[ Index ]

PHP Cross Reference of MyBB 1.8.37

title

Body

[close]

/ -> member.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  define("IN_MYBB", 1);
  12  define("IGNORE_CLEAN_VARS", "sid");
  13  define('THIS_SCRIPT', 'member.php');
  14  define("ALLOWABLE_PAGE", "register,do_register,login,do_login,logout,lostpw,do_lostpw,activate,resendactivation,do_resendactivation,resetpassword,viewnotes");
  15  
  16  $nosession['avatar'] = 1;
  17  
  18  $templatelist = "member_register,member_register_hiddencaptcha,member_register_coppa,member_register_agreement_coppa,member_register_agreement,member_register_customfield,member_register_requiredfields,member_profile_findthreads";
  19  $templatelist .= ",member_loggedin_notice,member_profile_away,member_register_regimage,member_register_regimage_recaptcha_invisible,member_register_regimage_nocaptcha,post_captcha_hcaptcha_invisible,post_captcha_hcaptcha,post_captcha_hidden,post_captcha,member_register_referrer";
  20  $templatelist .= ",member_profile_email,member_profile_offline,member_profile_reputation,member_profile_warn,member_profile_warninglevel,member_profile_warninglevel_link,member_profile_customfields_field,member_profile_customfields,member_profile_adminoptions_manageban,member_profile_adminoptions,member_profile";
  21  $templatelist .= ",member_profile_signature,member_profile_avatar,member_profile_groupimage,member_referrals_link,member_profile_referrals,member_profile_website,member_profile_reputation_vote,member_activate,member_lostpw,member_register_additionalfields";
  22  $templatelist .= ",member_profile_modoptions_manageuser,member_profile_modoptions_editprofile,member_profile_modoptions_banuser,member_profile_modoptions_viewnotes,member_profile_modoptions_editnotes,member_profile_modoptions_purgespammer";
  23  $templatelist .= ",usercp_profile_profilefields_select_option,usercp_profile_profilefields_multiselect,usercp_profile_profilefields_select,usercp_profile_profilefields_textarea,usercp_profile_profilefields_radio,member_viewnotes";
  24  $templatelist .= ",member_register_question,member_register_question_refresh,usercp_options_timezone,usercp_options_timezone_option,usercp_options_language_option,member_profile_customfields_field_multi_item,member_profile_customfields_field_multi";
  25  $templatelist .= ",member_profile_contact_fields_google,member_profile_contact_fields_icq,member_profile_contact_fields_skype,member_profile_pm,member_profile_contact_details,member_profile_modoptions_manageban";
  26  $templatelist .= ",member_profile_banned_remaining,member_profile_addremove,member_emailuser_guest,member_register_day,usercp_options_tppselect_option,postbit_warninglevel_formatted,member_profile_userstar,member_profile_findposts";
  27  $templatelist .= ",usercp_options_tppselect,usercp_options_pppselect,member_resetpassword,member_login,member_profile_online,usercp_options_pppselect_option,postbit_reputation_formatted,member_emailuser,usercp_profile_profilefields_text";
  28  $templatelist .= ",member_profile_modoptions_ipaddress,member_profile_modoptions,member_profile_banned,member_register_language,member_resendactivation,usercp_profile_profilefields_checkbox,member_register_password,member_coppa_form";
  29  
  30  require_once  "./global.php";
  31  require_once  MYBB_ROOT."inc/functions_post.php";
  32  require_once  MYBB_ROOT."inc/functions_user.php";
  33  require_once  MYBB_ROOT."inc/class_parser.php";
  34  require_once  MYBB_ROOT."inc/functions_modcp.php";
  35  $parser = new postParser;
  36  
  37  // Load global language phrases
  38  $lang->load("member");
  39  
  40  $mybb->input['action'] = $mybb->get_input('action');
  41  
  42  // Make navigation
  43  switch($mybb->input['action'])
  44  {
  45      case "register":
  46      case "do_register":
  47          add_breadcrumb($lang->nav_register);
  48          break;
  49      case "activate":
  50          add_breadcrumb($lang->nav_activate);
  51          break;
  52      case "resendactivation":
  53          add_breadcrumb($lang->nav_resendactivation);
  54          break;
  55      case "lostpw":
  56          add_breadcrumb($lang->nav_lostpw);
  57          break;
  58      case "resetpassword":
  59          add_breadcrumb($lang->nav_resetpassword);
  60          break;
  61      case "login":
  62          add_breadcrumb($lang->nav_login);
  63          break;
  64      case "emailuser":
  65          add_breadcrumb($lang->nav_emailuser);
  66          break;
  67  }
  68  
  69  if(($mybb->input['action'] == "register" || $mybb->input['action'] == "do_register") && $mybb->usergroup['cancp'] != 1)
  70  {
  71      if($mybb->settings['disableregs'] == 1)
  72      {
  73          error($lang->registrations_disabled);
  74      }
  75      if($mybb->user['uid'] != 0)
  76      {
  77          error($lang->error_alreadyregistered);
  78      }
  79      if($mybb->settings['betweenregstime'] && $mybb->settings['maxregsbetweentime'])
  80      {
  81          $time = TIME_NOW;
  82          $datecut = $time-(60*60*$mybb->settings['betweenregstime']);
  83          $query = $db->simple_select("users", "*", "regip=".$db->escape_binary($session->packedip)." AND regdate > '$datecut'");
  84          $regcount = $db->num_rows($query);
  85          if($regcount >= $mybb->settings['maxregsbetweentime'])
  86          {
  87              $lang->error_alreadyregisteredtime = $lang->sprintf($lang->error_alreadyregisteredtime, $regcount, $mybb->settings['betweenregstime']);
  88              error($lang->error_alreadyregisteredtime);
  89          }
  90      }
  91  }
  92  
  93  $fromreg = 0;
  94  if($mybb->input['action'] == "do_register" && $mybb->request_method == "post")
  95  {
  96      $plugins->run_hooks("member_do_register_start");
  97  
  98      // Are checking how long it takes for users to register?
  99      if($mybb->settings['regtime'] > 0)
 100      {
 101          // Is the field actually set?
 102          if(isset($mybb->input['regtime']))
 103          {
 104              // Check how long it took for this person to register
 105              $timetook = TIME_NOW - $mybb->get_input('regtime', MyBB::INPUT_INT);
 106  
 107              // See if they registered faster than normal
 108              if($timetook < $mybb->settings['regtime'])
 109              {
 110                  // This user registered pretty quickly, bot detected!
 111                  $lang->error_spam_deny_time = $lang->sprintf($lang->error_spam_deny_time, $mybb->settings['regtime'], $timetook);
 112                  error($lang->error_spam_deny_time);
 113              }
 114          }
 115          else
 116          {
 117              error($lang->error_spam_deny);
 118          }
 119      }
 120  
 121      // If we have hidden CATPCHA enabled and it's filled, deny registration
 122      if($mybb->settings['hiddencaptchaimage'])
 123      {
 124          $string = $mybb->settings['hiddencaptchaimagefield'];
 125  
 126          if(!empty($mybb->input[$string]))
 127          {
 128              error($lang->error_spam_deny);
 129          }
 130      }
 131  
 132      if($mybb->settings['regtype'] == "randompass")
 133      {
 134  
 135          $password_length = (int)$mybb->settings['minpasswordlength'];
 136          if($password_length < 8)
 137          {
 138              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
 139          }
 140  
 141          $mybb->input['password'] = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
 142          $mybb->input['password2'] = $mybb->input['password'];
 143      }
 144  
 145      if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 146      {
 147          $usergroup = 5;
 148      }
 149      else
 150      {
 151          $usergroup = 2;
 152      }
 153  
 154      // Set up user handler.
 155      require_once  MYBB_ROOT."inc/datahandlers/user.php";
 156      $userhandler = new UserDataHandler("insert");
 157  
 158      $coppauser = 0;
 159      if(isset($mybb->cookies['coppauser']))
 160      {
 161          $coppauser = (int)$mybb->cookies['coppauser'];
 162      }
 163  
 164      // Set the data for the new user.
 165      $user = array(
 166          "username" => $mybb->get_input('username'),
 167          "password" => $mybb->get_input('password'),
 168          "password2" => $mybb->get_input('password2'),
 169          "email" => $mybb->get_input('email'),
 170          "email2" => $mybb->get_input('email2'),
 171          "usergroup" => $usergroup,
 172          "referrer" => $mybb->get_input('referrername'),
 173          "timezone" => $mybb->get_input('timezoneoffset'),
 174          "language" => $mybb->get_input('language'),
 175          "profile_fields" => $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY),
 176          "regip" => $session->packedip,
 177          "coppa_user" => $coppauser,
 178          "regcheck1" => $mybb->get_input('regcheck1'),
 179          "regcheck2" => $mybb->get_input('regcheck2'),
 180          "registration" => true
 181      );
 182  
 183      // Do we have a saved COPPA DOB?
 184      if(isset($mybb->cookies['coppadob']))
 185      {
 186          list($dob_day, $dob_month, $dob_year) = explode("-", $mybb->cookies['coppadob']);
 187          $user['birthday'] = array(
 188              "day" => $dob_day,
 189              "month" => $dob_month,
 190              "year" => $dob_year
 191          );
 192      }
 193  
 194      $user['options'] = array(
 195          "allownotices" => $mybb->get_input('allownotices', MyBB::INPUT_INT),
 196          "hideemail" => $mybb->get_input('hideemail', MyBB::INPUT_INT),
 197          "subscriptionmethod" => $mybb->get_input('subscriptionmethod', MyBB::INPUT_INT),
 198          "receivepms" => $mybb->get_input('receivepms', MyBB::INPUT_INT),
 199          "pmnotice" => $mybb->get_input('pmnotice', MyBB::INPUT_INT),
 200          "pmnotify" => $mybb->get_input('pmnotify', MyBB::INPUT_INT),
 201          "invisible" => $mybb->get_input('invisible', MyBB::INPUT_INT),
 202          "dstcorrection" => $mybb->get_input('dstcorrection')
 203      );
 204  
 205      $userhandler->set_data($user);
 206  
 207      $errors = array();
 208  
 209      if(!$userhandler->validate_user())
 210      {
 211          $errors = $userhandler->get_friendly_errors();
 212      }
 213  
 214      if($mybb->settings['enablestopforumspam_on_register'])
 215      {
 216          require_once  MYBB_ROOT . '/inc/class_stopforumspamchecker.php';
 217  
 218          $stop_forum_spam_checker = new StopForumSpamChecker(
 219              $plugins,
 220              $mybb->settings['stopforumspam_min_weighting_before_spam'],
 221              $mybb->settings['stopforumspam_check_usernames'],
 222              $mybb->settings['stopforumspam_check_emails'],
 223              $mybb->settings['stopforumspam_check_ips'],
 224              $mybb->settings['stopforumspam_log_blocks']
 225          );
 226  
 227          try {
 228              if($stop_forum_spam_checker->is_user_a_spammer($user['username'], $user['email'], get_ip()))
 229              {
 230                  error($lang->sprintf($lang->error_stop_forum_spam_spammer,
 231                          $stop_forum_spam_checker->getErrorText(array(
 232                              'stopforumspam_check_usernames',
 233                              'stopforumspam_check_emails',
 234                              'stopforumspam_check_ips'
 235                              ))));
 236              }
 237          }
 238          catch (Exception $e)
 239          {
 240              if($mybb->settings['stopforumspam_block_on_error'])
 241              {
 242                  error($lang->error_stop_forum_spam_fetching);
 243              }
 244          }
 245      }
 246  
 247      if($mybb->settings['captchaimage'])
 248      {
 249          require_once  MYBB_ROOT.'inc/class_captcha.php';
 250          $captcha = new captcha;
 251  
 252          if($captcha->validate_captcha() == false)
 253          {
 254              // CAPTCHA validation failed
 255              foreach($captcha->get_errors() as $error)
 256              {
 257                  $errors[] = $error;
 258              }
 259          }
 260      }
 261  
 262      // If we have a security question, check to see if answer is correct
 263      if($mybb->settings['securityquestion'])
 264      {
 265          $question_id = $db->escape_string($mybb->get_input('question_id'));
 266          $answer = $db->escape_string($mybb->get_input('answer'));
 267  
 268          $query = $db->query("
 269              SELECT q.*, s.sid
 270              FROM ".TABLE_PREFIX."questionsessions s
 271              LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
 272              WHERE q.active='1' AND s.sid='{$question_id}'
 273          ");
 274          if($db->num_rows($query) > 0)
 275          {
 276              $question = $db->fetch_array($query);
 277              $valid_answers = explode("\n", $question['answer']);
 278              $validated = 0;
 279  
 280              foreach($valid_answers as $answers)
 281              {
 282                  if(my_strtolower($answers) == my_strtolower($answer))
 283                  {
 284                      $validated = 1;
 285                  }
 286              }
 287  
 288              if($validated != 1)
 289              {
 290                  $update_question = array(
 291                      "incorrect" => $question['incorrect'] + 1
 292                  );
 293                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 294  
 295                  $errors[] = $lang->error_question_wrong;
 296              }
 297              else
 298              {
 299                  $update_question = array(
 300                      "correct" => $question['correct'] + 1
 301                  );
 302                  $db->update_query("questions", $update_question, "qid='{$question['qid']}'");
 303              }
 304  
 305              $db->delete_query("questionsessions", "sid='{$question_id}'");
 306          }
 307      }
 308  
 309      $regerrors = '';
 310      if(!empty($errors))
 311      {
 312          $username = htmlspecialchars_uni($mybb->get_input('username'));
 313          $email = htmlspecialchars_uni($mybb->get_input('email'));
 314          $email2 = htmlspecialchars_uni($mybb->get_input('email2'));
 315          $referrername = htmlspecialchars_uni($mybb->get_input('referrername'));
 316  
 317          $allownoticescheck = $hideemailcheck = $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
 318          $receivepmscheck = $pmnoticecheck = $pmnotifycheck = $invisiblecheck = $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
 319  
 320          if($mybb->get_input('allownotices', MyBB::INPUT_INT) == 1)
 321          {
 322              $allownoticescheck = "checked=\"checked\"";
 323          }
 324  
 325          if($mybb->get_input('hideemail', MyBB::INPUT_INT) == 1)
 326          {
 327              $hideemailcheck = "checked=\"checked\"";
 328          }
 329  
 330          if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 1)
 331          {
 332              $no_subscribe_selected = "selected=\"selected\"";
 333          }
 334          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 2)
 335          {
 336              $instant_email_subscribe_selected = "selected=\"selected\"";
 337          }
 338          else if($mybb->get_input('subscriptionmethod', MyBB::INPUT_INT) == 3)
 339          {
 340              $instant_pm_subscribe_selected = "selected=\"selected\"";
 341          }
 342          else
 343          {
 344              $no_auto_subscribe_selected = "selected=\"selected\"";
 345          }
 346  
 347          if($mybb->get_input('receivepms', MyBB::INPUT_INT) == 1)
 348          {
 349              $receivepmscheck = "checked=\"checked\"";
 350          }
 351  
 352          if($mybb->get_input('pmnotice', MyBB::INPUT_INT) == 1)
 353          {
 354              $pmnoticecheck = " checked=\"checked\"";
 355          }
 356  
 357          if($mybb->get_input('pmnotify', MyBB::INPUT_INT) == 1)
 358          {
 359              $pmnotifycheck = "checked=\"checked\"";
 360          }
 361  
 362          if($mybb->get_input('invisible', MyBB::INPUT_INT) == 1)
 363          {
 364              $invisiblecheck = "checked=\"checked\"";
 365          }
 366  
 367          if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 2)
 368          {
 369              $dst_auto_selected = "selected=\"selected\"";
 370          }
 371          else if($mybb->get_input('dstcorrection', MyBB::INPUT_INT) == 1)
 372          {
 373              $dst_enabled_selected = "selected=\"selected\"";
 374          }
 375          else
 376          {
 377              $dst_disabled_selected = "selected=\"selected\"";
 378          }
 379  
 380          $regerrors = inline_error($errors);
 381          $mybb->input['action'] = "register";
 382          $fromreg = 1;
 383      }
 384      else
 385      {
 386          $user_info = $userhandler->insert_user();
 387  
 388          // Invalidate solved captcha
 389          if($mybb->settings['captchaimage'])
 390          {
 391              $captcha->invalidate_captcha();
 392          }
 393  
 394          if($mybb->settings['regtype'] != "randompass" && !isset($mybb->cookies['coppauser']))
 395          {
 396              // Log them in
 397              my_setcookie("mybbuser", $user_info['uid']."_".$user_info['loginkey'], null, true, "lax");
 398          }
 399  
 400          if(isset($mybb->cookies['coppauser']))
 401          {
 402              $lang->redirect_registered_coppa_activate = $lang->sprintf($lang->redirect_registered_coppa_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 403              my_unsetcookie("coppauser");
 404              my_unsetcookie("coppadob");
 405              $plugins->run_hooks("member_do_register_end");
 406              error($lang->redirect_registered_coppa_activate);
 407          }
 408          else if($mybb->settings['regtype'] == "verify")
 409          {
 410              $activationcode = random_str();
 411              $now = TIME_NOW;
 412              $activationarray = array(
 413                  "uid" => $user_info['uid'],
 414                  "dateline" => TIME_NOW,
 415                  "code" => $activationcode,
 416                  "type" => "r"
 417              );
 418              $db->insert_query("awaitingactivation", $activationarray);
 419              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 420              switch($mybb->settings['username_method'])
 421              {
 422                  case 0:
 423                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 424                      break;
 425                  case 1:
 426                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 427                      break;
 428                  case 2:
 429                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 430                      break;
 431                  default:
 432                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 433                      break;
 434              }
 435              my_mail($user_info['email'], $emailsubject, $emailmessage);
 436  
 437              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 438  
 439              $plugins->run_hooks("member_do_register_end");
 440  
 441              error($lang->redirect_registered_activation);
 442          }
 443          else if($mybb->settings['regtype'] == "randompass")
 444          {
 445              $emailsubject = $lang->sprintf($lang->emailsubject_randompassword, $mybb->settings['bbname']);
 446              switch($mybb->settings['username_method'])
 447              {
 448                  case 0:
 449                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 450                      break;
 451                  case 1:
 452                      $emailmessage = $lang->sprintf($lang->email_randompassword1, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 453                      break;
 454                  case 2:
 455                      $emailmessage = $lang->sprintf($lang->email_randompassword2, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 456                      break;
 457                  default:
 458                      $emailmessage = $lang->sprintf($lang->email_randompassword, $user['username'], $mybb->settings['bbname'], $user_info['username'], $mybb->get_input('password'));
 459                      break;
 460              }
 461              my_mail($user_info['email'], $emailsubject, $emailmessage);
 462  
 463              $plugins->run_hooks("member_do_register_end");
 464  
 465              error($lang->redirect_registered_passwordsent);
 466          }
 467          else if($mybb->settings['regtype'] == "admin")
 468          {
 469              $groups = $cache->read("usergroups");
 470              $admingroups = array();
 471              if(!empty($groups)) // Shouldn't be...
 472              {
 473                  foreach($groups as $group)
 474                  {
 475                      if($group['cancp'] == 1)
 476                      {
 477                          $admingroups[] = (int)$group['gid'];
 478                      }
 479                  }
 480              }
 481  
 482              if(!empty($admingroups))
 483              {
 484                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 485                  foreach($admingroups as $admingroup)
 486                  {
 487                      switch($db->type)
 488                      {
 489                          case 'pgsql':
 490                          case 'sqlite':
 491                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 492                              break;
 493                          default:
 494                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 495                              break;
 496                      }
 497                  }
 498                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 499                  while($recipient = $db->fetch_array($q))
 500                  {
 501                      // First we check if the user's a super admin: if yes, we don't care about permissions
 502                      $is_super_admin = is_super_admin($recipient['uid']);
 503                      if(!$is_super_admin)
 504                      {
 505                          // Include admin functions
 506                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 507                          {
 508                              continue;
 509                          }
 510  
 511                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 512  
 513                          // Verify if we have permissions to access user-users
 514                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 515                          if(function_exists("user_admin_permissions"))
 516                          {
 517                              // Get admin permissions
 518                              $adminperms = get_admin_permissions($recipient['uid']);
 519  
 520                              $permissions = user_admin_permissions();
 521                              if(array_key_exists('users', $permissions['permissions']) && $adminperms['user']['users'] != 1)
 522                              {
 523                                  continue; // No permissions
 524                              }
 525                          }
 526                      }
 527  
 528                      // Load language
 529                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 530                      {
 531                          $reset_lang = true;
 532                          $lang->set_language($recipient['language']);
 533                          $lang->load("member");
 534                      }
 535  
 536                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 537                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 538                      my_mail($recipient['email'], $subject, $message);
 539                  }
 540  
 541                  // Reset language
 542                  if(isset($reset_lang))
 543                  {
 544                      $lang->set_language($mybb->settings['bblanguage']);
 545                      $lang->load("member");
 546                  }
 547              }
 548  
 549              $lang->redirect_registered_admin_activate = $lang->sprintf($lang->redirect_registered_admin_activate, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 550  
 551              $plugins->run_hooks("member_do_register_end");
 552  
 553              error($lang->redirect_registered_admin_activate);
 554          }
 555          else if($mybb->settings['regtype'] == "both")
 556          {
 557              $groups = $cache->read("usergroups");
 558              $admingroups = array();
 559              if(!empty($groups)) // Shouldn't be...
 560              {
 561                  foreach($groups as $group)
 562                  {
 563                      if($group['cancp'] == 1)
 564                      {
 565                          $admingroups[] = (int)$group['gid'];
 566                      }
 567                  }
 568              }
 569  
 570              if(!empty($admingroups))
 571              {
 572                  $sqlwhere = 'usergroup IN ('.implode(',', $admingroups).')';
 573                  foreach($admingroups as $admingroup)
 574                  {
 575                      switch($db->type)
 576                      {
 577                          case 'pgsql':
 578                          case 'sqlite':
 579                              $sqlwhere .= " OR ','||additionalgroups||',' LIKE '%,{$admingroup},%'";
 580                              break;
 581                          default:
 582                              $sqlwhere .= " OR CONCAT(',',additionalgroups,',') LIKE '%,{$admingroup},%'";
 583                              break;
 584                      }
 585                  }
 586                  $q = $db->simple_select('users', 'uid,username,email,language', $sqlwhere);
 587                  while($recipient = $db->fetch_array($q))
 588                  {
 589                      // First we check if the user's a super admin: if yes, we don't care about permissions
 590                      $is_super_admin = is_super_admin($recipient['uid']);
 591                      if(!$is_super_admin)
 592                      {
 593                          // Include admin functions
 594                          if(!file_exists(MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php"))
 595                          {
 596                              continue;
 597                          }
 598  
 599                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/inc/functions.php";
 600  
 601                          // Verify if we have permissions to access user-users
 602                          require_once MYBB_ROOT.$mybb->config['admin_dir']."/modules/user/module_meta.php";
 603                              // Get admin permissions
 604                              $adminperms = get_admin_permissions($recipient['uid']);
 605                              if(empty($adminperms['user']['users']) || $adminperms['user']['users'] != 1)
 606                              {
 607                                  continue; // No permissions
 608                              }
 609                      }
 610  
 611                      // Load language
 612                      if($recipient['language'] != $lang->language && $lang->language_exists($recipient['language']))
 613                      {
 614                          $reset_lang = true;
 615                          $lang->set_language($recipient['language']);
 616                          $lang->load("member");
 617                      }
 618  
 619                      $subject = $lang->sprintf($lang->newregistration_subject, $mybb->settings['bbname']);
 620                      $message = $lang->sprintf($lang->newregistration_message, $recipient['username'], $mybb->settings['bbname'], $user['username']);
 621                      my_mail($recipient['email'], $subject, $message);
 622                  }
 623  
 624                  // Reset language
 625                  if(isset($reset_lang))
 626                  {
 627                      $lang->set_language($mybb->settings['bblanguage']);
 628                      $lang->load("member");
 629                  }
 630              }
 631  
 632              $activationcode = random_str();
 633              $activationarray = array(
 634                  "uid" => $user_info['uid'],
 635                  "dateline" => TIME_NOW,
 636                  "code" => $activationcode,
 637                  "type" => "b"
 638              );
 639              $db->insert_query("awaitingactivation", $activationarray);
 640              $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
 641              switch($mybb->settings['username_method'])
 642              {
 643                  case 0:
 644                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 645                      break;
 646                  case 1:
 647                      $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 648                      break;
 649                  case 2:
 650                      $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 651                      break;
 652                  default:
 653                      $emailmessage = $lang->sprintf($lang->email_activateaccount, $user_info['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user_info['uid'], $activationcode);
 654                      break;
 655              }
 656              my_mail($user_info['email'], $emailsubject, $emailmessage);
 657  
 658              $lang->redirect_registered_activation = $lang->sprintf($lang->redirect_registered_activation, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 659  
 660              $plugins->run_hooks("member_do_register_end");
 661  
 662              error($lang->redirect_registered_activation);
 663          }
 664          else
 665          {
 666              $lang->redirect_registered = $lang->sprintf($lang->redirect_registered, $mybb->settings['bbname'], htmlspecialchars_uni($user_info['username']));
 667  
 668              $plugins->run_hooks("member_do_register_end");
 669  
 670              redirect("index.php", $lang->redirect_registered);
 671          }
 672      }
 673  }
 674  
 675  if($mybb->input['action'] == "coppa_form")
 676  {
 677      if(!$mybb->settings['faxno'])
 678      {
 679          $mybb->settings['faxno'] = "&nbsp;";
 680      }
 681  
 682      $plugins->run_hooks("member_coppa_form");
 683  
 684      eval("\$coppa_form = \"".$templates->get("member_coppa_form")."\";");
 685      output_page($coppa_form);
 686  }
 687  
 688  if($mybb->input['action'] == "register")
 689  {
 690      $bdaysel = '';
 691      if($mybb->settings['coppa'] == "disabled")
 692      {
 693          $bdaysel = $bday2blank = '';
 694      }
 695      $mybb->input['bday1'] = $mybb->get_input('bday1', MyBB::INPUT_INT);
 696      for($day = 1; $day <= 31; ++$day)
 697      {
 698          $selected = '';
 699          if($mybb->input['bday1'] == $day)
 700          {
 701              $selected = " selected=\"selected\"";
 702          }
 703  
 704          eval("\$bdaysel .= \"".$templates->get("member_register_day")."\";");
 705      }
 706  
 707      $mybb->input['bday2'] = $mybb->get_input('bday2', MyBB::INPUT_INT);
 708      $bdaymonthsel = array();
 709      foreach(range(1, 12) as $number)
 710      {
 711          $bdaymonthsel[$number] = '';
 712      }
 713      $bdaymonthsel[$mybb->input['bday2']] = "selected=\"selected\"";
 714      $birthday_year = $mybb->get_input('bday3', MyBB::INPUT_INT);
 715  
 716      if($birthday_year == 0)
 717      {
 718          $birthday_year = '';
 719      }
 720  
 721      // Is COPPA checking enabled?
 722      if($mybb->settings['coppa'] != "disabled" && !isset($mybb->input['step']))
 723      {
 724          // Just selected DOB, we check
 725          if($mybb->input['bday1'] && $mybb->input['bday2'] && $birthday_year)
 726          {
 727              my_unsetcookie("coppauser");
 728  
 729              $months = get_bdays($birthday_year);
 730              if($mybb->input['bday2'] < 1 || $mybb->input['bday2'] > 12 || $birthday_year < (date("Y")-100) || $birthday_year > date("Y") || $mybb->input['bday1'] > $months[$mybb->input['bday2']-1])
 731              {
 732                  error($lang->error_invalid_birthday);
 733              }
 734  
 735              $bdaytime = @mktime(0, 0, 0, $mybb->input['bday2'], $mybb->input['bday1'], $birthday_year);
 736  
 737              // Store DOB in cookie so we can save it with the registration
 738              my_setcookie("coppadob", "{$mybb->input['bday1']}-{$mybb->input['bday2']}-{$birthday_year}", -1);
 739  
 740              // User is <= 13, we mark as a coppa user
 741              if($bdaytime >= mktime(0, 0, 0, my_date('n'), my_date('d'), my_date('Y')-13))
 742              {
 743                  my_setcookie("coppauser", 1, -0);
 744                  $under_thirteen = true;
 745              }
 746              $mybb->request_method = "";
 747          }
 748          // Show DOB select form
 749          else
 750          {
 751              $plugins->run_hooks("member_register_coppa");
 752  
 753              my_unsetcookie("coppauser");
 754  
 755              $coppa_desc = $mybb->settings['coppa'] == 'deny' ? $lang->coppa_desc_for_deny : $lang->coppa_desc;
 756              eval("\$coppa = \"".$templates->get("member_register_coppa")."\";");
 757              output_page($coppa);
 758              exit;
 759          }
 760      }
 761  
 762      if((!isset($mybb->input['agree']) && !isset($mybb->input['regsubmit'])) && $fromreg == 0 || $mybb->request_method != "post")
 763      {
 764          $coppa_agreement = '';
 765          // Is this user a COPPA user? We need to show the COPPA agreement too
 766          if($mybb->settings['coppa'] != "disabled" && ($mybb->cookies['coppauser'] == 1 || $under_thirteen))
 767          {
 768              if($mybb->settings['coppa'] == "deny")
 769              {
 770                  error($lang->error_need_to_be_thirteen);
 771              }
 772              $lang->coppa_agreement_1 = $lang->sprintf($lang->coppa_agreement_1, $mybb->settings['bbname']);
 773              eval("\$coppa_agreement = \"".$templates->get("member_register_agreement_coppa")."\";");
 774          }
 775  
 776          $plugins->run_hooks("member_register_agreement");
 777  
 778          eval("\$agreement = \"".$templates->get("member_register_agreement")."\";");
 779          output_page($agreement);
 780      }
 781      else
 782      {
 783          $plugins->run_hooks("member_register_start");
 784  
 785          // JS validator extra
 786          if($mybb->settings['maxnamelength'] > 0 && $mybb->settings['minnamelength'] > 0)
 787          {
 788              $lang->js_validator_username_length = $lang->sprintf($lang->js_validator_username_length, $mybb->settings['minnamelength'], $mybb->settings['maxnamelength']);
 789          }
 790  
 791          if(isset($mybb->input['timezoneoffset']))
 792          {
 793              $timezoneoffset = $mybb->get_input('timezoneoffset');
 794          }
 795          else
 796          {
 797              $timezoneoffset = $mybb->settings['timezoneoffset'];
 798          }
 799          $tzselect = build_timezone_select("timezoneoffset", $timezoneoffset, true);
 800  
 801          $stylelist = build_theme_select("style");
 802  
 803          if($mybb->settings['usertppoptions'])
 804          {
 805              $tppoptions = '';
 806              $explodedtpp = explode(",", $mybb->settings['usertppoptions']);
 807              if(is_array($explodedtpp))
 808              {
 809                  foreach($explodedtpp as $val)
 810                  {
 811                      $val = trim($val);
 812                      $tpp_option = $lang->sprintf($lang->tpp_option, $val);
 813                      eval("\$tppoptions .= \"".$templates->get("usercp_options_tppselect_option")."\";");
 814                  }
 815              }
 816              eval("\$tppselect = \"".$templates->get("usercp_options_tppselect")."\";");
 817          }
 818          if($mybb->settings['userpppoptions'])
 819          {
 820              $pppoptions = '';
 821              $explodedppp = explode(",", $mybb->settings['userpppoptions']);
 822              if(is_array($explodedppp))
 823              {
 824                  foreach($explodedppp as $val)
 825                  {
 826                      $val = trim($val);
 827                      $ppp_option = $lang->sprintf($lang->ppp_option, $val);
 828                      eval("\$pppoptions .= \"".$templates->get("usercp_options_pppselect_option")."\";");
 829                  }
 830              }
 831              eval("\$pppselect = \"".$templates->get("usercp_options_pppselect")."\";");
 832          }
 833          if($mybb->settings['usereferrals'] == 1 && !$mybb->user['uid'])
 834          {
 835              if(isset($mybb->cookies['mybb']['referrer']))
 836              {
 837                  $query = $db->simple_select("users", "uid,username", "uid='".(int)$mybb->cookies['mybb']['referrer']."'");
 838                  $ref = $db->fetch_array($query);
 839                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 840                  $referrername = $ref['username'];
 841              }
 842              elseif(!empty($referrer))
 843              {
 844                  $query = $db->simple_select("users", "username", "uid='".(int)$referrer['uid']."'");
 845                  $ref = $db->fetch_array($query);
 846                  $ref['username'] = htmlspecialchars_uni($ref['username']);
 847                  $referrername = $ref['username'];
 848              }
 849              elseif(!empty($referrername))
 850              {
 851                  $ref = get_user_by_username($referrername);
 852                  if(!$ref)
 853                  {
 854                      $errors[] = $lang->error_badreferrer;
 855                  }
 856              }
 857              else
 858              {
 859                  $referrername = '';
 860              }
 861              if(isset($quickreg))
 862              {
 863                  $refbg = "trow1";
 864              }
 865              else
 866              {
 867                  $refbg = "trow2";
 868              }
 869              eval("\$referrer = \"".$templates->get("member_register_referrer")."\";");
 870          }
 871          else
 872          {
 873              $referrer = '';
 874          }
 875          $mybb->input['profile_fields'] = $mybb->get_input('profile_fields', MyBB::INPUT_ARRAY);
 876          // Custom profile fields baby!
 877          $altbg = "trow1";
 878          $requiredfields = $customfields = '';
 879  
 880          if($mybb->settings['regtype'] == "verify" || $mybb->settings['regtype'] == "admin" || $mybb->settings['regtype'] == "both" || $mybb->get_input('coppa', MyBB::INPUT_INT) == 1)
 881          {
 882              $usergroup = 5;
 883          }
 884          else
 885          {
 886              $usergroup = 2;
 887          }
 888  
 889          $pfcache = $cache->read('profilefields');
 890  
 891          if(is_array($pfcache))
 892          {
 893              $jsvar_reqfields = array();
 894              foreach($pfcache as $profilefield)
 895              {
 896                  if($profilefield['required'] != 1 && $profilefield['registration'] != 1 || !is_member($profilefield['editableby'], array('usergroup' => $mybb->user['usergroup'], 'additionalgroups' => $usergroup)))
 897                  {
 898                      continue;
 899                  }
 900  
 901                  $code = $select = $val = $options = $expoptions = $useropts = '';
 902                  $seloptions = array();
 903                  $profilefield['type'] = htmlspecialchars_uni($profilefield['type']);
 904                  $thing = explode("\n", $profilefield['type'], 2);
 905                  $type = trim($thing[0]);
 906                  $options = isset($thing[1]) ? $thing[1] : null;
 907                  $select = '';
 908                  $field = "fid{$profilefield['fid']}";
 909                  $profilefield['description'] = htmlspecialchars_uni($profilefield['description']);
 910                  $profilefield['name'] = htmlspecialchars_uni($profilefield['name']);
 911                  if(!empty($errors) && isset($mybb->input['profile_fields'][$field]))
 912                  {
 913                      $userfield = $mybb->input['profile_fields'][$field];
 914                  }
 915                  else
 916                  {
 917                      $userfield = '';
 918                  }
 919                  if($type == "multiselect")
 920                  {
 921                      if(!empty($errors))
 922                      {
 923                          $useropts = $userfield;
 924                      }
 925                      else
 926                      {
 927                          $useropts = explode("\n", $userfield);
 928                      }
 929                      if(is_array($useropts))
 930                      {
 931                          foreach($useropts as $key => $val)
 932                          {
 933                              $seloptions[$val] = $val;
 934                          }
 935                      }
 936                      $expoptions = explode("\n", $options);
 937                      if(is_array($expoptions))
 938                      {
 939                          foreach($expoptions as $key => $val)
 940                          {
 941                              $val = trim($val);
 942                              $val = str_replace("\n", "\\n", $val);
 943  
 944                              $sel = "";
 945                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
 946                              {
 947                                  $sel = ' selected="selected"';
 948                              }
 949  
 950                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 951                          }
 952                          if(!$profilefield['length'])
 953                          {
 954                              $profilefield['length'] = 3;
 955                          }
 956  
 957                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_multiselect")."\";");
 958                      }
 959                  }
 960                  elseif($type == "select")
 961                  {
 962                      $expoptions = explode("\n", $options);
 963                      if(is_array($expoptions))
 964                      {
 965                          foreach($expoptions as $key => $val)
 966                          {
 967                              $val = trim($val);
 968                              $val = str_replace("\n", "\\n", $val);
 969                              $sel = "";
 970                              if($val == $userfield)
 971                              {
 972                                  $sel = ' selected="selected"';
 973                              }
 974  
 975                              eval("\$select .= \"".$templates->get("usercp_profile_profilefields_select_option")."\";");
 976                          }
 977                          if(!$profilefield['length'])
 978                          {
 979                              $profilefield['length'] = 1;
 980                          }
 981  
 982                          eval("\$code = \"".$templates->get("usercp_profile_profilefields_select")."\";");
 983                      }
 984                  }
 985                  elseif($type == "radio")
 986                  {
 987                      $expoptions = explode("\n", $options);
 988                      if(is_array($expoptions))
 989                      {
 990                          foreach($expoptions as $key => $val)
 991                          {
 992                              $checked = "";
 993                              if($val == $userfield)
 994                              {
 995                                  $checked = 'checked="checked"';
 996                              }
 997  
 998                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_radio")."\";");
 999                          }
1000                      }
1001                  }
1002                  elseif($type == "checkbox")
1003                  {
1004                      if(!empty($errors))
1005                      {
1006                          $useropts = $userfield;
1007                      }
1008                      else
1009                      {
1010                          $useropts = explode("\n", $userfield);
1011                      }
1012                      if(is_array($useropts))
1013                      {
1014                          foreach($useropts as $key => $val)
1015                          {
1016                              $seloptions[$val] = $val;
1017                          }
1018                      }
1019                      $expoptions = explode("\n", $options);
1020                      if(is_array($expoptions))
1021                      {
1022                          foreach($expoptions as $key => $val)
1023                          {
1024                              $checked = "";
1025                              if(isset($seloptions[$val]) && $val == $seloptions[$val])
1026                              {
1027                                  $checked = 'checked="checked"';
1028                              }
1029  
1030                              eval("\$code .= \"".$templates->get("usercp_profile_profilefields_checkbox")."\";");
1031                          }
1032                      }
1033                  }
1034                  elseif($type == "textarea")
1035                  {
1036                      $value = htmlspecialchars_uni($userfield);
1037                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_textarea")."\";");
1038                  }
1039                  else
1040                  {
1041                      $value = htmlspecialchars_uni($userfield);
1042                      $maxlength = "";
1043                      if($profilefield['maxlength'] > 0)
1044                      {
1045                          $maxlength = " maxlength=\"{$profilefield['maxlength']}\"";
1046                      }
1047  
1048                      eval("\$code = \"".$templates->get("usercp_profile_profilefields_text")."\";");
1049                  }
1050  
1051                  if($profilefield['required'] == 1)
1052                  {
1053                      // JS validator extra, choose correct selectors for everything except single select which always has value
1054                      if($type != 'select')
1055                      {
1056                          $jsvar_reqfields[] = array(
1057                              'type' => $type,
1058                              'fid' => $field,
1059                          );
1060                      }
1061  
1062                      eval("\$requiredfields .= \"".$templates->get("member_register_customfield")."\";");
1063                  }
1064                  else
1065                  {
1066                      eval("\$customfields .= \"".$templates->get("member_register_customfield")."\";");
1067                  }
1068              }
1069  
1070              if($requiredfields)
1071              {
1072                  eval("\$requiredfields = \"".$templates->get("member_register_requiredfields")."\";");
1073              }
1074  
1075              if($customfields)
1076              {
1077                  eval("\$customfields = \"".$templates->get("member_register_additionalfields")."\";");
1078              }
1079          }
1080  
1081          if(!isset($fromreg) || $fromreg == 0)
1082          {
1083              $allownoticescheck = "checked=\"checked\"";
1084              $hideemailcheck = '';
1085              $receivepmscheck = "checked=\"checked\"";
1086              $pmnoticecheck = " checked=\"checked\"";
1087              $pmnotifycheck = '';
1088              $invisiblecheck = '';
1089              if($mybb->settings['dstcorrection'] == 1)
1090              {
1091                  $enabledstcheck = "checked=\"checked\"";
1092              }
1093              $no_auto_subscribe_selected = $instant_email_subscribe_selected = $instant_pm_subscribe_selected = $no_subscribe_selected = '';
1094              $dst_auto_selected = $dst_enabled_selected = $dst_disabled_selected = '';
1095              $username = $email = $email2 = '';
1096              $regerrors = '';
1097          }
1098          // Spambot registration image thingy
1099          $captcha_html = 0;
1100          $regimage = '';
1101          if($mybb->settings['captchaimage'])
1102          {
1103              require_once  MYBB_ROOT.'inc/class_captcha.php';
1104              $captcha = new captcha(true, "member_register_regimage");
1105  
1106              if($captcha->html)
1107              {
1108                  $captcha_html = 1;
1109                  $regimage = $captcha->html;
1110              }
1111          }
1112  
1113          // Security Question
1114          $questionbox = '';
1115          $question_exists = 0;
1116          if($mybb->settings['securityquestion'])
1117          {
1118              $sid = generate_question();
1119              $query = $db->query("
1120                  SELECT q.question, s.sid
1121                  FROM ".TABLE_PREFIX."questionsessions s
1122                  LEFT JOIN ".TABLE_PREFIX."questions q ON (q.qid=s.qid)
1123                  WHERE q.active='1' AND s.sid='{$sid}'
1124              ");
1125              if($db->num_rows($query) > 0)
1126              {
1127                  $question_exists = 1;
1128                  $question = $db->fetch_array($query);
1129  
1130                  //Set parser options for security question
1131                  $parser_options = array(
1132                      "allow_html" => 0,
1133                      "allow_mycode" => 1,
1134                      "allow_smilies" => 1,
1135                      "allow_imgcode" => 1,
1136                      "allow_videocode" => 1,
1137                      "filter_badwords" => 1,
1138                      "me_username" => 0,
1139                      "shorten_urls" => 0,
1140                      "highlight" => 0,
1141                  );
1142  
1143                  //Parse question
1144                  $question['question'] = $parser->parse_message($question['question'], $parser_options);
1145                  $question['sid'] = htmlspecialchars_uni($question['sid']);
1146  
1147                  $refresh = '';
1148                  // Total questions
1149                  $q = $db->simple_select('questions', 'COUNT(qid) as num', 'active=1');
1150                  $num = $db->fetch_field($q, 'num');
1151                  if($num > 1)
1152                  {
1153                      eval("\$refresh = \"".$templates->get("member_register_question_refresh")."\";");
1154                  }
1155  
1156                  eval("\$questionbox = \"".$templates->get("member_register_question")."\";");
1157              }
1158          }
1159  
1160          $hiddencaptcha = '';
1161          // Hidden CAPTCHA for Spambots
1162          if($mybb->settings['hiddencaptchaimage'])
1163          {
1164              $captcha_field = $mybb->settings['hiddencaptchaimagefield'];
1165  
1166              eval("\$hiddencaptcha = \"".$templates->get("member_register_hiddencaptcha")."\";");
1167          }
1168          if($mybb->settings['regtype'] != "randompass")
1169          {
1170              // JS validator extra
1171              $lang->js_validator_password_length = $lang->sprintf($lang->js_validator_password_length, $mybb->settings['minpasswordlength']);
1172  
1173              // See if the board has "require complex passwords" enabled.
1174              if($mybb->settings['requirecomplexpasswords'] == 1)
1175              {
1176                  $lang->password = $lang->complex_password = $lang->sprintf($lang->complex_password, $mybb->settings['minpasswordlength']);
1177              }
1178              eval("\$passboxes = \"".$templates->get("member_register_password")."\";");
1179          }
1180  
1181          $languages = $lang->get_languages();
1182          $langoptions = $boardlanguage = '';
1183          if(count($languages) > 1)
1184          {
1185              foreach($languages as $name => $language)
1186              {
1187                  $language = htmlspecialchars_uni($language);
1188  
1189                  $sel = '';
1190                  if($mybb->get_input('language') == $name)
1191                  {
1192                      $sel = " selected=\"selected\"";
1193                  }
1194  
1195                  eval('$langoptions .= "'.$templates->get('usercp_options_language_option').'";');
1196              }
1197  
1198              eval('$boardlanguage = "'.$templates->get('member_register_language').'";');
1199          }
1200  
1201          // Set the time so we can find automated signups
1202          $time = TIME_NOW;
1203  
1204          $plugins->run_hooks("member_register_end");
1205  
1206          $jsvar_reqfields = json_encode($jsvar_reqfields);
1207  
1208          $validator_javascript = "<script type=\"text/javascript\">
1209              var regsettings = {
1210                  requiredfields: '{$jsvar_reqfields}',
1211                  minnamelength: '{$mybb->settings['minnamelength']}',
1212                  maxnamelength: '{$mybb->settings['maxnamelength']}',
1213                  minpasswordlength: '{$mybb->settings['minpasswordlength']}',
1214                  captchaimage: '{$mybb->settings['captchaimage']}',
1215                  captchahtml: '{$captcha_html}',
1216                  securityquestion: '{$mybb->settings['securityquestion']}',
1217                  questionexists: '{$question_exists}',
1218                  requirecomplexpasswords: '{$mybb->settings['requirecomplexpasswords']}',
1219                  regtype: '{$mybb->settings['regtype']}',
1220                  hiddencaptchaimage: '{$mybb->settings['hiddencaptchaimage']}'
1221              };
1222  
1223              lang.js_validator_no_username = '{$lang->js_validator_no_username}';
1224              lang.js_validator_username_length = '{$lang->js_validator_username_length}';
1225              lang.js_validator_invalid_email = '{$lang->js_validator_invalid_email}';
1226              lang.js_validator_email_match = '{$lang->js_validator_email_match}';
1227              lang.js_validator_not_empty = '{$lang->js_validator_not_empty}';
1228              lang.js_validator_password_length = '{$lang->js_validator_password_length}';
1229              lang.js_validator_password_matches = '{$lang->js_validator_password_matches}';
1230              lang.js_validator_no_image_text = '{$lang->js_validator_no_image_text}';
1231              lang.js_validator_no_security_question = '{$lang->js_validator_no_security_question}';
1232              lang.js_validator_bad_password_security = '{$lang->js_validator_bad_password_security}';
1233          </script>\n";
1234  
1235          eval("\$registration = \"".$templates->get("member_register")."\";");
1236          output_page($registration);
1237      }
1238  }
1239  
1240  if($mybb->input['action'] == "activate")
1241  {
1242      $plugins->run_hooks("member_activate_start");
1243  
1244      if(isset($mybb->input['username']))
1245      {
1246          $mybb->input['username'] = $mybb->get_input('username');
1247          $options = array(
1248              'username_method' => $mybb->settings['username_method'],
1249              'fields' => '*',
1250          );
1251          $user = get_user_by_username($mybb->input['username'], $options);
1252          if(!$user)
1253          {
1254              switch($mybb->settings['username_method'])
1255              {
1256                  case 0:
1257                      error($lang->error_invalidpworusername);
1258                      break;
1259                  case 1:
1260                      error($lang->error_invalidpworusername1);
1261                      break;
1262                  case 2:
1263                      error($lang->error_invalidpworusername2);
1264                      break;
1265                  default:
1266                      error($lang->error_invalidpworusername);
1267                      break;
1268              }
1269          }
1270          $uid = $user['uid'];
1271      }
1272      else
1273      {
1274          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1275      }
1276      if(isset($mybb->input['code']) && $user)
1277      {
1278          $query = $db->simple_select("awaitingactivation", "*", "uid='".$user['uid']."' AND (type='r' OR type='e' OR type='b')");
1279          $activation = $db->fetch_array($query);
1280          if(!$activation)
1281          {
1282              error($lang->error_alreadyactivated);
1283          }
1284          if($activation['code'] !== $mybb->get_input('code'))
1285          {
1286              error($lang->error_badactivationcode);
1287          }
1288  
1289          if($activation['type'] == "b" && $activation['validated'] == 1)
1290          {
1291              error($lang->error_alreadyvalidated);
1292          }
1293  
1294          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND (type='r' OR type='e')");
1295  
1296          if($user['usergroup'] == 5 && $activation['type'] != "e" && $activation['type'] != "b")
1297          {
1298              $db->update_query("users", array("usergroup" => 2), "uid='".$user['uid']."'");
1299  
1300              $cache->update_awaitingactivation();
1301          }
1302          if($activation['type'] == "e")
1303          {
1304              $newemail = array(
1305                  "email" => $db->escape_string($activation['misc']),
1306              );
1307              $db->update_query("users", $newemail, "uid='".$user['uid']."'");
1308              $plugins->run_hooks("member_activate_emailupdated");
1309  
1310              redirect("usercp.php", $lang->redirect_emailupdated);
1311          }
1312          elseif($activation['type'] == "b")
1313          {
1314              $update = array(
1315                  "validated" => 1,
1316              );
1317              $db->update_query("awaitingactivation", $update, "uid='".$user['uid']."' AND type='b'");
1318              $plugins->run_hooks("member_activate_emailactivated");
1319  
1320              redirect("index.php", $lang->redirect_accountactivated_admin, "", true);
1321          }
1322          else
1323          {
1324              $plugins->run_hooks("member_activate_accountactivated");
1325  
1326              redirect("index.php", $lang->redirect_accountactivated);
1327          }
1328      }
1329      else
1330      {
1331          $plugins->run_hooks("member_activate_form");
1332  
1333          $code = htmlspecialchars_uni($mybb->get_input('code'));
1334  
1335          if(!isset($user['username']))
1336          {
1337              $user['username'] = '';
1338          }
1339          $user['username'] = htmlspecialchars_uni($user['username']);
1340  
1341          eval("\$activate = \"".$templates->get("member_activate")."\";");
1342          output_page($activate);
1343      }
1344  }
1345  
1346  if($mybb->input['action'] == "do_resendactivation" && $mybb->request_method == "post")
1347  {
1348      $plugins->run_hooks("member_do_resendactivation_start");
1349  
1350      if($mybb->settings['regtype'] == "admin")
1351      {
1352          error($lang->error_activated_by_admin);
1353      }
1354  
1355      $errors = array();
1356  
1357      if($mybb->settings['captchaimage'])
1358      {
1359          require_once  MYBB_ROOT.'inc/class_captcha.php';
1360          $captcha = new captcha;
1361  
1362          if($captcha->validate_captcha() == false)
1363          {
1364              // CAPTCHA validation failed
1365              foreach($captcha->get_errors() as $error)
1366              {
1367                  $errors[] = $error;
1368              }
1369          }
1370      }
1371  
1372      $query = $db->query("
1373          SELECT u.uid, u.username, u.usergroup, u.email, a.code, a.type, a.validated
1374          FROM ".TABLE_PREFIX."users u
1375          LEFT JOIN ".TABLE_PREFIX."awaitingactivation a ON (a.uid=u.uid AND (a.type='r' OR a.type='b'))
1376          WHERE u.email='".$db->escape_string($mybb->get_input('email'))."'
1377      ");
1378      $numusers = $db->num_rows($query);
1379      if($numusers < 1)
1380      {
1381          error($lang->error_invalidemail);
1382      }
1383      else
1384      {
1385          if(count($errors) == 0)
1386          {
1387              while($user = $db->fetch_array($query))
1388              {
1389                  if($user['type'] == "b" && $user['validated'] == 1)
1390                  {
1391                      error($lang->error_activated_by_admin);
1392                  }
1393  
1394                  if($user['usergroup'] == 5)
1395                  {
1396                      if(!$user['code'])
1397                      {
1398                          $user['code'] = random_str();
1399                          $uid = $user['uid'];
1400                          $awaitingarray = array(
1401                              "uid" => $uid,
1402                              "dateline" => TIME_NOW,
1403                              "code" => $user['code'],
1404                              "type" => $user['type']
1405                          );
1406                          $db->insert_query("awaitingactivation", $awaitingarray);
1407                      }
1408                      $username = $user['username'];
1409                      $email = $user['email'];
1410                      $activationcode = $user['code'];
1411                      $emailsubject = $lang->sprintf($lang->emailsubject_activateaccount, $mybb->settings['bbname']);
1412                      switch($mybb->settings['username_method'])
1413                      {
1414                          case 0:
1415                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1416                              break;
1417                          case 1:
1418                              $emailmessage = $lang->sprintf($lang->email_activateaccount1, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1419                              break;
1420                          case 2:
1421                              $emailmessage = $lang->sprintf($lang->email_activateaccount2, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1422                              break;
1423                          default:
1424                              $emailmessage = $lang->sprintf($lang->email_activateaccount, $user['username'], $mybb->settings['bbname'], $mybb->settings['bburl'], $user['uid'], $activationcode);
1425                              break;
1426                      }
1427                      my_mail($email, $emailsubject, $emailmessage);
1428                  }
1429              }
1430  
1431              $plugins->run_hooks("member_do_resendactivation_end");
1432  
1433              redirect("index.php", $lang->redirect_activationresent);
1434          }
1435          else
1436          {
1437              $mybb->input['action'] = "resendactivation";
1438          }
1439      }
1440  }
1441  
1442  if($mybb->input['action'] == "resendactivation")
1443  {
1444      $plugins->run_hooks("member_resendactivation");
1445  
1446      if($mybb->settings['regtype'] == "admin")
1447      {
1448          error($lang->error_activated_by_admin);
1449      }
1450  
1451      if($mybb->user['uid'] && $mybb->user['usergroup'] != 5)
1452      {
1453          error($lang->error_alreadyactivated);
1454      }
1455  
1456      $query = $db->simple_select("awaitingactivation", "*", "uid='".$mybb->user['uid']."' AND type='b'");
1457      $activation = $db->fetch_array($query);
1458  
1459      if($activation && $activation['validated'] == 1)
1460      {
1461          error($lang->error_activated_by_admin);
1462      }
1463  
1464      $captcha = '';
1465      // Generate CAPTCHA?
1466      if($mybb->settings['captchaimage'])
1467      {
1468          require_once  MYBB_ROOT.'inc/class_captcha.php';
1469          $post_captcha = new captcha(true, "post_captcha");
1470  
1471          if($post_captcha->html)
1472          {
1473              $captcha = $post_captcha->html;
1474          }
1475      }
1476  
1477      if(isset($errors) && count($errors) > 0)
1478      {
1479          $errors = inline_error($errors);
1480          $email = htmlspecialchars_uni($mybb->get_input('email'));
1481      }
1482      else
1483      {
1484          $errors = '';
1485          $email = '';
1486      }
1487  
1488      $plugins->run_hooks("member_resendactivation_end");
1489  
1490      eval("\$activate = \"".$templates->get("member_resendactivation")."\";");
1491      output_page($activate);
1492  }
1493  
1494  if($mybb->input['action'] == "do_lostpw" && $mybb->request_method == "post")
1495  {
1496      $plugins->run_hooks("member_do_lostpw_start");
1497  
1498      $errors = array();
1499  
1500      if($mybb->settings['captchaimage'])
1501      {
1502          require_once  MYBB_ROOT.'inc/class_captcha.php';
1503          $captcha = new captcha;
1504  
1505          if($captcha->validate_captcha() == false)
1506          {
1507              // CAPTCHA validation failed
1508              foreach($captcha->get_errors() as $error)
1509              {
1510                  $errors[] = $error;
1511              }
1512          }
1513      }
1514  
1515      $query = $db->simple_select("users", "*", "email='".$db->escape_string($mybb->get_input('email'))."'");
1516      $numusers = $db->num_rows($query);
1517      if($numusers < 1)
1518      {
1519          error($lang->error_invalidemail);
1520      }
1521      else
1522      {
1523          if(count($errors) == 0)
1524          {
1525              while($user = $db->fetch_array($query))
1526              {
1527                  $db->delete_query("awaitingactivation", "uid='{$user['uid']}' AND type='p'");
1528                  $user['activationcode'] = random_str(30);
1529                  $now = TIME_NOW;
1530                  $uid = $user['uid'];
1531                  $awaitingarray = array(
1532                      "uid" => $user['uid'],
1533                      "dateline" => TIME_NOW,
1534                      "code" => $user['activationcode'],
1535                      "type" => "p"
1536                  );
1537                  $db->insert_query("awaitingactivation", $awaitingarray);
1538                  $username = $user['username'];
1539                  $email = $user['email'];
1540                  $activationcode = $user['activationcode'];
1541                  $emailsubject = $lang->sprintf($lang->emailsubject_lostpw, $mybb->settings['bbname']);
1542                  switch($mybb->settings['username_method'])
1543                  {
1544                      case 0:
1545                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1546                          break;
1547                      case 1:
1548                          $emailmessage = $lang->sprintf($lang->email_lostpw1, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1549                          break;
1550                      case 2:
1551                          $emailmessage = $lang->sprintf($lang->email_lostpw2, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1552                          break;
1553                      default:
1554                          $emailmessage = $lang->sprintf($lang->email_lostpw, $username, $mybb->settings['bbname'], $mybb->settings['bburl'], $uid, $activationcode);
1555                          break;
1556                  }
1557                  my_mail($email, $emailsubject, $emailmessage);
1558              }
1559  
1560              $plugins->run_hooks("member_do_lostpw_end");
1561  
1562              redirect("index.php", $lang->redirect_lostpwsent, "", true);
1563          }
1564          else
1565          {
1566              $mybb->input['action'] = "lostpw";
1567          }
1568      }
1569  }
1570  
1571  if($mybb->input['action'] == "lostpw")
1572  {
1573      $plugins->run_hooks("member_lostpw");
1574  
1575      $captcha = '';
1576      // Generate CAPTCHA?
1577      if($mybb->settings['captchaimage'])
1578      {
1579          require_once  MYBB_ROOT.'inc/class_captcha.php';
1580          $post_captcha = new captcha(true, "post_captcha");
1581  
1582          if($post_captcha->html)
1583          {
1584              $captcha = $post_captcha->html;
1585          }
1586      }
1587  
1588      if(isset($errors) && count($errors) > 0)
1589      {
1590          $errors = inline_error($errors);
1591          $email = htmlspecialchars_uni($mybb->get_input('email'));
1592      }
1593      else
1594      {
1595          $errors = '';
1596          $email = '';
1597      }
1598  
1599      eval("\$lostpw = \"".$templates->get("member_lostpw")."\";");
1600      output_page($lostpw);
1601  }
1602  
1603  if($mybb->input['action'] == "resetpassword")
1604  {
1605      $plugins->run_hooks("member_resetpassword_start");
1606  
1607      if(isset($mybb->input['username']))
1608      {
1609          $mybb->input['username'] = $mybb->get_input('username');
1610          $options = array(
1611              'username_method' => $mybb->settings['username_method'],
1612              'fields' => '*',
1613          );
1614          $user = get_user_by_username($mybb->input['username'], $options);
1615          if(!$user)
1616          {
1617              switch($mybb->settings['username_method'])
1618              {
1619                  case 0:
1620                      error($lang->error_invalidpworusername);
1621                      break;
1622                  case 1:
1623                      error($lang->error_invalidpworusername1);
1624                      break;
1625                  case 2:
1626                      error($lang->error_invalidpworusername2);
1627                      break;
1628                  default:
1629                      error($lang->error_invalidpworusername);
1630                      break;
1631              }
1632          }
1633      }
1634      else
1635      {
1636          $user = get_user($mybb->get_input('uid', MyBB::INPUT_INT));
1637      }
1638  
1639      if(isset($mybb->input['code']) && $user)
1640      {
1641          $query = $db->simple_select("awaitingactivation", "code", "uid='".$user['uid']."' AND type='p'");
1642          $activationcode = $db->fetch_field($query, 'code');
1643          $now = TIME_NOW;
1644          if(!$activationcode || $activationcode !== $mybb->get_input('code'))
1645          {
1646              error($lang->error_badlostpwcode);
1647          }
1648          $db->delete_query("awaitingactivation", "uid='".$user['uid']."' AND type='p'");
1649          $username = $user['username'];
1650  
1651          // Generate a new password, then update it
1652          $password_length = (int)$mybb->settings['minpasswordlength'];
1653  
1654          if($password_length < 8)
1655          {
1656              $password_length = min(8, (int)$mybb->settings['maxpasswordlength']);
1657          }
1658  
1659          // Set up user handler.
1660          require_once  MYBB_ROOT.'inc/datahandlers/user.php';
1661          $userhandler = new UserDataHandler('update');
1662  
1663          while(!$userhandler->verify_password())
1664          {
1665              $password = random_str($password_length, $mybb->settings['requirecomplexpasswords']);
1666  
1667              $userhandler->set_data(array(
1668                  'uid'        => $user['uid'],
1669                  'username'    => $user['username'],
1670                  'email'        => $user['email'],
1671                  'password'    => $password
1672              ));
1673  
1674              $userhandler->set_validated(true);
1675              $userhandler->errors = array();
1676          }
1677  
1678          $userhandler->update_user();
1679  
1680          $logindetails = array(
1681              'salt'        => $userhandler->data['salt'],
1682              'password'    => $userhandler->data['saltedpw'],
1683              'loginkey'    => $userhandler->data['loginkey'],
1684          );
1685  
1686          $email = $user['email'];
1687  
1688          $plugins->run_hooks("member_resetpassword_process");
1689  
1690          $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']);
1691          $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password);
1692          my_mail($email, $emailsubject, $emailmessage);
1693  
1694          $plugins->run_hooks("member_resetpassword_reset");
1695  
1696          error($lang->redirect_passwordreset);
1697      }
1698      else
1699      {
1700          $plugins->run_hooks("member_resetpassword_form");
1701  
1702          switch($mybb->settings['username_method'])
1703          {
1704              case 0:
1705                  $lang_username = $lang->username;
1706                  break;
1707              case 1:
1708                  $lang_username = $lang->username1;
1709                  break;
1710              case 2:
1711                  $lang_username = $lang->username2;
1712                  break;
1713              default:
1714                  $lang_username = $lang->username;
1715                  break;
1716          }
1717  
1718          $code = htmlspecialchars_uni($mybb->get_input('code'));
1719          
1720          $input_username = htmlspecialchars_uni($mybb->get_input('username'));
1721  
1722          eval("\$activate = \"".$templates->get("member_resetpassword")."\";");
1723          output_page($activate);
1724      }
1725  }
1726  
1727  $do_captcha = $correct = false;
1728  $inline_errors = "";
1729  if($mybb->input['action'] == "do_login" && $mybb->request_method == "post")
1730  {
1731      verify_post_check($mybb->get_input('my_post_key'));
1732  
1733      $errors = array();
1734  
1735      $plugins->run_hooks("member_do_login_start");
1736  
1737      require_once  MYBB_ROOT."inc/datahandlers/login.php";
1738      $loginhandler = new LoginDataHandler("get");
1739  
1740      if($mybb->get_input('quick_password') && $mybb->get_input('quick_username'))
1741      {
1742          $mybb->input['password'] = $mybb->get_input('quick_password');
1743          $mybb->input['username'] = $mybb->get_input('quick_username');
1744          $mybb->input['remember'] = $mybb->get_input('quick_remember');
1745      }
1746  
1747      $user = array(
1748          'username' => $mybb->get_input('username'),
1749          'password' => $mybb->get_input('password'),
1750          'remember' => $mybb->get_input('remember'),
1751          'imagestring' => $mybb->get_input('imagestring')
1752      );
1753  
1754      $options = array(
1755          'fields' => 'loginattempts',
1756          'username_method' => (int)$mybb->settings['username_method'],
1757      );
1758  
1759      $user_loginattempts = get_user_by_username($user['username'], $options);
1760      if(!empty($user_loginattempts))
1761      {
1762          $user['loginattempts'] = (int)$user_loginattempts['loginattempts'];
1763      }
1764  
1765      $loginhandler->set_data($user);
1766      $validated = $loginhandler->validate_login();
1767  
1768      if(!$validated)
1769      {
1770          $mybb->input['action'] = "login";
1771          $mybb->request_method = "get";
1772  
1773          $login_user_uid = 0;
1774          if(!empty($loginhandler->login_data))
1775          {
1776              $login_user_uid = (int)$loginhandler->login_data['uid'];
1777              $user['loginattempts'] = (int)$loginhandler->login_data['loginattempts'];
1778          }
1779  
1780          // Is a fatal call if user has had too many tries
1781          $logins = login_attempt_check($login_user_uid);
1782  
1783          $db->update_query("users", array('loginattempts' => 'loginattempts+1'), "uid='".$login_user_uid."'", 1, true);
1784  
1785          $errors = $loginhandler->get_friendly_errors();
1786  
1787          // If we need a captcha set it here
1788          if(
1789              $mybb->settings['failedcaptchalogincount'] > 0 &&
1790              (
1791                  (
1792                      isset($user['loginattempts']) &&
1793                      $user['loginattempts'] > $mybb->settings['failedcaptchalogincount']
1794                  ) ||
1795                  (
1796                      isset($mybb->cookies['loginattempts']) &&
1797                      (int)$mybb->cookies['loginattempts'] > $mybb->settings['failedcaptchalogincount']
1798                  )
1799              )
1800          )
1801          {
1802              $do_captcha = true;
1803              $correct = $loginhandler->captcha_verified;
1804          }
1805      }
1806      else if($validated && $loginhandler->captcha_verified == true)
1807      {
1808          // Successful login
1809          if($loginhandler->login_data['coppauser'])
1810          {
1811              error($lang->error_awaitingcoppa);
1812          }
1813  
1814          $loginhandler->complete_login();
1815  
1816          $plugins->run_hooks("member_do_login_end");
1817  
1818          $mybb->input['url'] = $mybb->get_input('url');
1819  
1820          if(!empty($mybb->input['url']) && my_strpos(basename($mybb->input['url']), 'member.php') === false && !preg_match('#^javascript:#i', $mybb->input['url']))
1821          {
1822              if((my_strpos(basename($mybb->input['url']), 'newthread.php') !== false || my_strpos(basename($mybb->input['url']), 'newreply.php') !== false) && my_strpos($mybb->input['url'], '&processed=1') !== false)
1823              {
1824                  $mybb->input['url'] = str_replace('&processed=1', '', $mybb->input['url']);
1825              }
1826  
1827              $mybb->input['url'] = str_replace('&amp;', '&', $mybb->input['url']);
1828  
1829              if(my_strpos($mybb->input['url'], $mybb->settings['bburl'].'/') !== 0)
1830              {
1831                  if(my_strpos($mybb->input['url'], '/') === 0)
1832                  {
1833                      $mybb->input['url'] = my_substr($mybb->input['url'], 1);
1834                  }
1835                  $url_segments = explode('/', $mybb->input['url']);
1836                  $mybb->input['url'] = $mybb->settings['bburl'].'/'.end($url_segments);
1837              }
1838  
1839              // Redirect to the URL if it is not member.php
1840              redirect($mybb->input['url'], $lang->redirect_loggedin);
1841          }
1842          else
1843          {
1844  
1845              redirect("index.php", $lang->redirect_loggedin);
1846          }
1847      }
1848  
1849      $plugins->run_hooks("member_do_login_end");
1850  }
1851  
1852  if($mybb->input['action'] == "login")
1853  {
1854      $plugins->run_hooks("member_login");
1855  
1856      $member_loggedin_notice = "";
1857      if($mybb->user['uid'] != 0)
1858      {
1859          $mybb->user['username'] = htmlspecialchars_uni($mybb->user['username']);
1860          $lang->already_logged_in = $lang->sprintf($lang->already_logged_in, build_profile_link($mybb->user['username'], $mybb->user['uid']));
1861          eval("\$member_loggedin_notice = \"".$templates->get("member_loggedin_notice")."\";");
1862      }
1863  
1864      // Checks to make sure the user can login; they haven't had too many tries at logging in.
1865      // Is a fatal call if user has had too many tries. This particular check uses cookies, as a uid is not set yet
1866      // and we can't check loginattempts in the db
1867      login_attempt_check();
1868  
1869      // Redirect to the page where the user came from, but not if that was the login page.
1870      if(isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], "action=login") === false)
1871      {
1872          $redirect_url = htmlentities($_SERVER['HTTP_REFERER']);
1873      }
1874      else
1875      {
1876          $redirect_url = '';
1877      }
1878  
1879      $captcha = '';
1880      // Show captcha image for guests if enabled and only if we have to do
1881      if($mybb->settings['captchaimage'] && $do_captcha == true)
1882      {
1883          require_once  MYBB_ROOT.'inc/class_captcha.php';
1884          $login_captcha = new captcha(false, "post_captcha");
1885  
1886          if($login_captcha->type == captcha::DEFAULT_CAPTCHA)
1887          {
1888              if(!$correct)
1889              {
1890                  $login_captcha->build_captcha();
1891              }
1892              else
1893              {
1894                  $captcha = $login_captcha->build_hidden_captcha();
1895              }
1896          }
1897          elseif(in_array($login_captcha->type, array(captcha::NOCAPTCHA_RECAPTCHA, captcha::RECAPTCHA_INVISIBLE, captcha::RECAPTCHA_V3)))
1898          {
1899              $login_captcha->build_recaptcha();
1900          }
1901          elseif(in_array($login_captcha->type, array(captcha::HCAPTCHA, captcha::HCAPTCHA_INVISIBLE)))
1902          {
1903              $login_captcha->build_hcaptcha();
1904          }
1905  
1906          if($login_captcha->html)
1907          {
1908              $captcha = $login_captcha->html;
1909          }
1910      }
1911  
1912      $username = "";
1913      $password = "";
1914      if(isset($mybb->input['username']) && $mybb->request_method == "post")
1915      {
1916          $username = htmlspecialchars_uni($mybb->get_input('username'));
1917      }
1918  
1919      if(isset($mybb->input['password']) && $mybb->request_method == "post")
1920      {
1921          $password = htmlspecialchars_uni($mybb->get_input('password'));
1922      }
1923  
1924      if(!empty($errors))
1925      {
1926          $mybb->input['action'] = "login";
1927          $mybb->request_method = "get";
1928  
1929          $inline_errors = inline_error($errors);
1930      }
1931  
1932      switch($mybb->settings['username_method'])
1933      {
1934          case 1:
1935              $lang->username = $lang->username1;
1936              break;
1937          case 2:
1938              $lang->username = $lang->username2;
1939              break;
1940          default:
1941              break;
1942      }
1943  
1944      $plugins->run_hooks("member_login_end");
1945  
1946      eval("\$login = \"".$templates->get("member_login")."\";");
1947      output_page($login);
1948  }
1949  
1950  if($mybb->input['action'] == "logout")
1951  {
1952      $plugins->run_hooks("member_logout_start");
1953  
1954      if(!$mybb->user['uid'])
1955      {
1956          redirect("index.php", $lang->redirect_alreadyloggedout);
1957      }
1958  
1959      // Check session ID if we have one
1960      if(isset($mybb->input['sid']) && $mybb->get_input('sid') !== $session->sid)
1961      {
1962          error($lang->error_notloggedout);
1963      }
1964      // Otherwise, check logoutkey
1965      else if(!isset($mybb->input['sid']) && $mybb->get_input('logoutkey') !== $mybb->user['logoutkey'])
1966      {
1967          error($lang->error_notloggedout);
1968      }
1969  
1970      my_unsetcookie("mybbuser");
1971      my_unsetcookie("sid");
1972  
1973      if($mybb->user['uid'])
1974      {
1975          $time = TIME_NOW;
1976          // Run this after the shutdown query from session system
1977          $db->shutdown_query("UPDATE ".TABLE_PREFIX."users SET lastvisit='{$time}', lastactive='{$time}' WHERE uid='{$mybb->user['uid']}'");
1978          $db->delete_query("sessions", "sid = '{$session->sid}'");
1979      }
1980  
1981      $plugins->run_hooks("member_logout_end");
1982  
1983      redirect("index.php", $lang->redirect_loggedout);
1984  }
1985  
1986  if($mybb->input['action'] == "viewnotes")
1987  {
1988      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
1989      $user = get_user($uid);
1990  
1991      // Make sure we are looking at a real user here.
1992      if(!$user)
1993      {
1994          error($lang->error_nomember);
1995      }
1996  
1997      if($mybb->user['uid'] == 0 || $mybb->usergroup['canmodcp'] != 1)
1998      {
1999          error_no_permission();
2000      }
2001  
2002      $user['username'] = htmlspecialchars_uni($user['username']);
2003      $lang->view_notes_for = $lang->sprintf($lang->view_notes_for, $user['username']);
2004  
2005      $user['usernotes'] = nl2br(htmlspecialchars_uni($user['usernotes']));
2006  
2007      $plugins->run_hooks('member_viewnotes');
2008  
2009      eval("\$viewnotes = \"".$templates->get("member_viewnotes", 1, 0)."\";");
2010      echo $viewnotes;
2011      exit;
2012  }
2013  
2014  if($mybb->input['action'] == "profile")
2015  {
2016      if($mybb->usergroup['canviewprofiles'] == 0)
2017      {
2018          error_no_permission();
2019      }
2020  
2021      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
2022      if($uid)
2023      {
2024          $memprofile = get_user($uid);
2025      }
2026      elseif($mybb->user['uid'])
2027      {
2028          $memprofile = $mybb->user;
2029      }
2030      else
2031      {
2032          $memprofile = false;
2033      }
2034  
2035      if(!$memprofile)
2036      {
2037          error($lang->error_nomember);
2038      }
2039  
2040      $uid = $memprofile['uid'];
2041  
2042      $plugins->run_hooks("member_profile_start");
2043  
2044      $me_username = $memprofile['username'];
2045      $memprofile['username'] = htmlspecialchars_uni($memprofile['username']);
2046      $lang->profile = $lang->sprintf($lang->profile, $memprofile['username']);
2047  
2048      // Get member's permissions
2049      $memperms = user_permissions($memprofile['uid']);
2050  
2051      // Set display group
2052      $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
2053  
2054      if(!$memprofile['displaygroup'])
2055      {
2056          $memprofile['displaygroup'] = $memprofile['usergroup'];
2057      }
2058  
2059      $displaygroup = usergroup_displaygroup($memprofile['displaygroup']);
2060      if(is_array($displaygroup))
2061      {
2062          $memperms = array_merge($memperms, $displaygroup);
2063      }
2064  
2065      $lang->nav_profile = $lang->sprintf($lang->nav_profile, $memprofile['username']);
2066      add_breadcrumb($lang->nav_profile);
2067  
2068      $lang->users_forum_info = $lang->sprintf($lang->users_forum_info, $memprofile['username']);
2069      $lang->users_contact_details = $lang->sprintf($lang->users_contact_details, $memprofile['username']);
2070      $lang->send_pm = $lang->sprintf($lang->send_pm, $memprofile['username']);
2071      $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2072      $lang->users_additional_info = $lang->sprintf($lang->users_additional_info, $memprofile['username']);
2073      $lang->users_signature = $lang->sprintf($lang->users_signature, $memprofile['username']);
2074      $lang->send_user_email = $lang->sprintf($lang->send_user_email, $memprofile['username']);
2075  
2076      $useravatar = format_avatar($memprofile['avatar'], $memprofile['avatardimensions']);
2077      eval("\$avatar = \"".$templates->get("member_profile_avatar")."\";");
2078  
2079      $website = $sendemail = $sendpm = $contact_details = '';
2080  
2081      if(my_validate_url($memprofile['website']) && !is_member($mybb->settings['hidewebsite']) && $memperms['canchangewebsite'] == 1)
2082      {
2083          $memprofile['website'] = htmlspecialchars_uni($memprofile['website']);
2084          $bgcolor = alt_trow();
2085          eval("\$website = \"".$templates->get("member_profile_website")."\";");
2086      }
2087  
2088      if($mybb->usergroup['cansendemail'] == 1 && $uid != $mybb->user['uid'] && $memprofile['hideemail'] != 1 && (my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false || $mybb->usergroup['cansendemailoverride'] != 0))
2089      {
2090          $bgcolor = alt_trow();
2091          eval("\$sendemail = \"".$templates->get("member_profile_email")."\";");
2092      }
2093  
2094      if($mybb->settings['enablepms'] != 0 && $uid != $mybb->user['uid'] && $mybb->usergroup['canusepms'] == 1 && (($memprofile['receivepms'] != 0 && $memperms['canusepms'] != 0 && my_strpos(",".$memprofile['ignorelist'].",", ",".$mybb->user['uid'].",") === false) || $mybb->usergroup['canoverridepm'] == 1))
2095      {
2096          $bgcolor = alt_trow();
2097          eval('$sendpm = "'.$templates->get("member_profile_pm").'";');
2098      }
2099  
2100      $contact_fields = array();
2101      $any_contact_field = false;
2102      foreach(array('icq', 'skype', 'google') as $field)
2103      {
2104          $contact_fields[$field] = '';
2105          $settingkey = 'allow'.$field.'field';
2106  
2107          if(!empty($memprofile[$field]) && is_member($mybb->settings[$settingkey], array('usergroup' => $memprofile['usergroup'], 'additionalgroups' => $memprofile['additionalgroups'])))
2108          {
2109              $any_contact_field = true;
2110  
2111              if($field == 'icq')
2112              {
2113                  $memprofile[$field] = (int)$memprofile[$field];
2114              }
2115              else
2116              {
2117                  $memprofile[$field] = htmlspecialchars_uni($memprofile[$field]);
2118              }
2119              $tmpl = 'member_profile_contact_fields_'.$field;
2120  
2121              $bgcolors[$field] = alt_trow();
2122              eval('$contact_fields[\''.$field.'\'] = "'.$templates->get($tmpl).'";');
2123          }
2124      }
2125  
2126      if($any_contact_field || $sendemail || $sendpm || $website)
2127      {
2128          eval('$contact_details = "'.$templates->get("member_profile_contact_details").'";');
2129      }
2130  
2131      $signature = '';
2132      if($memprofile['signature'] && ($memprofile['suspendsignature'] == 0 || $memprofile['suspendsigtime'] < TIME_NOW) && !is_member($mybb->settings['hidesignatures']) && $memperms['canusesig'] && $memperms['canusesigxposts'] <= $memprofile['postnum'])
2133      {
2134          $sig_parser = array(
2135              "allow_html" => $mybb->settings['sightml'],
2136              "allow_mycode" => $mybb->settings['sigmycode'],
2137              "allow_smilies" => $mybb->settings['sigsmilies'],
2138              "allow_imgcode" => $mybb->settings['sigimgcode'],
2139              "me_username" => $me_username,
2140              "filter_badwords" => 1
2141          );
2142  
2143          if($memperms['signofollow'])
2144          {
2145              $sig_parser['nofollow_on'] = 1;
2146          }
2147  
2148          if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2149          {
2150              $sig_parser['allow_imgcode'] = 0;
2151          }
2152  
2153          $memprofile['signature'] = $parser->parse_message($memprofile['signature'], $sig_parser);
2154          eval("\$signature = \"".$templates->get("member_profile_signature")."\";");
2155      }
2156  
2157      $daysreg = (TIME_NOW - $memprofile['regdate']) / (24*3600);
2158  
2159      if($daysreg < 1)
2160      {
2161          $daysreg = 1;
2162      }
2163  
2164      $stats = $cache->read("stats");
2165  
2166      // Format post count, per day count and percent of total
2167      $ppd = $memprofile['postnum'] / $daysreg;
2168      $ppd = round($ppd, 2);
2169      if($ppd > $memprofile['postnum'])
2170      {
2171          $ppd = $memprofile['postnum'];
2172      }
2173  
2174      $numposts = $stats['numposts'];
2175      if($numposts == 0)
2176      {
2177          $post_percent = "0";
2178      }
2179      else
2180      {
2181          $post_percent = $memprofile['postnum']*100/$numposts;
2182          $post_percent = round($post_percent, 2);
2183      }
2184  
2185      if($post_percent > 100)
2186      {
2187          $post_percent = 100;
2188      }
2189  
2190      // Format thread count, per day count and percent of total
2191      $tpd = $memprofile['threadnum'] / $daysreg;
2192      $tpd = round($tpd, 2);
2193      if($tpd > $memprofile['threadnum'])
2194      {
2195          $tpd = $memprofile['threadnum'];
2196      }
2197  
2198      $numthreads = $stats['numthreads'];
2199      if($numthreads == 0)
2200      {
2201          $thread_percent = "0";
2202      }
2203      else
2204      {
2205          $thread_percent = $memprofile['threadnum']*100/$numthreads;
2206          $thread_percent = round($thread_percent, 2);
2207      }
2208  
2209      if($thread_percent > 100)
2210      {
2211          $thread_percent = 100;
2212      }
2213  
2214      $findposts = $findthreads = '';
2215      if($mybb->usergroup['cansearch'] == 1)
2216      {
2217          if(!empty($memprofile['postnum']))
2218          {
2219              eval("\$findposts = \"".$templates->get("member_profile_findposts")."\";");
2220          }
2221          if(!empty($memprofile['threadnum']))
2222          {
2223              eval("\$findthreads = \"".$templates->get("member_profile_findthreads")."\";");
2224          }
2225      }
2226  
2227      $awaybit = '';
2228      if($memprofile['away'] == 1 && $mybb->settings['allowaway'] != 0)
2229      {
2230          $lang->away_note = $lang->sprintf($lang->away_note, $memprofile['username']);
2231          $awaydate = my_date($mybb->settings['dateformat'], $memprofile['awaydate']);
2232          if(!empty($memprofile['awayreason']))
2233          {
2234              $reason = $parser->parse_badwords($memprofile['awayreason']);
2235              $awayreason = htmlspecialchars_uni($reason);
2236          }
2237          else
2238          {
2239              $awayreason = $lang->away_no_reason;
2240          }
2241          if($memprofile['returndate'] == '')
2242          {
2243              $returndate = "$lang->unknown";
2244          }
2245          else
2246          {
2247              $returnhome = explode("-", $memprofile['returndate']);
2248  
2249              // PHP native date functions use integers so timestamps for years after 2038 will not work
2250              // Thus we use adodb_mktime
2251              if($returnhome[2] >= 2038)
2252              {
2253                  require_once  MYBB_ROOT."inc/functions_time.php";
2254                  $returnmkdate = adodb_mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2255                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate, "", 1, true);
2256              }
2257              else
2258              {
2259                  $returnmkdate = mktime(0, 0, 0, $returnhome[1], $returnhome[0], $returnhome[2]);
2260                  $returndate = my_date($mybb->settings['dateformat'], $returnmkdate);
2261              }
2262  
2263              // If our away time has expired already, we should be back, right?
2264              if($returnmkdate < TIME_NOW)
2265              {
2266                  $db->update_query('users', array('away' => '0', 'awaydate' => '0', 'returndate' => '', 'awayreason' => ''), 'uid=\''.(int)$memprofile['uid'].'\'');
2267  
2268                  // Update our status to "not away"
2269                  $memprofile['away'] = 0;
2270              }
2271          }
2272  
2273          // Check if our away status is set to 1, it may have been updated already (see a few lines above)
2274          if($memprofile['away'] == 1)
2275          {
2276              eval("\$awaybit = \"".$templates->get("member_profile_away")."\";");
2277          }
2278      }
2279  
2280      $memprofile['timezone'] = (float)$memprofile['timezone'];
2281  
2282      if($memprofile['dst'] == 1)
2283      {
2284          $memprofile['timezone']++;
2285          if(my_substr($memprofile['timezone'], 0, 1) != "-")
2286          {
2287              $memprofile['timezone'] = "+{$memprofile['timezone']}";
2288          }
2289      }
2290  
2291      $memregdate = my_date($mybb->settings['dateformat'], $memprofile['regdate']);
2292      $memlocaldate = gmdate($mybb->settings['dateformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2293      $memlocaltime = gmdate($mybb->settings['timeformat'], TIME_NOW + ($memprofile['timezone'] * 3600));
2294  
2295      $localtime = $lang->sprintf($lang->local_time_format, $memlocaldate, $memlocaltime);
2296  
2297      if($memprofile['birthday'])
2298      {
2299          $membday = explode("-", $memprofile['birthday']);
2300  
2301          if($memprofile['birthdayprivacy'] != 'none')
2302          {
2303              if($membday[0] && $membday[1] && $membday[2])
2304              {
2305                  $lang->membdayage = $lang->sprintf($lang->membdayage, get_age($memprofile['birthday']));
2306  
2307                  $bdayformat = fix_mktime($mybb->settings['dateformat'], $membday[2]);
2308                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], $membday[2]);
2309                  $membday = date($bdayformat, $membday);
2310  
2311                  $membdayage = $lang->membdayage;
2312              }
2313              elseif($membday[2])
2314              {
2315                  $membday = mktime(0, 0, 0, 1, 1, $membday[2]);
2316                  $membday = date("Y", $membday);
2317                  $membdayage = '';
2318              }
2319              else
2320              {
2321                  $membday = mktime(0, 0, 0, $membday[1], $membday[0], 0);
2322                  $membday = date("F j", $membday);
2323                  $membdayage = '';
2324              }
2325          }
2326  
2327          if($memprofile['birthdayprivacy'] == 'age')
2328          {
2329              $membday = $lang->birthdayhidden;
2330          }
2331          else if($memprofile['birthdayprivacy'] == 'none')
2332          {
2333              $membday = $lang->birthdayhidden;
2334              $membdayage = '';
2335          }
2336      }
2337      else
2338      {
2339          $membday = $lang->not_specified;
2340          $membdayage = '';
2341      }
2342  
2343      // Get the user title for this user
2344      unset($stars);
2345      $usertitle = '';
2346      $starimage = '';
2347      if(trim($memprofile['usertitle']) != '')
2348      {
2349          // User has custom user title
2350          $usertitle = $memprofile['usertitle'];
2351      }
2352      elseif(trim($memperms['usertitle']) != '')
2353      {
2354          // User has group title
2355          $usertitle = $memperms['usertitle'];
2356      }
2357      else
2358      {
2359          if(!isset($usertitles))
2360          {
2361              $usertitles = $cache->read('usertitles');
2362          }
2363  
2364          // No usergroup title so get a default one
2365          if(is_array($usertitles))
2366          {
2367              foreach($usertitles as $title)
2368              {
2369                  if($memprofile['postnum'] >= $title['posts'])
2370                  {
2371                      $usertitle = $title['title'];
2372                      $stars = $title['stars'];
2373                      $starimage = $title['starimage'];
2374  
2375                      break;
2376                  }
2377              }
2378          }
2379      }
2380  
2381      $usertitle = htmlspecialchars_uni($usertitle);
2382  
2383      if($memperms['stars'] || $memperms['usertitle'])
2384      {
2385          // Set the number of stars if display group has constant number of stars
2386          $stars = $memperms['stars'];
2387      }
2388      elseif(!isset($stars))
2389      {
2390          if(!isset($usertitles))
2391          {
2392              $usertitles = $cache->read('usertitles');
2393          }
2394  
2395          // This is for cases where the user has a title, but the group has no defined number of stars (use number of stars as per default usergroups)
2396          if(is_array($usertitles))
2397          {
2398              foreach($usertitles as $title)
2399              {
2400                  if($memprofile['postnum'] >= $title['posts'])
2401                  {
2402                      $stars = $title['stars'];
2403                      $starimage = $title['starimage'];
2404                      break;
2405                  }
2406              }
2407          }
2408  
2409          if(!isset($stars))
2410          {
2411              $stars = 0;
2412          }
2413      }
2414  
2415      $groupimage = '';
2416      if(!empty($memperms['image']))
2417      {
2418          if(!empty($mybb->user['language']))
2419          {
2420              $language = $mybb->user['language'];
2421          }
2422          else
2423          {
2424              $language = $mybb->settings['bblanguage'];
2425          }
2426          $memperms['image'] = str_replace("{lang}", $language, $memperms['image']);
2427          $memperms['image'] = str_replace("{theme}", $theme['imgdir'], $memperms['image']);
2428          eval("\$groupimage = \"".$templates->get("member_profile_groupimage")."\";");
2429      }
2430  
2431      if(empty($starimage))
2432      {
2433          $starimage = $memperms['starimage'];
2434      }
2435  
2436      if(!empty($starimage))
2437      {
2438          // Only display stars if we have an image to use...
2439          $starimage = str_replace("{theme}", $theme['imgdir'], $starimage);
2440          $userstars = '';
2441          for($i = 0; $i < $stars; ++$i)
2442          {
2443              eval("\$userstars .= \"".$templates->get("member_profile_userstar", 1, 0)."\";");
2444          }
2445      }
2446  
2447      // User is currently online and this user has permissions to view the user on the WOL
2448      $timesearch = TIME_NOW - $mybb->settings['wolcutoffmins']*60;
2449      $query = $db->simple_select("sessions", "location,nopermission", "uid='$uid' AND time>'{$timesearch}'", array('order_by' => 'time', 'order_dir' => 'DESC', 'limit' => 1));
2450      $session = $db->fetch_array($query);
2451  
2452      $timeonline = $lang->none_registered;
2453      $memlastvisitdate = $lang->lastvisit_never;
2454      $last_seen = max(array($memprofile['lastactive'], $memprofile['lastvisit']));
2455      if(!empty($last_seen))
2456      {
2457          // We have some stamp here
2458          if($memprofile['invisible'] == 1 && $mybb->usergroup['canviewwolinvis'] != 1 && $memprofile['uid'] != $mybb->user['uid'])
2459          {
2460              $memlastvisitdate = $lang->lastvisit_hidden;
2461              $online_status = $timeonline = $lang->timeonline_hidden;
2462          }
2463          else
2464          {
2465              $memlastvisitdate = my_date('relative', $last_seen);
2466  
2467              if($memprofile['timeonline'] > 0)
2468              {
2469                  $timeonline = nice_time($memprofile['timeonline']);
2470              }
2471  
2472              // Online?
2473              if(!empty($session))
2474              {
2475                  // Fetch their current location
2476                  $lang->load("online");
2477                  require_once  MYBB_ROOT."inc/functions_online.php";
2478                  $activity = fetch_wol_activity($session['location'], $session['nopermission']);
2479                  $location = build_friendly_wol_location($activity);
2480                  $location_time = my_date($mybb->settings['timeformat'], $last_seen);
2481  
2482                  eval("\$online_status = \"".$templates->get("member_profile_online")."\";");
2483              }
2484          }
2485      }
2486  
2487      if(!isset($online_status))
2488      {
2489          eval("\$online_status = \"".$templates->get("member_profile_offline")."\";");
2490      }
2491  
2492      // Reset the background colours to keep it inline
2493      $alttrow = 'trow1';
2494  
2495      // Build Referral
2496      $referrals = '';
2497      if($mybb->settings['usereferrals'] == 1)
2498      {
2499          $bg_color = alt_trow();
2500  
2501          $uid = (int) $memprofile['uid'];
2502          $referral_count = $memprofile['referrals'];
2503          if ($referral_count > 0) {
2504              eval("\$memprofile['referrals'] = \"".$templates->get('member_referrals_link')."\";");
2505          }
2506  
2507          eval("\$referrals = \"".$templates->get('member_profile_referrals')."\";");
2508      }
2509  
2510      // Fetch the reputation for this user
2511      $reputation = '';
2512      if($memperms['usereputationsystem'] == 1 && $mybb->settings['enablereputation'] == 1)
2513      {
2514          $bg_color = alt_trow();
2515          $reputation = get_reputation($memprofile['reputation']);
2516  
2517          // If this user has permission to give reputations show the vote link
2518          $vote_link = '';
2519          if($mybb->usergroup['cangivereputations'] == 1 && $memprofile['uid'] != $mybb->user['uid'] && ($mybb->settings['posrep'] || $mybb->settings['neurep'] || $mybb->settings['negrep']))
2520          {
2521              eval("\$vote_link = \"".$templates->get("member_profile_reputation_vote")."\";");
2522          }
2523  
2524          eval("\$reputation = \"".$templates->get("member_profile_reputation")."\";");
2525      }
2526  
2527      $warning_level = '';
2528      if($mybb->settings['enablewarningsystem'] != 0 && $memperms['canreceivewarnings'] != 0 && ($mybb->usergroup['canwarnusers'] != 0 || ($mybb->user['uid'] == $memprofile['uid'] && $mybb->settings['canviewownwarning'] != 0)))
2529      {
2530          $bg_color = alt_trow();
2531  
2532          if($mybb->settings['maxwarningpoints'] < 1)
2533          {
2534              $mybb->settings['maxwarningpoints'] = 10;
2535          }
2536  
2537          $warning_level = round($memprofile['warningpoints']/$mybb->settings['maxwarningpoints']*100);
2538  
2539          if($warning_level > 100)
2540          {
2541              $warning_level = 100;
2542          }
2543  
2544          $warning_level = get_colored_warning_level($warning_level);
2545          if($mybb->usergroup['canwarnusers'] != 0)
2546          {
2547              eval("\$warn_user = \"".$templates->get("member_profile_warn")."\";");
2548              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel_link")."\";");
2549          }
2550          else
2551          {
2552              eval("\$warning_level = \"".$templates->get("member_profile_warninglevel")."\";");
2553          }
2554      }
2555  
2556      $bgcolor = $alttrow = 'trow1';
2557      $customfields = $profilefields = '';
2558  
2559      $query = $db->simple_select("userfields", "*", "ufid = '{$uid}'");
2560      $userfields = $db->fetch_array($query);
2561  
2562      // If this user is an Administrator or a Moderator then we wish to show all profile fields
2563      $pfcache = $cache->read('profilefields');
2564  
2565      if(is_array($pfcache))
2566      {
2567          foreach($pfcache as $customfield)
2568          {
2569              if($mybb->usergroup['cancp'] != 1 && $mybb->usergroup['issupermod'] != 1 && $mybb->usergroup['canmodcp'] != 1 && !is_member($customfield['viewableby']) || !$customfield['profile'])
2570              {
2571                  continue;
2572              }
2573  
2574              $thing = explode("\n", $customfield['type'], "2");
2575              $type = trim($thing[0]);
2576  
2577              $customfieldval = $customfield_val = '';
2578              $field = "fid{$customfield['fid']}";
2579  
2580              if(isset($userfields[$field]))
2581              {
2582                  $useropts = explode("\n", $userfields[$field]);
2583                  $customfieldval = $comma = '';
2584                  if(is_array($useropts) && ($type == "multiselect" || $type == "checkbox"))
2585                  {
2586                      foreach($useropts as $val)
2587                      {
2588                          if($val != '')
2589                          {
2590                              eval("\$customfield_val .= \"".$templates->get("member_profile_customfields_field_multi_item")."\";");
2591                          }
2592                      }
2593                      if($customfield_val != '')
2594                      {
2595                          eval("\$customfieldval = \"".$templates->get("member_profile_customfields_field_multi")."\";");
2596                      }
2597                  }
2598                  else
2599                  {
2600                      $parser_options = array(
2601                          "allow_html" => $customfield['allowhtml'],
2602                          "allow_mycode" => $customfield['allowmycode'],
2603                          "allow_smilies" => $customfield['allowsmilies'],
2604                          "allow_imgcode" => $customfield['allowimgcode'],
2605                          "allow_videocode" => $customfield['allowvideocode'],
2606                          #"nofollow_on" => 1,
2607                          "filter_badwords" => 1
2608                      );
2609  
2610                      if($customfield['type'] == "textarea")
2611                      {
2612                          $parser_options['me_username'] = $memprofile['username'];
2613                      }
2614                      else
2615                      {
2616                          $parser_options['nl2br'] = 0;
2617                      }
2618  
2619                      if($mybb->user['uid'] != 0 && $mybb->user['showimages'] != 1 || $mybb->settings['guestimages'] != 1 && $mybb->user['uid'] == 0)
2620                      {
2621                          $parser_options['allow_imgcode'] = 0;
2622                      }
2623  
2624                      $customfieldval = $parser->parse_message($userfields[$field], $parser_options);
2625                  }
2626              }
2627  
2628              if($customfieldval)
2629              {
2630                  $customfield['name'] = htmlspecialchars_uni($customfield['name']);
2631                  eval("\$customfields .= \"".$templates->get("member_profile_customfields_field")."\";");
2632                  $bgcolor = alt_trow();
2633              }
2634          }
2635      }
2636  
2637      if($customfields)
2638      {
2639          eval("\$profilefields = \"".$templates->get("member_profile_customfields")."\";");
2640      }
2641  
2642      $memprofile['postnum'] = my_number_format($memprofile['postnum']);
2643      $lang->ppd_percent_total = $lang->sprintf($lang->ppd_percent_total, my_number_format($ppd), $post_percent);
2644  
2645      $memprofile['threadnum'] = my_number_format($memprofile['threadnum']);
2646      $lang->tpd_percent_total = $lang->sprintf($lang->tpd_percent_total, my_number_format($tpd), $thread_percent);
2647  
2648      $formattedname = format_name($memprofile['username'], $memprofile['usergroup'], $memprofile['displaygroup']);
2649  
2650      $bannedbit = '';
2651      if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1)
2652      {
2653          // Fetch details on their ban
2654          $query = $db->simple_select('banned b LEFT JOIN '.TABLE_PREFIX.'users a ON (b.admin=a.uid)', 'b.*, a.username AS adminuser', "b.uid='{$uid}'", array('limit' => 1));
2655  
2656          if($db->num_rows($query))
2657          {
2658              $memban = $db->fetch_array($query);
2659  
2660              if($memban['reason'])
2661              {
2662                  $memban['reason'] = htmlspecialchars_uni($parser->parse_badwords($memban['reason']));
2663              }
2664              else
2665              {
2666                  $memban['reason'] = $lang->na;
2667              }
2668  
2669              if($memban['lifted'] == 'perm' || $memban['lifted'] == '' || $memban['bantime'] == 'perm' || $memban['bantime'] == '---')
2670              {
2671                  $banlength = $lang->permanent;
2672                  $timeremaining = $lang->na;
2673                  $banned_class = "normal_banned";
2674              }
2675              else
2676              {
2677                  // Set up the array of ban times.
2678                  $bantimes = fetch_ban_times();
2679  
2680                  $banlength = $bantimes[$memban['bantime']];
2681                  $remaining = $memban['lifted']-TIME_NOW;
2682  
2683                  $timeremaining = nice_time($remaining, array('short' => 1, 'seconds' => false))."";
2684  
2685                  $banned_class = '';
2686                  if($remaining < 3600)
2687                  {
2688                      $banned_class = "high_banned";
2689                  }
2690                  else if($remaining < 86400)
2691                  {
2692                      $banned_class = "moderate_banned";
2693                  }
2694                  else if($remaining < 604800)
2695                  {
2696                      $banned_class = "low_banned";
2697                  }
2698                  else
2699                  {
2700                      $banned_class = "normal_banned";
2701                  }
2702              }
2703              eval('$timeremaining = "'.$templates->get('member_profile_banned_remaining').'";');
2704  
2705              $memban['adminuser'] = build_profile_link(htmlspecialchars_uni($memban['adminuser']), $memban['admin']);
2706  
2707              // Display a nice warning to the user
2708              eval('$bannedbit = "'.$templates->get('member_profile_banned').'";');
2709          }
2710          else
2711          {
2712              // TODO: more specific output for converted/merged boards where no ban record is merged.
2713              $bannedbit = '';
2714          }
2715      }
2716  
2717      $adminoptions = '';
2718      if($mybb->usergroup['cancp'] == 1 && $mybb->config['hide_admin_links'] != 1)
2719      {
2720          if($memperms['isbannedgroup'] == 1)
2721          {
2722              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions_manageban")."\";");
2723          }
2724          else
2725          {
2726              eval("\$adminoptions = \"".$templates->get("member_profile_adminoptions")."\";");
2727          }
2728      }
2729  
2730      $modoptions = $viewnotes = $editnotes = $editprofile = $banuser = $manageban = $manageuser = '';
2731      $can_purge_spammer = purgespammer_show($memprofile['postnum'], $memprofile['usergroup'], $memprofile['uid']);
2732      if($mybb->usergroup['canmodcp'] == 1 || $can_purge_spammer)
2733      {
2734          if($mybb->usergroup['canuseipsearch'] == 1)
2735          {
2736              $memprofile['regip'] = my_inet_ntop($db->unescape_binary($memprofile['regip']));
2737              $memprofile['lastip'] = my_inet_ntop($db->unescape_binary($memprofile['lastip']));
2738  
2739              eval("\$ipaddress = \"".$templates->get("member_profile_modoptions_ipaddress")."\";");
2740          }
2741  
2742          $memprofile['usernotes'] = nl2br(htmlspecialchars_uni($memprofile['usernotes']));
2743  
2744          if(!empty($memprofile['usernotes']))
2745          {
2746              if(strlen($memprofile['usernotes']) > 100)
2747              {
2748                  eval("\$viewnotes = \"".$templates->get("member_profile_modoptions_viewnotes")."\";");
2749                  $memprofile['usernotes'] = my_substr($memprofile['usernotes'], 0, 100)."... {$viewnotes}";
2750              }
2751          }
2752          else
2753          {
2754              $memprofile['usernotes'] = $lang->no_usernotes;
2755          }
2756  
2757          if($mybb->usergroup['caneditprofiles'] == 1 && modcp_can_manage_user($memprofile['uid']))
2758          {
2759              if(modcp_can_manage_user($memprofile['uid']))
2760              {
2761                  eval("\$editprofile = \"".$templates->get("member_profile_modoptions_editprofile")."\";");
2762                  eval("\$editnotes = \"".$templates->get("member_profile_modoptions_editnotes")."\";");
2763          
2764              }
2765          }
2766  
2767          if($memperms['isbannedgroup'] == 1 && $mybb->usergroup['canbanusers'] == 1 && modcp_can_manage_user($memprofile['uid']))
2768          {
2769              eval("\$manageban = \"".$templates->get("member_profile_modoptions_manageban")."\";");
2770          }
2771          elseif(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2772          {
2773              if(modcp_can_manage_user($memprofile['uid']) && $mybb->usergroup['canbanusers'] == 1)
2774              {
2775                  eval("\$banuser = \"".$templates->get("member_profile_modoptions_banuser")."\";");
2776              }
2777          }
2778  
2779          $purgespammer = '';
2780          if($can_purge_spammer)
2781          {
2782              eval("\$purgespammer = \"".$templates->get('member_profile_modoptions_purgespammer')."\";");
2783          }
2784  
2785          if(!empty($editprofile) || !empty($banuser) || !empty($manageban) || !empty($purgespammer))
2786          {
2787              eval("\$manageuser = \"".$templates->get("member_profile_modoptions_manageuser")."\";");
2788          }
2789  
2790          eval("\$modoptions = \"".$templates->get("member_profile_modoptions")."\";");
2791      }
2792  
2793      $add_remove_options = array();
2794      $buddy_options = $ignore_options = $report_options = '';
2795      if($mybb->user['uid'] != $memprofile['uid'] && $mybb->user['uid'] != 0)
2796      {
2797          $buddy_list = explode(',', $mybb->user['buddylist']);
2798          $ignore_list = explode(',', $mybb->user['ignorelist']);
2799  
2800          if(in_array($uid, $buddy_list))
2801          {
2802              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_buddy_button', 'lang' => $lang->remove_from_buddy_list);
2803          }
2804          else
2805          {
2806              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_buddy_button', 'lang' => $lang->add_to_buddy_list);
2807          }
2808  
2809          if(!in_array($uid, $ignore_list))
2810          {
2811              eval("\$buddy_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Buddy
2812          }
2813  
2814          if(in_array($uid, $ignore_list))
2815          {
2816              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;delete={$uid}&amp;my_post_key={$mybb->post_code}", 'class' => 'remove_ignore_button', 'lang' => $lang->remove_from_ignore_list);
2817          }
2818          else
2819          {
2820              $add_remove_options = array('url' => "usercp.php?action=do_editlists&amp;manage=ignored&amp;add_username=".urlencode($memprofile['username'])."&amp;my_post_key={$mybb->post_code}", 'class' => 'add_ignore_button', 'lang' => $lang->add_to_ignore_list);
2821          }
2822  
2823          if(!in_array($uid, $buddy_list))
2824          {
2825              eval("\$ignore_options = \"".$templates->get("member_profile_addremove")."\";"); // Add/Remove Ignore
2826          }
2827  
2828          if(isset($memperms['canbereported']) && $memperms['canbereported'] == 1)
2829          {
2830              $reportable = true;
2831              $query = $db->simple_select("reportedcontent", "reporters", "reportstatus != '1' AND id = '{$memprofile['uid']}' AND type = 'profile'");
2832              if($db->num_rows($query))
2833              {
2834                  $report = $db->fetch_array($query);
2835                  $report['reporters'] = my_unserialize($report['reporters']);
2836                  if(is_array($report['reporters']) && in_array($mybb->user['uid'], $report['reporters']))
2837                  {
2838                      $reportable = false;
2839                  }
2840              }
2841              if($reportable)
2842              {
2843                  $add_remove_options = array('url' => "javascript:Report.reportUser({$memprofile['uid']});", 'class' => 'report_user_button', 'lang' => $lang->report_user);
2844                  eval("\$report_options = \"".$templates->get("member_profile_addremove")."\";"); // Report User
2845              }
2846          }
2847      }
2848  
2849      $plugins->run_hooks("member_profile_end");
2850  
2851      eval("\$profile = \"".$templates->get("member_profile")."\";");
2852      output_page($profile);
2853  }
2854  
2855  if($mybb->input['action'] == "do_emailuser" && $mybb->request_method == "post")
2856  {
2857      // Verify incoming POST request
2858      verify_post_check($mybb->get_input('my_post_key'));
2859  
2860      $plugins->run_hooks("member_do_emailuser_start");
2861  
2862      // Guests or those without permission can't email other users
2863      if($mybb->usergroup['cansendemail'] == 0)
2864      {
2865          error_no_permission();
2866      }
2867  
2868      // Check group limits
2869      if($mybb->usergroup['maxemails'] > 0)
2870      {
2871          if($mybb->user['uid'] > 0)
2872          {
2873              $user_check = "fromuid='{$mybb->user['uid']}'";
2874          }
2875          else
2876          {
2877              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2878          }
2879  
2880          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
2881          $sent_count = $db->fetch_field($query, "sent_count");
2882          if($sent_count >= $mybb->usergroup['maxemails'])
2883          {
2884              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
2885              error($lang->error_max_emails_day);
2886          }
2887      }
2888  
2889      // Check email flood control
2890      if($mybb->usergroup['emailfloodtime'] > 0)
2891      {
2892          if($mybb->user['uid'] > 0)
2893          {
2894              $user_check = "fromuid='{$mybb->user['uid']}'";
2895          }
2896          else
2897          {
2898              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
2899          }
2900  
2901          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
2902  
2903          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
2904          $last_email = $db->fetch_array($query);
2905  
2906          // Users last email was within the flood time, show the error
2907          if(isset($last_email['mid']))
2908          {
2909              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
2910  
2911              if($remaining_time == 1)
2912              {
2913                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
2914              }
2915              elseif($remaining_time < 60)
2916              {
2917                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
2918              }
2919              elseif($remaining_time > 60 && $remaining_time < 120)
2920              {
2921                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
2922              }
2923              else
2924              {
2925                  $remaining_time_minutes = ceil($remaining_time/60);
2926                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
2927              }
2928  
2929              error($lang->error_emailflooding);
2930          }
2931      }
2932  
2933      $query = $db->simple_select("users", "uid, username, email, hideemail", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
2934      $to_user = $db->fetch_array($query);
2935  
2936      if(!$to_user['username'])
2937      {
2938          error($lang->error_invalidusername);
2939      }
2940  
2941      if($to_user['hideemail'] != 0)
2942      {
2943          error($lang->error_hideemail);
2944      }
2945  
2946      $errors = array();
2947  
2948      if($mybb->user['uid'])
2949      {
2950          $mybb->input['fromemail'] = $mybb->user['email'];
2951          $mybb->input['fromname'] = $mybb->user['username'];
2952      }
2953  
2954      if(!validate_email_format($mybb->input['fromemail']))
2955      {
2956          $errors[] = $lang->error_invalidfromemail;
2957      }
2958  
2959      if(empty($mybb->input['fromname']))
2960      {
2961          $errors[] = $lang->error_noname;
2962      }
2963  
2964      if(empty($mybb->input['subject']))
2965      {
2966          $errors[] = $lang->error_no_email_subject;
2967      }
2968  
2969      if(empty($mybb->input['message']))
2970      {
2971          $errors[] = $lang->error_no_email_message;
2972      }
2973  
2974      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
2975      {
2976          require_once  MYBB_ROOT.'inc/class_captcha.php';
2977          $captcha = new captcha;
2978  
2979          if($captcha->validate_captcha() == false)
2980          {
2981              // CAPTCHA validation failed
2982              foreach($captcha->get_errors() as $error)
2983              {
2984                  $errors[] = $error;
2985              }
2986          }
2987      }
2988  
2989      if(count($errors) == 0)
2990      {
2991          if($mybb->settings['mail_handler'] == 'smtp')
2992          {
2993              $from = $mybb->input['fromemail'];
2994          }
2995          else
2996          {
2997              $from = "{$mybb->input['fromname']} <{$mybb->input['fromemail']}>";
2998          }
2999  
3000          $message = $lang->sprintf($lang->email_emailuser, $to_user['username'], $mybb->input['fromname'], $mybb->settings['bbname'], $mybb->settings['bburl'], $mybb->get_input('message'));
3001          my_mail($to_user['email'], $mybb->get_input('subject'), $message, '', '', '', false, 'text', '', $from);
3002  
3003          if($mybb->settings['mail_logging'] > 0)
3004          {
3005              // Log the message
3006              $log_entry = array(
3007                  "subject" => $db->escape_string($mybb->get_input('subject')),
3008                  "message" => $db->escape_string($mybb->get_input('message')),
3009                  "dateline" => TIME_NOW,
3010                  "fromuid" => $mybb->user['uid'],
3011                  "fromemail" => $db->escape_string($mybb->input['fromemail']),
3012                  "touid" => $to_user['uid'],
3013                  "toemail" => $db->escape_string($to_user['email']),
3014                  "tid" => 0,
3015                  "ipaddress" => $db->escape_binary($session->packedip),
3016                  "type" => 1
3017              );
3018              $db->insert_query("maillogs", $log_entry);
3019          }
3020  
3021          $plugins->run_hooks("member_do_emailuser_end");
3022  
3023          redirect(get_profile_link($to_user['uid']), $lang->redirect_emailsent);
3024      }
3025      else
3026      {
3027          $mybb->input['action'] = "emailuser";
3028      }
3029  }
3030  
3031  if($mybb->input['action'] == "emailuser")
3032  {
3033      $plugins->run_hooks("member_emailuser_start");
3034  
3035      // Guests or those without permission can't email other users
3036      if($mybb->usergroup['cansendemail'] == 0)
3037      {
3038          error_no_permission();
3039      }
3040  
3041      // Check group limits
3042      if($mybb->usergroup['maxemails'] > 0)
3043      {
3044          if($mybb->user['uid'] > 0)
3045          {
3046              $user_check = "fromuid='{$mybb->user['uid']}'";
3047          }
3048          else
3049          {
3050              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3051          }
3052  
3053          $query = $db->simple_select("maillogs", "COUNT(*) AS sent_count", "{$user_check} AND dateline >= '".(TIME_NOW - (60*60*24))."'");
3054          $sent_count = $db->fetch_field($query, "sent_count");
3055          if($sent_count >= $mybb->usergroup['maxemails'])
3056          {
3057              $lang->error_max_emails_day = $lang->sprintf($lang->error_max_emails_day, $mybb->usergroup['maxemails']);
3058              error($lang->error_max_emails_day);
3059          }
3060      }
3061  
3062      // Check email flood control
3063      if($mybb->usergroup['emailfloodtime'] > 0)
3064      {
3065          if($mybb->user['uid'] > 0)
3066          {
3067              $user_check = "fromuid='{$mybb->user['uid']}'";
3068          }
3069          else
3070          {
3071              $user_check = "ipaddress=".$db->escape_binary($session->packedip);
3072          }
3073  
3074          $timecut = TIME_NOW-$mybb->usergroup['emailfloodtime']*60;
3075  
3076          $query = $db->simple_select("maillogs", "mid, dateline", "{$user_check} AND dateline > '{$timecut}'", array('order_by' => "dateline", 'order_dir' => "DESC"));
3077          $last_email = $db->fetch_array($query);
3078  
3079          // Users last email was within the flood time, show the error
3080          if(isset($last_email['mid']))
3081          {
3082              $remaining_time = ($mybb->usergroup['emailfloodtime']*60)-(TIME_NOW-$last_email['dateline']);
3083  
3084              if($remaining_time == 1)
3085              {
3086                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_second, $mybb->usergroup['emailfloodtime']);
3087              }
3088              elseif($remaining_time < 60)
3089              {
3090                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_seconds, $mybb->usergroup['emailfloodtime'], $remaining_time);
3091              }
3092              elseif($remaining_time > 60 && $remaining_time < 120)
3093              {
3094                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_1_minute, $mybb->usergroup['emailfloodtime']);
3095              }
3096              else
3097              {
3098                  $remaining_time_minutes = ceil($remaining_time/60);
3099                  $lang->error_emailflooding = $lang->sprintf($lang->error_emailflooding_minutes, $mybb->usergroup['emailfloodtime'], $remaining_time_minutes);
3100              }
3101  
3102              error($lang->error_emailflooding);
3103          }
3104      }
3105  
3106      $query = $db->simple_select("users", "uid, username, email, hideemail, ignorelist", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
3107      $to_user = $db->fetch_array($query);
3108  
3109      $to_user['username'] = htmlspecialchars_uni($to_user['username']);
3110      $lang->email_user = $lang->sprintf($lang->email_user, $to_user['username']);
3111  
3112      if(!$to_user['uid'])
3113      {
3114          error($lang->error_invaliduser);
3115      }
3116  
3117      if($to_user['hideemail'] != 0)
3118      {
3119          error($lang->error_hideemail);
3120      }
3121  
3122      if($to_user['ignorelist'] && (my_strpos(",".$to_user['ignorelist'].",", ",".$mybb->user['uid'].",") !== false && $mybb->usergroup['cansendemailoverride'] != 1))
3123      {
3124          error_no_permission();
3125      }
3126  
3127      if(isset($errors) && count($errors) > 0)
3128      {
3129          $errors = inline_error($errors);
3130          $fromname = htmlspecialchars_uni($mybb->get_input('fromname'));
3131          $fromemail = htmlspecialchars_uni($mybb->get_input('fromemail'));
3132          $subject = htmlspecialchars_uni($mybb->get_input('subject'));
3133          $message = htmlspecialchars_uni($mybb->get_input('message'));
3134      }
3135      else
3136      {
3137          $errors = '';
3138          $fromname = '';
3139          $fromemail = '';
3140          $subject = '';
3141          $message = '';
3142      }
3143  
3144      // Generate CAPTCHA?
3145      if($mybb->settings['captchaimage'] && $mybb->user['uid'] == 0)
3146      {
3147          require_once  MYBB_ROOT.'inc/class_captcha.php';
3148          $post_captcha = new captcha(true, "post_captcha");
3149  
3150          if($post_captcha->html)
3151          {
3152              $captcha = $post_captcha->html;
3153          }
3154      }
3155      else
3156      {
3157          $captcha = '';
3158      }
3159  
3160      $from_email = '';
3161      if($mybb->user['uid'] == 0)
3162      {
3163          eval("\$from_email = \"".$templates->get("member_emailuser_guest")."\";");
3164      }
3165  
3166      $plugins->run_hooks("member_emailuser_end");
3167  
3168      eval("\$emailuser = \"".$templates->get("member_emailuser")."\";");
3169      output_page($emailuser);
3170  }
3171  
3172  if($mybb->input['action'] == 'referrals')
3173  {
3174      $plugins->run_hooks('member_referrals_start');
3175  
3176      $uid = $mybb->get_input('uid', MyBB::INPUT_INT);
3177      if(!$uid)
3178      {
3179          error($lang->referrals_no_user_specified);
3180      }
3181  
3182      $user = get_user($uid);
3183      if(!$user['$uid'])
3184      {
3185          error($lang->referrals_invalid_user);
3186      }
3187  
3188      $lang->nav_referrals = $lang->sprintf($lang->nav_referrals, $user['username']);
3189      add_breadcrumb($lang->nav_referrals);
3190  
3191      $query = $db->simple_select('users', 'COUNT(uid) AS total', "referrer='{$uid}'");
3192      $referral_count = $db->fetch_field($query, 'total');
3193  
3194      $bg_color = 'trow1';
3195  
3196      if($referral_count == 0)
3197      {
3198          eval("\$referral_rows = \"".$templates->get('member_no_referrals')."\";");
3199      }
3200      else
3201      {
3202          // Figure out if we need to display multiple pages.
3203          $perpage = 20;
3204          if ((int) $mybb->settings['referralsperpage']) {
3205              $perpage = (int) $mybb->settings['referralsperpage'];
3206          }
3207  
3208          $page = 1;
3209          if($mybb->get_input('page', MyBB::INPUT_INT))
3210          {
3211              $page = $mybb->get_input('page', MyBB::INPUT_INT);
3212          }
3213  
3214          $pages = ceil($referral_count / $perpage);
3215  
3216          if($page > $pages || $page <= 0)
3217          {
3218              $page = 1;
3219          }
3220  
3221          if($page)
3222          {
3223              $start = ($page-1) * $perpage;
3224          }
3225          else
3226          {
3227              $start = 0;
3228              $page = 1;
3229          }
3230  
3231          $multipage = multipage($referral_count, $perpage, $page, "member.php?action=referrals&amp;uid={$uid}");
3232  
3233          foreach(get_user_referrals($uid, $start, $perpage) as $referral)
3234          {
3235              // Format user name link
3236              $username = htmlspecialchars_uni($referral['username']);
3237              $username = format_name($username, $referral['usergroup'], $referral['displaygroup']);
3238              $username = build_profile_link($username, $referral['uid']);
3239  
3240              $regdate = my_date('normal', $referral['regdate']);
3241  
3242              eval("\$referral_rows .= \"".$templates->get('member_referral_row')."\";");
3243  
3244              $bg_color = alt_trow();
3245          }
3246      }
3247  
3248      $plugins->run_hooks('member_referrals_end');
3249  
3250      eval("\$referrals = \"".$templates->get("member_referrals")."\";");
3251      output_page($referrals);
3252  }
3253  
3254  if(!$mybb->input['action'])
3255  {
3256      header("Location: index.php");
3257  }


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref