[ Index ]

PHP Cross Reference of MyBB 1.8.26

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions_manageban,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_referrals_link,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  $parser = new postParser;
  35  
  36  // Load global language phrases
  37  $lang->load("member");
  38  
  39  $mybb->input['action'] = $mybb->get_input('action');
  40  
  41  // Make navigation
  42  switch($mybb->input['action'])
  43  {
  44      case "register":
  45      case "do_register":
  46          add_breadcrumb($lang->nav_register);
  47          break;
  48      case "activate":
  49          add_breadcrumb($lang->nav_activate);
  50          break;
  51      case "resendactivation":
  52          add_breadcrumb($lang->nav_resendactivation);
  53          break;
  54      case "lostpw":
  55          add_breadcrumb($lang->nav_lostpw);
  56          break;
  57      case "resetpassword":
  58          add_breadcrumb($lang->nav_resetpassword);
  59          break;
  60      case "login":
  61          add_breadcrumb($lang->nav_login);
  62          break;
  63      case "emailuser":
  64          add_breadcrumb($lang->nav_emailuser);
  65          break;
  66  }
  67  
  68  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  69  {
  70      if($mybb->settings['disableregs'] == 1)
  71      {
  72          error($lang->registrations_disabled);
  73      }
  74      if($mybb->user['uid'] != 0)
  75      {
  76          error($lang->error_alreadyregistered);
  77      }
  78      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  79      {
  80          $time = TIME_NOW;
  81          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  82          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  83          $regcount = $db->num_rows($query);
  84          if($regcount >= $mybb->settings['maxregsbetweentime'])
  85          {
  86              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  87              error($lang->error_alreadyregisteredtime);
  88          }
  89      }
  90  }
  91  
  92  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  93  {
  94      $plugins->run_hooks("member_do_register_start");
  95  
  96      // Are checking how long it takes for users to register?
  97      if($mybb->settings['regtime'] > 0)
  98      {
  99          // Is the field actually set?
 100          if(isset($mybb->input['regtime']))
 101          {
 102              // Check how long it took for this person to register
 103              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 104  
 105              // See if they registered faster than normal
 106              if($timetook < $mybb->settings['regtime'])
 107              {
 108                  // This user registered pretty quickly, bot detected!
 109                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 110                  error($lang->error_spam_deny_time);
 111              }
 112          }
 113          else
 114          {
 115              error($lang->error_spam_deny);
 116          }
 117      }
 118  
 119      // If we have hidden CATPCHA enabled and it's filled, deny registration
 120      if($mybb->settings['hiddencaptchaimage'])
 121      {
 122          $string = $mybb->settings['hiddencaptchaimagefield'];
 123  
 124          if(!empty($mybb->input[$string]))
 125          {
 126              error($lang->error_spam_deny);
 127          }
 128      }
 129  
 130      if($mybb->settings['regtype'] == "randompass")
 131      {
 132  
 133          $password_length = (int)$mybb->settings['minpasswordlength'];
 134          if($password_length < 8)
 135          {
 136              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 137          }
 138  
 139          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 140          $mybb->input['password2'] = $mybb->input['password'];
 141      }
 142  
 143      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 144      {
 145          $usergroup = 5;
 146      }
 147      else
 148      {
 149          $usergroup = 2;
 150      }
 151  
 152      // Set up user handler.
 153      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 154      $userhandler = new UserDataHandler("insert");
 155  
 156      $coppauser = 0;
 157      if(isset($mybb->cookies['coppauser']))
 158      {
 159          $coppauser = (int)$mybb->cookies['coppauser'];
 160      }
 161  
 162      // Set the data for the new user.
 163      $user = array(
 164          "username" => $mybb->get_input('username'),
 165          "password" => $mybb->get_input('password'),
 166          "password2" => $mybb->get_input('password2'),
 167          "email" => $mybb->get_input('email'),
 168          "email2" => $mybb->get_input('email2'),
 169          "usergroup" => $usergroup,
 170          "referrer" => $mybb->get_input('referrername'),
 171          "timezone" => $mybb->get_input('timezoneoffset'),
 172          "language" => $mybb->get_input('language'),
 173          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 174          "regip" => $session->packedip,
 175          "coppa_user" => $coppauser,
 176          "regcheck1" => $mybb->get_input('regcheck1'),
 177          "regcheck2" => $mybb->get_input('regcheck2'),
 178          "registration" => true
 179      );
 180  
 181      // Do we have a saved COPPA DOB?
 182      if(isset($mybb->cookies['coppadob']))
 183      {
 184          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 185          $user['birthday'] = array(
 186              "day" => $dob_day,
 187              "month" => $dob_month,
 188              "year" => $dob_year
 189          );
 190      }
 191  
 192      $user['options'] = array(
 193          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 194          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 195          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 196          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 197          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 198          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 199          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 200          "dstcorrection" => $mybb->get_input('dstcorrection')
 201      );
 202  
 203      $userhandler->set_data($user);
 204  
 205      $errors = array();
 206  
 207      if(!$userhandler->validate_user())
 208      {
 209          $errors = $userhandler->get_friendly_errors();
 210      }
 211  
 212      if($mybb->settings['enablestopforumspam_on_register'])
 213      {
 214          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 215  
 216          $stop_forum_spam_checker = new StopForumSpamChecker(
 217              $plugins,
 218              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 219              $mybb->settings['stopforumspam_check_usernames'],
 220              $mybb->settings['stopforumspam_check_emails'],
 221              $mybb->settings['stopforumspam_check_ips'],
 222              $mybb->settings['stopforumspam_log_blocks']
 223          );
 224  
 225          try {
 226              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 227              {
 228                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 229                          $stop_forum_spam_checker->getErrorText(array(
 230                              'stopforumspam_check_usernames',
 231                              'stopforumspam_check_emails',
 232                              'stopforumspam_check_ips'
 233                              ))));
 234              }
 235          }
 236          catch (Exception $e)
 237          {
 238              if($mybb->settings['stopforumspam_block_on_error'])
 239              {
 240                  error($lang->error_stop_forum_spam_fetching);
 241              }
 242          }
 243      }
 244  
 245      if($mybb->settings['captchaimage'])
 246      {
 247          require_once  MYBB_ROOT.'inc/class_captcha.php';
 248          $captcha = new captcha;
 249  
 250          if($captcha->validate_captcha() == false)
 251          {
 252              // CAPTCHA validation failed
 253              foreach($captcha->get_errors() as $error)
 254              {
 255                  $errors[] = $error;
 256              }
 257          }
 258      }
 259  
 260      // If we have a security question, check to see if answer is correct
 261      if($mybb->settings['securityquestion'])
 262      {
 263          $question_id = $db->escape_string($mybb->get_input('question_id'));
 264          $answer = $db->escape_string($mybb->get_input('answer'));
 265  
 266          $query = $db->query("
 267              SELECT q.*, s.sid
 268              FROM ".TABLE_PREFIX."questionsessions s
 269              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 270              WHERE q.active='1' AND s.sid='{$question_id}'
 271          ");
 272          if($db->num_rows($query) > 0)
 273          {
 274              $question = $db->fetch_array($query);
 275              $valid_answers = explode("\n", $question['answer']);
 276              $validated = 0;
 277  
 278              foreach($valid_answers as $answers)
 279              {
 280                  if(my_strtolower($answers) == my_strtolower($answer))
 281                  {
 282                      $validated = 1;
 283                  }
 284              }
 285  
 286              if($validated != 1)
 287              {
 288                  $update_question = array(
 289                      "incorrect" => $question['incorrect'] + 1
 290                  );
 291                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 292  
 293                  $errors[] = $lang->error_question_wrong;
 294              }
 295              else
 296              {
 297                  $update_question = array(
 298                      "correct" => $question['correct'] + 1
 299                  );
 300                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 301              }
 302  
 303              $db->delete_query("questionsessions", "sid='{$sid}'");
 304          }
 305      }
 306  
 307      if(!empty($errors))
 308      {
 309          $username = htmlspecialchars_uni($mybb->get_input('username'));
 310          $email = htmlspecialchars_uni($mybb->get_input('email'));
 311          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 312          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 313  
 314          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 315          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 316  
 317          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 318          {
 319              $allownoticescheck = "checked=\"checked\"";
 320          }
 321  
 322          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 323          {
 324              $hideemailcheck = "checked=\"checked\"";
 325          }
 326  
 327          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 328          {
 329              $no_subscribe_selected = "selected=\"selected\"";
 330          }
 331          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 332          {
 333              $instant_email_subscribe_selected = "selected=\"selected\"";
 334          }
 335          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 336          {
 337              $instant_pm_subscribe_selected = "selected=\"selected\"";
 338          }
 339          else
 340          {
 341              $no_auto_subscribe_selected = "selected=\"selected\"";
 342          }
 343  
 344          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 345          {
 346              $receivepmscheck = "checked=\"checked\"";
 347          }
 348  
 349          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 350          {
 351              $pmnoticecheck = " checked=\"checked\"";
 352          }
 353  
 354          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 355          {
 356              $pmnotifycheck = "checked=\"checked\"";
 357          }
 358  
 359          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 360          {
 361              $invisiblecheck = "checked=\"checked\"";
 362          }
 363  
 364          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 365          {
 366              $dst_auto_selected = "selected=\"selected\"";
 367          }
 368          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 369          {
 370              $dst_enabled_selected = "selected=\"selected\"";
 371          }
 372          else
 373          {
 374              $dst_disabled_selected = "selected=\"selected\"";
 375          }
 376  
 377          $regerrors = inline_error($errors);
 378          $mybb->input['action'] = "register";
 379          $fromreg = 1;
 380      }
 381      else
 382      {
 383          $user_info = $userhandler->insert_user();
 384  
 385          // Invalidate solved captcha
 386          if($mybb->settings['captchaimage'])
 387          {
 388              $captcha->invalidate_captcha();
 389          }
 390  
 391          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 392          {
 393              // Log them in
 394              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 395          }
 396  
 397          if(isset($mybb->cookies['coppauser']))
 398          {
 399              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 400              my_unsetcookie("coppauser");
 401              my_unsetcookie("coppadob");
 402              $plugins->run_hooks("member_do_register_end");
 403              error($lang->redirect_registered_coppa_activate);
 404          }
 405          else if($mybb->settings['regtype'] == "verify")
 406          {
 407              $activationcode = random_str();
 408              $now = TIME_NOW;
 409              $activationarray = array(
 410                  "uid" => $user_info['uid'],
 411                  "dateline" => TIME_NOW,
 412                  "code" => $activationcode,
 413                  "type" => "r"
 414              );
 415              $db->insert_query("awaitingactivation", $activationarray);
 416              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 417              switch($mybb->settings['username_method'])
 418              {
 419                  case 0:
 420                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 421                      break;
 422                  case 1:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 2:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  default:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431              }
 432              my_mail($user_info['email'], $emailsubject, $emailmessage);
 433  
 434              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 435  
 436              $plugins->run_hooks("member_do_register_end");
 437  
 438              error($lang->redirect_registered_activation);
 439          }
 440          else if($mybb->settings['regtype'] == "randompass")
 441          {
 442              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 443              switch($mybb->settings['username_method'])
 444              {
 445                  case 0:
 446                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 447                      break;
 448                  case 1:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 450                      break;
 451                  case 2:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 453                      break;
 454                  default:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 456                      break;
 457              }
 458              my_mail($user_info['email'], $emailsubject, $emailmessage);
 459  
 460              $plugins->run_hooks("member_do_register_end");
 461  
 462              error($lang->redirect_registered_passwordsent);
 463          }
 464          else if($mybb->settings['regtype'] == "admin")
 465          {
 466              $groups = $cache->read("usergroups");
 467              $admingroups = array();
 468              if(!empty($groups)) // Shouldn't be...
