail, $lang->email_changeemail); $plugins->run_hooks("usercp_do_email_verify"); $result_text = $lang->redirect_changeemail_activation; $verify_result = true; } else { $userhandler->update_user(); $plugins->run_hooks("usercp_do_email_changed");
<?php $NameFirst = my_fix($_POST['inputNameFirst']); $NameLast = my_fix($_POST['inputNameLast']); $Email = my_fix($_POST['inputEmail2']); $Blowfish = encrypt_password(random_str(16)); $Connection = get_connection(); try { $Connection->beginTransaction(); $q0 = gq_insert('framy_Personal', 'NameFirst,NameLast,Email', ':a,:b,:c'); $s0 = $Connection->prepare($q0); $s0->bindValue(':a', $NameFirst, PDO::PARAM_STR); $s0->bindValue(':b', $NameLast, PDO::PARAM_STR); $s0->bindValue(':c', $Email, PDO::PARAM_STR); $s0->execute(); $s0->closeCursor(); $PersonalId = $Connection->lastInsertId('framy_Personal_PersonalId_seq'); $q1 = gq_insert('framy_Blowfish', 'PersonalId,Blowfish', ':a,:b'); $s1 = $Connection->prepare($q1); $s1->bindValue(':a', $PersonalId, PDO::PARAM_INT); $s1->bindValue(':b', $Blowfish, PDO::PARAM_STR); $s1->execute(); $s1->closeCursor(); $Connection->commit(); } catch (Exception $e) { $Connection->rollBack(); superendsession(); exception_error($e); die; } $_SESSION['PersonalId'] = $PersonalId;
/** * Upload an attachment in to the file system * * @param array $attachment Attachment data (as fed by PHPs $_FILE) * @param boolean $update_attachment Whether or not we are updating a current attachment or inserting a new one * @return array Array of attachment data if successful, otherwise array of error data */ function upload_attachment($attachment, $update_attachment = false) { global $mybb, $db, $theme, $templates, $posthash, $pid, $tid, $forum, $mybb, $lang, $plugins, $cache; $posthash = $db->escape_string($mybb->get_input('posthash')); $pid = (int) $pid; if (isset($attachment['error']) && $attachment['error'] != 0) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail; switch ($attachment['error']) { case 1: // UPLOAD_ERR_INI_SIZE $ret['error'] .= $lang->error_uploadfailed_php1; break; case 2: // UPLOAD_ERR_FORM_SIZE $ret['error'] .= $lang->error_uploadfailed_php2; break; case 3: // UPLOAD_ERR_PARTIAL $ret['error'] .= $lang->error_uploadfailed_php3; break; case 4: // UPLOAD_ERR_NO_FILE $ret['error'] .= $lang->error_uploadfailed_php4; break; case 6: // UPLOAD_ERR_NO_TMP_DIR $ret['error'] .= $lang->error_uploadfailed_php6; break; case 7: // UPLOAD_ERR_CANT_WRITE $ret['error'] .= $lang->error_uploadfailed_php7; break; default: $ret['error'] .= $lang->sprintf($lang->error_uploadfailed_phpx, $attachment['error']); break; } return $ret; } if (!is_uploaded_file($attachment['tmp_name']) || empty($attachment['tmp_name'])) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_php4; return $ret; } $attachtypes = $cache->read('attachtypes'); $attachment = $plugins->run_hooks("upload_attachment_start", $attachment); $ext = get_extension($attachment['name']); // Check if we have a valid extension if (!isset($attachtypes[$ext])) { $ret['error'] = $lang->error_attachtype; return $ret; } else { $attachtype = $attachtypes[$ext]; } // Check the size if ($attachment['size'] > $attachtype['maxsize'] * 1024 && $attachtype['maxsize'] != "") { $ret['error'] = $lang->sprintf($lang->error_attachsize, $attachtype['maxsize']); return $ret; } // Double check attachment space usage if ($mybb->usergroup['attachquota'] > 0) { $query = $db->simple_select("attachments", "SUM(filesize) AS ausage", "uid='" . $mybb->user['uid'] . "'"); $usage = $db->fetch_array($query); $usage = $usage['ausage'] + $attachment['size']; if ($usage > $mybb->usergroup['attachquota'] * 1024) { $friendlyquota = get_friendly_size($mybb->usergroup['attachquota'] * 1024); $ret['error'] = $lang->sprintf($lang->error_reachedattachquota, $friendlyquota); return $ret; } } // Gather forum permissions $forumpermissions = forum_permissions($forum['fid']); // Check if an attachment with this name is already in the post if ($pid != 0) { $uploaded_query = "pid='{$pid}'"; } else { $uploaded_query = "posthash='{$posthash}'"; } $query = $db->simple_select("attachments", "*", "filename='" . $db->escape_string($attachment['name']) . "' AND " . $uploaded_query); $prevattach = $db->fetch_array($query); if ($prevattach['aid'] && $update_attachment == false) { if (!$mybb->usergroup['caneditattachments'] && !$forumpermissions['caneditattachments']) { $ret['error'] = $lang->error_alreadyuploaded_perm; return $ret; } $ret['error'] = $lang->error_alreadyuploaded; return $ret; } // Check to see how many attachments exist for this post already if ($mybb->settings['maxattachments'] > 0 && $update_attachment == false) { $query = $db->simple_select("attachments", "COUNT(aid) AS numattachs", $uploaded_query); $attachcount = $db->fetch_field($query, "numattachs"); if ($attachcount >= $mybb->settings['maxattachments']) { $ret['error'] = $lang->sprintf($lang->error_maxattachpost, $mybb->settings['maxattachments']); return $ret; } } $month_dir = ''; if ($mybb->safemode == false) { // Check if the attachment directory (YYYYMM) exists, if not, create it $month_dir = gmdate("Ym"); if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) { @mkdir($mybb->settings['uploadspath'] . "/" . $month_dir); // Still doesn't exist - oh well, throw it in the main directory if (!@is_dir($mybb->settings['uploadspath'] . "/" . $month_dir)) { $month_dir = ''; } } } // All seems to be good, lets move the attachment! $filename = "post_" . $mybb->user['uid'] . "_" . TIME_NOW . "_" . md5(random_str()) . ".attach"; $file = upload_file($attachment, $mybb->settings['uploadspath'] . "/" . $month_dir, $filename); // Failed to create the attachment in the monthly directory, just throw it in the main directory if (!empty($file['error']) && $month_dir) { $file = upload_file($attachment, $mybb->settings['uploadspath'] . '/', $filename); } elseif ($month_dir) { $filename = $month_dir . "/" . $filename; } if (!empty($file['error'])) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail; switch ($file['error']) { case 1: $ret['error'] .