[ Index ]

PHP Cross Reference of MyBB 1.8.28

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_warninglevel_link,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions_manageban,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_referrals_link,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("member");
  39  
  40  $mybb->input['action'] = $mybb->get_input('action');
  41  
  42  // Make navigation
  43  switch($mybb->input['action'])
  44  {
  45      case "register":
  46      case "do_register":
  47          add_breadcrumb($lang->nav_register);
  48          break;
  49      case "activate":
  50          add_breadcrumb($lang->nav_activate);
  51          break;
  52      case "resendactivation":
  53          add_breadcrumb($lang->nav_resendactivation);
  54          break;
  55      case "lostpw":
  56          add_breadcrumb($lang->nav_lostpw);
  57          break;
  58      case "resetpassword":
  59          add_breadcrumb($lang->nav_resetpassword);
  60          break;
  61      case "login":
  62          add_breadcrumb($lang->nav_login);
  63          break;
  64      case "emailuser":
  65          add_breadcrumb($lang->nav_emailuser);
  66          break;
  67  }
  68  
  69  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  70  {
  71      if($mybb->settings['disableregs'] == 1)
  72      {
  73          error($lang->registrations_disabled);
  74      }
  75      if($mybb->user['uid'] != 0)
  76      {
  77          error($lang->error_alreadyregistered);
  78      }
  79      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  80      {
  81          $time = TIME_NOW;
  82          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  83          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  84          $regcount = $db->num_rows($query);
  85          if($regcount >= $mybb->settings['maxregsbetweentime'])
  86          {
  87              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  88              error($lang->error_alreadyregisteredtime);
  89          }
  90      }
  91  }
  92  
  93  $fromreg = 0;
  94  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  95  {
  96      $plugins->run_hooks("member_do_register_start");
  97  
  98      // Are checking how long it takes for users to register?
  99      if($mybb->settings['regtime'] > 0)
 100      {
 101          // Is the field actually set?
 102          if(isset($mybb->input['regtime']))
 103          {
 104              // Check how long it took for this person to register
 105              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 106  
 107              // See if they registered faster than normal
 108              if($timetook < $mybb->settings['regtime'])
 109              {
 110                  // This user registered pretty quickly, bot detected!
 111                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 112                  error($lang->error_spam_deny_time);
 113              }
 114          }
 115          else
 116          {
 117              error($lang->error_spam_deny);
 118          }
 119      }
 120  
 121      // If we have hidden CATPCHA enabled and it's filled, deny registration
 122      if($mybb->settings['hiddencaptchaimage'])
 123      {
 124          $string = $mybb->settings['hiddencaptchaimagefield'];
 125  
 126          if(!empty($mybb->input[$string]))
 127          {
 128              error($lang->error_spam_deny);
 129          }
 130      }
 131  
 132      if($mybb->settings['regtype'] == "randompass")
 133      {
 134  
 135          $password_length = (int)$mybb->settings['minpasswordlength'];
 136          if($password_length < 8)
 137          {
 138              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 139          }
 140  
 141          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 142          $mybb->input['password2'] = $mybb->input['password'];
 143      }
 144  
 145      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 146      {
 147          $usergroup = 5;
 148      }
 149      else
 150      {
 151          $usergroup = 2;
 152      }
 153  
 154      // Set up user handler.
 155      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 156      $userhandler = new UserDataHandler("insert");
 157  
 158      $coppauser = 0;
 159      if(isset($mybb->cookies['coppauser']))
 160      {
 161          $coppauser = (int)$mybb->cookies['coppauser'];
 162      }
 163  
 164      // Set the data for the new user.
 165      $user = array(
 166          "username" => $mybb->get_input('username'),
 167          "password" => $mybb->get_input('password'),
 168          "password2" => $mybb->get_input('password2'),
 169          "email" => $mybb->get_input('email'),
 170          "email2" => $mybb->get_input('email2'),
 171          "usergroup" => $usergroup,
 172          "referrer" => $mybb->get_input('referrername'),
 173          "timezone" => $mybb->get_input('timezoneoffset'),
 174          "language" => $mybb->get_input('language'),
 175          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 176          "regip" => $session->packedip,
 177          "coppa_user" => $coppauser,
 178          "regcheck1" => $mybb->get_input('regcheck1'),
 179          "regcheck2" => $mybb->get_input('regcheck2'),
 180          "registration" => true
 181      );
 182  
 183      // Do we have a saved COPPA DOB?
 184      if(isset($mybb->cookies['coppadob']))
 185      {
 186          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 187          $user['birthday'] = array(
 188              "day" => $dob_day,
 189              "month" => $dob_month,
 190              "year" => $dob_year
 191          );
 192      }
 193  
 194      $user['options'] = array(
 195          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 196          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 197          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 198          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 199          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 200          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 201          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 202          "dstcorrection" => $mybb->get_input('dstcorrection')
 203      );
 204  
 205      $userhandler->set_data($user);
 206  
 207      $errors = array();
 208  
 209      if(!$userhandler->validate_user())
 210      {
 211          $errors = $userhandler->get_friendly_errors();
 212      }
 213  
 214      if($mybb->settings['enablestopforumspam_on_register'])
 215      {
 216          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 217  
 218          $stop_forum_spam_checker = new StopForumSpamChecker(
 219              $plugins,
 220              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 221              $mybb->settings['stopforumspam_check_usernames'],
 222              $mybb->settings['stopforumspam_check_emails'],
 223              $mybb->settings['stopforumspam_check_ips'],
 224              $mybb->settings['stopforumspam_log_blocks']
 225          );
 226  
 227          try {
 228              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 229              {
 230                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 231                          $stop_forum_spam_checker->getErrorText(array(
 232                              'stopforumspam_check_usernames',
 233                              'stopforumspam_check_emails',
 234                              'stopforumspam_check_ips'
 235                              ))));
 236              }
 237          }
 238          catch (Exception $e)
 239          {
 240              if($mybb->settings['stopforumspam_block_on_error'])
 241              {
 242                  error($lang->error_stop_forum_spam_fetching);
 243              }
 244          }
 245      }
 246  
 247      if($mybb->settings['captchaimage'])
 248      {
 249          require_once  MYBB_ROOT.'inc/class_captcha.php';
 250          $captcha = new captcha;
 251  
 252          if($captcha->validate_captcha() == false)
 253          {
 254              // CAPTCHA validation failed
 255              foreach($captcha->get_errors() as $error)
 256              {
 257                  $errors[] = $error;
 258              }
 259          }
 260      }
 261  
 262      // If we have a security question, check to see if answer is correct
 263      if($mybb->settings['securityquestion'])
 264      {
 265          $question_id = $db->escape_string($mybb->get_input('question_id'));
 266          $answer = $db->escape_string($mybb->get_input('answer'));
 267  
 268          $query = $db->query("
 269              SELECT q.*, s.sid
 270              FROM ".TABLE_PREFIX."questionsessions s
 271              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 272              WHERE q.active='1' AND s.sid='{$question_id}'
 273          ");
 274          if($db->num_rows($query) > 0)
 275          {
 276              $question = $db->fetch_array($query);
 277              $valid_answers = explode("\n", $question['answer']);
 278              $validated = 0;
 279  
 280              foreach($valid_answers as $answers)
 281              {
 282                  if(my_strtolower($answers) == my_strtolower($answer))
 283                  {
 284                      $validated = 1;
 285                  }
 286              }
 287  
 288              if($validated != 1)
 289              {
 290                  $update_question = array(
 291                      "incorrect" => $question['incorrect'] + 1
 292                  );
 293                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 294  
 295                  $errors[] = $lang->error_question_wrong;
 296              }
 297              else
 298              {
 299                  $update_question = array(
 300                      "correct" => $question['correct'] + 1
 301                  );
 302                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 303              }
 304  
 305              $db->delete_query("questionsessions", "sid='{$question_id}'");
 306          }
 307      }
 308  
 309      $regerrors = '';
 310      if(!empty($errors))
 311      {
 312          $username = htmlspecialchars_uni($mybb->get_input('username'));
 313          $email = htmlspecialchars_uni($mybb->get_input('email'));
 314          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 315          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 316  
 317          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 318          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 319  
 320          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 321          {
 322              $allownoticescheck = "checked=\"checked\"";
 323          }
 324  
 325          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 326          {
 327              $hideemailcheck = "checked=\"checked\"";
 328          }
 329  
 330          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 331          {
 332              $no_subscribe_selected = "selected=\"selected\"";
 333          }
 334          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 335          {
 336              $instant_email_subscribe_selected = "selected=\"selected\"";
 337          }
 338          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 339          {
 340              $instant_pm_subscribe_selected = "selected=\"selected\"";
 341          }
 342          else
 343          {
 344              $no_auto_subscribe_selected = "selected=\"selected\"";
 345          }
 346  
 347          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 348          {
 349              $receivepmscheck = "checked=\"checked\"";
 350          }
 351  
 352          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 353          {
 354              $pmnoticecheck = " checked=\"checked\"";
 355          }
 356  
 357          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 358          {
 359              $pmnotifycheck = "checked=\"checked\"";
 360          }
 361  
 362          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 363          {
 364              $invisiblecheck = "checked=\"checked\"";
 365          }
 366  
 367          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 368          {
 369              $dst_auto_selected = "selected=\"selected\"";
 370          }
 371          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 372          {
 373              $dst_enabled_selected = "selected=\"selected\"";
 374          }
 375          else
 376          {
 377              $dst_disabled_selected = "selected=\"selected\"";
 378          }
 379  
 380          $regerrors = inline_error($errors);
 381          $mybb->input['action'] = "register";
 382          $fromreg = 1;
 383      }
 384      else
 385      {
 386          $user_info = $userhandler->insert_user();
 387  
 388          // Invalidate solved captcha
 389          if($mybb->settings['captchaimage'])
 390          {
 391              $captcha->invalidate_captcha();
 392          }
 393  
 394          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 395          {
 396              // Log them in
 397              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 398          }
 399  
 400          if(isset($mybb->cookies['coppauser']))
 401          {
 402              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 403              my_unsetcookie("coppauser");
 404              my_unsetcookie("coppadob");
 405              $plugins->run_hooks("member_do_register_end");
 406              error($lang->redirect_registered_coppa_activate);
 407          }
 408          else if($mybb->settings['regtype'] == "verify")
 409          {
 410              $activationcode = random_str();
 411              $now = TIME_NOW;
 412              $activationarray = array(
 413                  "uid" => $user_info['uid'],
 414                  "dateline" => TIME_NOW,
 415                  "code" => $activationcode,
 416                  "type" => "r"
 417              );
 418              $db->insert_query("awaitingactivation", $activationarray);
 419              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 420              switch($mybb->settings['username_method'])
 421              {
 422                  case 0:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 1:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  case 2:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431                  default:
 432                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 433                      break;
 434              }
 435              my_mail($user_info['email'], $emailsubject, $emailmessage);
 436  
 437              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 438  
 439              $plugins->run_hooks("member_do_register_end");
 440  
 441              error($lang->redirect_registered_activation);
 442          }
 443          else if($mybb->settings['regtype'] == "randompass")
 444          {
 445              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 446              switch($mybb->settings['username_method'])
 447              {
 448                  case 0:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 450                      break;
 451                  case 1:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 453                      break;
 454                  case 2:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 456                      break;
 457                  default:
 458                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 459                      break;
 460              }
 461              my_mail($user_info['email'], $emailsubject, $emailmessage);
 462  
 463              $plugins->run_hooks("member_do_register_end");
 464  
 465              error($lang->redirect_registered_passwordsent);
 466          }
 467          else if($mybb->settings['regtype'] == "admin")
 468          {
 469              $groups = $cache->read("usergroups");
 470              $admingroups = array();
 471              if(!empty($groups)) // Shouldn't be...
