[ Index ]

PHP Cross Reference of MyBB 1.8.19

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_contact_fields_yahoo,member_profile_pm,member_profile_contact_details";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  $parser = new postParser;
  35  
  36  // Load global language phrases
  37  $lang->load("member");
  38  
  39  $mybb->input['action'] = $mybb->get_input('action');
  40  
  41  // Make navigation
  42  switch($mybb->input['action'])
  43  {
  44      case "register":
  45      case "do_register":
  46          add_breadcrumb($lang->nav_register);
  47          break;
  48      case "activate":
  49          add_breadcrumb($lang->nav_activate);
  50          break;
  51      case "resendactivation":
  52          add_breadcrumb($lang->nav_resendactivation);
  53          break;
  54      case "lostpw":
  55          add_breadcrumb($lang->nav_lostpw);
  56          break;
  57      case "resetpassword":
  58          add_breadcrumb($lang->nav_resetpassword);
  59          break;
  60      case "login":
  61          add_breadcrumb($lang->nav_login);
  62          break;
  63      case "emailuser":
  64          add_breadcrumb($lang->nav_emailuser);
  65          break;
  66  }
  67  
  68  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  69  {
  70      if($mybb->settings['disableregs'] == 1)
  71      {
  72          error($lang->registrations_disabled);
  73      }
  74      if($mybb->user['uid'] != 0)
  75      {
  76          error($lang->error_alreadyregistered);
  77      }
  78      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  79      {
  80          $time = TIME_NOW;
  81          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  82          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  83          $regcount = $db->num_rows($query);
  84          if($regcount >= $mybb->settings['maxregsbetweentime'])
  85          {
  86              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  87              error($lang->error_alreadyregisteredtime);
  88          }
  89      }
  90  }
  91  
  92  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  93  {
  94      $plugins->run_hooks("member_do_register_start");
  95  
  96      // Are checking how long it takes for users to register?
  97      if($mybb->settings['regtime'] > 0)
  98      {
  99          // Is the field actually set?
 100          if(isset($mybb->input['regtime']))
 101          {
 102              // Check how long it took for this person to register
 103              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 104  
 105              // See if they registered faster than normal
 106              if($timetook < $mybb->settings['regtime'])
 107              {
 108                  // This user registered pretty quickly, bot detected!
 109                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 110                  error($lang->error_spam_deny_time);
 111              }
 112          }
 113          else
 114          {
 115              error($lang->error_spam_deny);
 116          }
 117      }
 118  
 119      // If we have hidden CATPCHA enabled and it's filled, deny registration
 120      if($mybb->settings['hiddencaptchaimage'])
 121      {
 122          $string = $mybb->settings['hiddencaptchaimagefield'];
 123  
 124          if(!empty($mybb->input[$string]))
 125          {
 126              error($lang->error_spam_deny);
 127          }
 128      }
 129  
 130      if($mybb->settings['regtype'] == "randompass")
 131      {
 132  
 133          $password_length = (int)$mybb->settings['minpasswordlength'];
 134          if($password_length < 8)
 135          {
 136              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 137          }
 138  
 139          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 140          $mybb->input['password2'] = $mybb->input['password'];
 141      }
 142  
 143      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 144      {
 145          $usergroup = 5;
 146      }
 147      else
 148      {
 149          $usergroup = 2;
 150      }
 151  
 152      // Set up user handler.
 153      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 154      $userhandler = new UserDataHandler("insert");
 155  
 156      $coppauser = 0;
 157      if(isset($mybb->cookies['coppauser']))
 158      {
 159          $coppauser = (int)$mybb->cookies['coppauser'];
 160      }
 161  
 162      // Set the data for the new user.
 163      $user = array(
 164          "username" => $mybb->get_input('username'),
 165          "password" => $mybb->get_input('password'),
 166          "password2" => $mybb->get_input('password2'),
 167          "email" => $mybb->get_input('email'),
 168          "email2" => $mybb->get_input('email2'),
 169          "usergroup" => $usergroup,
 170          "referrer" => $mybb->get_input('referrername'),
 171          "timezone" => $mybb->get_input('timezoneoffset'),
 172          "language" => $mybb->get_input('language'),
 173          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 174          "regip" => $session->packedip,
 175          "coppa_user" => $coppauser,
 176          "regcheck1" => $mybb->get_input('regcheck1'),
 177          "regcheck2" => $mybb->get_input('regcheck2'),
 178          "registration" => true
 179      );
 180  
 181      // Do we have a saved COPPA DOB?
 182      if(isset($mybb->cookies['coppadob']))
 183      {
 184          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 185          $user['birthday'] = array(
 186              "day" => $dob_day,
 187              "month" => $dob_month,
 188              "year" => $dob_year
 189          );
 190      }
 191  
 192      $user['options'] = array(
 193          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 194          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 195          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 196          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 197          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 198          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 199          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 200          "dstcorrection" => $mybb->get_input('dstcorrection')
 201      );
 202  
 203      $userhandler->set_data($user);
 204  
 205      $errors = array();
 206  
 207      if(!$userhandler->validate_user())
 208      {
 209          $errors = $userhandler->get_friendly_errors();
 210      }
 211  
 212      if($mybb->settings['enablestopforumspam_on_register'])
 213      {
 214          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 215  
 216          $stop_forum_spam_checker = new StopForumSpamChecker(
 217              $plugins,
 218              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 219              $mybb->settings['stopforumspam_check_usernames'],
 220              $mybb->settings['stopforumspam_check_emails'],
 221              $mybb->settings['stopforumspam_check_ips'],
 222              $mybb->settings['stopforumspam_log_blocks']
 223          );
 224  
 225          try {
 226              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 227              {
 228                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 229                          $stop_forum_spam_checker->getErrorText(array(
 230                              'stopforumspam_check_usernames',
 231                              'stopforumspam_check_emails',
 232                              'stopforumspam_check_ips'
 233                              ))));
 234              }
 235          }
 236          catch (Exception $e)
 237          {
 238              if($mybb->settings['stopforumspam_block_on_error'])
 239              {
 240                  error($lang->error_stop_forum_spam_fetching);
 241              }
 242          }
 243      }
 244  
 245      if($mybb->settings['captchaimage'])
 246      {
 247          require_once  MYBB_ROOT.'inc/class_captcha.php';
 248          $captcha = new captcha;
 249  
 250          if($captcha->validate_captcha() == false)
 251          {
 252              // CAPTCHA validation failed
 253              foreach($captcha->get_errors() as $error)
 254              {
 255                  $errors[] = $error;
 256              }
 257          }
 258      }
 259  
 260      // If we have a security question, check to see if answer is correct
 261      if($mybb->settings['securityquestion'])
 262      {
 263          $question_id = $db->escape_string($mybb->get_input('question_id'));
 264          $answer = $db->escape_string($mybb->get_input('answer'));
 265  
 266          $query = $db->query("
 267              SELECT q.*, s.sid
 268              FROM ".TABLE_PREFIX."questionsessions s
 269              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 270              WHERE q.active='1' AND s.sid='{$question_id}'
 271          ");
 272          if($db->num_rows($query) > 0)
 273          {
 274              $question = $db->fetch_array($query);
 275              $valid_answers = explode("\n", $question['answer']);
 276              $validated = 0;
 277  
 278              foreach($valid_answers as $answers)
 279              {
 280                  if(my_strtolower($answers) == my_strtolower($answer))
 281                  {
 282                      $validated = 1;
 283                  }
 284              }
 285  
 286              if($validated != 1)
 287              {
 288                  $update_question = array(
 289                      "incorrect" => $question['incorrect'] + 1
 290                  );
 291                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 292  
 293                  $errors[] = $lang->error_question_wrong;
 294              }
 295              else
 296              {
 297                  $update_question = array(
 298                      "correct" => $question['correct'] + 1
 299                  );
 300                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 301              }
 302  
 303              $db->delete_query("questionsessions", "sid='{$sid}'");
 304          }
 305      }
 306  
 307      if(!empty($errors))
 308      {
 309          $username = htmlspecialchars_uni($mybb->get_input('username'));
 310          $email = htmlspecialchars_uni($mybb->get_input('email'));
 311          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 312          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 313  
 314          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 315          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 316  
 317          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 318          {
 319              $allownoticescheck = "checked=\"checked\"";
 320          }
 321  
 322          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 323          {
 324              $hideemailcheck = "checked=\"checked\"";
 325          }
 326  
 327          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 328          {
 329              $no_subscribe_selected = "selected=\"selected\"";
 330          }
 331          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 332          {
 333              $instant_email_subscribe_selected = "selected=\"selected\"";
 334          }
 335          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 336          {
 337              $instant_pm_subscribe_selected = "selected=\"selected\"";
 338          }
 339          else
 340          {
 341              $no_auto_subscribe_selected = "selected=\"selected\"";
 342          }
 343  
 344          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 345          {
 346              $receivepmscheck = "checked=\"checked\"";
 347          }
 348  
 349          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 350          {
 351              $pmnoticecheck = " checked=\"checked\"";
 352          }
 353  
 354          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 355          {
 356              $pmnotifycheck = "checked=\"checked\"";
 357          }
 358  
 359          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 360          {
 361              $invisiblecheck = "checked=\"checked\"";
 362          }
 363  
 364          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 365          {
 366              $dst_auto_selected = "selected=\"selected\"";
 367          }
 368          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 369          {
 370              $dst_enabled_selected = "selected=\"selected\"";
 371          }
 372          else
 373          {
 374              $dst_disabled_selected = "selected=\"selected\"";
 375          }
 376  
 377          $regerrors = inline_error($errors);
 378          $mybb->input['action'] = "register";
 379          $fromreg = 1;
 380      }
 381      else
 382      {
 383          $user_info = $userhandler->insert_user();
 384  
 385          // Invalidate solved captcha
 386          if($mybb->settings['captchaimage'])
 387          {
 388              $captcha->invalidate_captcha();
 389          }
 390  
 391          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 392          {
 393              // Log them in
 394              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 395          }
 396  
 397          if(isset($mybb->cookies['coppauser']))
 398          {
 399              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 400              my_unsetcookie("coppauser");
 401              my_unsetcookie("coppadob");
 402              $plugins->run_hooks("member_do_register_end");
 403              error($lang->redirect_registered_coppa_activate);
 404          }
 405          else if($mybb->settings['regtype'] == "verify")
 406          {
 407              $activationcode = random_str();
 408              $now = TIME_NOW;
 409              $activationarray = array(
 410                  "uid" => $user_info['uid'],
 411                  "dateline" => TIME_NOW,
 412                  "code" => $activationcode,
 413                  "type" => "r"
 414              );
 415              $db->insert_query("awaitingactivation", $activationarray);
 416              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 417              switch($mybb->settings['username_method'])
 418              {
 419                  case 0:
 420                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 421                      break;
 422                  case 1:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 2:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  default:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431              }
 432              my_mail($user_info['email'], $emailsubject, $emailmessage);
 433  
 434              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 435  
 436              $plugins->run_hooks("member_do_register_end");
 437  
 438              error($lang->redirect_registered_activation);
 439          }
 440          else if($mybb->settings['regtype'] == "randompass")
 441          {
 442              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 443              switch($mybb->settings['username_method'])
 444              {
 445                  case 0:
 446                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 447                      break;
 448                  case 1:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 450                      break;
 451                  case 2:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 453                      break;
 454                  default:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 456                      break;
 457              }
 458              my_mail($user_info['email'], $emailsubject, $emailmessage);
 459  
 460              $plugins->run_hooks("member_do_register_end");
 461  
 462              error($lang->redirect_registered_passwordsent);
 463          }
 464          else if($mybb->settings['regtype'] == "admin")
 465          {
 466              $groups = $cache->read("usergroups");
 467              $admingroups = array();
 468              if(!empty($groups)) // Shouldn't be...