= $lang->error_uploadfailed_nothingtomove; break; case 2: $ret['error'] .= $lang->error_uploadfailed_movefailed; break; } return $ret; } // Lets just double check that it exists if (!file_exists($mybb->settings['uploadspath'] . "/" . $filename)) { $ret['error'] = $lang->error_uploadfailed . $lang->error_uploadfailed_detail . $lang->error_uploadfailed_lost; return $ret; } // Generate the array for the insert_query $attacharray = array("pid" => $pid, "posthash" => $posthash, "uid" => $mybb->user['uid'], "filename" => $db->escape_string($file['original_filename']), "filetype" => $db->escape_string($file['type']), "filesize" => (int) $file['size'], "attachname" => $filename, "downloads" => 0, "dateuploaded" => TIME_NOW); // If we're uploading an image, check the MIME type compared to the image type and attempt to generate a thumbnail if ($ext == "gif" || $ext == "png" || $ext == "jpg" || $ext == "jpeg" || $ext == "jpe") { // Check a list of known MIME types to establish what kind of image we're uploading switch (my_strtolower($file['type'])) { case "image/gif": $img_type = 1; break; case "image/jpeg": case "image/x-jpg": case "image/x-jpeg": case "image/pjpeg": case "image/jpg": $img_type = 2; break; case "image/png": case "image/x-png": $img_type = 3; break; default: $img_type = 0; } $supported_mimes = array(); foreach ($attachtypes as $attachtype) { if (!empty($attachtype['mimetype'])) { $supported_mimes[] = $attachtype['mimetype']; } } // Check if the uploaded file type matches the correct image type (returned by getimagesize) $img_dimensions = @getimagesize($mybb->settings['uploadspath'] . "/" . $filename); $mime = ""; $file_path = $mybb->settings['uploadspath'] . "/" . $filename; if (function_exists("finfo_open")) { $file_info = finfo_open(FILEINFO_MIME); list($mime, ) = explode(';', finfo_file($file_info, MYBB_ROOT . $file_path), 1); finfo_close($file_info); } else { if (function_exists("mime_content_type")) { $mime = mime_content_type(MYBB_ROOT . $file_path); } } if (!is_array($img_dimensions) || $img_dimensions[2] != $img_type && !in_array($mime, $supported_mimes)) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $filename); $ret['error'] = $lang->error_uploadfailed; return $ret; } require_once MYBB_ROOT . "inc/functions_image.php"; $thumbname = str_replace(".attach", "_thumb.{$ext}", $filename); $attacharray = $plugins->run_hooks("upload_attachment_thumb_start", $attacharray); $thumbnail = generate_thumbnail($mybb->settings['uploadspath'] . "/" . $filename, $mybb->settings['uploadspath'], $thumbname, $mybb->settings['attachthumbh'], $mybb->settings['attachthumbw']); if ($thumbnail['filename']) { $attacharray['thumbnail'] = $thumbnail['filename']; } elseif ($thumbnail['code'] == 4) { $attacharray['thumbnail'] = "SMALL"; } } if ($forumpermissions['modattachments'] == 1 && !is_moderator($forum['fid'], "canapproveunapproveattachs")) { $attacharray['visible'] = 0; } else { $attacharray['visible'] = 1; } $attacharray = $plugins->run_hooks("upload_attachment_do_insert", $attacharray); if ($prevattach['aid'] && $update_attachment == true) { unset($attacharray['downloads']); // Keep our download count if we're updating an attachment $db->update_query("attachments", $attacharray, "aid='" . $db->escape_string($prevattach['aid']) . "'"); // Remove old attachment file // Check if this attachment is referenced in any other posts. If it isn't, then we are safe to delete the actual file. $query = $db->simple_select("attachments", "COUNT(aid) as numreferences", "attachname='" . $db->escape_string($prevattach['attachname']) . "'"); if ($db->fetch_field($query, "numreferences") == 0) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['attachname']); if ($prevattach['thumbnail']) { delete_uploaded_file($mybb->settings['uploadspath'] . "/" . $prevattach['thumbnail']); } $date_directory = explode('/', $prevattach['attachname']); if (@is_dir($mybb->settings['uploadspath'] . "/" . $date_directory[0])) { delete_upload_directory($mybb->settings['uploadspath'] . "/" . $date_directory[0]); } } $aid = $prevattach['aid']; } else { $aid = $db->insert_query("attachments", $attacharray); if ($pid) { update_thread_counters($tid, array("attachmentcount" => "+1")); } } $ret['aid'] = $aid; return $ret; }
/** * Generates a security question for registration. * * @param int $old_qid Optional ID of the old question. * @return string The question session id. */ function generate_question($old_qid = 0) { global $db; if ($db->type == 'pgsql' || $db->type == 'sqlite') { $order_by = 'RANDOM()'; } else { $order_by = 'RAND()'; } if ($old_qid) { $excl_old = ' AND qid != ' . (int) $old_qid; } $query = $db->simple_select('questions', 'qid, shown', "active=1{$excl_old}", array('limit' => 1, 'order_by' => $order_by)); $question = $db->fetch_array($query); if (!$db->num_rows($query)) { // No active questions exist return false; } else { $sessionid = random_str(32); $sql_array = array("sid" => $sessionid, "qid" => $question['qid'], "dateline" => TIME_NOW); $db->insert_query("questionsessions", $sql_array); $update_question = array("shown" => $question['shown'] + 1); $db->update_query("questions", $update_question, "qid = '{$question['qid']}'"); return $sessionid; } }
*/ // Disallow direct access to this file for security reasons if (!defined("IN_MYBB")) { die("Direct initialization of this file is not allowed.<br /><br />\n Please make sure IN_MYBB is defined."); } /* --- Global Variables: --- */ global $db, $mybb, $settings, $plugins, $cache; // Required for database queries to the google_seo table. In theory this // could be used to coerce Google SEO into managing URLs of other types. // In practice there is no guarantee that this API will stay stable. $db->google_seo_url = array(GOOGLE_SEO_USER => array('table' => TABLE_PREFIX . 'users', 'id' => 'uid', 'name' => 'username', 'scheme' => str_replace('&', '&', $settings['google_seo_url_users'])), GOOGLE_SEO_ANNOUNCEMENT => array('table' => TABLE_PREFIX . 'announcements', 'id' => 'aid', 'name' => 'subject', 'scheme' => str_replace('&', '&', $settings['google_seo_url_announcements'])), GOOGLE_SEO_FORUM => array('table' => TABLE_PREFIX . 'forums', 'id' => 'fid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_forums'])), GOOGLE_SEO_THREAD => array('table' => TABLE_PREFIX . 'threads', 'id' => 'tid', 'name' => 'subject', 'scheme' => str_replace('&', '&', $settings['google_seo_url_threads'])), GOOGLE_SEO_EVENT => array('table' => TABLE_PREFIX . 'events', 'id' => 'eid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_events'])), GOOGLE_SEO_CALENDAR => array('table' => TABLE_PREFIX . 'calendars', 'id' => 'cid', 'name' => 'name', 'scheme' => str_replace('&', '&', $settings['google_seo_url_calendars']))); // Lazy Mode. global $google_seo_url_lazy; $google_seo_url_lazy = false; if ($settings['google_seo_url_mode'] == 'lazy' && $mybb->request_method != 'post') { $google_seo_url_lazy = random_str(4); $db->google_seo_url[GOOGLE_SEO_ANNOUNCEMENT]['lazy'] = "announcements.php?aid={id}&google_seo={$google_seo_url_lazy}"; $db->google_seo_url[GOOGLE_SEO_CALENDAR]['lazy'] = "calendar.php?calendar={id}&google_seo={$google_seo_url_lazy}"; $db->google_seo_url[GOOGLE_SEO_EVENT]['lazy'] = "calendar.php?action=event&eid={id}&google_seo={$google_seo_url_lazy}"; $db->google_seo_url[GOOGLE_SEO_FORUM]['lazy'] = "forumdisplay.php?fid={id}&google_seo={$google_seo_url_lazy}"; $db->google_seo_url[GOOGLE_SEO_THREAD]['lazy'] = "showthread.php?tid={id}&google_seo={$google_seo_url_lazy}"; $db->google_seo_url[GOOGLE_SEO_USER]['lazy'] = "member.php?action=profile&uid={id}&google_seo={$google_seo_url_lazy}"; $google_seo_url_lazy = true; } // Thread Prefix if ($settings['google_seo_url_threadprefix']) { $db->google_seo_url[GOOGLE_SEO_THREAD]['extra'] .= ',prefix'; } // Parents if ($db->google_seo_url[GOOGLE_SEO_FORUM]['scheme']) { if ($settings['google_seo_url_parent_announcement']) {
function passw() { $usernamelist = array("lank", "lapidary", "lapse", "larch", "lard", "largesse", "lark", "larva", "laryngitis", "larynx", "lascivious", "lash", "lassitude", "lasso", "latent", "latency", "lathe", "latitude", "lattice", "laud", "laudable", "laudatory", "laurel", "laurels", "lava", "lave", "lax", "laxity", "laxative", "layman", "leach", "leaflet", "leakage", "lean", "lease", "leaven", "lecherous", "lechery", "ledger", "leer", "leeward", "legacy", "legend", "legerdemain", "legible", "legion", "legislate", "legislature", "legitimate", "lengthy", "lenient", "lenience", "leonine", "leprosy", "lesion", "lessee", "lethal", "lethargy", "leucocyte", "levee", "leviathan", "levitate", "levity", "levy", "lewd", "lexical", "lexicographer", "lexicon", "liability", "liable", "liaison", "libation", "libel", "libellous", "liberality", "liberated", "libertine", "libido", "libidinous", "libretto", "licence", "licentious", "licit", "lido", "lien", "ligature", "ligneous", "lilliputian", "limb", "limber", "limbo", "limerick", "limn", "limnetic", "limousine", "limpid", "lineal", "linear", "linger", "lingering", "lingual", "linguistics", "linoleum", "lint", "lionize", "liquefy", "liquidate", "liquidation", "lissom", "listless", "literal", "literati", "lithe", "litigant", "litigious", "litter", "litterbin", "littoral", "liturgy", "liturgical", "livable", "lively", "liverish", "livid", "loaf", "loam", "loathe", "loathsome", "lobby", "lobe", "lobster", "locale", "locomotion", "locomotive", "locus", "locust", "locution", "lodge", "lodger", "loft", "lofty", "log", "logistics", "logjam", "loiter", "loll", "longevity", "longitude", "longueur", "loom", "loon", "loop", "loot", "lope", "loquacious", "lore", "lottery", "lounge", "lounger", "lout", "loutish", "lowbred", "lubricant", "lubricious", "lucrative", "lucre", "lucubrate", "lucubration", "lugubrious", "lukewarm", "lullaby", "lumber", "luminary", "luminous", "lump", "lumpish", "lunacy", "lunatic", "lurch", "lure", "lurk", "luscious", "lust", "lusty", "lustre", "lustrous", "luxuriant", "lynch", "lyric", "macabre", "mace", "macerate", "machination", "macrocosm", "maddening", "madrigal", "maelstrom", "maestro", "magenta", "magisterial", "magistrate", "magistracy", "magnanimous", "magnate", "magnetism", "magnify", "magnification", "magniloquent", "magnitude", "magpie", "maim", "makeshift", "maladroit", "malapropism", "malcontent", "malcontented", "malediction", "malevolent", "malfunction", "malice", "malicious", "malign", "malignant", "malignity", "malinger", "malleable", "mallet", "malnutrition", "malodorous", "maltreat", "mammal", "manacle", "mandate", "mandatory", "maneuver", "maneuverable", "mangle", "mania", "maniacal", "manifest", "manifesto", "manifold", "manipulative", "mannequin", "mansion", "mantle", "manumit", "manuscript", "maple", "mar", "maraud", "mare", "margarine", "marginal", "marine", "mariner", "marionette", "marital", "marrow", "marsh", "marsupial", "martinet", "martyr", "mash", "mask", "mason", "masonry", "masquerade", "massacre", "massive", "mast", "masticate", "matador", "materialize", "matriarchy", "matrix", "mattress", "maturity", "maudlin", "maul", "maverick", "mawkish", "maxim", "mayhem", "maze", "meadow", "meager", "meander", "measles", "measured", "medal", "meddlesome", "median", "mediate", "medieval", "mediocre", "mediocrity", "meditative", "medium", "medley", "megalomania", "melancholy", "mellifluous", "melodrama", "melody", "melodious", "melon", "membrane", "memento", "menace", "mendacity", "menial", "mentor", "merchandise", "mercurial", "mere", "meretricious", "meritorious", "mermaid", "mesa", "mesmerize", "