 469              {
 470                  foreach($groups as $group)
 471                  {
 472                      if($group['cancp'] == 1)
 473                      {
 474                          $admingroups[] = (int)$group['gid'];
 475                      }
 476                  }
 477              }
 478  
 479              if(!empty($admingroups))
 480              {
 481                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 482                  foreach($admingroups as $admingroup)
 483                  {
 484                      switch($db->type)
 485                      {
 486                          case 'pgsql':
 487                          case 'sqlite':
 488                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 489                              break;
 490                          default:
 491                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 492                              break;
 493                      }
 494                  }
 495                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 496                  while($recipient = $db->fetch_array($q))
 497                  {
 498                      // First we check if the user's a super admin: if yes, we don't care about permissions
 499                      $is_super_admin = is_super_admin($recipient['uid']);
 500                      if(!$is_super_admin)
 501                      {
 502                          // Include admin functions
 503                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 504                          {
 505                              continue;
 506                          }
 507  
 508                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 509  
 510                          // Verify if we have permissions to access user-users
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 512                          if(function_exists("user_admin_permissions"))
 513                          {
 514                              // Get admin permissions
 515                              $adminperms = get_admin_permissions($recipient['uid']);
 516  
 517                              $permissions = user_admin_permissions();
 518                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 519                              {
 520                                  continue; // No permissions
 521                              }
 522                          }
 523                      }
 524  
 525                      // Load language
 526                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 527                      {
 528                          $reset_lang = true;
 529                          $lang->set_language($recipient['language']);
 530                          $lang->load("member");
 531                      }
 532  
 533                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 534                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 535                      my_mail($recipient['email'], $subject, $message);
 536                  }
 537  
 538                  // Reset language
 539                  if(isset($reset_lang))
 540                  {
 541                      $lang->set_language($mybb->settings['bblanguage']);
 542                      $lang->load("member");
 543                  }
 544              }
 545  
 546              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 547  
 548              $plugins->run_hooks("member_do_register_end");
 549  
 550              error($lang->redirect_registered_admin_activate);
 551          }
 552          else if($mybb->settings['regtype'] == "both")
 553          {
 554              $groups = $cache->read("usergroups");
 555              $admingroups = array();
 556              if(!empty($groups)) // Shouldn't be...
 557              {
 558                  foreach($groups as $group)
 559                  {
 560                      if($group['cancp'] == 1)
 561                      {
 562                          $admingroups[] = (int)$group['gid'];
 563                      }
 564                  }
 565              }
 566  
 567              if(!empty($admingroups))
 568              {
 569                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 570                  foreach($admingroups as $admingroup)
 571                  {
 572                      switch($db->type)
 573                      {
 574                          case 'pgsql':
 575                          case 'sqlite':
 576                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 577                              break;
 578                          default:
 579                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 580                              break;
 581                      }
 582                  }
 583                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 584                  while($recipient = $db->fetch_array($q))
 585                  {
 586                      // First we check if the user's a super admin: if yes, we don't care about permissions
 587                      $is_super_admin = is_super_admin($recipient['uid']);
 588                      if(!$is_super_admin)
 589                      {
 590                          // Include admin functions
 591                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 592                          {
 593                              continue;
 594                          }
 595  
 596                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 597  
 598                          // Verify if we have permissions to access user-users
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 600                          if(function_exists("user_admin_permissions"))
 601                          {
 602                              // Get admin permissions
 603                              $adminperms = get_admin_permissions($recipient['uid']);
 604  
 605                              $permissions = user_admin_permissions();
 606                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 607                              {
 608                                  continue; // No permissions
 609                              }
 610                          }
 611                      }
 612  
 613                      // Load language
 614                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 615                      {
 616                          $reset_lang = true;
 617                          $lang->set_language($recipient['language']);
 618                          $lang->load("member");
 619                      }
 620  
 621                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 622                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 623                      my_mail($recipient['email'], $subject, $message);
 624                  }
 625  
 626                  // Reset language
 627                  if(isset($reset_lang))
 628                  {
 629                      $lang->set_language($mybb->settings['bblanguage']);
 630                      $lang->load("member");
 631                  }
 632              }
 633  
 634              $activationcode = random_str();
 635              $activationarray = array(
 636                  "uid" => $user_info['uid'],
 637                  "dateline" => TIME_NOW,
 638                  "code" => $activationcode,
 639                  "type" => "b"
 640              );
 641              $db->insert_query("awaitingactivation", $activationarray);
 642              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 643              switch($mybb->settings['username_method'])
 644              {
 645                  case 0:
 646                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 647                      break;
 648                  case 1:
 649                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 650                      break;
 651                  case 2:
 652                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 653                      break;
 654                  default:
 655                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 656                      break;
 657              }
 658              my_mail($user_info['email'], $emailsubject, $emailmessage);
 659  
 660              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 661  
 662              $plugins->run_hooks("member_do_register_end");
 663  
 664              error($lang->redirect_registered_activation);
 665          }
 666          else
 667          {
 668              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 669  
 670              $plugins->run_hooks("member_do_register_end");
 671  
 672              redirect("index.php", $lang->redirect_registered);
 673          }
 674      }
 675  }
 676  
 677  if($mybb->input['action'] == "coppa_form")
 678  {
 679      if(!$mybb->settings['faxno'])
 680      {
 681          $mybb->settings['faxno'] = "&nbsp;";
 682      }
 683  
 684      $plugins->run_hooks("member_coppa_form");
 685  
 686      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 687      output_page($coppa_form);
 688  }
 689  
 690  if($mybb->input['action'] == "register")
 691  {
 692      $bdaysel = '';
 693      if($mybb->settings['coppa'] == "disabled")
 694      {
 695          $bdaysel = $bday2blank = '';
 696      }
 697      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 698      for($day = 1; $day <= 31; ++$day)
 699      {
 700          $selected = '';
 701          if($mybb->input['bday1'] == $day)
 702          {
 703              $selected = " selected=\"selected\"";
 704          }
 705  
 706          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 707      }
 708  
 709      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 710      $bdaymonthsel = array();
 711      foreach(range(1, 12) as $number)
 712      {
 713          $bdaymonthsel[$number] = '';
 714      }
 715      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 716      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 717  
 718      if($birthday_year == 0)
 719      {
 720          $birthday_year = '';
 721      }
 722  
 723      // Is COPPA checking enabled?
 724      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 725      {
 726          // Just selected DOB, we check
 727          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 728          {
 729              my_unsetcookie("coppauser");
 730  
 731              $months = get_bdays($birthday_year);
 732              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 733              {
 734                  error($lang->error_invalid_birthday);
 735              }
 736  
 737              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 738  
 739              // Store DOB in cookie so we can save it with the registration
 740              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 741  
 742              // User is <= 13, we mark as a coppa user
 743              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 744              {
 745                  my_setcookie("coppauser", 1, -0);
 746                  $under_thirteen = true;
 747              }
 748              $mybb->request_method = "";
 749          }
 750          // Show DOB select form
 751          else
 752          {
 753              $plugins->run_hooks("member_register_coppa");
 754  
 755              my_unsetcookie("coppauser");
 756  
 757              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 758              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 759              output_page($coppa);
 760              exit;
 761          }
 762      }
 763  
 764      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 765      {
 766          $coppa_agreement = '';
 767          // Is this user a COPPA user? We need to show the COPPA agreement too
 768          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 769          {
 770              if($mybb->settings['coppa'] == "deny")
 771              {
 772                  error($lang->error_need_to_be_thirteen);
 773              }
 774              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 775              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 776          }
 777  
 778          $plugins->run_hooks("member_register_agreement");
 779  
 780          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 781          output_page($agreement);
 782      }
 783      else
 784      {
 785          $plugins->run_hooks("member_register_start");
 786  
 787          // JS validator extra
 788          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 789          {
 790              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 791          }
 792  
 793          if(isset($mybb->input['timezoneoffset']))
 794          {
 795              $timezoneoffset = $mybb->get_input('timezoneoffset');
 796          }
 797          else
 798          {
 799              $timezoneoffset = $mybb->settings['timezoneoffset'];
 800          }
 801          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 802  
 803          $stylelist = build_theme_select("style");
 804  
 805          if($mybb->settings['usertppoptions'])
 806          {
 807              $tppoptions = '';
 808              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 809              if(is_array($explodedtpp))
 810              {
 811                  foreach($explodedtpp as $val)
 812                  {
 813                      $val = trim($val);
 814                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 815                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 816                  }
 817              }
 818              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 819          }
 820          if($mybb->settings['userpppoptions'])
 821          {
 822              $pppoptions = '';
 823              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 824              if(is_array($explodedppp))
 825              {
 826                  foreach($explodedppp as $val)
 827                  {
 828                      $val = trim($val);
 829                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 830                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 831                  }
 832              }
 833              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 834          }
 835          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 836          {
 837              if(isset($mybb->cookies['mybb']['referrer']))
 838              {
 839                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 840                  $ref = $db->fetch_array($query);
 841                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 842                  $referrername = $ref['username'];
 843              }
 844              elseif(isset($referrer))
 845              {
 846                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 847                  $ref = $db->fetch_array($query);
 848                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 849                  $referrername = $ref['username'];
 850              }
 851              elseif(!empty($referrername))
 852              {
 853                  $ref = get_user_by_username($referrername);
 854                  if(!$ref['uid'])
 855                  {
 856                      $errors[] = $lang->error_badreferrer;
 857                  }
 858              }
 859              else
 860              {
 861                  $referrername = '';
 862              }
 863              if(isset($quickreg))
 864              {
 865                  $refbg = "trow1";
 866              }
 867              else
 868              {
 869                  $refbg = "trow2";
 870              }
 871              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 872          }
 873          else
 874          {
 875              $referrer = '';
 876          }
 877          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 878          // Custom profile fields baby!
 879          $altbg = "trow1";
 880          $requiredfields = $customfields = '';
 881  
 882          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 883          {
 884              $usergroup = 5;
 885          }
 886          else
 887          {
 888              $usergroup = 2;
 889          }
 890  
 891          $pfcache = $cache->read('profilefields');
 892  
 893          if(is_array($pfcache))
 894          {
 895              $jsvar_reqfields = array();
 896              foreach($pfcache as $profilefield)
 897              {
 898                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 899                  {
 900                      continue;
 901                  }
 902  
 903                  $code = $select = $val = $options = $expoptions = $useropts = '';
 904                  $seloptions = array();
 905                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 906                  $thing = explode("\n", $profilefield['type'], "2");
 907                  $type = trim($thing[0]);
 908                  $options = $thing[1];
 909                  $select = '';
 910                  $field = "fid{$profilefield['fid']}";
 911                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 912                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 913                  if($errors && isset($mybb->input['profile_fields'][$field]))
 914                  {
 915                      $userfield = $mybb->input['profile_fields'][$field];
 916                  }
 917                  else
 918                  {
 919                      $userfield = '';
 920                  }
 921                  if($type == "multiselect")
 922                  {
 923                      if($errors)
 924                      {
 925                          $useropts = $userfield;
 926                      }
 927                      else
 928                      {
 929                          $useropts = explode("\n", $userfield);
 930                      }
 931                      if(is_array($useropts))
 932                      {
 933                          foreach($useropts as $key => $val)
 934                          {
 935                              $seloptions[$val] = $val;
 936                          }
 937                      }
 938                      $expoptions = explode("\n", $options);
 939                      if(is_array($expoptions))
 940                      {
 941                          foreach($expoptions as $key => $val)
 942                          {
 943                              $val = trim($val);
 944                              $val = str_replace("\n", "\\n", $val);
 945  
 946                              $sel = "";
 947                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
 948                              {
 949                                  $sel = ' selected="selected"';
 950                              }
 951  
 952                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 953                          }
 954                          if(!$profilefield['length'])
 955                          {
 956                              $profilefield['length'] = 3;
 957                          }
 958  
 959                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 960                      }
 961                  }
 962                  elseif($type == "select")
 963                  {
 964                      $expoptions = explode("\n", $options);
 965                      if(is_array($expoptions))
 966                      {
 967                          foreach($expoptions as $key => $val)
 968                          {
 969                              $val = trim($val);
 970                              $val = str_replace("\n", "\\n", $val);
 971                              $sel = "";
 972                              if($val == $userfield)
 973                              {
 974                                  $sel = ' selected="selected"';
 975                              }
 976  
 977                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 978                          }
 979                          if(!$profilefield['length'])
 980                          {
 981                              $profilefield['length'] = 1;
 982                          }
 983  
 984                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 985                      }
 986                  }
 987                  elseif($type == "radio")
 988                  {
 989                      $expoptions = explode("\n", $options);
 990                      if(is_array($expoptions))
 991                      {
 992                          foreach($expoptions as $key => $val)
 993                          {
 994                              $checked = "";
 995                              if($val == $userfield)
 996                              {
 997                                  $checked = 'checked="checked"';
 998                              }
 999  
1000                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
1001                          }
1002                      }
1003                  }
1004                  elseif($type == "checkbox")
1005                  {
1006                      if($errors)
1007                      {
1008                          $useropts = $userfield;
1009                      }
1010                      else
1011                      {
1012                          $useropts = explode("\n", $userfield);
1013                      }
1014                      if(is_array($useropts))
1015                      {
1016                          foreach($useropts as $key => $val)
1017                          {
1018                              $seloptions[$val] = $val;
1019                          }
1020                      }
1021                      $expoptions = explode("\n", $options);
1022                      if(is_array($expoptions))
1023                      {
1024                          foreach($expoptions as $key => $val)
1025                          {
1026                              $checked = "";
1027                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1028                              {
1029                                  $checked = 'checked="checked"';
1030                              }
1031  
1032                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1033                          }
1034                      }
1035                  }
1036                  elseif($type == "textarea")
1037                  {
1038                      $value = htmlspecialchars_uni($userfield);
1039                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1040                  }
1041                  else
1042                  {
1043                      $value = htmlspecialchars_uni($userfield);
1044                      $maxlength = "";
1045                      if($profilefield['maxlength'] > 0)
1046                      {
1047                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1048                      }
1049  
1050                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1051                  }
1052  
1053                  if($profilefield['required'] == 1)
1054                  {
1055                      // JS validator extra, choose correct selectors for everything except single select which always has value
1056                      if($type != 'select')
1057                      {
1058                          $jsvar_reqfields[] = array(
1059                              'type' => $type,
1060                              'fid' => $field,
1061                          );
1062                      }
1063  
1064                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1065                  }
1066                  else
1067                  {
1068                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1069                  }
1070              }
1071  
1072              if($requiredfields)
1073              {
1074                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1075              }
1076  
1077              if($customfields)
1078              {
1079                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1080              }
1081          }
1082  
1083          if(!isset($fromreg))
1084          {
1085              $allownoticescheck = "checked=\"checked\"";
1086              $hideemailcheck = '';
1087              $receivepmscheck = "checked=\"checked\"";
1088              $pmnoticecheck = " checked=\"checked\"";
1089              $pmnotifycheck = '';
1090              $invisiblecheck = '';
1091              if($mybb->settings['dstcorrection'] == 1)
1092              {
1093                  $enabledstcheck = "checked=\"checked\"";
1094              }
1095              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1096              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1097              $username = $email = $email2 = '';
1098              $regerrors = '';
1099          }
1100          // Spambot registration image thingy
1101          $captcha_html = 0;
1102          if($mybb->settings['captchaimage'])
1103          {
1104              require_once  MYBB_ROOT.'inc/class_captcha.php';
1105              $captcha = new captcha(true, "member_register_regimage");
1106  
1107              if($captcha->html)
1108              {
1109                  $captcha_html = 1;
1110                  $regimage = $captcha->html;
1111              }
1112          }
1113  
1114          // Security Question
1115          $questionbox = '';
1116          $question_exists = 0;
1117          if($mybb->settings['securityquestion'])
1118          {
1119              $sid = generate_question();
1120              $query = $db->query("
1121                  SELECT q.question, s.sid
1122                  FROM ".TABLE_PREFIX."questionsessions s
1123                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1124                  WHERE q.active='1' AND s.sid='{$sid}'
1125              ");
1126              if($db->num_rows($query) > 0)
1127              {
1128                  $question_exists = 1;
1129                  $question = $db->fetch_array($query);
1130  
1131                  //Set parser options for security question
1132                  $parser_options = array(
1133                      "allow_html" => 0,
1134                      "allow_mycode" => 1,
1135                      "allow_smilies" => 1,
1136                      "allow_imgcode" => 1,
1137                      "allow_videocode" => 1,
1138                      "filter_badwords" => 1,
1139                      "me_username" => 0,
1140                      "shorten_urls" => 0,
1141                      "highlight" => 0,
1142                  );
1143  
1144                  //Parse question
1145                  $question['question'] = $parser->parse_message($question['question'], $parser_options);
1146                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1147  
1148                  $refresh = '';
1149                  // Total questions
1150                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1151                  $num = $db->fetch_field($q, 'num');
1152                  if($num > 1)
1153                  {
1154                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1155                  }
1156  
1157                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1158              }
1159          }
1160  
1161          $hiddencaptcha = '';
1162          // Hidden CAPTCHA for Spambots
1163          if($mybb->settings['hiddencaptchaimage'])
1164          {
1165              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1166  
1167              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1168          }
1169          if($mybb->settings['regtype'] != "randompass")
1170          {
1171              // JS validator extra
1172              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1173  
1174              // See if the board has "require complex passwords" enabled.