 469              {
 470                  foreach($groups as $group)
 471                  {
 472                      if($group['cancp'] == 1)
 473                      {
 474                          $admingroups[] = (int)$group['gid'];
 475                      }
 476                  }
 477              }
 478  
 479              if(!empty($admingroups))
 480              {
 481                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 482                  foreach($admingroups as $admingroup)
 483                  {
 484                      switch($db->type)
 485                      {
 486                          case 'pgsql':
 487                          case 'sqlite':
 488                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 489                              break;
 490                          default:
 491                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 492                              break;
 493                      }
 494                  }
 495                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 496                  while($recipient = $db->fetch_array($q))
 497                  {
 498                      // First we check if the user's a super admin: if yes, we don't care about permissions
 499                      $is_super_admin = is_super_admin($recipient['uid']);
 500                      if(!$is_super_admin)
 501                      {
 502                          // Include admin functions
 503                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 504                          {
 505                              continue;
 506                          }
 507  
 508                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 509  
 510                          // Verify if we have permissions to access user-users
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 512                          if(function_exists("user_admin_permissions"))
 513                          {
 514                              // Get admin permissions
 515                              $adminperms = get_admin_permissions($recipient['uid']);
 516  
 517                              $permissions = user_admin_permissions();
 518                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 519                              {
 520                                  continue; // No permissions
 521                              }
 522                          }
 523                      }
 524  
 525                      // Load language
 526                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 527                      {
 528                          $reset_lang = true;
 529                          $lang->set_language($recipient['language']);
 530                          $lang->load("member");
 531                      }
 532  
 533                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 534                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 535                      my_mail($recipient['email'], $subject, $message);
 536                  }
 537  
 538                  // Reset language
 539                  if(isset($reset_lang))
 540                  {
 541                      $lang->set_language($mybb->settings['bblanguage']);
 542                      $lang->load("member");
 543                  }
 544              }
 545  
 546              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 547  
 548              $plugins->run_hooks("member_do_register_end");
 549  
 550              error($lang->redirect_registered_admin_activate);
 551          }
 552          else if($mybb->settings['regtype'] == "both")
 553          {
 554              $groups = $cache->read("usergroups");
 555              $admingroups = array();
 556              if(!empty($groups)) // Shouldn't be...
 557              {
 558                  foreach($groups as $group)
 559                  {
 560                      if($group['cancp'] == 1)
 561                      {
 562                          $admingroups[] = (int)$group['gid'];
 563                      }
 564                  }
 565              }
 566  
 567              if(!empty($admingroups))
 568              {
 569                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 570                  foreach($admingroups as $admingroup)
 571                  {
 572                      switch($db->type)
 573                      {
 574                          case 'pgsql':
 575                          case 'sqlite':
 576                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 577                              break;
 578                          default:
 579                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 580                              break;
 581                      }
 582                  }
 583                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 584                  while($recipient = $db->fetch_array($q))
 585                  {
 586                      // First we check if the user's a super admin: if yes, we don't care about permissions
 587                      $is_super_admin = is_super_admin($recipient['uid']);
 588                      if(!$is_super_admin)
 589                      {
 590                          // Include admin functions
 591                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 592                          {
 593                              continue;
 594                          }
 595  
 596                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 597  
 598                          // Verify if we have permissions to access user-users
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 600                          if(function_exists("user_admin_permissions"))
 601                          {
 602                              // Get admin permissions
 603                              $adminperms = get_admin_permissions($recipient['uid']);
 604  
 605                              $permissions = user_admin_permissions();
 606                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 607                              {
 608                                  continue; // No permissions
 609                              }
 610                          }
 611                      }
 612  
 613                      // Load language
 614                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 615                      {
 616                          $reset_lang = true;
 617                          $lang->set_language($recipient['language']);
 618                          $lang->load("member");
 619                      }
 620  
 621                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 622                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 623                      my_mail($recipient['email'], $subject, $message);
 624                  }
 625  
 626                  // Reset language
 627                  if(isset($reset_lang))
 628                  {
 629                      $lang->set_language($mybb->settings['bblanguage']);
 630                      $lang->load("member");
 631                  }
 632              }
 633  
 634              $activationcode = random_str();
 635              $activationarray = array(
 636                  "uid" => $user_info['uid'],
 637                  "dateline" => TIME_NOW,
 638                  "code" => $activationcode,
 639                  "type" => "b"
 640              );
 641              $db->insert_query("awaitingactivation", $activationarray);
 642              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 643              switch($mybb->settings['username_method'])
 644              {
 645                  case 0:
 646                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 647                      break;
 648                  case 1:
 649                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 650                      break;
 651                  case 2:
 652                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 653                      break;
 654                  default:
 655                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 656                      break;
 657              }
 658              my_mail($user_info['email'], $emailsubject, $emailmessage);
 659  
 660              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 661  
 662              $plugins->run_hooks("member_do_register_end");
 663  
 664              error($lang->redirect_registered_activation);
 665          }
 666          else
 667          {
 668              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 669  
 670              $plugins->run_hooks("member_do_register_end");
 671  
 672              redirect("index.php", $lang->redirect_registered);
 673          }
 674      }
 675  }
 676  
 677  if($mybb->input['action'] == "coppa_form")
 678  {
 679      if(!$mybb->settings['faxno'])
 680      {
 681          $mybb->settings['faxno'] = "&nbsp;";
 682      }
 683  
 684      $plugins->run_hooks("member_coppa_form");
 685  
 686      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 687      output_page($coppa_form);
 688  }
 689  
 690  if($mybb->input['action'] == "register")
 691  {
 692      $bdaysel = '';
 693      if($mybb->settings['coppa'] == "disabled")
 694      {
 695          $bdaysel = $bday2blank = '';
 696      }
 697      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 698      for($day = 1; $day <= 31; ++$day)
 699      {
 700          $selected = '';
 701          if($mybb->input['bday1'] == $day)
 702          {
 703              $selected = " selected=\"selected\"";
 704          }
 705  
 706          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 707      }
 708  
 709      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 710      $bdaymonthsel = array();
 711      foreach(range(1, 12) as $number)
 712      {
 713          $bdaymonthsel[$number] = '';
 714      }
 715      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 716      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 717  
 718      if($birthday_year == 0)
 719      {
 720          $birthday_year = '';
 721      }
 722  
 723      // Is COPPA checking enabled?