metabolism", "metamorphosis", "metaphor", "metaphorical", "metaphysics", "meteoric", "meticulous", "mettle", "mettlesome", "miasma", "microbe", "microscopic", "midget", "mien", "migrant", "mildew", "milieu", "militant", "miller", "millinery", "mime", "mimic", "mimicry", "minaret", "minatory", "mince", "miniature", "minion", "minnow", "minuet", "minutia", "mirage", "mire", "mirth", "misanthrope", "miscellany", "miscellaneous", "mischievous", "misconstrue", "miscreant", "mishap", "missile", "mistimed", "mistral", "mists", "mite", "mitigate", "mitten", "mnemonics", "moan", "moat", "mock", "moderate", "moderator", "modicum", "modify", "modification", "modish", "modulate", "mogul", "moiety", "molar", "molest", "mollify", "mollusk", "mollycoddle", "momentary", "momentous", "momentum", "monarch", "monastery", "monasticism", "mongrel", "monogamy", "monograph", "monolithic", "monologue", "monopoly", "monotonous", "monsoon", "monster", "monstrous", "moor", "mope", "morale", "moralist", "moralistic", "morass", "moratorium", "morbid", "morbidity", "mordant", "mores", "moribund", "moron", "morose", "morphemics", "morsel", "mortar", "mortgage", "mortify", "mortification", "mortuary", "mosaic", "mote", "motif", "motivate", "motivation", "motley", "mottled", "motto", "mountebank", "mourn", "mournful", "movement", "muddle", "muffle", "muffler", "muggy", "multifarious", "multitude", "mundane", "munificent", "muniments", "munitions", "murky", "murmur", "muse", "muster", "mutation", "mute", "mutilate", "mutineer", "mutinous", "mutton", "muzzy", "myopia", "myriad", "myth", "mythology", "nadir", "nag", "naivete", "nap", "narcissism", "nasal", "nascent", "nativity", "natty", "nausea", "nauseate", "nautical", "nave", "nebula", "nebulous", "necessitous", "necromancy", "necropolis", "needle", "nefarious", "negate", "negation", "negligence", "negligible", "negotiable", "nemesis", "neolithic", "neologism", "neonate", "neophyte", "nephritis", "nepotism", "nerveless", "nestle", "nestling", "nethermost", "nettle", "neurology", "neurosis", "neurotic", "neutral", "neutralize", "nexus", "nib", "nibble", "niche", "nick", "nicotine", "niggard", "niggardly", "niggling", "nightmare", "nihilism", "nimble", "nippers", "nipping", "nirvana", "nitpick", "nocturnal", "noisome", "nomad", "nomadic", "nomenclature", "nominal", "nomination", "nonchalance", "nonchalant", "noncommittal", "nonconformist", "nonconformity", "nondescript", "nonentity", "nonesuch", "nonflammable", "nonobservance", "nonpareil", "nonplus", "nonskid", "nonviolent", "noose", "norm", "normative", "nostalgia", "nostrum", "notability", "notched", "notify", "notoriety", "notorious", "novelettish", "novelty", "novice", "novocaine", "noxious", "nuance", "nubile", "nude", "nudity", "nudge", "nugatory", "nullify", "nullity", "numb", "numerology", "numinous", "numismatic", "numismatist", "nunnery", "nuptial", "nuptials", "nymph", "oafish", "oak", "oar", "oasis", "oath", "obdurate", "obedient", "obeisance", "obese", "obesity", "obfuscate", "objection", "objectionable", "oblation", "obligation", "obligatory", "obliging", "oblique", "obliterate", "oblivion", "oblivious", "obloquy", "obnoxious", "obscure", "obscurity", "obsequies", "obsequious", "observance", "obsession", "obsolescent", "obsolete", "obstacle", "obstetrics", "obstinate", "obstreperous", "obstruct", "obstruction", "obtrude", "obtrusive", "obtuse", "obverse", "obviate", "occidental", "occult", "occurrence", "octogenarian", "ocular", "oculist", "oddments", "ode", "odious", "odium", "odoriferous", "oesophagus", "offense", "offensive", "officious", "ogle", "ointment", "olfactory", "oligarchy", "omen", "ominous", "omission", "omnipotent", "omniscient", "omnivorous", "onerous", "onlooker", "onslaught", "ontology", "onus", "ooze", "opalescent", "opaque", "opacity", "operetta", "operative", "ophthalmology", "opiate", "opinionated", "opponent", "opportune", "oppressive", "opprobrious", "opprobrium", "optimism", "optimum", "optional", "opulent", "opulence", "oracle", "oracular", "oration", "oratorio", "orchid", "ordain", "ordeal", "ordinance", "ordination", "ordnance", "ore", "organism", "orient", "orientation", "orifice", "originality", "ornate", "ornithology", "orotund", "orthodontics", "orthodox", "orthodoxy", "orthopedics", "oscillate", "oscillation", "osmosis", "osseous", "ossify", "ostensible", "ostentation", "ostracize", "ostrich", "otiose", "outbid", "outfox", "outgoing", "outlandish", "outmoded", "outrage", "outrageous", "outset", "outskirts", "outstrip", "outwit", "ovation", "overact", "overbearing", "overdose", "overhaul", "overlap", "overreach", "override", "overriding", "overrule", "overshadow", "overt", "overture", "overweening", "overwhelm", "overwhelming", "overwrought", "owl", "oxidize", "oyster", "pabulum", "pachyderm", "pacifier", "packed", "pact", "paean", "pagan", "paganism", "pageant", "painkiller", "pal", "palatable", "palate", "palatial", "palaver", "paleography", "paleolithic", "palette", "palings", "palliate", "palliation", "pallid", "palpable", "palpitate", "paltry", "pamper", "pamphlet", "pan", "panacea", "pancreas", "pandemic", "pandemonium", "panegyric", "panel", "panic", "panoply", "panorama", "pantheon", "pantomime", "pantry", "papyrus", "par", "parable", "paradigm", "paradigmatic", "paradox", "paragon", "paralyze", "paralysis", "paramount", "paranoia", "paranoid", "parasite", "parasitic", "parch", "parchment", "parenthesis", "pariah", "parley", "parlous", "parochial", "parody", "paroxysm", "parquet", "parquetry", "parry"); $username = $usernamelist[array_rand($usernamelist)] . random_str(2); $password = random_str(12); $lines = $this->get_wiki_source("password"); $find = false; foreach ($lines as &$i) { $i = str_replace(" ", "", $i); $i = str_replace(" ", "", $i); $i = explode('|', chop($i)); if (strstr(f('url'), $i[1])) { $singleline = $i; $find = true; } } //var_dump($lines);exit; $this->sv("list", array($singleline)); $this->sv("username", $username); $this->sv("password", $password); if (!$find) { $this->fmodel("password")->save(array("url" => "", 'name' => $username, 'pass' => $password)); } }
/** * This private method sets a tracking code for ticket if that has not a tracking code; */ private function create_tracking_code() { if (empty($this->tracking_code) || is_null($this->tracking_code)) { $this->tracking_code = random_str(10); } }
$rating = $mybb->settings['useravatarrating']; if (!in_array($rating, $types)) { $rating = 'g'; } $s = "?s={$maxheight}&r={$rating}&d=mm"; $updated_avatar = array("avatar" => "http://www.gravatar.com/avatar/{$email}{$s}.jpg", "avatardimensions" => "{$maxheight}|{$maxheight}", "avatartype" => "gravatar"); $db->update_query("users", $updated_avatar, "uid = '{$mybb->user['uid']}'"); } else { $mybb->input['avatarurl'] = preg_replace("#script:#i", "", $mybb->get_input('avatarurl')); $ext = get_extension($mybb->input['avatarurl']); // Copy the avatar to the local server (work around remote URL access disabled for getimagesize) $file = fetch_remote_file($mybb->input['avatarurl']); if (!$file) { $avatar_error = $lang->error_invalidavatarurl; } else { $tmp_name = $mybb->settings['avataruploadpath'] . "/remote_" . md5(random_str()); $fp = @fopen($tmp_name, "wb"); if (!$fp) { $avatar_error = $lang->error_invalidavatarurl; } else { fwrite($fp, $file); fclose($fp); list($width, $height, $type) = @getimagesize($tmp_name); @unlink($tmp_name); if (!$type) { $avatar_error = $lang->error_invalidavatarurl; } } } if (empty($avatar_error)) { if ($width && $height && $mybb->settings['maxavatardims'] != "") {
$plugins->run_hooks("member_do_lostpw_start"); $username = $db->escape_string(trim($_POST['username'])); $query = $db->simple_select("users", "*", "username='******'"); $user = $db->fetch_array($query); if (empty($user)) { error("Username does not exist"); } else { $result = tt_register_verify($_POST['tt_token'], $_POST['tt_code']); if ($result->result && $user['email'] == $result->email) { $verify_result = true; $verified = true; } else { $verify_result = true; $verified = false; $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'"); $user['activationcode'] = random_str(); $now = TIME_NOW; $uid = $user['uid']; $awaitingarray = array("uid" => $user['uid'], "dateline" => TIME_NOW, "code" => $user['activationcode'], "type" => "p"); $db->insert_query("awaitingactivation", $awaitingarray); $username = $user['username']; $email = $user['email']; $activationcode = $user['activationcode']; $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']); switch ($mybb->settings['username_method']) { case 0: $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); break; case 1: $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode); break;
function build_users_view($view) { global $mybb, $db, $cache, $lang, $user_view_fields, $page; $view_title = ''; if ($view['title']) { $title_string = "view_title_{$view['vid']}"; if ($lang->{$title_string}) { $view['title'] = $lang->{$title_string}; } $view_title .= " (" . htmlspecialchars_uni($view['title']) . ")"; } // Build the URL to this view if (!isset($view['url'])) { $view['url'] = "index.php?module=user-users"; } if (!is_array($view['conditions'])) { $view['conditions'] = unserialize($view['conditions']); } if (!is_array($view['fields'])) { $view['fields'] = unserialize($view['fields']); } if (!is_array($view['custom_profile_fields'])) { $view['custom_profile_fields'] = unserialize($view['custom_profile_fields']); } if (isset($mybb->input['username'])) { $view['conditions']['username'] = $mybb->input['username']; } if ($view['vid']) { $view['url'] .= "&vid={$view['vid']}"; } else { // If this is a custom view we need to save everything ready to pass it on from page to page global $admin_session; if (!$mybb->input['search_id']) { $search_id = md5(random_str()); $admin_session['data']['user_views'][$search_id] = $view; update_admin_session('user_views', $admin_session['data']['user_views']); $mybb->input['search_id'] = $search_id; } $view['url'] .= "&search_id=" . htmlspecialchars_uni($mybb->input['search_id']); } if (isset($mybb->input['username'])) { $view['url'] .= "&username="******"&", "&", $view['url'])) { update_admin_session('last_users_url', str_replace("&", "&", $view['url'])); } if (isset($view['conditions']['referrer'])) { $view['url'] .= "&action=referrers&uid=" . htmlspecialchars_uni($view['conditions']['referrer']); } // Do we not have any views? if (empty($view)) { return false; } $table = new Table(); // Build header for table based view if ($view['view_type'] != "card") { foreach ($view['fields'] as $field) { if (!$user_view_fields[$field]) { continue; } $view_field = $user_view_fields[$field]; $field_options = array(); if ($view_field['width']) { $field_options['width'] = $view_field['width']; } if ($view_field['align']) { $field_options['class'] = "align_" . $view_field['align']; } $table->construct_header($view_field['title'], $field_options); } $table->construct_header("<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this);\" />"); // Create a header for the "select" boxes } $search_sql = '1=1'; // Build the search SQL for users // List of valid LIKE search fields $user_like_fields = array("username", "email", "website", "icq", "aim", "yahoo", "msn", "signature", "usertitle"); foreach ($user_like_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && !$view['conditions'][$search_field . '_blank']) { $search_sql .= " AND u.{$search_field} LIKE '%" . $db->escape_string_like($view['conditions'][$search_field]) . "%'"; } else { if (!empty($view['conditions'][$search_field . '_blank'])) { $search_sql .= " AND u.{$search_field} != ''"; } } } // EXACT matching fields $user_exact_fields = array("referrer"); foreach ($user_exact_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { $search_sql .= " AND u.{$search_field}='" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // LESS THAN or GREATER THAN $direction_fields = array("postnum"); foreach ($direction_fields as $search_field) { $direction_field = $search_field . "_dir"; if (isset($view['conditions'][$search_field]) && ($view['conditions'][$search_field] || $view['conditions'][$search_field] === '0') && $view['conditions'][$direction_field]) { switch ($view['conditions'][$direction_field]) { case "greater_than": $direction = ">"; break; case "less_than": $direction = "<"; break; default: $direction = "="; } $search_sql .= " AND u.{$search_field}{$direction}'" . $db->escape_string($view['conditions'][$search_field]) . "'"; } } // Registration searching $reg_fields = array("regdate"); foreach ($reg_fields as $search_field) { if (!empty($view['conditions'][$search_field]) && intval($view['conditions'][$search_field])) { $threshold = TIME_NOW - intval($view['conditions'][$search_field]) * 24 * 60 * 60; $search_sql .= " AND u.{$search_field} >= '{$threshold}'"; } } // IP searching $ip_fields = array("regip", "lastip"); foreach ($ip_fields as $search_field) { if (!empty($view['conditions'][$search_field])) { // IPv6 IP if (strpos($view['conditions'][$search_field], ":") !== false) { $view['conditions'][$search_field] = str_replace("*", "%", $view['conditions'][$search_field]); $ip_sql = "{$search_field} LIKE '" . $db->escape_string($view['conditions'][$search_field]) . "'"; } else { $ip_range = fetch_longipv4_range($view['conditions'][$search_field]); if (!is_array($ip_range)) { $ip_sql = "long{$search_field}='{$ip_range}'"; } else { $ip_sql = "long{$search_field} > '{$ip_range[0]}' AND long{$search_field} < '{$ip_range[1]}'"; } } $search_sql .= " AND {$ip_sql}"; } } // Post IP searching if (!empty($view['conditions']['postip'])) { // IPv6 IP if (strpos($view['conditions']['postip'], ":") !== false) { $view['conditions']['postip'] = str_replace("*", "%", $view['conditions']['postip']); $ip_sql = "ipaddress LIKE '" . $db->escape_string($view['conditions']['postip']) . "'"; } else { $ip_range = fetch_longipv4_range($view['conditions']['postip']); if (!is_array($ip_range)) { $ip_sql = "longipaddress='{$ip_range}'"; } else { $ip_sql = "longipaddress > '{$ip_range[0]}' AND longipaddress < '{$ip_range[1]}'"; } } $ip_uids = array(0); $query = $db->simple_select("posts", "uid", $ip_sql); while ($uid = $db->fetch_field($query, "uid")) { $ip_uids[] = $uid; } $search_sql .= " AND u.uid IN(" . implode(',', $ip_uids) . ")"; unset($ip_uids); } // Custom Profile Field searching if ($view['custom_profile_fields']) { $userfield_sql = '1=1'; foreach ($view['custom_profile_fields'] as $column => $input) { if (is_array($input)) { foreach ($input as $value => $text) { if ($value == $column) { $value = $text; } if ($value == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . "='" . $db->escape_string($value) . "'"; } } } else { if (!empty($input)) { if ($input == $lang->na) { continue; } if (strpos($column, '_blank') !== false) { $column = str_replace('_blank', '', $column); $userfield_sql .= ' AND ' . $db->escape_string($column) . " != ''"; } else { $userfield_sql .= ' AND ' . $db->escape_string($column) . " LIKE '%" . $db->escape_string($input) . "%'"; } } } } if ($userfield_sql != '1=1') { $userfield_uids = array(0); $query = $db->simple_select("userfields", "ufid", $userfield_sql); while ($userfield = $db->fetch_array($query)) { $userfield_uids[] = $userfield['ufid']; } $search_sql .= " AND u.uid IN(" . implode(',', $userfield_uids) . ")"; unset($userfield_uids); } } // Usergroup based searching if (isset($view['conditions']['usergroup'])) { if (!is_array($view['conditions']['usergroup'])) { $view['conditions']['usergroup'] = array($view['conditions']['usergroup']); } foreach ($view['conditions']['usergroup'] as $usergroup) { $usergroup = intval($usergroup); if (!$usergroup) { continue; } switch ($db->type) { case "pgsql": case "sqlite": $additional_sql .= " OR ','||additionalgroups||',' LIKE '%,{$usergroup},%'"; break; default: $additional_sql .= "OR CONCAT(',',additionalgroups,',') LIKE '%,{$usergroup},%'"; } } $search_sql .= " AND (u.usergroup IN (" . implode(",", array_map('intval', $view['conditions']['usergroup'])) . ") {$additional_sql})"; } // COPPA users only? if (isset($view['conditions']['coppa'])) { $search_sql .= " AND u.coppauser=1 AND u.usergroup=5"; } // Extra SQL? if (isset($view['extra_sql'])) { $search_sql .= $view['extra_sql']; } // Lets fetch out how many results we have $query = $db->query("\n\t\tSELECT COUNT(u.uid) AS num_results\n\t\tFROM " . TABLE_PREFIX . "users u\n\t\tWHERE {$search_sql}\n\t"); $num_results = $db->fetch_field($query, "num_results"); // No matching results then return false if (!$num_results) { return false; } else { if (!$view['perpage']) { $view['perpage'] = 20; } $view['perpage'] = intval($view['perpage']); // Establish which page we're viewing and the starting index for querying // Establish which page we're viewing and the starting index for querying if (!isset($mybb->input['page'])) { $mybb->input['page'] = 1; } else { $mybb->input['page'] = intval($mybb->input['page']); } if ($mybb->input['page']) { $start = ($mybb->input['page'] - 1) * $view['perpage']; } else { $start = 0; $mybb->input['page'] = 1; } $from_bit = ""; if (isset($mybb->input['from']) && $mybb->input['from'] == "home") { $from_bit = "&from=home"; } switch ($view['sortby']) { case "regdate": case "lastactive": case "postnum": case "reputation": $view['sortby'] = $db->escape_string($view['sortby']); break; case "numposts": $view['sortby'] = "postnum"; break; case "warninglevel": $view['sortby'] = "warningpoints"; break; default: $view['sortby'] = "username"; } if ($view['sortorder'] != "desc") { $view['sortorder'] = "asc"; } $usergroups = $cache->read("usergroups"); // Fetch matching users $query = $db->query("\n\t\t\tSELECT u.