1175              if($mybb->settings['requirecomplexpasswords'] == 1)
1176              {
1177                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1178              }
1179              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1180          }
1181  
1182          $languages = $lang->get_languages();
1183          $langoptions = $boardlanguage = '';
1184          if(count($languages) > 1)
1185          {
1186              foreach($languages as $name => $language)
1187              {
1188                  $language = htmlspecialchars_uni($language);
1189  
1190                  $sel = '';
1191                  if($mybb->get_input('language') == $name)
1192                  {
1193                      $sel = " selected=\"selected\"";
1194                  }
1195  
1196                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1197              }
1198  
1199              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1200          }
1201  
1202          // Set the time so we can find automated signups
1203          $time = TIME_NOW;
1204  
1205          $plugins->run_hooks("member_register_end");
1206          
1207          $jsvar_reqfields = json_encode($jsvar_reqfields);
1208  
1209          $validator_javascript = "<script type=\"text/javascript\">
1210              var regsettings = {
1211                  requiredfields: '{$jsvar_reqfields}',
1212                  minnamelength: '{$mybb->settings['minnamelength']}',
1213                  maxnamelength: '{$mybb->settings['maxnamelength']}',
1214                  minpasswordlength: '{$mybb->settings['minpasswordlength']}',
1215                  captchaimage: '{$mybb->settings['captchaimage']}',
1216                  captchahtml: '{$captcha_html}',
1217                  securityquestion: '{$mybb->settings['securityquestion']}',
1218                  questionexists: '{$question_exists}',
1219                  requirecomplexpasswords: '{$mybb->settings['requirecomplexpasswords']}',
1220                  regtype: '{$mybb->settings['regtype']}',
1221                  hiddencaptchaimage: '{$mybb->settings['hiddencaptchaimage']}'
1222              };
1223          
1224              lang.js_validator_username_length = '{$lang->js_validator_username_length}';
1225              lang.js_validator_invalid_email = '{$lang->js_validator_invalid_email}';
1226              lang.js_validator_email_match = '{$lang->js_validator_email_match}';
1227              lang.js_validator_not_empty = '{$lang->js_validator_not_empty}';
1228              lang.js_validator_password_length = '{$lang->js_validator_password_length}';
1229              lang.js_validator_password_matches = '{$lang->js_validator_password_matches}';
1230              lang.js_validator_no_image_text = '{$lang->js_validator_no_image_text}';
1231              lang.js_validator_no_security_question = '{$lang->js_validator_no_security_question}';
1232              lang.js_validator_bad_password_security = '{$lang->js_validator_bad_password_security}';
1233          </script>\n";
1234  
1235          eval("\$registration = \"".$templates->get("member_register")."\";");
1236          output_page($registration);
1237      }
1238  }
1239  
1240  if($mybb->input['action'] == "activate")
1241  {
1242      $plugins->run_hooks("member_activate_start");
1243  
1244      if(isset($mybb->input['username']))
1245      {
1246          $mybb->input['username'] = $mybb->get_input('username');
1247          $options = array(
1248              'username_method' => $mybb->settings['username_method'],
1249              'fields' => '*',
1250          );
1251          $user = get_user_by_username($mybb->input['username'], $options);
1252          if(!$user)
1253          {
1254              switch($mybb->settings['username_method'])
1255              {
1256                  case 0:
1257                      error($lang->error_invalidpworusername);
1258                      break;
1259                  case 1:
1260                      error($lang->error_invalidpworusername1);
1261                      break;
1262                  case 2:
1263                      error($lang->error_invalidpworusername2);
1264                      break;
1265                  default:
1266                      error($lang->error_invalidpworusername);
1267                      break;
1268              }
1269          }
1270          $uid = $user['uid'];
1271      }
1272      else
1273      {
1274          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1275      }
1276      if(isset($mybb->input['code']) && $user)
1277      {
1278          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1279          $activation = $db->fetch_array($query);
1280          if(!$activation['uid'])
1281          {
1282              error($lang->error_alreadyactivated);
1283          }
1284          if($activation['code'] !== $mybb->get_input('code'))
1285          {
1286              error($lang->error_badactivationcode);
1287          }
1288  
1289          if($activation['type'] == "b" && $activation['validated'] == 1)
1290          {
1291              error($lang->error_alreadyvalidated);
1292          }
1293  
1294          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1295  
1296          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1297          {
1298              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1299  
1300              $cache->update_awaitingactivation();
1301          }
1302          if($activation['type'] == "e")
1303          {
1304              $newemail = array(
1305                  "email" => $db->escape_string($activation['misc']),
1306              );
1307              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1308              $plugins->run_hooks("member_activate_emailupdated");
1309  
1310              redirect("usercp.php", $lang->redirect_emailupdated);
1311          }
1312          elseif($activation['type'] == "b")
1313          {
1314              $update = array(
1315                  "validated" => 1,
1316              );
1317              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1318              $plugins->run_hooks("member_activate_emailactivated");
1319  
1320              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1321          }
1322          else
1323          {
1324              $plugins->run_hooks("member_activate_accountactivated");
1325  
1326              redirect("index.php", $lang->redirect_accountactivated);
1327          }
1328      }
1329      else
1330      {
1331          $plugins->run_hooks("member_activate_form");
1332  
1333          $code = htmlspecialchars_uni($mybb->get_input('code'));
1334  
1335          if(!isset($user['username']))
1336          {
1337              $user['username'] = '';
1338          }
1339          $user['username'] = htmlspecialchars_uni($user['username']);
1340  
1341          eval("\$activate = \"".$templates->get("member_activate")."\";");
1342          output_page($activate);
1343      }
1344  }
1345  
1346  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1347  {
1348      $plugins->run_hooks("member_do_resendactivation_start");
1349  
1350      if($mybb->settings['regtype'] == "admin")
1351      {
1352          error($lang->error_activated_by_admin);
1353      }
1354  
1355      $errors = array();
1356  
1357      if($mybb->settings['captchaimage'])
1358      {
1359          require_once  MYBB_ROOT.'inc/class_captcha.php';
1360          $captcha = new captcha;
1361  
1362          if($captcha->validate_captcha() == false)
1363          {
1364              // CAPTCHA validation failed
1365              foreach($captcha->get_errors() as $error)
1366              {
1367                  $errors[] = $error;
1368              }
1369          }
1370      }
1371  
1372      $query = $db->query("
1373          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1374          FROM ".TABLE_PREFIX."users u
1375          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND (a.type='r' OR a.type='b'))
1376          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1377      ");
1378      $numusers = $db->num_rows($query);
1379      if($numusers < 1)
1380      {
1381          error($lang->error_invalidemail);
1382      }
1383      else
1384      {
1385          if(count($errors) == 0)
1386          {
1387              while($user = $db->fetch_array($query))
1388              {
1389                  if($user['type'] == "b" && $user['validated'] == 1)
1390                  {
1391                      error($lang->error_activated_by_admin);
1392                  }
1393  
1394                  if($user['usergroup'] == 5)
1395                  {
1396                      if(!$user['code'])
1397                      {
1398                          $user['code'] = random_str();
1399                          $uid = $user['uid'];
1400                          $awaitingarray = array(
1401                              "uid" => $uid,
1402                              "dateline" => TIME_NOW,
1403                              "code" => $user['code'],
1404                              "type" => $user['type']
1405                          );
1406                          $db->insert_query("awaitingactivation", $awaitingarray);
1407                      }
1408                      $username = $user['username'];
1409                      $email = $user['email'];
1410                      $activationcode = $user['code'];
1411                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1412                      switch($mybb->settings['username_method'])
1413                      {
1414                          case 0:
1415                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1416                              break;
1417                          case 1:
1418                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1419                              break;
1420                          case 2:
1421                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1422                              break;
1423                          default:
1424                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1425                              break;
1426                      }
1427                      my_mail($email, $emailsubject, $emailmessage);
1428                  }
1429              }
1430  
1431              $plugins->run_hooks("member_do_resendactivation_end");
1432  
1433              redirect("index.php", $lang->redirect_activationresent);
1434          }
1435          else
1436          {
1437              $mybb->input['action'] = "resendactivation";
1438          }
1439      }
1440  }
1441  
1442  if($mybb->input['action'] == "resendactivation")
1443  {
1444      $plugins->run_hooks("member_resendactivation");
1445  
1446      if($mybb->settings['regtype'] == "admin")
1447      {
1448          error($lang->error_activated_by_admin);
1449      }
1450  
1451      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1452      {
1453          error($lang->error_alreadyactivated);
1454      }
1455  
1456      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1457      $activation = $db->fetch_array($query);
1458  
1459      if($activation['validated'] == 1)
1460      {
1461          error($lang->error_activated_by_admin);
1462      }
1463  
1464      $captcha = '';
1465      // Generate CAPTCHA?
1466      if($mybb->settings['captchaimage'])
1467      {
1468          require_once  MYBB_ROOT.'inc/class_captcha.php';
1469          $post_captcha = new captcha(true, "post_captcha");
1470  
1471          if($post_captcha->html)
1472          {
1473              $captcha = $post_captcha->html;
1474          }
1475      }
1476  
1477      if(isset($errors) && count($errors) > 0)
1478      {
1479          $errors = inline_error($errors);
1480          $email = htmlspecialchars_uni($mybb->get_input('email'));
1481      }
1482      else
1483      {
1484          $errors = '';
1485          $email = '';
1486      }
1487  
1488      $plugins->run_hooks("member_resendactivation_end");
1489  
1490      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1491      output_page($activate);
1492  }
1493  
1494  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1495  {
1496      $plugins->run_hooks("member_do_lostpw_start");
1497  
1498      $errors = array();
1499  
1500      if($mybb->settings['captchaimage'])
1501      {
1502          require_once  MYBB_ROOT.'inc/class_captcha.php';
1503          $captcha = new captcha;
1504  
1505          if($captcha->validate_captcha() == false)
1506          {
1507              // CAPTCHA validation failed
1508              foreach($captcha->get_errors() as $error)
1509              {
1510                  $errors[] = $error;
1511              }
1512          }
1513      }
1514  
1515      $email = $db->escape_string($email);
1516      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1517      $numusers = $db->num_rows($query);
1518      if($numusers < 1)
1519      {
1520          error($lang->error_invalidemail);
1521      }
1522      else
1523      {
1524          if(count($errors) == 0)
1525          {
1526              while($user = $db->fetch_array($query))
1527              {
1528                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1529                  $user['activationcode'] = random_str(30);
1530                  $now = TIME_NOW;
1531                  $uid = $user['uid'];
1532                  $awaitingarray = array(
1533                      "uid" => $user['uid'],
1534                      "dateline" => TIME_NOW,
1535                      "code" => $user['activationcode'],
1536                      "type" => "p"
1537                  );
1538                  $db->insert_query("awaitingactivation", $awaitingarray);
1539                  $username = $user['username'];
1540                  $email = $user['email'];
1541                  $activationcode = $user['activationcode'];
1542                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1543                  switch($mybb->settings['username_method'])
1544                  {
1545                      case 0:
1546                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1547                          break;
1548                      case 1:
1549                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1550                          break;
1551                      case 2:
1552                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1553                          break;
1554                      default:
1555                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1556                          break;
1557                  }
1558                  my_mail($email, $emailsubject, $emailmessage);
1559              }
1560  
1561              $plugins->run_hooks("member_do_lostpw_end");
1562  
1563              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1564          }
1565          else
1566          {
1567              $mybb->input['action'] = "lostpw";
1568          }
1569      }
1570  }
1571  
1572  if($mybb->input['action'] == "lostpw")
1573  {
1574      $plugins->run_hooks("member_lostpw");
1575  
1576      $captcha = '';
1577      // Generate CAPTCHA?
1578      if($mybb->settings['captchaimage'])
1579      {
1580          require_once  MYBB_ROOT.'inc/class_captcha.php';
1581          $post_captcha = new captcha(true, "post_captcha");
1582  
1583          if($post_captcha->html)
1584          {
1585              $captcha = $post_captcha->html;
1586          }
1587      }
1588  
1589      if(isset($errors) && count($errors) > 0)
1590      {
1591          $errors = inline_error($errors);
1592          $email = htmlspecialchars_uni($mybb->get_input('email'));
1593      }
1594      else
1595      {
1596          $errors = '';
1597          $email = '';
1598      }
1599  
1600      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1601      output_page($lostpw);
1602  }
1603  
1604  if($mybb->input['action'] == "resetpassword")
1605  {
1606      $plugins->run_hooks("member_resetpassword_start");
1607  
1608      if(isset($mybb->input['username']))
1609      {
1610          $mybb->input['username'] = $mybb->get_input('username');
1611          $options = array(
1612              'username_method' => $mybb->settings['username_method'],
1613              'fields' => '*',
1614          );
1615          $user = get_user_by_username($mybb->input['username'], $options);
1616          if(!$user)
1617          {
1618              switch($mybb->settings['username_method'])
1619              {
1620                  case 0:
1621                      error($lang->error_invalidpworusername);
1622                      break;
1623                  case 1:
1624                      error($lang->error_invalidpworusername1);
1625                      break;
1626                  case 2:
1627                      error($lang->error_invalidpworusername2);
1628                      break;
1629                  default:
1630                      error($lang->error_invalidpworusername);
1631                      break;
1632              }
1633          }
1634      }
1635      else
1636      {
1637          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1638      }
1639  
1640      if(isset($mybb->input['code']) && $user)
1641      {
1642          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1643          $activationcode = $db->fetch_field($query, 'code');
1644          $now = TIME_NOW;
1645          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1646          {
1647              error($lang->error_badlostpwcode);
1648          }
1649          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1650          $username = $user['username'];
1651  
1652          // Generate a new password, then update it
1653          $password_length = (int)$mybb->settings['minpasswordlength'];
1654  
1655          if($password_length < 8)
1656          {
1657              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1658          }
1659  
1660          // Set up user handler.
1661          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1662          $userhandler = new UserDataHandler('update');
1663  
1664          while(!$userhandler->verify_password())
1665          {
1666              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1667  
1668              $userhandler->set_data(array(
1669                  'uid'        => $user['uid'],
1670                  'username'    => $user['username'],
1671                  'email'        => $user['email'],
1672                  'password'    => $password
1673              ));
1674  
1675              $userhandler->set_validated(true);
1676              $userhandler->errors = array();
1677          }
1678  
1679          $userhandler->update_user();
1680  
1681          $logindetails = array(
1682              'salt'        => $userhandler->data['salt'],
1683              'password'    => $userhandler->data['saltedpw'],
1684              'loginkey'    => $userhandler->data['loginkey'],
1685          );
1686  
1687          $email = $user['email'];
1688  
1689          $plugins->run_hooks("member_resetpassword_process");
1690  
1691          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1692          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1693          my_mail($email, $emailsubject, $emailmessage);
1694  
1695          $plugins->run_hooks("member_resetpassword_reset");
1696  
1697          error($lang->redirect_passwordreset);
1698      }
1699      else
1700      {
1701          $plugins->run_hooks("member_resetpassword_form");
1702  
1703          switch($mybb->settings['username_method'])
1704          {
1705              case 0:
1706                  $lang_username = $lang->username;
1707                  break;
1708              case 1:
1709                  $lang_username = $lang->username1;
1710                  break;
1711              case 2:
1712                  $lang_username = $lang->username2;
1713                  break;
1714              default:
1715                  $lang_username = $lang->username;
1716                  break;
1717          }
1718  
1719          $code = htmlspecialchars_uni($mybb->get_input('code'));
1720  
1721          if(!isset($mybb->input['username']))
1722          {
1723              $input_username = '';
1724          }
1725          $input_username = htmlspecialchars_uni($mybb->input['username']);
1726  
1727          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1728          output_page($activate);
1729      }
1730  }
1731  
1732  $do_captcha = $correct = false;
1733  $inline_errors = "";
1734  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1735  {
1736      verify_post_check($mybb->get_input('my_post_key'));
1737  
1738      $errors = array();
1739  
1740      $plugins->run_hooks("member_do_login_start");
1741  
1742      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1743      $loginhandler = new LoginDataHandler("get");
1744  
1745      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1746      {
1747          $mybb->input['password'] = $mybb->get_input('quick_password');
1748          $mybb->input['username'] = $mybb->get_input('quick_username');
1749          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1750      }
1751  
1752      $user = array(
1753          'username' => $mybb->get_input('username'),
1754          'password' => $mybb->get_input('password'),
1755          'remember' => $mybb->get_input('remember'),
1756          'imagestring' => $mybb->get_input('imagestring')
1757      );
1758  
1759      $options = array(
1760          'fields' => 'loginattempts',
1761          'username_method' => (int)$mybb->settings['username_method'],
1762      );
1763  
1764      $user_loginattempts = get_user_by_username($user['username'], $options);
1765      $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1766  
1767      $loginhandler->set_data($user);
1768      $validated = $loginhandler->validate_login();
1769  
1770      if(!$validated)
1771      {
1772          $mybb->input['action'] = "login";
1773          $mybb->request_method = "get";
1774  
1775          $login_user = get_user_by_username($user['username'], array('fields' => 'uid'));
1776  
1777          // Is a fatal call if user has had too many tries
1778          $logins = login_attempt_check($login_user['uid']);
1779  
1780          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".(int)$loginhandler->login_data['uid']."'", 1, true);
1781  
1782          $errors = $loginhandler->get_friendly_errors();
1783  
1784          $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1785  
1786          // If we need a captcha set it here
1787          if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1788          {
1789              $do_captcha = true;
1790              $correct = $loginhandler->captcha_verified;
1791          }
1792      }
1793      else if($validated && $loginhandler->captcha_verified == true)
1794      {
1795          // Successful login
1796          if($loginhandler->login_data['coppauser'])
1797          {
1798              error($lang->error_awaitingcoppa);
1799          }
1800  
1801          $loginhandler->complete_login();
1802  
1803          $plugins->run_hooks("member_do_login_end");
1804  
1805          $mybb->input['url'] = $mybb->get_input('url');
1806  
1807          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1808          {
1809              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1810              {
1811                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1812              }
1813  
1814              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1815  
1816              if(my_strpos($mybb->input['url'], $mybb->settings['bburl'].'/') !== 0)
1817              {
1818                  if(my_strpos($mybb->input['url'], '/') === 0)
1819                  {
1820                      $mybb->input['url'] = my_substr($mybb->input['url'], 1);
1821                  }
1822                  $url_segments = explode('/', $mybb->input['url']);
1823                  $mybb->input['url'] = $mybb->settings['bburl'].'/'.end($url_segments);
1824              }
1825  
1826              // Redirect to the URL if it is not member.php
1827              redirect($mybb->input['url'], $lang->redirect_loggedin);
1828          }
1829          else
1830          {
1831  
1832              redirect("index.php", $lang->redirect_loggedin);
1833          }
1834      }
1835  
1836      $plugins->run_hooks("member_do_login_end");
1837  }
1838  
1839  if($mybb->input['action'] == "login")
1840  {
1841      $plugins->run_hooks("member_login");
1842  
1843      $member_loggedin_notice = "";
1844      if($mybb->user['uid'] != 0)
1845      {
1846          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1847          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1848          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1849      }
1850  
1851      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1852      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1853      // and we can't check loginattempts in the db
1854      login_attempt_check();
1855  
1856      // Redirect to the page where the user came from, but not if that was the login page.
1857      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1858      {
1859          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1860      }
1861      else
1862      {
1863          $redirect_url = '';
1864      }
1865  
1866      $captcha = '';
1867      // Show captcha image for guests if enabled and only if we have to do
1868      if($mybb->settings['captchaimage'] && $do_captcha == true)
1869      {
1870          require_once  MYBB_ROOT.'inc/class_captcha.php';
1871          $login_captcha = new captcha(false, "post_captcha");
1872  
1873          if($login_captcha->type == 1)
1874          {
1875              if(!$correct)
1876              {
1877                  $login_captcha->build_captcha();
1878              }
1879              else
1880              {
1881                  $captcha = $login_captcha->build_hidden_captcha();
1882              }
1883          }
1884          elseif(in_array($login_captcha->type, array(4, 5, 8)))
1885          {
1886              $login_captcha->build_recaptcha();
1887          }
1888          elseif(in_array($login_captcha->type, array(6, 7)))
1889          {
1890              $login_captcha->build_hcaptcha();
1891          }
1892  
1893          if($login_captcha->html)
1894          {
1895              $captcha = $login_captcha->html;
1896          }
1897      }
1898  
1899      $username = "";
1900      $password = "";
1901      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1902      {
1903          $username = htmlspecialchars_uni($mybb->get_input('username'));
1904      }
1905  
1906      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1907      {
1908          $password = htmlspecialchars_uni($mybb->get_input('password'));
1909      }
1910  
1911      if(!empty($errors))
1912      {
1913          $mybb->input['action'] = "login";
1914          $mybb->request_method = "get";
1915  
1916          $inline_errors = inline_error($errors);
1917      }
1918  
1919      switch($mybb->settings['username_method'])
1920      {
1921          case 1:
1922              $lang->username = $lang->username1;
1923              break;
1924          case 2:
1925              $lang->username = $lang->username2;
1926              break;
1927          default:
1928              break;
1929      }
1930  
1931      $plugins->run_hooks("member_login_end");
1932  
1933      eval("\$login = \"".$templates->get("member_login")."\";");
1934      output_page($login);
1935  }
1936  
1937  if($mybb->input['action'] == "logout")
1938  {
1939      $plugins->run_hooks("member_logout_start");
1940  
1941      if(!$mybb->user['uid'])
1942      {
1943          redirect("index.php", $lang->redirect_alreadyloggedout);
1944      }
1945  
1946      // Check session ID if we have one
1947      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
1948      {
1949          error($lang->error_notloggedout);
1950      }
1951      // Otherwise, check logoutkey
1952      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
1953      {
1954          error($lang->error_notloggedout);
1955      }
1956  
1957      my_unsetcookie("mybbuser");
1958      my_unsetcookie("sid");
1959  
1960      if($mybb->user['uid'])
1961      {
1962          $time = TIME_NOW;
1963          // Run this after the shutdown query from session system
1964          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
1965          $db->delete_query("sessions", "sid = '{$session->sid}'");
1966      }
1967  
1968      $plugins->run_hooks("member_logout_end");
1969  
1970      redirect("index.php", $lang->redirect_loggedout);
1971  }
1972  
1973  if($mybb->input['action'] == "viewnotes")
1974  {
1975      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1976      $user = get_user($uid);
1977  
1978      // Make sure we are looking at a real user here.
1979      if(!$user)
1980      {
1981          error($lang->error_nomember);
1982      }
1983  
1984      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
1985      {
1986          error_no_permission();
1987      }
1988  
1989      $user['username'] = htmlspecialchars_uni($user['username']);
1990      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
1991  
1992      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
1993  
1994      $plugins->run_hooks('member_viewnotes');
1995  
1996      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
1997      echo $viewnotes;
1998      exit;
1999  }
2000  
2001  if($mybb->input['action'] == "profile")
2002  {
2003      if($mybb->usergroup['canviewprofiles'] == 0)
2004      {
2005          error_no_permission();
2006      }
2007  
2008      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2009      if($uid)
2010      {
2011          $memprofile = get_user($uid);
2012      }
2013      elseif($mybb->user['uid'])
2014      {
2015          $memprofile = $mybb->user;
2016      }
2017      else
2018      {
2019          $memprofile = false;
2020      }
2021  
2022      if(!$memprofile)
2023      {
2024          error($lang->error_nomember);
2025      }
2026  
2027      $uid = $memprofile['uid'];
2028  
2029      $plugins->run_hooks("member_profile_start");
2030  
2031      $me_username = $memprofile['username'];
2032      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2033      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2034  
2035      // Get member's permissions
2036      $memperms = user_permissions($memprofile['uid']);
2037  
2038      // Set display group
2039      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2040  
2041      if(!$memprofile['displaygroup'])
2042      {
2043          $memprofile['displaygroup'] = $memprofile['usergroup'];
2044      }
2045  
2046      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2047      if(is_array($displaygroup))
2048      {
2049          $memperms = array_merge($memperms, $displaygroup);
2050      }
2051  
2052      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2053      add_breadcrumb($lang->nav_profile);
2054  
2055      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2056      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2057      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2058      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2059      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2060      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2061      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2062  
2063      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2064      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2065  
2066      $website = $sendemail = $sendpm = $contact_details = '';
2067  
2068      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2069      {
2070          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2071          $bgcolor = alt_trow();
2072          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2073      }
2074  
2075      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2076      {
2077          $bgcolor = alt_trow();
2078          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2079      }
2080  
2081      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2082      {
2083          $bgcolor = alt_trow();
2084          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2085      }
2086  
2087      $contact_fields = array();
2088      $any_contact_field = false;
2089      foreach(array('icq', 'skype', 'google') as $field)
2090      {
2091          $contact_fields[$field] = '';
2092          $settingkey = 'allow'.$field.'field';
2093  
2094          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2095          {
2096              $any_contact_field = true;
2097  
2098              if($field == 'icq')
2099              {
2100                  $memprofile[$field] = (int)$memprofile[$field];
2101              }
2102              else
2103              {
2104                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2105              }
2106              $tmpl = 'member_profile_contact_fields_'.$field;
2107  
2108              $bgcolors[$field] = alt_trow();
2109              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2110          }
2111      }
2112  
2113      if($any_contact_field || $sendemail || $sendpm || $website)
2114      {
2115          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2116      }
2117  
2118      $signature = '';
2119      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2120      {
2121          $sig_parser = array(
2122              "allow_html" => $mybb->settings['sightml'],
2123              "allow_mycode" => $mybb->settings['sigmycode'],
2124              "allow_smilies" => $mybb->settings['sigsmilies'],
2125              "allow_imgcode" => $mybb->settings['sigimgcode'],
2126              "me_username" => $me_username,
2127              "filter_badwords" => 1
2128          );
2129  
2130          if($memperms['signofollow'])
2131          {
2132              $sig_parser['nofollow_on'] = 1;
2133          }
2134  
2135          if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2136          {
2137              $sig_parser['allow_imgcode'] = 0;
2138          }
2139  
2140          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2141          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2142      }
2143  
2144      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2145  
2146      if($daysreg < 1)
2147      {
2148          $daysreg = 1;
2149      }
2150  
2151      $stats = $cache->read("stats");
2152  
2153      // Format post count, per day count and percent of total
2154      $ppd = $memprofile['postnum'] / $daysreg;
2155      $ppd = round($ppd, 2);
2156      if($ppd > $memprofile['postnum'])
2157      {
2158          $ppd = $memprofile['postnum'];
2159      }
2160  
2161      $numposts = $stats['numposts'];
2162      if($numposts == 0)
2163      {
2164          $post_percent = "0";
2165      }
2166      else
2167      {
2168          $post_percent = $memprofile['postnum']*100/$numposts;
2169          $post_percent = round($post_percent, 2);
2170      }
2171  
2172      if($post_percent > 100)
2173      {
2174          $post_percent = 100;
2175      }
2176  
2177      // Format thread count, per day count and percent of total
2178      $tpd = $memprofile['threadnum'] / $daysreg;
2179      $tpd = round($tpd, 2);
2180      if($tpd > $memprofile['threadnum'])
2181      {
2182          $tpd = $memprofile['threadnum'];
2183      }
2184  
2185      $numthreads = $stats['numthreads'];
2186      if($numthreads == 0)
2187      {
2188          $thread_percent = "0";
2189      }
2190      else
2191      {
2192          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2193          $thread_percent = round($thread_percent, 2);
2194      }
2195  
2196      if($thread_percent > 100)
2197      {
2198          $thread_percent = 100;
2199      }
2200  
2201      $findposts = $findthreads = '';
2202      if($mybb->usergroup['cansearch'] == 1)
2203      {
2204          if(!empty($memprofile['postnum']))
2205          {
2206              eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2207          }
2208          if(!empty($memprofile['threadnum']))
2209          {
2210              eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2211          }
2212      }
2213  
2214      $awaybit = '';
2215      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2216      {
2217          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2218          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2219          if(!empty($memprofile['awayreason']))
2220          {
2221              $reason = $parser->parse_badwords($memprofile['awayreason']);
2222              $awayreason = htmlspecialchars_uni($reason);
2223          }
2224          else
2225          {
2226              $awayreason = $lang->away_no_reason;
2227          }
2228          if($memprofile['returndate'] == '')
2229          {
2230              $returndate = "$lang->unknown";
2231          }
2232          else
2233          {
2234              $returnhome = explode("-", $memprofile['returndate']);
2235  
2236              // PHP native date functions use integers so timestamps for years after 2038 will not work
2237              // Thus we use adodb_mktime
2238              if($returnhome[2] >= 2038)
2239              {
2240                  require_once  MYBB_ROOT."inc/functions_time.php";
2241                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2242                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2243              }
2244              else
2245              {
2246                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2247                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2248              }
2249  
2250              // If our away time has expired already, we should be back, right?
2251              if($returnmkdate < TIME_NOW)
2252              {
2253                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2254  
2255                  // Update our status to "not away"
2256                  $memprofile['away'] = 0;
2257              }
2258          }
2259  
2260          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2261          if($memprofile['away'] == 1)
2262          {
2263              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2264          }
2265      }
2266  
2267      $memprofile['timezone'] = (float)$memprofile['timezone'];
2268  
2269      if($memprofile['dst'] == 1)
2270      {
2271          $memprofile['timezone']++;
2272          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2273          {
2274              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2275          }
2276      }
2277  
2278      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2279      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2280      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2281  
2282      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2283  
2284      if($memprofile['birthday'])
2285      {
2286          $membday = explode("-", $memprofile['birthday']);
2287  
2288          if($memprofile['birthdayprivacy'] != 'none')
2289          {
2290              if($membday[0] && $membday[1] && $membday[2])
2291              {
2292                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2293  
2294                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2295                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2296                  $membday = date($bdayformat, $membday);
2297  
2298                  $membdayage = $lang->membdayage;
2299              }
2300              elseif($membday[2])
2301              {
2302                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2303                  $membday = date("Y", $membday);
2304                  $membdayage = '';
2305              }
2306              else
2307              {
2308                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2309                  $membday = date("F j", $membday);
2310                  $membdayage = '';
2311              }
2312          }
2313  
2314          if($memprofile['birthdayprivacy'] == 'age')
2315          {
2316              $membday = $lang->birthdayhidden;
2317          }
2318          else if($memprofile['birthdayprivacy'] == 'none')
2319          {
2320              $membday = $lang->birthdayhidden;
2321              $membdayage = '';
2322          }
2323      }
2324      else
2325      {
2326          $membday = $lang->not_specified;
2327          $membdayage = '';
2328      }
2329  
2330      // Get the user title for this user
2331      unset($usertitle);
2332      unset($stars);
2333      $starimage = '';
2334      if(trim($memprofile['usertitle']) != '')
2335      {
2336          // User has custom user title
2337          $usertitle = $memprofile['usertitle'];
2338      }
2339      elseif(trim($memperms['usertitle']) != '')
2340      {
2341          // User has group title
2342          $usertitle = $memperms['usertitle'];
2343      }
2344      else
2345      {
2346          // No usergroup title so get a default one
2347          $usertitles = $cache->read('usertitles');
2348  
2349          if(is_array($usertitles))
2350          {
2351              foreach($usertitles as $title)
2352              {
2353                  if($memprofile['postnum'] >= $title['posts'])
2354                  {
2355                      $usertitle = $title['title'];
2356                      $stars = $title['stars'];
2357                      $starimage = $title['starimage'];
2358  
2359                      break;
2360                  }
2361              }
2362          }
2363      }
2364  
2365      $usertitle = htmlspecialchars_uni($usertitle);
2366  
2367      if($memperms['stars'] || $memperms['usertitle'])
2368      {
2369          // Set the number of stars if display group has constant number of stars
2370          $stars = $memperms['stars'];
2371      }
2372      elseif(!$stars)
2373      {
2374          if(!is_array($usertitles))
2375          {
2376              $usertitles = $cache->read('usertitles');
2377          }
2378  
2379          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2380          if(is_array($usertitles))
2381          {
2382              foreach($usertitles as $title)
2383              {
2384                  if($memprofile['postnum'] >= $title['posts'])
2385                  {
2386                      $stars = $title['stars'];
2387                      $starimage = $title['starimage'];
2388                      break;
2389                  }
2390              }
2391          }
2392      }
2393  
2394      $groupimage = '';
2395      if(!empty($memperms['image']))
2396      {
2397          if(!empty($mybb->user['language']))
2398          {
2399              $language = $mybb->user['language'];
2400          }
2401          else
2402          {
2403              $language = $mybb->settings['bblanguage'];
2404          }
2405          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2406          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2407          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2408      }
2409  
2410      if(empty($starimage))
2411      {
2412          $starimage = $memperms['starimage'];
2413      }
2414  
2415      if(!empty($starimage))
2416      {
2417          // Only display stars if we have an image to use...
2418          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2419          $userstars = '';
2420          for($i = 0; $i < $stars; ++$i)
2421          {
2422              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2423          }
2424      }
2425  
2426      // User is currently online and this user has permissions to view the user on the WOL
2427      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2428      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2429      $session = $db->fetch_array($query);
2430  
2431      $timeonline = $lang->none_registered;
2432      $memlastvisitdate = $lang->lastvisit_never;
2433      $last_seen = max(array($memprofile['lastactive'], $memprofile['lastvisit']));
2434      if(!empty($last_seen))
2435      {
2436          // We have some stamp here
2437          if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2438          {
2439              $memlastvisitdate = $lang->lastvisit_hidden;
2440              $online_status = $timeonline = $lang->timeonline_hidden;
2441          }
2442          else
2443          {
2444              $memlastvisitdate = my_date('relative', $last_seen);
2445  
2446              if($memprofile['timeonline'] > 0)
2447              {
2448                  $timeonline = nice_time($memprofile['timeonline']);
2449              }
2450  
2451              // Online?
2452              if(!empty($session))
2453              {
2454                  // Fetch their current location
2455                  $lang->load("online");
2456                  require_once  MYBB_ROOT."inc/functions_online.php";
2457                  $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2458                  $location = build_friendly_wol_location($activity);
2459                  $location_time = my_date($mybb->settings['timeformat'], $last_seen);
2460  
2461                  eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2462              }
2463          }
2464      }
2465  
2466      if(!isset($online_status))
2467      {
2468          eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2469      }
2470  
2471      // Reset the background colours to keep it inline
2472      $alttrow = 'trow1';
2473  
2474      // Build Referral
2475      $referrals = '';
2476      if($mybb->settings['usereferrals'] == 1)
2477      {
2478          $bg_color = alt_trow();
2479  
2480          $uid = (int) $memprofile['uid'];
2481          $referral_count = $memprofile['referrals'];
2482          if ($referral_count > 0) {
2483              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2484          }
2485  
2486          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2487      }
2488  
2489      // Fetch the reputation for this user
2490      $reputation = '';
2491      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2492      {
2493          $bg_color = alt_trow();
2494          $reputation = get_reputation($memprofile['reputation']);
2495  
2496          // If this user has permission to give reputations show the vote link
2497          $vote_link = '';
2498          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2499          {
2500              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2501          }
2502  
2503          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2504      }
2505  
2506      $warning_level = '';
2507      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2508      {
2509          $bg_color = alt_trow();
2510  
2511          if($mybb->settings['maxwarningpoints'] < 1)
2512          {
2513              $mybb->settings['maxwarningpoints'] = 10;
2514          }
2515  
2516          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2517  
2518          if($warning_level > 100)
2519          {
2520              $warning_level = 100;
2521          }
2522  
2523          $warn_user = '';
2524          $warning_link = 'usercp.php';
2525          $warning_level = get_colored_warning_level($warning_level);
2526          if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
2527          {
2528              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2529              $warning_link = "warnings.php?uid={$memprofile['uid']}";
2530          }
2531  
2532          eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2533      }
2534  
2535      $bgcolor = $alttrow = 'trow1';
2536      $customfields = $profilefields = '';
2537  
2538      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2539      $userfields = $db->fetch_array($query);
2540  
2541      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2542      $pfcache = $cache->read('profilefields');
2543  
2544      if(is_array($pfcache))
2545      {
2546          foreach($pfcache as $customfield)
2547          {
2548              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2549              {
2550                  continue;
2551              }
2552  
2553              $thing = explode("\n", $customfield['type'], "2");
2554              $type = trim($thing[0]);
2555  
2556              $customfieldval = $customfield_val = '';
2557              $field = "fid{$customfield['fid']}";
2558  
2559              if(isset($userfields[$field]))
2560              {
2561                  $useropts = explode("\n", $userfields[$field]);
2562                  $customfieldval = $comma = '';
2563                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2564                  {
2565                      foreach($useropts as $val)
2566                      {
2567                          if($val != '')
2568                          {
2569                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2570                          }
2571                      }
2572                      if($customfield_val != '')
2573                      {
2574                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2575                      }
2576                  }
2577                  else
2578                  {
2579                      $parser_options = array(
2580                          "allow_html" => $customfield['allowhtml'],
2581                          "allow_mycode" => $customfield['allowmycode'],
2582                          "allow_smilies" => $customfield['allowsmilies'],
2583                          "allow_imgcode" => $customfield['allowimgcode'],
2584                          "allow_videocode" => $customfield['allowvideocode'],
2585                          #"nofollow_on" => 1,
2586                          "filter_badwords" => 1
2587                      );
2588  
2589                      if($customfield['type'] == "textarea")
2590                      {
2591                          $parser_options['me_username'] = $memprofile['username'];
2592                      }
2593                      else
2594                      {
2595                          $parser_options['nl2br'] = 0;
2596                      }
2597  
2598                      if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2599                      {
2600                          $parser_options['allow_imgcode'] = 0;
2601                      }
2602  
2603                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2604                  }
2605              }
2606  
2607              if($customfieldval)
2608              {
2609                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2610                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2611                  $bgcolor = alt_trow();
2612              }
2613          }
2614      }
2615  
2616      if($customfields)
2617      {
2618          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2619      }
2620  
2621      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2622      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2623  
2624      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2625      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2626  
2627      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2628  
2629      $bannedbit = '';
2630      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2631      {
2632          // Fetch details on their ban
2633          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2634          $memban = $db->fetch_array($query);
2635  
2636          if($memban['reason'])
2637          {
2638              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2639          }
2640          else
2641          {
2642              $memban['reason'] = $lang->na;
2643          }
2644  
2645          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2646          {
2647              $banlength = $lang->permanent;
2648              $timeremaining = $lang->na;
2649          }
2650          else
2651          {
2652              // Set up the array of ban times.
2653              $bantimes = fetch_ban_times();
2654  
2655              $banlength = $bantimes[$memban['bantime']];
2656              $remaining = $memban['lifted']-TIME_NOW;
2657  
2658              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2659  
2660              $banned_class = '';
2661              if($remaining < 3600)
2662              {
2663                  $banned_class = "high_banned";
2664              }
2665              else if($remaining < 86400)
2666              {
2667                  $banned_class = "moderate_banned";
2668              }
2669              else if($remaining < 604800)
2670              {
2671                  $banned_class = "low_banned";
2672              }
2673              else
2674              {
2675                  $banned_class = "normal_banned";
2676              }
2677  
2678              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2679          }
2680  
2681          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2682  
2683          // Display a nice warning to the user
2684          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2685      }
2686  
2687      $adminoptions = '';
2688      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2689      {
2690          if($memperms['isbannedgroup'] == 1)
2691          {
2692              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions_manageban")."\";");
2693          }
2694          else
2695          {
2696              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2697          }
2698      }
2699  
2700      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2701      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2702      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2703      {
2704          if($mybb->usergroup['canuseipsearch'] == 1)
2705          {
2706              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2707              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2708  
2709              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2710          }
2711  
2712          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2713  
2714          if(!empty($memprofile['usernotes']))
2715          {
2716              if(strlen($memprofile['usernotes']) > 100)
2717              {
2718                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2719                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2720              }
2721          }
2722          else
2723          {
2724              $memprofile['usernotes'] = $lang->no_usernotes;
2725          }
2726  
2727          if($mybb->usergroup['caneditprofiles'] == 1)
2728          {
2729              eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2730              eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2731          }
2732  
2733          if($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && ($mybb->user['uid'] == $memban['admin']) || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1))
2734          {
2735              if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2736              {
2737                  eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2738              }
2739              else
2740              {
2741                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2742              }
2743          }
2744  
2745          if($can_purge_spammer)
2746          {
2747              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2748          }
2749  
2750          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2751          {
2752              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2753          }
2754  
2755          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2756      }
2757  
2758      $add_remove_options = array();
2759      $buddy_options = $ignore_options = $report_options = '';
2760      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2761      {
2762          $buddy_list = explode(',', $mybb->user['buddylist']);
2763          $ignore_list = explode(',', $mybb->user['ignorelist']);
2764  
2765          if(in_array($uid, $buddy_list))
2766          {
2767              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2768          }
2769          else
2770          {
2771              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2772          }
2773  
2774          if(!in_array($uid, $ignore_list))
2775          {
2776              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2777          }
2778  
2779          if(in_array($uid, $ignore_list))
2780          {
2781              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2782          }
2783          else
2784          {
2785              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2786          }
2787  
2788          if(!in_array($uid, $buddy_list))
2789          {
2790              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2791          }
2792  
2793          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2794          {
2795              $reportable = true;
2796              $query = $db->simple_select("reportedcontent", "reporters", "reportstatus != '1' AND id = '{$memprofile['uid']}' AND type = 'profile'");
2797              if($db->num_rows($query))
2798              {
2799                  $report = $db->fetch_array($query);
2800                  $report['reporters'] = my_unserialize($report['reporters']);
2801                  if(is_array($report['reporters']) && in_array($mybb->user['uid'], $report['reporters']))
2802                  {
2803                      $reportable = false;
2804                  }
2805              }
2806              if($reportable)
2807              {
2808                  $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2809                  eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2810              }
2811          }
2812      }
2813  
2814      $plugins->run_hooks("member_profile_end");
2815  
2816      eval("\$profile = \"".$templates->get("member_profile")."\";");
2817      output_page($profile);
2818  }
2819  
2820  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2821  {
2822      // Verify incoming POST request
2823      verify_post_check($mybb->get_input('my_post_key'));
2824  
2825      $plugins->run_hooks("member_do_emailuser_start");
2826  
2827      // Guests or those without permission can't email other users
2828      if($mybb->usergroup['cansendemail'] == 0)
2829      {
2830          error_no_permission();
2831      }
2832  
2833      // Check group limits
2834      if($mybb->usergroup['maxemails'] > 0)
2835      {
2836          if($mybb->user['uid'] > 0)
2837          {
2838              $user_check = "fromuid='{$mybb->user['uid']}'";
2839          }
2840          else
2841          {
2842              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2843          }
2844  
2845          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2846          $sent_count = $db->fetch_field($query, "sent_count");
2847          if($sent_count >= $mybb->usergroup['maxemails'])
2848          {
2849              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2850              error($lang->error_max_emails_day);
2851          }
2852      }
2853  
2854      // Check email flood control
2855      if($mybb->usergroup['emailfloodtime'] > 0)
2856      {
2857          if($mybb->user['uid'] > 0)
2858          {
2859              $user_check = "fromuid='{$mybb->user['uid']}'";
2860          }
2861          else
2862          {
2863              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2864          }
2865  
2866          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2867  
2868          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2869          $last_email = $db->fetch_array($query);
2870  
2871          // Users last email was within the flood time, show the error
2872          if($last_email['mid'])
2873          {
2874              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2875  
2876              if($remaining_time == 1)
2877              {
2878                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2879              }
2880              elseif($remaining_time < 60)
2881              {
2882                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2883              }
2884              elseif($remaining_time > 60 && $remaining_time < 120)
2885              {
2886                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2887              }
2888              else
2889              {
2890                  $remaining_time_minutes = ceil($remaining_time/60);
2891                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2892              }
2893  
2894              error($lang->error_emailflooding);
2895          }
2896      }
2897  
2898      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2899      $to_user = $db->fetch_array($query);
2900  
2901      if(!$to_user['username'])
2902      {
2903          error($lang->error_invalidusername);
2904      }
2905  
2906      if($to_user['hideemail'] != 0)
2907      {
2908          error($lang->error_hideemail);
2909      }
2910  
2911      $errors = array();
2912  
2913      if($mybb->user['uid'])
2914      {
2915          $mybb->input['fromemail'] = $mybb->user['email'];
2916          $mybb->input['fromname'] = $mybb->user['username'];
2917      }
2918  
2919      if(!validate_email_format($mybb->input['fromemail']))
2920      {
2921          $errors[] = $lang->error_invalidfromemail;
2922      }
2923  
2924      if(empty($mybb->input['fromname']))
2925      {
2926          $errors[] = $lang->error_noname;
2927      }
2928  
2929      if(empty($mybb->input['subject']))
2930      {
2931          $errors[] = $lang->error_no_email_subject;
2932      }
2933  
2934      if(empty($mybb->input['message']))
2935      {
2936          $errors[] = $lang->error_no_email_message;
2937      }
2938  
2939      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2940      {
2941          require_once  MYBB_ROOT.'inc/class_captcha.php';
2942          $captcha = new captcha;
2943  
2944          if($captcha->validate_captcha() == false)
2945          {
2946              // CAPTCHA validation failed
2947              foreach($captcha->get_errors() as $error)
2948              {
2949                  $errors[] = $error;
2950              }
2951          }
2952      }
2953  
2954      if(count($errors) == 0)
2955      {
2956          if($mybb->settings['mail_handler'] == 'smtp')
2957          {
2958              $from = $mybb->input['fromemail'];
2959          }
2960          else
2961          {
2962              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
2963          }
2964  
2965          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
2966          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
2967  
2968          if($mybb->settings['mail_logging'] > 0)
2969          {
2970              // Log the message
2971              $log_entry = array(
2972                  "subject" => $db->escape_string($mybb->get_input('subject')),
2973                  "message" => $db->escape_string($mybb->get_input('message')),
2974                  "dateline" => TIME_NOW,
2975                  "fromuid" => $mybb->user['uid'],
2976                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
2977                  "touid" => $to_user['uid'],
2978                  "toemail" => $db->escape_string($to_user['email']),
2979                  "tid" => 0,
2980                  "ipaddress" => $db->escape_binary($session->packedip),
2981                  "type" => 1
2982              );
2983              $db->insert_query("maillogs", $log_entry);
2984          }
2985  
2986          $plugins->run_hooks("member_do_emailuser_end");
2987  
2988          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
2989      }
2990      else
2991      {
2992          $mybb->input['action'] = "emailuser";
2993      }
2994  }
2995  
2996  if($mybb->input['action'] == "emailuser")
2997  {
2998      $plugins->run_hooks("member_emailuser_start");
2999  
3000      // Guests or those without permission can't email other users
3001      if($mybb->usergroup['cansendemail'] == 0)
3002      {
3003          error_no_permission();
3004      }
3005  
3006      // Check group limits
3007      if($mybb->usergroup['maxemails'] > 0)
3008      {
3009          if($mybb->user['uid'] > 0)
3010          {
3011              $user_check = "fromuid='{$mybb->user['uid']}'";
3012          }
3013          else
3014          {
3015              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3016          }
3017  
3018          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3019          $sent_count = $db->fetch_field($query, "sent_count");
3020          if($sent_count >= $mybb->usergroup['maxemails'])
3021          {
3022              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3023              error($lang->error_max_emails_day);
3024          }
3025      }
3026  
3027      // Check email flood control
3028      if($mybb->usergroup['emailfloodtime'] > 0)
3029      {
3030          if($mybb->user['uid'] > 0)
3031          {
3032              $user_check = "fromuid='{$mybb->user['uid']}'";
3033          }
3034          else
3035          {
3036              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3037          }
3038  
3039          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3040  
3041          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3042          $last_email = $db->fetch_array($query);
3043  
3044          // Users last email was within the flood time, show the error
3045          if($last_email['mid'])
3046          {
3047              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3048  
3049              if($remaining_time == 1)
3050              {
3051                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3052              }
3053              elseif($remaining_time < 60)
3054              {
3055                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3056              }
3057              elseif($remaining_time > 60 && $remaining_time < 120)
3058              {
3059                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3060              }
3061              else
3062              {
3063                  $remaining_time_minutes = ceil($remaining_time/60);
3064                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3065              }
3066  
3067              error($lang->error_emailflooding);
3068          }
3069      }
3070  
3071      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3072      $to_user = $db->fetch_array($query);
3073  
3074      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3075      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3076  
3077      if(!$to_user['uid'])
3078      {
3079          error($lang->error_invaliduser);
3080      }
3081  
3082      if($to_user['hideemail'] != 0)
3083      {
3084          error($lang->error_hideemail);
3085      }
3086  
3087      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3088      {
3089          error_no_permission();
3090      }
3091  
3092      if(isset($errors) && count($errors) > 0)
3093      {
3094          $errors = inline_error($errors);
3095          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3096          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3097          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3098          $message = htmlspecialchars_uni($mybb->get_input('message'));
3099      }
3100      else
3101      {
3102          $errors = '';
3103          $fromname = '';
3104          $fromemail = '';
3105          $subject = '';
3106          $message = '';
3107      }
3108  
3109      // Generate CAPTCHA?
3110      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3111      {
3112          require_once  MYBB_ROOT.'inc/class_captcha.php';
3113          $post_captcha = new captcha(true, "post_captcha");
3114  
3115          if($post_captcha->html)
3116          {
3117              $captcha = $post_captcha->html;
3118          }
3119      }
3120      else
3121      {
3122          $captcha = '';
3123      }
3124  
3125      $from_email = '';
3126      if($mybb->user['uid'] == 0)
3127      {
3128          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3129      }
3130  
3131      $plugins->run_hooks("member_emailuser_end");
3132  
3133      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3134      output_page($emailuser);
3135  }
3136  
3137  if($mybb->input['action'] == 'referrals')
3138  {
3139      $plugins->run_hooks('member_referrals_start');
3140  
3141      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3142      if(!$uid)
3143      {
3144          error($lang->referrals_no_user_specified);
3145      }
3146  
3147      $user = get_user($uid);
3148      if(!$user['$uid'])
3149      {
3150          error($lang->referrals_invalid_user);
3151      }
3152  
3153      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3154      add_breadcrumb($lang->nav_referrals);
3155  
3156      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3157      $referral_count = $db->fetch_field($query, 'total');
3158  
3159      $bg_color = 'trow1';
3160  
3161      if($referral_count == 0)
3162      {
3163          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3164      }
3165      else
3166      {
3167          // Figure out if we need to display multiple pages.
3168          $perpage = 20;
3169          if ((int) $mybb->settings['referralsperpage']) {
3170              $perpage = (int) $mybb->settings['referralsperpage'];
3171          }
3172  
3173          $page = 1;
3174          if($mybb->get_input('page', MyBB::INPUT_INT))
3175          {
3176              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3177          }
3178  
3179          $pages = ceil($referral_count / $perpage);
3180  
3181          if($page > $pages || $page <= 0)
3182          {
3183              $page = 1;
3184          }
3185  
3186          if($page)
3187          {
3188              $start = ($page-1) * $perpage;
3189          }
3190          else
3191          {
3192              $start = 0;
3193              $page = 1;
3194          }
3195  
3196          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3197  
3198          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3199          {
3200              // Format user name link
3201              $username = htmlspecialchars_uni($referral['username']);
3202              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3203              $username = build_profile_link($username, $referral['uid']);
3204  
3205              $regdate = my_date('normal', $referral['regdate']);
3206  
3207              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3208  
3209              $bg_color = alt_trow();
3210          }
3211      }
3212  
3213      $plugins->run_hooks('member_referrals_end');
3214  
3215      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3216      output_page($referrals);
3217  }
3218  
3219  if(!$mybb->input['action'])
3220  {
3221      header("Location: index.php");
3222  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref