[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_contact_fields_yahoo,member_profile_pm,member_profile_contact_details";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  $templatelist .= ",member_profile_modoptions_manageban";
  30  
  31  require_once  "./global.php";
  32  require_once  MYBB_ROOT."inc/functions_post.php";
  33  require_once  MYBB_ROOT."inc/functions_user.php";
  34  require_once  MYBB_ROOT."inc/class_parser.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("member");
  39  
  40  $mybb->input['action'] = $mybb->get_input('action');
  41  
  42  // Make navigation
  43  switch($mybb->input['action'])
  44  {
  45      case "register":
  46      case "do_register":
  47          add_breadcrumb($lang->nav_register);
  48          break;
  49      case "activate":
  50          add_breadcrumb($lang->nav_activate);
  51          break;
  52      case "resendactivation":
  53          add_breadcrumb($lang->nav_resendactivation);
  54          break;
  55      case "lostpw":
  56          add_breadcrumb($lang->nav_lostpw);
  57          break;
  58      case "resetpassword":
  59          add_breadcrumb($lang->nav_resetpassword);
  60          break;
  61      case "login":
  62          add_breadcrumb($lang->nav_login);
  63          break;
  64      case "emailuser":
  65          add_breadcrumb($lang->nav_emailuser);
  66          break;
  67  }
  68  
  69  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  70  {
  71      if($mybb->settings['disableregs'] == 1)
  72      {
  73          error($lang->registrations_disabled);
  74      }
  75      if($mybb->user['uid'] != 0)
  76      {
  77          error($lang->error_alreadyregistered);
  78      }
  79      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  80      {
  81          $time = TIME_NOW;
  82          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  83          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  84          $regcount = $db->num_rows($query);
  85          if($regcount >= $mybb->settings['maxregsbetweentime'])
  86          {
  87              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  88              error($lang->error_alreadyregisteredtime);
  89          }
  90      }
  91  }
  92  
  93  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  94  {
  95      $plugins->run_hooks("member_do_register_start");
  96  
  97      // Are checking how long it takes for users to register?
  98      if($mybb->settings['regtime'] > 0)
  99      {
 100          // Is the field actually set?
 101          if(isset($mybb->input['regtime']))
 102          {
 103              // Check how long it took for this person to register
 104              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 105  
 106              // See if they registered faster than normal
 107              if($timetook < $mybb->settings['regtime'])
 108              {
 109                  // This user registered pretty quickly, bot detected!
 110                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 111                  error($lang->error_spam_deny_time);
 112              }
 113          }
 114          else
 115          {
 116              error($lang->error_spam_deny);
 117          }
 118      }
 119  
 120      // If we have hidden CATPCHA enabled and it's filled, deny registration
 121      if($mybb->settings['hiddencaptchaimage'])
 122      {
 123          $string = $mybb->settings['hiddencaptchaimagefield'];
 124  
 125          if(!empty($mybb->input[$string]))
 126          {
 127              error($lang->error_spam_deny);
 128          }
 129      }
 130  
 131      if($mybb->settings['regtype'] == "randompass")
 132      {
 133  
 134          $password_length = (int)$mybb->settings['minpasswordlength'];
 135          if($password_length < 8)
 136          {
 137              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 138          }
 139  
 140          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 141          $mybb->input['password2'] = $mybb->input['password'];
 142      }
 143  
 144      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 145      {
 146          $usergroup = 5;
 147      }
 148      else
 149      {
 150          $usergroup = 2;
 151      }
 152  
 153      // Set up user handler.
 154      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 155      $userhandler = new UserDataHandler("insert");
 156  
 157      $coppauser = 0;
 158      if(isset($mybb->cookies['coppauser']))
 159      {
 160          $coppauser = (int)$mybb->cookies['coppauser'];
 161      }
 162  
 163      // Set the data for the new user.
 164      $user = array(
 165          "username" => $mybb->get_input('username'),
 166          "password" => $mybb->get_input('password'),
 167          "password2" => $mybb->get_input('password2'),
 168          "email" => $mybb->get_input('email'),
 169          "email2" => $mybb->get_input('email2'),
 170          "usergroup" => $usergroup,
 171          "referrer" => $mybb->get_input('referrername'),
 172          "timezone" => $mybb->get_input('timezoneoffset'),
 173          "language" => $mybb->get_input('language'),
 174          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 175          "regip" => $session->packedip,
 176          "coppa_user" => $coppauser,
 177          "regcheck1" => $mybb->get_input('regcheck1'),
 178          "regcheck2" => $mybb->get_input('regcheck2'),
 179          "registration" => true
 180      );
 181  
 182      // Do we have a saved COPPA DOB?
 183      if(isset($mybb->cookies['coppadob']))
 184      {
 185          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 186          $user['birthday'] = array(
 187              "day" => $dob_day,
 188              "month" => $dob_month,
 189              "year" => $dob_year
 190          );
 191      }
 192  
 193      $user['options'] = array(
 194          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 195          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 196          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 197          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 198          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 199          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 200          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 201          "dstcorrection" => $mybb->get_input('dstcorrection')
 202      );
 203  
 204      $userhandler->set_data($user);
 205  
 206      $errors = array();
 207  
 208      if(!$userhandler->validate_user())
 209      {
 210          $errors = $userhandler->get_friendly_errors();
 211      }
 212  
 213      if($mybb->settings['enablestopforumspam_on_register'])
 214      {
 215          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 216  
 217          $stop_forum_spam_checker = new StopForumSpamChecker(
 218              $plugins,
 219              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 220              $mybb->settings['stopforumspam_check_usernames'],
 221              $mybb->settings['stopforumspam_check_emails'],
 222              $mybb->settings['stopforumspam_check_ips'],
 223              $mybb->settings['stopforumspam_log_blocks']
 224          );
 225  
 226          try {
 227              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 228              {
 229                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 230                          $stop_forum_spam_checker->getErrorText(array(
 231                              'stopforumspam_check_usernames',
 232                              'stopforumspam_check_emails',
 233                              'stopforumspam_check_ips'
 234                              ))));
 235              }
 236          }
 237          catch (Exception $e)
 238          {
 239              if($mybb->settings['stopforumspam_block_on_error'])
 240              {
 241                  error($lang->error_stop_forum_spam_fetching);
 242              }
 243          }
 244      }
 245  
 246      if($mybb->settings['captchaimage'])
 247      {
 248          require_once  MYBB_ROOT.'inc/class_captcha.php';
 249          $captcha = new captcha;
 250  
 251          if($captcha->validate_captcha() == false)
 252          {
 253              // CAPTCHA validation failed
 254              foreach($captcha->get_errors() as $error)
 255              {
 256                  $errors[] = $error;
 257              }
 258          }
 259      }
 260  
 261      // If we have a security question, check to see if answer is correct
 262      if($mybb->settings['securityquestion'])
 263      {
 264          $question_id = $db->escape_string($mybb->get_input('question_id'));
 265          $answer = $db->escape_string($mybb->get_input('answer'));
 266  
 267          $query = $db->query("
 268              SELECT q.*, s.sid
 269              FROM ".TABLE_PREFIX."questionsessions s
 270              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 271              WHERE q.active='1' AND s.sid='{$question_id}'
 272          ");
 273          if($db->num_rows($query) > 0)
 274          {
 275              $question = $db->fetch_array($query);
 276              $valid_answers = explode("\n", $question['answer']);
 277              $validated = 0;
 278  
 279              foreach($valid_answers as $answers)
 280              {
 281                  if(my_strtolower($answers) == my_strtolower($answer))
 282                  {
 283                      $validated = 1;
 284                  }
 285              }
 286  
 287              if($validated != 1)
 288              {
 289                  $update_question = array(
 290                      "incorrect" => $question['incorrect'] + 1
 291                  );
 292                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 293  
 294                  $errors[] = $lang->error_question_wrong;
 295              }
 296              else
 297              {
 298                  $update_question = array(
 299                      "correct" => $question['correct'] + 1
 300                  );
 301                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 302              }
 303  
 304              $db->delete_query("questionsessions", "sid='{$sid}'");
 305          }
 306      }
 307  
 308      if(!empty($errors))
 309      {
 310          $username = htmlspecialchars_uni($mybb->get_input('username'));
 311          $email = htmlspecialchars_uni($mybb->get_input('email'));
 312          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 313          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 314  
 315          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 316          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 317  
 318          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 319          {
 320              $allownoticescheck = "checked=\"checked\"";
 321          }
 322  
 323          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 324          {
 325              $hideemailcheck = "checked=\"checked\"";
 326          }
 327  
 328          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 329          {
 330              $no_subscribe_selected = "selected=\"selected\"";
 331          }
 332          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 333          {
 334              $instant_email_subscribe_selected = "selected=\"selected\"";
 335          }
 336          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 337          {
 338              $instant_pm_subscribe_selected = "selected=\"selected\"";
 339          }
 340          else
 341          {
 342              $no_auto_subscribe_selected = "selected=\"selected\"";
 343          }
 344  
 345          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 346          {
 347              $receivepmscheck = "checked=\"checked\"";
 348          }
 349  
 350          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 351          {
 352              $pmnoticecheck = " checked=\"checked\"";
 353          }
 354  
 355          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 356          {
 357              $pmnotifycheck = "checked=\"checked\"";
 358          }
 359  
 360          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 361          {
 362              $invisiblecheck = "checked=\"checked\"";
 363          }
 364  
 365          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 366          {
 367              $dst_auto_selected = "selected=\"selected\"";
 368          }
 369          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 370          {
 371              $dst_enabled_selected = "selected=\"selected\"";
 372          }
 373          else
 374          {
 375              $dst_disabled_selected = "selected=\"selected\"";
 376          }
 377  
 378          $regerrors = inline_error($errors);
 379          $mybb->input['action'] = "register";
 380          $fromreg = 1;
 381      }
 382      else
 383      {
 384          $user_info = $userhandler->insert_user();
 385  
 386          // Invalidate solved captcha
 387          if($mybb->settings['captchaimage'])
 388          {
 389              $captcha->invalidate_captcha();
 390          }
 391  
 392          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 393          {
 394              // Log them in
 395              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 396          }
 397  
 398          if(isset($mybb->cookies['coppauser']))
 399          {
 400              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 401              my_unsetcookie("coppauser");
 402              my_unsetcookie("coppadob");
 403              $plugins->run_hooks("member_do_register_end");
 404              error($lang->redirect_registered_coppa_activate);
 405          }
 406          else if($mybb->settings['regtype'] == "verify")
 407          {
 408              $activationcode = random_str();
 409              $now = TIME_NOW;
 410              $activationarray = array(
 411                  "uid" => $user_info['uid'],
 412                  "dateline" => TIME_NOW,
 413                  "code" => $activationcode,
 414                  "type" => "r"
 415              );
 416              $db->insert_query("awaitingactivation", $activationarray);
 417              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 418              switch($mybb->settings['username_method'])
 419              {
 420                  case 0:
 421                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 422                      break;
 423                  case 1:
 424                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 425                      break;
 426                  case 2:
 427                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 428                      break;
 429                  default:
 430                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 431                      break;
 432              }
 433              my_mail($user_info['email'], $emailsubject, $emailmessage);
 434  
 435              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 436  
 437              $plugins->run_hooks("member_do_register_end");
 438  
 439              error($lang->redirect_registered_activation);
 440          }
 441          else if($mybb->settings['regtype'] == "randompass")
 442          {
 443              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 444              switch($mybb->settings['username_method'])
 445              {
 446                  case 0:
 447                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 448                      break;
 449                  case 1:
 450                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 451                      break;
 452                  case 2:
 453                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 454                      break;
 455                  default:
 456                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 457                      break;
 458              }
 459              my_mail($user_info['email'], $emailsubject, $emailmessage);
 460  
 461              $plugins->run_hooks("member_do_register_end");
 462  
 463              error($lang->redirect_registered_passwordsent);
 464          }
 465          else if($mybb->settings['regtype'] == "admin")
 466          {
 467              $groups = $cache->read("usergroups");
 468              $admingroups = array();
 469              if(!empty($groups)) // Shouldn't be...
 470              {
 471                  foreach($groups as $group)
 472                  {
 473                      if($group['cancp'] == 1)
 474                      {
 475                          $admingroups[] = (int)$group['gid'];
 476                      }
 477                  }
 478              }
 479  
 480              if(!empty($admingroups))
 481              {
 482                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 483                  foreach($admingroups as $admingroup)
 484                  {
 485                      switch($db->type)
 486                      {
 487                          case 'pgsql':
 488                          case 'sqlite':
 489                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 490                              break;
 491                          default:
 492                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 493                              break;
 494                      }
 495                  }
 496                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 497                  while($recipient = $db->fetch_array($q))
 498                  {
 499                      // First we check if the user's a super admin: if yes, we don't care about permissions
 500                      $is_super_admin = is_super_admin($recipient['uid']);
 501                      if(!$is_super_admin)
 502                      {
 503                          // Include admin functions
 504                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 505                          {
 506                              continue;
 507                          }
 508  
 509                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 510  
 511                          // Verify if we have permissions to access user-users
 512                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 513                          if(function_exists("user_admin_permissions"))
 514                          {
 515                              // Get admin permissions
 516                              $adminperms = get_admin_permissions($recipient['uid']);
 517  
 518                              $permissions = user_admin_permissions();
 519                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 520                              {
 521                                  continue; // No permissions
 522                              }
 523                          }
 524                      }
 525  
 526                      // Load language
 527                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 528                      {
 529                          $reset_lang = true;
 530                          $lang->set_language($recipient['language']);
 531                          $lang->load("member");
 532                      }
 533  
 534                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 535                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 536                      my_mail($recipient['email'], $subject, $message);
 537                  }
 538  
 539                  // Reset language
 540                  if(isset($reset_lang))
 541                  {
 542                      $lang->set_language($mybb->settings['bblanguage']);
 543                      $lang->load("member");
 544                  }
 545              }
 546  
 547              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 548  
 549              $plugins->run_hooks("member_do_register_end");
 550  
 551              error($lang->redirect_registered_admin_activate);
 552          }
 553          else if($mybb->settings['regtype'] == "both")
 554          {
 555              $groups = $cache->read("usergroups");
 556              $admingroups = array();
 557              if(!empty($groups)) // Shouldn't be...
 558              {
 559                  foreach($groups as $group)
 560                  {
 561                      if($group['cancp'] == 1)
 562                      {
 563                          $admingroups[] = (int)$group['gid'];
 564                      }
 565                  }
 566              }
 567  
 568              if(!empty($admingroups))
 569              {
 570                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 571                  foreach($admingroups as $admingroup)
 572                  {
 573                      switch($db->type)
 574                      {
 575                          case 'pgsql':
 576                          case 'sqlite':
 577                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 578                              break;
 579                          default:
 580                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 581                              break;
 582                      }
 583                  }
 584                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 585                  while($recipient = $db->fetch_array($q))
 586                  {
 587                      // First we check if the user's a super admin: if yes, we don't care about permissions
 588                      $is_super_admin = is_super_admin($recipient['uid']);
 589                      if(!$is_super_admin)
 590                      {
 591                          // Include admin functions
 592                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 593                          {
 594                              continue;
 595                          }
 596  
 597                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 598  
 599                          // Verify if we have permissions to access user-users
 600                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 601                          if(function_exists("user_admin_permissions"))
 602                          {
 603                              // Get admin permissions
 604                              $adminperms = get_admin_permissions($recipient['uid']);
 605  
 606                              $permissions = user_admin_permissions();
 607                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 608                              {
 609                                  continue; // No permissions
 610                              }
 611                          }
 612                      }
 613  
 614                      // Load language
 615                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 616                      {
 617                          $reset_lang = true;
 618                          $lang->set_language($recipient['language']);
 619                          $lang->load("member");
 620                      }
 621  
 622                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 623                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 624                      my_mail($recipient['email'], $subject, $message);
 625                  }
 626  
 627                  // Reset language
 628                  if(isset($reset_lang))
 629                  {
 630                      $lang->set_language($mybb->settings['bblanguage']);
 631                      $lang->load("member");
 632                  }
 633              }
 634  
 635              $activationcode = random_str();
 636              $activationarray = array(
 637                  "uid" => $user_info['uid'],
 638                  "dateline" => TIME_NOW,
 639                  "code" => $activationcode,
 640                  "type" => "b"
 641              );
 642              $db->insert_query("awaitingactivation", $activationarray);
 643              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 644              switch($mybb->settings['username_method'])
 645              {
 646                  case 0:
 647                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 648                      break;
 649                  case 1:
 650                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 651                      break;
 652                  case 2:
 653                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 654                      break;
 655                  default:
 656                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 657                      break;
 658              }
 659              my_mail($user_info['email'], $emailsubject, $emailmessage);
 660  
 661              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 662  
 663              $plugins->run_hooks("member_do_register_end");
 664  
 665              error($lang->redirect_registered_activation);
 666          }
 667          else
 668          {
 669              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 670  
 671              $plugins->run_hooks("member_do_register_end");
 672  
 673              redirect("index.php", $lang->redirect_registered);
 674          }
 675      }
 676  }
 677  
 678  if($mybb->input['action'] == "coppa_form")
 679  {
 680      if(!$mybb->settings['faxno'])
 681      {
 682          $mybb->settings['faxno'] = "&nbsp;";
 683      }
 684  
 685      $plugins->run_hooks("member_coppa_form");
 686  
 687      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 688      output_page($coppa_form);
 689  }
 690  
 691  if($mybb->input['action'] == "register")
 692  {
 693      $bdaysel = '';
 694      if($mybb->settings['coppa'] == "disabled")
 695      {
 696          $bdaysel = $bday2blank = '';
 697      }
 698      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 699      for($day = 1; $day <= 31; ++$day)
 700      {
 701          $selected = '';
 702          if($mybb->input['bday1'] == $day)
 703          {
 704              $selected = " selected=\"selected\"";
 705          }
 706  
 707          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 708      }
 709  
 710      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 711      $bdaymonthsel = array();
 712      foreach(range(1, 12) as $number)
 713      {
 714          $bdaymonthsel[$number] = '';
 715      }
 716      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 717      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 718  
 719      if($birthday_year == 0)
 720      {
 721          $birthday_year = '';
 722      }
 723  
 724      // Is COPPA checking enabled?
 725      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 726      {
 727          // Just selected DOB, we check
 728          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 729          {
 730              my_unsetcookie("coppauser");
 731  
 732              $months = get_bdays($birthday_year);
 733              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 734              {
 735                  error($lang->error_invalid_birthday);
 736              }
 737  
 738              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 739  
 740              // Store DOB in cookie so we can save it with the registration
 741              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 742  
 743              // User is <= 13, we mark as a coppa user
 744              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 745              {
 746                  my_setcookie("coppauser", 1, -0);
 747                  $under_thirteen = true;
 748              }
 749              $mybb->request_method = "";
 750          }
 751          // Show DOB select form
 752          else
 753          {
 754              $plugins->run_hooks("member_register_coppa");
 755  
 756              my_unsetcookie("coppauser");
 757  
 758              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 759              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 760              output_page($coppa);
 761              exit;
 762          }
 763      }
 764  
 765      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 766      {
 767          $coppa_agreement = '';
 768          // Is this user a COPPA user? We need to show the COPPA agreement too
 769          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 770          {
 771              if($mybb->settings['coppa'] == "deny")
 772              {
 773                  error($lang->error_need_to_be_thirteen);
 774              }
 775              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 776              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 777          }
 778  
 779          $plugins->run_hooks("member_register_agreement");
 780  
 781          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 782          output_page($agreement);
 783      }
 784      else
 785      {
 786          $plugins->run_hooks("member_register_start");
 787  
 788          // JS validator extra
 789          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 790          {
 791              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 792          }
 793  
 794          $validator_javascript = "<script type=\"text/javascript\">
 795  $(function() {
 796      $('#registration_form').validate({
 797          rules: {
 798              username: {
 799                  required: true,
 800                  minlength: {$mybb->settings['minnamelength']},
 801                  maxlength: {$mybb->settings['maxnamelength']},
 802                  remote: {
 803                      url: 'xmlhttp.php?action=username_availability',
 804                      type: 'post',
 805                      dataType: 'json',
 806                      data:
 807                      {
 808                          my_post_key: my_post_key
 809                      },
 810                  },
 811              },
 812              email: {
 813                  required: true,
 814                  email: true,
 815                  remote: {
 816                      url: 'xmlhttp.php?action=email_availability',
 817                      type: 'post',
 818                      dataType: 'json',
 819                      data:
 820                      {
 821                          my_post_key: my_post_key
 822                      },
 823                  },
 824              },
 825              email2: {
 826                  required: true,
 827                  email: true,
 828                  equalTo: '#email'
 829              },
 830          },
 831          messages: {
 832              username: {
 833                  minlength: '{$lang->js_validator_username_length}',
 834                  maxlength: '{$lang->js_validator_username_length}',
 835              },
 836              email: '{$lang->js_validator_invalid_email}',
 837              email2: '{$lang->js_validator_email_match}',
 838          },
 839          errorPlacement: function(error, element) {
 840              if(element.is(':checkbox') || element.is(':radio'))
 841                  error.insertAfter($('input[name=\"' + element.attr('name') + '\"]').last().next('span'));
 842              else
 843                  error.insertAfter(element);
 844          }
 845      });\n";
 846  
 847          if(isset($mybb->input['timezoneoffset']))
 848          {
 849              $timezoneoffset = $mybb->get_input('timezoneoffset');
 850          }
 851          else
 852          {
 853              $timezoneoffset = $mybb->settings['timezoneoffset'];
 854          }
 855          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 856  
 857          $stylelist = build_theme_select("style");
 858  
 859          if($mybb->settings['usertppoptions'])
 860          {
 861              $tppoptions = '';
 862              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 863              if(is_array($explodedtpp))
 864              {
 865                  foreach($explodedtpp as $val)
 866                  {
 867                      $val = trim($val);
 868                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 869                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 870                  }
 871              }
 872              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 873          }
 874          if($mybb->settings['userpppoptions'])
 875          {
 876              $pppoptions = '';
 877              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 878              if(is_array($explodedppp))
 879              {
 880                  foreach($explodedppp as $val)
 881                  {
 882                      $val = trim($val);
 883                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 884                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 885                  }
 886              }
 887              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 888          }
 889          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 890          {
 891              if(isset($mybb->cookies['mybb']['referrer']))
 892              {
 893                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 894                  $ref = $db->fetch_array($query);
 895                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 896                  $referrername = $ref['username'];
 897              }
 898              elseif(isset($referrer))
 899              {
 900                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 901                  $ref = $db->fetch_array($query);
 902                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 903                  $referrername = $ref['username'];
 904              }
 905              elseif(!empty($referrername))
 906              {
 907                  $ref = get_user_by_username($referrername);
 908                  if(!$ref['uid'])
 909                  {
 910                      $errors[] = $lang->error_badreferrer;
 911                  }
 912              }
 913              else
 914              {
 915                  $referrername = '';
 916              }
 917              if(isset($quickreg))
 918              {
 919                  $refbg = "trow1";
 920              }
 921              else
 922              {
 923                  $refbg = "trow2";
 924              }
 925              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 926          }
 927          else
 928          {
 929              $referrer = '';
 930          }
 931          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 932          // Custom profile fields baby!
 933          $altbg = "trow1";
 934          $requiredfields = $customfields = '';
 935  
 936          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 937          {
 938              $usergroup = 5;
 939          }
 940          else
 941          {
 942              $usergroup = 2;
 943          }
 944  
 945          $pfcache = $cache->read('profilefields');
 946  
 947          if(is_array($pfcache))
 948          {
 949              foreach($pfcache as $profilefield)
 950              {
 951                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 952                  {
 953                      continue;
 954                  }
 955  
 956                  $code = $select = $val = $options = $expoptions = $useropts = '';
 957                  $seloptions = array();
 958                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 959                  $thing = explode("\n", $profilefield['type'], "2");
 960                  $type = trim($thing[0]);
 961                  $options = $thing[1];
 962                  $select = '';
 963                  $field = "fid{$profilefield['fid']}";
 964                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 965                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 966                  if($errors && isset($mybb->input['profile_fields'][$field]))
 967                  {
 968                      $userfield = $mybb->input['profile_fields'][$field];
 969                  }
 970                  else
 971                  {
 972                      $userfield = '';
 973                  }
 974                  if($type == "multiselect")
 975                  {
 976                      if($errors)
 977                      {
 978                          $useropts = $userfield;
 979                      }
 980                      else
 981                      {
 982                          $useropts = explode("\n", $userfield);
 983                      }
 984                      if(is_array($useropts))
 985                      {
 986                          foreach($useropts as $key => $val)
 987                          {
 988                              $seloptions[$val] = $val;
 989                          }
 990                      }
 991                      $expoptions = explode("\n", $options);
 992                      if(is_array($expoptions))
 993                      {
 994                          foreach($expoptions as $key => $val)
 995                          {
 996                              $val = trim($val);
 997                              $val = str_replace("\n", "\\n", $val);
 998  
 999                              $sel = "";
1000                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1001                              {
1002                                  $sel = ' selected="selected"';
1003                              }
1004  
1005                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1006                          }
1007                          if(!$profilefield['length'])
1008                          {
1009                              $profilefield['length'] = 3;
1010                          }
1011  
1012                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
1013                      }
1014                  }
1015                  elseif($type == "select")
1016                  {
1017                      $expoptions = explode("\n", $options);
1018                      if(is_array($expoptions))
1019                      {
1020                          foreach($expoptions as $key => $val)
1021                          {
1022                              $val = trim($val);
1023                              $val = str_replace("\n", "\\n", $val);
1024                              $sel = "";
1025                              if($val == $userfield)
1026                              {
1027                                  $sel = ' selected="selected"';
1028                              }
1029  
1030                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1031                          }
1032                          if(!$profilefield['length'])
1033                          {
1034                              $profilefield['length'] = 1;
1035                          }
1036  
1037                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
1038                      }
1039                  }
1040                  elseif($type == "radio")
1041                  {
1042                      $expoptions = explode("\n", $options);
1043                      if(is_array($expoptions))
1044                      {
1045                          foreach($expoptions as $key => $val)
1046                          {
1047                              $checked = "";
1048                              if($val == $userfield)
1049                              {
1050                                  $checked = 'checked="checked"';
1051                              }
1052  
1053                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
1054                          }
1055                      }
1056                  }
1057                  elseif($type == "checkbox")
1058                  {
1059                      if($errors)
1060                      {
1061                          $useropts = $userfield;
1062                      }
1063                      else
1064                      {
1065                          $useropts = explode("\n", $userfield);
1066                      }
1067                      if(is_array($useropts))
1068                      {
1069                          foreach($useropts as $key => $val)
1070                          {
1071                              $seloptions[$val] = $val;
1072                          }
1073                      }
1074                      $expoptions = explode("\n", $options);
1075                      if(is_array($expoptions))
1076                      {
1077                          foreach($expoptions as $key => $val)
1078                          {
1079                              $checked = "";
1080                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1081                              {
1082                                  $checked = 'checked="checked"';
1083                              }
1084  
1085                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1086                          }
1087                      }
1088                  }
1089                  elseif($type == "textarea")
1090                  {
1091                      $value = htmlspecialchars_uni($userfield);
1092                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1093                  }
1094                  else
1095                  {
1096                      $value = htmlspecialchars_uni($userfield);
1097                      $maxlength = "";
1098                      if($profilefield['maxlength'] > 0)
1099                      {
1100                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1101                      }
1102  
1103                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1104                  }
1105  
1106                  if($profilefield['required'] == 1)
1107                  {
1108                      // JS validator extra, choose correct selectors for everything except single select which always has value
1109                      if($type != 'select')
1110                      {
1111                          if($type == "textarea")
1112                          {
1113                              $inp_selector = "$('textarea[name=\"profile_fields[{$field}]\"]')";
1114                          }
1115                          elseif($type == "multiselect")
1116                          {
1117                              $inp_selector = "$('select[name=\"profile_fields[{$field}][]\"]')";
1118                          }
1119                          elseif($type == "checkbox")
1120                          {
1121                              $inp_selector = "$('input[name=\"profile_fields[{$field}][]\"]')";
1122                          }
1123                          else
1124                          {
1125                              $inp_selector = "$('input[name=\"profile_fields[{$field}]\"]')";
1126                          }
1127  
1128                          $validator_javascript .= "
1129      {$inp_selector}.rules('add', {
1130          required: true,
1131          messages: {
1132              required: '{$lang->js_validator_not_empty}'
1133          }
1134      });\n";
1135                      }
1136  
1137                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1138                  }
1139                  else
1140                  {
1141                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1142                  }
1143              }
1144  
1145              if($requiredfields)
1146              {
1147                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1148              }
1149  
1150              if($customfields)
1151              {
1152                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1153              }
1154          }
1155  
1156          if(!isset($fromreg))
1157          {
1158              $allownoticescheck = "checked=\"checked\"";
1159              $hideemailcheck = '';
1160              $receivepmscheck = "checked=\"checked\"";
1161              $pmnoticecheck = " checked=\"checked\"";
1162              $pmnotifycheck = '';
1163              $invisiblecheck = '';
1164              if($mybb->settings['dstcorrection'] == 1)
1165              {
1166                  $enabledstcheck = "checked=\"checked\"";
1167              }
1168              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1169              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1170              $username = $email = $email2 = '';
1171              $regerrors = '';
1172          }
1173          // Spambot registration image thingy
1174          if($mybb->settings['captchaimage'])
1175          {
1176              require_once  MYBB_ROOT.'inc/class_captcha.php';
1177              $captcha = new captcha(true, "member_register_regimage");
1178  
1179              if($captcha->html)
1180              {
1181                  $regimage = $captcha->html;
1182  
1183                  if($mybb->settings['captchaimage'] == 1)
1184                  {
1185                      // JS validator extra for our default CAPTCHA
1186                      $validator_javascript .= "
1187      $('#imagestring').rules('add', {
1188          required: true,
1189          remote:{
1190              url: 'xmlhttp.php?action=validate_captcha',
1191              type: 'post',
1192              dataType: 'json',
1193              data:
1194              {
1195                  imagehash: function () {
1196                      return $('#imagehash').val();
1197                  },
1198                  my_post_key: my_post_key
1199              },
1200          },
1201          messages: {
1202              remote: '{$lang->js_validator_no_image_text}'
1203          }
1204      });\n";
1205                  }
1206              }
1207          }
1208  
1209          // Security Question
1210          $questionbox = '';
1211          if($mybb->settings['securityquestion'])
1212          {
1213              $sid = generate_question();
1214              $query = $db->query("
1215                  SELECT q.question, s.sid
1216                  FROM ".TABLE_PREFIX."questionsessions s
1217                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1218                  WHERE q.active='1' AND s.sid='{$sid}'
1219              ");
1220              if($db->num_rows($query) > 0)
1221              {
1222                  $question = $db->fetch_array($query);
1223                  
1224                  //Set parser options for security question
1225                  $parser_options = array(
1226                      "allow_html" => 0,
1227                      "allow_mycode" => 1,
1228                      "allow_smilies" => 1,
1229                      "allow_imgcode" => 1,
1230                      "allow_videocode" => 1,
1231                      "filter_badwords" => 1,
1232                      "me_username" => 0,
1233                      "shorten_urls" => 0,
1234                      "highlight" => 0,
1235                  );
1236  
1237                  //Parse question
1238                  $question['question'] = $parser->parse_message($question['question'], $parser_options);
1239                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1240  
1241                  $refresh = '';
1242                  // Total questions
1243                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1244                  $num = $db->fetch_field($q, 'num');
1245                  if($num > 1)
1246                  {
1247                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1248                  }
1249  
1250                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1251  
1252                  $validator_javascript .= "
1253      $('#answer').rules('add', {
1254          required: true,
1255          remote:{
1256              url: 'xmlhttp.php?action=validate_question',
1257              type: 'post',
1258              dataType: 'json',
1259              data:
1260              {
1261                  question: function () {
1262                      return $('#question_id').val();
1263                  },
1264                  my_post_key: my_post_key
1265              },
1266          },
1267          messages: {
1268              remote: '{$lang->js_validator_no_security_question}'
1269          }
1270      });\n";
1271              }
1272          }
1273  
1274          $hiddencaptcha = '';
1275          // Hidden CAPTCHA for Spambots
1276          if($mybb->settings['hiddencaptchaimage'])
1277          {
1278              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1279  
1280              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1281          }
1282          if($mybb->settings['regtype'] != "randompass")
1283          {
1284              // JS validator extra
1285              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1286  
1287              $validator_javascript .= "
1288      $.validator.addMethod('passwordSecurity', function(value, element, param) {
1289          return !(
1290                  ($('#email').val() != '' && value == $('#email').val()) ||
1291                  ($('#username').val() != '' && value == $('#username').val()) ||
1292                  ($('#email').val() != '' && value.indexOf($('#email').val()) > -1) ||
1293                  ($('#username').val() != '' && value.indexOf($('#username').val()) > -1) ||
1294                  ($('#email').val() != '' && $('#email').val().indexOf(value) > -1) ||
1295                  ($('#username').val() != '' && $('#username').val().indexOf(value) > -1)
1296          );
1297      }, '{$lang->js_validator_bad_password_security}');\n";
1298  
1299              // See if the board has "require complex passwords" enabled.
1300              if($mybb->settings['requirecomplexpasswords'] == 1)
1301              {
1302                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1303  
1304                  $validator_javascript .= "
1305      $('#password').rules('add', {
1306          required: true,
1307          minlength: {$mybb->settings['minpasswordlength']},
1308          remote:{
1309              url: 'xmlhttp.php?action=complex_password',
1310              type: 'post',
1311              dataType: 'json',
1312              data:
1313              {
1314                  my_post_key: my_post_key
1315              },
1316          },
1317          passwordSecurity: '',
1318          messages: {
1319              minlength: '{$lang->js_validator_password_length}',
1320              required: '{$lang->js_validator_password_length}',
1321              remote: '{$lang->js_validator_no_image_text}'
1322          }
1323      });\n";
1324              }
1325              else
1326              {
1327                  $validator_javascript .= "
1328      $('#password').rules('add', {
1329          required: true,
1330          minlength: {$mybb->settings['minpasswordlength']},
1331          passwordSecurity: '',
1332          messages: {
1333              minlength: '{$lang->js_validator_password_length}',
1334              required: '{$lang->js_validator_password_length}'
1335          }
1336      });\n";
1337              }
1338  
1339              $validator_javascript .= "
1340      $('#password2').rules('add', {
1341          required: true,
1342          minlength: {$mybb->settings['minpasswordlength']},
1343          equalTo: '#password',
1344          messages: {
1345              minlength: '{$lang->js_validator_password_length}',
1346              required: '{$lang->js_validator_password_length}',
1347              equalTo: '{$lang->js_validator_password_matches}'
1348          }
1349      });\n";
1350  
1351              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1352          }
1353  
1354          $languages = $lang->get_languages();
1355          $langoptions = $boardlanguage = '';
1356          if(count($languages) > 1)
1357          {
1358              foreach($languages as $name => $language)
1359              {
1360                  $language = htmlspecialchars_uni($language);
1361  
1362                  $sel = '';
1363                  if($mybb->get_input('language') == $name)
1364                  {
1365                      $sel = " selected=\"selected\"";
1366                  }
1367  
1368                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1369              }
1370  
1371              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1372          }
1373  
1374          // Set the time so we can find automated signups
1375          $time = TIME_NOW;
1376  
1377          $plugins->run_hooks("member_register_end");
1378  
1379          $validator_javascript .= "
1380  });
1381  </script>\n";
1382  
1383          eval("\$registration = \"".$templates->get("member_register")."\";");
1384          output_page($registration);
1385      }
1386  }
1387  
1388  if($mybb->input['action'] == "activate")
1389  {
1390      $plugins->run_hooks("member_activate_start");
1391  
1392      if(isset($mybb->input['username']))
1393      {
1394          $mybb->input['username'] = $mybb->get_input('username');
1395          $options = array(
1396              'username_method' => $mybb->settings['username_method'],
1397              'fields' => '*',
1398          );
1399          $user = get_user_by_username($mybb->input['username'], $options);
1400          if(!$user)
1401          {
1402              switch($mybb->settings['username_method'])
1403              {
1404                  case 0:
1405                      error($lang->error_invalidpworusername);
1406                      break;
1407                  case 1:
1408                      error($lang->error_invalidpworusername1);
1409                      break;
1410                  case 2:
1411                      error($lang->error_invalidpworusername2);
1412                      break;
1413                  default:
1414                      error($lang->error_invalidpworusername);
1415                      break;
1416              }
1417          }
1418          $uid = $user['uid'];
1419      }
1420      else
1421      {
1422          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1423      }
1424      if(isset($mybb->input['code']) && $user)
1425      {
1426          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1427          $activation = $db->fetch_array($query);
1428          if(!$activation['uid'])
1429          {
1430              error($lang->error_alreadyactivated);
1431          }
1432          if($activation['code'] !== $mybb->get_input('code'))
1433          {
1434              error($lang->error_badactivationcode);
1435          }
1436  
1437          if($activation['type'] == "b" && $activation['validated'] == 1)
1438          {
1439              error($lang->error_alreadyvalidated);
1440          }
1441  
1442          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1443  
1444          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1445          {
1446              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1447  
1448              $cache->update_awaitingactivation();
1449          }
1450          if($activation['type'] == "e")
1451          {
1452              $newemail = array(
1453                  "email" => $db->escape_string($activation['misc']),
1454              );
1455              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1456              $plugins->run_hooks("member_activate_emailupdated");
1457  
1458              redirect("usercp.php", $lang->redirect_emailupdated);
1459          }
1460          elseif($activation['type'] == "b")
1461          {
1462              $update = array(
1463                  "validated" => 1,
1464              );
1465              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1466              $plugins->run_hooks("member_activate_emailactivated");
1467  
1468              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1469          }
1470          else
1471          {
1472              $plugins->run_hooks("member_activate_accountactivated");
1473  
1474              redirect("index.php", $lang->redirect_accountactivated);
1475          }
1476      }
1477      else
1478      {
1479          $plugins->run_hooks("member_activate_form");
1480  
1481          $code = htmlspecialchars_uni($mybb->get_input('code'));
1482  
1483          if(!isset($user['username']))
1484          {
1485              $user['username'] = '';
1486          }
1487          $user['username'] = htmlspecialchars_uni($user['username']);
1488  
1489          eval("\$activate = \"".$templates->get("member_activate")."\";");
1490          output_page($activate);
1491      }
1492  }
1493  
1494  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1495  {
1496      $plugins->run_hooks("member_do_resendactivation_start");
1497  
1498      if($mybb->settings['regtype'] == "admin")
1499      {
1500          error($lang->error_activated_by_admin);
1501      }
1502  
1503      $errors = array();
1504  
1505      if($mybb->settings['captchaimage'])
1506      {
1507          require_once  MYBB_ROOT.'inc/class_captcha.php';
1508          $captcha = new captcha;
1509  
1510          if($captcha->validate_captcha() == false)
1511          {
1512              // CAPTCHA validation failed
1513              foreach($captcha->get_errors() as $error)
1514              {
1515                  $errors[] = $error;
1516              }
1517          }
1518      }
1519  
1520      $query = $db->query("
1521          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1522          FROM ".TABLE_PREFIX."users u
1523          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r' OR a.type='b')
1524          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1525      ");
1526      $numusers = $db->num_rows($query);
1527      if($numusers < 1)
1528      {
1529          error($lang->error_invalidemail);
1530      }
1531      else
1532      {
1533          if(count($errors) == 0)
1534          {
1535              while($user = $db->fetch_array($query))
1536              {
1537                  if($user['type'] == "b" && $user['validated'] == 1)
1538                  {
1539                      error($lang->error_activated_by_admin);
1540                  }
1541  
1542                  if($user['usergroup'] == 5)
1543                  {
1544                      if(!$user['code'])
1545                      {
1546                          $user['code'] = random_str();
1547                          $uid = $user['uid'];
1548                          $awaitingarray = array(
1549                              "uid" => $uid,
1550                              "dateline" => TIME_NOW,
1551                              "code" => $user['code'],
1552                              "type" => $user['type']
1553                          );
1554                          $db->insert_query("awaitingactivation", $awaitingarray);
1555                      }
1556                      $username = $user['username'];
1557                      $email = $user['email'];
1558                      $activationcode = $user['code'];
1559                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1560                      switch($mybb->settings['username_method'])
1561                      {
1562                          case 0:
1563                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1564                              break;
1565                          case 1:
1566                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1567                              break;
1568                          case 2:
1569                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1570                              break;
1571                          default:
1572                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1573                              break;
1574                      }
1575                      my_mail($email, $emailsubject, $emailmessage);
1576                  }
1577              }
1578  
1579              $plugins->run_hooks("member_do_resendactivation_end");
1580  
1581              redirect("index.php", $lang->redirect_activationresent);
1582          }
1583          else
1584          {
1585              $mybb->input['action'] = "resendactivation";
1586          }
1587      }
1588  }
1589  
1590  if($mybb->input['action'] == "resendactivation")
1591  {
1592      $plugins->run_hooks("member_resendactivation");
1593  
1594      if($mybb->settings['regtype'] == "admin")
1595      {
1596          error($lang->error_activated_by_admin);
1597      }
1598  
1599      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1600      {
1601          error($lang->error_alreadyactivated);
1602      }
1603  
1604      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1605      $activation = $db->fetch_array($query);
1606  
1607      if($activation['validated'] == 1)
1608      {
1609          error($lang->error_activated_by_admin);
1610      }
1611  
1612      $captcha = '';
1613      // Generate CAPTCHA?
1614      if($mybb->settings['captchaimage'])
1615      {
1616          require_once  MYBB_ROOT.'inc/class_captcha.php';
1617          $post_captcha = new captcha(true, "post_captcha");
1618  
1619          if($post_captcha->html)
1620          {
1621              $captcha = $post_captcha->html;
1622          }
1623      }
1624  
1625      if(isset($errors) && count($errors) > 0)
1626      {
1627          $errors = inline_error($errors);
1628          $email = htmlspecialchars_uni($mybb->get_input('email'));
1629      }
1630      else
1631      {
1632          $errors = '';
1633          $email = '';
1634      }
1635  
1636      $plugins->run_hooks("member_resendactivation_end");
1637  
1638      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1639      output_page($activate);
1640  }
1641  
1642  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1643  {
1644      $plugins->run_hooks("member_do_lostpw_start");
1645  
1646      $errors = array();
1647  
1648      if($mybb->settings['captchaimage'])
1649      {
1650          require_once  MYBB_ROOT.'inc/class_captcha.php';
1651          $captcha = new captcha;
1652  
1653          if($captcha->validate_captcha() == false)
1654          {
1655              // CAPTCHA validation failed
1656              foreach($captcha->get_errors() as $error)
1657              {
1658                  $errors[] = $error;
1659              }
1660          }
1661      }
1662  
1663      $email = $db->escape_string($email);
1664      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1665      $numusers = $db->num_rows($query);
1666      if($numusers < 1)
1667      {
1668          error($lang->error_invalidemail);
1669      }
1670      else
1671      {
1672          if(count($errors) == 0)
1673          {
1674              while($user = $db->fetch_array($query))
1675              {
1676                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1677                  $user['activationcode'] = random_str(30);
1678                  $now = TIME_NOW;
1679                  $uid = $user['uid'];
1680                  $awaitingarray = array(
1681                      "uid" => $user['uid'],
1682                      "dateline" => TIME_NOW,
1683                      "code" => $user['activationcode'],
1684                      "type" => "p"
1685                  );
1686                  $db->insert_query("awaitingactivation", $awaitingarray);
1687                  $username = $user['username'];
1688                  $email = $user['email'];
1689                  $activationcode = $user['activationcode'];
1690                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1691                  switch($mybb->settings['username_method'])
1692                  {
1693                      case 0:
1694                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1695                          break;
1696                      case 1:
1697                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1698                          break;
1699                      case 2:
1700                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1701                          break;
1702                      default:
1703                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1704                          break;
1705                  }
1706                  my_mail($email, $emailsubject, $emailmessage);
1707              }
1708  
1709              $plugins->run_hooks("member_do_lostpw_end");
1710  
1711              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1712          }
1713          else
1714          {
1715              $mybb->input['action'] = "lostpw";
1716          }
1717      }
1718  }
1719  
1720  if($mybb->input['action'] == "lostpw")
1721  {
1722      $plugins->run_hooks("member_lostpw");
1723  
1724      $captcha = '';
1725      // Generate CAPTCHA?
1726      if($mybb->settings['captchaimage'])
1727      {
1728          require_once  MYBB_ROOT.'inc/class_captcha.php';
1729          $post_captcha = new captcha(true, "post_captcha");
1730  
1731          if($post_captcha->html)
1732          {
1733              $captcha = $post_captcha->html;
1734          }
1735      }
1736  
1737      if(isset($errors) && count($errors) > 0)
1738      {
1739          $errors = inline_error($errors);
1740          $email = htmlspecialchars_uni($mybb->get_input('email'));
1741      }
1742      else
1743      {
1744          $errors = '';
1745          $email = '';
1746      }
1747  
1748      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1749      output_page($lostpw);
1750  }
1751  
1752  if($mybb->input['action'] == "resetpassword")
1753  {
1754      $plugins->run_hooks("member_resetpassword_start");
1755  
1756      if(isset($mybb->input['username']))
1757      {
1758          $mybb->input['username'] = $mybb->get_input('username');
1759          $options = array(
1760              'username_method' => $mybb->settings['username_method'],
1761              'fields' => '*',
1762          );
1763          $user = get_user_by_username($mybb->input['username'], $options);
1764          if(!$user)
1765          {
1766              switch($mybb->settings['username_method'])
1767              {
1768                  case 0:
1769                      error($lang->error_invalidpworusername);
1770                      break;
1771                  case 1:
1772                      error($lang->error_invalidpworusername1);
1773                      break;
1774                  case 2:
1775                      error($lang->error_invalidpworusername2);
1776                      break;
1777                  default:
1778                      error($lang->error_invalidpworusername);
1779                      break;
1780              }
1781          }
1782      }
1783      else
1784      {
1785          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1786      }
1787  
1788      if(isset($mybb->input['code']) && $user)
1789      {
1790          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1791          $activationcode = $db->fetch_field($query, 'code');
1792          $now = TIME_NOW;
1793          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1794          {
1795              error($lang->error_badlostpwcode);
1796          }
1797          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1798          $username = $user['username'];
1799  
1800          // Generate a new password, then update it
1801          $password_length = (int)$mybb->settings['minpasswordlength'];
1802  
1803          if($password_length < 8)
1804          {
1805              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1806          }
1807  
1808          // Set up user handler.
1809          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1810          $userhandler = new UserDataHandler('update');
1811  
1812          while(!$userhandler->verify_password())
1813          {
1814              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1815  
1816              $userhandler->set_data(array(
1817                  'uid'        => $user['uid'],
1818                  'username'    => $user['username'],
1819                  'email'        => $user['email'],
1820                  'password'    => $password
1821              ));
1822  
1823              $userhandler->set_validated(true);
1824              $userhandler->errors = array();
1825          }
1826  
1827          $userhandler->update_user();
1828  
1829          $logindetails = array(
1830              'salt'        => $userhandler->data['salt'],
1831              'password'    => $userhandler->data['saltedpw'],
1832              'loginkey'    => $userhandler->data['loginkey'],
1833          );
1834  
1835          $email = $user['email'];
1836  
1837          $plugins->run_hooks("member_resetpassword_process");
1838  
1839          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1840          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1841          my_mail($email, $emailsubject, $emailmessage);
1842  
1843          $plugins->run_hooks("member_resetpassword_reset");
1844  
1845          error($lang->redirect_passwordreset);
1846      }
1847      else
1848      {
1849          $plugins->run_hooks("member_resetpassword_form");
1850  
1851          switch($mybb->settings['username_method'])
1852          {
1853              case 0:
1854                  $lang_username = $lang->username;
1855                  break;
1856              case 1:
1857                  $lang_username = $lang->username1;
1858                  break;
1859              case 2:
1860                  $lang_username = $lang->username2;
1861                  break;
1862              default:
1863                  $lang_username = $lang->username;
1864                  break;
1865          }
1866  
1867          $code = htmlspecialchars_uni($mybb->get_input('code'));
1868  
1869          if(!isset($mybb->input['username']))
1870          {
1871              $input_username = '';
1872          }
1873          $input_username = htmlspecialchars_uni($mybb->input['username']);
1874  
1875          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1876          output_page($activate);
1877      }
1878  }
1879  
1880  $do_captcha = $correct = false;
1881  $inline_errors = "";
1882  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1883  {
1884      verify_post_check($mybb->get_input('my_post_key'));
1885  
1886      $errors = array();
1887  
1888      $plugins->run_hooks("member_do_login_start");
1889  
1890      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1891      $loginhandler = new LoginDataHandler("get");
1892  
1893      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1894      {
1895          $mybb->input['password'] = $mybb->get_input('quick_password');
1896          $mybb->input['username'] = $mybb->get_input('quick_username');
1897          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1898      }
1899  
1900      $user = array(
1901          'username' => $mybb->get_input('username'),
1902          'password' => $mybb->get_input('password'),
1903          'remember' => $mybb->get_input('remember'),
1904          'imagestring' => $mybb->get_input('imagestring')
1905      );
1906  
1907      $options = array(
1908          'fields' => 'loginattempts',
1909          'username_method' => (int)$mybb->settings['username_method'],
1910      );
1911  
1912      $user_loginattempts = get_user_by_username($user['username'], $options);
1913      $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1914  
1915      $loginhandler->set_data($user);
1916      $validated = $loginhandler->validate_login();
1917  
1918      if(!$validated)
1919      {
1920          $mybb->input['action'] = "login";
1921          $mybb->request_method = "get";
1922  
1923          $login_user = get_user_by_username($user['username'], array('fields' => 'uid'));
1924  
1925          // Is a fatal call if user has had too many tries
1926          $logins = login_attempt_check($login_user['uid']);
1927  
1928          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".(int)$loginhandler->login_data['uid']."'", 1, true);
1929  
1930          $errors = $loginhandler->get_friendly_errors();
1931  
1932          $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1933  
1934          // If we need a captcha set it here
1935          if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1936          {
1937              $do_captcha = true;
1938              $correct = $loginhandler->captcha_verified;
1939          }
1940      }
1941      else if($validated && $loginhandler->captcha_verified == true)
1942      {
1943          // Successful login
1944          if($loginhandler->login_data['coppauser'])
1945          {
1946              error($lang->error_awaitingcoppa);
1947          }
1948  
1949          $loginhandler->complete_login();
1950  
1951          $plugins->run_hooks("member_do_login_end");
1952  
1953          $mybb->input['url'] = $mybb->get_input('url');
1954  
1955          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1956          {
1957              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1958              {
1959                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1960              }
1961  
1962              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1963  
1964              // Redirect to the URL if it is not member.php
1965              redirect($mybb->input['url'], $lang->redirect_loggedin);
1966          }
1967          else
1968          {
1969  
1970              redirect("index.php", $lang->redirect_loggedin);
1971          }
1972      }
1973  
1974      $plugins->run_hooks("member_do_login_end");
1975  }
1976  
1977  if($mybb->input['action'] == "login")
1978  {
1979      $plugins->run_hooks("member_login");
1980  
1981      $member_loggedin_notice = "";
1982      if($mybb->user['uid'] != 0)
1983      {
1984          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1985          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1986          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1987      }
1988  
1989      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1990      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1991      // and we can't check loginattempts in the db
1992      login_attempt_check();
1993  
1994      // Redirect to the page where the user came from, but not if that was the login page.
1995      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1996      {
1997          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1998      }
1999      else
2000      {
2001          $redirect_url = '';
2002      }
2003  
2004      $captcha = '';
2005      // Show captcha image for guests if enabled and only if we have to do
2006      if($mybb->settings['captchaimage'] && $do_captcha == true)
2007      {
2008          require_once  MYBB_ROOT.'inc/class_captcha.php';
2009          $login_captcha = new captcha(false, "post_captcha");
2010  
2011          if($login_captcha->type == 1)
2012          {
2013              if(!$correct)
2014              {
2015                  $login_captcha->build_captcha();
2016              }
2017              else
2018              {
2019                  $captcha = $login_captcha->build_hidden_captcha();
2020              }
2021          }
2022          elseif(in_array($login_captcha->type, array(2, 4, 5)))
2023          {
2024              $login_captcha->build_recaptcha();
2025          }
2026  
2027          if($login_captcha->html)
2028          {
2029              $captcha = $login_captcha->html;
2030          }
2031      }
2032  
2033      $username = "";
2034      $password = "";
2035      if(isset($mybb->input['username']) && $mybb->request_method == "post")
2036      {
2037          $username = htmlspecialchars_uni($mybb->get_input('username'));
2038      }
2039  
2040      if(isset($mybb->input['password']) && $mybb->request_method == "post")
2041      {
2042          $password = htmlspecialchars_uni($mybb->get_input('password'));
2043      }
2044  
2045      if(!empty($errors))
2046      {
2047          $mybb->input['action'] = "login";
2048          $mybb->request_method = "get";
2049  
2050          $inline_errors = inline_error($errors);
2051      }
2052  
2053      switch($mybb->settings['username_method'])
2054      {
2055          case 1:
2056              $lang->username = $lang->username1;
2057              break;
2058          case 2:
2059              $lang->username = $lang->username2;
2060              break;
2061          default:
2062              break;
2063      }
2064  
2065      $plugins->run_hooks("member_login_end");
2066  
2067      eval("\$login = \"".$templates->get("member_login")."\";");
2068      output_page($login);
2069  }
2070  
2071  if($mybb->input['action'] == "logout")
2072  {
2073      $plugins->run_hooks("member_logout_start");
2074  
2075      if(!$mybb->user['uid'])
2076      {
2077          redirect("index.php", $lang->redirect_alreadyloggedout);
2078      }
2079  
2080      // Check session ID if we have one
2081      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
2082      {
2083          error($lang->error_notloggedout);
2084      }
2085      // Otherwise, check logoutkey
2086      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
2087      {
2088          error($lang->error_notloggedout);
2089      }
2090  
2091      my_unsetcookie("mybbuser");
2092      my_unsetcookie("sid");
2093  
2094      if($mybb->user['uid'])
2095      {
2096          $time = TIME_NOW;
2097          // Run this after the shutdown query from session system
2098          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
2099          $db->delete_query("sessions", "sid = '{$session->sid}'");
2100      }
2101  
2102      $plugins->run_hooks("member_logout_end");
2103  
2104      redirect("index.php", $lang->redirect_loggedout);
2105  }
2106  
2107  if($mybb->input['action'] == "viewnotes")
2108  {
2109      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2110      $user = get_user($uid);
2111  
2112      // Make sure we are looking at a real user here.
2113      if(!$user)
2114      {
2115          error($lang->error_nomember);
2116      }
2117  
2118      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
2119      {
2120          error_no_permission();
2121      }
2122  
2123      $user['username'] = htmlspecialchars_uni($user['username']);
2124      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
2125  
2126      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
2127  
2128      $plugins->run_hooks('member_viewnotes');
2129  
2130      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2131      echo $viewnotes;
2132      exit;
2133  }
2134  
2135  if($mybb->input['action'] == "profile")
2136  {
2137      $plugins->run_hooks("member_profile_start");
2138  
2139      if($mybb->usergroup['canviewprofiles'] == 0)
2140      {
2141          error_no_permission();
2142      }
2143  
2144      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2145      if($uid)
2146      {
2147          $memprofile = get_user($uid);
2148      }
2149      elseif($mybb->user['uid'])
2150      {
2151          $memprofile = $mybb->user;
2152      }
2153      else
2154      {
2155          $memprofile = false;
2156      }
2157  
2158      if(!$memprofile)
2159      {
2160          error($lang->error_nomember);
2161      }
2162  
2163      $uid = $memprofile['uid'];
2164  
2165      $me_username = $memprofile['username'];
2166      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2167      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2168  
2169      // Get member's permissions
2170      $memperms = user_permissions($memprofile['uid']);
2171  
2172      // Set display group
2173      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2174  
2175      if(!$memprofile['displaygroup'])
2176      {
2177          $memprofile['displaygroup'] = $memprofile['usergroup'];
2178      }
2179  
2180      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2181      if(is_array($displaygroup))
2182      {
2183          $memperms = array_merge($memperms, $displaygroup);
2184      }
2185  
2186      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2187      add_breadcrumb($lang->nav_profile);
2188  
2189      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2190      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2191      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2192      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2193      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2194      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2195      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2196  
2197      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2198      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2199  
2200      $website = $sendemail = $sendpm = $contact_details = '';
2201  
2202      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2203      {
2204          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2205          $bgcolor = alt_trow();
2206          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2207      }
2208  
2209      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2210      {
2211          $bgcolor = alt_trow();
2212          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2213      }
2214  
2215      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2216      {
2217          $bgcolor = alt_trow();
2218          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2219      }
2220  
2221      $contact_fields = array();
2222      $any_contact_field = false;
2223      foreach(array('icq', 'yahoo', 'skype', 'google') as $field)
2224      {
2225          $contact_fields[$field] = '';
2226          $settingkey = 'allow'.$field.'field';
2227  
2228          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2229          {
2230              $any_contact_field = true;
2231  
2232              if($field == 'icq')
2233              {
2234                  $memprofile[$field] = (int)$memprofile[$field];
2235              }
2236              else
2237              {
2238                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2239              }
2240              $tmpl = 'member_profile_contact_fields_'.$field;
2241  
2242              $bgcolors[$field] = alt_trow();
2243              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2244          }
2245      }
2246  
2247      if($any_contact_field || $sendemail || $sendpm || $website)
2248      {
2249          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2250      }
2251  
2252      $signature = '';
2253      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2254      {
2255          $sig_parser = array(
2256              "allow_html" => $mybb->settings['sightml'],
2257              "allow_mycode" => $mybb->settings['sigmycode'],
2258              "allow_smilies" => $mybb->settings['sigsmilies'],
2259              "allow_imgcode" => $mybb->settings['sigimgcode'],
2260              "me_username" => $me_username,
2261              "filter_badwords" => 1
2262          );
2263  
2264          if($memperms['signofollow'])
2265          {
2266              $sig_parser['nofollow_on'] = 1;
2267          }
2268  
2269          if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2270          {
2271              $sig_parser['allow_imgcode'] = 0;
2272          }
2273  
2274          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2275          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2276      }
2277  
2278      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2279  
2280      if($daysreg < 1)
2281      {
2282          $daysreg = 1;
2283      }
2284  
2285      $stats = $cache->read("stats");
2286  
2287      // Format post count, per day count and percent of total
2288      $ppd = $memprofile['postnum'] / $daysreg;
2289      $ppd = round($ppd, 2);
2290      if($ppd > $memprofile['postnum'])
2291      {
2292          $ppd = $memprofile['postnum'];
2293      }
2294  
2295      $numposts = $stats['numposts'];
2296      if($numposts == 0)
2297      {
2298          $post_percent = "0";
2299      }
2300      else
2301      {
2302          $post_percent = $memprofile['postnum']*100/$numposts;
2303          $post_percent = round($post_percent, 2);
2304      }
2305  
2306      if($post_percent > 100)
2307      {
2308          $post_percent = 100;
2309      }
2310  
2311      // Format thread count, per day count and percent of total
2312      $tpd = $memprofile['threadnum'] / $daysreg;
2313      $tpd = round($tpd, 2);
2314      if($tpd > $memprofile['threadnum'])
2315      {
2316          $tpd = $memprofile['threadnum'];
2317      }
2318  
2319      $numthreads = $stats['numthreads'];
2320      if($numthreads == 0)
2321      {
2322          $thread_percent = "0";
2323      }
2324      else
2325      {
2326          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2327          $thread_percent = round($thread_percent, 2);
2328      }
2329  
2330      if($thread_percent > 100)
2331      {
2332          $thread_percent = 100;
2333      }
2334  
2335      $findposts = $findthreads = '';
2336      if($mybb->usergroup['cansearch'] == 1)
2337      {
2338          if(!empty($memprofile['postnum']))
2339          {
2340              eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2341          }
2342          if(!empty($memprofile['threadnum']))
2343          {
2344              eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2345          }
2346      }
2347  
2348      $awaybit = '';
2349      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2350      {
2351          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2352          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2353          if(!empty($memprofile['awayreason']))
2354          {
2355              $reason = $parser->parse_badwords($memprofile['awayreason']);
2356              $awayreason = htmlspecialchars_uni($reason);
2357          }
2358          else
2359          {
2360              $awayreason = $lang->away_no_reason;
2361          }
2362          if($memprofile['returndate'] == '')
2363          {
2364              $returndate = "$lang->unknown";
2365          }
2366          else
2367          {
2368              $returnhome = explode("-", $memprofile['returndate']);
2369  
2370              // PHP native date functions use integers so timestamps for years after 2038 will not work
2371              // Thus we use adodb_mktime
2372              if($returnhome[2] >= 2038)
2373              {
2374                  require_once  MYBB_ROOT."inc/functions_time.php";
2375                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2376                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2377              }
2378              else
2379              {
2380                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2381                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2382              }
2383  
2384              // If our away time has expired already, we should be back, right?
2385              if($returnmkdate < TIME_NOW)
2386              {
2387                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2388  
2389                  // Update our status to "not away"
2390                  $memprofile['away'] = 0;
2391              }
2392          }
2393  
2394          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2395          if($memprofile['away'] == 1)
2396          {
2397              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2398          }
2399      }
2400  
2401      $memprofile['timezone'] = (float)$memprofile['timezone'];
2402  
2403      if($memprofile['dst'] == 1)
2404      {
2405          $memprofile['timezone']++;
2406          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2407          {
2408              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2409          }
2410      }
2411  
2412      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2413      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2414      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2415  
2416      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2417  
2418      if($memprofile['lastactive'])
2419      {
2420          $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
2421          $memlastvisitsep = $lang->comma;
2422          $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2423      }
2424      else
2425      {
2426          $memlastvisitdate = $lang->lastvisit_never;
2427          $memlastvisitsep = '';
2428          $memlastvisittime = '';
2429      }
2430  
2431      if($memprofile['birthday'])
2432      {
2433          $membday = explode("-", $memprofile['birthday']);
2434  
2435          if($memprofile['birthdayprivacy'] != 'none')
2436          {
2437              if($membday[0] && $membday[1] && $membday[2])
2438              {
2439                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2440  
2441                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2442                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2443                  $membday = date($bdayformat, $membday);
2444  
2445                  $membdayage = $lang->membdayage;
2446              }
2447              elseif($membday[2])
2448              {
2449                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2450                  $membday = date("Y", $membday);
2451                  $membdayage = '';
2452              }
2453              else
2454              {
2455                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2456                  $membday = date("F j", $membday);
2457                  $membdayage = '';
2458              }
2459          }
2460  
2461          if($memprofile['birthdayprivacy'] == 'age')
2462          {
2463              $membday = $lang->birthdayhidden;
2464          }
2465          else if($memprofile['birthdayprivacy'] == 'none')
2466          {
2467              $membday = $lang->birthdayhidden;
2468              $membdayage = '';
2469          }
2470      }
2471      else
2472      {
2473          $membday = $lang->not_specified;
2474          $membdayage = '';
2475      }
2476  
2477      // Get the user title for this user
2478      unset($usertitle);
2479      unset($stars);
2480      $starimage = '';
2481      if(trim($memprofile['usertitle']) != '')
2482      {
2483          // User has custom user title
2484          $usertitle = $memprofile['usertitle'];
2485      }
2486      elseif(trim($memperms['usertitle']) != '')
2487      {
2488          // User has group title
2489          $usertitle = $memperms['usertitle'];
2490      }
2491      else
2492      {
2493          // No usergroup title so get a default one
2494          $usertitles = $cache->read('usertitles');
2495  
2496          if(is_array($usertitles))
2497          {
2498              foreach($usertitles as $title)
2499              {
2500                  if($memprofile['postnum'] >= $title['posts'])
2501                  {
2502                      $usertitle = $title['title'];
2503                      $stars = $title['stars'];
2504                      $starimage = $title['starimage'];
2505  
2506                      break;
2507                  }
2508              }
2509          }
2510      }
2511  
2512      $usertitle = htmlspecialchars_uni($usertitle);
2513  
2514      if($memperms['stars'] || $memperms['usertitle'])
2515      {
2516          // Set the number of stars if display group has constant number of stars
2517          $stars = $memperms['stars'];
2518      }
2519      elseif(!$stars)
2520      {
2521          if(!is_array($usertitles))
2522          {
2523              $usertitles = $cache->read('usertitles');
2524          }
2525  
2526          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2527          if(is_array($usertitles))
2528          {
2529              foreach($usertitles as $title)
2530              {
2531                  if($memprofile['postnum'] >= $title['posts'])
2532                  {
2533                      $stars = $title['stars'];
2534                      $starimage = $title['starimage'];
2535                      break;
2536                  }
2537              }
2538          }
2539      }
2540  
2541      $groupimage = '';
2542      if(!empty($memperms['image']))
2543      {
2544          if(!empty($mybb->user['language']))
2545          {
2546              $language = $mybb->user['language'];
2547          }
2548          else
2549          {
2550              $language = $mybb->settings['bblanguage'];
2551          }
2552          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2553          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2554          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2555      }
2556  
2557      if(empty($starimage))
2558      {
2559          $starimage = $memperms['starimage'];
2560      }
2561  
2562      if(!empty($starimage))
2563      {
2564          // Only display stars if we have an image to use...
2565          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2566          $userstars = '';
2567          for($i = 0; $i < $stars; ++$i)
2568          {
2569              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2570          }
2571      }
2572  
2573      // User is currently online and this user has permissions to view the user on the WOL
2574      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2575      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2576      $session = $db->fetch_array($query);
2577  
2578      $online_status = '';
2579      if($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid'])
2580      {
2581          // Lastvisit
2582          if($memprofile['lastactive'])
2583          {
2584              $memlastvisitsep = $lang->comma;
2585              $memlastvisitdate = my_date('relative', $memprofile['lastactive']);
2586          }
2587  
2588          // Time Online
2589          $timeonline = $lang->none_registered;
2590          if($memprofile['timeonline'] > 0)
2591          {
2592              $timeonline = nice_time($memprofile['timeonline']);
2593          }
2594  
2595          // Online?
2596          if(!empty($session))
2597          {
2598              // Fetch their current location
2599              $lang->load("online");
2600              require_once  MYBB_ROOT."inc/functions_online.php";
2601              $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2602              $location = build_friendly_wol_location($activity);
2603              $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2604  
2605              eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2606          }
2607          // User is offline
2608          else
2609          {
2610              eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2611          }
2612      }
2613  
2614      if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2615      {
2616          $memlastvisitsep = '';
2617          $memlastvisittime = '';
2618          $memlastvisitdate = $lang->lastvisit_never;
2619  
2620          if($memprofile['lastactive'])
2621          {
2622              // We have had at least some active time, hide it instead
2623              $memlastvisitdate = $lang->lastvisit_hidden;
2624          }
2625  
2626          $timeonline = $lang->timeonline_hidden;
2627      }
2628  
2629      // Reset the background colours to keep it inline
2630      $alttrow = 'trow1';
2631  
2632      // Build Referral
2633      $referrals = '';
2634      if($mybb->settings['usereferrals'] == 1)
2635      {
2636          $bg_color = alt_trow();
2637  
2638          $uid = (int) $memprofile['uid'];
2639          $referral_count = $memprofile['referrals'];
2640          if ($referral_count > 0) {
2641              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2642          }
2643  
2644          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2645      }
2646  
2647      // Fetch the reputation for this user
2648      $reputation = '';
2649      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2650      {
2651          $bg_color = alt_trow();
2652          $reputation = get_reputation($memprofile['reputation']);
2653  
2654          // If this user has permission to give reputations show the vote link
2655          $vote_link = '';
2656          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2657          {
2658              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2659          }
2660  
2661          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2662      }
2663  
2664      $warning_level = '';
2665      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2666      {
2667          $bg_color = alt_trow();
2668  
2669          if($mybb->settings['maxwarningpoints'] < 1)
2670          {
2671              $mybb->settings['maxwarningpoints'] = 10;
2672          }
2673  
2674          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2675  
2676          if($warning_level > 100)
2677          {
2678              $warning_level = 100;
2679          }
2680  
2681          $warn_user = '';
2682          $warning_link = 'usercp.php';
2683          $warning_level = get_colored_warning_level($warning_level);
2684          if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
2685          {
2686              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2687              $warning_link = "warnings.php?uid={$memprofile['uid']}";
2688          }
2689  
2690          eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2691      }
2692  
2693      $bgcolor = $alttrow = 'trow1';
2694      $customfields = $profilefields = '';
2695  
2696      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2697      $userfields = $db->fetch_array($query);
2698  
2699      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2700      $pfcache = $cache->read('profilefields');
2701  
2702      if(is_array($pfcache))
2703      {
2704          foreach($pfcache as $customfield)
2705          {
2706              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2707              {
2708                  continue;
2709              }
2710  
2711              $thing = explode("\n", $customfield['type'], "2");
2712              $type = trim($thing[0]);
2713  
2714              $customfieldval = $customfield_val = '';
2715              $field = "fid{$customfield['fid']}";
2716  
2717              if(isset($userfields[$field]))
2718              {
2719                  $useropts = explode("\n", $userfields[$field]);
2720                  $customfieldval = $comma = '';
2721                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2722                  {
2723                      foreach($useropts as $val)
2724                      {
2725                          if($val != '')
2726                          {
2727                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2728                          }
2729                      }
2730                      if($customfield_val != '')
2731                      {
2732                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2733                      }
2734                  }
2735                  else
2736                  {
2737                      $parser_options = array(
2738                          "allow_html" => $customfield['allowhtml'],
2739                          "allow_mycode" => $customfield['allowmycode'],
2740                          "allow_smilies" => $customfield['allowsmilies'],
2741                          "allow_imgcode" => $customfield['allowimgcode'],
2742                          "allow_videocode" => $customfield['allowvideocode'],
2743                          #"nofollow_on" => 1,
2744                          "filter_badwords" => 1
2745                      );
2746  
2747                      if($customfield['type'] == "textarea")
2748                      {
2749                          $parser_options['me_username'] = $memprofile['username'];
2750                      }
2751                      else
2752                      {
2753                          $parser_options['nl2br'] = 0;
2754                      }
2755  
2756                      if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2757                      {
2758                          $parser_options['allow_imgcode'] = 0;
2759                      }
2760  
2761                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2762                  }
2763              }
2764  
2765              if($customfieldval)
2766              {
2767                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2768                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2769                  $bgcolor = alt_trow();
2770              }
2771          }
2772      }
2773  
2774      if($customfields)
2775      {
2776          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2777      }
2778  
2779      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2780      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2781  
2782      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2783      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2784  
2785      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2786  
2787      $bannedbit = '';
2788      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2789      {
2790          // Fetch details on their ban
2791          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2792          $memban = $db->fetch_array($query);
2793  
2794          if($memban['reason'])
2795          {
2796              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2797          }
2798          else
2799          {
2800              $memban['reason'] = $lang->na;
2801          }
2802  
2803          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2804          {
2805              $banlength = $lang->permanent;
2806              $timeremaining = $lang->na;
2807          }
2808          else
2809          {
2810              // Set up the array of ban times.
2811              $bantimes = fetch_ban_times();
2812  
2813              $banlength = $bantimes[$memban['bantime']];
2814              $remaining = $memban['lifted']-TIME_NOW;
2815  
2816              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2817  
2818              $banned_class = '';
2819              if($remaining < 3600)
2820              {
2821                  $banned_class = "high_banned";
2822              }
2823              else if($remaining < 86400)
2824              {
2825                  $banned_class = "moderate_banned";
2826              }
2827              else if($remaining < 604800)
2828              {
2829                  $banned_class = "low_banned";
2830              }
2831              else
2832              {
2833                  $banned_class = "normal_banned";
2834              }
2835  
2836              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2837          }
2838  
2839          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2840  
2841          // Display a nice warning to the user
2842          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2843      }
2844  
2845      $adminoptions = '';
2846      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2847      {
2848          eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2849      }
2850  
2851      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2852      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2853      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2854      {
2855          if($mybb->usergroup['canuseipsearch'] == 1)
2856          {
2857              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2858              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2859  
2860              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2861          }
2862  
2863          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2864  
2865          if(!empty($memprofile['usernotes']))
2866          {
2867              if(strlen($memprofile['usernotes']) > 100)
2868              {
2869                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2870                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2871              }
2872          }
2873          else
2874          {
2875              $memprofile['usernotes'] = $lang->no_usernotes;
2876          }
2877  
2878          if($mybb->usergroup['caneditprofiles'] == 1)
2879          {
2880              eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2881              eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2882          }
2883  
2884          if($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && ($mybb->user['uid'] == $memban['admin']) || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1))
2885          {
2886              if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2887              {
2888                  eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2889              }
2890              else
2891              {
2892                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2893              }
2894          }
2895  
2896          if($can_purge_spammer)
2897          {
2898              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2899          }
2900  
2901          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2902          {
2903              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2904          }
2905  
2906          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2907      }
2908  
2909      $add_remove_options = array();
2910      $buddy_options = $ignore_options = $report_options = '';
2911      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2912      {
2913          $buddy_list = explode(',', $mybb->user['buddylist']);
2914          $ignore_list = explode(',', $mybb->user['ignorelist']);
2915  
2916          if(in_array($uid, $buddy_list))
2917          {
2918              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2919          }
2920          else
2921          {
2922              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2923          }
2924  
2925          if(!in_array($uid, $ignore_list))
2926          {
2927              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2928          }
2929  
2930          if(in_array($uid, $ignore_list))
2931          {
2932              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2933          }
2934          else
2935          {
2936              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2937          }
2938  
2939          if(!in_array($uid, $buddy_list))
2940          {
2941              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2942          }
2943  
2944          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2945          {
2946              $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2947              eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2948          }
2949      }
2950  
2951      $plugins->run_hooks("member_profile_end");
2952  
2953      eval("\$profile = \"".$templates->get("member_profile")."\";");
2954      output_page($profile);
2955  }
2956  
2957  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2958  {
2959      // Verify incoming POST request
2960      verify_post_check($mybb->get_input('my_post_key'));
2961  
2962      $plugins->run_hooks("member_do_emailuser_start");
2963  
2964      // Guests or those without permission can't email other users
2965      if($mybb->usergroup['cansendemail'] == 0)
2966      {
2967          error_no_permission();
2968      }
2969  
2970      // Check group limits
2971      if($mybb->usergroup['maxemails'] > 0)
2972      {
2973          if($mybb->user['uid'] > 0)
2974          {
2975              $user_check = "fromuid='{$mybb->user['uid']}'";
2976          }
2977          else
2978          {
2979              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2980          }
2981  
2982          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2983          $sent_count = $db->fetch_field($query, "sent_count");
2984          if($sent_count >= $mybb->usergroup['maxemails'])
2985          {
2986              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2987              error($lang->error_max_emails_day);
2988          }
2989      }
2990  
2991      // Check email flood control
2992      if($mybb->usergroup['emailfloodtime'] > 0)
2993      {
2994          if($mybb->user['uid'] > 0)
2995          {
2996              $user_check = "fromuid='{$mybb->user['uid']}'";
2997          }
2998          else
2999          {
3000              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3001          }
3002  
3003          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3004  
3005          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3006          $last_email = $db->fetch_array($query);
3007  
3008          // Users last email was within the flood time, show the error
3009          if($last_email['mid'])
3010          {
3011              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3012  
3013              if($remaining_time == 1)
3014              {
3015                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3016              }
3017              elseif($remaining_time < 60)
3018              {
3019                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3020              }
3021              elseif($remaining_time > 60 && $remaining_time < 120)
3022              {
3023                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3024              }
3025              else
3026              {
3027                  $remaining_time_minutes = ceil($remaining_time/60);
3028                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3029              }
3030  
3031              error($lang->error_emailflooding);
3032          }
3033      }
3034  
3035      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3036      $to_user = $db->fetch_array($query);
3037  
3038      if(!$to_user['username'])
3039      {
3040          error($lang->error_invalidusername);
3041      }
3042  
3043      if($to_user['hideemail'] != 0)
3044      {
3045          error($lang->error_hideemail);
3046      }
3047  
3048      $errors = array();
3049  
3050      if($mybb->user['uid'])
3051      {
3052          $mybb->input['fromemail'] = $mybb->user['email'];
3053          $mybb->input['fromname'] = $mybb->user['username'];
3054      }
3055  
3056      if(!validate_email_format($mybb->input['fromemail']))
3057      {
3058          $errors[] = $lang->error_invalidfromemail;
3059      }
3060  
3061      if(empty($mybb->input['fromname']))
3062      {
3063          $errors[] = $lang->error_noname;
3064      }
3065  
3066      if(empty($mybb->input['subject']))
3067      {
3068          $errors[] = $lang->error_no_email_subject;
3069      }
3070  
3071      if(empty($mybb->input['message']))
3072      {
3073          $errors[] = $lang->error_no_email_message;
3074      }
3075  
3076      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3077      {
3078          require_once  MYBB_ROOT.'inc/class_captcha.php';
3079          $captcha = new captcha;
3080  
3081          if($captcha->validate_captcha() == false)
3082          {
3083              // CAPTCHA validation failed
3084              foreach($captcha->get_errors() as $error)
3085              {
3086                  $errors[] = $error;
3087              }
3088          }
3089      }
3090  
3091      if(count($errors) == 0)
3092      {
3093          if($mybb->settings['mail_handler'] == 'smtp')
3094          {
3095              $from = $mybb->input['fromemail'];
3096          }
3097          else
3098          {
3099              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
3100          }
3101  
3102          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
3103          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
3104  
3105          if($mybb->settings['mail_logging'] > 0)
3106          {
3107              // Log the message
3108              $log_entry = array(
3109                  "subject" => $db->escape_string($mybb->get_input('subject')),
3110                  "message" => $db->escape_string($mybb->get_input('message')),
3111                  "dateline" => TIME_NOW,
3112                  "fromuid" => $mybb->user['uid'],
3113                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
3114                  "touid" => $to_user['uid'],
3115                  "toemail" => $db->escape_string($to_user['email']),
3116                  "tid" => 0,
3117                  "ipaddress" => $db->escape_binary($session->packedip),
3118                  "type" => 1
3119              );
3120              $db->insert_query("maillogs", $log_entry);
3121          }
3122  
3123          $plugins->run_hooks("member_do_emailuser_end");
3124  
3125          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
3126      }
3127      else
3128      {
3129          $mybb->input['action'] = "emailuser";
3130      }
3131  }
3132  
3133  if($mybb->input['action'] == "emailuser")
3134  {
3135      $plugins->run_hooks("member_emailuser_start");
3136  
3137      // Guests or those without permission can't email other users
3138      if($mybb->usergroup['cansendemail'] == 0)
3139      {
3140          error_no_permission();
3141      }
3142  
3143      // Check group limits
3144      if($mybb->usergroup['maxemails'] > 0)
3145      {
3146          if($mybb->user['uid'] > 0)
3147          {
3148              $user_check = "fromuid='{$mybb->user['uid']}'";
3149          }
3150          else
3151          {
3152              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3153          }
3154  
3155          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3156          $sent_count = $db->fetch_field($query, "sent_count");
3157          if($sent_count >= $mybb->usergroup['maxemails'])
3158          {
3159              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3160              error($lang->error_max_emails_day);
3161          }
3162      }
3163  
3164      // Check email flood control
3165      if($mybb->usergroup['emailfloodtime'] > 0)
3166      {
3167          if($mybb->user['uid'] > 0)
3168          {
3169              $user_check = "fromuid='{$mybb->user['uid']}'";
3170          }
3171          else
3172          {
3173              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3174          }
3175  
3176          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3177  
3178          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3179          $last_email = $db->fetch_array($query);
3180  
3181          // Users last email was within the flood time, show the error
3182          if($last_email['mid'])
3183          {
3184              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3185  
3186              if($remaining_time == 1)
3187              {
3188                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3189              }
3190              elseif($remaining_time < 60)
3191              {
3192                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3193              }
3194              elseif($remaining_time > 60 && $remaining_time < 120)
3195              {
3196                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3197              }
3198              else
3199              {
3200                  $remaining_time_minutes = ceil($remaining_time/60);
3201                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3202              }
3203  
3204              error($lang->error_emailflooding);
3205          }
3206      }
3207  
3208      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3209      $to_user = $db->fetch_array($query);
3210  
3211      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3212      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3213  
3214      if(!$to_user['uid'])
3215      {
3216          error($lang->error_invaliduser);
3217      }
3218  
3219      if($to_user['hideemail'] != 0)
3220      {
3221          error($lang->error_hideemail);
3222      }
3223  
3224      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3225      {
3226          error_no_permission();
3227      }
3228  
3229      if(isset($errors) && count($errors) > 0)
3230      {
3231          $errors = inline_error($errors);
3232          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3233          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3234          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3235          $message = htmlspecialchars_uni($mybb->get_input('message'));
3236      }
3237      else
3238      {
3239          $errors = '';
3240          $fromname = '';
3241          $fromemail = '';
3242          $subject = '';
3243          $message = '';
3244      }
3245  
3246      // Generate CAPTCHA?
3247      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3248      {
3249          require_once  MYBB_ROOT.'inc/class_captcha.php';
3250          $post_captcha = new captcha(true, "post_captcha");
3251  
3252          if($post_captcha->html)
3253          {
3254              $captcha = $post_captcha->html;
3255          }
3256      }
3257      else
3258      {
3259          $captcha = '';
3260      }
3261  
3262      $from_email = '';
3263      if($mybb->user['uid'] == 0)
3264      {
3265          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3266      }
3267  
3268      $plugins->run_hooks("member_emailuser_end");
3269  
3270      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3271      output_page($emailuser);
3272  }
3273  
3274  if($mybb->input['action'] == 'referrals')
3275  {
3276      $plugins->run_hooks('member_referrals_start');
3277  
3278      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3279      if(!$uid)
3280      {
3281          error($lang->referrals_no_user_specified);
3282      }
3283  
3284      $user = get_user($uid);
3285  
3286      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3287      add_breadcrumb($lang->nav_referrals);
3288  
3289      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3290      $referral_count = $db->fetch_field($query, 'total');
3291  
3292      $bg_color = 'trow1';
3293  
3294      if($referral_count == 0)
3295      {
3296          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3297      }
3298      else
3299      {
3300          // Figure out if we need to display multiple pages.
3301          $perpage = 20;
3302          if ((int) $mybb->settings['referralsperpage']) {
3303              $perpage = (int) $mybb->settings['referralsperpage'];
3304          }
3305  
3306          $page = 1;
3307          if($mybb->get_input('page', MyBB::INPUT_INT))
3308          {
3309              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3310          }
3311  
3312          $pages = ceil($referral_count / $perpage);
3313  
3314          if($page > $pages || $page <= 0)
3315          {
3316              $page = 1;
3317          }
3318  
3319          if($page)
3320          {
3321              $start = ($page-1) * $perpage;
3322          }
3323          else
3324          {
3325              $start = 0;
3326              $page = 1;
3327          }
3328  
3329          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3330  
3331          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3332          {
3333              // Format user name link
3334              $username = htmlspecialchars_uni($referral['username']);
3335              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3336              $username = build_profile_link($username, $referral['uid']);
3337  
3338              $regdate = my_date('normal', $referral['regdate']);
3339  
3340              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3341  
3342              $bg_color = alt_trow();
3343          }
3344      }
3345  
3346      $plugins->run_hooks('member_referrals_end');
3347  
3348      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3349      output_page($referrals);
3350  }
3351  
3352  if(!$mybb->input['action'])
3353  {
3354      header("Location: index.php");
3355  }


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1