*\n\t\t\tFROM " . TABLE_PREFIX . "users u\n\t\t\tWHERE {$search_sql}\n\t\t\tORDER BY {$view['sortby']} {$view['sortorder']}\n\t\t\tLIMIT {$start}, {$view['perpage']}\n\t\t"); $users = ''; while ($user = $db->fetch_array($query)) { $comma = $groups_list = ''; $user['view']['username'] = "******"index.php?module=user-users&action=edit&uid={$user['uid']}\">" . format_name($user['username'], $user['usergroup'], $user['displaygroup']) . "</a>"; $user['view']['usergroup'] = htmlspecialchars_uni($usergroups[$user['usergroup']]['title']); if ($user['additionalgroups']) { $additional_groups = explode(",", $user['additionalgroups']); foreach ($additional_groups as $group) { $groups_list .= $comma . htmlspecialchars_uni($usergroups[$group]['title']); $comma = $lang->comma; } } if (!$groups_list) { $groups_list = $lang->none; } $user['view']['additionalgroups'] = "<small>{$groups_list}</small>"; $user['view']['email'] = "<a href=\"mailto:" . htmlspecialchars_uni($user['email']) . "\">" . htmlspecialchars_uni($user['email']) . "</a>"; $user['view']['regdate'] = my_date($mybb->settings['dateformat'], $user['regdate']) . ", " . my_date($mybb->settings['timeformat'], $user['regdate']); $user['view']['lastactive'] = my_date($mybb->settings['dateformat'], $user['lastactive']) . ", " . my_date($mybb->settings['timeformat'], $user['lastactive']); // Build popup menu $popup = new PopupMenu("user_{$user['uid']}", $lang->options); $popup->add_item($lang->edit_profile_and_settings, "index.php?module=user-users&action=edit&uid={$user['uid']}"); $popup->add_item($lang->ban_user, "index.php?module=user-banning&uid={$user['uid']}#username"); if ($user['usergroup'] == 5) { if ($user['coppauser']) { $popup->add_item($lang->approve_coppa_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } else { $popup->add_item($lang->approve_user, "index.php?module=user-users&action=activate_user&uid={$user['uid']}&my_post_key={$mybb->post_code}{$from_bit}"); } } $popup->add_item($lang->delete_user, "index.php?module=user-users&action=delete&uid={$user['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->user_deletion_confirmation}')"); $popup->add_item($lang->show_referred_users, "index.php?module=user-users&action=referrers&uid={$user['uid']}"); $popup->add_item($lang->show_ip_addresses, "index.php?module=user-users&action=ipaddresses&uid={$user['uid']}"); $popup->add_item($lang->show_attachments, "index.php?module=forum-attachments&results=1&username="******"-"; } if ($mybb->settings['enablewarningsystem'] != 0 && $usergroups[$user['usergroup']]['canreceivewarnings'] != 0) { $warning_level = round($user['warningpoints'] / $mybb->settings['maxwarningpoints'] * 100); if ($warning_level > 100) { $warning_level = 100; } $user['view']['warninglevel'] = get_colored_warning_level($warning_level); } if ($user['avatar'] && !stristr($user['avatar'], 'http://')) { $user['avatar'] = "../{$user['avatar']}"; } if ($view['view_type'] == "card") { $scaled_avatar = fetch_scaled_avatar($user, 80, 80); } else { $scaled_avatar = fetch_scaled_avatar($user, 34, 34); } if (!$user['avatar']) { $user['avatar'] = "styles/{$page->style}/images/default_avatar.gif"; } $user['view']['avatar'] = "<img src=\"" . htmlspecialchars_uni($user['avatar']) . "\" alt=\"\" width=\"{$scaled_avatar['width']}\" height=\"{$scaled_avatar['height']}\" />"; if ($view['view_type'] == "card") { $users .= build_user_view_card($user, $view, $i); } else { build_user_view_table($user, $view, $table); } } // If card view, we need to output the results if ($view['view_type'] == "card") { $table->construct_cell($users); $table->construct_row(); } } if (!isset($view['table_id'])) { $view['table_id'] = "users_list"; } $switch_view = "<div class=\"float_right\">"; $switch_url = $view['url']; if ($mybb->input['page'] > 0) { $switch_url .= "&page=" . intval($mybb->input['page']); } if ($view['view_type'] != "card") { $switch_view .= "<strong>{$lang->table_view}</strong> | <a href=\"{$switch_url}&type=card\" style=\"font-weight: normal;\">{$lang->card_view}</a>"; } else { $switch_view .= "<a href=\"{$switch_url}&type=table\" style=\"font-weight: normal;\">{$lang->table_view}</a> | <strong>{$lang->card_view}</strong>"; } $switch_view .= "</div>"; // Do we need to construct the pagination? if ($num_results > $view['perpage']) { $pagination = draw_admin_pagination($mybb->input['page'], $view['perpage'], $num_results, $view['url'] . "&type={$view['view_type']}"); $search_class = "float_right"; $search_style = ""; } else { $search_class = ''; $search_style = "text-align: right;"; } $search_action = $view['url']; // stop &username= in the query string if ($view_upos = strpos($search_action, '&username='******'post', 'search_form', 0, '', true); $built_view = $search->construct_return; $built_view .= "<div class=\"{$search_class}\" style=\"padding-bottom: 3px; margin-top: -9px; {$search_style}\">"; $built_view .= $search->generate_hidden_field('action', 'search') . "\n"; if (isset($view['conditions']['username'])) { $default_class = ''; $value = $view['conditions']['username']; } else { $default_class = "search_default"; $value = $lang->search_for_user; } $built_view .= $search->generate_text_box('username', $value, array('id' => 'search_keywords', 'class' => "{$default_class} field150 field_small")) . "\n"; $built_view .= "<input type=\"submit\" class=\"search_button\" value=\"{$lang->search}\" />\n"; if ($view['popup']) { $built_view .= " <div style=\"display: inline\">{$view['popup']}</div>\n"; } $built_view .= "<script type='text/javascript'>\n\t\tvar form = document.getElementById('search_form');\n\t\tform.onsubmit = function() {\n\t\t\tvar search = document.getElementById('search_keywords');\n\t\t\tif(search.value == '' || search.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\tsearch.focus();\n\t\t\t\treturn false;\n\t\t\t}\n\t\t}\n\n\t\tvar search = document.getElementById('search_keywords');\n\t\tsearch.onfocus = function()\n\t\t{\n\t\t\tif(this.value == '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t\t{\n\t\t\t\t\$(this).removeClassName('search_default');\n\t\t\t\tthis.value = '';\n\t\t\t}\n\t\t}\n\t\tsearch.onblur = function()\n\t\t{\n\t\t\tif(this.value == '')\n\t\t\t{\n\t\t\t\t\$(this).addClassName('search_default');\n\t\t\t\tthis.value = '" . addcslashes($lang->search_for_user, "'") . "';\n\t\t\t}\n\t\t}\n\t\t// fix the styling used if we have a different default value\n\t\tif(search.value != '" . addcslashes($lang->search_for_user, "'") . "')\n\t\t{\n\t\t\t\$(search).removeClassName('search_default');\n\t\t}\n\t\t</script>\n"; $built_view .= "</div>\n"; // Autocompletion for usernames $built_view .= ' <script type="text/javascript" src="../jscripts/autocomplete.js?ver=140"></script> <script type="text/javascript"> <!-- new autoComplete("search_keywords", "../xmlhttp.php?action=get_users", {valueSpan: "username"}); // --> </script>'; $built_view .= $search->end(); if (isset($pagination)) { $built_view .= $pagination; } if ($view['view_type'] != "card") { $checkbox = ''; } else { $checkbox = "<input type=\"checkbox\" name=\"allbox\" onclick=\"inlineModeration.checkAll(this)\" /> "; } $built_view .= $table->construct_html("{$switch_view}<div>{$checkbox}{$lang->users}{$view_title}</div>", 1, "", $view['table_id']); if (isset($pagination)) { $built_view .= $pagination; } $built_view .= ' <script type="text/javascript" src="' . $mybb->settings['bburl'] . '/jscripts/inline_moderation.js?ver=1400"></script> <form action="index.php?module=user-users" method="post"> <input type="hidden" name="my_post_key" value="' . $mybb->post_code . '" /> <input type="hidden" name="action" value="inline_edit" /> <div class="float_right"><span class="smalltext"><strong>' . $lang->inline_edit . '</strong></span> <select name="inline_action" class="inline_select"> <option value="multiactivate">' . $lang->inline_activate . '</option> <option value="multiban">' . $lang->inline_ban . '</option> <option value="multiusergroup">' . $lang->inline_usergroup . '</option> <option value="multidelete">' . $lang->inline_delete . '</option> <option value="multiprune">' . $lang->inline_prune . '</option> </select> <input type="submit" class="button" name="go" value="' . $lang->go . ' (0)" id="inline_go" /> <input type="button" onclick="javascript:inlineModeration.clearChecked();" value="' . $lang->clear . '" class="button" /> </div> </form> <br style="clear: both;" /> <script type="text/javascript"> <!-- var go_text = "' . $lang->go . '"; var all_text = "1"; var inlineType = "user"; var inlineId = "acp"; // --> </script>'; return $built_view; }
public function yeni_uye($t_mesaj = null, $fmesaj = null) { if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($this->oturum() && $this->uye['grup'] != 4) { return 'Oturum açık iken yalnızca yöneticiler yeni üye oluşturabilir!'; } else { if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) { return 'Lütfen tüm alanları doldurunuz'; } else { $_POST['password'] = md5(md5(random_str(8)) . md5($_POST['password'])); $ekle = $this->insert('users')->set($_POST); if ($ekle) { if ($t_mesaj == null) { return 'Kayıt başarılı!'; } else { return $t_mesaj; } } else { if ($f_mesaj == null) { return 'Kayıt başarısız!'; } else { return $f_mesaj; } } } } } }
} // Send our headers. header("Content-type: application/json; charset={$charset}"); $plugins->run_hooks("xmlhttp_get_multiquoted_end"); echo json_encode(array("message" => $message)); exit; } else { if ($mybb->input['action'] == "refresh_captcha") { $imagehash = $db->escape_string($mybb->get_input('imagehash')); $query = $db->simple_select("captcha", "dateline", "imagehash='{$imagehash}'"); if ($db->num_rows($query) == 0) { xmlhttp_error($lang->captcha_not_exists); } $db->delete_query("captcha", "imagehash='{$imagehash}'"); $randomstr = random_str(5); $imagehash = md5(random_str(12)); $regimagearray = array("imagehash" => $imagehash, "imagestring" => $randomstr, "dateline" => TIME_NOW); $plugins->run_hooks("xmlhttp_refresh_captcha"); $db->insert_query("captcha", $regimagearray); header("Content-type: application/json; charset={$charset}"); echo json_encode(array("imagehash" => $imagehash)); exit; } else { if ($mybb->input['action'] == "validate_captcha") { header("Content-type: application/json; charset={$charset}"); $imagehash = $db->escape_string($mybb->get_input('imagehash')); $query = $db->simple_select("captcha", "imagestring", "imagehash='{$imagehash}'"); if ($db->num_rows($query) == 0) { echo json_encode($lang->captcha_valid_not_exists); exit; }
admin_redirect("index.php?module=tools-backupdb&action=backup"); } @set_time_limit(0); if ($mybb->input['method'] == 'disk') { $file = MYBB_ADMIN_DIR . 'backups/backup_' . substr(md5($mybb->user['uid'] . TIME_NOW), 0, 10) . random_str(54); if ($mybb->input['filetype'] == 'gzip') { if (!function_exists('gzopen')) { flash_message($lang->error_no_zlib, 'error'); admin_redirect("index.php?module=tools-backupdb&action=backup"); } $fp = gzopen($file . '.sql.gz', 'w9'); } else { $fp = fopen($file . '.sql', 'w'); } } else { $file = 'backup_' . substr(md5($mybb->user['uid'] . TIME_NOW), 0, 10) . random_str(54); if ($mybb->input['filetype'] == 'gzip') { if (!function_exists('gzopen')) { flash_message($lang->error_no_zlib, 'error'); admin_redirect("index.php?module=tools-backupdb&action=backup"); } // Send headers for gzip file header('Content-Encoding: gzip'); header('Content-Type: application/x-gzip'); header('Content-Disposition: attachment; filename="' . $file . '.sql.gz"'); } else { // Send standard headers for .sql header('Content-Type: text/x-sql'); header('Content-Disposition: attachment; filename="' . $file . '.sql"'); } }