 472              {
 473                  foreach($groups as $group)
 474                  {
 475                      if($group['cancp'] == 1)
 476                      {
 477                          $admingroups[] = (int)$group['gid'];
 478                      }
 479                  }
 480              }
 481  
 482              if(!empty($admingroups))
 483              {
 484                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 485                  foreach($admingroups as $admingroup)
 486                  {
 487                      switch($db->type)
 488                      {
 489                          case 'pgsql':
 490                          case 'sqlite':
 491                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 492                              break;
 493                          default:
 494                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 495                              break;
 496                      }
 497                  }
 498                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 499                  while($recipient = $db->fetch_array($q))
 500                  {
 501                      // First we check if the user's a super admin: if yes, we don't care about permissions
 502                      $is_super_admin = is_super_admin($recipient['uid']);
 503                      if(!$is_super_admin)
 504                      {
 505                          // Include admin functions
 506                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 507                          {
 508                              continue;
 509                          }
 510  
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 512  
 513                          // Verify if we have permissions to access user-users
 514                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 515                          if(function_exists("user_admin_permissions"))
 516                          {
 517                              // Get admin permissions
 518                              $adminperms = get_admin_permissions($recipient['uid']);
 519  
 520                              $permissions = user_admin_permissions();
 521                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 522                              {
 523                                  continue; // No permissions
 524                              }
 525                          }
 526                      }
 527  
 528                      // Load language
 529                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 530                      {
 531                          $reset_lang = true;
 532                          $lang->set_language($recipient['language']);
 533                          $lang->load("member");
 534                      }
 535  
 536                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 537                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 538                      my_mail($recipient['email'], $subject, $message);
 539                  }
 540  
 541                  // Reset language
 542                  if(isset($reset_lang))
 543                  {
 544                      $lang->set_language($mybb->settings['bblanguage']);
 545                      $lang->load("member");
 546                  }
 547              }
 548  
 549              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 550  
 551              $plugins->run_hooks("member_do_register_end");
 552  
 553              error($lang->redirect_registered_admin_activate);
 554          }
 555          else if($mybb->settings['regtype'] == "both")
 556          {
 557              $groups = $cache->read("usergroups");
 558              $admingroups = array();
 559              if(!empty($groups)) // Shouldn't be...
 560              {
 561                  foreach($groups as $group)
 562                  {
 563                      if($group['cancp'] == 1)
 564                      {
 565                          $admingroups[] = (int)$group['gid'];
 566                      }
 567                  }
 568              }
 569  
 570              if(!empty($admingroups))
 571              {
 572                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 573                  foreach($admingroups as $admingroup)
 574                  {
 575                      switch($db->type)
 576                      {
 577                          case 'pgsql':
 578                          case 'sqlite':
 579                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 580                              break;
 581                          default:
 582                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 583                              break;
 584                      }
 585                  }
 586                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 587                  while($recipient = $db->fetch_array($q))
 588                  {
 589                      // First we check if the user's a super admin: if yes, we don't care about permissions
 590                      $is_super_admin = is_super_admin($recipient['uid']);
 591                      if(!$is_super_admin)
 592                      {
 593                          // Include admin functions
 594                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 595                          {
 596                              continue;
 597                          }
 598  
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 600  
 601                          // Verify if we have permissions to access user-users
 602                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 603                              // Get admin permissions
 604                              $adminperms = get_admin_permissions($recipient['uid']);
 605                              if(empty($adminperms['user']['users']) || $adminperms['user']['users'] != 1)
 606                              {
 607                                  continue; // No permissions
 608                              }
 609                      }
 610  
 611                      // Load language
 612                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 613                      {
 614                          $reset_lang = true;
 615                          $lang->set_language($recipient['language']);
 616                          $lang->load("member");
 617                      }
 618  
 619                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 620                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 621                      my_mail($recipient['email'], $subject, $message);
 622                  }
 623  
 624                  // Reset language
 625                  if(isset($reset_lang))
 626                  {
 627                      $lang->set_language($mybb->settings['bblanguage']);
 628                      $lang->load("member");
 629                  }
 630              }
 631  
 632              $activationcode = random_str();
 633              $activationarray = array(
 634                  "uid" => $user_info['uid'],
 635                  "dateline" => TIME_NOW,
 636                  "code" => $activationcode,
 637                  "type" => "b"
 638              );
 639              $db->insert_query("awaitingactivation", $activationarray);
 640              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 641              switch($mybb->settings['username_method'])
 642              {
 643                  case 0:
 644                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 645                      break;
 646                  case 1:
 647                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 648                      break;
 649                  case 2:
 650                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 651                      break;
 652                  default:
 653                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 654                      break;
 655              }
 656              my_mail($user_info['email'], $emailsubject, $emailmessage);
 657  
 658              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 659  
 660              $plugins->run_hooks("member_do_register_end");
 661  
 662              error($lang->redirect_registered_activation);
 663          }
 664          else
 665          {
 666              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 667  
 668              $plugins->run_hooks("member_do_register_end");
 669  
 670              redirect("index.php", $lang->redirect_registered);
 671          }
 672      }
 673  }
 674  
 675  if($mybb->input['action'] == "coppa_form")
 676  {
 677      if(!$mybb->settings['faxno'])
 678      {
 679          $mybb->settings['faxno'] = "&nbsp;";
 680      }
 681  
 682      $plugins->run_hooks("member_coppa_form");
 683  
 684      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 685      output_page($coppa_form);
 686  }
 687  
 688  if($mybb->input['action'] == "register")
 689  {
 690      $bdaysel = '';
 691      if($mybb->settings['coppa'] == "disabled")
 692      {
 693          $bdaysel = $bday2blank = '';
 694      }
 695      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 696      for($day = 1; $day <= 31; ++$day)
 697      {
 698          $selected = '';
 699          if($mybb->input['bday1'] == $day)
 700          {
 701              $selected = " selected=\"selected\"";
 702          }
 703  
 704          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 705      }
 706  
 707      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 708      $bdaymonthsel = array();
 709      foreach(range(1, 12) as $number)
 710      {
 711          $bdaymonthsel[$number] = '';
 712      }
 713      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 714      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 715  
 716      if($birthday_year == 0)
 717      {
 718          $birthday_year = '';
 719      }
 720  
 721      // Is COPPA checking enabled?
 722      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 723      {
 724          // Just selected DOB, we check
 725          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 726          {
 727              my_unsetcookie("coppauser");
 728  
 729              $months = get_bdays($birthday_year);
 730              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 731              {
 732                  error($lang->error_invalid_birthday);
 733              }
 734  
 735              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 736  
 737              // Store DOB in cookie so we can save it with the registration
 738              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 739  
 740              // User is <= 13, we mark as a coppa user
 741              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 742              {
 743                  my_setcookie("coppauser", 1, -0);
 744                  $under_thirteen = true;
 745              }
 746              $mybb->request_method = "";
 747          }
 748          // Show DOB select form
 749          else
 750          {
 751              $plugins->run_hooks("member_register_coppa");
 752  
 753              my_unsetcookie("coppauser");
 754  
 755              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 756              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 757              output_page($coppa);
 758              exit;
 759          }
 760      }
 761  
 762      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 763      {
 764          $coppa_agreement = '';
 765          // Is this user a COPPA user? We need to show the COPPA agreement too
 766          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 767          {
 768              if($mybb->settings['coppa'] == "deny")
 769              {
 770                  error($lang->error_need_to_be_thirteen);
 771              }
 772              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 773              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 774          }
 775  
 776          $plugins->run_hooks("member_register_agreement");
 777  
 778          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 779          output_page($agreement);
 780      }
 781      else
 782      {
 783          $plugins->run_hooks("member_register_start");
 784  
 785          // JS validator extra
 786          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 787          {
 788              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 789          }
 790  
 791          if(isset($mybb->input['timezoneoffset']))
 792          {
 793              $timezoneoffset = $mybb->get_input('timezoneoffset');
 794          }
 795          else
 796          {
 797              $timezoneoffset = $mybb->settings['timezoneoffset'];
 798          }
 799          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 800  
 801          $stylelist = build_theme_select("style");
 802  
 803          if($mybb->settings['usertppoptions'])
 804          {
 805              $tppoptions = '';
 806              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 807              if(is_array($explodedtpp))
 808              {
 809                  foreach($explodedtpp as $val)
 810                  {
 811                      $val = trim($val);
 812                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 813                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 814                  }
 815              }
 816              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 817          }
 818          if($mybb->settings['userpppoptions'])
 819          {
 820              $pppoptions = '';
 821              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 822              if(is_array($explodedppp))
 823              {
 824                  foreach($explodedppp as $val)
 825                  {
 826                      $val = trim($val);
 827                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 828                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 829                  }
 830              }
 831              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 832          }
 833          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 834          {
 835              if(isset($mybb->cookies['mybb']['referrer']))
 836              {
 837                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 838                  $ref = $db->fetch_array($query);
 839                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 840                  $referrername = $ref['username'];
 841              }
 842              elseif(isset($referrer))
 843              {
 844                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 845                  $ref = $db->fetch_array($query);
 846                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 847                  $referrername = $ref['username'];
 848              }
 849              elseif(!empty($referrername))
 850              {
 851                  $ref = get_user_by_username($referrername);
 852                  if(!$ref['uid'])
 853                  {
 854                      $errors[] = $lang->error_badreferrer;
 855                  }
 856              }
 857              else
 858              {
 859                  $referrername = '';
 860              }
 861              if(isset($quickreg))
 862              {
 863                  $refbg = "trow1";
 864              }
 865              else
 866              {
 867                  $refbg = "trow2";
 868              }
 869              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 870          }
 871          else
 872          {
 873              $referrer = '';
 874          }
 875          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 876          // Custom profile fields baby!
 877          $altbg = "trow1";
 878          $requiredfields = $customfields = '';
 879  
 880          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 881          {
 882              $usergroup = 5;
 883          }
 884          else
 885          {
 886              $usergroup = 2;
 887          }
 888  
 889          $pfcache = $cache->read('profilefields');
 890  
 891          if(is_array($pfcache))
 892          {
 893              $jsvar_reqfields = array();
 894              foreach($pfcache as $profilefield)
 895              {
 896                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 897                  {
 898                      continue;
 899                  }
 900  
 901                  $code = $select = $val = $options = $expoptions = $useropts = '';
 902                  $seloptions = array();
 903                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 904                  $thing = explode("\n", $profilefield['type'], "2");
 905                  $type = trim($thing[0]);
 906                  $options = $thing[1];
 907                  $select = '';
 908                  $field = "fid{$profilefield['fid']}";
 909                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 910                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 911                  if(!empty($errors) && isset($mybb->input['profile_fields'][$field]))
 912                  {
 913                      $userfield = $mybb->input['profile_fields'][$field];
 914                  }
 915                  else
 916                  {
 917                      $userfield = '';
 918                  }
 919                  if($type == "multiselect")
 920                  {
 921                      if(!empty($errors))
 922                      {
 923                          $useropts = $userfield;
 924                      }
 925                      else
 926                      {
 927                          $useropts = explode("\n", $userfield);
 928                      }
 929                      if(is_array($useropts))
 930                      {
 931                          foreach($useropts as $key => $val)
 932                          {
 933                              $seloptions[$val] = $val;
 934                          }
 935                      }
 936                      $expoptions = explode("\n", $options);
 937                      if(is_array($expoptions))
 938                      {
 939                          foreach($expoptions as $key => $val)
 940                          {
 941                              $val = trim($val);
 942                              $val = str_replace("\n", "\\n", $val);
 943  
 944                              $sel = "";
 945                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
 946                              {
 947                                  $sel = ' selected="selected"';
 948                              }
 949  
 950                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 951                          }
 952                          if(!$profilefield['length'])
 953                          {
 954                              $profilefield['length'] = 3;
 955                          }
 956  
 957                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 958                      }
 959                  }
 960                  elseif($type == "select")
 961                  {
 962                      $expoptions = explode("\n", $options);
 963                      if(is_array($expoptions))
 964                      {
 965                          foreach($expoptions as $key => $val)
 966                          {
 967                              $val = trim($val);
 968                              $val = str_replace("\n", "\\n", $val);
 969                              $sel = "";
 970                              if($val == $userfield)
 971                              {
 972                                  $sel = ' selected="selected"';
 973                              }
 974  
 975                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 976                          }
 977                          if(!$profilefield['length'])
 978                          {
 979                              $profilefield['length'] = 1;
 980                          }
 981  
 982                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 983                      }
 984                  }
 985                  elseif($type == "radio")
 986                  {
 987                      $expoptions = explode("\n", $options);
 988                      if(is_array($expoptions))
 989                      {
 990                          foreach($expoptions as $key => $val)
 991                          {
 992                              $checked = "";
 993                              if($val == $userfield)
 994                              {
 995                                  $checked = 'checked="checked"';
 996                              }
 997  
 998                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 999                          }
1000                      }
1001                  }
1002                  elseif($type == "checkbox")
1003                  {
1004                      if(!empty($errors))
1005                      {
1006                          $useropts = $userfield;
1007                      }
1008                      else
1009                      {
1010                          $useropts = explode("\n", $userfield);
1011                      }
1012                      if(is_array($useropts))
1013                      {
1014                          foreach($useropts as $key => $val)
1015                          {
1016                              $seloptions[$val] = $val;
1017                          }
1018                      }
1019                      $expoptions = explode("\n", $options);
1020                      if(is_array($expoptions))
1021                      {
1022                          foreach($expoptions as $key => $val)
1023                          {
1024                              $checked = "";
1025                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1026                              {
1027                                  $checked = 'checked="checked"';
1028                              }
1029  
1030                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1031                          }
1032                      }
1033                  }
1034                  elseif($type == "textarea")
1035                  {
1036                      $value = htmlspecialchars_uni($userfield);
1037                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1038                  }
1039                  else
1040                  {
1041                      $value = htmlspecialchars_uni($userfield);
1042                      $maxlength = "";
1043                      if($profilefield['maxlength'] > 0)
1044                      {
1045                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1046                      }
1047  
1048                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1049                  }
1050  
1051                  if($profilefield['required'] == 1)
1052                  {
1053                      // JS validator extra, choose correct selectors for everything except single select which always has value
1054                      if($type != 'select')
1055                      {
1056                          $jsvar_reqfields[] = array(
1057                              'type' => $type,
1058                              'fid' => $field,
1059                          );
1060                      }
1061  
1062                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1063                  }
1064                  else
1065                  {
1066                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1067                  }
1068              }
1069  
1070              if($requiredfields)
1071              {
1072                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1073              }
1074  
1075              if($customfields)
1076              {
1077                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1078              }
1079          }
1080  
1081          if(!isset($fromreg) || $fromreg == 0)
1082          {
1083              $allownoticescheck = "checked=\"checked\"";
1084              $hideemailcheck = '';
1085              $receivepmscheck = "checked=\"checked\"";
1086              $pmnoticecheck = " checked=\"checked\"";
1087              $pmnotifycheck = '';
1088              $invisiblecheck = '';
1089              if($mybb->settings['dstcorrection'] == 1)
1090              {
1091                  $enabledstcheck = "checked=\"checked\"";
1092              }
1093              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1094              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1095              $username = $email = $email2 = '';
1096              $regerrors = '';
1097          }
1098          // Spambot registration image thingy
1099          $captcha_html = 0;
1100          $regimage = '';
1101          if($mybb->settings['captchaimage'])
1102          {
1103              require_once  MYBB_ROOT.'inc/class_captcha.php';
1104              $captcha = new captcha(true, "member_register_regimage");
1105  
1106              if($captcha->html)
1107              {
1108                  $captcha_html = 1;
1109                  $regimage = $captcha->html;
1110              }
1111          }
1112  
1113          // Security Question
1114          $questionbox = '';
1115          $question_exists = 0;
1116          if($mybb->settings['securityquestion'])
1117          {
1118              $sid = generate_question();
1119              $query = $db->query("
1120                  SELECT q.question, s.sid
1121                  FROM ".TABLE_PREFIX."questionsessions s
1122                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1123                  WHERE q.active='1' AND s.sid='{$sid}'
1124              ");
1125              if($db->num_rows($query) > 0)
1126              {
1127                  $question_exists = 1;
1128                  $question = $db->fetch_array($query);
1129  
1130                  //Set parser options for security question
1131                  $parser_options = array(
1132                      "allow_html" => 0,
1133                      "allow_mycode" => 1,
1134                      "allow_smilies" => 1,
1135                      "allow_imgcode" => 1,
1136                      "allow_videocode" => 1,
1137                      "filter_badwords" => 1,
1138                      "me_username" => 0,
1139                      "shorten_urls" => 0,
1140                      "highlight" => 0,
1141                  );
1142  
1143                  //Parse question
1144                  $question['question'] = $parser->parse_message($question['question'], $parser_options);
1145                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1146  
1147                  $refresh = '';
1148                  // Total questions
1149                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1150                  $num = $db->fetch_field($q, 'num');
1151                  if($num > 1)
1152                  {
1153                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1154                  }
1155  
1156                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1157              }
1158          }
1159  
1160          $hiddencaptcha = '';
1161          // Hidden CAPTCHA for Spambots
1162          if($mybb->settings['hiddencaptchaimage'])
1163          {
1164              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1165  
1166              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1167          }
1168          if($mybb->settings['regtype'] != "randompass")
1169          {
1170              // JS validator extra
1171              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1172  
1173              // See if the board has "require complex passwords" enabled.
