[ Index ]

PHP Cross Reference of MyBB 1.8.12

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha,member_register_regimage_nocaptcha,post_captcha_hidden,post_captcha,post_captcha_recaptcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_aim,member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_contact_fields_yahoo,member_profile_pm,member_profile_contact_details";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  $parser = new postParser;
  35  
  36  // Load global language phrases
  37  $lang->load("member");
  38  
  39  $mybb->input['action'] = $mybb->get_input('action');
  40  
  41  // Make navigation
  42  switch($mybb->input['action'])
  43  {
  44      case "register":
  45      case "do_register":
  46          add_breadcrumb($lang->nav_register);
  47          break;
  48      case "activate":
  49          add_breadcrumb($lang->nav_activate);
  50          break;
  51      case "resendactivation":
  52          add_breadcrumb($lang->nav_resendactivation);
  53          break;
  54      case "lostpw":
  55          add_breadcrumb($lang->nav_lostpw);
  56          break;
  57      case "resetpassword":
  58          add_breadcrumb($lang->nav_resetpassword);
  59          break;
  60      case "login":
  61          add_breadcrumb($lang->nav_login);
  62          break;
  63      case "emailuser":
  64          add_breadcrumb($lang->nav_emailuser);
  65          break;
  66  }
  67  
  68  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  69  {
  70      if($mybb->settings['disableregs'] == 1)
  71      {
  72          error($lang->registrations_disabled);
  73      }
  74      if($mybb->user['uid'] != 0)
  75      {
  76          error($lang->error_alreadyregistered);
  77      }
  78      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  79      {
  80          $time = TIME_NOW;
  81          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  82          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  83          $regcount = $db->num_rows($query);
  84          if($regcount >= $mybb->settings['maxregsbetweentime'])
  85          {
  86              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  87              error($lang->error_alreadyregisteredtime);
  88          }
  89      }
  90  }
  91  
  92  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  93  {
  94      $plugins->run_hooks("member_do_register_start");
  95  
  96      // Are checking how long it takes for users to register?
  97      if($mybb->settings['regtime'] > 0)
  98      {
  99          // Is the field actually set?
 100          if(isset($mybb->input['regtime']))
 101          {
 102              // Check how long it took for this person to register
 103              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 104  
 105              // See if they registered faster than normal
 106              if($timetook < $mybb->settings['regtime'])
 107              {
 108                  // This user registered pretty quickly, bot detected!
 109                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 110                  error($lang->error_spam_deny_time);
 111              }
 112          }
 113          else
 114          {
 115              error($lang->error_spam_deny);
 116          }
 117      }
 118  
 119      // If we have hidden CATPCHA enabled and it's filled, deny registration
 120      if($mybb->settings['hiddencaptchaimage'])
 121      {
 122          $string = $mybb->settings['hiddencaptchaimagefield'];
 123  
 124          if(!empty($mybb->input[$string]))
 125          {
 126              error($lang->error_spam_deny);
 127          }
 128      }
 129  
 130      if($mybb->settings['regtype'] == "randompass")
 131      {
 132  
 133          $password_length = (int)$mybb->settings['minpasswordlength'];
 134          if($password_length < 8)
 135          {
 136              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 137          }
 138  
 139          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 140          $mybb->input['password2'] = $mybb->input['password'];
 141      }
 142  
 143      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 144      {
 145          $usergroup = 5;
 146      }
 147      else
 148      {
 149          $usergroup = 2;
 150      }
 151  
 152      // Set up user handler.
 153      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 154      $userhandler = new UserDataHandler("insert");
 155  
 156      $coppauser = 0;
 157      if(isset($mybb->cookies['coppauser']))
 158      {
 159          $coppauser = (int)$mybb->cookies['coppauser'];
 160      }
 161  
 162      // Set the data for the new user.
 163      $user = array(
 164          "username" => $mybb->get_input('username'),
 165          "password" => $mybb->get_input('password'),
 166          "password2" => $mybb->get_input('password2'),
 167          "email" => $mybb->get_input('email'),
 168          "email2" => $mybb->get_input('email2'),
 169          "usergroup" => $usergroup,
 170          "referrer" => $mybb->get_input('referrername'),
 171          "timezone" => $mybb->get_input('timezoneoffset'),
 172          "language" => $mybb->get_input('language'),
 173          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 174          "regip" => $session->packedip,
 175          "coppa_user" => $coppauser,
 176          "regcheck1" => $mybb->get_input('regcheck1'),
 177          "regcheck2" => $mybb->get_input('regcheck2'),
 178          "registration" => true
 179      );
 180  
 181      // Do we have a saved COPPA DOB?
 182      if(isset($mybb->cookies['coppadob']))
 183      {
 184          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 185          $user['birthday'] = array(
 186              "day" => $dob_day,
 187              "month" => $dob_month,
 188              "year" => $dob_year
 189          );
 190      }
 191  
 192      $user['options'] = array(
 193          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 194          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 195          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 196          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 197          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 198          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 199          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 200          "dstcorrection" => $mybb->get_input('dstcorrection')
 201      );
 202  
 203      $userhandler->set_data($user);
 204  
 205      $errors = "";
 206  
 207      if(!$userhandler->validate_user())
 208      {
 209          $errors = $userhandler->get_friendly_errors();
 210      }
 211  
 212      if($mybb->settings['enablestopforumspam_on_register'])
 213      {
 214          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 215  
 216          $stop_forum_spam_checker = new StopForumSpamChecker(
 217              $plugins,
 218              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 219              $mybb->settings['stopforumspam_check_usernames'],
 220              $mybb->settings['stopforumspam_check_emails'],
 221              $mybb->settings['stopforumspam_check_ips'],
 222              $mybb->settings['stopforumspam_log_blocks']
 223          );
 224  
 225          try {
 226              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 227              {
 228                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 229                          $stop_forum_spam_checker->getErrorText(array(
 230                              'stopforumspam_check_usernames',
 231                              'stopforumspam_check_emails',
 232                              'stopforumspam_check_ips'
 233                              ))));
 234              }
 235          }
 236          catch (Exception $e)
 237          {
 238              if($mybb->settings['stopforumspam_block_on_error'])
 239              {
 240                  error($lang->error_stop_forum_spam_fetching);
 241              }
 242          }
 243      }
 244  
 245      if($mybb->settings['captchaimage'])
 246      {
 247          require_once  MYBB_ROOT.'inc/class_captcha.php';
 248          $captcha = new captcha;
 249  
 250          if($captcha->validate_captcha() == false)
 251          {
 252              // CAPTCHA validation failed
 253              foreach($captcha->get_errors() as $error)
 254              {
 255                  $errors[] = $error;
 256              }
 257          }
 258      }
 259  
 260      // If we have a security question, check to see if answer is correct
 261      if($mybb->settings['securityquestion'])
 262      {
 263          $question_id = $db->escape_string($mybb->get_input('question_id'));
 264          $answer = $db->escape_string($mybb->get_input('answer'));
 265  
 266          $query = $db->query("
 267              SELECT q.*, s.sid
 268              FROM ".TABLE_PREFIX."questionsessions s
 269              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 270              WHERE q.active='1' AND s.sid='{$question_id}'
 271          ");
 272          if($db->num_rows($query) > 0)
 273          {
 274              $question = $db->fetch_array($query);
 275              $valid_answers = explode("\n", $question['answer']);
 276              $validated = 0;
 277  
 278              foreach($valid_answers as $answers)
 279              {
 280                  if(my_strtolower($answers) == my_strtolower($answer))
 281                  {
 282                      $validated = 1;
 283                  }
 284              }
 285  
 286              if($validated != 1)
 287              {
 288                  $update_question = array(
 289                      "incorrect" => $question['incorrect'] + 1
 290                  );
 291                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 292  
 293                  $errors[] = $lang->error_question_wrong;
 294              }
 295              else
 296              {
 297                  $update_question = array(
 298                      "correct" => $question['correct'] + 1
 299                  );
 300                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 301              }
 302  
 303              $db->delete_query("questionsessions", "sid='{$sid}'");
 304          }
 305      }
 306  
 307      if(is_array($errors))
 308      {
 309          $username = htmlspecialchars_uni($mybb->get_input('username'));
 310          $email = htmlspecialchars_uni($mybb->get_input('email'));
 311          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 312          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 313  
 314          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 315          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 316  
 317          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 318          {
 319              $allownoticescheck = "checked=\"checked\"";
 320          }
 321  
 322          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 323          {
 324              $hideemailcheck = "checked=\"checked\"";
 325          }
 326  
 327          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 328          {
 329              $no_subscribe_selected = "selected=\"selected\"";
 330          }
 331          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 332          {
 333              $instant_email_subscribe_selected = "selected=\"selected\"";
 334          }
 335          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 336          {
 337              $instant_pm_subscribe_selected = "selected=\"selected\"";
 338          }
 339          else
 340          {
 341              $no_auto_subscribe_selected = "selected=\"selected\"";
 342          }
 343  
 344          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 345          {
 346              $receivepmscheck = "checked=\"checked\"";
 347          }
 348  
 349          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 350          {
 351              $pmnoticecheck = " checked=\"checked\"";
 352          }
 353  
 354          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 355          {
 356              $pmnotifycheck = "checked=\"checked\"";
 357          }
 358  
 359          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 360          {
 361              $invisiblecheck = "checked=\"checked\"";
 362          }
 363  
 364          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 365          {
 366              $dst_auto_selected = "selected=\"selected\"";
 367          }
 368          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 369          {
 370              $dst_enabled_selected = "selected=\"selected\"";
 371          }
 372          else
 373          {
 374              $dst_disabled_selected = "selected=\"selected\"";
 375          }
 376  
 377          $regerrors = inline_error($errors);
 378          $mybb->input['action'] = "register";
 379          $fromreg = 1;
 380      }
 381      else
 382      {
 383          $user_info = $userhandler->insert_user();
 384  
 385          // Invalidate solved captcha
 386          if($mybb->settings['captchaimage'])
 387          {
 388              $captcha->invalidate_captcha();
 389          }
 390  
 391          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 392          {
 393              // Log them in
 394              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true);
 395          }
 396  
 397          if(isset($mybb->cookies['coppauser']))
 398          {
 399              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 400              my_unsetcookie("coppauser");
 401              my_unsetcookie("coppadob");
 402              $plugins->run_hooks("member_do_register_end");
 403              error($lang->redirect_registered_coppa_activate);
 404          }
 405          else if($mybb->settings['regtype'] == "verify")
 406          {
 407              $activationcode = random_str();
 408              $now = TIME_NOW;
 409              $activationarray = array(
 410                  "uid" => $user_info['uid'],
 411                  "dateline" => TIME_NOW,
 412                  "code" => $activationcode,
 413                  "type" => "r"
 414              );
 415              $db->insert_query("awaitingactivation", $activationarray);
 416              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 417              switch($mybb->settings['username_method'])
 418              {
 419                  case 0:
 420                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 421                      break;
 422                  case 1:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 2:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  default:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431              }
 432              my_mail($user_info['email'], $emailsubject, $emailmessage);
 433  
 434              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 435  
 436              $plugins->run_hooks("member_do_register_end");
 437  
 438              error($lang->redirect_registered_activation);
 439          }
 440          else if($mybb->settings['regtype'] == "randompass")
 441          {
 442              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 443              switch($mybb->settings['username_method'])
 444              {
 445                  case 0:
 446                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']);
 447                      break;
 448                  case 1:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']);
 450                      break;
 451                  case 2:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']);
 453                      break;
 454                  default:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $user_info['password']);
 456                      break;
 457              }
 458              my_mail($user_info['email'], $emailsubject, $emailmessage);
 459  
 460              $plugins->run_hooks("member_do_register_end");
 461  
 462              error($lang->redirect_registered_passwordsent);
 463          }
 464          else if($mybb->settings['regtype'] == "admin")
 465          {
 466              $groups = $cache->read("usergroups");
 467              $admingroups = array();
 468              if(!empty($groups)) // Shouldn't be...
 469              {
 470                  foreach($groups as $group)
 471                  {
 472                      if($group['cancp'] == 1)
 473                      {
 474                          $admingroups[] = (int)$group['gid'];
 475                      }
 476                  }
 477              }
 478  
 479              if(!empty($admingroups))
 480              {
 481                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 482                  foreach($admingroups as $admingroup)
 483                  {
 484                      switch($db->type)
 485                      {
 486                          case 'pgsql':
 487                          case 'sqlite':
 488                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 489                              break;
 490                          default:
 491                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 492                              break;
 493                      }
 494                  }
 495                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 496                  while($recipient = $db->fetch_array($q))
 497                  {
 498                      // First we check if the user's a super admin: if yes, we don't care about permissions
 499                      $is_super_admin = is_super_admin($recipient['uid']);
 500                      if(!$is_super_admin)
 501                      {
 502                          // Include admin functions
 503                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 504                          {
 505                              continue;
 506                          }
 507  
 508                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 509  
 510                          // Verify if we have permissions to access user-users
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 512                          if(function_exists("user_admin_permissions"))
 513                          {
 514                              // Get admin permissions
 515                              $adminperms = get_admin_permissions($recipient['uid']);
 516  
 517                              $permissions = user_admin_permissions();
 518                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 519                              {
 520                                  continue; // No permissions
 521                              }
 522                          }
 523                      }
 524  
 525                      // Load language
 526                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 527                      {
 528                          $reset_lang = true;
 529                          $lang->set_language($recipient['language']);
 530                          $lang->load("member");
 531                      }
 532  
 533                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 534                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 535                      my_mail($recipient['email'], $subject, $message);
 536                  }
 537  
 538                  // Reset language
 539                  if(isset($reset_lang))
 540                  {
 541                      $lang->set_language($mybb->settings['bblanguage']);
 542                      $lang->load("member");
 543                  }
 544              }
 545  
 546              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 547  
 548              $plugins->run_hooks("member_do_register_end");
 549  
 550              error($lang->redirect_registered_admin_activate);
 551          }
 552          else if($mybb->settings['regtype'] == "both")
 553          {
 554              $groups = $cache->read("usergroups");
 555              $admingroups = array();
 556              if(!empty($groups)) // Shouldn't be...
 557              {
 558                  foreach($groups as $group)
 559                  {
 560                      if($group['cancp'] == 1)
 561                      {
 562                          $admingroups[] = (int)$group['gid'];
 563                      }
 564                  }
 565              }
 566  
 567              if(!empty($admingroups))
 568              {
 569                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 570                  foreach($admingroups as $admingroup)
 571                  {
 572                      switch($db->type)
 573                      {
 574                          case 'pgsql':
 575                          case 'sqlite':
 576                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 577                              break;
 578                          default:
 579                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 580                              break;
 581                      }
 582                  }
 583                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 584                  while($recipient = $db->fetch_array($q))
 585                  {
 586                      // First we check if the user's a super admin: if yes, we don't care about permissions
 587                      $is_super_admin = is_super_admin($recipient['uid']);
 588                      if(!$is_super_admin)
 589                      {
 590                          // Include admin functions
 591                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 592                          {
 593                              continue;
 594                          }
 595  
 596                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 597  
 598                          // Verify if we have permissions to access user-users
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 600                          if(function_exists("user_admin_permissions"))
 601                          {
 602                              // Get admin permissions
 603                              $adminperms = get_admin_permissions($recipient['uid']);
 604  
 605                              $permissions = user_admin_permissions();
 606                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 607                              {
 608                                  continue; // No permissions
 609                              }
 610                          }
 611                      }
 612  
 613                      // Load language
 614                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 615                      {
 616                          $reset_lang = true;
 617                          $lang->set_language($recipient['language']);
 618                          $lang->load("member");
 619                      }
 620  
 621                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 622                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 623                      my_mail($recipient['email'], $subject, $message);
 624                  }
 625  
 626                  // Reset language
 627                  if(isset($reset_lang))
 628                  {
 629                      $lang->set_language($mybb->settings['bblanguage']);
 630                      $lang->load("member");
 631                  }
 632              }
 633              
 634              $activationcode = random_str();
 635              $activationarray = array(
 636                  "uid" => $user_info['uid'],
 637                  "dateline" => TIME_NOW,
 638                  "code" => $activationcode,
 639                  "type" => "b"
 640              );
 641              $db->insert_query("awaitingactivation", $activationarray);
 642              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 643              switch($mybb->settings['username_method'])
 644              {
 645                  case 0:
 646                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 647                      break;
 648                  case 1:
 649                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 650                      break;
 651                  case 2:
 652                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 653                      break;
 654                  default:
 655                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 656                      break;
 657              }
 658              my_mail($user_info['email'], $emailsubject, $emailmessage);
 659  
 660              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 661  
 662              $plugins->run_hooks("member_do_register_end");
 663  
 664              error($lang->redirect_registered_activation);
 665          }
 666          else
 667          {
 668              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 669  
 670              $plugins->run_hooks("member_do_register_end");
 671  
 672              redirect("index.php", $lang->redirect_registered);
 673          }
 674      }
 675  }
 676  
 677  if($mybb->input['action'] == "coppa_form")
 678  {
 679      if(!$mybb->settings['faxno'])
 680      {
 681          $mybb->settings['faxno'] = "&nbsp;";
 682      }
 683  
 684      $plugins->run_hooks("member_coppa_form");
 685  
 686      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 687      output_page($coppa_form);
 688  }
 689  
 690  if($mybb->input['action'] == "register")
 691  {
 692      $bdaysel = '';
 693      if($mybb->settings['coppa'] == "disabled")
 694      {
 695          $bdaysel = $bday2blank = '';
 696      }
 697      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 698      for($day = 1; $day <= 31; ++$day)
 699      {
 700          $selected = '';
 701          if($mybb->input['bday1'] == $day)
 702          {
 703              $selected = " selected=\"selected\"";
 704          }
 705  
 706          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 707      }
 708  
 709      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 710      $bdaymonthsel = array();
 711      foreach(range(1, 12) as $number)
 712      {
 713          $bdaymonthsel[$number] = '';
 714      }
 715      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 716      $mybb->input['bday3'] = $mybb->get_input('bday3', MyBB::INPUT_INT);
 717  
 718      if($mybb->input['bday3'] == 0)
 719      {
 720          $mybb->input['bday3'] = '';
 721      }
 722  
 723      // Is COPPA checking enabled?
 724      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 725      {
 726          // Just selected DOB, we check
 727          if($mybb->input['bday1'] && $mybb->input['bday2'] && $mybb->input['bday3'])
 728          {
 729              my_unsetcookie("coppauser");
 730  
 731              $months = get_bdays($mybb->input['bday3']);
 732              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $mybb->input['bday3'] < (date("Y")-100) || $mybb->input['bday3'] > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 733              {
 734                  error($lang->error_invalid_birthday);
 735              }
 736  
 737              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $mybb->input['bday3']);
 738  
 739              // Store DOB in cookie so we can save it with the registration
 740              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$mybb->input['bday3']}", -1);
 741  
 742              // User is <= 13, we mark as a coppa user
 743              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 744              {
 745                  my_setcookie("coppauser", 1, -0);
 746                  $under_thirteen = true;
 747              }
 748              $mybb->request_method = "";
 749          }
 750          // Show DOB select form
 751          else
 752          {
 753              $plugins->run_hooks("member_register_coppa");
 754  
 755              my_unsetcookie("coppauser");
 756  
 757              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 758              output_page($coppa);
 759              exit;
 760          }
 761      }
 762  
 763      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 764      {
 765          $coppa_agreement = '';
 766          // Is this user a COPPA user? We need to show the COPPA agreement too
 767          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 768          {
 769              if($mybb->settings['coppa'] == "deny")
 770              {
 771                  error($lang->error_need_to_be_thirteen);
 772              }
 773              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 774              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 775          }
 776  
 777          $plugins->run_hooks("member_register_agreement");
 778  
 779          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 780          output_page($agreement);
 781      }
 782      else
 783      {
 784          $plugins->run_hooks("member_register_start");
 785  
 786          $validator_extra = '';
 787  
 788          if(isset($mybb->input['timezoneoffset']))
 789          {
 790              $timezoneoffset = $mybb->get_input('timezoneoffset');
 791          }
 792          else
 793          {
 794              $timezoneoffset = $mybb->settings['timezoneoffset'];
 795          }
 796          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 797  
 798          $stylelist = build_theme_select("style");
 799  
 800          if($mybb->settings['usertppoptions'])
 801          {
 802              $tppoptions = '';
 803              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 804              if(is_array($explodedtpp))
 805              {
 806                  foreach($explodedtpp as $val)
 807                  {
 808                      $val = trim($val);
 809                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 810                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 811                  }
 812              }
 813              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 814          }
 815          if($mybb->settings['userpppoptions'])
 816          {
 817              $pppoptions = '';
 818              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 819              if(is_array($explodedppp))
 820              {
 821                  foreach($explodedppp as $val)
 822                  {
 823                      $val = trim($val);
 824                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 825                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 826                  }
 827              }
 828              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 829          }
 830          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 831          {
 832              if(isset($mybb->cookies['mybb']['referrer']))
 833              {
 834                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 835                  $ref = $db->fetch_array($query);
 836                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 837                  $referrername = $ref['username'];
 838              }
 839              elseif(isset($referrer))
 840              {
 841                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 842                  $ref = $db->fetch_array($query);
 843                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 844                  $referrername = $ref['username'];
 845              }
 846              elseif(!empty($referrername))
 847              {
 848                  $ref = get_user_by_username($referrername);
 849                  if(!$ref['uid'])
 850                  {
 851                      $errors[] = $lang->error_badreferrer;
 852                  }
 853              }
 854              else
 855              {
 856                  $referrername = '';
 857              }
 858              if(isset($quickreg))
 859              {
 860                  $refbg = "trow1";
 861              }
 862              else
 863              {
 864                  $refbg = "trow2";
 865              }
 866              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 867          }
 868          else
 869          {
 870              $referrer = '';
 871          }
 872          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 873          // Custom profile fields baby!
 874          $altbg = "trow1";
 875          $requiredfields = $customfields = '';
 876  
 877          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 878          {
 879              $usergroup = 5;
 880          }
 881          else
 882          {
 883              $usergroup = 2;
 884          }
 885  
 886          $pfcache = $cache->read('profilefields');
 887  
 888          if(is_array($pfcache))
 889          {
 890              foreach($pfcache as $profilefield)
 891              {
 892                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 893                  {
 894                      continue;
 895                  }
 896  
 897                  $code = $select = $val = $options = $expoptions = $useropts = '';
 898                  $seloptions = array();
 899                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 900                  $thing = explode("\n", $profilefield['type'], "2");
 901                  $type = trim($thing[0]);
 902                  $options = $thing[1];
 903                  $select = '';
 904                  $field = "fid{$profilefield['fid']}";
 905                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 906                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 907                  if($errors && isset($mybb->input['profile_fields'][$field]))
 908                  {
 909                      $userfield = $mybb->input['profile_fields'][$field];
 910                  }
 911                  else
 912                  {
 913                      $userfield = '';
 914                  }
 915                  if($type == "multiselect")
 916                  {
 917                      if($errors)
 918                      {
 919                          $useropts = $userfield;
 920                      }
 921                      else
 922                      {
 923                          $useropts = explode("\n", $userfield);
 924                      }
 925                      if(is_array($useropts))
 926                      {
 927                          foreach($useropts as $key => $val)
 928                          {
 929                              $seloptions[$val] = $val;
 930                          }
 931                      }
 932                      $expoptions = explode("\n", $options);
 933                      if(is_array($expoptions))
 934                      {
 935                          foreach($expoptions as $key => $val)
 936                          {
 937                              $val = trim($val);
 938                              $val = str_replace("\n", "\\n", $val);
 939  
 940                              $sel = "";
 941                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
 942                              {
 943                                  $sel = ' selected="selected"';
 944                              }
 945  
 946                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 947                          }
 948                          if(!$profilefield['length'])
 949                          {
 950                              $profilefield['length'] = 3;
 951                          }
 952  
 953                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 954                      }
 955                  }
 956                  elseif($type == "select")
 957                  {
 958                      $expoptions = explode("\n", $options);
 959                      if(is_array($expoptions))
 960                      {
 961                          foreach($expoptions as $key => $val)
 962                          {
 963                              $val = trim($val);
 964                              $val = str_replace("\n", "\\n", $val);
 965                              $sel = "";
 966                              if($val == $userfield)
 967                              {
 968                                  $sel = ' selected="selected"';
 969                              }
 970  
 971                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 972                          }
 973                          if(!$profilefield['length'])
 974                          {
 975                              $profilefield['length'] = 1;
 976                          }
 977  
 978                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 979                      }
 980                  }
 981                  elseif($type == "radio")
 982                  {
 983                      $expoptions = explode("\n", $options);
 984                      if(is_array($expoptions))
 985                      {
 986                          foreach($expoptions as $key => $val)
 987                          {
 988                              $checked = "";
 989                              if($val == $userfield)
 990                              {
 991                                  $checked = 'checked="checked"';
 992                              }
 993  
 994                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 995                          }
 996                      }
 997                  }
 998                  elseif($type == "checkbox")
 999                  {
1000                      if($errors)
1001                      {
1002                          $useropts = $userfield;
1003                      }
1004                      else
1005                      {
1006                          $useropts = explode("\n", $userfield);
1007                      }
1008                      if(is_array($useropts))
1009                      {
1010                          foreach($useropts as $key => $val)
1011                          {
1012                              $seloptions[$val] = $val;
1013                          }
1014                      }
1015                      $expoptions = explode("\n", $options);
1016                      if(is_array($expoptions))
1017                      {
1018                          foreach($expoptions as $key => $val)
1019                          {
1020                              $checked = "";
1021                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1022                              {
1023                                  $checked = 'checked="checked"';
1024                              }
1025  
1026                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1027                          }
1028                      }
1029                  }
1030                  elseif($type == "textarea")
1031                  {
1032                      $value = htmlspecialchars_uni($userfield);
1033                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1034                  }
1035                  else
1036                  {
1037                      $value = htmlspecialchars_uni($userfield);
1038                      $maxlength = "";
1039                      if($profilefield['maxlength'] > 0)
1040                      {
1041                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1042                      }
1043  
1044                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1045                  }
1046  
1047                  if($profilefield['required'] == 1)
1048                  {
1049                      // JS validator extra, choose correct selectors for everything except single select which always has value
1050                      if($type != 'select')
1051                      {
1052                          if($type == "textarea")
1053                          {
1054                              $inp_selector = "$('textarea[name=\"profile_fields[{$field}]\"]')";                    
1055                          }
1056                          elseif($type == "multiselect")
1057                          {
1058                              $inp_selector = "$('select[name=\"profile_fields[{$field}][]\"]')";                    
1059                          }
1060                          elseif($type == "checkbox")
1061                          {
1062                              $inp_selector = "$('input[name=\"profile_fields[{$field}][]\"]')";    
1063                          }
1064                          else
1065                          {
1066                              $inp_selector = "$('input[name=\"profile_fields[{$field}]\"]')";
1067                          }
1068                          
1069                          $validator_extra .= "
1070                          {$inp_selector}.rules('add', {
1071                              required: true,
1072                              messages: {
1073                                  required: '{$lang->js_validator_not_empty}'
1074                              }
1075                          });\n";
1076                      }
1077  
1078                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1079                  }
1080                  else
1081                  {
1082                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1083                  }
1084              }
1085              
1086              if($requiredfields)
1087              {
1088                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1089              }
1090  
1091              if($customfields)
1092              {
1093                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1094              }
1095          }
1096  
1097          if(!isset($fromreg))
1098          {
1099              $allownoticescheck = "checked=\"checked\"";
1100              $hideemailcheck = '';
1101              $receivepmscheck = "checked=\"checked\"";
1102              $pmnoticecheck = " checked=\"checked\"";
1103              $pmnotifycheck = '';
1104              $invisiblecheck = '';
1105              if($mybb->settings['dstcorrection'] == 1)
1106              {
1107                  $enabledstcheck = "checked=\"checked\"";
1108              }
1109              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1110              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1111              $username = $email = $email2 = '';
1112              $regerrors = '';
1113          }
1114          // Spambot registration image thingy
1115          if($mybb->settings['captchaimage'])
1116          {
1117              require_once  MYBB_ROOT.'inc/class_captcha.php';
1118              $captcha = new captcha(true, "member_register_regimage");
1119  
1120              if($captcha->html)
1121              {
1122                  $regimage = $captcha->html;
1123  
1124                  if($mybb->settings['captchaimage'] == 1)
1125                  {
1126                      // JS validator extra for our default CAPTCHA
1127                      $validator_extra .= "
1128                      $('#imagestring').rules('add', {
1129                          required: true,
1130                          remote:{
1131                              url: 'xmlhttp.php?action=validate_captcha',
1132                              type: 'post',
1133                              dataType: 'json',
1134                              data:
1135                              {
1136                                  imagehash: function () {
1137                                      return $('#imagehash').val();
1138                                  },
1139                                  my_post_key: my_post_key
1140                              },
1141                          },
1142                          messages: {
1143                              remote: '{$lang->js_validator_no_image_text}'
1144                          }
1145                      });\n";
1146                  }
1147              }
1148          }
1149  
1150          // Security Question
1151          $questionbox = '';
1152          if($mybb->settings['securityquestion'])
1153          {
1154              $sid = generate_question();
1155              $query = $db->query("
1156                  SELECT q.question, s.sid
1157                  FROM ".TABLE_PREFIX."questionsessions s
1158                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1159                  WHERE q.active='1' AND s.sid='{$sid}'
1160              ");
1161              if($db->num_rows($query) > 0)
1162              {
1163                  $question = $db->fetch_array($query);
1164  
1165                  $refresh = '';
1166                  // Total questions
1167                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1168                  $num = $db->fetch_field($q, 'num');
1169                  if($num > 1)
1170                  {
1171                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1172                  }
1173                  
1174                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1175                  
1176                  $validator_extra .= "
1177                  $('#answer').rules('add', {
1178                      required: true,
1179                      remote:{
1180                          url: 'xmlhttp.php?action=validate_question',
1181                          type: 'post',
1182                          dataType: 'json',
1183                          data:
1184                          {
1185                              question: function () {
1186                                  return $('#question_id').val();
1187                              },
1188                              my_post_key: my_post_key
1189                          },
1190                      },
1191                      messages: {
1192                          remote: '{$lang->js_validator_no_security_question}'
1193                      }
1194                  });\n";
1195              }
1196          }
1197  
1198          $hiddencaptcha = '';
1199          // Hidden CAPTCHA for Spambots
1200          if($mybb->settings['hiddencaptchaimage'])
1201          {
1202              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1203  
1204              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1205          }
1206          if($mybb->settings['regtype'] != "randompass")
1207          {
1208              // JS validator extra
1209              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1210  
1211              // See if the board has "require complex passwords" enabled.
1212              if($mybb->settings['requirecomplexpasswords'] == 1)
1213              {
1214                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1215                  
1216                  $validator_extra .= "
1217                  $('#password').rules('add', {
1218                      required: true,
1219                      minlength: {$mybb->settings['minpasswordlength']},
1220                      remote:{
1221                          url: 'xmlhttp.php?action=complex_password',
1222                          type: 'post',
1223                          dataType: 'json',
1224                          data:
1225                          {
1226                              my_post_key: my_post_key
1227                          },
1228                      },
1229                      messages: {
1230                          minlength: '{$lang->js_validator_password_length}',
1231                          required: '{$lang->js_validator_password_length}',
1232                          remote: '{$lang->js_validator_no_image_text}'
1233                      }
1234                  });\n";
1235              }
1236              else
1237              {
1238                  $validator_extra .= "
1239                  $('#password').rules('add', {
1240                      required: true,
1241                      minlength: {$mybb->settings['minpasswordlength']},
1242                      messages: {
1243                          minlength: '{$lang->js_validator_password_length}',
1244                          required: '{$lang->js_validator_password_length}'
1245                      }
1246                  });\n";
1247              }
1248  
1249              $validator_extra .= "
1250                  $('#password2').rules('add', {
1251                      required: true,
1252                      minlength: {$mybb->settings['minpasswordlength']},
1253                      equalTo: '#password',
1254                      messages: {
1255                          minlength: '{$lang->js_validator_password_length}',
1256                          required: '{$lang->js_validator_password_length}',
1257                          equalTo: '{$lang->js_validator_password_matches}'
1258                      }
1259                  });\n";
1260  
1261              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1262          }
1263  
1264          // JS validator extra
1265          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
1266          {
1267              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
1268          }
1269  
1270          $languages = $lang->get_languages();
1271          $langoptions = $boardlanguage = '';
1272          if(count($languages) > 1)
1273          {
1274              foreach($languages as $name => $language)
1275              {
1276                  $language = htmlspecialchars_uni($language);
1277  
1278                  $sel = '';
1279                  if($mybb->get_input('language') == $name)
1280                  {
1281                      $sel = " selected=\"selected\"";
1282                  }
1283  
1284                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1285              }
1286  
1287              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1288          }
1289  
1290          // Set the time so we can find automated signups
1291          $time = TIME_NOW;
1292  
1293          $plugins->run_hooks("member_register_end");
1294  
1295          eval("\$registration = \"".$templates->get("member_register")."\";");
1296          output_page($registration);
1297      }
1298  }
1299  
1300  if($mybb->input['action'] == "activate")
1301  {
1302      $plugins->run_hooks("member_activate_start");
1303  
1304      if(isset($mybb->input['username']))
1305      {
1306          $mybb->input['username'] = $mybb->get_input('username');
1307          $options = array(
1308              'username_method' => $mybb->settings['username_method'],
1309              'fields' => '*',
1310          );
1311          $user = get_user_by_username($mybb->input['username'], $options);
1312          if(!$user)
1313          {
1314              switch($mybb->settings['username_method'])
1315              {
1316                  case 0:
1317                      error($lang->error_invalidpworusername);
1318                      break;
1319                  case 1:
1320                      error($lang->error_invalidpworusername1);
1321                      break;
1322                  case 2:
1323                      error($lang->error_invalidpworusername2);
1324                      break;
1325                  default:
1326                      error($lang->error_invalidpworusername);
1327                      break;
1328              }
1329          }
1330          $uid = $user['uid'];
1331      }
1332      else
1333      {
1334          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1335      }
1336      if(isset($mybb->input['code']) && $user)
1337      {
1338          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1339          $activation = $db->fetch_array($query);
1340          if(!$activation['uid'])
1341          {
1342              error($lang->error_alreadyactivated);
1343          }
1344          if($activation['code'] !== $mybb->get_input('code'))
1345          {
1346              error($lang->error_badactivationcode);
1347          }
1348  
1349          if($activation['type'] == "b" && $activation['validated'] == 1)
1350          {
1351              error($lang->error_alreadyvalidated);
1352          }
1353  
1354          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1355  
1356          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1357          {
1358              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1359  
1360              $cache->update_awaitingactivation();
1361          }
1362          if($activation['type'] == "e")
1363          {
1364              $newemail = array(
1365                  "email" => $db->escape_string($activation['misc']),
1366              );
1367              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1368              $plugins->run_hooks("member_activate_emailupdated");
1369  
1370              redirect("usercp.php", $lang->redirect_emailupdated);
1371          }
1372          elseif($activation['type'] == "b")
1373          {
1374              $update = array(
1375                  "validated" => 1,
1376              );
1377              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1378              $plugins->run_hooks("member_activate_emailactivated");
1379  
1380              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1381          }
1382          else
1383          {
1384              $plugins->run_hooks("member_activate_accountactivated");
1385  
1386              redirect("index.php", $lang->redirect_accountactivated);
1387          }
1388      }
1389      else
1390      {
1391          $plugins->run_hooks("member_activate_form");
1392  
1393          $code = htmlspecialchars_uni($mybb->get_input('code'));
1394  
1395          if(!isset($user['username']))
1396          {
1397              $user['username'] = '';
1398          }
1399          $user['username'] = htmlspecialchars_uni($user['username']);
1400  
1401          eval("\$activate = \"".$templates->get("member_activate")."\";");
1402          output_page($activate);
1403      }
1404  }
1405  
1406  if($mybb->input['action'] == "resendactivation")
1407  {
1408      $plugins->run_hooks("member_resendactivation");
1409  
1410      if($mybb->settings['regtype'] == "admin")
1411      {
1412          error($lang->error_activated_by_admin);
1413      }
1414      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1415      {
1416          error($lang->error_alreadyactivated);
1417      }
1418  
1419      $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND type='b'");
1420      $activation = $db->fetch_array($query);
1421  
1422      if($activation['validated'] == 1)
1423      {
1424          error($lang->error_activated_by_admin);
1425      }
1426  
1427      $plugins->run_hooks("member_resendactivation_end");
1428  
1429      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1430      output_page($activate);
1431  }
1432  
1433  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1434  {
1435      $plugins->run_hooks("member_do_resendactivation_start");
1436  
1437      if($mybb->settings['regtype'] == "admin")
1438      {
1439          error($lang->error_activated_by_admin);
1440      }
1441  
1442      $query = $db->query("
1443          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1444          FROM ".TABLE_PREFIX."users u
1445          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r' OR a.type='b')
1446          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1447      ");
1448      $numusers = $db->num_rows($query);
1449      if($numusers < 1)
1450      {
1451          error($lang->error_invalidemail);
1452      }
1453      else
1454      {
1455          while($user = $db->fetch_array($query))
1456          {
1457              if($user['type'] == "b" && $user['validated'] == 1)
1458              {
1459                  error($lang->error_activated_by_admin);
1460              }
1461  
1462              if($user['usergroup'] == 5)
1463              {
1464                  if(!$user['code'])
1465                  {
1466                      $user['code'] = random_str();
1467                      $uid = $user['uid'];
1468                      $awaitingarray = array(
1469                          "uid" => $uid,
1470                          "dateline" => TIME_NOW,
1471                          "code" => $user['code'],
1472                          "type" => $user['type']
1473                      );
1474                      $db->insert_query("awaitingactivation", $awaitingarray);
1475                  }
1476                  $username = $user['username'];
1477                  $email = $user['email'];
1478                  $activationcode = $user['code'];
1479                  $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1480                  switch($mybb->settings['username_method'])
1481                  {
1482                      case 0:
1483                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1484                          break;
1485                      case 1:
1486                          $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1487                          break;
1488                      case 2:
1489                          $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1490                          break;
1491                      default:
1492                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1493                          break;
1494                  }
1495                  my_mail($email, $emailsubject, $emailmessage);
1496              }
1497          }
1498          $plugins->run_hooks("member_do_resendactivation_end");
1499  
1500          redirect("index.php", $lang->redirect_activationresent);
1501      }
1502  }
1503  
1504  if($mybb->input['action'] == "lostpw")
1505  {
1506      $plugins->run_hooks("member_lostpw");
1507  
1508      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1509      output_page($lostpw);
1510  }
1511  
1512  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1513  {
1514      $plugins->run_hooks("member_do_lostpw_start");
1515  
1516      $email = $db->escape_string($email);
1517      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1518      $numusers = $db->num_rows($query);
1519      if($numusers < 1)
1520      {
1521          error($lang->error_invalidemail);
1522      }
1523      else
1524      {
1525          while($user = $db->fetch_array($query))
1526          {
1527              $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1528              $user['activationcode'] = random_str(30);
1529              $now = TIME_NOW;
1530              $uid = $user['uid'];
1531              $awaitingarray = array(
1532                  "uid" => $user['uid'],
1533                  "dateline" => TIME_NOW,
1534                  "code" => $user['activationcode'],
1535                  "type" => "p"
1536              );
1537              $db->insert_query("awaitingactivation", $awaitingarray);
1538              $username = $user['username'];
1539              $email = $user['email'];
1540              $activationcode = $user['activationcode'];
1541              $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1542              switch($mybb->settings['username_method'])
1543              {
1544                  case 0:
1545                      $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1546                      break;
1547                  case 1:
1548                      $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1549                      break;
1550                  case 2:
1551                      $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1552                      break;
1553                  default:
1554                      $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1555                      break;
1556              }
1557              my_mail($email, $emailsubject, $emailmessage);
1558          }
1559      }
1560      $plugins->run_hooks("member_do_lostpw_end");
1561  
1562      redirect("index.php", $lang->redirect_lostpwsent, "", true);
1563  }
1564  
1565  if($mybb->input['action'] == "resetpassword")
1566  {
1567      $plugins->run_hooks("member_resetpassword_start");
1568  
1569      if(isset($mybb->input['username']))
1570      {
1571          $mybb->input['username'] = $mybb->get_input('username');
1572          $options = array(
1573              'username_method' => $mybb->settings['username_method'],
1574              'fields' => '*',
1575          );
1576          $user = get_user_by_username($mybb->input['username'], $options);
1577          if(!$user)
1578          {
1579              switch($mybb->settings['username_method'])
1580              {
1581                  case 0:
1582                      error($lang->error_invalidpworusername);
1583                      break;
1584                  case 1:
1585                      error($lang->error_invalidpworusername1);
1586                      break;
1587                  case 2:
1588                      error($lang->error_invalidpworusername2);
1589                      break;
1590                  default:
1591                      error($lang->error_invalidpworusername);
1592                      break;
1593              }
1594          }
1595      }
1596      else
1597      {
1598          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1599      }
1600  
1601      if(isset($mybb->input['code']) && $user)
1602      {
1603          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1604          $activationcode = $db->fetch_field($query, 'code');
1605          $now = TIME_NOW;
1606          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1607          {
1608              error($lang->error_badlostpwcode);
1609          }
1610          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1611          $username = $user['username'];
1612  
1613          // Generate a new password, then update it
1614          $password_length = (int)$mybb->settings['minpasswordlength'];
1615  
1616          if($password_length < 8)
1617          {
1618              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1619          }
1620  
1621          // Set up user handler.
1622          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1623          $userhandler = new UserDataHandler('update');
1624  
1625          while(!$userhandler->verify_password())
1626          {
1627              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1628  
1629              $userhandler->set_data(array(
1630                  'uid'        => $user['uid'],
1631                  'username'    => $user['username'],
1632                  'email'        => $user['email'],
1633                  'password'    => $password
1634              ));
1635  
1636              $userhandler->set_validated(true);
1637              $userhandler->errors = array();
1638          }
1639  
1640          $userhandler->update_user();
1641  
1642          $logindetails = array(
1643              'salt'        => $userhandler->data['salt'],
1644              'password'    => $userhandler->data['saltedpw'],
1645              'loginkey'    => $userhandler->data['loginkey'],
1646          );
1647  
1648          $email = $user['email'];
1649  
1650          $plugins->run_hooks("member_resetpassword_process");
1651  
1652          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1653          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1654          my_mail($email, $emailsubject, $emailmessage);
1655  
1656          $plugins->run_hooks("member_resetpassword_reset");
1657  
1658          error($lang->redirect_passwordreset);
1659      }
1660      else
1661      {
1662          $plugins->run_hooks("member_resetpassword_form");
1663  
1664          switch($mybb->settings['username_method'])
1665          {
1666              case 0:
1667                  $lang_username = $lang->username;
1668                  break;
1669              case 1:
1670                  $lang_username = $lang->username1;
1671                  break;
1672              case 2:
1673                  $lang_username = $lang->username2;
1674                  break;
1675              default:
1676                  $lang_username = $lang->username;
1677                  break;
1678          }
1679  
1680          $code = $mybb->get_input('code');
1681  
1682          if(!isset($user['username']))
1683          {
1684              $user['username'] = '';
1685          }
1686          $user['username'] = htmlspecialchars_uni($user['username']);
1687  
1688          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1689          output_page($activate);
1690      }
1691  }
1692  
1693  $do_captcha = $correct = false;
1694  $inline_errors = "";
1695  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1696  {
1697      $plugins->run_hooks("member_do_login_start");
1698  
1699      // Is a fatal call if user has had too many tries
1700      $errors = array();
1701      $logins = login_attempt_check();
1702  
1703      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1704      $loginhandler = new LoginDataHandler("get");
1705  
1706      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1707      {
1708          $mybb->input['password'] = $mybb->get_input('quick_password');
1709          $mybb->input['username'] = $mybb->get_input('quick_username');
1710          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1711      }
1712  
1713      $user = array(
1714          'username' => $mybb->get_input('username'),
1715          'password' => $mybb->get_input('password'),
1716          'remember' => $mybb->get_input('remember'),
1717          'imagestring' => $mybb->get_input('imagestring')
1718      );
1719  
1720      $options = array(
1721          'fields' => 'loginattempts',
1722          'username_method' => (int)$mybb->settings['username_method'],
1723      );
1724  
1725      $user_loginattempts = get_user_by_username($user['username'], $options);
1726      $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1727  
1728      $loginhandler->set_data($user);
1729      $validated = $loginhandler->validate_login();
1730  
1731      if(!$validated)
1732      {
1733          $mybb->input['action'] = "login";
1734          $mybb->request_method = "get";
1735  
1736          my_setcookie('loginattempts', $logins + 1);
1737          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".(int)$loginhandler->login_data['uid']."'", 1, true);
1738  
1739          $errors = $loginhandler->get_friendly_errors();
1740  
1741          $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1742  
1743          // If we need a captcha set it here
1744          if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1745          {
1746              $do_captcha = true;
1747              $correct = $loginhandler->captcha_verified;
1748          }
1749      }
1750      else if($validated && $loginhandler->captcha_verified == true)
1751      {
1752          // Successful login
1753          if($loginhandler->login_data['coppauser'])
1754          {
1755              error($lang->error_awaitingcoppa);
1756          }
1757  
1758          $loginhandler->complete_login();
1759  
1760          $plugins->run_hooks("member_do_login_end");
1761  
1762          $mybb->input['url'] = $mybb->get_input('url');
1763  
1764          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1765          {
1766              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1767              {
1768                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1769              }
1770  
1771              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1772  
1773              // Redirect to the URL if it is not member.php
1774              redirect($mybb->input['url'], $lang->redirect_loggedin);
1775          }
1776          else
1777          {
1778  
1779              redirect("index.php", $lang->redirect_loggedin);
1780          }
1781      }
1782  
1783      $plugins->run_hooks("member_do_login_end");
1784  }
1785  
1786  if($mybb->input['action'] == "login")
1787  {
1788      $plugins->run_hooks("member_login");
1789  
1790      $member_loggedin_notice = "";
1791      if($mybb->user['uid'] != 0)
1792      {
1793          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1794          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1795          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1796      }
1797  
1798      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1799      // Is a fatal call if user has had too many tries
1800      login_attempt_check();
1801  
1802      // Redirect to the page where the user came from, but not if that was the login page.
1803      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1804      {
1805          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1806      }
1807      else
1808      {
1809          $redirect_url = '';
1810      }
1811  
1812      $captcha = '';
1813      // Show captcha image for guests if enabled and only if we have to do
1814      if($mybb->settings['captchaimage'] && $do_captcha == true)
1815      {
1816          require_once  MYBB_ROOT.'inc/class_captcha.php';
1817          $login_captcha = new captcha(false, "post_captcha");
1818  
1819          if($login_captcha->type == 1)
1820          {
1821              if(!$correct)
1822              {
1823                  $login_captcha->build_captcha();
1824              }
1825              else
1826              {
1827                  $captcha = $login_captcha->build_hidden_captcha();
1828              }
1829          }
1830          elseif($login_captcha->type == 2 || $login_captcha->type == 4)
1831          {
1832              $login_captcha->build_recaptcha();
1833          }
1834  
1835          if($login_captcha->html)
1836          {
1837              $captcha = $login_captcha->html;
1838          }
1839      }
1840  
1841      $username = "";
1842      $password = "";
1843      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1844      {
1845          $username = htmlspecialchars_uni($mybb->get_input('username'));
1846      }
1847  
1848      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1849      {
1850          $password = htmlspecialchars_uni($mybb->get_input('password'));
1851      }
1852  
1853      if(!empty($errors))
1854      {
1855          $mybb->input['action'] = "login";
1856          $mybb->request_method = "get";
1857  
1858          $inline_errors = inline_error($errors);
1859      }
1860  
1861      switch($mybb->settings['username_method'])
1862      {
1863          case 1:
1864              $lang->username = $lang->username1;
1865              break;
1866          case 2:
1867              $lang->username = $lang->username2;
1868              break;
1869          default:
1870              break;
1871      }
1872  
1873      $plugins->run_hooks("member_login_end");
1874  
1875      eval("\$login = \"".$templates->get("member_login")."\";");
1876      output_page($login);
1877  }
1878  
1879  if($mybb->input['action'] == "logout")
1880  {
1881      $plugins->run_hooks("member_logout_start");
1882  
1883      if(!$mybb->user['uid'])
1884      {
1885          redirect("index.php", $lang->redirect_alreadyloggedout);
1886      }
1887  
1888      // Check session ID if we have one
1889      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
1890      {
1891          error($lang->error_notloggedout);
1892      }
1893      // Otherwise, check logoutkey
1894      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
1895      {
1896          error($lang->error_notloggedout);
1897      }
1898  
1899      my_unsetcookie("mybbuser");
1900      my_unsetcookie("sid");
1901  
1902      if($mybb->user['uid'])
1903      {
1904          $time = TIME_NOW;
1905          // Run this after the shutdown query from session system
1906          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
1907          $db->delete_query("sessions", "sid = '{$session->sid}'");
1908      }
1909  
1910      $plugins->run_hooks("member_logout_end");
1911  
1912      redirect("index.php", $lang->redirect_loggedout);
1913  }
1914  
1915  if($mybb->input['action'] == "viewnotes")
1916  {
1917      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1918      $user = get_user($uid);
1919  
1920      // Make sure we are looking at a real user here.
1921      if(!$user)
1922      {
1923          error($lang->error_nomember);
1924      }
1925  
1926      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
1927      {
1928          error_no_permission();
1929      }
1930  
1931      $user['username'] = htmlspecialchars_uni($user['username']);
1932      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
1933  
1934      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
1935  
1936      $plugins->run_hooks('member_viewnotes');
1937  
1938      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
1939      echo $viewnotes;
1940      exit;
1941  }
1942  
1943  if($mybb->input['action'] == "profile")
1944  {
1945      $plugins->run_hooks("member_profile_start");
1946  
1947      if($mybb->usergroup['canviewprofiles'] == 0)
1948      {
1949          error_no_permission();
1950      }
1951  
1952      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1953      if($uid)
1954      {
1955          $memprofile = get_user($uid);
1956      }
1957      elseif($mybb->user['uid'])
1958      {
1959          $memprofile = $mybb->user;
1960      }
1961      else
1962      {
1963          $memprofile = false;
1964      }
1965  
1966      if(!$memprofile)
1967      {
1968          error($lang->error_nomember);
1969      }
1970  
1971      $uid = $memprofile['uid'];
1972  
1973      $me_username = $memprofile['username'];
1974      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
1975      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
1976  
1977      // Get member's permissions
1978      $memperms = user_permissions($memprofile['uid']);
1979  
1980      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
1981      add_breadcrumb($lang->nav_profile);
1982  
1983      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
1984      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
1985      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
1986      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
1987      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
1988      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
1989      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
1990  
1991      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
1992      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
1993  
1994      $website = $sendemail = $sendpm = $contact_details = '';
1995      
1996      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
1997      {
1998          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
1999          $bgcolor = alt_trow();
2000          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2001      }
2002      
2003      if($memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2004      {
2005          $bgcolor = alt_trow();    
2006          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2007      }
2008      
2009      if($mybb->settings['enablepms'] != 0 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2010      {
2011          $bgcolor = alt_trow();    
2012          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2013      }
2014      
2015      $contact_fields = array();
2016      $any_contact_field = false;
2017      foreach(array('icq', 'aim', 'yahoo', 'skype', 'google') as $field)
2018      {
2019          $contact_fields[$field] = '';
2020          $settingkey = 'allow'.$field.'field';
2021  
2022          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2023          {
2024              $any_contact_field = true;
2025              
2026              if($field == 'icq')
2027              {
2028                  $memprofile[$field] = (int)$memprofile[$field];
2029              }
2030              else
2031              {
2032                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2033              }
2034              $tmpl = 'member_profile_contact_fields_'.$field;
2035  
2036              $bgcolors[$field] = alt_trow();
2037              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2038          }
2039      }
2040      
2041      if($any_contact_field || $sendemail || $sendpm || $website)
2042      {
2043          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2044      }
2045  
2046      $signature = '';
2047      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2048      {
2049          $sig_parser = array(
2050              "allow_html" => $mybb->settings['sightml'],
2051              "allow_mycode" => $mybb->settings['sigmycode'],
2052              "allow_smilies" => $mybb->settings['sigsmilies'],
2053              "allow_imgcode" => $mybb->settings['sigimgcode'],
2054              "me_username" => $me_username,
2055              "filter_badwords" => 1
2056          );
2057  
2058          if($memperms['signofollow'])
2059          {
2060              $sig_parser['nofollow_on'] = 1;
2061          }
2062  
2063          if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2064          {
2065              $sig_parser['allow_imgcode'] = 0;
2066          }
2067  
2068          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2069          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2070      }
2071  
2072      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2073  
2074      if($daysreg < 1)
2075      {
2076          $daysreg = 1;
2077      }
2078  
2079      $stats = $cache->read("stats");
2080  
2081      // Format post count, per day count and percent of total
2082      $ppd = $memprofile['postnum'] / $daysreg;
2083      $ppd = round($ppd, 2);
2084      if($ppd > $memprofile['postnum'])
2085      {
2086          $ppd = $memprofile['postnum'];
2087      }
2088  
2089      $numposts = $stats['numposts'];
2090      if($numposts == 0)
2091      {
2092          $post_percent = "0";
2093      }
2094      else
2095      {
2096          $post_percent = $memprofile['postnum']*100/$numposts;
2097          $post_percent = round($post_percent, 2);
2098      }
2099  
2100      if($post_percent > 100)
2101      {
2102          $post_percent = 100;
2103      }
2104  
2105      // Format thread count, per day count and percent of total
2106      $tpd = $memprofile['threadnum'] / $daysreg;
2107      $tpd = round($tpd, 2);
2108      if($tpd > $memprofile['threadnum'])
2109      {
2110          $tpd = $memprofile['threadnum'];
2111      }
2112  
2113      $numthreads = $stats['numthreads'];
2114      if($numthreads == 0)
2115      {
2116          $thread_percent = "0";
2117      }
2118      else
2119      {
2120          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2121          $thread_percent = round($thread_percent, 2);
2122      }
2123  
2124      if($thread_percent > 100)
2125      {
2126          $thread_percent = 100;
2127      }
2128  
2129      $findposts = $findthreads = '';
2130      if($mybb->usergroup['cansearch'] == 1)
2131      {
2132          eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2133          eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2134      }
2135  
2136      $awaybit = '';
2137      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2138      {
2139          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2140          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2141          if(!empty($memprofile['awayreason']))
2142          {
2143              $reason = $parser->parse_badwords($memprofile['awayreason']);
2144              $awayreason = htmlspecialchars_uni($reason);
2145          }
2146          else
2147          {
2148              $awayreason = $lang->away_no_reason;
2149          }
2150          if($memprofile['returndate'] == '')
2151          {
2152              $returndate = "$lang->unknown";
2153          }
2154          else
2155          {
2156              $returnhome = explode("-", $memprofile['returndate']);
2157  
2158              // PHP native date functions use integers so timestamps for years after 2038 will not work
2159              // Thus we use adodb_mktime
2160              if($returnhome[2] >= 2038)
2161              {
2162                  require_once  MYBB_ROOT."inc/functions_time.php";
2163                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2164                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2165              }
2166              else
2167              {
2168                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2169                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2170              }
2171  
2172              // If our away time has expired already, we should be back, right?
2173              if($returnmkdate < TIME_NOW)
2174              {
2175                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2176  
2177                  // Update our status to "not away"
2178                  $memprofile['away'] = 0;
2179              }
2180          }
2181  
2182          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2183          if($memprofile['away'] == 1)
2184          {
2185              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2186          }
2187      }
2188  
2189      $memprofile['timezone'] = (float)$memprofile['timezone'];
2190  
2191      if($memprofile['dst'] == 1)
2192      {
2193          $memprofile['timezone']++;
2194          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2195          {
2196              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2197          }
2198      }
2199      
2200      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2201      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2202      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2203  
2204      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2205  
2206      if($memprofile['lastactive'])
2207      {
2208          $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
2209          $memlastvisitsep = $lang->comma;
2210          $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2211      }
2212      else
2213      {
2214          $memlastvisitdate = $lang->lastvisit_never;
2215          $memlastvisitsep = '';
2216          $memlastvisittime = '';
2217      }
2218  
2219      if($memprofile['birthday'])
2220      {
2221          $membday = explode("-", $memprofile['birthday']);
2222  
2223          if($memprofile['birthdayprivacy'] != 'none')
2224          {
2225              if($membday[0] && $membday[1] && $membday[2])
2226              {
2227                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2228  
2229                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2230                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2231                  $membday = date($bdayformat, $membday);
2232  
2233                  $membdayage = $lang->membdayage;
2234              }
2235              elseif($membday[2])
2236              {
2237                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2238                  $membday = date("Y", $membday);
2239                  $membdayage = '';
2240              }
2241              else
2242              {
2243                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2244                  $membday = date("F j", $membday);
2245                  $membdayage = '';
2246              }
2247          }
2248  
2249          if($memprofile['birthdayprivacy'] == 'age')
2250          {
2251              $membday = $lang->birthdayhidden;
2252          }
2253          else if($memprofile['birthdayprivacy'] == 'none')
2254          {
2255              $membday = $lang->birthdayhidden;
2256              $membdayage = '';
2257          }
2258      }
2259      else
2260      {
2261          $membday = $lang->not_specified;
2262          $membdayage = '';
2263      }
2264  
2265      if(!$memprofile['displaygroup'])
2266      {
2267          $memprofile['displaygroup'] = $memprofile['usergroup'];
2268      }
2269  
2270      // Grab the following fields from the user's displaygroup
2271      $displaygroupfields = array(
2272          "title",
2273          "usertitle",
2274          "stars",
2275          "starimage",
2276          "image",
2277          "usereputationsystem"
2278      );
2279      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2280  
2281      // Get the user title for this user
2282      unset($usertitle);
2283      unset($stars);
2284      $starimage = '';
2285      if(trim($memprofile['usertitle']) != '')
2286      {
2287          // User has custom user title
2288          $usertitle = $memprofile['usertitle'];
2289      }
2290      elseif(trim($displaygroup['usertitle']) != '')
2291      {
2292          // User has group title
2293          $usertitle = $displaygroup['usertitle'];
2294      }
2295      else
2296      {
2297          // No usergroup title so get a default one
2298          $usertitles = $cache->read('usertitles');
2299  
2300          if(is_array($usertitles))
2301          {
2302              foreach($usertitles as $title)
2303              {
2304                  if($memprofile['postnum'] >= $title['posts'])
2305                  {
2306                      $usertitle = $title['title'];
2307                      $stars = $title['stars'];
2308                      $starimage = $title['starimage'];
2309  
2310                      break;
2311                  }
2312              }
2313          }
2314      }
2315      
2316      $usertitle = htmlspecialchars_uni($usertitle);
2317  
2318      if($displaygroup['stars'] || $displaygroup['usertitle'])
2319      {
2320          // Set the number of stars if display group has constant number of stars
2321          $stars = $displaygroup['stars'];
2322      }
2323      elseif(!$stars)
2324      {
2325          if(!is_array($usertitles))
2326          {
2327              $usertitles = $cache->read('usertitles');
2328          }
2329  
2330          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2331          if(is_array($usertitles))
2332          {
2333              foreach($usertitles as $title)
2334              {
2335                  if($memprofile['postnum'] >= $title['posts'])
2336                  {
2337                      $stars = $title['stars'];
2338                      $starimage = $title['starimage'];
2339                      break;
2340                  }
2341              }
2342          }
2343      }
2344  
2345      $groupimage = '';
2346      if(!empty($displaygroup['image']))
2347      {
2348          if(!empty($mybb->user['language']))
2349          {
2350              $language = $mybb->user['language'];
2351          }
2352          else
2353          {
2354              $language = $mybb->settings['bblanguage'];
2355          }
2356          $displaygroup['image'] = str_replace("{lang}", $language, $displaygroup['image']);
2357          $displaygroup['image'] = str_replace("{theme}", $theme['imgdir'], $displaygroup['image']);
2358          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2359      }
2360  
2361      if(empty($starimage))
2362      {
2363          $starimage = $displaygroup['starimage'];
2364      }
2365  
2366      if(!empty($starimage))
2367      {
2368          // Only display stars if we have an image to use...
2369          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2370          $userstars = '';
2371          for($i = 0; $i < $stars; ++$i)
2372          {
2373              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2374          }
2375      }
2376  
2377      // User is currently online and this user has permissions to view the user on the WOL
2378      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2379      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2380      $session = $db->fetch_array($query);
2381  
2382      $online_status = '';
2383      if($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid'])
2384      {
2385          // Lastvisit
2386          if($memprofile['lastactive'])
2387          {
2388              $memlastvisitsep = $lang->comma;
2389              $memlastvisitdate = my_date('relative', $memprofile['lastactive']);
2390          }
2391  
2392          // Time Online
2393          $timeonline = $lang->none_registered;
2394          if($memprofile['timeonline'] > 0)
2395          {
2396              $timeonline = nice_time($memprofile['timeonline']);
2397          }
2398  
2399          // Online?
2400          if(!empty($session))
2401          {
2402              // Fetch their current location
2403              $lang->load("online");
2404              require_once  MYBB_ROOT."inc/functions_online.php";
2405              $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2406              $location = build_friendly_wol_location($activity);
2407              $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2408  
2409              eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2410          }
2411          // User is offline
2412          else
2413          {
2414              eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2415          }
2416      }
2417  
2418      if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2419      {
2420          $memlastvisitsep = '';
2421          $memlastvisittime = '';
2422          $memlastvisitdate = $lang->lastvisit_never;
2423  
2424          if($memprofile['lastactive'])
2425          {
2426              // We have had at least some active time, hide it instead
2427              $memlastvisitdate = $lang->lastvisit_hidden;
2428          }
2429  
2430          $timeonline = $lang->timeonline_hidden;
2431      }
2432  
2433      // Reset the background colours to keep it inline
2434      $alttrow = 'trow1';
2435      
2436      // Build Referral
2437      $referrals = '';
2438      if($mybb->settings['usereferrals'] == 1)
2439      {
2440          $bg_color = alt_trow();
2441  
2442          eval("\$referrals = \"".$templates->get("member_profile_referrals")."\";");
2443      }
2444  
2445      // Fetch the reputation for this user
2446      $reputation = '';
2447      if($memperms['usereputationsystem'] == 1 && $displaygroup['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2448      {
2449          $bg_color = alt_trow();
2450          $reputation = get_reputation($memprofile['reputation']);
2451  
2452          // If this user has permission to give reputations show the vote link
2453          $vote_link = '';
2454          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2455          {
2456              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2457          }
2458  
2459          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2460      }
2461  
2462      $warning_level = '';
2463      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2464      {
2465          $bg_color = alt_trow();
2466  
2467          if($mybb->settings['maxwarningpoints'] < 1)
2468          {
2469              $mybb->settings['maxwarningpoints'] = 10;
2470          }
2471  
2472          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2473  
2474          if($warning_level > 100)
2475          {
2476              $warning_level = 100;
2477          }
2478  
2479          $warn_user = '';
2480          $warning_link = 'usercp.php';
2481          $warning_level = get_colored_warning_level($warning_level);
2482          if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
2483          {
2484              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2485              $warning_link = "warnings.php?uid={$memprofile['uid']}";
2486          }
2487  
2488          eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2489      }
2490  
2491      $bgcolor = $alttrow = 'trow1';
2492      $customfields = $profilefields = '';
2493  
2494      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2495      $userfields = $db->fetch_array($query);
2496  
2497      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2498      $pfcache = $cache->read('profilefields');
2499  
2500      if(is_array($pfcache))
2501      {
2502          foreach($pfcache as $customfield)
2503          {
2504              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2505              {
2506                  continue;
2507              }
2508  
2509              $thing = explode("\n", $customfield['type'], "2");
2510              $type = trim($thing[0]);
2511  
2512              $customfieldval = $customfield_val = '';
2513              $field = "fid{$customfield['fid']}";
2514  
2515              if(isset($userfields[$field]))
2516              {
2517                  $useropts = explode("\n", $userfields[$field]);
2518                  $customfieldval = $comma = '';
2519                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2520                  {
2521                      foreach($useropts as $val)
2522                      {
2523                          if($val != '')
2524                          {
2525                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2526                          }
2527                      }
2528                      if($customfield_val != '')
2529                      {
2530                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2531                      }
2532                  }
2533                  else
2534                  {
2535                      $parser_options = array(
2536                          "allow_html" => $customfield['allowhtml'],
2537                          "allow_mycode" => $customfield['allowmycode'],
2538                          "allow_smilies" => $customfield['allowsmilies'],
2539                          "allow_imgcode" => $customfield['allowimgcode'],
2540                          "allow_videocode" => $customfield['allowvideocode'],
2541                          #"nofollow_on" => 1,
2542                          "filter_badwords" => 1
2543                      );
2544  
2545                      if($customfield['type'] == "textarea")
2546                      {
2547                          $parser_options['me_username'] = $memprofile['username'];
2548                      }
2549                      else
2550                      {
2551                          $parser_options['nl2br'] = 0;
2552                      }
2553  
2554                      if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2555                      {
2556                          $parser_options['allow_imgcode'] = 0;
2557                      }
2558  
2559                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2560                  }
2561              }
2562              
2563              if($customfieldval)
2564              {
2565                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2566                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2567                  $bgcolor = alt_trow();
2568              }
2569          }
2570      }
2571  
2572      if($customfields)
2573      {
2574          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2575      }
2576  
2577      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2578      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2579  
2580      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2581      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2582  
2583      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2584  
2585      $bannedbit = '';
2586      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2587      {
2588          // Fetch details on their ban
2589          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2590          $memban = $db->fetch_array($query);
2591  
2592          if($memban['reason'])
2593          {
2594              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2595          }
2596          else
2597          {
2598              $memban['reason'] = $lang->na;
2599          }
2600  
2601          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2602          {
2603              $banlength = $lang->permanent;
2604              $timeremaining = $lang->na;
2605          }
2606          else
2607          {
2608              // Set up the array of ban times.
2609              $bantimes = fetch_ban_times();
2610  
2611              $banlength = $bantimes[$memban['bantime']];
2612              $remaining = $memban['lifted']-TIME_NOW;
2613  
2614              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2615  
2616              $banned_class = '';
2617              if($remaining < 3600)
2618              {
2619                  $banned_class = "high_banned";
2620              }
2621              else if($remaining < 86400)
2622              {
2623                  $banned_class = "moderate_banned";
2624              }
2625              else if($remaining < 604800)
2626              {
2627                  $banned_class = "low_banned";
2628              }
2629              else
2630              {
2631                  $banned_class = "normal_banned";
2632              }
2633  
2634              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2635          }
2636  
2637          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2638  
2639          // Display a nice warning to the user
2640          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2641      }
2642  
2643      $adminoptions = '';
2644      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2645      {
2646          eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2647      }
2648  
2649      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageuser = '';
2650      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2651      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2652      {
2653          if($mybb->usergroup['canuseipsearch'] == 1)
2654          {
2655              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2656              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2657  
2658              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2659          }
2660  
2661          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2662  
2663          if(!empty($memprofile['usernotes']))
2664          {
2665              if(strlen($memprofile['usernotes']) > 100)
2666              {
2667                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2668                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2669              }
2670          }
2671          else
2672          {
2673              $memprofile['usernotes'] = $lang->no_usernotes;
2674          }
2675  
2676          if($mybb->usergroup['caneditprofiles'] == 1)
2677          {
2678              eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2679              eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2680          }
2681  
2682          if($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && ($mybb->user['uid'] == $memban['admin']) || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1))
2683          {
2684              eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2685          }
2686  
2687          if($can_purge_spammer)
2688          {
2689              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2690          }
2691  
2692          if(!empty($editprofile) || !empty($banuser) || !empty($purgespammer))
2693          {
2694              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2695          }
2696  
2697          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2698      }
2699  
2700      $add_remove_options = array();
2701      $buddy_options = $ignore_options = $report_options = '';
2702      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2703      {
2704          $buddy_list = explode(',', $mybb->user['buddylist']);
2705          $ignore_list = explode(',', $mybb->user['ignorelist']);
2706  
2707          if(in_array($uid, $buddy_list))
2708          {
2709              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2710          }
2711          else
2712          {
2713              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2714          }
2715  
2716          if(!in_array($uid, $ignore_list))
2717          {
2718              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2719          }
2720  
2721          if(in_array($uid, $ignore_list))
2722          {
2723              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2724          }
2725          else
2726          {
2727              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2728          }
2729  
2730          if(!in_array($uid, $buddy_list))
2731          {
2732              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2733          }
2734  
2735          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2736          {
2737              $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2738              eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2739          }
2740      }
2741  
2742      $plugins->run_hooks("member_profile_end");
2743  
2744      eval("\$profile = \"".$templates->get("member_profile")."\";");
2745      output_page($profile);
2746  }
2747  
2748  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2749  {
2750      // Verify incoming POST request
2751      verify_post_check($mybb->get_input('my_post_key'));
2752  
2753      $plugins->run_hooks("member_do_emailuser_start");
2754  
2755      // Guests or those without permission can't email other users
2756      if($mybb->usergroup['cansendemail'] == 0)
2757      {
2758          error_no_permission();
2759      }
2760  
2761      // Check group limits
2762      if($mybb->usergroup['maxemails'] > 0)
2763      {
2764          if($mybb->user['uid'] > 0)
2765          {
2766              $user_check = "fromuid='{$mybb->user['uid']}'";
2767          }
2768          else
2769          {
2770              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2771          }
2772  
2773          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2774          $sent_count = $db->fetch_field($query, "sent_count");
2775          if($sent_count >= $mybb->usergroup['maxemails'])
2776          {
2777              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2778              error($lang->error_max_emails_day);
2779          }
2780      }
2781  
2782      // Check email flood control
2783      if($mybb->usergroup['emailfloodtime'] > 0)
2784      {
2785          if($mybb->user['uid'] > 0)
2786          {
2787              $user_check = "fromuid='{$mybb->user['uid']}'";
2788          }
2789          else
2790          {
2791              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2792          }
2793  
2794          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2795  
2796          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2797          $last_email = $db->fetch_array($query);
2798  
2799          // Users last email was within the flood time, show the error
2800          if($last_email['mid'])
2801          {
2802              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2803  
2804              if($remaining_time == 1)
2805              {
2806                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2807              }
2808              elseif($remaining_time < 60)
2809              {
2810                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2811              }
2812              elseif($remaining_time > 60 && $remaining_time < 120)
2813              {
2814                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2815              }
2816              else
2817              {
2818                  $remaining_time_minutes = ceil($remaining_time/60);
2819                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2820              }
2821  
2822              error($lang->error_emailflooding);
2823          }
2824      }
2825  
2826      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2827      $to_user = $db->fetch_array($query);
2828  
2829      if(!$to_user['username'])
2830      {
2831          error($lang->error_invalidusername);
2832      }
2833  
2834      if($to_user['hideemail'] != 0)
2835      {
2836          error($lang->error_hideemail);
2837      }
2838  
2839      $errors = array();
2840  
2841      if($mybb->user['uid'])
2842      {
2843          $mybb->input['fromemail'] = $mybb->user['email'];
2844          $mybb->input['fromname'] = $mybb->user['username'];
2845      }
2846  
2847      if(!validate_email_format($mybb->input['fromemail']))
2848      {
2849          $errors[] = $lang->error_invalidfromemail;
2850      }
2851  
2852      if(empty($mybb->input['fromname']))
2853      {
2854          $errors[] = $lang->error_noname;
2855      }
2856  
2857      if(empty($mybb->input['subject']))
2858      {
2859          $errors[] = $lang->error_no_email_subject;
2860      }
2861  
2862      if(empty($mybb->input['message']))
2863      {
2864          $errors[] = $lang->error_no_email_message;
2865      }
2866  
2867      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2868      {
2869          require_once  MYBB_ROOT.'inc/class_captcha.php';
2870          $captcha = new captcha;
2871  
2872          if($captcha->validate_captcha() == false)
2873          {
2874              // CAPTCHA validation failed
2875              foreach($captcha->get_errors() as $error)
2876              {
2877                  $errors[] = $error;
2878              }
2879          }
2880      }
2881  
2882      if(count($errors) == 0)
2883      {
2884          if($mybb->settings['mail_handler'] == 'smtp')
2885          {
2886              $from = $mybb->input['fromemail'];
2887          }
2888          else
2889          {
2890              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
2891          }
2892  
2893          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
2894          my_mail($to_user['email'], $mybb->get_input('subject'), $message, $from, "", "", false, "text", "", $mybb->input['fromemail']);
2895  
2896          if($mybb->settings['mail_logging'] > 0)
2897          {
2898              // Log the message
2899              $log_entry = array(
2900                  "subject" => $db->escape_string($mybb->get_input('subject')),
2901                  "message" => $db->escape_string($mybb->get_input('message')),
2902                  "dateline" => TIME_NOW,
2903                  "fromuid" => $mybb->user['uid'],
2904                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
2905                  "touid" => $to_user['uid'],
2906                  "toemail" => $db->escape_string($to_user['email']),
2907                  "tid" => 0,
2908                  "ipaddress" => $db->escape_binary($session->packedip),
2909                  "type" => 1
2910              );
2911              $db->insert_query("maillogs", $log_entry);
2912          }
2913  
2914          $plugins->run_hooks("member_do_emailuser_end");
2915  
2916          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
2917      }
2918      else
2919      {
2920          $mybb->input['action'] = "emailuser";
2921      }
2922  }
2923  
2924  if($mybb->input['action'] == "emailuser")
2925  {
2926      $plugins->run_hooks("member_emailuser_start");
2927  
2928      // Guests or those without permission can't email other users
2929      if($mybb->usergroup['cansendemail'] == 0)
2930      {
2931          error_no_permission();
2932      }
2933  
2934      // Check group limits
2935      if($mybb->usergroup['maxemails'] > 0)
2936      {
2937          if($mybb->user['uid'] > 0)
2938          {
2939              $user_check = "fromuid='{$mybb->user['uid']}'";
2940          }
2941          else
2942          {
2943              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2944          }
2945  
2946          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2947          $sent_count = $db->fetch_field($query, "sent_count");
2948          if($sent_count >= $mybb->usergroup['maxemails'])
2949          {
2950              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2951              error($lang->error_max_emails_day);
2952          }
2953      }
2954  
2955      // Check email flood control
2956      if($mybb->usergroup['emailfloodtime'] > 0)
2957      {
2958          if($mybb->user['uid'] > 0)
2959          {
2960              $user_check = "fromuid='{$mybb->user['uid']}'";
2961          }
2962          else
2963          {
2964              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2965          }
2966  
2967          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2968  
2969          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2970          $last_email = $db->fetch_array($query);
2971  
2972          // Users last email was within the flood time, show the error
2973          if($last_email['mid'])
2974          {
2975              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2976  
2977              if($remaining_time == 1)
2978              {
2979                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2980              }
2981              elseif($remaining_time < 60)
2982              {
2983                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2984              }
2985              elseif($remaining_time > 60 && $remaining_time < 120)
2986              {
2987                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2988              }
2989              else
2990              {
2991                  $remaining_time_minutes = ceil($remaining_time/60);
2992                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2993              }
2994  
2995              error($lang->error_emailflooding);
2996          }
2997      }
2998  
2999      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3000      $to_user = $db->fetch_array($query);
3001  
3002      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3003      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3004  
3005      if(!$to_user['uid'])
3006      {
3007          error($lang->error_invaliduser);
3008      }
3009  
3010      if($to_user['hideemail'] != 0)
3011      {
3012          error($lang->error_hideemail);
3013      }
3014  
3015      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3016      {
3017          error_no_permission();
3018      }
3019  
3020      if(isset($errors) && count($errors) > 0)
3021      {
3022          $errors = inline_error($errors);
3023          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3024          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3025          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3026          $message = htmlspecialchars_uni($mybb->get_input('message'));
3027      }
3028      else
3029      {
3030          $errors = '';
3031          $fromname = '';
3032          $fromemail = '';
3033          $subject = '';
3034          $message = '';
3035      }
3036  
3037      // Generate CAPTCHA?
3038      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3039      {
3040          require_once  MYBB_ROOT.'inc/class_captcha.php';
3041          $post_captcha = new captcha(true, "post_captcha");
3042  
3043          if($post_captcha->html)
3044          {
3045              $captcha = $post_captcha->html;
3046          }
3047      }
3048      else
3049      {
3050          $captcha = '';
3051      }
3052  
3053      $from_email = '';
3054      if($mybb->user['uid'] == 0)
3055      {
3056          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3057      }
3058  
3059      $plugins->run_hooks("member_emailuser_end");
3060  
3061      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3062      output_page($emailuser);
3063  }
3064  
3065  if(!$mybb->input['action'])
3066  {
3067      header("Location: index.php");
3068  }


2005 - 2016 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1