 724      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 725      {
 726          // Just selected DOB, we check
 727          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 728          {
 729              my_unsetcookie("coppauser");
 730  
 731              $months = get_bdays($birthday_year);
 732              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 733              {
 734                  error($lang->error_invalid_birthday);
 735              }
 736  
 737              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 738  
 739              // Store DOB in cookie so we can save it with the registration
 740              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 741  
 742              // User is <= 13, we mark as a coppa user
 743              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 744              {
 745                  my_setcookie("coppauser", 1, -0);
 746                  $under_thirteen = true;
 747              }
 748              $mybb->request_method = "";
 749          }
 750          // Show DOB select form
 751          else
 752          {
 753              $plugins->run_hooks("member_register_coppa");
 754  
 755              my_unsetcookie("coppauser");
 756  
 757              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 758              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 759              output_page($coppa);
 760              exit;
 761          }
 762      }
 763  
 764      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 765      {
 766          $coppa_agreement = '';
 767          // Is this user a COPPA user? We need to show the COPPA agreement too
 768          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 769          {
 770              if($mybb->settings['coppa'] == "deny")
 771              {
 772                  error($lang->error_need_to_be_thirteen);
 773              }
 774              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 775              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 776          }
 777  
 778          $plugins->run_hooks("member_register_agreement");
 779  
 780          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 781          output_page($agreement);
 782      }
 783      else
 784      {
 785          $plugins->run_hooks("member_register_start");
 786  
 787          // JS validator extra
 788          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 789          {
 790              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 791          }
 792  
 793          $validator_javascript = "<script type=\"text/javascript\">
 794  $(document).ready(function() {
 795      $('#registration_form').validate({
 796          rules: {
 797              username: {
 798                  required: true,
 799                  minlength: {$mybb->settings['minnamelength']},
 800                  maxlength: {$mybb->settings['maxnamelength']},
 801                  remote: {
 802                      url: 'xmlhttp.php?action=username_availability',
 803                      type: 'post',
 804                      dataType: 'json',
 805                      data:
 806                      {
 807                          my_post_key: my_post_key
 808                      },
 809                  },
 810              },
 811              email: {
 812                  required: true,
 813                  email: true,
 814                  remote: {
 815                      url: 'xmlhttp.php?action=email_availability',
 816                      type: 'post',
 817                      dataType: 'json',
 818                      data:
 819                      {
 820                          my_post_key: my_post_key
 821                      },
 822                  },
 823              },
 824              email2: {
 825                  required: true,
 826                  email: true,
 827                  equalTo: '#email'
 828              },
 829          },
 830          messages: {
 831              username: {
 832                  minlength: '{$lang->js_validator_username_length}',
 833                  maxlength: '{$lang->js_validator_username_length}',
 834              },
 835              email: '{$lang->js_validator_invalid_email}',
 836              email2: '{$lang->js_validator_email_match}',
 837          },
 838          errorPlacement: function(error, element) {
 839              if(element.is(':checkbox') || element.is(':radio'))
 840                  error.insertAfter($('input[name=\"' + element.attr('name') + '\"]').last().next('span'));
 841              else
 842                  error.insertAfter(element);
 843          }
 844      });\n";
 845  
 846          if(isset($mybb->input['timezoneoffset']))
 847          {
 848              $timezoneoffset = $mybb->get_input('timezoneoffset');
 849          }
 850          else
 851          {
 852              $timezoneoffset = $mybb->settings['timezoneoffset'];
 853          }
 854          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 855  
 856          $stylelist = build_theme_select("style");
 857  
 858          if($mybb->settings['usertppoptions'])
 859          {
 860              $tppoptions = '';
 861              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 862              if(is_array($explodedtpp))
 863              {
 864                  foreach($explodedtpp as $val)
 865                  {
 866                      $val = trim($val);
 867                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 868                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 869                  }
 870              }
 871              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 872          }
 873          if($mybb->settings['userpppoptions'])
 874          {
 875              $pppoptions = '';
 876              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 877              if(is_array($explodedppp))
 878              {
 879                  foreach($explodedppp as $val)
 880                  {
 881                      $val = trim($val);
 882                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 883                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 884                  }
 885              }
 886              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 887          }
 888          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 889          {
 890              if(isset($mybb->cookies['mybb']['referrer']))
 891              {
 892                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 893                  $ref = $db->fetch_array($query);
 894                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 895                  $referrername = $ref['username'];
 896              }
 897              elseif(isset($referrer))
 898              {
 899                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 900                  $ref = $db->fetch_array($query);
 901                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 902                  $referrername = $ref['username'];
 903              }
 904              elseif(!empty($referrername))
 905              {
 906                  $ref = get_user_by_username($referrername);
 907                  if(!$ref['uid'])
 908                  {
 909                      $errors[] = $lang->error_badreferrer;
 910                  }
 911              }
 912              else
 913              {
 914                  $referrername = '';
 915              }
 916              if(isset($quickreg))
 917              {
 918                  $refbg = "trow1";
 919              }
 920              else
 921              {
 922                  $refbg = "trow2";
 923              }
 924              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 925          }
 926          else
 927          {
 928              $referrer = '';
 929          }
 930          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 931          // Custom profile fields baby!
 932          $altbg = "trow1";
 933          $requiredfields = $customfields = '';
 934  
 935          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 936          {
 937              $usergroup = 5;
 938          }
 939          else
 940          {
 941              $usergroup = 2;
 942          }
 943  
 944          $pfcache = $cache->read('profilefields');
 945  
 946          if(is_array($pfcache))
 947          {
 948              foreach($pfcache as $profilefield)
 949              {
 950                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 951                  {
 952                      continue;
 953                  }
 954  
 955                  $code = $select = $val = $options = $expoptions = $useropts = '';
 956                  $seloptions = array();
 957                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 958                  $thing = explode("\n", $profilefield['type'], "2");
 959                  $type = trim($thing[0]);
 960                  $options = $thing[1];
 961                  $select = '';
 962                  $field = "fid{$profilefield['fid']}";
 963                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 964                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 965                  if($errors && isset($mybb->input['profile_fields'][$field]))
 966                  {
 967                      $userfield = $mybb->input['profile_fields'][$field];
 968                  }
 969                  else
 970                  {
 971                      $userfield = '';
 972                  }
 973                  if($type == "multiselect")
 974                  {
 975                      if($errors)
 976                      {
 977                          $useropts = $userfield;
 978                      }
 979                      else
 980                      {
 981                          $useropts = explode("\n", $userfield);
 982                      }
 983                      if(is_array($useropts))
 984                      {
 985                          foreach($useropts as $key => $val)
 986                          {
 987                              $seloptions[$val] = $val;
 988                          }
 989                      }
 990                      $expoptions = explode("\n", $options);
 991                      if(is_array($expoptions))
 992                      {
 993                          foreach($expoptions as $key => $val)
 994                          {
 995                              $val = trim($val);
 996                              $val = str_replace("\n", "\\n", $val);
 997  
 998                              $sel = "";
 999                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1000                              {
1001                                  $sel = ' selected="selected"';
1002                              }
1003  
1004                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1005                          }
1006                          if(!$profilefield['length'])
1007                          {
1008                              $profilefield['length'] = 3;
1009                          }
1010  
1011                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
1012                      }
1013                  }
1014                  elseif($type == "select")
1015                  {
1016                      $expoptions = explode("\n", $options);
1017                      if(is_array($expoptions))
1018                      {
1019                          foreach($expoptions as $key => $val)
1020                          {
1021                              $val = trim($val);
1022                              $val = str_replace("\n", "\\n", $val);
1023                              $sel = "";
1024                              if($val == $userfield)
1025                              {
1026                                  $sel = ' selected="selected"';
1027                              }
1028  
1029                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
1030                          }
1031                          if(!$profilefield['length'])
1032                          {
1033                              $profilefield['length'] = 1;
1034                          }
1035  
1036                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
1037                      }
1038                  }
1039                  elseif($type == "radio")
1040                  {
1041                      $expoptions = explode("\n", $options);
1042                      if(is_array($expoptions))
1043                      {
1044                          foreach($expoptions as $key => $val)
1045                          {
1046                              $checked = "";
1047                              if($val == $userfield)
1048                              {
1049                                  $checked = 'checked="checked"';
1050                              }
1051  
1052                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
1053                          }
1054                      }
1055                  }
1056                  elseif($type == "checkbox")
1057                  {
1058                      if($errors)
1059                      {
1060                          $useropts = $userfield;
1061                      }
1062                      else
1063                      {
1064                          $useropts = explode("\n", $userfield);
1065                      }
1066                      if(is_array($useropts))
1067                      {
1068                          foreach($useropts as $key => $val)
1069                          {
1070                              $seloptions[$val] = $val;
1071                          }
1072                      }
1073                      $expoptions = explode("\n", $options);
1074                      if(is_array($expoptions))
1075                      {
1076                          foreach($expoptions as $key => $val)
1077                          {
1078                              $checked = "";
1079                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1080                              {
1081                                  $checked = 'checked="checked"';
1082                              }
1083  
1084                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1085                          }
1086                      }
1087                  }
1088                  elseif($type == "textarea")
1089                  {
1090                      $value = htmlspecialchars_uni($userfield);
1091                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1092                  }
1093                  else
1094                  {
1095                      $value = htmlspecialchars_uni($userfield);
1096                      $maxlength = "";
1097                      if($profilefield['maxlength'] > 0)
1098                      {
1099                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1100                      }
1101  
1102                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1103                  }
1104  
1105                  if($profilefield['required'] == 1)
1106                  {
1107                      // JS validator extra, choose correct selectors for everything except single select which always has value
1108                      if($type != 'select')
1109                      {
1110                          if($type == "textarea")
1111                          {
1112                              $inp_selector = "$('textarea[name=\"profile_fields[{$field}]\"]')";
1113                          }
1114                          elseif($type == "multiselect")
1115                          {
1116                              $inp_selector = "$('select[name=\"profile_fields[{$field}][]\"]')";
1117                          }
1118                          elseif($type == "checkbox")
1119                          {
1120                              $inp_selector = "$('input[name=\"profile_fields[{$field}][]\"]')";
1121                          }
1122                          else
1123                          {
1124                              $inp_selector = "$('input[name=\"profile_fields[{$field}]\"]')";
1125                          }
1126  
1127                          $validator_javascript .= "
1128      {$inp_selector}.rules('add', {
1129          required: true,
1130          messages: {
1131              required: '{$lang->js_validator_not_empty}'
1132          }
1133      });\n";
1134                      }
1135  
1136                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1137                  }
1138                  else
1139                  {
1140                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1141                  }
1142              }
1143  
1144              if($requiredfields)
1145              {
1146                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1147              }
1148  
1149              if($customfields)
1150              {
1151                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1152              }
1153          }
1154  
1155          if(!isset($fromreg))
1156          {
1157              $allownoticescheck = "checked=\"checked\"";
1158              $hideemailcheck = '';
1159              $receivepmscheck = "checked=\"checked\"";
1160              $pmnoticecheck = " checked=\"checked\"";
1161              $pmnotifycheck = '';
1162              $invisiblecheck = '';
1163              if($mybb->settings['dstcorrection'] == 1)
1164              {
1165                  $enabledstcheck = "checked=\"checked\"";
1166              }
1167              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1168              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1169              $username = $email = $email2 = '';
1170              $regerrors = '';
1171          }
1172          // Spambot registration image thingy
1173          if($mybb->settings['captchaimage'])
1174          {
1175              require_once  MYBB_ROOT.'inc/class_captcha.php';
1176              $captcha = new captcha(true, "member_register_regimage");
1177  
1178              if($captcha->html)
1179              {
1180                  $regimage = $captcha->html;
1181  
1182                  if($mybb->settings['captchaimage'] == 1)
1183                  {
1184                      // JS validator extra for our default CAPTCHA
1185                      $validator_javascript .= "
1186      $('#imagestring').rules('add', {
1187          required: true,
1188          remote:{
1189              url: 'xmlhttp.php?action=validate_captcha',
1190              type: 'post',
1191              dataType: 'json',
1192              data:
1193              {
1194                  imagehash: function () {
1195                      return $('#imagehash').val();
1196                  },
1197                  my_post_key: my_post_key
1198              },
1199          },
1200          messages: {
1201              remote: '{$lang->js_validator_no_image_text}'
1202          }
1203      });\n";
1204                  }
1205              }
1206          }
1207  
1208          // Security Question
1209          $questionbox = '';
1210          if($mybb->settings['securityquestion'])
1211          {
1212              $sid = generate_question();
1213              $query = $db->query("
1214                  SELECT q.question, s.sid
1215                  FROM ".TABLE_PREFIX."questionsessions s
1216                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1217                  WHERE q.active='1' AND s.sid='{$sid}'
1218              ");
1219              if($db->num_rows($query) > 0)
1220              {
1221                  $question = $db->fetch_array($query);
1222  
1223                  $question['question'] = htmlspecialchars_uni($question['question']);
1224                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1225  
1226                  $refresh = '';
1227                  // Total questions
1228                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1229                  $num = $db->fetch_field($q, 'num');
1230                  if($num > 1)
1231                  {
1232                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1233                  }
1234  
1235                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1236  
1237                  $validator_javascript .= "
1238      $('#answer').rules('add', {
1239          required: true,
1240          remote:{
1241              url: 'xmlhttp.php?action=validate_question',
1242              type: 'post',
1243              dataType: 'json',
1244              data:
1245              {
1246                  question: function () {
1247                      return $('#question_id').val();
1248                  },
1249                  my_post_key: my_post_key
1250              },
1251          },
1252          messages: {
1253              remote: '{$lang->js_validator_no_security_question}'
1254          }
1255      });\n";
1256              }
1257          }
1258  
1259          $hiddencaptcha = '';
1260          // Hidden CAPTCHA for Spambots
1261          if($mybb->settings['hiddencaptchaimage'])
1262          {
1263              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1264  
1265              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1266          }
1267          if($mybb->settings['regtype'] != "randompass")
1268          {
1269              // JS validator extra
1270              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1271  
1272              $validator_javascript .= "
1273      $.validator.addMethod('passwordSecurity', function(value, element, param) {
1274          return !(
1275                  ($('#email').val() != '' && value == $('#email').val()) ||
1276                  ($('#username').val() != '' && value == $('#username').val()) ||
1277                  ($('#email').val() != '' && value.indexOf($('#email').val()) > -1) ||
1278                  ($('#username').val() != '' && value.indexOf($('#username').val()) > -1) ||
1279                  ($('#email').val() != '' && $('#email').val().indexOf(value) > -1) ||
1280                  ($('#username').val() != '' && $('#username').val().indexOf(value) > -1)
1281          );
1282      }, '{$lang->js_validator_bad_password_security}');\n";
1283  
1284              // See if the board has "require complex passwords" enabled.
1285              if($mybb->settings['requirecomplexpasswords'] == 1)
1286              {
1287                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1288  
1289                  $validator_javascript .= "
1290      $('#password').rules('add', {
1291          required: true,
1292          minlength: {$mybb->settings['minpasswordlength']},
1293          remote:{
1294              url: 'xmlhttp.php?action=complex_password',
1295              type: 'post',
1296              dataType: 'json',
1297              data:
1298              {
1299                  my_post_key: my_post_key
1300              },
1301          },
1302          passwordSecurity: '',
1303          messages: {
1304              minlength: '{$lang->js_validator_password_length}',
1305              required: '{$lang->js_validator_password_length}',
1306              remote: '{$lang->js_validator_no_image_text}'
1307          }
1308      });\n";
1309              }
1310              else
1311              {
1312                  $validator_javascript .= "
1313      $('#password').rules('add', {
1314          required: true,
1315          minlength: {$mybb->settings['minpasswordlength']},
1316          passwordSecurity: '',
1317          messages: {
1318              minlength: '{$lang->js_validator_password_length}',
1319              required: '{$lang->js_validator_password_length}'
1320          }
1321      });\n";
1322              }
1323  
1324              $validator_javascript .= "
1325      $('#password2').rules('add', {
1326          required: true,
1327          minlength: {$mybb->settings['minpasswordlength']},
1328          equalTo: '#password',
1329          messages: {
1330              minlength: '{$lang->js_validator_password_length}',
1331              required: '{$lang->js_validator_password_length}',
1332              equalTo: '{$lang->js_validator_password_matches}'
1333          }
1334      });\n";
1335  
1336              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1337          }
1338  
1339          $languages = $lang->get_languages();
1340          $langoptions = $boardlanguage = '';
1341          if(count($languages) > 1)
1342          {
1343              foreach($languages as $name => $language)
1344              {
1345                  $language = htmlspecialchars_uni($language);
1346  
1347                  $sel = '';
1348                  if($mybb->get_input('language') == $name)
1349                  {
1350                      $sel = " selected=\"selected\"";
1351                  }
1352  
1353                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1354              }
1355  
1356              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1357          }
1358  
1359          // Set the time so we can find automated signups
1360          $time = TIME_NOW;
1361  
1362          $plugins->run_hooks("member_register_end");
1363  
1364          $validator_javascript .= "
1365  });
1366  </script>\n";
1367  
1368          eval("\$registration = \"".$templates->get("member_register")."\";");
1369          output_page($registration);
1370      }
1371  }
1372  
1373  if($mybb->input['action'] == "activate")
1374  {
1375      $plugins->run_hooks("member_activate_start");
1376  
1377      if(isset($mybb->input['username']))
1378      {
1379          $mybb->input['username'] = $mybb->get_input('username');
1380          $options = array(
1381              'username_method' => $mybb->settings['username_method'],
1382              'fields' => '*',
1383          );
1384          $user = get_user_by_username($mybb->input['username'], $options);
1385          if(!$user)
1386          {
1387              switch($mybb->settings['username_method'])
1388              {
1389                  case 0:
1390                      error($lang->error_invalidpworusername);
1391                      break;
1392                  case 1:
1393                      error($lang->error_invalidpworusername1);
1394                      break;
1395                  case 2:
1396                      error($lang->error_invalidpworusername2);
1397                      break;
1398                  default:
1399                      error($lang->error_invalidpworusername);
1400                      break;
1401              }
1402          }
1403          $uid = $user['uid'];
1404      }
1405      else
1406      {
1407          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1408      }
1409      if(isset($mybb->input['code']) && $user)
1410      {
1411          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1412          $activation = $db->fetch_array($query);
1413          if(!$activation['uid'])
1414          {
1415              error($lang->error_alreadyactivated);
1416          }
1417          if($activation['code'] !== $mybb->get_input('code'))
1418          {
1419              error($lang->error_badactivationcode);
1420          }
1421  
1422          if($activation['type'] == "b" && $activation['validated'] == 1)
1423          {
1424              error($lang->error_alreadyvalidated);
1425          }
1426  
1427          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1428  
1429          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1430          {
1431              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1432  
1433              $cache->update_awaitingactivation();
1434          }
1435          if($activation['type'] == "e")
1436          {
1437              $newemail = array(
1438                  "email" => $db->escape_string($activation['misc']),
1439              );
1440              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1441              $plugins->run_hooks("member_activate_emailupdated");
1442  
1443              redirect("usercp.php", $lang->redirect_emailupdated);
1444          }
1445          elseif($activation['type'] == "b")
1446          {
1447              $update = array(
1448                  "validated" => 1,
1449              );
1450              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1451              $plugins->run_hooks("member_activate_emailactivated");
1452  
1453              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1454          }
1455          else
1456          {
1457              $plugins->run_hooks("member_activate_accountactivated");
1458  
1459              redirect("index.php", $lang->redirect_accountactivated);
1460          }
1461      }
1462      else
1463      {
1464          $plugins->run_hooks("member_activate_form");
1465  
1466          $code = htmlspecialchars_uni($mybb->get_input('code'));
1467  
1468          if(!isset($user['username']))
1469          {
1470              $user['username'] = '';
1471          }
1472          $user['username'] = htmlspecialchars_uni($user['username']);
1473  
1474          eval("\$activate = \"".$templates->get("member_activate")."\";");
1475          output_page($activate);
1476      }
1477  }
1478  
1479  if($mybb->input['action'] == "resendactivation")
1480  {
1481      $plugins->run_hooks("member_resendactivation");
1482  
1483      if($mybb->settings['regtype'] == "admin")
1484      {
1485          error($lang->error_activated_by_admin);
1486      }
1487      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1488      {
1489          error($lang->error_alreadyactivated);
1490      }
1491  
1492      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1493      $activation = $db->fetch_array($query);
1494  
1495      if($activation['validated'] == 1)
1496      {
1497          error($lang->error_activated_by_admin);
1498      }
1499  
1500      $plugins->run_hooks("member_resendactivation_end");
1501  
1502      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1503      output_page($activate);
1504  }
1505  
1506  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1507  {
1508      $plugins->run_hooks("member_do_resendactivation_start");
1509  
1510      if($mybb->settings['regtype'] == "admin")
1511      {
1512          error($lang->error_activated_by_admin);
1513      }
1514  
1515      $query = $db->query("
1516          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1517          FROM ".TABLE_PREFIX."users u
1518          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND a.type='r' OR a.type='b')
1519          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1520      ");
1521      $numusers = $db->num_rows($query);
1522      if($numusers < 1)
1523      {
1524          error($lang->error_invalidemail);
1525      }
1526      else
1527      {
1528          while($user = $db->fetch_array($query))
1529          {
1530              if($user['type'] == "b" && $user['validated'] == 1)
1531              {
1532                  error($lang->error_activated_by_admin);
1533              }
1534  
1535              if($user['usergroup'] == 5)
1536              {
1537                  if(!$user['code'])
1538                  {
1539                      $user['code'] = random_str();
1540                      $uid = $user['uid'];
1541                      $awaitingarray = array(
1542                          "uid" => $uid,
1543                          "dateline" => TIME_NOW,
1544                          "code" => $user['code'],
1545                          "type" => $user['type']
1546                      );
1547                      $db->insert_query("awaitingactivation", $awaitingarray);
1548                  }
1549                  $username = $user['username'];
1550                  $email = $user['email'];
1551                  $activationcode = $user['code'];
1552                  $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1553                  switch($mybb->settings['username_method'])
1554                  {
1555                      case 0:
1556                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1557                          break;
1558                      case 1:
1559                          $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1560                          break;
1561                      case 2:
1562                          $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1563                          break;
1564                      default:
1565                          $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1566                          break;
1567                  }
1568                  my_mail($email, $emailsubject, $emailmessage);
1569              }
1570          }
1571          $plugins->run_hooks("member_do_resendactivation_end");
1572  
1573          redirect("index.php", $lang->redirect_activationresent);
1574      }
1575  }
1576  
1577  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1578  {
1579      $plugins->run_hooks("member_do_lostpw_start");
1580  
1581      $errors = array();
1582  
1583      if($mybb->settings['captchaimage'])
1584      {
1585          require_once  MYBB_ROOT.'inc/class_captcha.php';
1586          $captcha = new captcha;
1587  
1588          if($captcha->validate_captcha() == false)
1589          {
1590              // CAPTCHA validation failed
1591              foreach($captcha->get_errors() as $error)
1592              {
1593                  $errors[] = $error;
1594              }
1595          }
1596      }
1597  
1598      $email = $db->escape_string($email);
1599      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1600      $numusers = $db->num_rows($query);
1601      if($numusers < 1)
1602      {
1603          error($lang->error_invalidemail);
1604      }
1605      else
1606      {
1607          if(count($errors) == 0)
1608          {
1609              while($user = $db->fetch_array($query))
1610              {
1611                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1612                  $user['activationcode'] = random_str(30);
1613                  $now = TIME_NOW;
1614                  $uid = $user['uid'];
1615                  $awaitingarray = array(
1616                      "uid" => $user['uid'],
1617                      "dateline" => TIME_NOW,
1618                      "code" => $user['activationcode'],
1619                      "type" => "p"
1620                  );
1621                  $db->insert_query("awaitingactivation", $awaitingarray);
1622                  $username = $user['username'];
1623                  $email = $user['email'];
1624                  $activationcode = $user['activationcode'];
1625                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1626                  switch($mybb->settings['username_method'])
1627                  {
1628                      case 0:
1629                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1630                          break;
1631                      case 1:
1632                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1633                          break;
1634                      case 2:
1635                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1636                          break;
1637                      default:
1638                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1639                          break;
1640                  }
1641                  my_mail($email, $emailsubject, $emailmessage);
1642              }
1643  
1644              $plugins->run_hooks("member_do_lostpw_end");
1645  
1646              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1647          }
1648          else
1649          {
1650              $mybb->input['action'] = "lostpw";
1651          }
1652      }
1653  }
1654  
1655  if($mybb->input['action'] == "lostpw")
1656  {
1657      $plugins->run_hooks("member_lostpw");
1658  
1659      $captcha = '';
1660      // Generate CAPTCHA?
1661      if($mybb->settings['captchaimage'])
1662      {
1663          require_once  MYBB_ROOT.'inc/class_captcha.php';
1664          $post_captcha = new captcha(true, "post_captcha");
1665  
1666          if($post_captcha->html)
1667          {
1668              $captcha = $post_captcha->html;
1669          }
1670      }
1671  
1672      if(isset($errors) && count($errors) > 0)
1673      {
1674          $errors = inline_error($errors);
1675          $email = htmlspecialchars_uni($mybb->get_input('email'));
1676      }
1677      else
1678      {
1679          $errors = '';
1680          $email = '';
1681      }
1682  
1683      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1684      output_page($lostpw);
1685  }
1686  
1687  if($mybb->input['action'] == "resetpassword")
1688  {
1689      $plugins->run_hooks("member_resetpassword_start");
1690  
1691      if(isset($mybb->input['username']))
1692      {
1693          $mybb->input['username'] = $mybb->get_input('username');
1694          $options = array(
1695              'username_method' => $mybb->settings['username_method'],
1696              'fields' => '*',
1697          );
1698          $user = get_user_by_username($mybb->input['username'], $options);
1699          if(!$user)
1700          {
1701              switch($mybb->settings['username_method'])
1702              {
1703                  case 0:
1704                      error($lang->error_invalidpworusername);
1705                      break;
1706                  case 1:
1707                      error($lang->error_invalidpworusername1);
1708                      break;
1709                  case 2:
1710                      error($lang->error_invalidpworusername2);
1711                      break;
1712                  default:
1713                      error($lang->error_invalidpworusername);
1714                      break;
1715              }
1716          }
1717      }
1718      else
1719      {
1720          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1721      }
1722  
1723      if(isset($mybb->input['code']) && $user)
1724      {
1725          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1726          $activationcode = $db->fetch_field($query, 'code');
1727          $now = TIME_NOW;
1728          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1729          {
1730              error($lang->error_badlostpwcode);
1731          }
1732          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1733          $username = $user['username'];
1734  
1735          // Generate a new password, then update it
1736          $password_length = (int)$mybb->settings['minpasswordlength'];
1737  
1738          if($password_length < 8)
1739          {
1740              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1741          }
1742  
1743          // Set up user handler.
1744          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1745          $userhandler = new UserDataHandler('update');
1746  
1747          while(!$userhandler->verify_password())
1748          {
1749              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1750  
1751              $userhandler->set_data(array(
1752                  'uid'        => $user['uid'],
1753                  'username'    => $user['username'],
1754                  'email'        => $user['email'],
1755                  'password'    => $password
1756              ));
1757  
1758              $userhandler->set_validated(true);
1759              $userhandler->errors = array();
1760          }
1761  
1762          $userhandler->update_user();
1763  
1764          $logindetails = array(
1765              'salt'        => $userhandler->data['salt'],
1766              'password'    => $userhandler->data['saltedpw'],
1767              'loginkey'    => $userhandler->data['loginkey'],
1768          );
1769  
1770          $email = $user['email'];
1771  
1772          $plugins->run_hooks("member_resetpassword_process");
1773  
1774          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1775          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1776          my_mail($email, $emailsubject, $emailmessage);
1777  
1778          $plugins->run_hooks("member_resetpassword_reset");
1779  
1780          error($lang->redirect_passwordreset);
1781      }
1782      else
1783      {
1784          $plugins->run_hooks("member_resetpassword_form");
1785  
1786          switch($mybb->settings['username_method'])
1787          {
1788              case 0:
1789                  $lang_username = $lang->username;
1790                  break;
1791              case 1:
1792                  $lang_username = $lang->username1;
1793                  break;
1794              case 2:
1795                  $lang_username = $lang->username2;
1796                  break;
1797              default:
1798                  $lang_username = $lang->username;
1799                  break;
1800          }
1801  
1802          $code = $mybb->get_input('code');
1803  
1804          if(!isset($user['username']))
1805          {
1806              $user['username'] = '';
1807          }
1808          $user['username'] = htmlspecialchars_uni($user['username']);
1809  
1810          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1811          output_page($activate);
1812      }
1813  }
1814  
1815  $do_captcha = $correct = false;
1816  $inline_errors = "";
1817  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1818  {
1819      verify_post_check($mybb->get_input('my_post_key'));
1820  
1821      $errors = array();
1822  
1823      $plugins->run_hooks("member_do_login_start");
1824  
1825      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1826      $loginhandler = new LoginDataHandler("get");
1827  
1828      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1829      {
1830          $mybb->input['password'] = $mybb->get_input('quick_password');
1831          $mybb->input['username'] = $mybb->get_input('quick_username');
1832          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1833      }
1834  
1835      $user = array(
1836          'username' => $mybb->get_input('username'),
1837          'password' => $mybb->get_input('password'),
1838          'remember' => $mybb->get_input('remember'),
1839          'imagestring' => $mybb->get_input('imagestring')
1840      );
1841  
1842      $options = array(
1843          'fields' => 'loginattempts',
1844          'username_method' => (int)$mybb->settings['username_method'],
1845      );
1846  
1847      $user_loginattempts = get_user_by_username($user['username'], $options);
1848      $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1849  
1850      $loginhandler->set_data($user);
1851      $validated = $loginhandler->validate_login();
1852  
1853      if(!$validated)
1854      {
1855          $mybb->input['action'] = "login";
1856          $mybb->request_method = "get";
1857  
1858          $login_user = get_user_by_username($user['username'], array('fields' => 'uid'));
1859  
1860          // Is a fatal call if user has had too many tries
1861          $logins = login_attempt_check($login_user['uid']);
1862  
1863          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".(int)$loginhandler->login_data['uid']."'", 1, true);
1864  
1865          $errors = $loginhandler->get_friendly_errors();
1866  
1867          $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1868  
1869          // If we need a captcha set it here
1870          if($mybb->settings['failedcaptchalogincount'] > 0 && ($user['loginattempts'] > $mybb->settings['failedcaptchalogincount'] || (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']))
1871          {
1872              $do_captcha = true;
1873              $correct = $loginhandler->captcha_verified;
1874          }
1875      }
1876      else if($validated && $loginhandler->captcha_verified == true)
1877      {
1878          // Successful login
1879          if($loginhandler->login_data['coppauser'])
1880          {
1881              error($lang->error_awaitingcoppa);
1882          }
1883  
1884          $loginhandler->complete_login();
1885  
1886          $plugins->run_hooks("member_do_login_end");
1887  
1888          $mybb->input['url'] = $mybb->get_input('url');
1889  
1890          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1891          {
1892              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1893              {
1894                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1895              }
1896  
1897              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1898  
1899              // Redirect to the URL if it is not member.php
1900              redirect($mybb->input['url'], $lang->redirect_loggedin);
1901          }
1902          else
1903          {
1904  
1905              redirect("index.php", $lang->redirect_loggedin);
1906          }
1907      }
1908  
1909      $plugins->run_hooks("member_do_login_end");
1910  }
1911  
1912  if($mybb->input['action'] == "login")
1913  {
1914      $plugins->run_hooks("member_login");
1915  
1916      $member_loggedin_notice = "";
1917      if($mybb->user['uid'] != 0)
1918      {
1919          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1920          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1921          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1922      }
1923  
1924      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1925      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1926      // and we can't check loginattempts in the db
1927      login_attempt_check();
1928  
1929      // Redirect to the page where the user came from, but not if that was the login page.
1930      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1931      {
1932          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1933      }
1934      else
1935      {
1936          $redirect_url = '';
1937      }
1938  
1939      $captcha = '';
1940      // Show captcha image for guests if enabled and only if we have to do
1941      if($mybb->settings['captchaimage'] && $do_captcha == true)
1942      {
1943          require_once  MYBB_ROOT.'inc/class_captcha.php';
1944          $login_captcha = new captcha(false, "post_captcha");
1945  
1946          if($login_captcha->type == 1)
1947          {
1948              if(!$correct)
1949              {
1950                  $login_captcha->build_captcha();
1951              }
1952              else
1953              {
1954                  $captcha = $login_captcha->build_hidden_captcha();
1955              }
1956          }
1957          elseif(in_array($login_captcha->type, array(2, 4, 5)))
1958          {
1959              $login_captcha->build_recaptcha();
1960          }
1961  
1962          if($login_captcha->html)
1963          {
1964              $captcha = $login_captcha->html;
1965          }
1966      }
1967  
1968      $username = "";
1969      $password = "";
1970      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1971      {
1972          $username = htmlspecialchars_uni($mybb->get_input('username'));
1973      }
1974  
1975      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1976      {
1977          $password = htmlspecialchars_uni($mybb->get_input('password'));
1978      }
1979  
1980      if(!empty($errors))
1981      {
1982          $mybb->input['action'] = "login";
1983          $mybb->request_method = "get";
1984  
1985          $inline_errors = inline_error($errors);
1986      }
1987  
1988      switch($mybb->settings['username_method'])
1989      {
1990          case 1:
1991              $lang->username = $lang->username1;
1992              break;
1993          case 2:
1994              $lang->username = $lang->username2;
1995              break;
1996          default:
1997              break;
1998      }
1999  
2000      $plugins->run_hooks("member_login_end");
2001  
2002      eval("\$login = \"".$templates->get("member_login")."\";");
2003      output_page($login);
2004  }
2005  
2006  if($mybb->input['action'] == "logout")
2007  {
2008      $plugins->run_hooks("member_logout_start");
2009  
2010      if(!$mybb->user['uid'])
2011      {
2012          redirect("index.php", $lang->redirect_alreadyloggedout);
2013      }
2014  
2015      // Check session ID if we have one
2016      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
2017      {
2018          error($lang->error_notloggedout);
2019      }
2020      // Otherwise, check logoutkey
2021      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
2022      {
2023          error($lang->error_notloggedout);
2024      }
2025  
2026      my_unsetcookie("mybbuser");
2027      my_unsetcookie("sid");
2028  
2029      if($mybb->user['uid'])
2030      {
2031          $time = TIME_NOW;
2032          // Run this after the shutdown query from session system
2033          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
2034          $db->delete_query("sessions", "sid = '{$session->sid}'");
2035      }
2036  
2037      $plugins->run_hooks("member_logout_end");
2038  
2039      redirect("index.php", $lang->redirect_loggedout);
2040  }
2041  
2042  if($mybb->input['action'] == "viewnotes")
2043  {
2044      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2045      $user = get_user($uid);
2046  
2047      // Make sure we are looking at a real user here.
2048      if(!$user)
2049      {
2050          error($lang->error_nomember);
2051      }
2052  
2053      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
2054      {
2055          error_no_permission();
2056      }
2057  
2058      $user['username'] = htmlspecialchars_uni($user['username']);
2059      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
2060  
2061      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
2062  
2063      $plugins->run_hooks('member_viewnotes');
2064  
2065      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2066      echo $viewnotes;
2067      exit;
2068  }
2069  
2070  if($mybb->input['action'] == "profile")
2071  {
2072      $plugins->run_hooks("member_profile_start");
2073  
2074      if($mybb->usergroup['canviewprofiles'] == 0)
2075      {
2076          error_no_permission();
2077      }
2078  
2079      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2080      if($uid)
2081      {
2082          $memprofile = get_user($uid);
2083      }
2084      elseif($mybb->user['uid'])
2085      {
2086          $memprofile = $mybb->user;
2087      }
2088      else
2089      {
2090          $memprofile = false;
2091      }
2092  
2093      if(!$memprofile)
2094      {
2095          error($lang->error_nomember);
2096      }
2097  
2098      $uid = $memprofile['uid'];
2099  
2100      $me_username = $memprofile['username'];
2101      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2102      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2103  
2104      // Get member's permissions
2105      $memperms = user_permissions($memprofile['uid']);
2106  
2107      // Set display group
2108      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2109  
2110      if(!$memprofile['displaygroup'])
2111      {
2112          $memprofile['displaygroup'] = $memprofile['usergroup'];
2113      }
2114  
2115      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2116      if(is_array($displaygroup))
2117      {
2118          $memperms = array_merge($memperms, $displaygroup);
2119      }
2120  
2121      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2122      add_breadcrumb($lang->nav_profile);
2123  
2124      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2125      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2126      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2127      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2128      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2129      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2130      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2131  
2132      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2133      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2134  
2135      $website = $sendemail = $sendpm = $contact_details = '';
2136  
2137      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2138      {
2139          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2140          $bgcolor = alt_trow();
2141          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2142      }
2143  
2144      if($memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2145      {
2146          $bgcolor = alt_trow();
2147          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2148      }
2149  
2150      if($mybb->settings['enablepms'] != 0 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2151      {
2152          $bgcolor = alt_trow();
2153          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2154      }
2155  
2156      $contact_fields = array();
2157      $any_contact_field = false;
2158      foreach(array('icq', 'yahoo', 'skype', 'google') as $field)
2159      {
2160          $contact_fields[$field] = '';
2161          $settingkey = 'allow'.$field.'field';
2162  
2163          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2164          {
2165              $any_contact_field = true;
2166  
2167              if($field == 'icq')
2168              {
2169                  $memprofile[$field] = (int)$memprofile[$field];
2170              }
2171              else
2172              {
2173                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2174              }
2175              $tmpl = 'member_profile_contact_fields_'.$field;
2176  
2177              $bgcolors[$field] = alt_trow();
2178              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2179          }
2180      }
2181  
2182      if($any_contact_field || $sendemail || $sendpm || $website)
2183      {
2184          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2185      }
2186  
2187      $signature = '';
2188      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2189      {
2190          $sig_parser = array(
2191              "allow_html" => $mybb->settings['sightml'],
2192              "allow_mycode" => $mybb->settings['sigmycode'],
2193              "allow_smilies" => $mybb->settings['sigsmilies'],
2194              "allow_imgcode" => $mybb->settings['sigimgcode'],
2195              "me_username" => $me_username,
2196              "filter_badwords" => 1
2197          );
2198  
2199          if($memperms['signofollow'])
2200          {
2201              $sig_parser['nofollow_on'] = 1;
2202          }
2203  
2204          if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2205          {
2206              $sig_parser['allow_imgcode'] = 0;
2207          }
2208  
2209          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2210          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2211      }
2212  
2213      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2214  
2215      if($daysreg < 1)
2216      {
2217          $daysreg = 1;
2218      }
2219  
2220      $stats = $cache->read("stats");
2221  
2222      // Format post count, per day count and percent of total
2223      $ppd = $memprofile['postnum'] / $daysreg;
2224      $ppd = round($ppd, 2);
2225      if($ppd > $memprofile['postnum'])
2226      {
2227          $ppd = $memprofile['postnum'];
2228      }
2229  
2230      $numposts = $stats['numposts'];
2231      if($numposts == 0)
2232      {
2233          $post_percent = "0";
2234      }
2235      else
2236      {
2237          $post_percent = $memprofile['postnum']*100/$numposts;
2238          $post_percent = round($post_percent, 2);
2239      }
2240  
2241      if($post_percent > 100)
2242      {
2243          $post_percent = 100;
2244      }
2245  
2246      // Format thread count, per day count and percent of total
2247      $tpd = $memprofile['threadnum'] / $daysreg;
2248      $tpd = round($tpd, 2);
2249      if($tpd > $memprofile['threadnum'])
2250      {
2251          $tpd = $memprofile['threadnum'];
2252      }
2253  
2254      $numthreads = $stats['numthreads'];
2255      if($numthreads == 0)
2256      {
2257          $thread_percent = "0";
2258      }
2259      else
2260      {
2261          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2262          $thread_percent = round($thread_percent, 2);
2263      }
2264  
2265      if($thread_percent > 100)
2266      {
2267          $thread_percent = 100;
2268      }
2269  
2270      $findposts = $findthreads = '';
2271      if($mybb->usergroup['cansearch'] == 1)
2272      {
2273          eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2274          eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2275      }
2276  
2277      $awaybit = '';
2278      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2279      {
2280          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2281          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2282          if(!empty($memprofile['awayreason']))
2283          {
2284              $reason = $parser->parse_badwords($memprofile['awayreason']);
2285              $awayreason = htmlspecialchars_uni($reason);
2286          }
2287          else
2288          {
2289              $awayreason = $lang->away_no_reason;
2290          }
2291          if($memprofile['returndate'] == '')
2292          {
2293              $returndate = "$lang->unknown";
2294          }
2295          else
2296          {
2297              $returnhome = explode("-", $memprofile['returndate']);
2298  
2299              // PHP native date functions use integers so timestamps for years after 2038 will not work
2300              // Thus we use adodb_mktime
2301              if($returnhome[2] >= 2038)
2302              {
2303                  require_once  MYBB_ROOT."inc/functions_time.php";
2304                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2305                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2306              }
2307              else
2308              {
2309                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2310                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2311              }
2312  
2313              // If our away time has expired already, we should be back, right?
2314              if($returnmkdate < TIME_NOW)
2315              {
2316                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2317  
2318                  // Update our status to "not away"
2319                  $memprofile['away'] = 0;
2320              }
2321          }
2322  
2323          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2324          if($memprofile['away'] == 1)
2325          {
2326              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2327          }
2328      }
2329  
2330      $memprofile['timezone'] = (float)$memprofile['timezone'];
2331  
2332      if($memprofile['dst'] == 1)
2333      {
2334          $memprofile['timezone']++;
2335          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2336          {
2337              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2338          }
2339      }
2340  
2341      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2342      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2343      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2344  
2345      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2346  
2347      if($memprofile['lastactive'])
2348      {
2349          $memlastvisitdate = my_date($mybb->settings['dateformat'], $memprofile['lastactive']);
2350          $memlastvisitsep = $lang->comma;
2351          $memlastvisittime = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2352      }
2353      else
2354      {
2355          $memlastvisitdate = $lang->lastvisit_never;
2356          $memlastvisitsep = '';
2357          $memlastvisittime = '';
2358      }
2359  
2360      if($memprofile['birthday'])
2361      {
2362          $membday = explode("-", $memprofile['birthday']);
2363  
2364          if($memprofile['birthdayprivacy'] != 'none')
2365          {
2366              if($membday[0] && $membday[1] && $membday[2])
2367              {
2368                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2369  
2370                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2371                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2372                  $membday = date($bdayformat, $membday);
2373  
2374                  $membdayage = $lang->membdayage;
2375              }
2376              elseif($membday[2])
2377              {
2378                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2379                  $membday = date("Y", $membday);
2380                  $membdayage = '';
2381              }
2382              else
2383              {
2384                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2385                  $membday = date("F j", $membday);
2386                  $membdayage = '';
2387              }
2388          }
2389  
2390          if($memprofile['birthdayprivacy'] == 'age')
2391          {
2392              $membday = $lang->birthdayhidden;
2393          }
2394          else if($memprofile['birthdayprivacy'] == 'none')
2395          {
2396              $membday = $lang->birthdayhidden;
2397              $membdayage = '';
2398          }
2399      }
2400      else
2401      {
2402          $membday = $lang->not_specified;
2403          $membdayage = '';
2404      }
2405  
2406      // Get the user title for this user
2407      unset($usertitle);
2408      unset($stars);
2409      $starimage = '';
2410      if(trim($memprofile['usertitle']) != '')
2411      {
2412          // User has custom user title
2413          $usertitle = $memprofile['usertitle'];
2414      }
2415      elseif(trim($memperms['usertitle']) != '')
2416      {
2417          // User has group title
2418          $usertitle = $memperms['usertitle'];
2419      }
2420      else
2421      {
2422          // No usergroup title so get a default one
2423          $usertitles = $cache->read('usertitles');
2424  
2425          if(is_array($usertitles))
2426          {
2427              foreach($usertitles as $title)
2428              {
2429                  if($memprofile['postnum'] >= $title['posts'])
2430                  {
2431                      $usertitle = $title['title'];
2432                      $stars = $title['stars'];
2433                      $starimage = $title['starimage'];
2434  
2435                      break;
2436                  }
2437              }
2438          }
2439      }
2440  
2441      $usertitle = htmlspecialchars_uni($usertitle);
2442  
2443      if($memperms['stars'] || $memperms['usertitle'])
2444      {
2445          // Set the number of stars if display group has constant number of stars
2446          $stars = $memperms['stars'];
2447      }
2448      elseif(!$stars)
2449      {
2450          if(!is_array($usertitles))
2451          {
2452              $usertitles = $cache->read('usertitles');
2453          }
2454  
2455          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2456          if(is_array($usertitles))
2457          {
2458              foreach($usertitles as $title)
2459              {
2460                  if($memprofile['postnum'] >= $title['posts'])
2461                  {
2462                      $stars = $title['stars'];
2463                      $starimage = $title['starimage'];
2464                      break;
2465                  }
2466              }
2467          }
2468      }
2469  
2470      $groupimage = '';
2471      if(!empty($memperms['image']))
2472      {
2473          if(!empty($mybb->user['language']))
2474          {
2475              $language = $mybb->user['language'];
2476          }
2477          else
2478          {
2479              $language = $mybb->settings['bblanguage'];
2480          }
2481          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2482          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2483          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2484      }
2485  
2486      if(empty($starimage))
2487      {
2488          $starimage = $memperms['starimage'];
2489      }
2490  
2491      if(!empty($starimage))
2492      {
2493          // Only display stars if we have an image to use...
2494          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2495          $userstars = '';
2496          for($i = 0; $i < $stars; ++$i)
2497          {
2498              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2499          }
2500      }
2501  
2502      // User is currently online and this user has permissions to view the user on the WOL
2503      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2504      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2505      $session = $db->fetch_array($query);
2506  
2507      $online_status = '';
2508      if($memprofile['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $memprofile['uid'] == $mybb->user['uid'])
2509      {
2510          // Lastvisit
2511          if($memprofile['lastactive'])
2512          {
2513              $memlastvisitsep = $lang->comma;
2514              $memlastvisitdate = my_date('relative', $memprofile['lastactive']);
2515          }
2516  
2517          // Time Online
2518          $timeonline = $lang->none_registered;
2519          if($memprofile['timeonline'] > 0)
2520          {
2521              $timeonline = nice_time($memprofile['timeonline']);
2522          }
2523  
2524          // Online?
2525          if(!empty($session))
2526          {
2527              // Fetch their current location
2528              $lang->load("online");
2529              require_once  MYBB_ROOT."inc/functions_online.php";
2530              $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2531              $location = build_friendly_wol_location($activity);
2532              $location_time = my_date($mybb->settings['timeformat'], $memprofile['lastactive']);
2533  
2534              eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2535          }
2536          // User is offline
2537          else
2538          {
2539              eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2540          }
2541      }
2542  
2543      if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2544      {
2545          $memlastvisitsep = '';
2546          $memlastvisittime = '';
2547          $memlastvisitdate = $lang->lastvisit_never;
2548  
2549          if($memprofile['lastactive'])
2550          {
2551              // We have had at least some active time, hide it instead
2552              $memlastvisitdate = $lang->lastvisit_hidden;
2553          }
2554  
2555          $timeonline = $lang->timeonline_hidden;
2556      }
2557  
2558      // Reset the background colours to keep it inline
2559      $alttrow = 'trow1';
2560  
2561      // Build Referral
2562      $referrals = '';
2563      if($mybb->settings['usereferrals'] == 1)
2564      {
2565          $bg_color = alt_trow();
2566  
2567          eval("\$referrals = \"".$templates->get("member_profile_referrals")."\";");
2568      }
2569  
2570      // Fetch the reputation for this user
2571      $reputation = '';
2572      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2573      {
2574          $bg_color = alt_trow();
2575          $reputation = get_reputation($memprofile['reputation']);
2576  
2577          // If this user has permission to give reputations show the vote link
2578          $vote_link = '';
2579          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2580          {
2581              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2582          }
2583  
2584          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2585      }
2586  
2587      $warning_level = '';
2588      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2589      {
2590          $bg_color = alt_trow();
2591  
2592          if($mybb->settings['maxwarningpoints'] < 1)
2593          {
2594              $mybb->settings['maxwarningpoints'] = 10;
2595          }
2596  
2597          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2598  
2599          if($warning_level > 100)
2600          {
2601              $warning_level = 100;
2602          }
2603  
2604          $warn_user = '';
2605          $warning_link = 'usercp.php';
2606          $warning_level = get_colored_warning_level($warning_level);
2607          if($mybb->usergroup['canwarnusers'] != 0 && $memprofile['uid'] != $mybb->user['uid'])
2608          {
2609              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2610              $warning_link = "warnings.php?uid={$memprofile['uid']}";
2611          }
2612  
2613          eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2614      }
2615  
2616      $bgcolor = $alttrow = 'trow1';
2617      $customfields = $profilefields = '';
2618  
2619      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2620      $userfields = $db->fetch_array($query);
2621  
2622      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2623      $pfcache = $cache->read('profilefields');
2624  
2625      if(is_array($pfcache))
2626      {
2627          foreach($pfcache as $customfield)
2628          {
2629              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && (!is_member($customfield['viewableby']) || !$customfield['profile']))
2630              {
2631                  continue;
2632              }
2633  
2634              $thing = explode("\n", $customfield['type'], "2");
2635              $type = trim($thing[0]);
2636  
2637              $customfieldval = $customfield_val = '';
2638              $field = "fid{$customfield['fid']}";
2639  
2640              if(isset($userfields[$field]))
2641              {
2642                  $useropts = explode("\n", $userfields[$field]);
2643                  $customfieldval = $comma = '';
2644                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2645                  {
2646                      foreach($useropts as $val)
2647                      {
2648                          if($val != '')
2649                          {
2650                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2651                          }
2652                      }
2653                      if($customfield_val != '')
2654                      {
2655                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2656                      }
2657                  }
2658                  else
2659                  {
2660                      $parser_options = array(
2661                          "allow_html" => $customfield['allowhtml'],
2662                          "allow_mycode" => $customfield['allowmycode'],
2663                          "allow_smilies" => $customfield['allowsmilies'],
2664                          "allow_imgcode" => $customfield['allowimgcode'],
2665                          "allow_videocode" => $customfield['allowvideocode'],
2666                          #"nofollow_on" => 1,
2667                          "filter_badwords" => 1
2668                      );
2669  
2670                      if($customfield['type'] == "textarea")
2671                      {
2672                          $parser_options['me_username'] = $memprofile['username'];
2673                      }
2674                      else
2675                      {
2676                          $parser_options['nl2br'] = 0;
2677                      }
2678  
2679                      if($mybb->user['showimages'] != 1 && $mybb->user['uid'] != 0 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2680                      {
2681                          $parser_options['allow_imgcode'] = 0;
2682                      }
2683  
2684                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2685                  }
2686              }
2687  
2688              if($customfieldval)
2689              {
2690                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2691                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2692                  $bgcolor = alt_trow();
2693              }
2694          }
2695      }
2696  
2697      if($customfields)
2698      {
2699          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2700      }
2701  
2702      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2703      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2704  
2705      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2706      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2707  
2708      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2709  
2710      $bannedbit = '';
2711      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2712      {
2713          // Fetch details on their ban
2714          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2715          $memban = $db->fetch_array($query);
2716  
2717          if($memban['reason'])
2718          {
2719              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2720          }
2721          else
2722          {
2723              $memban['reason'] = $lang->na;
2724          }
2725  
2726          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2727          {
2728              $banlength = $lang->permanent;
2729              $timeremaining = $lang->na;
2730          }
2731          else
2732          {
2733              // Set up the array of ban times.
2734              $bantimes = fetch_ban_times();
2735  
2736              $banlength = $bantimes[$memban['bantime']];
2737              $remaining = $memban['lifted']-TIME_NOW;
2738  
2739              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2740  
2741              $banned_class = '';
2742              if($remaining < 3600)
2743              {
2744                  $banned_class = "high_banned";
2745              }
2746              else if($remaining < 86400)
2747              {
2748                  $banned_class = "moderate_banned";
2749              }
2750              else if($remaining < 604800)
2751              {
2752                  $banned_class = "low_banned";
2753              }
2754              else
2755              {
2756                  $banned_class = "normal_banned";
2757              }
2758  
2759              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2760          }
2761  
2762          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2763  
2764          // Display a nice warning to the user
2765          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2766      }
2767  
2768      $adminoptions = '';
2769      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2770      {
2771          eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2772      }
2773  
2774      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageuser = '';
2775      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2776      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2777      {
2778          if($mybb->usergroup['canuseipsearch'] == 1)
2779          {
2780              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2781              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2782  
2783              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2784          }
2785  
2786          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2787  
2788          if(!empty($memprofile['usernotes']))
2789          {
2790              if(strlen($memprofile['usernotes']) > 100)
2791              {
2792                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2793                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2794              }
2795          }
2796          else
2797          {
2798              $memprofile['usernotes'] = $lang->no_usernotes;
2799          }
2800  
2801          if($mybb->usergroup['caneditprofiles'] == 1)
2802          {
2803              eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2804              eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2805          }
2806  
2807          if($mybb->usergroup['canbanusers'] == 1 && (!$memban['uid'] || $memban['uid'] && ($mybb->user['uid'] == $memban['admin']) || $mybb->usergroup['issupermod'] == 1 || $mybb->usergroup['cancp'] == 1))
2808          {
2809              eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2810          }
2811  
2812          if($can_purge_spammer)
2813          {
2814              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2815          }
2816  
2817          if(!empty($editprofile) || !empty($banuser) || !empty($purgespammer))
2818          {
2819              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2820          }
2821  
2822          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2823      }
2824  
2825      $add_remove_options = array();
2826      $buddy_options = $ignore_options = $report_options = '';
2827      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2828      {
2829          $buddy_list = explode(',', $mybb->user['buddylist']);
2830          $ignore_list = explode(',', $mybb->user['ignorelist']);
2831  
2832          if(in_array($uid, $buddy_list))
2833          {
2834              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2835          }
2836          else
2837          {
2838              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2839          }
2840  
2841          if(!in_array($uid, $ignore_list))
2842          {
2843              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2844          }
2845  
2846          if(in_array($uid, $ignore_list))
2847          {
2848              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2849          }
2850          else
2851          {
2852              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2853          }
2854  
2855          if(!in_array($uid, $buddy_list))
2856          {
2857              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2858          }
2859  
2860          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2861          {
2862              $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2863              eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2864          }
2865      }
2866  
2867      $plugins->run_hooks("member_profile_end");
2868  
2869      eval("\$profile = \"".$templates->get("member_profile")."\";");
2870      output_page($profile);
2871  }
2872  
2873  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2874  {
2875      // Verify incoming POST request
2876      verify_post_check($mybb->get_input('my_post_key'));
2877  
2878      $plugins->run_hooks("member_do_emailuser_start");
2879  
2880      // Guests or those without permission can't email other users
2881      if($mybb->usergroup['cansendemail'] == 0)
2882      {
2883          error_no_permission();
2884      }
2885  
2886      // Check group limits
2887      if($mybb->usergroup['maxemails'] > 0)
2888      {
2889          if($mybb->user['uid'] > 0)
2890          {
2891              $user_check = "fromuid='{$mybb->user['uid']}'";
2892          }
2893          else
2894          {
2895              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2896          }
2897  
2898          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2899          $sent_count = $db->fetch_field($query, "sent_count");
2900          if($sent_count >= $mybb->usergroup['maxemails'])
2901          {
2902              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2903              error($lang->error_max_emails_day);
2904          }
2905      }
2906  
2907      // Check email flood control
2908      if($mybb->usergroup['emailfloodtime'] > 0)
2909      {
2910          if($mybb->user['uid'] > 0)
2911          {
2912              $user_check = "fromuid='{$mybb->user['uid']}'";
2913          }
2914          else
2915          {
2916              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2917          }
2918  
2919          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2920  
2921          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2922          $last_email = $db->fetch_array($query);
2923  
2924          // Users last email was within the flood time, show the error
2925          if($last_email['mid'])
2926          {
2927              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2928  
2929              if($remaining_time == 1)
2930              {
2931                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2932              }
2933              elseif($remaining_time < 60)
2934              {
2935                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2936              }
2937              elseif($remaining_time > 60 && $remaining_time < 120)
2938              {
2939                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2940              }
2941              else
2942              {
2943                  $remaining_time_minutes = ceil($remaining_time/60);
2944                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2945              }
2946  
2947              error($lang->error_emailflooding);
2948          }
2949      }
2950  
2951      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2952      $to_user = $db->fetch_array($query);
2953  
2954      if(!$to_user['username'])
2955      {
2956          error($lang->error_invalidusername);
2957      }
2958  
2959      if($to_user['hideemail'] != 0)
2960      {
2961          error($lang->error_hideemail);
2962      }
2963  
2964      $errors = array();
2965  
2966      if($mybb->user['uid'])
2967      {
2968          $mybb->input['fromemail'] = $mybb->user['email'];
2969          $mybb->input['fromname'] = $mybb->user['username'];
2970      }
2971  
2972      if(!validate_email_format($mybb->input['fromemail']))
2973      {
2974          $errors[] = $lang->error_invalidfromemail;
2975      }
2976  
2977      if(empty($mybb->input['fromname']))
2978      {
2979          $errors[] = $lang->error_noname;
2980      }
2981  
2982      if(empty($mybb->input['subject']))
2983      {
2984          $errors[] = $lang->error_no_email_subject;
2985      }
2986  
2987      if(empty($mybb->input['message']))
2988      {
2989          $errors[] = $lang->error_no_email_message;
2990      }
2991  
2992      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2993      {
2994          require_once  MYBB_ROOT.'inc/class_captcha.php';
2995          $captcha = new captcha;
2996  
2997          if($captcha->validate_captcha() == false)
2998          {
2999              // CAPTCHA validation failed
3000              foreach($captcha->get_errors() as $error)
3001              {
3002                  $errors[] = $error;
3003              }
3004          }
3005      }
3006  
3007      if(count($errors) == 0)
3008      {
3009          if($mybb->settings['mail_handler'] == 'smtp')
3010          {
3011              $from = $mybb->input['fromemail'];
3012          }
3013          else
3014          {
3015              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
3016          }
3017  
3018          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
3019          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
3020  
3021          if($mybb->settings['mail_logging'] > 0)
3022          {
3023              // Log the message
3024              $log_entry = array(
3025                  "subject" => $db->escape_string($mybb->get_input('subject')),
3026                  "message" => $db->escape_string($mybb->get_input('message')),
3027                  "dateline" => TIME_NOW,
3028                  "fromuid" => $mybb->user['uid'],
3029                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
3030                  "touid" => $to_user['uid'],
3031                  "toemail" => $db->escape_string($to_user['email']),
3032                  "tid" => 0,
3033                  "ipaddress" => $db->escape_binary($session->packedip),
3034                  "type" => 1
3035              );
3036              $db->insert_query("maillogs", $log_entry);
3037          }
3038  
3039          $plugins->run_hooks("member_do_emailuser_end");
3040  
3041          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
3042      }
3043      else
3044      {
3045          $mybb->input['action'] = "emailuser";
3046      }
3047  }
3048  
3049  if($mybb->input['action'] == "emailuser")
3050  {
3051      $plugins->run_hooks("member_emailuser_start");
3052  
3053      // Guests or those without permission can't email other users
3054      if($mybb->usergroup['cansendemail'] == 0)
3055      {
3056          error_no_permission();
3057      }
3058  
3059      // Check group limits
3060      if($mybb->usergroup['maxemails'] > 0)
3061      {
3062          if($mybb->user['uid'] > 0)
3063          {
3064              $user_check = "fromuid='{$mybb->user['uid']}'";
3065          }
3066          else
3067          {
3068              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3069          }
3070  
3071          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3072          $sent_count = $db->fetch_field($query, "sent_count");
3073          if($sent_count >= $mybb->usergroup['maxemails'])
3074          {
3075              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3076              error($lang->error_max_emails_day);
3077          }
3078      }
3079  
3080      // Check email flood control
3081      if($mybb->usergroup['emailfloodtime'] > 0)
3082      {
3083          if($mybb->user['uid'] > 0)
3084          {
3085              $user_check = "fromuid='{$mybb->user['uid']}'";
3086          }
3087          else
3088          {
3089              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3090          }
3091  
3092          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3093  
3094          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3095          $last_email = $db->fetch_array($query);
3096  
3097          // Users last email was within the flood time, show the error
3098          if($last_email['mid'])
3099          {
3100              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3101  
3102              if($remaining_time == 1)
3103              {
3104                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3105              }
3106              elseif($remaining_time < 60)
3107              {
3108                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3109              }
3110              elseif($remaining_time > 60 && $remaining_time < 120)
3111              {
3112                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3113              }
3114              else
3115              {
3116                  $remaining_time_minutes = ceil($remaining_time/60);
3117                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3118              }
3119  
3120              error($lang->error_emailflooding);
3121          }
3122      }
3123  
3124      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3125      $to_user = $db->fetch_array($query);
3126  
3127      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3128      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3129  
3130      if(!$to_user['uid'])
3131      {
3132          error($lang->error_invaliduser);
3133      }
3134  
3135      if($to_user['hideemail'] != 0)
3136      {
3137          error($lang->error_hideemail);
3138      }
3139  
3140      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3141      {
3142          error_no_permission();
3143      }
3144  
3145      if(isset($errors) && count($errors) > 0)
3146      {
3147          $errors = inline_error($errors);
3148          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3149          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3150          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3151          $message = htmlspecialchars_uni($mybb->get_input('message'));
3152      }
3153      else
3154      {
3155          $errors = '';
3156          $fromname = '';
3157          $fromemail = '';
3158          $subject = '';
3159          $message = '';
3160      }
3161  
3162      // Generate CAPTCHA?
3163      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3164      {
3165          require_once  MYBB_ROOT.'inc/class_captcha.php';
3166          $post_captcha = new captcha(true, "post_captcha");
3167  
3168          if($post_captcha->html)
3169          {
3170              $captcha = $post_captcha->html;
3171          }
3172      }
3173      else
3174      {
3175          $captcha = '';
3176      }
3177  
3178      $from_email = '';
3179      if($mybb->user['uid'] == 0)
3180      {
3181          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3182      }
3183  
3184      $plugins->run_hooks("member_emailuser_end");
3185  
3186      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3187      output_page($emailuser);
3188  }
3189  
3190  if(!$mybb->input['action'])
3191  {
3192      header("Location: index.php");
3193  }


2005 - 2018 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1