1174              if($mybb->settings['requirecomplexpasswords'] == 1)
1175              {
1176                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1177              }
1178              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1179          }
1180  
1181          $languages = $lang->get_languages();
1182          $langoptions = $boardlanguage = '';
1183          if(count($languages) > 1)
1184          {
1185              foreach($languages as $name => $language)
1186              {
1187                  $language = htmlspecialchars_uni($language);
1188  
1189                  $sel = '';
1190                  if($mybb->get_input('language') == $name)
1191                  {
1192                      $sel = " selected=\"selected\"";
1193                  }
1194  
1195                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1196              }
1197  
1198              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1199          }
1200  
1201          // Set the time so we can find automated signups
1202          $time = TIME_NOW;
1203  
1204          $plugins->run_hooks("member_register_end");
1205  
1206          $jsvar_reqfields = json_encode($jsvar_reqfields);
1207  
1208          $validator_javascript = "<script type=\"text/javascript\">
1209              var regsettings = {
1210                  requiredfields: '{$jsvar_reqfields}',
1211                  minnamelength: '{$mybb->settings['minnamelength']}',
1212                  maxnamelength: '{$mybb->settings['maxnamelength']}',
1213                  minpasswordlength: '{$mybb->settings['minpasswordlength']}',
1214                  captchaimage: '{$mybb->settings['captchaimage']}',
1215                  captchahtml: '{$captcha_html}',
1216                  securityquestion: '{$mybb->settings['securityquestion']}',
1217                  questionexists: '{$question_exists}',
1218                  requirecomplexpasswords: '{$mybb->settings['requirecomplexpasswords']}',
1219                  regtype: '{$mybb->settings['regtype']}',
1220                  hiddencaptchaimage: '{$mybb->settings['hiddencaptchaimage']}'
1221              };
1222  
1223              lang.js_validator_no_username = '{$lang->js_validator_no_username}';
1224              lang.js_validator_username_length = '{$lang->js_validator_username_length}';
1225              lang.js_validator_invalid_email = '{$lang->js_validator_invalid_email}';
1226              lang.js_validator_email_match = '{$lang->js_validator_email_match}';
1227              lang.js_validator_not_empty = '{$lang->js_validator_not_empty}';
1228              lang.js_validator_password_length = '{$lang->js_validator_password_length}';
1229              lang.js_validator_password_matches = '{$lang->js_validator_password_matches}';
1230              lang.js_validator_no_image_text = '{$lang->js_validator_no_image_text}';
1231              lang.js_validator_no_security_question = '{$lang->js_validator_no_security_question}';
1232              lang.js_validator_bad_password_security = '{$lang->js_validator_bad_password_security}';
1233          </script>\n";
1234  
1235          eval("\$registration = \"".$templates->get("member_register")."\";");
1236          output_page($registration);
1237      }
1238  }
1239  
1240  if($mybb->input['action'] == "activate")
1241  {
1242      $plugins->run_hooks("member_activate_start");
1243  
1244      if(isset($mybb->input['username']))
1245      {
1246          $mybb->input['username'] = $mybb->get_input('username');
1247          $options = array(
1248              'username_method' => $mybb->settings['username_method'],
1249              'fields' => '*',
1250          );
1251          $user = get_user_by_username($mybb->input['username'], $options);
1252          if(!$user)
1253          {
1254              switch($mybb->settings['username_method'])
1255              {
1256                  case 0:
1257                      error($lang->error_invalidpworusername);
1258                      break;
1259                  case 1:
1260                      error($lang->error_invalidpworusername1);
1261                      break;
1262                  case 2:
1263                      error($lang->error_invalidpworusername2);
1264                      break;
1265                  default:
1266                      error($lang->error_invalidpworusername);
1267                      break;
1268              }
1269          }
1270          $uid = $user['uid'];
1271      }
1272      else
1273      {
1274          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1275      }
1276      if(isset($mybb->input['code']) && $user)
1277      {
1278          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1279          $activation = $db->fetch_array($query);
1280          if(!$activation['uid'])
1281          {
1282              error($lang->error_alreadyactivated);
1283          }
1284          if($activation['code'] !== $mybb->get_input('code'))
1285          {
1286              error($lang->error_badactivationcode);
1287          }
1288  
1289          if($activation['type'] == "b" && $activation['validated'] == 1)
1290          {
1291              error($lang->error_alreadyvalidated);
1292          }
1293  
1294          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1295  
1296          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1297          {
1298              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1299  
1300              $cache->update_awaitingactivation();
1301          }
1302          if($activation['type'] == "e")
1303          {
1304              $newemail = array(
1305                  "email" => $db->escape_string($activation['misc']),
1306              );
1307              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1308              $plugins->run_hooks("member_activate_emailupdated");
1309  
1310              redirect("usercp.php", $lang->redirect_emailupdated);
1311          }
1312          elseif($activation['type'] == "b")
1313          {
1314              $update = array(
1315                  "validated" => 1,
1316              );
1317              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1318              $plugins->run_hooks("member_activate_emailactivated");
1319  
1320              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1321          }
1322          else
1323          {
1324              $plugins->run_hooks("member_activate_accountactivated");
1325  
1326              redirect("index.php", $lang->redirect_accountactivated);
1327          }
1328      }
1329      else
1330      {
1331          $plugins->run_hooks("member_activate_form");
1332  
1333          $code = htmlspecialchars_uni($mybb->get_input('code'));
1334  
1335          if(!isset($user['username']))
1336          {
1337              $user['username'] = '';
1338          }
1339          $user['username'] = htmlspecialchars_uni($user['username']);
1340  
1341          eval("\$activate = \"".$templates->get("member_activate")."\";");
1342          output_page($activate);
1343      }
1344  }
1345  
1346  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1347  {
1348      $plugins->run_hooks("member_do_resendactivation_start");
1349  
1350      if($mybb->settings['regtype'] == "admin")
1351      {
1352          error($lang->error_activated_by_admin);
1353      }
1354  
1355      $errors = array();
1356  
1357      if($mybb->settings['captchaimage'])
1358      {
1359          require_once  MYBB_ROOT.'inc/class_captcha.php';
1360          $captcha = new captcha;
1361  
1362          if($captcha->validate_captcha() == false)
1363          {
1364              // CAPTCHA validation failed
1365              foreach($captcha->get_errors() as $error)
1366              {
1367                  $errors[] = $error;
1368              }
1369          }
1370      }
1371  
1372      $query = $db->query("
1373          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1374          FROM ".TABLE_PREFIX."users u
1375          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND (a.type='r' OR a.type='b'))
1376          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1377      ");
1378      $numusers = $db->num_rows($query);
1379      if($numusers < 1)
1380      {
1381          error($lang->error_invalidemail);
1382      }
1383      else
1384      {
1385          if(count($errors) == 0)
1386          {
1387              while($user = $db->fetch_array($query))
1388              {
1389                  if($user['type'] == "b" && $user['validated'] == 1)
1390                  {
1391                      error($lang->error_activated_by_admin);
1392                  }
1393  
1394                  if($user['usergroup'] == 5)
1395                  {
1396                      if(!$user['code'])
1397                      {
1398                          $user['code'] = random_str();
1399                          $uid = $user['uid'];
1400                          $awaitingarray = array(
1401                              "uid" => $uid,
1402                              "dateline" => TIME_NOW,
1403                              "code" => $user['code'],
1404                              "type" => $user['type']
1405                          );
1406                          $db->insert_query("awaitingactivation", $awaitingarray);
1407                      }
1408                      $username = $user['username'];
1409                      $email = $user['email'];
1410                      $activationcode = $user['code'];
1411                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1412                      switch($mybb->settings['username_method'])
1413                      {
1414                          case 0:
1415                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1416                              break;
1417                          case 1:
1418                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1419                              break;
1420                          case 2:
1421                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1422                              break;
1423                          default:
1424                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1425                              break;
1426                      }
1427                      my_mail($email, $emailsubject, $emailmessage);
1428                  }
1429              }
1430  
1431              $plugins->run_hooks("member_do_resendactivation_end");
1432  
1433              redirect("index.php", $lang->redirect_activationresent);
1434          }
1435          else
1436          {
1437              $mybb->input['action'] = "resendactivation";
1438          }
1439      }
1440  }
1441  
1442  if($mybb->input['action'] == "resendactivation")
1443  {
1444      $plugins->run_hooks("member_resendactivation");
1445  
1446      if($mybb->settings['regtype'] == "admin")
1447      {
1448          error($lang->error_activated_by_admin);
1449      }
1450  
1451      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1452      {
1453          error($lang->error_alreadyactivated);
1454      }
1455  
1456      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1457      $activation = $db->fetch_array($query);
1458  
1459      if($activation['validated'] == 1)
1460      {
1461          error($lang->error_activated_by_admin);
1462      }
1463  
1464      $captcha = '';
1465      // Generate CAPTCHA?
1466      if($mybb->settings['captchaimage'])
1467      {
1468          require_once  MYBB_ROOT.'inc/class_captcha.php';
1469          $post_captcha = new captcha(true, "post_captcha");
1470  
1471          if($post_captcha->html)
1472          {
1473              $captcha = $post_captcha->html;
1474          }
1475      }
1476  
1477      if(isset($errors) && count($errors) > 0)
1478      {
1479          $errors = inline_error($errors);
1480          $email = htmlspecialchars_uni($mybb->get_input('email'));
1481      }
1482      else
1483      {
1484          $errors = '';
1485          $email = '';
1486      }
1487  
1488      $plugins->run_hooks("member_resendactivation_end");
1489  
1490      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1491      output_page($activate);
1492  }
1493  
1494  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1495  {
1496      $plugins->run_hooks("member_do_lostpw_start");
1497  
1498      $errors = array();
1499  
1500      if($mybb->settings['captchaimage'])
1501      {
1502          require_once  MYBB_ROOT.'inc/class_captcha.php';
1503          $captcha = new captcha;
1504  
1505          if($captcha->validate_captcha() == false)
1506          {
1507              // CAPTCHA validation failed
1508              foreach($captcha->get_errors() as $error)
1509              {
1510                  $errors[] = $error;
1511              }
1512          }
1513      }
1514  
1515      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1516      $numusers = $db->num_rows($query);
1517      if($numusers < 1)
1518      {
1519          error($lang->error_invalidemail);
1520      }
1521      else
1522      {
1523          if(count($errors) == 0)
1524          {
1525              while($user = $db->fetch_array($query))
1526              {
1527                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1528                  $user['activationcode'] = random_str(30);
1529                  $now = TIME_NOW;
1530                  $uid = $user['uid'];
1531                  $awaitingarray = array(
1532                      "uid" => $user['uid'],
1533                      "dateline" => TIME_NOW,
1534                      "code" => $user['activationcode'],
1535                      "type" => "p"
1536                  );
1537                  $db->insert_query("awaitingactivation", $awaitingarray);
1538                  $username = $user['username'];
1539                  $email = $user['email'];
1540                  $activationcode = $user['activationcode'];
1541                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1542                  switch($mybb->settings['username_method'])
1543                  {
1544                      case 0:
1545                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1546                          break;
1547                      case 1:
1548                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1549                          break;
1550                      case 2:
1551                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1552                          break;
1553                      default:
1554                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1555                          break;
1556                  }
1557                  my_mail($email, $emailsubject, $emailmessage);
1558              }
1559  
1560              $plugins->run_hooks("member_do_lostpw_end");
1561  
1562              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1563          }
1564          else
1565          {
1566              $mybb->input['action'] = "lostpw";
1567          }
1568      }
1569  }
1570  
1571  if($mybb->input['action'] == "lostpw")
1572  {
1573      $plugins->run_hooks("member_lostpw");
1574  
1575      $captcha = '';
1576      // Generate CAPTCHA?
