function sc_lm_password_input($parm = '')
{
$pref = e107::getPref();
$t_password = "******" . LAN_PASSWORD . "' required='required' name='userpass' id='userpass' size='15' value='' maxlength='30' />\n";
if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) {
$t_password .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n";
}
return $t_password;
}
function sc_login_table_password($parm = '')
{
$pref = e107::getPref();
$text = "<input class='tbox form-control input-block-level' type='password' name='userpass' id='userpass' size='40' maxlength='100' placeholder=\"" . LAN_LOGIN_2 . "\" />";
if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) {
$text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n";
}
return $text;
}
public function tryProviderSession($deniedAs)
{
// don't allow if main admin browse front-end or there is already user session
if (!$deniedAs && $this->getSessionDataAs() || null !== $this->_session_data || !e107::getPref('social_login_active', false)) {
return $this;
}
try {
// detect all currently connected providers
$hybrid = e107::getHybridAuth();
// init the auth class
$connected = Hybrid_Auth::getConnectedProviders();
} catch (Exception $e) {
e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true);
$session = e107::getSession();
$session->set('HAuthError', true);
$connected = false;
}
// no active session found
if (!$connected) {
return $this;
}
// query DB
$sql = e107::getDb();
$where = array();
foreach ($connected as $providerId) {
$adapter = Hybrid_Auth::getAdapter($providerId);
if (!$adapter->getUserProfile()->identifier) {
continue;
}
$id = $providerId . '_' . $adapter->getUserProfile()->identifier;
$where[] = "user_xup='" . $sql->escape($id) . "'";
}
$where = implode(' OR ', $where);
if ($sql->db_Select('user', 'user_id, user_password, user_xup', $where)) {
$user = $sql->db_Fetch();
e107::getUserSession()->makeUserCookie($user);
$this->setSessionData();
}
return $this;
}
function e_install()
{
// notice removal, required from various core routines
define('USERID', 1);
define('USER', true);
define('ADMIN', true);
// session instance
$this->session = e107::getSession();
$this->logFile = '';
if (MAKE_INSTALL_LOG) {
if (is_writable(dirname(__FILE__))) {
$this->logFile = dirname(__FILE__) . '/e107InstallLog.log';
}
}
// $this->logLine('Query string: ');
$this->template = new SimpleTemplate();
while (@ob_end_clean()) {
}
global $e107;
$this->e107 = $e107;
if (isset($_POST['previous_steps'])) {
$this->previous_steps = unserialize(base64_decode($_POST['previous_steps']));
unset($_POST['previous_steps']);
} else {
$this->previous_steps = array();
}
$this->get_lan_file();
$this->post_data = $_POST;
$this->template->SetTag('required', '');
if (isset($this->previous_steps['language'])) {
define("e_LANGUAGE", $this->previous_steps['language']);
include_lan(e_LANGUAGEDIR . e_LANGUAGE . "/admin/lan_admin.php");
}
}
/**
* Add a comment to an item
* e-token POST value should be always valid when using this method.
*
* @param string|array $data - $author_name or array of all values.
* @param unknown_type $comment
* @param unknown_type $table
* @param integer $id - reference of item in source table to which comment is linked
* @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t
* @param unknown_type $subject
* @param unknown_type $rateindex
*/
function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE)
{
//rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect())
if ($this->engine != 'e107') {
return;
}
if (is_array($data)) {
$table = $data['comment_type'];
$id = intval($data['comment_item_id']);
$pid = intval($data['comment_pid']);
$subject = $data['comment_subject'];
$comment = $data['comment_comment'];
$author_name = $data['comment_author_name'];
$comment_share = intval($data['comment_share']);
$comment_datestamp = $data['comment_datestamp'];
} else {
$author_name = $data;
//BC Fix.
}
global $e107, $rater;
$sql = e107::getDb();
$sql2 = e107::getDb('sql2');
$tp = e107::getParser();
$pref = e107::getPref();
if ($this->getCommentPermissions() != 'rw') {
return;
}
if ($user_func = e107::getOverride()->check($this, 'enter_comment')) {
return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex));
}
if (!isset($_POST['e-token'])) {
$_POST['e-token'] = '';
}
// check posted token
if (!e107::getSession()->check(false)) {
return false;
}
// This will return false on error
if (isset($_GET['comment']) && $_GET['comment'] == 'edit') {
$eaction = 'edit';
$editpid = $_GET['comment_id'];
} elseif (strstr(e_QUERY, "edit")) {
$eaction = "edit";
$tmp = explode(".", e_QUERY);
$count = 0;
foreach ($tmp as $t) {
if ($t == "edit") {
$editpid = $tmp[$count + 1];
break;
}
$count++;
}
}
$type = $this->getCommentType($table);
$comment = $tp->toDB($comment);
$subject = $tp->toDB($subject);
$cuser_id = 0;
$cuser_name = 'Anonymous';
// Preset as an anonymous comment
if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) {
if ($_POST['comment']) {
if (USER == TRUE) {
$cuser_id = USERID;
$cuser_name = USERNAME;
$cuser_mail = USEREMAIL;
} elseif ($_POST['author_name'] != '') {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) {
if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) {
//list($cuser_id, $cuser_name) = $sql2->db_Fetch();
$tmp = $sql2->fetch();
$cuser_id = $tmp['user_id'];
$cuser_name = $tmp['user_name'];
$cuser_mail = $tmp['user_email'];
} else {
define("emessage", COMLAN_310);
}
} else {
$cuser_name = $tp->toDB($author_name);
}
}
if (!defined("emessage")) {
$ip = $e107->getip();
// Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form
$_t = time();
if ($editpid) {
$comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]";
$sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' ");
e107::getCache()->clear("comment");
return;
}
//FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize)
$edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share);
//SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check
$edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t));
if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) {
return false;
//3rd party code interception
}
//allow 3rd party code to modify insert data
if (is_array($edata_li_hook)) {
foreach (array_keys($edata_li) as $k) {
if (isset($edata_li_hook[$k])) {
$edata_li[$k] = $edata_li_hook[$k];
//sanitize?
continue;
}
if ($k === 'break') {
$break = $edata_li_hook[$k];
}
}
}
unset($edata_li_hook);
if (!($inserted_id = $sql->insert("comments", $edata_li))) {
//echo "<b>".COMLAN_323."</b> ".COMLAN_11;
if (e_AJAX_REQUEST) {
return "Error";
}
e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR);
} else {
if (USER == true) {
$sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' ");
}
// Next item for backward compatibility
$edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name;
$edata_li["comment_time"] = $_t;
$edata_li["comment_id"] = $inserted_id;
//Why?
/*unset($edata_li['comment_pid']);
unset($edata_li['comment_author_email']);
unset($edata_li['comment_ip']);*/
e107::getEvent()->trigger("postcomment", $edata_li);
e107::getCache()->clear("comment");
if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) {
$sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id));
}
//if rateindex is posted, enter the rating from this user
// if ($rateindex)
// {
// $rater->enterrating($rateindex);
// }
return $inserted_id;
// return the ID number so it can be used. true;
}
}
}
} else {
define("emessage", COMLAN_312);
}
if (defined("emessage")) {
if (e_AJAX_REQUEST) {
return emessage;
}
message_handler("ALERT", emessage);
}
return false;
}
/**
* Checks user password againt preferences set etc
* Assumes that $this->userData array already set up
*
* @param string $username - the user name string as entered (might not relate to the intended user at this stage)
* @param string $userpass - as entered
* @param string $response - received string if CHAP used
* @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE
* @return TRUE if valid password
* otherwise FALSE
*/
protected function checkUserPassword($username, $userpass, $response, $forceLogin)
{
$pref = e107::getPref();
if ($forceLogin === 'provider') {
return true;
}
if ($this->lookEmail && vartrue($pref['passwordEncoding'])) {
$tmp = e107::getArrayStorage()->unserialize($this->userData['user_prefs']);
if (!$tmp && $this->userData['user_prefs']) {
$tmp = unserialize($this->userData['user_prefs']);
}
// try old storage type
$requiredPassword = varset($tmp['email_password'], $this->userData['user_password']);
// Use email-specific password if set. Otherwise, 'normal' one might work
unset($tmp);
} else {
$requiredPassword = $this->userData['user_password'];
}
// FIXME - [SecretR] $username is not set and I really can't get the idea.
//$username = $this->userData['user_loginname']; // TODO for Steve - temporary fix, where $username comes from?
// Now check password
if ($forceLogin) {
if (md5($this->userData['user_name'] . $this->userData['user_password'] . $this->userData['user_join']) != $userpass) {
return $this->invalidLogin($username, LOGIN_BAD_PW);
}
} else {
$session = e107::getSession();
$gotChallenge = $session->is('challenge');
//$aLogVal = "U: {$username}, P: ******, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']} Prf: {$pref['password_CHAP']}/{$gotChallenge}";
if ($pref['password_CHAP'] > 0 && ($response && $gotChallenge) && $response != $session->get('challenge') || $pref['password_CHAP'] == 2) {
// Verify using CHAP
//$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login",$aLogVal, FALSE, LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $requiredPassword)) === PASSWORD_INVALID) {
return $this->invalidLogin($username, LOGIN_CHAP_FAIL);
}
} else {
// Plaintext password
//$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login",$aLogVal, FALSE,LOG_TO_ROLLING);
if (($pass_result = $this->userMethods->CheckPassword($userpass, $this->lookEmail ? $this->userData['user_loginname'] : $username, $requiredPassword)) === PASSWORD_INVALID) {
return $this->invalidLogin($username, LOGIN_BAD_PW);
}
}
$this->passResult = $pass_result;
}
return TRUE;
}
/**
* Admin auth check
* @param string $authname, entered name
* @param string $authpass, entered pass
* @param object $authresponse [optional]
* @return boolean if fail, else result array
*/
public function authcheck($authname, $authpass, $authresponse = '')
{
$pref = e107::getPref();
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getUserSession();
$reason = '';
$authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname)));
$authpass = trim($authpass);
if ($authpass == '' && $authresponse == '' || $authname == '') {
$reason = 'np';
}
if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) {
$reason = 'lu';
}
if (!$reason) {
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
} elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
$authname = $row['user_loginname'];
} else {
$reason = 'iu';
}
}
if (!$reason && $row['user_id']) {
$session = e107::getSession();
if ($authresponse && $session->is('prevchallenge') && $authresponse != $session->get('prevchallenge')) {
// Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
/*
$title = 'Login via admin';
$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
$text = 'CHAP: '.$username.' ('.$extra_text.')';
$title = e107::getParser()->toDB($title);
$text = e107::getParser()->toDB($text);
e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
$logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
*/
if (($pass_result = $user_info->CheckCHAP($session->get('prevchallenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
} else {
// Plaintext password
/*
$title = 'Login via admin';
$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
$text = 'STD: '.$username.' ('.$extra_text.')';
$title = e107::getParser()->toDB($title);
$text = e107::getParser()->toDB($text);
e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
// $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
*/
if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
}
}
return array("authfail", "reason" => $reason);
}
$id = varset($tmp[2]);
unset($tmp);
} elseif (!getperms('0')) {
$action = 'tools';
}
if (isset($_POST['submit_prefs']) && isset($_POST['mainsitelanguage']) && getperms('0')) {
unset($temp);
$changes = array();
$temp['multilanguage'] = $_POST['multilanguage'];
$temp['multilanguage_subdomain'] = $_POST['multilanguage_subdomain'];
$temp['multilanguage_domain'] = $_POST['multilanguage_domain'];
$temp['sitelanguage'] = $_POST['mainsitelanguage'];
$temp['adminlanguage'] = $_POST['mainadminlanguage'];
$temp['noLanguageSubs'] = $_POST['noLanguageSubs'];
e107::getConfig()->setPref($temp)->save(true);
e107::getSession()->clear('e_language');
}
// ----------------- delete tables ---------------------------------------------
if (isset($_POST['del_existing']) && $_POST['lang_choices'] && getperms('0')) {
$lang = strtolower($_POST['lang_choices']);
foreach ($tabs as $del_table) {
if ($sql->db_Table_exists($lang . "_" . $del_table, TRUE)) {
// echo $del_table." exists<br />";
$qry = "DROP TABLE " . $mySQLprefix . "lan_" . $lang . "_" . $del_table;
if (mysql_query($qry)) {
$msg = $tp->lanVars(LANG_LAN_100, $_POST['lang_choices'] . ' ' . $del_table);
$message .= $msg . '[!br!]';
$mes->addSuccess($msg);
} else {
$msg = $tp->lanVars(LANG_LAN_101, $_POST['lang_choices'] . ' ' . $del_table);
$message .= $msg . '[!br!]';
/**
* Get session handler
* @return eMessage
*/
public function getSessionHandler()
{
if (null === $this->_session_handler) {
$session = e107::getSession();
if (!$session->has($this->_session_id)) {
$session->set($this->_session_id, array());
}
$this->_session_handler = $session;
}
return $this->_session_handler;
}
}
// v2 Custom language File Path.
$customLan2 = e_SYSTEM . '/lans/' . e_LANGUAGE . '_custom.php';
if (is_readable($customLan2)) {
include $customLan2;
}
unset($customLan, $customLan2);
$sql->db_Mark_Time('Start: Global Language Files');
if (isset($pref['lan_global_list'])) {
foreach ($pref['lan_global_list'] as $path) {
e107::plugLan($path, 'global', true);
}
}
$sql->db_Mark_Time('Start: CHAP challenge');
$die = e_AJAX_REQUEST == true ? false : true;
e107::getSession()->challenge()->check($die);
// Token protection
unset($die);
//
// N: misc setups: online user tracking, cache
//
$sql->db_Mark_Time('Start: Misc resources. Online user tracking, cache');
/**
* @deprecated BC, call the method only when needed, $e107->ecache caught by __get()
*/
$e107cache = e107::getCache();
//TODO - find & replace $e107cache, $e107->ecache
//DEPRECATED, BC, call the method only when needed, $e107->override caught by __get()
$override = e107::getSingleton('override', true);
//TODO - find & replace $override, $e107->override
//DEPRECATED, BC, call the method only when needed, $e107->user_class caught by __get()
/**
* Handle the Ajax quick-reply.
*/
function ajaxQuickReply()
{
$tp = e107::getParser();
if (!isset($_POST['e_token'])) {
$_POST['e_token'] = '';
}
if (!e107::getSession()->check(false) || !$this->checkPerm($_POST['post'], 'post')) {
//$ret['status'] = 'ok';
// $ret['msg'] = "Token Error";
// echo json_encode($ret);
exit;
}
if (varset($_POST['action']) == 'quickreply' && vartrue($_POST['text'])) {
$postInfo = array();
$postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE);
if (USER) {
$postInfo['post_user'] = USERID;
} else {
$postInfo['post_user_anon'] = $_POST['anonname'];
}
$postInfo['post_entry'] = $_POST['text'];
$postInfo['post_forum'] = intval($_POST['post']);
$postInfo['post_datestamp'] = time();
$postInfo['post_thread'] = intval($_POST['thread']);
$postInfo['post_id'] = $this->postAdd($postInfo);
// save it.
$postInfo['user_name'] = USERNAME;
$postInfo['user_email'] = USEREMAIL;
$postInfo['user_image'] = USERIMAGE;
$postInfo['user_signature'] = USERSIGNATURE;
if ($_POST['insert'] == 1) {
$tmpl = e107::getTemplate('forum', 'forum_viewtopic', 'replies');
$sc = e107::getScBatch('view', 'forum');
$sc->setScVar('postInfo', $postInfo);
$ret['html'] = $tp->parseTemplate($tmpl, true, $sc) . "\n";
} else {
$ret['html'] = false;
}
$ret['status'] = 'ok';
$ret['msg'] = "Your post has been added";
//echo $ret;
echo json_encode($ret);
}
e107::getSession()->reset();
exit;
}
$core_pref->update($key, $newValue);
/*if($newValue != $core_pref->get($key))
{ // Changed value
$core_pref->set($key, $newValue);
$prefChanges[$key] = $newValue;
}*/
}
$core_pref->save(false);
// special case, do session cleanup, logout, redirect to login screen
if ($sessionRegenerate) {
// reset cookie
cookie($core_pref->get('cookie_name'), $_COOKIE[e_COOKIE], time() + 3600 * 24 * 30, e_HTTP, e107::getLanguage()->getCookieDomain());
cookie(e_COOKIE, null, null);
// regenerate session
$s = $_SESSION;
e107::getSession()->destroy();
$session = new e_core_session(array('name' => $core_pref->get('cookie_name')));
$_SESSION = $s;
}
}
if (e107::isInstalled('alt_auth')) {
$authlist[] = "e107";
$handle = opendir(e_PLUGIN . "alt_auth");
while ($file = readdir($handle)) {
if (preg_match("/^(.*)_auth\\.php/", $file, $match)) {
$authlist[] = $match[1];
}
}
}
function sendTest()
{
/**
* Redirect to the given URI
*
* @param string $url
* @param boolean $replace - default TRUE
* @param integer|null $http_response_code - default NULL
* @return void
*/
public function redirect($url, $replace = TRUE, $http_response_code = NULL)
{
if (session_id()) {
e107::getSession()->end();
}
if (null === $http_response_code) {
header('Location: ' . $url, $replace);
} else {
header('Location: ' . $url, $replace, $http_response_code);
}
// Safari endless loop fix.
header('Content-Length: 0');
// write session if needed
//if(session_id()) session_write_close();
exit;
}
/**
* Redirect to the given URI
*
* @param string $url or error code number. eg. 404 = Not Found. If left empty SITEURL will be used.
* @param boolean $replace - default TRUE
* @param integer|null $http_response_code - default NULL
* @param boolean $preventCache
* @return void
*/
public function go($url = '', $replace = TRUE, $http_response_code = NULL, $preventCache = true)
{
$url = str_replace("&", "&", $url);
// cleanup when using e_QUERY in $url;
if (empty($url)) {
$url = SITEURL;
}
if ($url == 'admin') {
$url = SITEURLBASE . e_ADMIN_ABS;
}
if (defset('e_DEBUG') === 'redirect') {
$error = debug_backtrace();
e107::getLog()->addDebug("URL: " . $url . "\nFile: " . $error[1]['file'] . "\nLine: " . $error[1]['line'] . "\nClass: " . $error[1]['class'] . "\nFunction: " . $error[1]['function'] . "\n\n");
e107::getLog()->toFile('redirect.log', true);
echo "debug active";
return;
}
if (session_id()) {
e107::getSession()->end();
}
if ($preventCache) {
header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0', true);
header('Expires: Sat, 26 Jul 1997 05:00:00 GMT', true);
}
if (null === $http_response_code) {
header('Location: ' . $url, $replace);
} else {
header('Location: ' . $url, $replace, $http_response_code);
}
// Safari endless loop fix.
header('Content-Length: 0');
// write session if needed
//if(session_id()) session_write_close();
exit;
}
/**
* Set Language-specific Constants
* FIXME - language detection is a mess - db handler, mysql handler, session handler and language handler + constants invlolved,
* SIMPLIFY, test, get feedback
* @param string $language
* @return
*/
function setDefs()
{
global $pref;
$language = $this->e_language;
//$session = e107::getSession();
// SecretR - don't register lanlist in session, confusions, save it as class property (lan class is singleton)
e107::getSession()->set('language-list', null);
// cleanup test installs, will be removed soon
/*if(!$session->is('language-list'))
{
$session->set('language-list', implode(',',$this->installed()));
}*/
//define('e_LANLIST', $session->get('language-list'));
define('e_LANLIST', implode(',', $this->installed()));
define('e_LANGUAGE', $language);
define('USERLAN', $language);
// Keep USERLAN for backward compatibility
$iso = $this->convert($language);
define("e_LAN", $iso);
// Below is for BC
if (defined('e_LANCODE') && varset($pref['multilanguage']) && $language != $pref['sitelanguage']) {
define("e_LANQRY", "[" . $iso . "]");
} else {
define("e_LANCODE", '');
define("e_LANQRY", FALSE);
}
}
function Show_PATH($force = false)
{
if (!E107_DBG_PATH && $force === false) {
return FALSE;
}
global $e107;
$sql = e107::getDb();
$text = "<table class='fborder table table-striped table-condensed debug-footer' style='width:100%'>\n\t\t<colgroup>\n\t\t<col style='width:20%' />\n\t\t<col style='width:auto' />\n\t\t</colgroup>\n\t\t<thead>\n\t\t\t<tr>\n\t\t\t\t<th class='fcaption debug-footer-caption left' colspan='2'><b>Paths & Variables</b></th>\n\t\t\t</tr>\n\t\t</thead>\n\t\t<tbody>\n";
$inc = array('BOOTSTRAP', 'HEADERF', 'FOOTERF', 'FILE_UPLOADS', 'FLOODPROTECT', 'FLOODTIMEOUT', 'CHARSET', 'GUESTS_ONLINE', 'MEMBERS_ONLINE', 'PAGE_NAME', 'STANDARDS_MODE', 'TIMEOFFSET', 'TOTAL_ONLINE', 'THEME', 'THEME_ABS', 'THEME_LAYOUT', 'THEME_STYLE', 'META_OG', 'META_DESCRIPTION', 'MPREFIX', 'VIEWPORT', 'BODYTAG', 'CSSORDER');
$userCon = get_defined_constants(true);
ksort($userCon['user']);
foreach ($userCon['user'] as $k => $v) {
if (E107_DBG_ALLERRORS || in_array($k, $inc) || substr($k, 0, 5) == 'ADMIN' || substr($k, 0, 2) == 'E_' || substr($k, 0, 2) == 'e_' || substr($k, 0, 4) == 'E107' || substr($k, 0, 4) == 'SITE' || substr($k, 0, 4) == 'USER' || substr($k, 0, 4) == 'CORE') {
$text .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='forumheader3'>" . $k . "</td>\n\t\t\t\t\t<td class='forumheader3'>" . htmlspecialchars($v) . "</td>\n\t\t\t\t</tr>";
}
}
$sess = e107::getSession();
$text .= "\n\t\t\t\n\t\t\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>SQL Language</td>\n\t\t\t\t<td class='forumheader3'>" . $sql->mySQLlanguage . "</td>\n\t\t\t</tr>\n\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' colspan='2'><pre>" . htmlspecialchars(print_r($e107, TRUE)) . "</pre></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='fcaption' colspan='2'><h2>Session</h2></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session lifetime</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getOption('lifetime') . " seconds</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session domain</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getOption('domain') . "</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session save method</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getSaveMethod() . "</td>\n\t\t\t</tr>\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' colspan='2'><pre>" . htmlspecialchars(print_r($_SESSION, TRUE)) . "</pre></td>\n\t\t\t</tr>\n\t\t\t\n\t\t</tbody>\n\t\t</table>";
return $text;
}
/**
* Admin auth check
* @param string $authname, entered name
* @param string $authpass, entered pass
* @param object $authresponse [optional]
* @return boolean if fail, else result array
*/
public function authcheck($authname, $authpass, $authresponse = '')
{
global $pref;
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getUserSession();
$reason = '';
$authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname)));
$authpass = trim($authpass);
if ($authpass == '' || $authname == '') {
$reason = 'np';
}
if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) {
$reason = 'lu';
}
if (!$reason) {
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
} elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
$authname = $row['user_loginname'];
} else {
$reason = 'iu';
}
}
if (!$reason && $row['user_id']) {
$session = e107::getSession();
if ($authresponse && $session->is('challenge') && $authresponse != $session->get('challenge')) {
// Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
if (($pass_result = $user_info->CheckCHAP($session->get('challenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return ${$row};
}
} else {
// Plaintext password
if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
}
}
return array("authfail", "reason" => $reason);
}
/**
* Destroy cookie/session data, self destroy
* @return e_user
*/
public final function logout()
{
if ($this->hasProvider()) {
$this->getProvider()->logout();
}
$this->logoutAs()->_destroySession();
parent::destroy();
//if(session_id()) session_destroy();
e107::getSession()->destroy();
e107::setRegistry('core/e107/current_user', null);
return $this;
}
if ($use_imagecode) {
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
}
if (!USER) {
require_once e_HANDLER . "form_handler.php";
$rs = new form();
$text = "";
$allowEmailLogin = varset($pref['allowEmailLogin'], 0);
$ulabel = array(LAN_LOGIN_1, LAN_LOGIN_28, LAN_LOGIN_29);
$LOGIN_USERNAME_LABEL = $ulabel[$allowEmailLogin];
$LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE;
$LOGIN_TABLE_USERNAME = "******";
$LOGIN_TABLE_PASSWORD = "******";
if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) {
$LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n";
}
if ($use_imagecode) {
$LOGIN_TABLE_SECIMG_LAN = LAN_LOGIN_13;
$LOGIN_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='" . $sec_img->random_number . "' />";
$LOGIN_TABLE_SECIMG_SECIMG = $sec_img->r_image();
$LOGIN_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />";
}
$LOGIN_TABLE_AUTOLOGIN = "******";
$LOGIN_TABLE_AUTOLOGIN_LAN = LAN_LOGIN_8;
$LOGIN_TABLE_SUBMIT = "<input class='button' type='submit' name='userlogin' value=\"" . LAN_LOGIN_9 . "\" />";
if (!isset($LOGIN_TABLE) || !$LOGIN_TABLE) {
if (file_exists(THEME . 'login_template.php')) {
require_once THEME . 'login_template.php';
} else {
require_once e_BASE . $THEMES_DIRECTORY . "templates/login_template.php";
/**
* Basic implementation of Browser cache control per user session. Awaiting improvement in future versions
* If no argument is passed it returns
* boolean (if current page is cacheable).
* If string is passed, it's asumed to be aboslute request path (e_REQUEST_URI alike)
* If true is passed, e_REQUEST_URI is registered
* @param null $set
* @return bool|void
*/
public static function canCache($set = null)
{
$_data = e107::getSession()->get('__sessionBrowserCache');
if (!is_array($_data)) {
$_data = array();
}
if (null === $set) {
return in_array(e_REQUEST_URI, $_data);
}
// remove e_REQUEST_URI from the set
if (false === $set) {
$check = array_search(e_REQUEST_URI, $_data);
if (false !== $check) {
unset($_data[$check]);
e107::getSession()->set('__sessionBrowserCache', $_data);
return;
}
}
if (true === $set) {
$set = e_REQUEST_URI;
}
if (empty($set) || !is_string($set) || in_array($set, $_data)) {
return;
}
$_data[] = $set;
e107::getSession()->set('__sessionBrowserCache', array_unique($_data));
}
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* Default footer for user pages
*
* $URL$
* $Id$
*
*/
if (!defined('e107_INIT')) {
exit;
}
$In_e107_Footer = TRUE;
// For registered shutdown function
global $error_handler, $db_time, $FOOTER;
// Clean session shutdown
e107::getSession()->shutdown();
// System browser CACHE control - defaults to no cache; override in e107_config or on the fly
// This is temporary solution, we'll implement more flexible way for cache control override
// per page, more investigation needed about cache related headers, browser quirks etc
// Auto-detect from session (registered per page, per user session)
if (!defined('e_NOCACHE')) {
define('e_NOCACHE', !e107::canCache());
}
//
// SHUTDOWN SEQUENCE
//
// The following items have been carefully designed so page processing will finish properly
// Please DO NOT re-order these items without asking first! You WILL break something ;)
// These letters match the ADMIN footer (that's why there is B.1,B.2)
//
// A Ensure sql and traffic objects exist
public function actionEndpoint()
{
require_once e_HANDLER . "hybridauth/Hybrid/Auth.php";
require_once e_HANDLER . "hybridauth/Hybrid/Endpoint.php";
try {
Hybrid_Endpoint::process();
} catch (Exception $e) {
e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true);
$session = e107::getSession();
$session->set('HAuthError', true);
}
}
