[ Index ]

PHP Cross Reference of MyBB 1.8.20

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_contact_fields_yahoo,member_profile_pm,member_profile_contact_details";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  $templatelist .= ",member_profile_modoptions_manageban";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_post.php";
  33  require_once  MYBB_ROOT."inc/functions_user.php";
  34  require_once  MYBB_ROOT."inc/class_parser.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("member");
  39  
  40  $mybb->input['action'] = $mybb->get_input('action');
  41  
  42  // Make navigation
  43  switch($mybb->input['action'])
  44  {
  45      case "register":
  46      case "do_register":
  47          add_breadcrumb($lang->nav_register);
  48          break;
  49      case "activate":
  50          add_breadcrumb($lang->nav_activate);
  51          break;
  52      case "resendactivation":
  53          add_breadcrumb($lang->nav_resendactivation);
  54          break;
  55      case "lostpw":
  56          add_breadcrumb($lang->nav_lostpw);
  57          break;
  58      case "resetpassword":
  59          add_breadcrumb($lang->nav_resetpassword);
  60          break;
  61      case "login":
  62          add_breadcrumb($lang->nav_login);
  63          break;
  64      case "emailuser":
  65          add_breadcrumb($lang->nav_emailuser);
  66          break;
  67  }
  68  
  69  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  70  {
  71      if($mybb->settings['disableregs'] == 1)
  72      {
  73          error($lang->registrations_disabled);
  74      }
  75      if($mybb->user['uid'] != 0)
  76      {
  77          error($lang->error_alreadyregistered);
  78      }
  79      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  80      {
  81          $time = TIME_NOW;
  82          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  83          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  84          $regcount = $db->num_rows($query);
  85          if($regcount >= $mybb->settings['maxregsbetweentime'])
  86          {
  87              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  88              error($lang->error_alreadyregisteredtime);
  89          }
  90      }
  91  }
  92  
  93  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  94  {
  95      $plugins->run_hooks("member_do_register_start");
  96  
  97      // Are checking how long it takes for users to register?
  98      if($mybb->settings['regtime'] > 0)
  99      {
 100          // Is the field actually set?
 101          if(isset($mybb->input['regtime']))
 102          {
 103              // Check how long it took for this person to register
 104              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 105  
 106              // See if they registered faster than normal
 107              if($timetook < $mybb->settings['regtime'])
 108              {
 109                  // This user registered pretty quickly, bot detected!
 110                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 111                  error($lang->error_spam_deny_time);
 112              }
 113          }
 114          else
 115          {
 116              error($lang->error_spam_deny);
 117          }
 118      }
 119  
 120      // If we have hidden CATPCHA enabled and it's filled, deny registration
 121      if($mybb->settings['hiddencaptchaimage'])
 122      {
 123          $string = $mybb->settings['hiddencaptchaimagefield'];
 124  
 125          if(!empty($mybb->input[$string]))
 126          {
 127              error($lang->error_spam_deny);
 128          }
 129      }
 130  
 131      if($mybb->settings['regtype'] == "randompass")
 132      {
 133  
 134          $password_length = (int)$mybb->settings['minpasswordlength'];
 135          if($password_length < 8)
 136          {
 137              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 138          }
 139  
 140          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 141          $mybb->input['password2'] = $mybb->input['password'];
 142      }
 143  
 144      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 145      {
 146          $usergroup = 5;
 147      }
 148      else
 149      {
 150          $usergroup = 2;
 151      }
 152  
 153      // Set up user handler.
 154      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 155      $userhandler = new UserDataHandler("insert");
 156  
 157      $coppauser = 0;
 158      if(isset($mybb->cookies['coppauser']))
 159      {
 160          $coppauser = (int)$mybb->cookies['coppauser'];
 161      }
 162  
 163      // Set the data for the new user.
 164      $user = array(
 165          "username" => $mybb->get_input('username'),
 166          "password" => $mybb->get_input('password'),
 167          "password2" => $mybb->get_input('password2'),
 168          "email" => $mybb->get_input('email'),
 169          "email2" => $mybb->get_input('email2'),
 170          "usergroup" => $usergroup,
 171          "referrer" => $mybb->get_input('referrername'),
 172          "timezone" => $mybb->get_input('timezoneoffset'),
 173          "language" => $mybb->get_input('language'),
 174          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 175          "regip" => $session->packedip,
 176          "coppa_user" => $coppauser,
 177          "regcheck1" => $mybb->get_input('regcheck1'),
 178          "regcheck2" => $mybb->get_input('regcheck2'),
 179          "registration" => true
 180      );
 181  
 182      // Do we have a saved COPPA DOB?
 183      if(isset($mybb->cookies['coppadob']))
 184      {
 185          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 186          $user['birthday'] = array(
 187              "day" => $dob_day,
 188              "month" => $dob_month,
 189              "year" => $dob_year
 190          );
 191      }
 192  
 193      $user['options'] = array(
 194          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 195          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 196          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 197          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 198          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 199          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 200          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 201          "dstcorrection" => $mybb->get_input('dstcorrection')
 202      );
 203  
 204      $userhandler->set_data($user);
 205  
 206      $errors = array();
 207  
 208      if(!$userhandler->validate_user())
 209      {
 210          $errors = $userhandler->get_friendly_errors();
 211      }
 212  
 213      if($mybb->settings['enablestopforumspam_on_register'])
 214      {
 215          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 216  
 217          $stop_forum_spam_checker = new StopForumSpamChecker(
 218              $plugins,
 219              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 220              $mybb->settings['stopforumspam_check_usernames'],
 221              $mybb->settings['stopforumspam_check_emails'],
 222              $mybb->settings['stopforumspam_check_ips'],
 223              $mybb->settings['stopforumspam_log_blocks']
 224          );
 225  
 226          try {
 227              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 228              {
 229                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 230                          $stop_forum_spam_checker->getErrorText(array(
 231                              'stopforumspam_check_usernames',
 232                              'stopforumspam_check_emails',
 233                              'stopforumspam_check_ips'
 234                              ))));
 235              }
 236          }
 237          catch (Exception $e)
 238          {
 239              if($mybb->settings['stopforumspam_block_on_error'])
 240              {
 241                  error($lang->error_stop_forum_spam_fetching);
 242              }
 243          }
 244      }
 245  
 246      if($mybb->settings['captchaimage'])
 247      {
 248          require_once  MYBB_ROOT.'inc/class_captcha.php';
 249          $captcha = new captcha;
 250  
 251          if($captcha->validate_captcha() == false)
 252          {
 253              // CAPTCHA validation failed
 254              foreach($captcha->get_errors() as $error)
 255              {
 256                  $errors[] = $error;
 257              }
 258          }
 259      }
 260  
 261      // If we have a security question, check to see if answer is correct
 262      if($mybb->settings['securityquestion'])
 263      {
 264          $question_id = $db->escape_string($mybb->get_input('question_id'));
 265          $answer = $db->escape_string($mybb->get_input('answer'));
 266  
 267          $query = $db->query("
 268              SELECT q.*, s.sid
 269              FROM ".TABLE_PREFIX."questionsessions s
 270              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 271              WHERE q.active='1' AND s.sid='{$question_id}'
 272          ");
 273          if($db->num_rows($query) > 0)
 274          {
 275              $question = $db->fetch_array($query);
 276              $valid_answers = explode("\n", $question['answer']);
 277              $validated = 0;
 278  
 279              foreach($valid_answers as $answers)
 280              {
 281                  if(my_strtolower($answers) == my_strtolower($answer))
 282                  {
 283                      $validated = 1;
 284                  }
 285              }
 286  
 287              if($validated != 1)
 288              {
 289                  $update_question = array(
 290                      "incorrect" => $question['incorrect'] + 1
 291                  );
 292                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 293  
 294                  $errors[] = $lang->error_question_wrong;
 295              }
 296              else
 297              {
 298                  $update_question = array(
 299                      "correct" => $question['correct'] + 1
 300                  );
 301                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 302              }
 303  
 304              $db->delete_query("questionsessions", "sid='{$sid}'");
 305          }
 306      }
 307  
 308      if(!empty($errors))
 309      {
 310          $username = htmlspecialchars_uni($mybb->get_input('username'));
 311          $email = htmlspecialchars_uni($mybb->get_input('email'));
 312          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 313          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 314  
 315          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 316          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 317  
 318          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 319          {
 320              $allownoticescheck = "checked=\"checked\"";
 321          }
 322  
 323          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 324          {
 325              $hideemailcheck = "checked=\"checked\"";
 326          }
 327  
 328          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 329          {
 330              $no_subscribe_selected = "selected=\"selected\"";
 331          }
 332          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 333          {
 334              $instant_email_subscribe_selected = "selected=\"selected\"";
 335          }
 336          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 337          {
 338              $instant_pm_subscribe_selected = "selected=\"selected\"";
 339          }
 340          else
 341          {
 342              $no_auto_subscribe_selected = "selected=\"selected\"";
 343          }
 344  
 345          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 346          {
 347              $receivepmscheck = "checked=\"checked\"";
 348          }
 349  
 350          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 351          {
 352              $pmnoticecheck = " checked=\"checked\"";
 353          }
 354  
 355          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 356          {
 357              $pmnotifycheck = "checked=\"checked\"";
 358          }
 359  
 360          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 361          {
 362              $invisiblecheck = "checked=\"checked\"";
 363          }
 364  
 365          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 366          {
 367              $dst_auto_selected = "selected=\"selected\"";
 368          }
 369          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 370          {
 371              $dst_enabled_selected = "selected=\"selected\"";
 372          }
 373          else
 374          {
 375              $dst_disabled_selected = "selected=\"selected\"";
 376          }
 377  
 378          $regerrors = inline_error($errors);
 379          $mybb->input['action'] = "register";
 380          $fromreg = 1;
 381      }
 382      else
 383      {
 384          $user_info = $userhandler->insert_user();
 385  
 386          // Invalidate solved captcha
 387          if($mybb->settings['captchaimage'])
 388          {
 389              $captcha->invalidate_captcha();
 390          }
 391  
 392          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 393          {
 394              // Log them in
 395              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 396          }
 397  
 398          if(isset($mybb->cookies['coppauser']))
 399          {
 400              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 401              my_unsetcookie("coppauser");
 402              my_unsetcookie("coppadob");
 403              $plugins->run_hooks("member_do_register_end");
 404              error($lang->redirect_registered_coppa_activate);
 405          }
 406          else if($mybb->settings['regtype'] == "verify")
 407          {
 408              $activationcode = random_str();
 409              $now = TIME_NOW;
 410              $activationarray = array(
 411                  "uid" => $user_info['uid'],
 412                  "dateline" => TIME_NOW,
 413                  "code" => $activationcode,
 414                  "type" => "r"
 415              );
 416              $db->insert_query("awaitingactivation", $activationarray);
 417              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 418              switch($mybb->settings['username_method'])
 419              {
 420                  case 0:
 421                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 422                      break;
 423                  case 1:
 424                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 425                      break;
 426                  case 2:
 427                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 428                      break;
 429                  default:
 430                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 431                      break;
 432              }
 433              my_mail($user_info['email'], $emailsubject, $emailmessage);
 434  
 435              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 436  
 437              $plugins->run_hooks("member_do_register_end");
 438  
 439              error($lang->redirect_registered_activation);
 440          }
 441          else if($mybb->settings['regtype'] == "randompass")
 442          {
 443              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 444              switch($mybb->settings['username_method'])
 445              {
 446                  case 0:
 447                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 448                      break;
 449                  case 1:
 450                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 451                      break;
 452                  case 2:
 453                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 454                      break;
 455                  default:
 456                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 457                      break;
 458              }
 459              my_mail($user_info['email'], $emailsubject, $emailmessage);
 460  
 461              $plugins->run_hooks("member_do_register_end");
 462  
 463              error($lang->redirect_registered_passwordsent);
 464          }
 465          else if($mybb->settings['regtype'] == "admin")
 466          {
 467              $groups = $cache->read("usergroups");
 468              $admingroups = array();
 469              if(!empty($groups)) // Shouldn't be...