1577      if($mybb->settings['captchaimage'])
1578      {
1579          require_once  MYBB_ROOT.'inc/class_captcha.php';
1580          $post_captcha = new captcha(true, "post_captcha");
1581  
1582          if($post_captcha->html)
1583          {
1584              $captcha = $post_captcha->html;
1585          }
1586      }
1587  
1588      if(isset($errors) && count($errors) > 0)
1589      {
1590          $errors = inline_error($errors);
1591          $email = htmlspecialchars_uni($mybb->get_input('email'));
1592      }
1593      else
1594      {
1595          $errors = '';
1596          $email = '';
1597      }
1598  
1599      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1600      output_page($lostpw);
1601  }
1602  
1603  if($mybb->input['action'] == "resetpassword")
1604  {
1605      $plugins->run_hooks("member_resetpassword_start");
1606  
1607      if(isset($mybb->input['username']))
1608      {
1609          $mybb->input['username'] = $mybb->get_input('username');
1610          $options = array(
1611              'username_method' => $mybb->settings['username_method'],
1612              'fields' => '*',
1613          );
1614          $user = get_user_by_username($mybb->input['username'], $options);
1615          if(!$user)
1616          {
1617              switch($mybb->settings['username_method'])
1618              {
1619                  case 0:
1620                      error($lang->error_invalidpworusername);
1621                      break;
1622                  case 1:
1623                      error($lang->error_invalidpworusername1);
1624                      break;
1625                  case 2:
1626                      error($lang->error_invalidpworusername2);
1627                      break;
1628                  default:
1629                      error($lang->error_invalidpworusername);
1630                      break;
1631              }
1632          }
1633      }
1634      else
1635      {
1636          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1637      }
1638  
1639      if(isset($mybb->input['code']) && $user)
1640      {
1641          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1642          $activationcode = $db->fetch_field($query, 'code');
1643          $now = TIME_NOW;
1644          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1645          {
1646              error($lang->error_badlostpwcode);
1647          }
1648          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1649          $username = $user['username'];
1650  
1651          // Generate a new password, then update it
1652          $password_length = (int)$mybb->settings['minpasswordlength'];
1653  
1654          if($password_length < 8)
1655          {
1656              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1657          }
1658  
1659          // Set up user handler.
1660          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1661          $userhandler = new UserDataHandler('update');
1662  
1663          while(!$userhandler->verify_password())
1664          {
1665              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1666  
1667              $userhandler->set_data(array(
1668                  'uid'        => $user['uid'],
1669                  'username'    => $user['username'],
1670                  'email'        => $user['email'],
1671                  'password'    => $password
1672              ));
1673  
1674              $userhandler->set_validated(true);
1675              $userhandler->errors = array();
1676          }
1677  
1678          $userhandler->update_user();
1679  
1680          $logindetails = array(
1681              'salt'        => $userhandler->data['salt'],
1682              'password'    => $userhandler->data['saltedpw'],
1683              'loginkey'    => $userhandler->data['loginkey'],
1684          );
1685  
1686          $email = $user['email'];
1687  
1688          $plugins->run_hooks("member_resetpassword_process");
1689  
1690          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1691          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1692          my_mail($email, $emailsubject, $emailmessage);
1693  
1694          $plugins->run_hooks("member_resetpassword_reset");
1695  
1696          error($lang->redirect_passwordreset);
1697      }
1698      else
1699      {
1700          $plugins->run_hooks("member_resetpassword_form");
1701  
1702          switch($mybb->settings['username_method'])
1703          {
1704              case 0:
1705                  $lang_username = $lang->username;
1706                  break;
1707              case 1:
1708                  $lang_username = $lang->username1;
1709                  break;
1710              case 2:
1711                  $lang_username = $lang->username2;
1712                  break;
1713              default:
1714                  $lang_username = $lang->username;
1715                  break;
1716          }
1717  
1718          $code = htmlspecialchars_uni($mybb->get_input('code'));
1719  
1720          if(!isset($mybb->input['username']))
1721          {
1722              $input_username = '';
1723          }
1724          $input_username = htmlspecialchars_uni($mybb->input['username']);
1725  
1726          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1727          output_page($activate);
1728      }
1729  }
1730  
1731  $do_captcha = $correct = false;
1732  $inline_errors = "";
1733  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1734  {
1735      verify_post_check($mybb->get_input('my_post_key'));
1736  
1737      $errors = array();
1738  
1739      $plugins->run_hooks("member_do_login_start");
1740  
1741      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1742      $loginhandler = new LoginDataHandler("get");
1743  
1744      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1745      {
1746          $mybb->input['password'] = $mybb->get_input('quick_password');
1747          $mybb->input['username'] = $mybb->get_input('quick_username');
1748          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1749      }
1750  
1751      $user = array(
1752          'username' => $mybb->get_input('username'),
1753          'password' => $mybb->get_input('password'),
1754          'remember' => $mybb->get_input('remember'),
1755          'imagestring' => $mybb->get_input('imagestring')
1756      );
1757  
1758      $options = array(
1759          'fields' => 'loginattempts',
1760          'username_method' => (int)$mybb->settings['username_method'],
1761      );
1762  
1763      $user_loginattempts = get_user_by_username($user['username'], $options);
1764      if(!empty($user_loginattempts))
1765      {
1766          $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1767      }
1768  
1769      $loginhandler->set_data($user);
1770      $validated = $loginhandler->validate_login();
1771  
1772      if(!$validated)
1773      {
1774          $mybb->input['action'] = "login";
1775          $mybb->request_method = "get";
1776  
1777          $login_user_uid = 0;
1778          if(!empty($loginhandler->login_data))
1779          {
1780              $login_user_uid = (int)$loginhandler->login_data['uid'];
1781              $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1782          }
1783  
1784          // Is a fatal call if user has had too many tries
1785          $logins = login_attempt_check($login_user_uid);
1786  
1787          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".$login_user_uid."'", 1, true);
1788  
1789          $errors = $loginhandler->get_friendly_errors();
1790  
1791          // If we need a captcha set it here
1792          if(
1793              $mybb->settings['failedcaptchalogincount'] > 0 &&
1794              (
1795                  (
1796                      isset($user['loginattempts']) &&
1797                      $user['loginattempts'] > $mybb->settings['failedcaptchalogincount']
1798                  ) ||
1799                  (
1800                      isset($mybb->cookies['loginattempts']) &&
1801                      (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']
1802                  )
1803              )
1804          )
1805          {
1806              $do_captcha = true;
1807              $correct = $loginhandler->captcha_verified;
1808          }
1809      }
1810      else if($validated && $loginhandler->captcha_verified == true)
1811      {
1812          // Successful login
1813          if($loginhandler->login_data['coppauser'])
1814          {
1815              error($lang->error_awaitingcoppa);
1816          }
1817  
1818          $loginhandler->complete_login();
1819  
1820          $plugins->run_hooks("member_do_login_end");
1821  
1822          $mybb->input['url'] = $mybb->get_input('url');
1823  
1824          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1825          {
1826              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1827              {
1828                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1829              }
1830  
1831              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1832  
1833              if(my_strpos($mybb->input['url'], $mybb->settings['bburl'].'/') !== 0)
1834              {
1835                  if(my_strpos($mybb->input['url'], '/') === 0)
1836                  {
1837                      $mybb->input['url'] = my_substr($mybb->input['url'], 1);
1838                  }
1839                  $url_segments = explode('/', $mybb->input['url']);
1840                  $mybb->input['url'] = $mybb->settings['bburl'].'/'.end($url_segments);
1841              }
1842  
1843              // Redirect to the URL if it is not member.php
1844              redirect($mybb->input['url'], $lang->redirect_loggedin);
1845          }
1846          else
1847          {
1848  
1849              redirect("index.php", $lang->redirect_loggedin);
1850          }
1851      }
1852  
1853      $plugins->run_hooks("member_do_login_end");
1854  }
1855  
1856  if($mybb->input['action'] == "login")
1857  {
1858      $plugins->run_hooks("member_login");
1859  
1860      $member_loggedin_notice = "";
1861      if($mybb->user['uid'] != 0)
1862      {
1863          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1864          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1865          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1866      }
1867  
1868      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1869      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1870      // and we can't check loginattempts in the db
1871      login_attempt_check();
1872  
1873      // Redirect to the page where the user came from, but not if that was the login page.
1874      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1875      {
1876          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1877      }
1878      else
1879      {
1880          $redirect_url = '';
1881      }
1882  
1883      $captcha = '';
1884      // Show captcha image for guests if enabled and only if we have to do
1885      if($mybb->settings['captchaimage'] && $do_captcha == true)
1886      {
1887          require_once  MYBB_ROOT.'inc/class_captcha.php';
1888          $login_captcha = new captcha(false, "post_captcha");
1889  
1890          if($login_captcha->type == captcha::DEFAULT_CAPTCHA)
1891          {
1892              if(!$correct)
1893              {
1894                  $login_captcha->build_captcha();
1895              }
1896              else
1897              {
1898                  $captcha = $login_captcha->build_hidden_captcha();
1899              }
1900          }
1901          elseif(in_array($login_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1902          {
1903              $login_captcha->build_recaptcha();
1904          }
1905          elseif(in_array($login_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1906          {
1907              $login_captcha->build_hcaptcha();
1908          }
1909  
1910          if($login_captcha->html)
1911          {
1912              $captcha = $login_captcha->html;
1913          }
1914      }
1915  
1916      $username = "";
1917      $password = "";
1918      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1919      {
1920          $username = htmlspecialchars_uni($mybb->get_input('username'));
1921      }
1922  
1923      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1924      {
1925          $password = htmlspecialchars_uni($mybb->get_input('password'));
1926      }
1927  
1928      if(!empty($errors))
1929      {
1930          $mybb->input['action'] = "login";
1931          $mybb->request_method = "get";
1932  
1933          $inline_errors = inline_error($errors);
1934      }
1935  
1936      switch($mybb->settings['username_method'])
1937      {
1938          case 1:
1939              $lang->username = $lang->username1;
1940              break;
1941          case 2:
1942              $lang->username = $lang->username2;
1943              break;
1944          default:
1945              break;
1946      }
1947  
1948      $plugins->run_hooks("member_login_end");
1949  
1950      eval("\$login = \"".$templates->get("member_login")."\";");
1951      output_page($login);
1952  }
1953  
1954  if($mybb->input['action'] == "logout")
1955  {
1956      $plugins->run_hooks("member_logout_start");
1957  
1958      if(!$mybb->user['uid'])
1959      {
1960          redirect("index.php", $lang->redirect_alreadyloggedout);
1961      }
1962  
1963      // Check session ID if we have one
1964      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
1965      {
1966          error($lang->error_notloggedout);
1967      }
1968      // Otherwise, check logoutkey
1969      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
1970      {
1971          error($lang->error_notloggedout);
1972      }
1973  
1974      my_unsetcookie("mybbuser");
1975      my_unsetcookie("sid");
1976  
1977      if($mybb->user['uid'])
1978      {
1979          $time = TIME_NOW;
1980          // Run this after the shutdown query from session system
1981          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
1982          $db->delete_query("sessions", "sid = '{$session->sid}'");
1983      }
1984  
1985      $plugins->run_hooks("member_logout_end");
1986  
1987      redirect("index.php", $lang->redirect_loggedout);
1988  }
1989  
1990  if($mybb->input['action'] == "viewnotes")
1991  {
1992      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1993      $user = get_user($uid);
1994  
1995      // Make sure we are looking at a real user here.
1996      if(!$user)
1997      {
1998          error($lang->error_nomember);
1999      }
2000  
2001      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
2002      {
2003          error_no_permission();
2004      }
2005  
2006      $user['username'] = htmlspecialchars_uni($user['username']);
2007      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
2008  
2009      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
2010  
2011      $plugins->run_hooks('member_viewnotes');
2012  
2013      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2014      echo $viewnotes;
2015      exit;
2016  }
2017  
2018  if($mybb->input['action'] == "profile")
2019  {
2020      if($mybb->usergroup['canviewprofiles'] == 0)
2021      {
2022          error_no_permission();
2023      }
2024  
2025      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2026      if($uid)
2027      {
2028          $memprofile = get_user($uid);
2029      }
2030      elseif($mybb->user['uid'])
2031      {
2032          $memprofile = $mybb->user;
2033      }
2034      else
2035      {
2036          $memprofile = false;
2037      }
2038  
2039      if(!$memprofile)
2040      {
2041          error($lang->error_nomember);
2042      }
2043  
2044      $uid = $memprofile['uid'];
2045  
2046      $plugins->run_hooks("member_profile_start");
2047  
2048      $me_username = $memprofile['username'];
2049      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2050      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2051  
2052      // Get member's permissions
2053      $memperms = user_permissions($memprofile['uid']);
2054  
2055      // Set display group
2056      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2057  
2058      if(!$memprofile['displaygroup'])
2059      {
2060          $memprofile['displaygroup'] = $memprofile['usergroup'];
2061      }
2062  
2063      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2064      if(is_array($displaygroup))
2065      {
2066          $memperms = array_merge($memperms, $displaygroup);
2067      }
2068  
2069      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2070      add_breadcrumb($lang->nav_profile);
2071  
2072      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2073      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2074      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2075      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2076      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2077      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2078      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2079  
2080      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2081      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2082  
2083      $website = $sendemail = $sendpm = $contact_details = '';
2084  
2085      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2086      {
2087          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2088          $bgcolor = alt_trow();
2089          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2090      }
2091  
2092      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2093      {
2094          $bgcolor = alt_trow();
2095          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2096      }
2097  
2098      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2099      {
2100          $bgcolor = alt_trow();
2101          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2102      }
2103  
2104      $contact_fields = array();
2105      $any_contact_field = false;
2106      foreach(array('icq', 'skype', 'google') as $field)
2107      {
2108          $contact_fields[$field] = '';
2109          $settingkey = 'allow'.$field.'field';
2110  
2111          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2112          {
2113              $any_contact_field = true;
2114  
2115              if($field == 'icq')
2116              {
2117                  $memprofile[$field] = (int)$memprofile[$field];
2118              }
2119              else
2120              {
2121                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2122              }
2123              $tmpl = 'member_profile_contact_fields_'.$field;
2124  
2125              $bgcolors[$field] = alt_trow();
2126              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2127          }
2128      }
2129  
2130      if($any_contact_field || $sendemail || $sendpm || $website)
2131      {
2132          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2133      }
2134  
2135      $signature = '';
2136      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2137      {
2138          $sig_parser = array(
2139              "allow_html" => $mybb->settings['sightml'],
2140              "allow_mycode" => $mybb->settings['sigmycode'],
2141              "allow_smilies" => $mybb->settings['sigsmilies'],
2142              "allow_imgcode" => $mybb->settings['sigimgcode'],
2143              "me_username" => $me_username,
2144              "filter_badwords" => 1
2145          );
2146  
2147          if($memperms['signofollow'])
2148          {
2149              $sig_parser['nofollow_on'] = 1;
2150          }
2151  
2152          if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2153          {
2154              $sig_parser['allow_imgcode'] = 0;
2155          }
2156  
2157          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2158          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2159      }
2160  
2161      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2162  
2163      if($daysreg < 1)
2164      {
2165          $daysreg = 1;
2166      }
2167  
2168      $stats = $cache->read("stats");
2169  
2170      // Format post count, per day count and percent of total
2171      $ppd = $memprofile['postnum'] / $daysreg;
2172      $ppd = round($ppd, 2);
2173      if($ppd > $memprofile['postnum'])
2174      {
2175          $ppd = $memprofile['postnum'];
2176      }
2177  
2178      $numposts = $stats['numposts'];
2179      if($numposts == 0)
2180      {
2181          $post_percent = "0";
2182      }
2183      else
2184      {
2185          $post_percent = $memprofile['postnum']*100/$numposts;
2186          $post_percent = round($post_percent, 2);
2187      }
2188  
2189      if($post_percent > 100)
2190      {
2191          $post_percent = 100;
2192      }
2193  
2194      // Format thread count, per day count and percent of total
2195      $tpd = $memprofile['threadnum'] / $daysreg;
2196      $tpd = round($tpd, 2);
2197      if($tpd > $memprofile['threadnum'])
2198      {
2199          $tpd = $memprofile['threadnum'];
2200      }
2201  
2202      $numthreads = $stats['numthreads'];
2203      if($numthreads == 0)
2204      {
2205          $thread_percent = "0";
2206      }
2207      else
2208      {
2209          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2210          $thread_percent = round($thread_percent, 2);
2211      }
2212  
2213      if($thread_percent > 100)
2214      {
2215          $thread_percent = 100;
2216      }
2217  
2218      $findposts = $findthreads = '';
2219      if($mybb->usergroup['cansearch'] == 1)
2220      {
2221          if(!empty($memprofile['postnum']))
2222          {
2223              eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2224          }
2225          if(!empty($memprofile['threadnum']))
2226          {
2227              eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2228          }
2229      }
2230  
2231      $awaybit = '';
2232      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2233      {
2234          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2235          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2236          if(!empty($memprofile['awayreason']))
2237          {
2238              $reason = $parser->parse_badwords($memprofile['awayreason']);
2239              $awayreason = htmlspecialchars_uni($reason);
2240          }
2241          else
2242          {
2243              $awayreason = $lang->away_no_reason;
2244          }
2245          if($memprofile['returndate'] == '')
2246          {
2247              $returndate = "$lang->unknown";
2248          }
2249          else
2250          {
2251              $returnhome = explode("-", $memprofile['returndate']);
2252  
2253              // PHP native date functions use integers so timestamps for years after 2038 will not work
2254              // Thus we use adodb_mktime
2255              if($returnhome[2] >= 2038)
2256              {
2257                  require_once  MYBB_ROOT."inc/functions_time.php";
2258                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2259                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2260              }
2261              else
2262              {
2263                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2264                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2265              }
2266  
2267              // If our away time has expired already, we should be back, right?
2268              if($returnmkdate < TIME_NOW)
2269              {
2270                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2271  
2272                  // Update our status to "not away"
2273                  $memprofile['away'] = 0;
2274              }
2275          }
2276  
2277          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2278          if($memprofile['away'] == 1)
2279          {
2280              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2281          }
2282      }
2283  
2284      $memprofile['timezone'] = (float)$memprofile['timezone'];
2285  
2286      if($memprofile['dst'] == 1)
2287      {
2288          $memprofile['timezone']++;
2289          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2290          {
2291              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2292          }
2293      }
2294  
2295      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2296      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2297      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2298  
2299      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2300  
2301      if($memprofile['birthday'])
2302      {
2303          $membday = explode("-", $memprofile['birthday']);
2304  
2305          if($memprofile['birthdayprivacy'] != 'none')
2306          {
2307              if($membday[0] && $membday[1] && $membday[2])
2308              {
2309                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2310  
2311                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2312                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2313                  $membday = date($bdayformat, $membday);
2314  
2315                  $membdayage = $lang->membdayage;
2316              }
2317              elseif($membday[2])
2318              {
2319                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2320                  $membday = date("Y", $membday);
2321                  $membdayage = '';
2322              }
2323              else
2324              {
2325                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2326                  $membday = date("F j", $membday);
2327                  $membdayage = '';
2328              }
2329          }
2330  
2331          if($memprofile['birthdayprivacy'] == 'age')
2332          {
2333              $membday = $lang->birthdayhidden;
2334          }
2335          else if($memprofile['birthdayprivacy'] == 'none')
2336          {
2337              $membday = $lang->birthdayhidden;
2338              $membdayage = '';
2339          }
2340      }
2341      else
2342      {
2343          $membday = $lang->not_specified;
2344          $membdayage = '';
2345      }
2346  
2347      // Get the user title for this user
2348      unset($usertitle);
2349      unset($stars);
2350      $starimage = '';
2351      if(trim($memprofile['usertitle']) != '')
2352      {
2353          // User has custom user title
2354          $usertitle = $memprofile['usertitle'];
2355      }
2356      elseif(trim($memperms['usertitle']) != '')
2357      {
2358          // User has group title
2359          $usertitle = $memperms['usertitle'];
2360      }
2361      else
2362      {
2363          // No usergroup title so get a default one
2364          $usertitles = $cache->read('usertitles');
2365  
2366          if(is_array($usertitles))
2367          {
2368              foreach($usertitles as $title)
2369              {
2370                  if($memprofile['postnum'] >= $title['posts'])
2371                  {
2372                      $usertitle = $title['title'];
2373                      $stars = $title['stars'];
2374                      $starimage = $title['starimage'];
2375  
2376                      break;
2377                  }
2378              }
2379          }
2380      }
2381  
2382      $usertitle = htmlspecialchars_uni($usertitle);
2383  
2384      if($memperms['stars'] || $memperms['usertitle'])
2385      {
2386          // Set the number of stars if display group has constant number of stars
2387          $stars = $memperms['stars'];
2388      }
2389      elseif(!$stars)
2390      {
2391          if(!is_array($usertitles))
2392          {
2393              $usertitles = $cache->read('usertitles');
2394          }
2395  
2396          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2397          if(is_array($usertitles))
2398          {
2399              foreach($usertitles as $title)
2400              {
2401                  if($memprofile['postnum'] >= $title['posts'])
2402                  {
2403                      $stars = $title['stars'];
2404                      $starimage = $title['starimage'];
2405                      break;
2406                  }
2407              }
2408          }
2409      }
2410  
2411      $groupimage = '';
2412      if(!empty($memperms['image']))
2413      {
2414          if(!empty($mybb->user['language']))
2415          {
2416              $language = $mybb->user['language'];
2417          }
2418          else
2419          {
2420              $language = $mybb->settings['bblanguage'];
2421          }
2422          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2423          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2424          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2425      }
2426  
2427      if(empty($starimage))
2428      {
2429          $starimage = $memperms['starimage'];
2430      }
2431  
2432      if(!empty($starimage))
2433      {
2434          // Only display stars if we have an image to use...
2435          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2436          $userstars = '';
2437          for($i = 0; $i < $stars; ++$i)
2438          {
2439              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2440          }
2441      }
2442  
2443      // User is currently online and this user has permissions to view the user on the WOL
2444      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2445      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2446      $session = $db->fetch_array($query);
2447  
2448      $timeonline = $lang->none_registered;
2449      $memlastvisitdate = $lang->lastvisit_never;
2450      $last_seen = max(array($memprofile['lastactive'], $memprofile['lastvisit']));
2451      if(!empty($last_seen))
2452      {
2453          // We have some stamp here
2454          if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2455          {
2456              $memlastvisitdate = $lang->lastvisit_hidden;
2457              $online_status = $timeonline = $lang->timeonline_hidden;
2458          }
2459          else
2460          {
2461              $memlastvisitdate = my_date('relative', $last_seen);
2462  
2463              if($memprofile['timeonline'] > 0)
2464              {
2465                  $timeonline = nice_time($memprofile['timeonline']);
2466              }
2467  
2468              // Online?
2469              if(!empty($session))
2470              {
2471                  // Fetch their current location
2472                  $lang->load("online");
2473                  require_once  MYBB_ROOT."inc/functions_online.php";
2474                  $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2475                  $location = build_friendly_wol_location($activity);
2476                  $location_time = my_date($mybb->settings['timeformat'], $last_seen);
2477  
2478                  eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2479              }
2480          }
2481      }
2482  
2483      if(!isset($online_status))
2484      {
2485          eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2486      }
2487  
2488      // Reset the background colours to keep it inline
2489      $alttrow = 'trow1';
2490  
2491      // Build Referral
2492      $referrals = '';
2493      if($mybb->settings['usereferrals'] == 1)
2494      {
2495          $bg_color = alt_trow();
2496  
2497          $uid = (int) $memprofile['uid'];
2498          $referral_count = $memprofile['referrals'];
2499          if ($referral_count > 0) {
2500              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2501          }
2502  
2503          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2504      }
2505  
2506      // Fetch the reputation for this user
2507      $reputation = '';
2508      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2509      {
2510          $bg_color = alt_trow();
2511          $reputation = get_reputation($memprofile['reputation']);
2512  
2513          // If this user has permission to give reputations show the vote link
2514          $vote_link = '';
2515          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2516          {
2517              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2518          }
2519  
2520          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2521      }
2522  
2523      $warning_level = '';
2524      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2525      {
2526          $bg_color = alt_trow();
2527  
2528          if($mybb->settings['maxwarningpoints'] < 1)
2529          {
2530              $mybb->settings['maxwarningpoints'] = 10;
2531          }
2532  
2533          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2534  
2535          if($warning_level > 100)
2536          {
2537              $warning_level = 100;
2538          }
2539  
2540          $warning_level = get_colored_warning_level($warning_level);
2541          if($mybb->usergroup['canwarnusers'] != 0)
2542          {
2543              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2544              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel_link")."\";");
2545          }
2546          else
2547          {
2548              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2549          }
2550      }
2551  
2552      $bgcolor = $alttrow = 'trow1';
2553      $customfields = $profilefields = '';
2554  
2555      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2556      $userfields = $db->fetch_array($query);
2557  
2558      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2559      $pfcache = $cache->read('profilefields');
2560  
2561      if(is_array($pfcache))
2562      {
2563          foreach($pfcache as $customfield)
2564          {
2565              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2566              {
2567                  continue;
2568              }
2569  
2570              $thing = explode("\n", $customfield['type'], "2");
2571              $type = trim($thing[0]);
2572  
2573              $customfieldval = $customfield_val = '';
2574              $field = "fid{$customfield['fid']}";
2575  
2576              if(isset($userfields[$field]))
2577              {
2578                  $useropts = explode("\n", $userfields[$field]);
2579                  $customfieldval = $comma = '';
2580                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2581                  {
2582                      foreach($useropts as $val)
2583                      {
2584                          if($val != '')
2585                          {
2586                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2587                          }
2588                      }
2589                      if($customfield_val != '')
2590                      {
2591                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2592                      }
2593                  }
2594                  else
2595                  {
2596                      $parser_options = array(
2597                          "allow_html" => $customfield['allowhtml'],
2598                          "allow_mycode" => $customfield['allowmycode'],
2599                          "allow_smilies" => $customfield['allowsmilies'],
2600                          "allow_imgcode" => $customfield['allowimgcode'],
2601                          "allow_videocode" => $customfield['allowvideocode'],
2602                          #"nofollow_on" => 1,
2603                          "filter_badwords" => 1
2604                      );
2605  
2606                      if($customfield['type'] == "textarea")
2607                      {
2608                          $parser_options['me_username'] = $memprofile['username'];
2609                      }
2610                      else
2611                      {
2612                          $parser_options['nl2br'] = 0;
2613                      }
2614  
2615                      if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2616                      {
2617                          $parser_options['allow_imgcode'] = 0;
2618                      }
2619  
2620                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2621                  }
2622              }
2623  
2624              if($customfieldval)
2625              {
2626                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2627                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2628                  $bgcolor = alt_trow();
2629              }
2630          }
2631      }
2632  
2633      if($customfields)
2634      {
2635          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2636      }
2637  
2638      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2639      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2640  
2641      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2642      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2643  
2644      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2645  
2646      $bannedbit = '';
2647      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2648      {
2649          // Fetch details on their ban
2650          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2651          $memban = $db->fetch_array($query);
2652  
2653          if($memban['reason'])
2654          {
2655              $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2656          }
2657          else
2658          {
2659              $memban['reason'] = $lang->na;
2660          }
2661  
2662          if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2663          {
2664              $banlength = $lang->permanent;
2665              $timeremaining = $lang->na;
2666              $banned_class = "normal_banned";
2667          }
2668          else
2669          {
2670              // Set up the array of ban times.
2671              $bantimes = fetch_ban_times();
2672  
2673              $banlength = $bantimes[$memban['bantime']];
2674              $remaining = $memban['lifted']-TIME_NOW;
2675  
2676              $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2677  
2678              $banned_class = '';
2679              if($remaining < 3600)
2680              {
2681                  $banned_class = "high_banned";
2682              }
2683              else if($remaining < 86400)
2684              {
2685                  $banned_class = "moderate_banned";
2686              }
2687              else if($remaining < 604800)
2688              {
2689                  $banned_class = "low_banned";
2690              }
2691              else
2692              {
2693                  $banned_class = "normal_banned";
2694              }
2695          }
2696          eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2697  
2698          $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2699  
2700          // Display a nice warning to the user
2701          eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2702      }
2703  
2704      $adminoptions = '';
2705      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2706      {
2707          if($memperms['isbannedgroup'] == 1)
2708          {
2709              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions_manageban")."\";");
2710          }
2711          else
2712          {
2713              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2714          }
2715      }
2716  
2717      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2718      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2719      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2720      {
2721          if($mybb->usergroup['canuseipsearch'] == 1)
2722          {
2723              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2724              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2725  
2726              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2727          }
2728  
2729          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2730  
2731          if(!empty($memprofile['usernotes']))
2732          {
2733              if(strlen($memprofile['usernotes']) > 100)
2734              {
2735                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2736                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2737              }
2738          }
2739          else
2740          {
2741              $memprofile['usernotes'] = $lang->no_usernotes;
2742          }
2743  
2744          if($mybb->usergroup['caneditprofiles'] == 1 && modcp_can_manage_user($memprofile['uid']))
2745          {
2746              if(modcp_can_manage_user($memprofile['uid']))
2747              {
2748                  eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2749                  eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2750          
2751              }
2752          }
2753  
2754          if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1 && modcp_can_manage_user($memprofile['uid']))
2755          {
2756              eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2757          }
2758          elseif(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2759          {
2760              if(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2761              {
2762                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2763              }
2764          }
2765  
2766          $purgespammer = '';
2767          if($can_purge_spammer)
2768          {
2769              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2770          }
2771  
2772          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2773          {
2774              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2775          }
2776  
2777          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2778      }
2779  
2780      $add_remove_options = array();
2781      $buddy_options = $ignore_options = $report_options = '';
2782      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2783      {
2784          $buddy_list = explode(',', $mybb->user['buddylist']);
2785          $ignore_list = explode(',', $mybb->user['ignorelist']);
2786  
2787          if(in_array($uid, $buddy_list))
2788          {
2789              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2790          }
2791          else
2792          {
2793              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2794          }
2795  
2796          if(!in_array($uid, $ignore_list))
2797          {
2798              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2799          }
2800  
2801          if(in_array($uid, $ignore_list))
2802          {
2803              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2804          }
2805          else
2806          {
2807              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2808          }
2809  
2810          if(!in_array($uid, $buddy_list))
2811          {
2812              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2813          }
2814  
2815          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2816          {
2817              $reportable = true;