 470              {
 471                  foreach($groups as $group)
 472                  {
 473                      if($group['cancp'] == 1)
 474                      {
 475                          $admingroups[] = (int)$group['gid'];
 476                      }
 477                  }
 478              }
 479  
 480              if(!empty($admingroups))
 481              {
 482                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 483                  foreach($admingroups as $admingroup)
 484                  {
 485                      switch($db->type)
 486                      {
 487                          case 'pgsql':
 488                          case 'sqlite':
 489                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 490                              break;
 491                          default:
 492                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 493                              break;
 494                      }
 495                  }
 496                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 497                  while($recipient = $db->fetch_array($q))
 498                  {
 499                      // First we check if the user's a super admin: if yes, we don't care about permissions
 500                      $is_super_admin = is_super_admin($recipient['uid']);
 501                      if(!$is_super_admin)
 502                      {
 503                          // Include admin functions
 504                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 505                          {
 506                              continue;
 507                          }
 508  
 509                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 510  
 511                          // Verify if we have permissions to access user-users
 512                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 513                          if(function_exists("user_admin_permissions"))
 514                          {
 515                              // Get admin permissions
 516                              $adminperms = get_admin_permissions($recipient['uid']);
 517  
 518                              $permissions = user_admin_permissions();
 519                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 520                              {
 521                                  continue; // No permissions
 522                              }
 523                          }
 524                      }
 525  
 526                      // Load language
 527                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 528                      {
 529                          $reset_lang = true;
 530                          $lang->set_language($recipient['language']);
 531                          $lang->load("member");
 532                      }
 533  
 534                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 535                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 536                      my_mail($recipient['email'], $subject, $message);
 537                  }
 538  
 539                  // Reset language
 540                  if(isset($reset_lang))
 541                  {
 542                      $lang->set_language($mybb->settings['bblanguage']);
 543                      $lang->load("member");
 544                  }
 545              }
 546  
 547              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 548  
 549              $plugins->run_hooks("member_do_register_end");
 550  
 551              error($lang->redirect_registered_admin_activate);
 552          }
 553          else if($mybb->settings['regtype'] == "both")
 554          {
 555              $groups = $cache->read("usergroups");
 556              $admingroups = array();
 557              if(!empty($groups)) // Shouldn't be...
 558              {
 559                  foreach($groups as $group)
 560                  {
 561                      if($group['cancp'] == 1)
 562                      {
 563                          $admingroups[] = (int)$group['gid'];
 564                      }
 565                  }
 566              }
 567  
 568              if(!empty($admingroups))
 569              {
 570                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 571                  foreach($admingroups as $admingroup)
 572                  {
 573                      switch($db->type)
 574                      {
 575                          case 'pgsql':
 576                          case 'sqlite':
 577                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 578                              break;
 579                          default:
 580                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 581                              break;
 582                      }
 583                  }
 584                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 585                  while($recipient = $db->fetch_array($q))
 586                  {
 587                      // First we check if the user's a super admin: if yes, we don't care about permissions
 588                      $is_super_admin = is_super_admin($recipient['uid']);
 589                      if(!$is_super_admin)
 590                      {
 591                          // Include admin functions
 592                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 593                          {
 594                              continue;
 595                          }
 596  
 597                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 598  
 599                          // Verify if we have permissions to access user-users
 600                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 601                          if(function_exists("user_admin_permissions"))
 602                          {
 603                              // Get admin permissions
 604                              $adminperms = get_admin_permissions($recipient['uid']);
 605  
 606                              $permissions = user_admin_permissions();
 607                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 608                              {
 609                                  continue; // No permissions
 610                              }
 611                          }
 612                      }
 613  
 614                      // Load language
 615                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 616                      {
 617                          $reset_lang = true;
 618                          $lang->set_language($recipient['language']);
 619                          $lang->load("member");
 620                      }
 621  
 622                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 623                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 624                      my_mail($recipient['email'], $subject, $message);
 625                  }
 626  
 627                  // Reset language
 628                  if(isset($reset_lang))
 629                  {
 630                      $lang->set_language($mybb->settings['bblanguage']);
 631                      $lang->load("member");
 632                  }
 633              }
 634  
 635              $activationcode = random_str();
 636              $activationarray = array(
 637                  "uid" => $user_info['uid'],
 638                  "dateline" => TIME_NOW,
 639                  "code" => $activationcode,
 640                  "type" => "b"
 641              );
 642              $db->insert_query("awaitingactivation", $activationarray);
 643              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 644              switch($mybb->settings['username_method'])
 645              {
 646                  case 0:
 647                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 648                      break;
 649                  case 1:
 650                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 651                      break;
 652                  case 2:
 653                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 654                      break;
 655                  default:
 656                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 657                      break;
 658              }
 659              my_mail($user_info['email'], $emailsubject, $emailmessage);
 660  
 661              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 662  
 663              $plugins->run_hooks("member_do_register_end");
 664  
 665              error($lang->redirect_registered_activation);
 666          }
 667          else
 668          {
 669              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 670  
 671              $plugins->run_hooks("member_do_register_end");
 672  
 673              redirect("index.php", $lang->redirect_registered);
 674          }
 675      }
 676  }
 677  
 678  if($mybb->input['action'] == "coppa_form")
 679  {
 680      if(!$mybb->settings['faxno'])
 681      {
 682          $mybb->settings['faxno'] = "&nbsp;";
 683      }
 684  
 685      $plugins->run_hooks("member_coppa_form");
 686  
 687      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 688      output_page($coppa_form);
 689  }
 690  
 691  if($mybb->input['action'] == "register")
 692  {
 693      $bdaysel = '';
 694      if($mybb->settings['coppa'] == "disabled")
 695      {
 696          $bdaysel = $bday2blank = '';
 697      }
 698      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 699      for($day = 1; $day <= 31; ++$day)
 700      {
 701          $selected = '';
 702          if($mybb->input['bday1'] == $day)
 703          {
 704              $selected = " selected=\"selected\"";
 705          }
 706  
 707          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 708      }
 709  
 710      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 711      $bdaymonthsel = array();
 712      foreach(range(1, 12) as $number)
 713      {
 714          $bdaymonthsel[$number] = '';
 715      }
 716      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 717      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 718  
 719      if($birthday_year == 0)
 720      {
 721          $birthday_year = '';
 722      }
 723  
 724      // Is COPPA checking enabled?
 725      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 726      {
 727          // Just selected DOB, we check
 728          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 729          {
 730              my_unsetcookie("coppauser");
 731  
 732              $months = get_bdays($birthday_year);
 733              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 734              {
 735                  error($lang->error_invalid_birthday);
 736              }
 737  
 738              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 739  
 740              // Store DOB in cookie so we can save it with the registration
 741              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 742  
 743              // User is <= 13, we mark as a coppa user
 744              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 745              {
 746                  my_setcookie("coppauser", 1, -0);
 747                  $under_thirteen = true;
 748              }
 749              $mybb->request_method = "";
 750          }
 751          // Show DOB select form
 752          else
 753          {
 754              $plugins->run_hooks("member_register_coppa");
 755  
 756              my_unsetcookie("coppauser");
 757  
 758              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 759              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 760              output_page($coppa);
 761              exit;
 762          }
 763      }
 764  
 765      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 766      {
 767          $coppa_agreement = '';
 768          // Is this user a COPPA user? We need to show the COPPA agreement too
 769          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 770          {
 771              if($mybb->settings['coppa'] == "deny")
 772              {
 773                  error($lang->error_need_to_be_thirteen);
 774              }
 775              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 776              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 777          }
 778  
 779          $plugins->run_hooks("member_register_agreement");
 780  
 781          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 782          output_page($agreement);
 783      }
 784      else
 785      {
 786          $plugins->run_hooks("member_register_start");
 787  
 788          // JS validator extra
 789          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 790          {
 791              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 792          }
 793  
 794          $validator_javascript = "<script type=\"text/javascript\">
 795  $(function() {
 796      $('#registration_form').validate({
 797          rules: {
 798              username: {
 799                  required: true,
 800                  minlength: {$mybb->settings['minnamelength']},
 801                  maxlength: {$mybb->settings['maxnamelength']},
 802                  remote: {
 803                      url: 'xmlhttp.php?action=username_availability',
 804                      type: 'post',
 805                      dataType: 'json',
 806                      data:
 807                      {
 808                          my_post_key: my_post_key
 809                      },
 810                  },
 811              },
 812              email: {
 813                  required: true,
 814                  email: true,
 815                  remote: {
 816                      url: 'xmlhttp.php?action=email_availability',
 817                      type: 'post',
 818                      dataType: 'json',
 819                      data:
 820                      {
 821                          my_post_key: my_post_key
 822                      },
 823                  },
 824              },
 825              email2: {
 826                  required: true,
 827                  email: true,
 828                  equalTo: '#email'
 829              },
 830          },
 831          messages: {
 832              username: {
 833                  minlength: '{$lang->js_validator_username_length}',
 834                  maxlength: '{$lang->js_validator_username_length}',
 835              },
 836              email: '{$lang->js_validator_invalid_email}',
 837              email2: '{$lang->js_validator_email_match}',
 838          },
 839          errorPlacement: function(error, element) {
 840              if(element.is(':checkbox') || element.is(':radio'))
 841                  error.insertAfter($('input[name=\"' + element.attr('name') + '\"]').last().next('span'));
 842              else
 843                  error.insertAfter(element);
 844          }
 845      });\n";
 846  
 847          if(isset($mybb->input['timezoneoffset']))
 848          {
 849              $timezoneoffset = $mybb->get_input('timezoneoffset');
 850          }
 851          else
 852          {
 853              $timezoneoffset = $mybb->settings['timezoneoffset'];
 854          }
 855          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 856  
 857          $stylelist = build_theme_select("style");
 858  
 859          if($mybb->settings['usertppoptions'])
 860          {
 861              $tppoptions = '';
 862              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 863              if(is_array($explodedtpp))
 864              {
 865                  foreach($explodedtpp as $val)
 866                  {
 867                      $val = trim($val);
 868                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 869                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 870                  }
 871              }
 872              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 873          }
 874          if($mybb->settings['userpppoptions'])
 875          {
 876              $pppoptions = '';
 877              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 878              if(is_array($explodedppp))
 879              {
 880                  foreach($explodedppp as $val)
 881                  {
 882                      $val = trim($val);
 883                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 884                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 885                  }
 886              }
 887              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 888          }
 889          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 890          {
 891              if(isset($mybb->cookies['mybb']['referrer']))
 892              {
 893                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 894                  $ref = $db->fetch_array($query);
 895                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 896                  $referrername = $ref['username'];
 897              }
 898              elseif(isset($referrer))
 899              {
 900                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 901                  $ref = $db->fetch_array($query);
 902                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 903                  $referrername = $ref['username'];
 904              }
 905              elseif(!empty($referrername))
 906              {
 907                  $ref = get_user_by_username($referrername);
 908                  if(!$ref['uid'])
 909                  {
 910                      $errors[] = $lang->error_badreferrer;
 911                  }
 912              }
 913              else
 914              {
 915                  $referrername = '';
 916              }
 917              if(isset($quickreg))
 918              {
 919                  $refbg = "trow1";
 920              }
 921              else
 922              {
 923                  $refbg = "trow2";
 924              }
 925              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 926          }
 927          else
 928          {
 929              $referrer = '';
 930          }
 931          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 932          // Custom profile fields baby!
 933          $altbg = "trow1";
 934          $requiredfields = $customfields = '';
 935  
 936          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 937          {
 938              $usergroup = 5;
 939          }
 940          else
 941          {
 942              $usergroup = 2;
 943          }
 944  
 945          $pfcache = $cache->read('profilefields');
 946  
 947          if(is_array($pfcache))
 948          {
 949              foreach($pfcache as $profilefield)
 950              {
 951                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 952                  {
 953                      continue;
 954                  }
 955  
 956                  $code = $select = $val = $options = $expoptions = $useropts = '';
 957                  $seloptions = array();
 958                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 959                  $thing = explode("\n", $profilefield['type'], "2");
 960                  $type = trim($thing[0]);
 961                  $options = $thing[1];
 962                  $select = '';
 963                  $field = "fid{$profilefield['fid']}";
 964                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 965                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 966                  if($errors && isset($mybb->input['profile_fields'][$field]))
 967                  {
 968                      $userfield = $mybb->input['profile_fields'][$field];
 969                  }
 970                  else
 971                  {
 972                      $userfield = '';
 973                  }
 974                  if($type == "multiselect")
 975                  {
 976                      if($errors)
 977                      {
 978                          $useropts = $userfield;
 979                      }
 980                      else
 981                      {
 982                          $useropts = explode("\n", $userfield);
 983                      }
 984                      if(is_array($useropts))
 985                      {
 986                          foreach($useropts as $key => $val)
 987                          {
 988                              $seloptions[$val] = $val;
 989                          }
 990                      }
 991                      $expoptions = explode("\n", $options);
 992                      if(is_array($expoptions))
 993                      {
 994                          foreach($expoptions as $key => $val)
 995                          {
 996                              $val = trim($val);
 997                              $val = str_replace("\n", "\\n", $val);
 998  
 999                              $sel = "";
1000                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1001                              {
1002                                  $sel = ' selected="selected"';
1003                              }
1004  
1005                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1006                          }
1007                          if(!$profilefield['length'])
1008                          {
1009                              $profilefield['length'] = 3;
1010                          }
1011  
1012                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
1013                      }
1014                  }
1015                  elseif($type == "select")
1016                  {
1017                      $expoptions = explode("\n", $options);
1018                      if(is_array($expoptions))
1019                      {
1020                          foreach($expoptions as $key => $val)
1021                          {
1022                              $val = trim($val);
1023                              $val = str_replace("\n", "\\n", $val);
1024                              $sel = "";
1025                              if($val == $userfield)
1026                              {
1027                                  $sel = ' selected="selected"';
1028                              }
1029  
1030                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1031                          }
1032                          if(!$profilefield['length'])
1033                          {
1034                              $profilefield['length'] = 1;
1035                          }
1036  
1037                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
1038                      }
1039                  }
1040                  elseif($type == "radio")
1041                  {
1042                      $expoptions = explode("\n", $options);
1043                      if(is_array($expoptions))
1044                      {
1045                          foreach($expoptions as $key => $val)
1046                          {
1047                              $checked = "";
1048                              if($val == $userfield)
1049                              {
1050                                  $checked = 'checked="checked"';
1051                              }
1052  
1053                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
1054                          }
1055                      }
1056                  }
1057                  elseif($type == "checkbox")
1058                  {
1059                      if($errors)
1060                      {
1061                          $useropts = $userfield;
1062                      }
1063                      else
1064                      {
1065                          $useropts = explode("\n", $userfield);
1066                      }
1067                      if(is_array($useropts))
1068                      {
1069                          foreach($useropts as $key => $val)
1070                          {
1071                              $seloptions[$val] = $val;
1072                          }
1073                      }
1074                      $expoptions = explode("\n", $options);
1075                      if(is_array($expoptions))
1076                      {
1077                          foreach($expoptions as $key => $val)
1078                          {
1079                              $checked = "";
1080                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1081                              {
1082                                  $checked = 'checked="checked"';
1083                              }
1084  
1085                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1086                          }
1087                      }
1088                  }
1089                  elseif($type == "textarea")
1090                  {
1091                      $value = htmlspecialchars_uni($userfield);
1092                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1093                  }
1094                  else
1095                  {
1096                      $value = htmlspecialchars_uni($userfield);
1097                      $maxlength = "";
1098                      if($profilefield['maxlength'] > 0)
1099                      {
1100                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1101                      }
1102  
1103                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1104                  }
1105  
1106                  if($profilefield['required'] == 1)
1107                  {
1108                      // JS validator extra, choose correct selectors for everything except single select which always has value
1109                      if($type != 'select')
1110                      {
1111                          if($type == "textarea")
1112                          {
1113                              $inp_selector = "$('textarea[name=\"profile_fields[{$field}]\"]')";
1114                          }
1115                          elseif($type == "multiselect")
1116                          {
1117                              $inp_selector = "$('select[name=\"profile_fields[{$field}][]\"]')";
1118                          }
1119                          elseif($type == "checkbox")
1120                          {
1121                              $inp_selector = "$('input[name=\"profile_fields[{$field}][]\"]')";
1122                          }
1123                          else
1124                          {
1125                              $inp_selector = "$('input[name=\"profile_fields[{$field}]\"]')";
1126                          }
1127  
1128                          $validator_javascript .= "
1129      {$inp_selector}.rules('add', {
1130          required: true,
1131          messages: {
1132              required: '{$lang->js_validator_not_empty}'
1133          }
1134      });\n";
1135                      }
1136  
1137                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1138                  }
1139                  else
1140                  {
1141                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1142                  }
1143              }
1144  
1145              if($requiredfields)
1146              {
1147                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1148              }
1149  
1150              if($customfields)
1151              {
1152                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1153              }
1154          }
1155  
1156          if(!isset($fromreg))
1157          {
1158              $allownoticescheck = "checked=\"checked\"";
1159              $hideemailcheck = '';
1160              $receivepmscheck = "checked=\"checked\"";
1161              $pmnoticecheck = " checked=\"checked\"";
1162              $pmnotifycheck = '';
1163              $invisiblecheck = '';
1164              if($mybb->settings['dstcorrection'] == 1)
1165              {
1166                  $enabledstcheck = "checked=\"checked\"";
1167              }
1168              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1169              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1170              $username = $email = $email2 = '';
1171              $regerrors = '';
1172          }
1173          // Spambot registration image thingy
1174          if($mybb->settings['captchaimage'])
1175          {
1176              require_once  MYBB_ROOT.'inc/class_captcha.php';
1177              $captcha = new captcha(true, "member_register_regimage");
1178  
1179              if($captcha->html)
1180              {
1181                  $regimage = $captcha->html;
1182  
1183                  if($mybb->settings['captchaimage'] == 1)
1184                  {
1185                      // JS validator extra for our default CAPTCHA
1186                      $validator_javascript .= "
1187      $('#imagestring').rules('add', {
1188          required: true,
1189          remote:{
1190              url: 'xmlhttp.php?action=validate_captcha',
1191              type: 'post',
1192              dataType: 'json',
1193              data:
1194              {
1195                  imagehash: function () {
1196                      return $('#imagehash').val();
1197                  },
1198                  my_post_key: my_post_key
1199              },
1200          },
1201          messages: {
1202              remote: '{$lang->js_validator_no_image_text}'
1203          }
1204      });\n";
1205                  }
1206              }
1207          }
1208  
1209          // Security Question
1210          $questionbox = '';
1211          if($mybb->settings['securityquestion'])
1212          {
1213              $sid = generate_question();
1214              $query = $db->query("
1215                  SELECT q.question, s.sid
1216                  FROM ".TABLE_PREFIX."questionsessions s
1217                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1218                  WHERE q.active='1' AND s.sid='{$sid}'
1219              ");
1220              if($db->num_rows($query) > 0)
1221              {
1222                  $question = $db->fetch_array($query);
1223  
1224                  $question['question'] = htmlspecialchars_uni($question['question']);
1225                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1226  
1227                  $refresh = '';
1228                  // Total questions
1229                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1230                  $num = $db->fetch_field($q, 'num');
1231                  if($num > 1)
1232                  {
1233                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1234                  }
1235  
1236                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1237  
1238                  $validator_javascript .= "
1239      $('#answer').rules('add', {
1240          required: true,
1241          remote:{
1242              url: 'xmlhttp.php?action=validate_question',
1243              type: 'post',
1244              dataType: 'json',
1245              data:
1246              {
1247                  question: function () {
1248                      return $('#question_id').val();
1249                  },
1250                  my_post_key: my_post_key
1251              },
1252          },
1253          messages: {
1254              remote: '{$lang->js_validator_no_security_question}'
1255          }
1256      });\n";
1257              }
1258          }
1259  
1260          $hiddencaptcha = '';
1261          // Hidden CAPTCHA for Spambots
1262          if($mybb->settings['hiddencaptchaimage'])
1263          {
1264              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1265  
1266              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1267          }
1268          if($mybb->settings['regtype'] != "randompass")
1269          {
1270              // JS validator extra
1271              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1272  
1273              $validator_javascript .= "
1274      $.validator.addMethod('passwordSecurity', function(value, element, param) {
1275          return !(
1276                  ($('#email').val() != '' && value == $('#email').val()) ||
1277                  ($('#username').val() != '' && value == $('#username').val()) ||
1278                  ($('#email').val() != '' && value.indexOf($('#email').val()) > -1) ||
1279                  ($('#username').val() != '' && value.indexOf($('#username').val()) > -1) ||
1280                  ($('#email').val() != '' && $('#email').val().indexOf(value) > -1) ||
1281                  ($('#username').val() != '' && $('#username').val().indexOf(value) > -1)
1282          );
1283      }, '{$lang->js_validator_bad_password_security}');\n";
1284  
1285              // See if the board has "require complex passwords" enabled.
1286              if($mybb->settings['requirecomplexpasswords'] == 1)
1287              {
1288                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1289  
1290                  $validator_javascript .= "
1291      $('#password').rules('add', {
1292          required: true,
1293          minlength: {$mybb->settings['minpasswordlength']},
1294          remote:{
1295              url: 'xmlhttp.php?action=complex_password',
1296              type: 'post',
1297              dataType: 'json',
1298              data:
1299              {
1300                  my_post_key: my_post_key
1301              },
1302          },
1303          passwordSecurity: '',
1304          messages: {
1305              minlength: '{$lang->js_validator_password_length}',
1306              required: '{$lang->js_validator_password_length}',
1307              remote: '{$lang->js_validator_no_image_text}'
1308          }
1309      });\n";
1310              }
1311              else
1312              {
1313                  $validator_javascript .= "
1314      $('#password').rules('add', {
1315          required: true,
1316          minlength: {$mybb->settings['minpasswordlength']},
1317          passwordSecurity: '',
1318          messages: {
1319              minlength: '{$lang->js_validator_password_length}',
1320              required: '{$lang->js_validator_password_length}'
1321          }
1322      });\n";
1323              }
1324  
1325              $validator_javascript .= "
1326      $('#password2').rules('add', {
1327          required: true,
1328          minlength: {$mybb->settings['minpasswordlength']},
1329          equalTo: '#password',
1330          messages: {
1331              minlength: '{$lang->js_validator_password_length}',
1332              required: '{$lang->js_validator_password_length}',
1333              equalTo: '{$lang->js_validator_password_matches}'
1334          }
1335      });\n";
1336  
1337              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1338          }
1339  
1340          $languages = $lang->get_languages();
1341          $langoptions = $boardlanguage = '';
1342          if(count($languages) > 1)
1343          {
1344              foreach($languages as $name => $language)
1345              {
1346                  $language = htmlspecialchars_uni($language);
1347  
1348                  $sel = '';
1349                  if($mybb->get_input('language') == $name)
1350                  {
1351                      $sel = " selected=\"selected\"";
1352                  }
1353  
1354                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1355              }
1356  
1357              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1358          }
1359  
1360          // Set the time so we can find automated signups
1361          $time = TIME_NOW;
1362  
1363          $plugins->run_hooks("member_register_end");
1364  
1365          $validator_javascript .= "
1366  });
1367  </script>\n";
1368  
1369          eval("\$registration = \"".$templates->get("member_register")."\";");
1370          output_page($registration);
1371      }
1372  }
1373  
1374  if($mybb->input['action'] == "activate")
1375  {
1376      $plugins->run_hooks("member_activate_start");
1377  
1378      if(isset($mybb->input['username']))
1379      {
1380          $mybb->input['username'] = $mybb->get_input('username');
1381          $options = array(
1382              'username_method' => $mybb->settings['username_method'],
1383              'fields' => '*',
1384          );
1385          $user = get_user_by_username($mybb->input['username'], $options);
1386          if(!$user)
1387          {
1388              switch($mybb->settings['username_method'])
1389              {
1390                  case 0:
1391                      error($lang->error_invalidpworusername);
1392                      break;
1393                  case 1:
1394                      error($lang->error_invalidpworusername1);
1395                      break;
1396                  case 2:
1397                      error($lang->error_invalidpworusername2);
1398                      break;
1399                  default:
1400                      error($lang->error_invalidpworusername);
1401                      break;
1402              }
1403          }
1404          $uid = $user['uid'];
1405      }
1406      else
1407      {
1408          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1409      }
1410      if(isset($mybb->input['code']) && $user)
1411      {
1412          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1413          $activation = $db->fetch_array($query);
1414          if(!$activation['uid'])
1415          {
1416              error($lang->error_alreadyactivated);
1417          }
1418          if($activation['code'] !== $mybb->get_input('code'))
1419          {
1420              error($lang->error_badactivationcode);
1421          }
1422  
1423          if($activation['type'] == "b" && $activation['validated'] == 1)
1424          {
1425              error($lang->error_alreadyvalidated);
1426          }
1427  
1428          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1429  
1430          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1431          {
1432              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1433  
1434              $cache->update_awaitingactivation();
1435          }
1436          if($activation['type'] == "e")
1437          {
1438              $newemail = array(
1439                  "email" => $db->escape_string($activation['misc']),
1440              );
1441              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1442              $plugins->run_hooks("member_activate_emailupdated");
1443  
1444              redirect("usercp.php", $lang->redirect_emailupdated);
1445          }
1446          elseif($activation['type'] == "b")
1447          {
1448              $update = array(
1449                  "validated" => 1,
1450              );
1451              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1452              $plugins->run_hooks("member_activate_emailactivated");
1453  
1454              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1455          }
1456          else
1457          {
1458              $plugins->run_hooks("member_activate_accountactivated");
1459  
1460              redirect("index.php", $lang->redirect_accountactivated);
1461          }
1462      }
1463      else
1464      {
1465          $plugins->run_hooks("member_activate_form");
1466  
1467          $code = htmlspecialchars_uni($mybb->get_input('code'));
1468  
1469          if(!isset($user['username']))
1470          {
1471              $user['username'] = '';
1472          }
1473          $user['username'] = htmlspecialchars_uni($user['username']);
1474  
1475          eval("\$activate = \"".$templates->get("member_activate")."\";");
1476          output_page($activate);
1477      }
1478  }
1479  
1480  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1481  {
1482      $plugins->run_hooks("member_do_resendactivation_start");
1483  
1484      if($mybb->settings['regtype'] == "admin")
1485      {
1486          error($lang->error_activated_by_admin);
1487      }
1488  
1489      $errors = array();
1490  
1491      if($mybb->settings['captchaimage'])
1492      {
1493          require_once  MYBB_ROOT.'inc/class_captcha.php';
1494          $captcha = new captcha;
1495  
1496          if($captcha->validate_captcha() == false)
1497          {
1498              // CAPTCHA validation failed
1499              foreach($captcha->get_errors() as $error)
1500              {
1501                  $errors[] = $error;
1502              }
1503          }
1504      }
1505  
1506      $query = $db->query("
1507          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1508          FROM ".TABLE_PREFIX."users u
1509          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r' OR a.type='b')
1510          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1511      ");
1512      $numusers = $db->num_rows($query);
1513      if($numusers < 1)
1514      {
1515          error($lang->error_invalidemail);
1516      }
1517      else
1518      {
1519          if(count($errors) == 0)
1520          {
1521              while($user = $db->fetch_array($query))
1522              {
1523                  if($user['type'] == "b" && $user['validated'] == 1)
1524                  {
1525                      error($lang->error_activated_by_admin);
1526                  }
1527  
1528                  if($user['usergroup'] == 5)
1529                  {
1530                      if(!$user['code'])
1531                      {
1532                          $user['code'] = random_str();
1533                          $uid = $user['uid'];
1534                          $awaitingarray = array(
1535                              "uid" => $uid,
1536                              "dateline" => TIME_NOW,
1537                              "code" => $user['code'],
1538                              "type" => $user['type']
1539                          );
1540                          $db->insert_query("awaitingactivation", $awaitingarray);
1541                      }
1542                      $username = $user['username'];
1543                      $email = $user['email'];
1544                      $activationcode = $user['code'];
1545                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1546                      switch($mybb->settings['username_method'])
1547                      {
1548                          case 0:
1549                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1550                              break;
1551                          case 1:
1552                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1553                              break;
1554                          case 2:
1555                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1556                              break;
1557                          default:
1558                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1559                              break;
1560                      }
1561                      my_mail($email, $emailsubject, $emailmessage);
1562                  }
1563              }
1564  
1565              $plugins->run_hooks("member_do_resendactivation_end");
1566  
1567              redirect("index.php", $lang->redirect_activationresent);
1568          }
1569          else
1570          {
1571              $mybb->input['action'] = "resendactivation";
1572          }
1573      }
1574  }
1575  
1576  if($mybb->input['action'] == "resendactivation")
1577  {
1578      $plugins->run_hooks("member_resendactivation");
1579  
1580      if($mybb->settings['regtype'] == "admin")
1581      {
1582          error($lang->error_activated_by_admin);
1583      }
1584  
1585      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1586      {
1587          error($lang->error_alreadyactivated);
1588      }
1589  
1590      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1591      $activation = $db->fetch_array($query);
1592  
1593      if($activation['validated'] == 1)
1594      {
1595          error($lang->error_activated_by_admin);
1596      }
1597  
1598      $captcha = '';
1599      // Generate CAPTCHA?
1600      if($mybb->settings['captchaimage'])
1601      {
1602          require_once  MYBB_ROOT.'inc/class_captcha.php';
1603          $post_captcha = new captcha(true, "post_captcha");
1604  
1605          if($post_captcha->html)
1606          {
1607              $captcha = $post_captcha->html;
1608          }
1609      }
1610  
1611      if(isset($errors) && count($errors) > 0)
1612      {
1613          $errors = inline_error($errors);
1614          $email = htmlspecialchars_uni($mybb->get_input('email'));
1615      }
1616      else
1617      {
1618          $errors = '';
1619          $email = '';
1620      }
1621  
1622      $plugins->run_hooks("member_resendactivation_end");
1623  
1624      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1625      output_page($activate);
1626  }
1627  
1628  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1629  {
1630      $plugins->run_hooks("member_do_lostpw_start");
1631  
1632      $errors = array();
1633  
1634      if($mybb->settings['captchaimage'])
1635      {
1636          require_once  MYBB_ROOT.'inc/class_captcha.php';
1637          $captcha = new captcha;
1638  
1639          if($captcha->validate_captcha() == false)
1640          {
1641              // CAPTCHA validation failed
1642              foreach($captcha->get_errors() as $error)
1643              {
1644                  $errors[] = $error;
1645              }
1646          }
1647      }
1648  
1649      $email = $db->escape_string($email);
1650      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1651      $numusers = $db->num_rows($query);
1652      if($numusers < 1)
1653      {
1654          error($lang->error_invalidemail);
1655      }
1656      else
1657      {
1658          if(count($errors) == 0)
1659          {
1660              while($user = $db->fetch_array($query))
1661              {
1662                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1663                  $user['activationcode'] = random_str(30);
1664                  $now = TIME_NOW;
1665                  $uid = $user['uid'];
1666                  $awaitingarray = array(
1667                      "uid" => $user['uid'],
1668                      "dateline" => TIME_NOW,
1669                      "code" => $user['activationcode'],
1670                      "type" => "p"
1671                  );
1672                  $db->insert_query("awaitingactivation", $awaitingarray);
1673                  $username = $user['username'];
1674                  $email = $user['email'];
1675                  $activationcode = $user['activationcode'];
1676                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1677                  switch($mybb->settings['username_method'])
1678                  {
1679                      case 0:
1680                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1681                          break;
1682                      case 1:
1683                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1684                          break;
1685                      case 2:
1686                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1687                          break;
1688                      default:
1689                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1690                          break;
1691                  }
1692                  my_mail($email, $emailsubject, $emailmessage);
1693              }
1694  
1695              $plugins->run_hooks("member_do_lostpw_end");
1696  
1697              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1698          }
1699          else
1700          {
1701              $mybb->input['action'] = "lostpw";
1702          }
1703      }
1704  }
1705  
1706  if($mybb->input['action'] == "lostpw")
1707  {
1708      $plugins->run_hooks("member_lostpw");
1709  
1710      $captcha = '';
1711      // Generate CAPTCHA?
1712      if($mybb->settings['captchaimage'])
1713      {
1714          require_once  MYBB_ROOT.'inc/class_captcha.php';
1715          $post_captcha = new captcha(true, "post_captcha");
1716  
1717          if($post_captcha->html)
1718          {
1719              $captcha = $post_captcha->html;
1720          }
1721      }
1722  
1723      if(isset($errors) && count($errors) > 0)
1724      {
1725          $errors = inline_error($errors);
1726          $email = htmlspecialchars_uni($mybb->get_input('email'));
1727      }
1728      else
1729      {
1730          $errors = '';
1731          $email = '';
1732      }
1733  
1734      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1735      output_page($lostpw);
1736  }
1737  
1738  if($mybb->input['action'] == "resetpassword")
1739  {
1740      $plugins->run_hooks("member_resetpassword_start");
1741  
1742      if(isset($mybb->input['username']))
1743      {
1744          $mybb->input['username'] = $mybb->get_input('username');
1745          $options = array(
1746              'username_method' => $mybb->settings['username_method'],
1747              'fields' => '*',
1748          );
1749          $user = get_user_by_username($mybb->input['username'], $options);
1750          if(!$user)
1751          {
1752              switch($mybb->settings['username_method'])
1753              {
1754                  case 0:
1755                      error($lang->error_invalidpworusername);
1756                      break;
1757                  case 1:
1758                      error($lang->error_invalidpworusername1);
1759                      break;
1760                  case 2:
1761                      error($lang->error_invalidpworusername2);
1762                      break;
1763                  default:
1764                      error($lang->error_invalidpworusername);
1765                      break;
1766              }
1767          }
1768      }
1769      else
1770      {
1771          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1772      }
1773  
1774      if(isset($mybb->input['code']) && $user)
1775      {
1776          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1777          $activationcode = $db->fetch_field($query, 'code');
1778          $now = TIME_NOW;
1779          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1780          {
1781              error($lang->error_badlostpwcode);
1782          }
1783          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1784          $username = $user['username'];
1785  
1786          // Generate a new password, then update it
1787          $password_length = (int)$mybb->settings['minpasswordlength'];
1788  
1789          if($password_length < 8)
1790          {
1791              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1792          }
1793  
1794          // Set up user handler.
1795          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1796          $userhandler = new UserDataHandler('update');
1797  
1798          while(!$userhandler->verify_password())
1799          {
1800              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1801  
1802              $userhandler->set_data(array(
1803                  'uid'        => $user['uid'],
1804                  'username'    => $user['username'],
1805                  'email'        => $user['email'],
1806                  'password'    => $password
1807              ));
1808  
1809              $userhandler->set_validated(true);
1810              $userhandler->errors = array();
1811          }
1812  
1813          $userhandler->update_user();
1814  
1815          $logindetails = array(
1816              'salt'        => $userhandler->data['salt'],
1817              'password'    => $userhandler->data['saltedpw'],
1818              'loginkey'    => $userhandler->data['loginkey'],
1819          );
1820  
1821          $email = $user['email'];
1822  
1823          $plugins->run_hooks("member_resetpassword_process");
1824  
1825          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1826          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1827          my_mail($email, $emailsubject, $emailmessage);
1828  
1829          $plugins->run_hooks("member_resetpassword_reset");
1830  
1831          error($lang->redirect_passwordreset);
1832      }
1833      else
1834      {
1835          $plugins->run_hooks("member_resetpassword_form");
1836  
1837          switch($mybb->settings['username_method'])
1838          {
1839              case 0:
1840                  $lang_username = $lang->username;
1841                  break;
1842              case 1:
1843                  $lang_username = $lang->username1;
1844                  break;
1845              case 2:
1846                  $lang_username = $lang->username2;
1847                  break;
1848              default:
1849                  $lang_username = $lang->username;
1850                  break;
1851          }
1852  
1853          $code = htmlspecialchars_uni($mybb->get_input('code'));
1854  
1855          if(!isset($mybb->input['username']))
1856          {
1857              $input_username = '';
1858          }
1859          $input_username = htmlspecialchars_uni($mybb->input['username']);
1860  
1861          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1862          output_page($activate);
1863      }
1864  }
1865  
1866  $do_captcha = $correct = false;
1867  $inline_errors = "";
1868  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1869  {
1870      verify_post_check($mybb->get_input('my_post_key'));
1871  
1872      $errors = array();
1873  
1874      $plugins->run_hooks("member_do_login_start");
1875  
1876      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1877      $loginhandler = new LoginDataHandler("get");
1878  
1879      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1880      {
1881          $mybb->input['password'] = $mybb->get_input('quick_password');
1882          $mybb->input['username'] = $mybb->get_input('quick_username');
1883          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1884      }
1885  
1886      $user = array(
1887          'username' => $mybb->get_input('username'),
1888          'password' => $mybb->get_input('password'),
1889          'remember' => $mybb->get_input('remember'),
1890          'imagestring' => $mybb->get_input('imagestring')
1891      );
1892  
1893      $options = array(
1894          'fields' => 'loginattempts',
1895          'username_method' => (int)$mybb->settings['username_method'],
1896      );
1897  
1898      $user_loginattempts = get_user_by_username($user['username'], $options);
1899      $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1900  
1901      $loginhandler->set_data($user);
1902      $validated = $loginhandler->validate_login();
1903  
1904      if(!$validated)
1905      {
1906          $mybb->input['action'] = "login";
1907          $mybb->request_method = "get";
1908  
1909          $login_user = get_user_by_username($user['username'], array('fields' => 'uid'));
1910  
1911          // Is a fatal call if user has had too many tries
1912          $logins = login_attempt_check($login_user['uid']);
1913  
1914          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".(int)$loginhandler->login_data['uid']."'", 1, true);
1915  
1916          $errors = $loginhandler->get_friendly_errors();
1917  
1918          $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1919  
1920          // If we need a captcha set it here
1921          if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1922          {
1923              $do_captcha = true;
1924              $correct = $loginhandler->captcha_verified;
1925          }
1926      }
1927      else if($validated && $loginhandler->captcha_verified == true)
1928      {
1929          // Successful login
1930          if($loginhandler->login_data['coppauser'])
1931          {
1932              error($lang->error_awaitingcoppa);
1933          }
1934  
1935          $loginhandler->complete_login();
1936  
1937          $plugins->run_hooks("member_do_login_end");
1938  
1939          $mybb->input['url'] = $mybb->get_input('url');
1940  
1941          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1942          {
1943              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1944              {
1945                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1946              }
1947  
1948              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1949  
1950              // Redirect to the URL if it is not member.php
1951              redirect($mybb->input['url'], $lang->redirect_loggedin);
1952          }
1953          else
1954          {
1955  
1956              redirect("index.php", $lang->redirect_loggedin);
1957          }
1958      }
1959  
1960      $plugins->run_hooks("member_do_login_end");
1961  }
1962  
1963  if($mybb->input['action'] == "login")
1964  {
1965      $plugins->run_hooks("member_login");
1966  
1967      $member_loggedin_notice = "";
1968      if($mybb->user['uid'] != 0)
1969      {
1970          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1971          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1972          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1973      }
1974  
1975      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1976      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1977      // and we can't check loginattempts in the db
1978      login_attempt_check();
1979  
1980      // Redirect to the page where the user came from, but not if that was the login page.
1981      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1982      {
1983          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1984      }
1985      else
1986      {
1987          $redirect_url = '';
1988      }
1989  
1990      $captcha = '';
1991      // Show captcha image for guests if enabled and only if we have to do
1992      if($mybb->settings['captchaimage'] && $do_captcha == true)
1993      {
1994          require_once  MYBB_ROOT.'inc/class_captcha.php';
1995          $login_captcha = new captcha(false, "post_captcha");
1996  
1997          if($login_captcha->type == 1)
1998          {
1999              if(!$correct)
2000              {
2001                  $login_captcha->build_captcha();
2002              }
2003              else
2004              {
2005                  $captcha = $login_captcha->build_hidden_captcha();
2006              }
2007          }
2008          elseif(in_array($login_captcha->type, array(2, 4, 5)))
2009          {
2010              $login_captcha->build_recaptcha();
2011          }
2012  
2013          if($login_captcha->html)
2014          {
2015              $captcha = $login_captcha->html;
2016          }
2017      }
2018  
2019      $username = "";
2020      $password = "";
2021      if(isset($mybb->input['username']) && $mybb->request_method == "post")
2022      {
2023          $username = htmlspecialchars_uni($mybb->get_input('username'));
2024      }
2025  
2026      if(isset($mybb->input['password']) && $mybb->request_method == "post")
2027      {
2028          $password = htmlspecialchars_uni($mybb->get_input('password'));
2029      }
2030  
2031      if(!empty($errors))
2032      {
2033          $mybb->input['action'] = "login";
2034          $mybb->request_method = "get";
2035  
2036          $inline_errors = inline_error($errors);
2037      }
2038  
2039      switch($mybb->settings['username_method'])
2040      {
2041          case 1:
2042              $lang->username = $lang->username1;
2043              break;
2044          case 2:
2045              $lang->username = $lang->username2;
2046              break;
2047          default:
2048              break;
2049      }
2050  
2051      $plugins->run_hooks("member_login_end");
2052  
2053      eval("\$login = \"".$templates->get("member_login")."\";");
2054      output_page($login);
2055  }
2056  
2057  if($mybb->input['action'] == "logout")
2058  {
2059      $plugins->run_hooks("member_logout_start");
2060  
2061      if(!$mybb->user['uid'])
2062      {
2063          redirect("index.php", $lang->redirect_alreadyloggedout);
2064      }
2065  
2066      // Check session ID if we have one
2067      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
2068      {
2069          error($lang->error_notloggedout);
2070      }
2071      // Otherwise, check logoutkey
2072      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
2073      {
2074          error($lang->error_notloggedout);
2075      }
2076  
2077      my_unsetcookie("mybbuser");
2078      my_unsetcookie("sid");
2079  
2080      if($mybb->user['uid'])
2081      {
2082          $time = TIME_NOW;
2083          // Run this after the shutdown query from session system
2084          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
2085          $db->delete_query("sessions", "sid = '{$session->sid}'");
2086      }
2087  
2088      $plugins->run_hooks("member_logout_end");
2089  
2090      redirect("index.php", $lang->redirect_loggedout);
2091  }
2092  
2093  if($mybb->input['action'] == "viewnotes")
2094  {
2095      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2096      $user = get_user($uid);
2097  
2098      // Make sure we are looking at a real user here.
2099      if(!$user)
2100      {
2101          error($lang->error_nomember);
2102      }
2103  
2104      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
2105      {
2106          error_no_permission();
2107      }
2108  
2109      $user['username'] = htmlspecialchars_uni($user['username']);
2110      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
2111  
2112      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
2113  
2114      $plugins->run_hooks('member_viewnotes');
2115  
2116      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2117      echo $viewnotes;
2118      exit;
2119  }
2120  
2121  if($mybb->input['action'] == "profile")
2122  {
2123      $plugins->run_hooks("member_profile_start");
2124  
2125      if($mybb->usergroup['canviewprofiles'] == 0)
2126      {
2127          error_no_permission();
2128      }
2129  
2130      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2131      if($uid)
2132      {
2133          $memprofile = get_user($uid);
2134      }
2135      elseif($mybb->user['uid'])
2136      {
2137          $memprofile = $mybb->user;
2138      }
2139      else
2140      {
2141          $memprofile = false;
2142      }
2143  
2144      if(!$memprofile)
2145      {
2146          error($lang->error_nomember);
2147      }
2148  
2149      $uid = $memprofile['uid'];
2150  
2151      $me_username = $memprofile['username'];
2152      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2153      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2154  
2155      // Get member's permissions
2156      $memperms = user_permissions($memprofile['uid']);
2157  
2158      // Set display group
2159      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2160  
2161      if(!$memprofile['displaygroup'])
2162      {
2163          $memprofile['displaygroup'] = $memprofile['usergroup'];
2164      }
2165  
2166      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2167      if(is_array($displaygroup))
2168      {
2169          $memperms = array_merge($memperms, $displaygroup);
2170      }
2171  
2172      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2173      add_breadcrumb($lang->nav_profile);
2174  
2175      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2176      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2177      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2178      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2179      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2180      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2181      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2182  
2183      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2184      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2185  
2186      $website = $sendemail = $sendpm = $contact_details = '';
2187  
2188      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2189      {
2190          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2191          $bgcolor = alt_trow();
2192          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2193      }
2194  
2195      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2196      {
2197          $bgcolor = alt_trow();
2198          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2199      }
2200  
2201      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2202      {
2203          $bgcolor = alt_trow();
2204          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2205      }
2206  
2207      $contact_fields = array();
2208      $any_contact_field = false;
2209      foreach(array('icq', 'yahoo', 'skype', 'google') as $field)
2210      {
2211          $contact_fields[$field] = '';
2212          $settingkey = 'allow'.$field.'field';
2213  
2214          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2215          {
2216              $any_contact_field = true;
2217  
2218              if($field == 'icq')
2219              {
2220                  $memprofile[$field] = (int)$memprofile[$field];
2221              }
2222              else
2223              {
2224                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2225              }
2226              $tmpl = 'member_profile_contact_fields_'.$field;
2227  
2228              $bgcolors[$field] = alt_trow();
2229              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2230          }
2231      }
2232  
2233      if($any_contact_field || $sendemail || $sendpm || $website)
2234      {
2235          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2236      }
2237  
2238      $signature = '';
2239      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2240      {
2241          $sig_parser = array(
2242              "allow_html" => $mybb->settings['sightml'],
2243              "allow_mycode" => $mybb->settings['sigmycode'],
2244              "allow_smilies" => $mybb->settings['sigsmilies'],
2245              "allow_imgcode" => $mybb->settings['sigimgcode'],
2246              "me_username" => $me_username,
2247              "filter_badwords" => 1
2248          );
2249  
2250          if($memperms['signofollow'])
2251          {
2252              $sig_parser['nofollow_on'] = 1;
2253          }
2254  
2255          if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2256          {
2257              $sig_parser['allow_imgcode'] = 0;
2258          }
2259  
2260          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2261          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2262      }
2263  
2264      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2265  
2266      if($daysreg < 1)
2267      {
2268          $daysreg = 1;
2269      }
2270  
2271      $stats = $cache->read("stats");
2272  
2273      // Format post count, per day count and percent of total
2274      $ppd = $memprofile['postnum'] / $daysreg;
2275      $ppd = round($ppd, 2);
2276      if($ppd > $memprofile['postnum'])
2277      {
2278          $ppd = $memprofile['postnum'];
2279      }
2280  
2281      $numposts = $stats['numposts'];
2282      if($numposts == 0)
2283      {
2284          $post_percent = "0";
2285      }
2286      else
2287      {
2288          $post_percent = $memprofile['postnum']*100/$numposts;
2289          $post_percent = round($post_percent, 2);
2290      }
2291  
2292      if($post_percent > 100)
2293      {
2294          $post_percent = 100;
2295      }
2296  
2297      // Format thread count, per day count and percent of total
2298      $tpd = $memprofile['threadnum'] / $daysreg;
2299      $tpd = round($tpd, 2);
2300      if($tpd > $memprofile['threadnum'])
2301      {
2302          $tpd = $memprofile['threadnum'];
2303      }
2304  
2305      $numthreads = $stats['numthreads'];
2306      if($numthreads == 0)
2307      {
2308          $thread_percent = "0";
2309      }
2310      else
2311      {
2312          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2313          $thread_percent = round($thread_percent, 2);
2314      }
2315  
2316      if($thread_percent > 100)
2317      {
2318          $thread_percent = 100;
2319      }
2320  
2321      $findposts = $findthreads = '';
2322      if($mybb->usergroup['cansearch'] == 1)
2323      {
2324          eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2325          eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2326      }
2327  
2328      $awaybit = '';
2329      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2330      {
2331          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2332          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2333          if(!empty($memprofile['awayreason']))
2334          {
2335              $reason = $parser->parse_badwords($memprofile['awayreason']);
2336              $awayreason = htmlspecialchars_uni($reason);
2337          }
2338          else
2339          {
2340              $awayreason = $lang->away_no_reason;
2341          }
2342          if($memprofile['returndate'] == '')
2343          {
2344              $returndate = "$lang->unknown";
2345          }
2346          else
2347          {
2348              $returnhome = explode("-", $memprofile['returndate']);
2349  
2350              // PHP native date functions use integers so timestamps for years after 2038 will not work
2351              // Thus we use adodb_mktime
2352              if($returnhome[2] >= 2038)
2353              {
2354                  require_once  MYBB_ROOT."inc/functions_time.php";
2355                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2356                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2357              }
2358              else
2359              {
2360                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2361                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2362              }
2363  
2364              // If our away time has expired already, we should be back, right?
2365              if($returnmkdate < TIME_NOW)
2366              {
2367                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2368  
2369                  // Update our status to "not away"
2370                  $memprofile['away'] = 0;
2371              }
2372          }
2373  
2374          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2375          if($memprofile['away'] == 1)
2376          {
2377              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2378          }
2379      }
2380  
2381      $memprofile['timezone'] = (float)$memprofile['timezone'];
2382  
2383      if($memprofile['dst'] == 1)
2384      {
2385          $memprofile['timezone']++;
2386          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2387          {
2388              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2389          }
2390      }
2391  
2392      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2393      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2394      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2395  
2396      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2397  
2398      if($memprofile['lastactive'])
2399      {
2400          $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
2401          $memlastvisitsep = $lang->comma;
2402          $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2403      }
2404      else
2405      {
2406          $memlastvisitdate = $lang->lastvisit_never;
2407          $memlastvisitsep = '';
2408          $memlastvisittime = '';
2409      }
2410  
2411      if($memprofile['birthday'])
2412      {
2413          $membday = explode("-", $memprofile['birthday']);
2414  
2415          if($memprofile['birthdayprivacy'] != 'none')
2416          {
2417              if($membday[0] && $membday[1] && $membday[2])
2418              {
2419                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2420  
2421                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2422                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2423                  $membday = date($bdayformat, $membday);
2424  
2425                  $membdayage = $lang->membdayage;
2426              }
2427              elseif($membday[2])
2428              {
2429                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2430                  $membday = date("Y", $membday);
2431                  $membdayage = '';
2432              }
2433              else
2434              {
2435                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2436                  $membday = date("F j", $membday);
2437                  $membdayage = '';
2438              }
2439          }
2440  
2441          if($memprofile['birthdayprivacy'] == 'age')
2442          {
2443              $membday = $lang->birthdayhidden;
2444          }
2445          else if($memprofile['birthdayprivacy'] == 'none')
2446          {
2447              $membday = $lang->birthdayhidden;
2448              $membdayage = '';
2449          }
2450      }
2451      else
2452      {
2453          $membday = $lang->not_specified;
2454          $membdayage = '';
2455      }
2456  
2457      // Get the user title for this user
2458      unset($usertitle);
2459      unset($stars);
2460      $starimage = '';
2461      if(trim($memprofile['usertitle']) != '')
2462      {
2463          // User has custom user title
2464          $usertitle = $memprofile['usertitle'];
2465      }
2466      elseif(trim($memperms['usertitle']) != '')
2467      {
2468          // User has group title
2469          $usertitle = $memperms['usertitle'];
2470      }
2471      else
2472      {
2473          // No usergroup title so get a default one
2474          $usertitles = $cache->read('usertitles');
2475  
2476          if(is_array($usertitles))
2477          {
2478              foreach($usertitles as $title)
2479              {
2480                  if($memprofile['postnum'] >= $title['posts'])
2481                  {
2482                      $usertitle = $title['title'];
2483                      $stars = $title['stars'];
2484                      $starimage = $title['starimage'];
2485  
2486                      break;
2487                  }
2488              }
2489          }
2490      }
2491  
2492      $usertitle = htmlspecialchars_uni($usertitle);
2493  
2494      if($memperms['stars'] || $memperms['usertitle'])
2495      {
2496          // Set the number of stars if display group has constant number of stars
2497          $stars = $memperms['stars'];
2498      }
2499      elseif(!$stars)
2500      {
2501          if(!is_array($usertitles))
2502          {
2503              $usertitles = $cache->read('usertitles');
2504          }
2505  
2506          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2507          if(is_array($usertitles))
2508          {
2509              foreach($usertitles as $title)
2510              {
2511                  if($memprofile['postnum'] >= $title['posts'])
2512                  {
2513                      $stars = $title['stars'];
2514                      $starimage = $title['starimage'];
2515                      break;
2516                  }
2517              }
2518          }
2519      }
2520  
2521      $groupimage = '';
2522      if(!empty($memperms['image']))
2523      {
2524          if(!empty($mybb->user['language']))
2525          {
2526              $language = $mybb->user['language'];
2527          }
2528          else
2529          {
2530              $language = $mybb->settings['bblanguage'];
2531          }
2532          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2533          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2534          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2535      }
2536  
2537      if(empty($starimage))
2538      {
2539          $starimage = $memperms['starimage'];
2540      }
2541  
2542      if(!empty($starimage))
2543      {
2544          // Only display stars if we have an image to use...
2545          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2546          $userstars = '';
2547          for($i = 0; $i < $stars; ++$i)
2548          {
2549              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2550          }
2551      }
2552  
2553      // User is currently online and this user has permissions to view the user on the WOL
2554      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2555      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2556      $session = $db->fetch_array($query);
2557  
2558      $online_status = '';
2559      if($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid'])
2560      {
2561          // Lastvisit
2562          if($memprofile['lastactive'])
2563          {
2564              $memlastvisitsep = $lang->comma;
2565              $memlastvisitdate = my_date('relative', $memprofile['lastactive']);
2566          }
2567  
2568          // Time Online
2569          $timeonline = $lang->none_registered;
2570          if($memprofile['timeonline'] > 0)
2571          {
2572              $timeonline = nice_time($memprofile['timeonline']);
2573          }
2574  
2575          // Online?
2576          if(!empty($session))
2577          {
2578              // Fetch their current location
2579              $lang->load("online");
2580              require_once  MYBB_ROOT."inc/functions_online.php";
2581              $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2582              $location = build_friendly_wol_location($activity);
2583              $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2584  
2585              eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2586          }
2587          // User is offline
2588          else
2589          {
2590              eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2591          }
2592      }
2593  
2594      if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2595      {
2596          $memlastvisitsep = '';
2597          $memlastvisittime = '';
2598          $memlastvisitdate = $lang->lastvisit_never;
2599  
2600          if($memprofile['lastactive'])
2601          {
2602              // We have had at least some active time, hide it instead
2603              $memlastvisitdate = $lang->lastvisit_hidden;
2604          }
2605  
2606          $timeonline = $lang->timeonline_hidden;
2607      }
2608  
2609      // Reset the background colours to keep it inline
2610      $alttrow = 'trow1';
2611  
2612      // Build Referral
2613      $referrals = '';
2614      if($mybb->settings['usereferrals'] == 1)
2615      {
2616          $bg_color = alt_trow();
2617  
2618          $uid = (int) $memprofile['uid'];
2619          $referral_count = $memprofile['referrals'];
2620          if ($referral_count > 0) {
2621              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2622          }
2623  
2624          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2625      }
2626  
2627      // Fetch the reputation for this user
2628      $reputation = '';
2629      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2630      {
2631          $bg_color = alt_trow();
2632          $reputation = get_reputation($memprofile['reputation']);
2633  
2634          // If this user has permission to give reputations show the vote link
2635          $vote_link = '';
2636          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2637          {
2638              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2639          }
2640  
2641          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2642      }
2643  
2644      $warning_level = '';
2645      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2646      {
2647          $bg_color = alt_trow();
2648  
2649          if($mybb->settings['maxwarningpoints'] < 1)
2650          {
2651              $mybb->settings['maxwarningpoints'] = 10;
2652          }
2653  
2654          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2655  
2656          if($warning_level > 100)
2657          {
2658              $warning_level = 100;
2659          }
2660  
2661          $warn_user = '';
2662          $warning_link = 'usercp.php';
2663          $warning_level = get_colored_warning_level($warning_level);
2664          if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
2665          {
2666              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2667              $warning_link = "warnings.php?uid={$memprofile['uid']}";
2668          }
2669  
2670          eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2671      }
2672  
2673      $bgcolor = $alttrow = 'trow1';
2674      $customfields = $profilefields = '';
2675  
2676      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2677      $userfields = $db->fetch_array($query);
2678  
2679      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2680      $pfcache = $cache->read('profilefields');
2681  
2682      if(is_array($pfcache))
2683      {
2684          foreach($pfcache as $customfield)
2685          {
2686              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2687              {
2688                  continue;
2689              }
2690  
2691              $thing = explode("\n", $customfield['type'], "2");
2692              $type = trim($thing[0]);
2693  
2694              $customfieldval = $customfield_val = '';
2695              $field = "fid{$customfield['fid']}";
2696  
2697              if(isset($userfields[$field]))
2698              {
2699                  $useropts = explode("\n", $userfields[$field]);
2700                  $customfieldval = $comma = '';
2701                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2702                  {
2703                      foreach($useropts as $val)
2704                      {
2705                          if($val != '')
2706                          {
2707                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2708                          }
2709                      }
2710                      if($customfield_val != '')
2711                      {
2712                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2713                      }
2714                  }
2715                  else
2716                  {
2717                      $parser_options = array(
2718                          "allow_html" => $customfield['allowhtml'],
2719                          "allow_mycode" => $customfield['allowmycode'],
2720                          "allow_smilies" => $customfield['allowsmilies'],
2721                          "allow_imgcode" => $customfield['allowimgcode'],
2722                          "allow_videocode" => $customfield['allowvideocode'],
2723                          #"nofollow_on" => 1,
2724                          "filter_badwords" => 1
2725                      );
2726  
2727                      if($customfield['type'] == "textarea")
2728                      {
2729                          $parser_options['me_username'] = $memprofile['username'];
2730                      }
2731                      else
2732                      {
2733                          $parser_options['nl2br'] = 0;
2734                      }
2735  
2736                      if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2737                      {
2738                          $parser_options['allow_imgcode'] = 0;
2739                      }
2740  
2741                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2742                  }
2743              }
2744  
2745              if($customfieldval)
2746              {
2747                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2748                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2749                  $bgcolor = alt_trow();
2750              }
2751          }
2752      }
2753  
2754      if($customfields)
2755      {
2756          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2757      }
2758  
2759      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2760      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2761  
2762      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2763      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2764  
2765      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2766  
2767      $bannedbit = '';
2768      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2769      {
2770          // Fetch details on their ban
2771          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2772          $memban = $db->fetch_array($query);
2773  
2774          if($memban['reason'])
2775          {
2776              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2777          }
2778          else
2779          {
2780              $memban['reason'] = $lang->na;
2781          }
2782  
2783          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2784          {
2785              $banlength = $lang->permanent;
2786              $timeremaining = $lang->na;
2787          }
2788          else
2789          {
2790              // Set up the array of ban times.
2791              $bantimes = fetch_ban_times();
2792  
2793              $banlength = $bantimes[$memban['bantime']];
2794              $remaining = $memban['lifted']-TIME_NOW;
2795  
2796              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2797  
2798              $banned_class = '';
2799              if($remaining < 3600)
2800              {
2801                  $banned_class = "high_banned";
2802              }
2803              else if($remaining < 86400)
2804              {
2805                  $banned_class = "moderate_banned";
2806              }
2807              else if($remaining < 604800)
2808              {
2809                  $banned_class = "low_banned";
2810              }
2811              else
2812              {
2813                  $banned_class = "normal_banned";
2814              }
2815  
2816              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2817          }
2818  
2819          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2820  
2821          // Display a nice warning to the user
2822          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2823      }
2824  
2825      $adminoptions = '';
2826      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2827      {
2828          eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2829      }
2830  
2831      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2832      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2833      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2834      {
2835          if($mybb->usergroup['canuseipsearch'] == 1)
2836          {
2837              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2838              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2839  
2840              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2841          }
2842  
2843          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2844  
2845          if(!empty($memprofile['usernotes']))
2846          {
2847              if(strlen($memprofile['usernotes']) > 100)
2848              {
2849                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2850                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2851              }
2852          }
2853          else
2854          {
2855              $memprofile['usernotes'] = $lang->no_usernotes;
2856          }
2857  
2858          if($mybb->usergroup['caneditprofiles'] == 1)
2859          {
2860              eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2861              eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2862          }
2863  
2864          if($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && ($mybb->user['uid'] == $memban['admin']) || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1))
2865          {
2866              if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2867              {
2868                  eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2869              }
2870              else
2871              {
2872                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2873              }
2874          }
2875  
2876          if($can_purge_spammer)
2877          {
2878              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2879          }
2880  
2881          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2882          {
2883              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2884          }
2885  
2886          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2887      }
2888  
2889      $add_remove_options = array();
2890      $buddy_options = $ignore_options = $report_options = '';
2891      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2892      {
2893          $buddy_list = explode(',', $mybb->user['buddylist']);
2894          $ignore_list = explode(',', $mybb->user['ignorelist']);
2895  
2896          if(in_array($uid, $buddy_list))
2897          {
2898              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2899          }
2900          else
2901          {
2902              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2903          }
2904  
2905          if(!in_array($uid, $ignore_list))
2906          {
2907              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2908          }
2909  
2910          if(in_array($uid, $ignore_list))
2911          {
2912              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2913          }
2914          else
2915          {
2916              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2917          }
2918  
2919          if(!in_array($uid, $buddy_list))
2920          {
2921              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2922          }
2923  
2924          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2925          {
2926              $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2927              eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2928          }
2929      }
2930  
2931      $plugins->run_hooks("member_profile_end");
2932  
2933      eval("\$profile = \"".$templates->get("member_profile")."\";");
2934      output_page($profile);
2935  }
2936  
2937  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2938  {
2939      // Verify incoming POST request
2940      verify_post_check($mybb->get_input('my_post_key'));
2941  
2942      $plugins->run_hooks("member_do_emailuser_start");
2943  
2944      // Guests or those without permission can't email other users
2945      if($mybb->usergroup['cansendemail'] == 0)
2946      {
2947          error_no_permission();
2948      }
2949  
2950      // Check group limits
2951      if($mybb->usergroup['maxemails'] > 0)
2952      {
2953          if($mybb->user['uid'] > 0)
2954          {
2955              $user_check = "fromuid='{$mybb->user['uid']}'";
2956          }
2957          else
2958          {
2959              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2960          }
2961  
2962          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2963          $sent_count = $db->fetch_field($query, "sent_count");
2964          if($sent_count >= $mybb->usergroup['maxemails'])
2965          {
2966              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2967              error($lang->error_max_emails_day);
2968          }
2969      }
2970  
2971      // Check email flood control
2972      if($mybb->usergroup['emailfloodtime'] > 0)
2973      {
2974          if($mybb->user['uid'] > 0)
2975          {
2976              $user_check = "fromuid='{$mybb->user['uid']}'";
2977          }
2978          else
2979          {
2980              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2981          }
2982  
2983          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2984  
2985          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2986          $last_email = $db->fetch_array($query);
2987  
2988          // Users last email was within the flood time, show the error
2989          if($last_email['mid'])
2990          {
2991              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2992  
2993              if($remaining_time == 1)
2994              {
2995                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2996              }
2997              elseif($remaining_time < 60)
2998              {
2999                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3000              }
3001              elseif($remaining_time > 60 && $remaining_time < 120)
3002              {
3003                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3004              }
3005              else
3006              {
3007                  $remaining_time_minutes = ceil($remaining_time/60);
3008                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3009              }
3010  
3011              error($lang->error_emailflooding);
3012          }
3013      }
3014  
3015      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3016      $to_user = $db->fetch_array($query);
3017  
3018      if(!$to_user['username'])
3019      {
3020          error($lang->error_invalidusername);
3021      }
3022  
3023      if($to_user['hideemail'] != 0)
3024      {
3025          error($lang->error_hideemail);
3026      }
3027  
3028      $errors = array();
3029  
3030      if($mybb->user['uid'])
3031      {
3032          $mybb->input['fromemail'] = $mybb->user['email'];
3033          $mybb->input['fromname'] = $mybb->user['username'];
3034      }
3035  
3036      if(!validate_email_format($mybb->input['fromemail']))
3037      {
3038          $errors[] = $lang->error_invalidfromemail;
3039      }
3040  
3041      if(empty($mybb->input['fromname']))
3042      {
3043          $errors[] = $lang->error_noname;
3044      }
3045  
3046      if(empty($mybb->input['subject']))
3047      {
3048          $errors[] = $lang->error_no_email_subject;
3049      }
3050  
3051      if(empty($mybb->input['message']))
3052      {
3053          $errors[] = $lang->error_no_email_message;
3054      }
3055  
3056      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3057      {
3058          require_once  MYBB_ROOT.'inc/class_captcha.php';
3059          $captcha = new captcha;
3060  
3061          if($captcha->validate_captcha() == false)
3062          {
3063              // CAPTCHA validation failed
3064              foreach($captcha->get_errors() as $error)
3065              {
3066                  $errors[] = $error;
3067              }
3068          }
3069      }
3070  
3071      if(count($errors) == 0)
3072      {
3073          if($mybb->settings['mail_handler'] == 'smtp')
3074          {
3075              $from = $mybb->input['fromemail'];
3076          }
3077          else
3078          {
3079              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
3080          }
3081  
3082          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
3083          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
3084  
3085          if($mybb->settings['mail_logging'] > 0)
3086          {
3087              // Log the message
3088              $log_entry = array(
3089                  "subject" => $db->escape_string($mybb->get_input('subject')),
3090                  "message" => $db->escape_string($mybb->get_input('message')),
3091                  "dateline" => TIME_NOW,
3092                  "fromuid" => $mybb->user['uid'],
3093                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
3094                  "touid" => $to_user['uid'],
3095                  "toemail" => $db->escape_string($to_user['email']),
3096                  "tid" => 0,
3097                  "ipaddress" => $db->escape_binary($session->packedip),
3098                  "type" => 1
3099              );
3100              $db->insert_query("maillogs", $log_entry);
3101          }
3102  
3103          $plugins->run_hooks("member_do_emailuser_end");
3104  
3105          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
3106      }
3107      else
3108      {
3109          $mybb->input['action'] = "emailuser";
3110      }
3111  }
3112  
3113  if($mybb->input['action'] == "emailuser")
3114  {
3115      $plugins->run_hooks("member_emailuser_start");
3116  
3117      // Guests or those without permission can't email other users
3118      if($mybb->usergroup['cansendemail'] == 0)
3119      {
3120          error_no_permission();
3121      }
3122  
3123      // Check group limits
3124      if($mybb->usergroup['maxemails'] > 0)
3125      {
3126          if($mybb->user['uid'] > 0)
3127          {
3128              $user_check = "fromuid='{$mybb->user['uid']}'";
3129          }
3130          else
3131          {
3132              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3133          }
3134  
3135          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3136          $sent_count = $db->fetch_field($query, "sent_count");
3137          if($sent_count >= $mybb->usergroup['maxemails'])
3138          {
3139              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3140              error($lang->error_max_emails_day);
3141          }
3142      }
3143  
3144      // Check email flood control
3145      if($mybb->usergroup['emailfloodtime'] > 0)
3146      {
3147          if($mybb->user['uid'] > 0)
3148          {
3149              $user_check = "fromuid='{$mybb->user['uid']}'";
3150          }
3151          else
3152          {
3153              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3154          }
3155  
3156          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3157  
3158          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3159          $last_email = $db->fetch_array($query);
3160  
3161          // Users last email was within the flood time, show the error
3162          if($last_email['mid'])
3163          {
3164              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3165  
3166              if($remaining_time == 1)
3167              {
3168                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3169              }
3170              elseif($remaining_time < 60)
3171              {
3172                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3173              }
3174              elseif($remaining_time > 60 && $remaining_time < 120)
3175              {
3176                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3177              }
3178              else
3179              {
3180                  $remaining_time_minutes = ceil($remaining_time/60);
3181                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3182              }
3183  
3184              error($lang->error_emailflooding);
3185          }
3186      }
3187  
3188      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3189      $to_user = $db->fetch_array($query);
3190  
3191      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3192      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3193  
3194      if(!$to_user['uid'])
3195      {
3196          error($lang->error_invaliduser);
3197      }
3198  
3199      if($to_user['hideemail'] != 0)
3200      {
3201          error($lang->error_hideemail);
3202      }
3203  
3204      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3205      {
3206          error_no_permission();
3207      }
3208  
3209      if(isset($errors) && count($errors) > 0)
3210      {
3211          $errors = inline_error($errors);
3212          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3213          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3214          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3215          $message = htmlspecialchars_uni($mybb->get_input('message'));
3216      }
3217      else
3218      {
3219          $errors = '';
3220          $fromname = '';
3221          $fromemail = '';
3222          $subject = '';
3223          $message = '';
3224      }
3225  
3226      // Generate CAPTCHA?
3227      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3228      {
3229          require_once  MYBB_ROOT.'inc/class_captcha.php';
3230          $post_captcha = new captcha(true, "post_captcha");
3231  
3232          if($post_captcha->html)
3233          {
3234              $captcha = $post_captcha->html;
3235          }
3236      }
3237      else
3238      {
3239          $captcha = '';
3240      }
3241  
3242      $from_email = '';
3243      if($mybb->user['uid'] == 0)
3244      {
3245          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3246      }
3247  
3248      $plugins->run_hooks("member_emailuser_end");
3249  
3250      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3251      output_page($emailuser);
3252  }
3253  
3254  if($mybb->input['action'] == 'referrals')
3255  {
3256      $plugins->run_hooks('member_referrals_start');
3257  
3258      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3259      if(!$uid)
3260      {
3261          error($lang->referrals_no_user_specified);
3262      }
3263  
3264      $user = get_user($uid);
3265  
3266      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3267      add_breadcrumb($lang->nav_referrals);
3268  
3269      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3270      $referral_count = $db->fetch_field($query, 'total');
3271  
3272      $bg_color = 'trow1';
3273  
3274      if($referral_count == 0)
3275      {
3276          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3277      }
3278      else
3279      {
3280          // Figure out if we need to display multiple pages.
3281          $perpage = 20;
3282          if ((int) $mybb->settings['referralsperpage']) {
3283              $perpage = (int) $mybb->settings['referralsperpage'];
3284          }
3285  
3286          $page = 1;
3287          if($mybb->get_input('page', MyBB::INPUT_INT))
3288          {
3289              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3290          }
3291  
3292          $pages = ceil($referral_count / $perpage);
3293  
3294          if($page > $pages || $page <= 0)
3295          {
3296              $page = 1;
3297          }
3298  
3299          if($page)
3300          {
3301              $start = ($page-1) * $perpage;
3302          }
3303          else
3304          {
3305              $start = 0;
3306              $page = 1;
3307          }
3308  
3309          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3310  
3311          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3312          {
3313              // Format user name link
3314              $username = htmlspecialchars_uni($referral['username']);
3315              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3316              $username = build_profile_link($username, $referral['uid']);
3317  
3318              $regdate = my_date('normal', $referral['regdate']);
3319  
3320              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3321  
3322              $bg_color = alt_trow();
3323          }
3324      }
3325  
3326      $plugins->run_hooks('member_referrals_end');
3327  
3328      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3329      output_page($referrals);
3330  }
3331  
3332  if(!$mybb->input['action'])
3333  {
3334      header("Location: index.php");
3335  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1