2818              $query = $db->simple_select("reportedcontent", "reporters", "reportstatus != '1' AND id = '{$memprofile['uid']}' AND type = 'profile'");
2819              if($db->num_rows($query))
2820              {
2821                  $report = $db->fetch_array($query);
2822                  $report['reporters'] = my_unserialize($report['reporters']);
2823                  if(is_array($report['reporters']) && in_array($mybb->user['uid'], $report['reporters']))
2824                  {
2825                      $reportable = false;
2826                  }
2827              }
2828              if($reportable)
2829              {
2830                  $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2831                  eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2832              }
2833          }
2834      }
2835  
2836      $plugins->run_hooks("member_profile_end");
2837  
2838      eval("\$profile = \"".$templates->get("member_profile")."\";");
2839      output_page($profile);
2840  }
2841  
2842  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2843  {
2844      // Verify incoming POST request
2845      verify_post_check($mybb->get_input('my_post_key'));
2846  
2847      $plugins->run_hooks("member_do_emailuser_start");
2848  
2849      // Guests or those without permission can't email other users
2850      if($mybb->usergroup['cansendemail'] == 0)
2851      {
2852          error_no_permission();
2853      }
2854  
2855      // Check group limits
2856      if($mybb->usergroup['maxemails'] > 0)
2857      {
2858          if($mybb->user['uid'] > 0)
2859          {
2860              $user_check = "fromuid='{$mybb->user['uid']}'";
2861          }
2862          else
2863          {
2864              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2865          }
2866  
2867          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2868          $sent_count = $db->fetch_field($query, "sent_count");
2869          if($sent_count >= $mybb->usergroup['maxemails'])
2870          {
2871              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2872              error($lang->error_max_emails_day);
2873          }
2874      }
2875  
2876      // Check email flood control
2877      if($mybb->usergroup['emailfloodtime'] > 0)
2878      {
2879          if($mybb->user['uid'] > 0)
2880          {
2881              $user_check = "fromuid='{$mybb->user['uid']}'";
2882          }
2883          else
2884          {
2885              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2886          }
2887  
2888          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2889  
2890          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2891          $last_email = $db->fetch_array($query);
2892  
2893          // Users last email was within the flood time, show the error
2894          if($last_email['mid'])
2895          {
2896              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2897  
2898              if($remaining_time == 1)
2899              {
2900                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2901              }
2902              elseif($remaining_time < 60)
2903              {
2904                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2905              }
2906              elseif($remaining_time > 60 && $remaining_time < 120)
2907              {
2908                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2909              }
2910              else
2911              {
2912                  $remaining_time_minutes = ceil($remaining_time/60);
2913                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2914              }
2915  
2916              error($lang->error_emailflooding);
2917          }
2918      }
2919  
2920      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2921      $to_user = $db->fetch_array($query);
2922  
2923      if(!$to_user['username'])
2924      {
2925          error($lang->error_invalidusername);
2926      }
2927  
2928      if($to_user['hideemail'] != 0)
2929      {
2930          error($lang->error_hideemail);
2931      }
2932  
2933      $errors = array();
2934  
2935      if($mybb->user['uid'])
2936      {
2937          $mybb->input['fromemail'] = $mybb->user['email'];
2938          $mybb->input['fromname'] = $mybb->user['username'];
2939      }
2940  
2941      if(!validate_email_format($mybb->input['fromemail']))
2942      {
2943          $errors[] = $lang->error_invalidfromemail;
2944      }
2945  
2946      if(empty($mybb->input['fromname']))
2947      {
2948          $errors[] = $lang->error_noname;
2949      }
2950  
2951      if(empty($mybb->input['subject']))
2952      {
2953          $errors[] = $lang->error_no_email_subject;
2954      }
2955  
2956      if(empty($mybb->input['message']))
2957      {
2958          $errors[] = $lang->error_no_email_message;
2959      }
2960  
2961      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2962      {
2963          require_once  MYBB_ROOT.'inc/class_captcha.php';
2964          $captcha = new captcha;
2965  
2966          if($captcha->validate_captcha() == false)
2967          {
2968              // CAPTCHA validation failed
2969              foreach($captcha->get_errors() as $error)
2970              {
2971                  $errors[] = $error;
2972              }
2973          }
2974      }
2975  
2976      if(count($errors) == 0)
2977      {
2978          if($mybb->settings['mail_handler'] == 'smtp')
2979          {
2980              $from = $mybb->input['fromemail'];
2981          }
2982          else
2983          {
2984              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
2985          }
2986  
2987          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
2988          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
2989  
2990          if($mybb->settings['mail_logging'] > 0)
2991          {
2992              // Log the message
2993              $log_entry = array(
2994                  "subject" => $db->escape_string($mybb->get_input('subject')),
2995                  "message" => $db->escape_string($mybb->get_input('message')),
2996                  "dateline" => TIME_NOW,
2997                  "fromuid" => $mybb->user['uid'],
2998                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
2999                  "touid" => $to_user['uid'],
3000                  "toemail" => $db->escape_string($to_user['email']),
3001                  "tid" => 0,
3002                  "ipaddress" => $db->escape_binary($session->packedip),
3003                  "type" => 1
3004              );
3005              $db->insert_query("maillogs", $log_entry);
3006          }
3007  
3008          $plugins->run_hooks("member_do_emailuser_end");
3009  
3010          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
3011      }
3012      else
3013      {
3014          $mybb->input['action'] = "emailuser";
3015      }
3016  }
3017  
3018  if($mybb->input['action'] == "emailuser")
3019  {
3020      $plugins->run_hooks("member_emailuser_start");
3021  
3022      // Guests or those without permission can't email other users
3023      if($mybb->usergroup['cansendemail'] == 0)
3024      {
3025          error_no_permission();
3026      }
3027  
3028      // Check group limits
3029      if($mybb->usergroup['maxemails'] > 0)
3030      {
3031          if($mybb->user['uid'] > 0)
3032          {
3033              $user_check = "fromuid='{$mybb->user['uid']}'";
3034          }
3035          else
3036          {
3037              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3038          }
3039  
3040          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3041          $sent_count = $db->fetch_field($query, "sent_count");
3042          if($sent_count >= $mybb->usergroup['maxemails'])
3043          {
3044              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3045              error($lang->error_max_emails_day);
3046          }
3047      }
3048  
3049      // Check email flood control
3050      if($mybb->usergroup['emailfloodtime'] > 0)
3051      {
3052          if($mybb->user['uid'] > 0)
3053          {
3054              $user_check = "fromuid='{$mybb->user['uid']}'";
3055          }
3056          else
3057          {
3058              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3059          }
3060  
3061          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3062  
3063          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3064          $last_email = $db->fetch_array($query);
3065  
3066          // Users last email was within the flood time, show the error
3067          if($last_email['mid'])
3068          {
3069              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3070  
3071              if($remaining_time == 1)
3072              {
3073                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3074              }
3075              elseif($remaining_time < 60)
3076              {
3077                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3078              }
3079              elseif($remaining_time > 60 && $remaining_time < 120)
3080              {
3081                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3082              }
3083              else
3084              {
3085                  $remaining_time_minutes = ceil($remaining_time/60);
3086                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3087              }
3088  
3089              error($lang->error_emailflooding);
3090          }
3091      }
3092  
3093      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3094      $to_user = $db->fetch_array($query);
3095  
3096      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3097      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3098  
3099      if(!$to_user['uid'])
3100      {
3101          error($lang->error_invaliduser);
3102      }
3103  
3104      if($to_user['hideemail'] != 0)
3105      {
3106          error($lang->error_hideemail);
3107      }
3108  
3109      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3110      {
3111          error_no_permission();
3112      }
3113  
3114      if(isset($errors) && count($errors) > 0)
3115      {
3116          $errors = inline_error($errors);
3117          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3118          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3119          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3120          $message = htmlspecialchars_uni($mybb->get_input('message'));
3121      }
3122      else
3123      {
3124          $errors = '';
3125          $fromname = '';
3126          $fromemail = '';
3127          $subject = '';
3128          $message = '';
3129      }
3130  
3131      // Generate CAPTCHA?
3132      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3133      {
3134          require_once  MYBB_ROOT.'inc/class_captcha.php';
3135          $post_captcha = new captcha(true, "post_captcha");
3136  
3137          if($post_captcha->html)
3138          {
3139              $captcha = $post_captcha->html;
3140          }
3141      }
3142      else
3143      {
3144          $captcha = '';
3145      }
3146  
3147      $from_email = '';
3148      if($mybb->user['uid'] == 0)
3149      {
3150          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3151      }
3152  
3153      $plugins->run_hooks("member_emailuser_end");
3154  
3155      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3156      output_page($emailuser);
3157  }
3158  
3159  if($mybb->input['action'] == 'referrals')
3160  {
3161      $plugins->run_hooks('member_referrals_start');
3162  
3163      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3164      if(!$uid)
3165      {
3166          error($lang->referrals_no_user_specified);
3167      }
3168  
3169      $user = get_user($uid);
3170      if(!$user['$uid'])
3171      {
3172          error($lang->referrals_invalid_user);
3173      }
3174  
3175      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3176      add_breadcrumb($lang->nav_referrals);
3177  
3178      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3179      $referral_count = $db->fetch_field($query, 'total');
3180  
3181      $bg_color = 'trow1';
3182  
3183      if($referral_count == 0)
3184      {
3185          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3186      }
3187      else
3188      {
3189          // Figure out if we need to display multiple pages.
3190          $perpage = 20;
3191          if ((int) $mybb->settings['referralsperpage']) {
3192              $perpage = (int) $mybb->settings['referralsperpage'];
3193          }
3194  
3195          $page = 1;
3196          if($mybb->get_input('page', MyBB::INPUT_INT))
3197          {
3198              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3199          }
3200  
3201          $pages = ceil($referral_count / $perpage);
3202  
3203          if($page > $pages || $page <= 0)
3204          {
3205              $page = 1;
3206          }
3207  
3208          if($page)
3209          {
3210              $start = ($page-1) * $perpage;
3211          }
3212          else
3213          {
3214              $start = 0;
3215              $page = 1;
3216          }
3217  
3218          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3219  
3220          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3221          {
3222              // Format user name link
3223              $username = htmlspecialchars_uni($referral['username']);
3224              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3225              $username = build_profile_link($username, $referral['uid']);
3226  
3227              $regdate = my_date('normal', $referral['regdate']);
3228  
3229              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3230  
3231              $bg_color = alt_trow();
3232          }
3233      }
3234  
3235      $plugins->run_hooks('member_referrals_end');
3236  
3237      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3238      output_page($referrals);
3239  }
3240  
3241  if(!$mybb->input['action'])
3242  {
3243      header("Location: index.php");
3244  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref